Probléme avec security toolbar 7.1
Résolu
samos
-
afideg Messages postés 10517 Date d'inscription Statut Contributeur sécurité Dernière intervention -
afideg Messages postés 10517 Date d'inscription Statut Contributeur sécurité Dernière intervention -
Bonjour, j'ai un gros souci avec mon ordi
plein de choses sont apparu .que faire?
j'ai "avast" ad-aware"et"spybot"
ils tournent bien et ils placent bien les problémes en quarantaine
par contre j'ai
*une nouvelle barre qui est apparu "security toolbar" en haut de ma page internet;
*j'ai 2 raccourcis nouveaux qui sont apparu sur mon bureau"online security guide" et "live safety center"
comment les supprimer et surtout ou les retrouver pour les supprimer définitivement
ils n'apparaissent pas dans"modifier ou suprimer".
*en bas a droite dans ma barre j'ai un triangle jaune avec un "!" dedans il est ecrit:
"your computer is infected with a black door trojan that allows the remote attackerto perform various malcious actions .
click this ballon to dowload malware removal software."
un autre mesage apparait ensuite:
"type:virus/network,worm.
damage level:hight
description:virus that infects executable files
recommedation immediately:delete:quarantine
protection:click this ballon to dowload certified antivirus software
system performance monitor: warning summary"
mais encore..
"summary:system performance sowed down by:47 pour cent
internet connection speed dereased by:39 pour cent
probable reason: spyware applications/adware popup windows.
click this ballon to dowload spywre scan tool to remove spyware/adware applications"
et aussi..
"security alert:spyware found
computer is infected whith last versions of psw .x-vir trojan
psw trojan seals your privat informaton such as:passwords,ip-adresses,credit card information,registration,detais,documents ,etc
click the baloon to remove psw.x-vir spware"
et enfin...
"system alert:trojan-spy.win 32 @mx
type:spyware/trojan
vulnerable:windows 95/98/me/nt/2003/windows.xp
description/spyware program that sends confidential information to a remote attacker
protection/click the baloon to download official security"
et en même temps des pages internet s'ouvre toujours
voici les sites:
"http://www.savetheinformation.com/v6/?gai=hamm_h5_pop&gli=pop_1&gff=hamm_15005_90b5ee3f%202604973B67134AF2BC342D5EB471B60E&eai=hamm_h5_pop&eli=pop_1&eaf=hamm_15005_90b5ee3f%202604973B67134AF2BC342D5EB471B60E&air=hamm_h5_pop&lir=pop_1&afr=hamm_15005_90b5ee3f%202604973B67134AF2BC342D5EB471B60E"
et...
http://www.savetheinformation.com/v5/?gai=hamm_h5_pop&gli=pop_1&gff=hamm_15005_90b5ee3f%202604973B67134AF2BC342D5EB471B60E&eai=hamm_h5_pop&eli=pop_1&eaf=hamm_15005_90b5ee3f%202604973B67134AF2BC342D5EB471B60E&air=hamm_h5_pop&lir=pop_1&afr=hamm_15005_90b5ee3f%202604973B67134AF2BC342D5EB471B60E
et....
http://www.savetheinformation.com/v1/?gai=hamm_h5_pop&gli=pop_1&gff=hamm_15005_90b5ee3f%202604973B67134AF2BC342D5EB471B60E&eai=hamm_h5_pop&eli=pop_1&eaf=hamm_15005_90b5ee3f%202604973B67134AF2BC342D5EB471B60E&air=hamm_h5_pop&lir=pop_1&afr=hamm_15005_90b5ee3f%202604973B67134AF2BC342D5EB471B60E
alors pouvez vous me dire si tout ça est lié
et surtout ce que je peut faire pour rétablir les erreurs qui arrivent ?
merci encore j'attend une réponse avec impatience
aurevoir
plein de choses sont apparu .que faire?
j'ai "avast" ad-aware"et"spybot"
ils tournent bien et ils placent bien les problémes en quarantaine
par contre j'ai
*une nouvelle barre qui est apparu "security toolbar" en haut de ma page internet;
*j'ai 2 raccourcis nouveaux qui sont apparu sur mon bureau"online security guide" et "live safety center"
comment les supprimer et surtout ou les retrouver pour les supprimer définitivement
ils n'apparaissent pas dans"modifier ou suprimer".
*en bas a droite dans ma barre j'ai un triangle jaune avec un "!" dedans il est ecrit:
"your computer is infected with a black door trojan that allows the remote attackerto perform various malcious actions .
click this ballon to dowload malware removal software."
un autre mesage apparait ensuite:
"type:virus/network,worm.
damage level:hight
description:virus that infects executable files
recommedation immediately:delete:quarantine
protection:click this ballon to dowload certified antivirus software
system performance monitor: warning summary"
mais encore..
"summary:system performance sowed down by:47 pour cent
internet connection speed dereased by:39 pour cent
probable reason: spyware applications/adware popup windows.
click this ballon to dowload spywre scan tool to remove spyware/adware applications"
et aussi..
"security alert:spyware found
computer is infected whith last versions of psw .x-vir trojan
psw trojan seals your privat informaton such as:passwords,ip-adresses,credit card information,registration,detais,documents ,etc
click the baloon to remove psw.x-vir spware"
et enfin...
"system alert:trojan-spy.win 32 @mx
type:spyware/trojan
vulnerable:windows 95/98/me/nt/2003/windows.xp
description/spyware program that sends confidential information to a remote attacker
protection/click the baloon to download official security"
et en même temps des pages internet s'ouvre toujours
voici les sites:
"http://www.savetheinformation.com/v6/?gai=hamm_h5_pop&gli=pop_1&gff=hamm_15005_90b5ee3f%202604973B67134AF2BC342D5EB471B60E&eai=hamm_h5_pop&eli=pop_1&eaf=hamm_15005_90b5ee3f%202604973B67134AF2BC342D5EB471B60E&air=hamm_h5_pop&lir=pop_1&afr=hamm_15005_90b5ee3f%202604973B67134AF2BC342D5EB471B60E"
et...
http://www.savetheinformation.com/v5/?gai=hamm_h5_pop&gli=pop_1&gff=hamm_15005_90b5ee3f%202604973B67134AF2BC342D5EB471B60E&eai=hamm_h5_pop&eli=pop_1&eaf=hamm_15005_90b5ee3f%202604973B67134AF2BC342D5EB471B60E&air=hamm_h5_pop&lir=pop_1&afr=hamm_15005_90b5ee3f%202604973B67134AF2BC342D5EB471B60E
et....
http://www.savetheinformation.com/v1/?gai=hamm_h5_pop&gli=pop_1&gff=hamm_15005_90b5ee3f%202604973B67134AF2BC342D5EB471B60E&eai=hamm_h5_pop&eli=pop_1&eaf=hamm_15005_90b5ee3f%202604973B67134AF2BC342D5EB471B60E&air=hamm_h5_pop&lir=pop_1&afr=hamm_15005_90b5ee3f%202604973B67134AF2BC342D5EB471B60E
alors pouvez vous me dire si tout ça est lié
et surtout ce que je peut faire pour rétablir les erreurs qui arrivent ?
merci encore j'attend une réponse avec impatience
aurevoir
A voir également:
- Probléme avec security toolbar 7.1
- Microsoft security essentials - Télécharger - Antivirus & Antimalwares
- Toolbar - Télécharger - Navigateurs
- Eset internet security download - Télécharger - Sécurité
- Security@facebookmail.com - Forum Facebook
- Security health systray - Forum Antivirus
123 réponses
salut
j'ai l'impression que les mauvaise choses sont partis?
se qui est trés étonnant c'est que ma barre "securité toolbar" à disparu ainsi que les trucs qui étaient arrivés tout seul sur mon bureau
et aucun virus est signalé par avast mais le pire de tout c'est que j'ai toujours "avg ,cclean"alors que je l'ai est installé plus tard ,alors je sais pas?
voici:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:32:25, on 23/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://qumaron.com/?bj_programs?bj_programs
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = SOS Connexion - Le web en toute simplicité
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {01CD0B31-9154-45F2-9414-F5D64B74EAF6} - C:\WINDOWS\system32\ljjjgfe.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {963655C9-CE26-4A0E-941B-57BFE311599F} - C:\WINDOWS\system32\mlljj.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O5 "LPT1:" /M "Stylus CX3600"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copie 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copie 2)" /O5 "LPT1:" /M "Stylus CX3600"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Volume Shadow Configuration] vbmsvc.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [nhwdxglli] c:\windows\system32\nhwdxglli.exe nhwdxglli
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1194016384468
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
O20 - Winlogon Notify: ljjjgfe - ljjjgfe.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: gzg8wud2rcccs - Unknown owner - C:\WINDOWS\system32\systs.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - rundll32.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Windows Defender (WinDefend) - Unknown owner - C:\Program Files\Windows Defender\MsMpEng.exe (file missing)
O24 - Desktop Component 0: (no name) - http://webmail15d.orange.fr/webmail/fr_FR/
j'ai l'impression que les mauvaise choses sont partis?
se qui est trés étonnant c'est que ma barre "securité toolbar" à disparu ainsi que les trucs qui étaient arrivés tout seul sur mon bureau
et aucun virus est signalé par avast mais le pire de tout c'est que j'ai toujours "avg ,cclean"alors que je l'ai est installé plus tard ,alors je sais pas?
voici:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:32:25, on 23/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://qumaron.com/?bj_programs?bj_programs
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = SOS Connexion - Le web en toute simplicité
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {01CD0B31-9154-45F2-9414-F5D64B74EAF6} - C:\WINDOWS\system32\ljjjgfe.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {963655C9-CE26-4A0E-941B-57BFE311599F} - C:\WINDOWS\system32\mlljj.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O5 "LPT1:" /M "Stylus CX3600"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copie 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copie 2)" /O5 "LPT1:" /M "Stylus CX3600"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Volume Shadow Configuration] vbmsvc.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [nhwdxglli] c:\windows\system32\nhwdxglli.exe nhwdxglli
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1194016384468
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
O20 - Winlogon Notify: ljjjgfe - ljjjgfe.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: gzg8wud2rcccs - Unknown owner - C:\WINDOWS\system32\systs.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - rundll32.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Windows Defender (WinDefend) - Unknown owner - C:\Program Files\Windows Defender\MsMpEng.exe (file missing)
O24 - Desktop Component 0: (no name) - http://webmail15d.orange.fr/webmail/fr_FR/
Salut
il a une sale tête ce rapport ... bon, mais l'infection peut être neutraliser
poste un nouveau rapport combo stp
++
il a une sale tête ce rapport ... bon, mais l'infection peut être neutraliser
poste un nouveau rapport combo stp
++
Bonsoir Green Day
Attention, il faut absolument supprimer l'ancienne version de ComboFix d'avant le 18/11.
Supprime le dossier Qoobox. (il est à la racine de ton disque dur c:\)
Supprime tous les rapports situés. (C:\ComboFix-quarantined-files.txt ; C:\ComboFix.txt ; C:\ComboFix2.txt ; C:\ComboFix3.txt ... ; C:\ComboFix-Do.txt)
Supprime l'application téléchargée. (ComboFix.exe)
Télécharger la dernière version avec le lien habituel http://download.bleepingcomputer.com/sUBs/ComboFix.exe .
Bonne chance
Al.
Attention, il faut absolument supprimer l'ancienne version de ComboFix d'avant le 18/11.
Supprime le dossier Qoobox. (il est à la racine de ton disque dur c:\)
Supprime tous les rapports situés. (C:\ComboFix-quarantined-files.txt ; C:\ComboFix.txt ; C:\ComboFix2.txt ; C:\ComboFix3.txt ... ; C:\ComboFix-Do.txt)
Supprime l'application téléchargée. (ComboFix.exe)
Télécharger la dernière version avec le lien habituel http://download.bleepingcomputer.com/sUBs/ComboFix.exe .
Bonne chance
Al.
Salut Afi !
ah ! oui, merci d'avoir rectifier le tire ! ;-))
++
ah ! oui, merci d'avoir rectifier le tire ! ;-))
++
salut
voici le rapport(j'ai bien supprimé les fichiers ,j'éspére !!
j'ai était ds "rechercher" puis j'ai trouvé les fichiers et je les ai supprimés à partir de là!)
voici le rapport ,par contre je l'ai fait en mode normal:
ComboFix 07-11-19.3 - HP_Propriétaire 2007-11-24 9:56:29.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.81 [GMT 1:00]
Running from: C:\Documents and Settings\HP_Propriétaire\Mes documents\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-24 to 2007-11-24 ))))))))))))))))))))))))))))))))))))
.
2007-11-22 17:44 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2007-11-22 17:42 <REP> d-------- C:\Program Files\Real
2007-11-22 17:42 <REP> d-------- C:\Program Files\Fichiers communs\Real
2007-11-21 11:51 <REP> d-------- C:\Program Files\SAGEM
2007-11-20 23:09 <REP> d-------- C:\Program Files\SAGEM(2)
2007-11-20 22:56 <REP> d-------- C:\Program Files\Securitoo
2007-11-20 15:56 104,480 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-20 15:56 75,932 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-11-20 15:56 74,396 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-11-20 15:56 2,300 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-20 15:55 110,360 --a------ C:\WINDOWS\system32\drivers\kl1.sys
2007-11-20 15:55 58,727 --a------ C:\WINDOWS\system32\vsconfig.xml
2007-11-20 14:59 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2007-11-20 13:49 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-11-20 13:48 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2007-11-20 13:48 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2007-11-20 13:45 <REP> d-------- C:\WINDOWS\Internet Logs
2007-11-19 11:39 90,425 --a------ C:\WINDOWS\hpoins06.dat
2007-11-19 11:39 5,389 --------- C:\WINDOWS\hpomdl06.dat
2007-11-17 11:25 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-11-17 11:21 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-17 11:21 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-17 11:11 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-17 11:06 <REP> d-------- C:\Program Files\CCleaner
2007-11-16 23:22 <REP> d-------- C:\WINDOWS\ERUNT
2007-11-16 23:18 <REP> d----c--- C:\coucou
2007-11-16 19:08 <REP> d-------- C:\Program Files\Trend Micro
2007-11-16 15:05 675,260 ---hs---- C:\WINDOWS\system32\qhrsbbgx.ini
2007-11-15 22:57 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-15 15:03 671,256 ---hs---- C:\WINDOWS\system32\oflyrqkf.ini
2007-11-02 21:15 <REP> d-------- C:\Program Files\PokerStars
2007-11-02 19:02 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-11-02 13:39 <REP> d-a--c--- C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-02 09:42 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Logishrd
2007-10-28 18:49 <REP> d-------- C:\Program Files\Windows Live
2007-10-28 18:49 <REP> d-------- C:\Program Files\Messenger Plus! Live
2007-10-25 10:39 1,783,864 --a------ C:\WINDOWS\system32\WINPY.MB
2007-10-25 10:39 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2007-10-25 10:39 838,144 --a--c--- C:\WINDOWS\system32\dllcache\chtbrkr.dll
2007-10-25 10:39 211,938 --a------ C:\WINDOWS\system32\lcphrase.tbl
2007-10-25 10:39 82,172 --a--c--- C:\WINDOWS\system32\dllcache\bopomofo.nls
2007-10-25 10:39 69,120 --a------ C:\WINDOWS\system32\WINGB.IME
2007-10-25 10:39 66,728 --a--c--- C:\WINDOWS\system32\dllcache\big5.nls
2007-10-25 10:39 19,456 --a--c--- C:\WINDOWS\system32\dllcache\agt0804.dll
2007-10-25 10:39 14,336 --a--c--- C:\WINDOWS\system32\dllcache\padrs412.dll
2007-10-25 10:38 189,986 --a------ C:\WINDOWS\system32\c_1361.nls
2007-10-25 10:38 143,422 --a--c--- C:\WINDOWS\system32\dllcache\softkey.dll
2007-10-25 10:38 59,904 --a--c--- C:\WINDOWS\system32\dllcache\imkrinst.exe
2007-10-25 10:38 36,927 --a--c--- C:\WINDOWS\system32\dllcache\padrs411.dll
2007-10-25 10:38 19,456 --a--c--- C:\WINDOWS\system32\dllcache\agt0412.dll
2007-10-25 10:38 19,456 --a--c--- C:\WINDOWS\system32\dllcache\agt0411.dll
2007-10-25 10:38 7,168 --a--c--- C:\WINDOWS\system32\dllcache\f3ahvoas.dll
2007-10-25 10:38 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll
2007-10-25 10:38 6,144 --a------ C:\WINDOWS\system32\kbd106n.dll
2007-10-25 10:37 811,064 --a--c--- C:\WINDOWS\system32\dllcache\imjp81k.dll
2007-10-25 10:37 340,023 --a--c--- C:\WINDOWS\system32\dllcache\imjp81.ime
2007-10-25 10:37 177,698 --a------ C:\WINDOWS\system32\c_20949.nls
2007-10-25 10:37 156,672 --a------ C:\WINDOWS\system32\WINSP.IME
2007-10-25 10:37 156,672 --a------ C:\WINDOWS\system32\WINPY.IME
2007-10-25 10:37 102,456 --a--c--- C:\WINDOWS\system32\dllcache\imlang.dll
2007-10-25 10:37 79,360 --a------ C:\WINDOWS\system32\winar30.ime
2007-10-25 10:37 79,360 --a------ C:\WINDOWS\system32\phon.ime
2007-10-25 10:37 78,848 --a------ C:\WINDOWS\system32\dayi.ime
2007-10-25 10:37 78,336 --a--c--- C:\WINDOWS\system32\dllcache\chajei.ime
2007-10-25 10:37 77,824 --a------ C:\WINDOWS\system32\quick.ime
2007-10-25 10:37 65,536 --a------ C:\WINDOWS\system32\winime.ime
2007-10-25 10:37 59,392 --a--c--- C:\WINDOWS\system32\dllcache\imscinst.exe
2007-10-25 10:37 21,504 --a------ C:\WINDOWS\system32\CINTLGNT.IME
2007-10-25 10:37 15,872 --a--c--- C:\WINDOWS\system32\dllcache\padrs404.dll
2007-10-25 10:37 8,704 --a--c--- C:\WINDOWS\system32\dllcache\kbdjpn.dll
2007-10-25 10:37 8,192 --a--c--- C:\WINDOWS\system32\dllcache\kbdkor.dll
2007-10-25 10:37 6,656 --a------ C:\WINDOWS\system32\c_is2022.dll
2007-10-25 10:37 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-10-25 10:37 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-10-25 10:37 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-10-25 10:37 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-10-25 10:26 53,248 --a------ C:\WINDOWS\bdoscandel.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-24 08:08 --------- d-----w C:\Program Files\Wanadoo
2007-11-20 17:16 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-15 14:24 --------- d-----w C:\Program Files\eMule
2007-11-05 22:22 --------- d-----w C:\Program Files\Easy Internet signup
2007-11-02 08:51 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2007-11-02 08:48 --------- d-----w C:\Program Files\Fichiers communs\LogiShrd
2007-11-02 08:40 --------- d-----w C:\Program Files\Logitech
2007-10-28 17:49 --------- d-----w C:\Program Files\MSN Messenger
2007-10-26 15:50 --------- d-----w C:\Program Files\Picasa2
2007-10-19 12:16 2,109,976 ----a-w C:\WINDOWS\system32\drivers\Lvckap.sys
2007-10-17 12:55 --------- d-----w C:\Program Files\Shareaza
2007-10-11 19:44 --------- d-----w C:\Program Files\LimeWire
2007-10-11 17:59 25,624 ----a-w C:\WINDOWS\system32\drivers\LVPr2Mon.sys
2007-10-11 17:59 2,142,488 ----a-w C:\WINDOWS\system32\drivers\LVMVdrv.sys
2007-10-04 17:17 --------- dc----w C:\Documents and Settings\All Users\Application Data\MGS
2007-09-28 21:32 --------- d-----w C:\Program Files\InterActual
2005-05-11 21:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
1995-09-20 14:16 456,976 -c--a-w C:\Program Files\Fichiers communs\dao3032.dll
2005-07-05 11:32 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01CD0B31-9154-45F2-9414-F5D64B74EAF6}]
C:\WINDOWS\system32\ljjjgfe.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{963655C9-CE26-4A0E-941B-57BFE311599F}]
C:\WINDOWS\system32\mlljj.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\Program Files\Wanadoo\Shell.exe" [2004-08-23 14:50]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 11:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-19 18:27]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" []
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 22:55]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 18:53]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 18:43]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 13:03]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-06-16 13:03]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 20:43]
"VTTimer"="VTTimer.exe" []
"SiSPower"="Rundll32.exe" [2004-08-05 11:00 C:\WINDOWS\system32\rundll32.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 17:06 C:\WINDOWS\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-07-29 00:40 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-09 20:10]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-29 01:34 C:\WINDOWS\ALCWZRD.EXE]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 21:54]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2003-12-18 00:31]
"EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 04:00]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 16:24]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-29 10:08]
"EPSON Stylus CX3600 Series (Copie 2)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 04:00]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12]
"AutoTBar"="c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE" []
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 15:44]
"Volume Shadow Configuration"="vbmsvc.exe" []
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" []
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-11-22 17:42]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{01CD0B31-9154-45F2-9414-F5D64B74EAF6}"= C:\WINDOWS\system32\ljjjgfe.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjjgfe]
ljjjgfe.dll
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S2 LicCtrlService;LicCtrl Service;rundll32.exe C:\WINDOWS\mmfs.dll,Service
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 v800bus;Sony Ericsson V800-Vodafone 802SE driver (WDM);C:\WINDOWS\system32\DRIVERS\v800bus.sys
S3 v800mdfl;Sony Ericsson V800-Vodafone 802SE USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\v800mdfl.sys
S3 v800mdm;Sony Ericsson V800-Vodafone 802SE USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\v800mdm.sys
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-23 19:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"2007-11-23 21:30:19 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-24 10:04:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-24 10:07:19 - machine was rebooted
.
--- E O F ---
voici le rapport(j'ai bien supprimé les fichiers ,j'éspére !!
j'ai était ds "rechercher" puis j'ai trouvé les fichiers et je les ai supprimés à partir de là!)
voici le rapport ,par contre je l'ai fait en mode normal:
ComboFix 07-11-19.3 - HP_Propriétaire 2007-11-24 9:56:29.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.81 [GMT 1:00]
Running from: C:\Documents and Settings\HP_Propriétaire\Mes documents\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-24 to 2007-11-24 ))))))))))))))))))))))))))))))))))))
.
2007-11-22 17:44 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2007-11-22 17:42 <REP> d-------- C:\Program Files\Real
2007-11-22 17:42 <REP> d-------- C:\Program Files\Fichiers communs\Real
2007-11-21 11:51 <REP> d-------- C:\Program Files\SAGEM
2007-11-20 23:09 <REP> d-------- C:\Program Files\SAGEM(2)
2007-11-20 22:56 <REP> d-------- C:\Program Files\Securitoo
2007-11-20 15:56 104,480 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-20 15:56 75,932 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-11-20 15:56 74,396 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-11-20 15:56 2,300 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-20 15:55 110,360 --a------ C:\WINDOWS\system32\drivers\kl1.sys
2007-11-20 15:55 58,727 --a------ C:\WINDOWS\system32\vsconfig.xml
2007-11-20 14:59 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2007-11-20 13:49 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-11-20 13:48 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2007-11-20 13:48 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2007-11-20 13:45 <REP> d-------- C:\WINDOWS\Internet Logs
2007-11-19 11:39 90,425 --a------ C:\WINDOWS\hpoins06.dat
2007-11-19 11:39 5,389 --------- C:\WINDOWS\hpomdl06.dat
2007-11-17 11:25 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-11-17 11:21 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-17 11:21 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-17 11:11 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-17 11:06 <REP> d-------- C:\Program Files\CCleaner
2007-11-16 23:22 <REP> d-------- C:\WINDOWS\ERUNT
2007-11-16 23:18 <REP> d----c--- C:\coucou
2007-11-16 19:08 <REP> d-------- C:\Program Files\Trend Micro
2007-11-16 15:05 675,260 ---hs---- C:\WINDOWS\system32\qhrsbbgx.ini
2007-11-15 22:57 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-15 15:03 671,256 ---hs---- C:\WINDOWS\system32\oflyrqkf.ini
2007-11-02 21:15 <REP> d-------- C:\Program Files\PokerStars
2007-11-02 19:02 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-11-02 13:39 <REP> d-a--c--- C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-02 09:42 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Logishrd
2007-10-28 18:49 <REP> d-------- C:\Program Files\Windows Live
2007-10-28 18:49 <REP> d-------- C:\Program Files\Messenger Plus! Live
2007-10-25 10:39 1,783,864 --a------ C:\WINDOWS\system32\WINPY.MB
2007-10-25 10:39 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2007-10-25 10:39 838,144 --a--c--- C:\WINDOWS\system32\dllcache\chtbrkr.dll
2007-10-25 10:39 211,938 --a------ C:\WINDOWS\system32\lcphrase.tbl
2007-10-25 10:39 82,172 --a--c--- C:\WINDOWS\system32\dllcache\bopomofo.nls
2007-10-25 10:39 69,120 --a------ C:\WINDOWS\system32\WINGB.IME
2007-10-25 10:39 66,728 --a--c--- C:\WINDOWS\system32\dllcache\big5.nls
2007-10-25 10:39 19,456 --a--c--- C:\WINDOWS\system32\dllcache\agt0804.dll
2007-10-25 10:39 14,336 --a--c--- C:\WINDOWS\system32\dllcache\padrs412.dll
2007-10-25 10:38 189,986 --a------ C:\WINDOWS\system32\c_1361.nls
2007-10-25 10:38 143,422 --a--c--- C:\WINDOWS\system32\dllcache\softkey.dll
2007-10-25 10:38 59,904 --a--c--- C:\WINDOWS\system32\dllcache\imkrinst.exe
2007-10-25 10:38 36,927 --a--c--- C:\WINDOWS\system32\dllcache\padrs411.dll
2007-10-25 10:38 19,456 --a--c--- C:\WINDOWS\system32\dllcache\agt0412.dll
2007-10-25 10:38 19,456 --a--c--- C:\WINDOWS\system32\dllcache\agt0411.dll
2007-10-25 10:38 7,168 --a--c--- C:\WINDOWS\system32\dllcache\f3ahvoas.dll
2007-10-25 10:38 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll
2007-10-25 10:38 6,144 --a------ C:\WINDOWS\system32\kbd106n.dll
2007-10-25 10:37 811,064 --a--c--- C:\WINDOWS\system32\dllcache\imjp81k.dll
2007-10-25 10:37 340,023 --a--c--- C:\WINDOWS\system32\dllcache\imjp81.ime
2007-10-25 10:37 177,698 --a------ C:\WINDOWS\system32\c_20949.nls
2007-10-25 10:37 156,672 --a------ C:\WINDOWS\system32\WINSP.IME
2007-10-25 10:37 156,672 --a------ C:\WINDOWS\system32\WINPY.IME
2007-10-25 10:37 102,456 --a--c--- C:\WINDOWS\system32\dllcache\imlang.dll
2007-10-25 10:37 79,360 --a------ C:\WINDOWS\system32\winar30.ime
2007-10-25 10:37 79,360 --a------ C:\WINDOWS\system32\phon.ime
2007-10-25 10:37 78,848 --a------ C:\WINDOWS\system32\dayi.ime
2007-10-25 10:37 78,336 --a--c--- C:\WINDOWS\system32\dllcache\chajei.ime
2007-10-25 10:37 77,824 --a------ C:\WINDOWS\system32\quick.ime
2007-10-25 10:37 65,536 --a------ C:\WINDOWS\system32\winime.ime
2007-10-25 10:37 59,392 --a--c--- C:\WINDOWS\system32\dllcache\imscinst.exe
2007-10-25 10:37 21,504 --a------ C:\WINDOWS\system32\CINTLGNT.IME
2007-10-25 10:37 15,872 --a--c--- C:\WINDOWS\system32\dllcache\padrs404.dll
2007-10-25 10:37 8,704 --a--c--- C:\WINDOWS\system32\dllcache\kbdjpn.dll
2007-10-25 10:37 8,192 --a--c--- C:\WINDOWS\system32\dllcache\kbdkor.dll
2007-10-25 10:37 6,656 --a------ C:\WINDOWS\system32\c_is2022.dll
2007-10-25 10:37 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-10-25 10:37 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-10-25 10:37 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-10-25 10:37 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-10-25 10:26 53,248 --a------ C:\WINDOWS\bdoscandel.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-24 08:08 --------- d-----w C:\Program Files\Wanadoo
2007-11-20 17:16 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-15 14:24 --------- d-----w C:\Program Files\eMule
2007-11-05 22:22 --------- d-----w C:\Program Files\Easy Internet signup
2007-11-02 08:51 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2007-11-02 08:48 --------- d-----w C:\Program Files\Fichiers communs\LogiShrd
2007-11-02 08:40 --------- d-----w C:\Program Files\Logitech
2007-10-28 17:49 --------- d-----w C:\Program Files\MSN Messenger
2007-10-26 15:50 --------- d-----w C:\Program Files\Picasa2
2007-10-19 12:16 2,109,976 ----a-w C:\WINDOWS\system32\drivers\Lvckap.sys
2007-10-17 12:55 --------- d-----w C:\Program Files\Shareaza
2007-10-11 19:44 --------- d-----w C:\Program Files\LimeWire
2007-10-11 17:59 25,624 ----a-w C:\WINDOWS\system32\drivers\LVPr2Mon.sys
2007-10-11 17:59 2,142,488 ----a-w C:\WINDOWS\system32\drivers\LVMVdrv.sys
2007-10-04 17:17 --------- dc----w C:\Documents and Settings\All Users\Application Data\MGS
2007-09-28 21:32 --------- d-----w C:\Program Files\InterActual
2005-05-11 21:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
1995-09-20 14:16 456,976 -c--a-w C:\Program Files\Fichiers communs\dao3032.dll
2005-07-05 11:32 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01CD0B31-9154-45F2-9414-F5D64B74EAF6}]
C:\WINDOWS\system32\ljjjgfe.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{963655C9-CE26-4A0E-941B-57BFE311599F}]
C:\WINDOWS\system32\mlljj.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\Program Files\Wanadoo\Shell.exe" [2004-08-23 14:50]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 11:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-19 18:27]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" []
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 22:55]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 18:53]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 18:43]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 13:03]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-06-16 13:03]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 20:43]
"VTTimer"="VTTimer.exe" []
"SiSPower"="Rundll32.exe" [2004-08-05 11:00 C:\WINDOWS\system32\rundll32.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 17:06 C:\WINDOWS\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-07-29 00:40 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-09 20:10]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-29 01:34 C:\WINDOWS\ALCWZRD.EXE]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 21:54]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2003-12-18 00:31]
"EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 04:00]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 16:24]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-29 10:08]
"EPSON Stylus CX3600 Series (Copie 2)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 04:00]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12]
"AutoTBar"="c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE" []
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 15:44]
"Volume Shadow Configuration"="vbmsvc.exe" []
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" []
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-11-22 17:42]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{01CD0B31-9154-45F2-9414-F5D64B74EAF6}"= C:\WINDOWS\system32\ljjjgfe.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjjgfe]
ljjjgfe.dll
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S2 LicCtrlService;LicCtrl Service;rundll32.exe C:\WINDOWS\mmfs.dll,Service
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 v800bus;Sony Ericsson V800-Vodafone 802SE driver (WDM);C:\WINDOWS\system32\DRIVERS\v800bus.sys
S3 v800mdfl;Sony Ericsson V800-Vodafone 802SE USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\v800mdfl.sys
S3 v800mdm;Sony Ericsson V800-Vodafone 802SE USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\v800mdm.sys
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-23 19:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"2007-11-23 21:30:19 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-24 10:04:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-24 10:07:19 - machine was rebooted
.
--- E O F ---
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bonjour Green Day
Salut samos, eh bien dis donc, tu nous cherches des misères !?
==> qu'as-tu fait avec ton PC ?
Un petit échantillon de son état de santé :
O2 - BHO: (no name) - {01CD0B31-9154-45F2-9414-F5D64B74EAF6} - C:\WINDOWS\system32\ljjjgfe.dll (file missing) (no name) {01CD0B31-9154-45F2-9414-F5D64B74EAF6} X BHO [random filename] ConHook aka Chisyne trojan variant - VirtuMonde/Vundo adware downloader
O2 - BHO: (no name) - {963655C9-CE26-4A0E-941B-57BFE311599F} - C:\WINDOWS\system32\mlljj.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent SiSPower ? Rundll32.exe SiSPower.dll,ModeAgent Responsible for power management for SIS chipsets - is it required?
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE alcmtr X ALCMTR.EXE Realtek AC97 Audio - Event Monitor. "Sypware" file used surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but it is being used by Realtek to gather data about customers
O4 - HKLM\..\Run: [nhwdxglli] c:\windows\system32\nhwdxglli.exe nhwdxglli
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe ==> quelle utilité ?
O20 - Winlogon Notify: ljjjgfe - ljjjgfe.dll (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: gzg8wud2rcccs - Unknown owner - C:\WINDOWS\system32\systs.exe (file missing)
• [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01CD0B31-9154-45F2-9414-F5D64B74EAF6}]
C:\WINDOWS\system32\ljjjgfe.dll
• [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{963655C9-CE26-4A0E-941B-57BFE311599F}]
C:\WINDOWS\system32\mlljj.dll
• [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{01CD0B31-9154-45F2-9414-F5D64B74EAF6}"= C:\WINDOWS\system32\ljjjgfe.dll [ ]
• [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjjgfe]
ljjjgfe.dll
• C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
• C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
• 2007-11-15 15:03 671,256 ---hs---- C:\WINDOWS\system32\oflyrqkf.ini
• 007-11-16 15:05 675,260 ---hs---- C:\WINDOWS\system32\qhrsbbgx.ini
Peux-tu faire ceci pour avancer Green Day:
A)- Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
< http://www.atribune.org/ccount/click.php?id=4 >
1°-Double-clique VundoFix.exe afin de le lancer.
Un message t'avertira que l'outil va se fermer et s'ouvrir à nouveau : clique Ok
Clique sur le bouton « Scan for Vundo ».
Lorsque le scan est complété, clique sur le bouton « Remove Vundo ».
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
Démarre ton PC à nouveau.
Copie/colle le contenu du rapport situé dans C:\vundofix.txt
2°- Relance-le et copie/colle le contenu du rapport situé dans C:\vundofix.txt ,
3°- Supprime ComboFix comme précédemment; ensuite télécharge-le avec le même lien; et lance une analyse + rapport.
4°- Poste un nouveau rapport HijackThis! dans ta prochaine réponse.
B)- Analyses de fichiers douteux:
1°- Assure toi d'avoir accès aux dossiers/fichiers cachés :
Soit en faisant : Ouvrir un dossier, n'importe lequel. Aller dans "Outils" >"Options des dossiers" > "Affichage"
Soit en faisant « Démarrer »/ PanneauConfiguration/OptionsDossiers /onglet « Affichage »
et là :
cocher la case devant les lignes:
- afficher les fichiers et dossier cachés
- afficher contenu dossier système
décocher la case devant la ligne:
- masquer les extensions des fichiers dont le type est connu
- masquer les fichiers protégés du système d'exploitation
Tu vas recevoir un message qui te dit que cela peut endommager le système, n'en tiens pas compte.
Puis cliquer APPLIQUER à TOUS les Dossiers > [OK]
Si tu n'es pas à l'aise dans la navigation des dossiers, je t'invite à suivre ce tutorial : < http://www.malekal.com/rechercher_fichiers.php >
2°- Vas là </souligne>:< https://www.virustotal.com/gui/ >
•- sur la page qui s'affiche tu cliques sur "parcourir"
•- ensuite sur la nouvelle page qui s'affiche, tu suis le chemin du fichier qhrsbbgx.ini
c'est-à-dire via "Poste de travail" C:\WINDOWS\system32\
•- quand tu as trouvé le premier fichier qhrsbbgx.ini, tu fais "ouvrir" ( sur cette dernière page affichée)
•- le fichier qhrsbbgx.ini se retrouve alors ainsi dans la fenêtre de Virustotal, pour l'analyse
•- là, tu cliques sur "send file" ( de la page de Virustotal )
•- et tu attends le résultat (il faut parfois patienter)
•- que tu postes sur le forum ( par un copier/coller de tout le texte de l’analyse )
3°- Fais la même chose avec ces fichiers:
C:\WINDOWS\system32\oflyrqkf.ini
C:\WINDOWS\system32\systs.exe
c:\windows\system32\nhwdxglli.exe
4°- Merci pour ta collaboration
Bonne chance
Al.
Salut samos, eh bien dis donc, tu nous cherches des misères !?
==> qu'as-tu fait avec ton PC ?
Un petit échantillon de son état de santé :
O2 - BHO: (no name) - {01CD0B31-9154-45F2-9414-F5D64B74EAF6} - C:\WINDOWS\system32\ljjjgfe.dll (file missing) (no name) {01CD0B31-9154-45F2-9414-F5D64B74EAF6} X BHO [random filename] ConHook aka Chisyne trojan variant - VirtuMonde/Vundo adware downloader
O2 - BHO: (no name) - {963655C9-CE26-4A0E-941B-57BFE311599F} - C:\WINDOWS\system32\mlljj.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent SiSPower ? Rundll32.exe SiSPower.dll,ModeAgent Responsible for power management for SIS chipsets - is it required?
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE alcmtr X ALCMTR.EXE Realtek AC97 Audio - Event Monitor. "Sypware" file used surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but it is being used by Realtek to gather data about customers
O4 - HKLM\..\Run: [nhwdxglli] c:\windows\system32\nhwdxglli.exe nhwdxglli
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe ==> quelle utilité ?
O20 - Winlogon Notify: ljjjgfe - ljjjgfe.dll (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: gzg8wud2rcccs - Unknown owner - C:\WINDOWS\system32\systs.exe (file missing)
• [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01CD0B31-9154-45F2-9414-F5D64B74EAF6}]
C:\WINDOWS\system32\ljjjgfe.dll
• [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{963655C9-CE26-4A0E-941B-57BFE311599F}]
C:\WINDOWS\system32\mlljj.dll
• [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{01CD0B31-9154-45F2-9414-F5D64B74EAF6}"= C:\WINDOWS\system32\ljjjgfe.dll [ ]
• [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjjgfe]
ljjjgfe.dll
• C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
• C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
• 2007-11-15 15:03 671,256 ---hs---- C:\WINDOWS\system32\oflyrqkf.ini
• 007-11-16 15:05 675,260 ---hs---- C:\WINDOWS\system32\qhrsbbgx.ini
Peux-tu faire ceci pour avancer Green Day:
A)- Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
< http://www.atribune.org/ccount/click.php?id=4 >
1°-Double-clique VundoFix.exe afin de le lancer.
Un message t'avertira que l'outil va se fermer et s'ouvrir à nouveau : clique Ok
Clique sur le bouton « Scan for Vundo ».
Lorsque le scan est complété, clique sur le bouton « Remove Vundo ».
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
Démarre ton PC à nouveau.
Copie/colle le contenu du rapport situé dans C:\vundofix.txt
2°- Relance-le et copie/colle le contenu du rapport situé dans C:\vundofix.txt ,
3°- Supprime ComboFix comme précédemment; ensuite télécharge-le avec le même lien; et lance une analyse + rapport.
4°- Poste un nouveau rapport HijackThis! dans ta prochaine réponse.
B)- Analyses de fichiers douteux:
1°- Assure toi d'avoir accès aux dossiers/fichiers cachés :
Soit en faisant : Ouvrir un dossier, n'importe lequel. Aller dans "Outils" >"Options des dossiers" > "Affichage"
Soit en faisant « Démarrer »/ PanneauConfiguration/OptionsDossiers /onglet « Affichage »
et là :
cocher la case devant les lignes:
- afficher les fichiers et dossier cachés
- afficher contenu dossier système
décocher la case devant la ligne:
- masquer les extensions des fichiers dont le type est connu
- masquer les fichiers protégés du système d'exploitation
Tu vas recevoir un message qui te dit que cela peut endommager le système, n'en tiens pas compte.
Puis cliquer APPLIQUER à TOUS les Dossiers > [OK]
Si tu n'es pas à l'aise dans la navigation des dossiers, je t'invite à suivre ce tutorial : < http://www.malekal.com/rechercher_fichiers.php >
2°- Vas là </souligne>:< https://www.virustotal.com/gui/ >
•- sur la page qui s'affiche tu cliques sur "parcourir"
•- ensuite sur la nouvelle page qui s'affiche, tu suis le chemin du fichier qhrsbbgx.ini
c'est-à-dire via "Poste de travail" C:\WINDOWS\system32\
•- quand tu as trouvé le premier fichier qhrsbbgx.ini, tu fais "ouvrir" ( sur cette dernière page affichée)
•- le fichier qhrsbbgx.ini se retrouve alors ainsi dans la fenêtre de Virustotal, pour l'analyse
•- là, tu cliques sur "send file" ( de la page de Virustotal )
•- et tu attends le résultat (il faut parfois patienter)
•- que tu postes sur le forum ( par un copier/coller de tout le texte de l’analyse )
3°- Fais la même chose avec ces fichiers:
C:\WINDOWS\system32\oflyrqkf.ini
C:\WINDOWS\system32\systs.exe
c:\windows\system32\nhwdxglli.exe
4°- Merci pour ta collaboration
Bonne chance
Al.
Samos, s'il est encore temps, fais tout le point A)- en mode sans échec avec prise en charge du réseau.
Et désactive le teatimer de Spybot en passant par les options de Spybot: une fois dans le logiciel, il faut aller dans le menu "Mode" => coche "Mode avancé" => "Outils"(en bas de page)=> "Résident" => et tu décoches cette case: "Résident Teatimer" . Tu ne doit plus voir l'icône du Teatimer dans la barre de tâches! Ne fais pas l'impasse sur cette étape, car ca peut faire échouer la procédure de désinfection !
Salut Green Day
systs.exe = Virut
C'est un virus qui infecte les executables .exe et .scr
Certains variantes se mettent dans les archives (.rar).
Ça vient avec des cracks... ou P2P .
Et désactive le teatimer de Spybot en passant par les options de Spybot: une fois dans le logiciel, il faut aller dans le menu "Mode" => coche "Mode avancé" => "Outils"(en bas de page)=> "Résident" => et tu décoches cette case: "Résident Teatimer" . Tu ne doit plus voir l'icône du Teatimer dans la barre de tâches! Ne fais pas l'impasse sur cette étape, car ca peut faire échouer la procédure de désinfection !
Salut Green Day
systs.exe = Virut
C'est un virus qui infecte les executables .exe et .scr
Certains variantes se mettent dans les archives (.rar).
Ça vient avec des cracks... ou P2P .
Bon,
Pour chaque analyse, y compris les téléchargements, il faut passer en "mode sans échec avec prise en charge du réseau".
Au redémarrage, clic sur F8, amis au lieu de choisir "Mode sans échec", tu choisis l'autre.
Fais aussi ceci :
"Demarrer" / "Executer" / taper services.msc
- Cherche gzg8wud2rcccs dans la liste.
- Double clic dessus, positionne le" Type de démarrage" sur "Désactiver"
Merci
Al.
Pour chaque analyse, y compris les téléchargements, il faut passer en "mode sans échec avec prise en charge du réseau".
Au redémarrage, clic sur F8, amis au lieu de choisir "Mode sans échec", tu choisis l'autre.
Fais aussi ceci :
"Demarrer" / "Executer" / taper services.msc
- Cherche gzg8wud2rcccs dans la liste.
- Double clic dessus, positionne le" Type de démarrage" sur "Désactiver"
Merci
Al.
j'ai tellemnt de truc à faire jene sais même pas par quoi commencer
voici pour l'instant
VundoFix V6.6.2
Checking Java version...
Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.
Scan started at 14:19:46 24/11/2007
Listing files found while scanning....
C:\WINDOWS\system32\ljjjgfe.dll
Beginning removal...
VundoFix V6.6.2
Checking Java version...
Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.
Scan started at 15:46:46 24/11/2007
Listing files found while scanning....
C:\WINDOWS\system32\ljjjgfe.dll
Beginning removal...
Performing Repairs to the registry.
Done!
VundoFix V6.6.2
Checking Java version...
Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.
Scan started at 16:01:44 24/11/2007
Listing files found while scanning....
No infected files were found.
Beginning removal...
j'éspere que c'est ça
voici pour l'instant
VundoFix V6.6.2
Checking Java version...
Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.
Scan started at 14:19:46 24/11/2007
Listing files found while scanning....
C:\WINDOWS\system32\ljjjgfe.dll
Beginning removal...
VundoFix V6.6.2
Checking Java version...
Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.
Scan started at 15:46:46 24/11/2007
Listing files found while scanning....
C:\WINDOWS\system32\ljjjgfe.dll
Beginning removal...
Performing Repairs to the registry.
Done!
VundoFix V6.6.2
Checking Java version...
Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.
Scan started at 16:01:44 24/11/2007
Listing files found while scanning....
No infected files were found.
Beginning removal...
j'éspere que c'est ça
voici 2 rapport:
vLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:56:58, on 24/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\restore\rstrui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Works\WkDStore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://qumaron.com/?bj_programs?bj_programs
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {963655C9-CE26-4A0E-941B-57BFE311599F} - C:\WINDOWS\system32\mlljj.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O5 "LPT1:" /M "Stylus CX3600"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copie 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copie 2)" /O5 "LPT1:" /M "Stylus CX3600"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Volume Shadow Configuration] vbmsvc.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1194016384468
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
O20 - Winlogon Notify: ljjjgfe - ljjjgfe.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - rundll32.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Windows Defender (WinDefend) - Unknown owner - C:\Program Files\Windows Defender\MsMpEng.exe (file missing)
O24 - Desktop Component 0: (no name) - http://webmail15d.orange.fr/webmail/fr_FR/
vLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:56:58, on 24/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\restore\rstrui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Works\WkDStore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://qumaron.com/?bj_programs?bj_programs
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {963655C9-CE26-4A0E-941B-57BFE311599F} - C:\WINDOWS\system32\mlljj.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O5 "LPT1:" /M "Stylus CX3600"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copie 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copie 2)" /O5 "LPT1:" /M "Stylus CX3600"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Volume Shadow Configuration] vbmsvc.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1194016384468
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
O20 - Winlogon Notify: ljjjgfe - ljjjgfe.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - rundll32.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Windows Defender (WinDefend) - Unknown owner - C:\Program Files\Windows Defender\MsMpEng.exe (file missing)
O24 - Desktop Component 0: (no name) - http://webmail15d.orange.fr/webmail/fr_FR/
Salut Samos Afi ;-)
le fait d'avoir faire une restauration système a restauré toutes les lignes, que quelques fichiers, mais pas l'infection ! ouf !
ça devait être une reste, ou un embryon d'infection virut car ce fichier ne m'a pas du tout poser problème, d'ailleurs combo s'en ait chargé !
je te laisse terminer Afi ?
@+
le fait d'avoir faire une restauration système a restauré toutes les lignes, que quelques fichiers, mais pas l'infection ! ouf !
ça devait être une reste, ou un embryon d'infection virut car ce fichier ne m'a pas du tout poser problème, d'ailleurs combo s'en ait chargé !
je te laisse terminer Afi ?
@+
samos,
Peux-tu faire analyser ce fichier chez VirusTotal, SVP :
C:\WINDOWS\system32\mlljj.dll ?
Merci
Peux-tu faire analyser ce fichier chez VirusTotal, SVP :
C:\WINDOWS\system32\mlljj.dll ?
Merci
samos,
Avais-tu bien donné accès à ces fichiers cachés du système lors de leur analyse chez VirusTotal ?
Parce qu'ils sont toujours là; et je veux rester prudent avant de décider.
C:\WINDOWS\system32\oflyrqkf.ini
C:\WINDOWS\system32\qhrsbbgx.ini
Je ne vois quoi à quoi peut te servir cette "pub":
• C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
• C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
Chez moi, j'ai supprimé ces deux éléments en gras.
Connais-tu ce programme O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent SiSPower ? Rundll32.exe ? ==> Quelle utilité en as-tu?
SiSPower.dll,ModeAgent Responsible for power management for SIS chipsets - is it required?
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe ==> quelle utilité ?
Après quoi, on achèvera le nettoyage de ton PC.
Merci
Al.
Avais-tu bien donné accès à ces fichiers cachés du système lors de leur analyse chez VirusTotal ?
Parce qu'ils sont toujours là; et je veux rester prudent avant de décider.
C:\WINDOWS\system32\oflyrqkf.ini
C:\WINDOWS\system32\qhrsbbgx.ini
Je ne vois quoi à quoi peut te servir cette "pub":
• C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
• C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
Chez moi, j'ai supprimé ces deux éléments en gras.
Connais-tu ce programme O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent SiSPower ? Rundll32.exe ? ==> Quelle utilité en as-tu?
SiSPower.dll,ModeAgent Responsible for power management for SIS chipsets - is it required?
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe ==> quelle utilité ?
Après quoi, on achèvera le nettoyage de ton PC.
Merci
Al.
Salut Green Day
samos, puisque je dois profiter de mon dimanche, voici ce qui est programmé pour en terminer.
A)- Désinfection:
1°- Télécharge ComboFix.exe (par sUBs) et enregistre-le sur le Bureau:
< http://download.bleepingcomputer.com/sUBs/ComboFix.exe >
2°- Désactive ta restauration système
Clic sur « Démarrer »
Clic droit sur « Poste de travail », puis sur « Propriétés »,
Vas sur l’onglet « Restauration système »
Tu y coches la case « Désactiver la restauration »
Termine par [Appliquer] [OK]
3°- Sélectionne (mettre en surbrillance) tout le texte en caractères gras suivant :
File::
C:\WINDOWS\system32\mlljj.dll
C:\WINDOWS\system32\oflyrqkf.ini
C:\WINDOWS\system32\qhrsbbgx.ini
C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
Folder::
C:\Program Files\PokerStars
C:\Program Files\hp\digital imaging\bin\hp promotions
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{963655C9-CE26-4A0E-941B-57BFE311599F}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjjgfe]
4°- Copie le texte sélectionné (CTRL+C).
Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
Colle (bien dans le coin supérieur gauche) ce texte dans ce bloc-notes (CTRL+V).
Sauvegarde (enregistre-le sur le bureau) sous le nom CFScript.txt
En english ==> Save this as ComboFix-Do.txt and change the "Save as type" to "All Files" and place it on your desktop (= bureau). Regarde ici < http://img225.imageshack.us/img225/6237/screenshot169qy8.png >
5°- Ensuite, dépose ce fichier texte sur l'application de ComboFix (icône rouge “ComboFix.exe” sur le bureau) en faisant un “glisser/déposer” de ce fichier “ CFScript.txt ” sur le fichier “ComboFix.exe” comme sur la capture: < http://img.photobucket.com/albums/v666/sUBs/CFScript.gif >
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.
Le bureau va disparaître à plusieurs reprises: c'est normal!
(CAUTION: Do not mouse-click ComboFix's window while it is running. = Ne touche à rien tant que le scan n'est pas terminé. That may cause it to stall.)
6°- Une fois le scan achevé, un rapport va s'afficher: poste son contenu sur le forum.
Si le fichier n'apparaît pas, il se trouve ici > C:\ComboFix.txt
7°- Arrêter puis redémarrer le PC
8°- Ensuite réactive ta restauration système
Clic droit sur « Poste de travail », puis sur « Propriétés »,
Vas sur l’onglet « Restauration système »
Tu décoches la case « Désactiver la restauration »
Termine par [Appliquer] [OK]
9°- Poste un nouveau rapport ComboFix.txt comme ceci :
- Double clique sur l'icône de ComboFix.exe du bureau, [Exécuter] et suis les invites.
Tape 1 puis [Enter] . Accepter les alertes éventuelles. Laisse se dérouler le scan.
Lorsque le scan sera complété, un rapport apparaîtra sur le bureau.
Tu copies et colles ce rapport sur le forum
B)- Élimination des failles de sécurité:
1°- O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
Télécharger Adobe Reader 8.1 pour Windows
< http://ardownload.adobe.com/pub/adobe/reader/win/8.x/8.1/fra/AdbeRdr810_fr_FR.exe > (lien direct)
Décoche ceci "Téléchargez également : Adobe Photoshop® Album Édition"
Dans Ajout/Suppression des programmes, supprime toutes les autres versions.
2°- O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
Ce qui veut dire que ta console Java n'est pas à jour !
Les mises à jour Java ne sont pas des mises à jour de confort ; ce sont des mises à jour de SÉCURITÉ .
Une vulnérabilité a été identifiée dans Sun JDK et JRE, elle pourrait être exploitée par des attaquants distants afin de compromettre un système vulnérable.
Vas là < https://www.oracle.com/java/technologies/javase-downloads.html > et clic sur ce Téléchargement < http://img529.imageshack.us/img529/3066/screenshot085lp5.png >
Après installation et redémarrage, vas dans le "panneau de configuration"/"Ajout-Suppr. de programmes" afin de désinstaller les anciennes versions.
Une fois JRE installé, dans votre « console de paramétrage », accessible depuis le « Panneau de configuration », choisir l’onglet "Java", puis dans "paramètres de l'application Java Runtime", clic sur bouton "afficher", vous accédez à cet écran."
Source: http://www.libellules.ch/dotclear/index.php?2007/02/03/1671-java-toutes-petites-astuces
Vous pouvez « Désactiver la console = Ne pas lancer la console » et « Désactiver l'icône de la Systray depuis l'onglet "avancé" ( http://www.java.com/fr/download/help/5000021000.xml ).
3°- O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
Quelle est la fonction de ce service : France Telecom Routing Table Service ?
C'est un service de FranceTelecom, bien inutile, qui malheureusement est à l'origine de plantage sur certaines machines ... (aucun probleme à l'enlever, tout fonctionnera parfaitement)
Wanadoo a tendance à ajouter des trucs qui ne servent à rien!
a°•-Lance HJT (HijackThis) ==> Clic sur [Open the Misc Tools section] > puis [Open Uninstall Manager…] ==> sélectionne France Telecom Routing Table Service (FTRTSVC) > clic sur [Delete this entry].
b°•- Puis tu relances HJT ==> Clic sur [Open the Misc Tools section] > puis [Open process manager] > puis sur [Kill process] ; ensuite tu cliques sur [Back] et tu coches la même ligne dans la liste
c°•-Lance JV16 ( par exemple ), et fais un prénettoyage complet des cases vertes.
TUTO < http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Maintenance/compatible-vista-windows-sujet_167629_1.htm >
Ensuite, à la section VII-Fonction "chercheur du registre" , tu lances les recherches sur base des mots FTRTSVC et tu utilises la touche fonction F3 pour terminer chaque suppression et trouver d'autres localisations.
ATTENTION : Après une suppression, et même si tu vois un autre élément en surbrillance, tu n'y touches pas!
Mais tu Cliques sur F3 pour poursuivre la recherche suivante.
Ainsi de suite jusqu'au message "La recherche est terminée"
4°- O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
Tu supprimes ce programme qui nous pose trop de problèmes; comme ceci : <
https://www.avast.com/fr-fr/uninstall-utility >
5°- Tu le remplaces par celui-ci:
Télécharger Antivir sur le site de l'éditeur pour avoir la dernière version qui est celle-ci pour xp:< https://www.avira.com/en/free-antivirus-windows > qui prend en compte la case Rootkit.
- En effet, il faut cocher la détection de rootkits --> Search for rootkits..........: doit être [ON] ( cocher la case « mode expert ».
TUTORIELS : https://www.astucesinternet.com/modules/news/article.php?storyid=253
< http://www.malekal.com/tutorial_antivir.html >
Attention, après le téléchargement, il faut se déconnecter du Net ( débrancher éventuellement le modem ) avant de lancer l'installation;
Attention : Après l'installation du programme, et avant de lancer l'analyse, il faut redémarrer le PC en mode sans échec < http://www.coupdepoucepc.com/modules/news/article.php?storyid=253 >
Lancer Antivir en Scan complet ( analyse avancée )
Supprimer tous les fichiers infectés trouvés;
Poster le rapport SVP
Bonne chance
à+..
Al.
samos, puisque je dois profiter de mon dimanche, voici ce qui est programmé pour en terminer.
A)- Désinfection:
1°- Télécharge ComboFix.exe (par sUBs) et enregistre-le sur le Bureau:
< http://download.bleepingcomputer.com/sUBs/ComboFix.exe >
2°- Désactive ta restauration système
Clic sur « Démarrer »
Clic droit sur « Poste de travail », puis sur « Propriétés »,
Vas sur l’onglet « Restauration système »
Tu y coches la case « Désactiver la restauration »
Termine par [Appliquer] [OK]
3°- Sélectionne (mettre en surbrillance) tout le texte en caractères gras suivant :
File::
C:\WINDOWS\system32\mlljj.dll
C:\WINDOWS\system32\oflyrqkf.ini
C:\WINDOWS\system32\qhrsbbgx.ini
C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
Folder::
C:\Program Files\PokerStars
C:\Program Files\hp\digital imaging\bin\hp promotions
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{963655C9-CE26-4A0E-941B-57BFE311599F}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjjgfe]
4°- Copie le texte sélectionné (CTRL+C).
Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
Colle (bien dans le coin supérieur gauche) ce texte dans ce bloc-notes (CTRL+V).
Sauvegarde (enregistre-le sur le bureau) sous le nom CFScript.txt
En english ==> Save this as ComboFix-Do.txt and change the "Save as type" to "All Files" and place it on your desktop (= bureau). Regarde ici < http://img225.imageshack.us/img225/6237/screenshot169qy8.png >
5°- Ensuite, dépose ce fichier texte sur l'application de ComboFix (icône rouge “ComboFix.exe” sur le bureau) en faisant un “glisser/déposer” de ce fichier “ CFScript.txt ” sur le fichier “ComboFix.exe” comme sur la capture: < http://img.photobucket.com/albums/v666/sUBs/CFScript.gif >
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.
Le bureau va disparaître à plusieurs reprises: c'est normal!
(CAUTION: Do not mouse-click ComboFix's window while it is running. = Ne touche à rien tant que le scan n'est pas terminé. That may cause it to stall.)
6°- Une fois le scan achevé, un rapport va s'afficher: poste son contenu sur le forum.
Si le fichier n'apparaît pas, il se trouve ici > C:\ComboFix.txt
7°- Arrêter puis redémarrer le PC
8°- Ensuite réactive ta restauration système
Clic droit sur « Poste de travail », puis sur « Propriétés »,
Vas sur l’onglet « Restauration système »
Tu décoches la case « Désactiver la restauration »
Termine par [Appliquer] [OK]
9°- Poste un nouveau rapport ComboFix.txt comme ceci :
- Double clique sur l'icône de ComboFix.exe du bureau, [Exécuter] et suis les invites.
Tape 1 puis [Enter] . Accepter les alertes éventuelles. Laisse se dérouler le scan.
Lorsque le scan sera complété, un rapport apparaîtra sur le bureau.
Tu copies et colles ce rapport sur le forum
B)- Élimination des failles de sécurité:
1°- O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
Télécharger Adobe Reader 8.1 pour Windows
< http://ardownload.adobe.com/pub/adobe/reader/win/8.x/8.1/fra/AdbeRdr810_fr_FR.exe > (lien direct)
Décoche ceci "Téléchargez également : Adobe Photoshop® Album Édition"
Dans Ajout/Suppression des programmes, supprime toutes les autres versions.
2°- O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
Ce qui veut dire que ta console Java n'est pas à jour !
Les mises à jour Java ne sont pas des mises à jour de confort ; ce sont des mises à jour de SÉCURITÉ .
Une vulnérabilité a été identifiée dans Sun JDK et JRE, elle pourrait être exploitée par des attaquants distants afin de compromettre un système vulnérable.
Vas là < https://www.oracle.com/java/technologies/javase-downloads.html > et clic sur ce Téléchargement < http://img529.imageshack.us/img529/3066/screenshot085lp5.png >
Après installation et redémarrage, vas dans le "panneau de configuration"/"Ajout-Suppr. de programmes" afin de désinstaller les anciennes versions.
Une fois JRE installé, dans votre « console de paramétrage », accessible depuis le « Panneau de configuration », choisir l’onglet "Java", puis dans "paramètres de l'application Java Runtime", clic sur bouton "afficher", vous accédez à cet écran."
Source: http://www.libellules.ch/dotclear/index.php?2007/02/03/1671-java-toutes-petites-astuces
Vous pouvez « Désactiver la console = Ne pas lancer la console » et « Désactiver l'icône de la Systray depuis l'onglet "avancé" ( http://www.java.com/fr/download/help/5000021000.xml ).
3°- O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
Quelle est la fonction de ce service : France Telecom Routing Table Service ?
C'est un service de FranceTelecom, bien inutile, qui malheureusement est à l'origine de plantage sur certaines machines ... (aucun probleme à l'enlever, tout fonctionnera parfaitement)
Wanadoo a tendance à ajouter des trucs qui ne servent à rien!
a°•-Lance HJT (HijackThis) ==> Clic sur [Open the Misc Tools section] > puis [Open Uninstall Manager…] ==> sélectionne France Telecom Routing Table Service (FTRTSVC) > clic sur [Delete this entry].
b°•- Puis tu relances HJT ==> Clic sur [Open the Misc Tools section] > puis [Open process manager] > puis sur [Kill process] ; ensuite tu cliques sur [Back] et tu coches la même ligne dans la liste
c°•-Lance JV16 ( par exemple ), et fais un prénettoyage complet des cases vertes.
TUTO < http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Maintenance/compatible-vista-windows-sujet_167629_1.htm >
Ensuite, à la section VII-Fonction "chercheur du registre" , tu lances les recherches sur base des mots FTRTSVC et tu utilises la touche fonction F3 pour terminer chaque suppression et trouver d'autres localisations.
ATTENTION : Après une suppression, et même si tu vois un autre élément en surbrillance, tu n'y touches pas!
Mais tu Cliques sur F3 pour poursuivre la recherche suivante.
Ainsi de suite jusqu'au message "La recherche est terminée"
4°- O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
Tu supprimes ce programme qui nous pose trop de problèmes; comme ceci : <
https://www.avast.com/fr-fr/uninstall-utility >
5°- Tu le remplaces par celui-ci:
Télécharger Antivir sur le site de l'éditeur pour avoir la dernière version qui est celle-ci pour xp:< https://www.avira.com/en/free-antivirus-windows > qui prend en compte la case Rootkit.
- En effet, il faut cocher la détection de rootkits --> Search for rootkits..........: doit être [ON] ( cocher la case « mode expert ».
TUTORIELS : https://www.astucesinternet.com/modules/news/article.php?storyid=253
< http://www.malekal.com/tutorial_antivir.html >
Attention, après le téléchargement, il faut se déconnecter du Net ( débrancher éventuellement le modem ) avant de lancer l'installation;
Attention : Après l'installation du programme, et avant de lancer l'analyse, il faut redémarrer le PC en mode sans échec < http://www.coupdepoucepc.com/modules/news/article.php?storyid=253 >
Lancer Antivir en Scan complet ( analyse avancée )
Supprimer tous les fichiers infectés trouvés;
Poster le rapport SVP
Bonne chance
à+..
Al.
coucou mission accompli voici le premier rapport :
ComboFix 07-11-19.3 - HP_Propriétaire 2007-11-25 15:01:32.5 - NTFSx86 NETWORK
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.278 [GMT 1:00]
Running from: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Propriétaire\Bureau\CFScript.txt
FILE
C:\WINDOWS\system32\mlljj.dll
C:\WINDOWS\system32\oflyrqkf.ini
C:\WINDOWS\system32\qhrsbbgx.ini
C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
.
Incapable d'obtenir les privilèges Système
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\hp\digital imaging\bin\hp promotions
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\HPpromo.exe
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\main.cfg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftwareInstaller\Data1.cab
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftwareInstaller\JourneySoftware.msi
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftwareInstaller\setup.exe
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\main.cfg
C:\Program Files\PokerStars
C:\Program Files\PokerStars\_update2g.dat
C:\Program Files\PokerStars\_update2gcd.dat
C:\Program Files\PokerStars\_update2ni.dat
C:\Program Files\PokerStars\_update2rare.dat
C:\Program Files\PokerStars\_update2s.dat
C:\Program Files\PokerStars\_updcache.dat
C:\Program Files\PokerStars\backup\Gx\cashierpaysystem.jpg
C:\Program Files\PokerStars\backup\Gx\templates\browser.css
C:\Program Files\PokerStars\backup\Gx\templates\dialog.html
C:\Program Files\PokerStars\backup\Gx\templates\help.html
C:\Program Files\PokerStars\backup\Gx\templates\menu.xml
C:\Program Files\PokerStars\backup\i18n.msg_cli.txt
C:\Program Files\PokerStars\backup\PokerStars.exe
C:\Program Files\PokerStars\backup\Themes\&default\gx.ini
C:\Program Files\PokerStars\backup\Themes\themes.ini
C:\Program Files\PokerStars\backup\update.ini
C:\Program Files\PokerStars\fw.ini
C:\Program Files\PokerStars\Gx\arr.a.bmp
C:\Program Files\PokerStars\Gx\arr.bmp
C:\Program Files\PokerStars\Gx\bg.jpg
C:\Program Files\PokerStars\Gx\blt.a.bmp
C:\Program Files\PokerStars\Gx\blt.bmp
C:\Program Files\PokerStars\Gx\cashierpaysystem.a.bmp
C:\Program Files\PokerStars\Gx\cashierpaysystem.bmp
C:\Program Files\PokerStars\Gx\cashierpaysystem.jpg
C:\Program Files\PokerStars\Gx\cheque.jpg
C:\Program Files\PokerStars\Gx\chequeCA.jpg
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip-d.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip-d.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip000001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip000001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip000005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip000005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip000025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip000025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip0001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip0001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip0005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip0005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip0025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip0025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip0100.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip0100.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip0500.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip0500.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip1000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip1000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip100000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip100000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip1000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip1000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip25000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip25000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip5000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip5000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip500000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip500000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip5000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip5000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip-d.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip-d.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip000001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip000001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip000005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip000005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip000025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip000025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0100.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0100.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0500.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0500.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip1000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip1000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip100000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip100000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip1000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip1000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip25000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip25000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip5000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip5000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip500000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip500000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip5000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip5000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip-d.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip-d.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip000001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip000001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip000005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip000005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip000025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip000025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0100.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0100.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0500.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0500.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip1000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip1000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip100000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip100000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip1000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip1000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip25000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip25000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip5000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip5000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip500000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip500000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip5000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip5000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip-d.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip-d.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip000001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip000001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip000005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip000005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip000025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip000025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0100.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0100.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0500.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0500.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip1000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip1000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip100000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip100000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip1000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip1000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip25000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip25000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip5000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip5000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip500000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip500000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip5000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip5000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip-d.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip-d.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip000001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip000001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip000005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip000005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip000025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip000025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0100.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0100.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0500.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0500.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip1000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip1000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip100000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip100000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip1000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip1000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip25000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip25000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip5000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip5000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip500000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip500000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip5000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip5000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip-d.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip-d.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip000001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip000001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip000005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip000005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip000025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip000025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0100.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0100.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0500.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0500.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip1000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip1000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip100000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip100000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip1000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip1000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip25000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip25000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip5000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip5000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip500000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip500000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip5000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip5000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip-d.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip-d.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip000001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip000001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip000005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip000005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip000025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip000025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0100.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0100.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0500.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0500.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip1000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip1000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip100000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip100000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip1000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip1000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip25000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip25000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip5000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip5000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip500000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip500000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip5000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip5000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\[u]0[/u]\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\[u]0[/u]\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\[u]0[/u]\cardface.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\[u]0[/u]\cardface.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\1\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\1\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\1\cardface.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\1\cardface.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\2\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\2\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\2\cardface.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\2\cardface.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\2\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\2\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\3\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\3\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\3\cardface.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\3\cardface.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\3\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\3\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\4\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\4\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\4\cardface.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\4\cardface.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\4\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\4\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\5\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\5\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\5\cardface.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\5\cardface.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\5\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\5\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\6\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\6\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\6\cardface.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\6\cardface.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\6\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\6\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\back.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\cardfade.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\cardfade.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\deck.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\smback.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\smback.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\[u]0[/u]\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\[u]0[/u]\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\[u]0[/u]\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\[u]0[/u]\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\[u]0[/u]\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\1\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\1\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\1\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\1\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\1\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\2\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\2\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\2\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\2\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\2\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\3\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\3\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\3\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\3\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\3\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\4\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\4\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\4\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\4\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\4\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\5\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\5\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\5\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\5\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\5\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\6\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\6\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\6\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\6\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\6\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\[u]0[/u]\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\[u]0[/u]\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\[u]0[/u]\cardrank.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\[u]0[/u]\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\[u]0[/u]\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\[u]0[/u]\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\[u]0[/u]\deck.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\[u]0[/u]\deck.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\1\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\1\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\1\cardrank.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\1\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\1\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\1\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\1\deck.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\1\deck.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\2\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\2\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\2\cardrank.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\2\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\2\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\2\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\2\deck.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\2\deck.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\3\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\3\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\3\cardrank.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\3\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\3\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\3\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\3\deck.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\3\deck.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\4\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\4\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\4\cardrank.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\4\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\4\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\4\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\4\deck.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\4\deck.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\5\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\5\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\5\cardrank.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\5\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\5\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\5\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\5\deck.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\5\deck.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\6\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\6\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\6\cardrank.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\6\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\6\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\6\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\6\deck.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\6\deck.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\back.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\back.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\cardfade.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\cardfade.bmp
C:\Program Files\PokerStars\Gx\close.a.bmp
C:\Program Files\PokerStars\Gx\close.bmp
C:\Program Files\PokerStars\Gx\ctep.bmp
C:\Program Files\PokerStars\Gx\ctrls\bb.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\bb.bmp
C:\Program Files\PokerStars\Gx\ctrls\btn.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\btn.bmp
C:\Program Files\PokerStars\Gx\ctrls\cashierb.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\cashierb.bmp
C:\Program Files\PokerStars\Gx\ctrls\cashiergb.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\cashiergb.bmp
C:\Program Files\PokerStars\Gx\ctrls\cashierrb.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\cashierrb.bmp
C:\Program Files\PokerStars\Gx\ctrls\cb.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\cb.bmp
C:\Program Files\PokerStars\Gx\ctrls\cb2.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\cb2.bmp
C:\Program Files\PokerStars\Gx\ctrls\cbtn.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\cbtn.bmp
C:\Program Files\PokerStars\Gx\ctrls\lb.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\lb.bmp
C:\Program Files\PokerStars\Gx\ctrls\rbtn.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\rbtn.bmp
C:\Program Files\PokerStars\Gx\ctrls\sizebox.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\sizebox.bmp
C:\Program Files\PokerStars\Gx\ctrls\slider-grip.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\slider-grip.bmp
C:\Program Files\PokerStars\Gx\ctrls\slider.bmp
C:\Program Files\PokerStars\Gx\ctrls\stb.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\stb.bmp
C:\Program Files\PokerStars\Gx\ctrls\tabs.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\tabs.bmp
C:\Program Files\PokerStars\Gx\ctrls\wb.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\wb.bmp
C:\Program Files\PokerStars\Gx\cvn.jpg
C:\Program Files\PokerStars\Gx\dialog.a.bmp
C:\Program Files\PokerStars\Gx\dialog.bmp
C:\Program Files\PokerStars\Gx\fg.a.bmp
C:\Program Files\PokerStars\Gx\fg.bmp
C:\Program Files\PokerStars\Gx\filter.a.bmp
C:\Program Files\PokerStars\Gx\filter.bmp
C:\Program Files\PokerStars\Gx\filterb.bmp
C:\Program Files\PokerStars\Gx\fonts\ar08.bmp
C:\Program Files\PokerStars\Gx\fonts\ar08.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\ar08.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\ar08.pff
C:\Program Files\PokerStars\Gx\fonts\ar09.bmp
C:\Program Files\PokerStars\Gx\fonts\ar09.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\ar09.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\ar09.pff
C:\Program Files\PokerStars\Gx\fonts\arb08.bmp
C:\Program Files\PokerStars\Gx\fonts\arb08.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\arb08.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\arb08.pff
C:\Program Files\PokerStars\Gx\fonts\arb09.bmp
C:\Program Files\PokerStars\Gx\fonts\arb09.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\arb09.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\arb09.pff
C:\Program Files\PokerStars\Gx\fonts\arb10.bmp
C:\Program Files\PokerStars\Gx\fonts\arb10.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\arb10.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\arb10.pff
C:\Program Files\PokerStars\Gx\fonts\arb11.bmp
C:\Program Files\PokerStars\Gx\fonts\arb11.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\arb11.cp1250i.bmp
C:\Program Files\PokerStars\Gx\fonts\arb11.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\arb11.cp1252i.bmp
C:\Program Files\PokerStars\Gx\fonts\arb11.pff
C:\Program Files\PokerStars\Gx\fonts\arb11i.bmp
C:\Program Files\PokerStars\Gx\fonts\arb12.bmp
C:\Program Files\PokerStars\Gx\fonts\arb12.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\arb12.cp1250i.bmp
C:\Program Files\PokerStars\Gx\fonts\arb12.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\arb12.cp1252i.bmp
C:\Program Files\PokerStars\Gx\fonts\arb12.pff
C:\Program Files\PokerStars\Gx\fonts\arb12i.bmp
C:\Program Files\PokerStars\Gx\fonts\arb14.bmp
C:\Program Files\PokerStars\Gx\fonts\arb14.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\arb14.cp1250i.bmp
C:\Program Files\PokerStars\Gx\fonts\arb14.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\arb14.cp1252i.bmp
C:\Program Files\PokerStars\Gx\fonts\arb14.pff
C:\Program Files\PokerStars\Gx\fonts\arb14i.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu09.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu09.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu09.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu09.pff
C:\Program Files\PokerStars\Gx\fonts\arbu10.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu10.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu10.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu10.pff
C:\Program Files\PokerStars\Gx\fonts\arbu12.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu12.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu12.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu12.pff
C:\Program Files\PokerStars\Gx\fonts\arbu12i.bmp
C:\Program Files\PokerStars\Gx\fonts\aru08.bmp
C:\Program Files\PokerStars\Gx\fonts\aru08.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\aru08.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\aru08.pff
C:\Program Files\PokerStars\Gx\fonts\aru09.bmp
C:\Program Files\PokerStars\Gx\fonts\aru09.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\aru09.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\aru09.pff
C:\Program Files\PokerStars\Gx\fonts\aru10.bmp
C:\Program Files\PokerStars\Gx\fonts\aru10.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\aru10.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\aru10.pff
C:\Program Files\PokerStars\Gx\fonts\gmb075.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb075.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb075.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb075.pff
C:\Program Files\PokerStars\Gx\fonts\gmb08.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb08.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb08.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb08.pff
C:\Program Files\PokerStars\
ComboFix 07-11-19.3 - HP_Propriétaire 2007-11-25 15:01:32.5 - NTFSx86 NETWORK
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.278 [GMT 1:00]
Running from: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Propriétaire\Bureau\CFScript.txt
FILE
C:\WINDOWS\system32\mlljj.dll
C:\WINDOWS\system32\oflyrqkf.ini
C:\WINDOWS\system32\qhrsbbgx.ini
C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
.
Incapable d'obtenir les privilèges Système
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\hp\digital imaging\bin\hp promotions
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\HPpromo.exe
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\main.cfg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftwareInstaller\Data1.cab
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftwareInstaller\JourneySoftware.msi
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftwareInstaller\setup.exe
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\main.cfg
C:\Program Files\PokerStars
C:\Program Files\PokerStars\_update2g.dat
C:\Program Files\PokerStars\_update2gcd.dat
C:\Program Files\PokerStars\_update2ni.dat
C:\Program Files\PokerStars\_update2rare.dat
C:\Program Files\PokerStars\_update2s.dat
C:\Program Files\PokerStars\_updcache.dat
C:\Program Files\PokerStars\backup\Gx\cashierpaysystem.jpg
C:\Program Files\PokerStars\backup\Gx\templates\browser.css
C:\Program Files\PokerStars\backup\Gx\templates\dialog.html
C:\Program Files\PokerStars\backup\Gx\templates\help.html
C:\Program Files\PokerStars\backup\Gx\templates\menu.xml
C:\Program Files\PokerStars\backup\i18n.msg_cli.txt
C:\Program Files\PokerStars\backup\PokerStars.exe
C:\Program Files\PokerStars\backup\Themes\&default\gx.ini
C:\Program Files\PokerStars\backup\Themes\themes.ini
C:\Program Files\PokerStars\backup\update.ini
C:\Program Files\PokerStars\fw.ini
C:\Program Files\PokerStars\Gx\arr.a.bmp
C:\Program Files\PokerStars\Gx\arr.bmp
C:\Program Files\PokerStars\Gx\bg.jpg
C:\Program Files\PokerStars\Gx\blt.a.bmp
C:\Program Files\PokerStars\Gx\blt.bmp
C:\Program Files\PokerStars\Gx\cashierpaysystem.a.bmp
C:\Program Files\PokerStars\Gx\cashierpaysystem.bmp
C:\Program Files\PokerStars\Gx\cashierpaysystem.jpg
C:\Program Files\PokerStars\Gx\cheque.jpg
C:\Program Files\PokerStars\Gx\chequeCA.jpg
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip-d.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip-d.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip000001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip000001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip000005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip000005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip000025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip000025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip0001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip0001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip0005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip0005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip0025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip0025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip0100.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip0100.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip0500.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip0500.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip1000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip1000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip100000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip100000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip1000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip1000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip25000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip25000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip5000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip5000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip500000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip500000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip5000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip5000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip-d.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip-d.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip000001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip000001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip000005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip000005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip000025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip000025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0100.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0100.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0500.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0500.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip1000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip1000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip100000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip100000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip1000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip1000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip25000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip25000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip5000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip5000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip500000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip500000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip5000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip5000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip-d.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip-d.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip000001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip000001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip000005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip000005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip000025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip000025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0100.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0100.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0500.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0500.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip1000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip1000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip100000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip100000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip1000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip1000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip25000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip25000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip5000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip5000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip500000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip500000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip5000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip5000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip-d.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip-d.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip000001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip000001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip000005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip000005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip000025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip000025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0100.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0100.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0500.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0500.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip1000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip1000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip100000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip100000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip1000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip1000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip25000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip25000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip5000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip5000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip500000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip500000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip5000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip5000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip-d.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip-d.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip000001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip000001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip000005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip000005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip000025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip000025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0100.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0100.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0500.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0500.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip1000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip1000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip100000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip100000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip1000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip1000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip25000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip25000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip5000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip5000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip500000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip500000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip5000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip5000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip-d.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip-d.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip000001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip000001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip000005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip000005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip000025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip000025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0100.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0100.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0500.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0500.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip1000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip1000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip100000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip100000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip1000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip1000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip25000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip25000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip5000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip5000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip500000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip500000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip5000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip5000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip-d.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip-d.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip000001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip000001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip000005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip000005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip000025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip000025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0100.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0100.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0500.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0500.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip1000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip1000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip100000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip100000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip1000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip1000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip25000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip25000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip5000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip5000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip500000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip500000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip5000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip5000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\[u]0[/u]\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\[u]0[/u]\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\[u]0[/u]\cardface.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\[u]0[/u]\cardface.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\1\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\1\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\1\cardface.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\1\cardface.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\2\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\2\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\2\cardface.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\2\cardface.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\2\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\2\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\3\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\3\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\3\cardface.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\3\cardface.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\3\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\3\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\4\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\4\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\4\cardface.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\4\cardface.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\4\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\4\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\5\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\5\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\5\cardface.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\5\cardface.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\5\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\5\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\6\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\6\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\6\cardface.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\6\cardface.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\6\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\6\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\back.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\cardfade.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\cardfade.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\deck.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\smback.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\smback.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\[u]0[/u]\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\[u]0[/u]\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\[u]0[/u]\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\[u]0[/u]\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\[u]0[/u]\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\1\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\1\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\1\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\1\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\1\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\2\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\2\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\2\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\2\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\2\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\3\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\3\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\3\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\3\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\3\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\4\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\4\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\4\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\4\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\4\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\5\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\5\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\5\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\5\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\5\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\6\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\6\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\6\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\6\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\6\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\[u]0[/u]\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\[u]0[/u]\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\[u]0[/u]\cardrank.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\[u]0[/u]\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\[u]0[/u]\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\[u]0[/u]\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\[u]0[/u]\deck.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\[u]0[/u]\deck.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\1\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\1\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\1\cardrank.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\1\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\1\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\1\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\1\deck.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\1\deck.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\2\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\2\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\2\cardrank.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\2\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\2\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\2\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\2\deck.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\2\deck.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\3\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\3\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\3\cardrank.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\3\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\3\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\3\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\3\deck.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\3\deck.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\4\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\4\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\4\cardrank.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\4\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\4\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\4\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\4\deck.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\4\deck.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\5\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\5\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\5\cardrank.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\5\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\5\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\5\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\5\deck.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\5\deck.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\6\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\6\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\6\cardrank.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\6\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\6\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\6\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\6\deck.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\6\deck.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\back.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\back.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\cardfade.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\cardfade.bmp
C:\Program Files\PokerStars\Gx\close.a.bmp
C:\Program Files\PokerStars\Gx\close.bmp
C:\Program Files\PokerStars\Gx\ctep.bmp
C:\Program Files\PokerStars\Gx\ctrls\bb.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\bb.bmp
C:\Program Files\PokerStars\Gx\ctrls\btn.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\btn.bmp
C:\Program Files\PokerStars\Gx\ctrls\cashierb.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\cashierb.bmp
C:\Program Files\PokerStars\Gx\ctrls\cashiergb.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\cashiergb.bmp
C:\Program Files\PokerStars\Gx\ctrls\cashierrb.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\cashierrb.bmp
C:\Program Files\PokerStars\Gx\ctrls\cb.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\cb.bmp
C:\Program Files\PokerStars\Gx\ctrls\cb2.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\cb2.bmp
C:\Program Files\PokerStars\Gx\ctrls\cbtn.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\cbtn.bmp
C:\Program Files\PokerStars\Gx\ctrls\lb.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\lb.bmp
C:\Program Files\PokerStars\Gx\ctrls\rbtn.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\rbtn.bmp
C:\Program Files\PokerStars\Gx\ctrls\sizebox.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\sizebox.bmp
C:\Program Files\PokerStars\Gx\ctrls\slider-grip.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\slider-grip.bmp
C:\Program Files\PokerStars\Gx\ctrls\slider.bmp
C:\Program Files\PokerStars\Gx\ctrls\stb.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\stb.bmp
C:\Program Files\PokerStars\Gx\ctrls\tabs.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\tabs.bmp
C:\Program Files\PokerStars\Gx\ctrls\wb.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\wb.bmp
C:\Program Files\PokerStars\Gx\cvn.jpg
C:\Program Files\PokerStars\Gx\dialog.a.bmp
C:\Program Files\PokerStars\Gx\dialog.bmp
C:\Program Files\PokerStars\Gx\fg.a.bmp
C:\Program Files\PokerStars\Gx\fg.bmp
C:\Program Files\PokerStars\Gx\filter.a.bmp
C:\Program Files\PokerStars\Gx\filter.bmp
C:\Program Files\PokerStars\Gx\filterb.bmp
C:\Program Files\PokerStars\Gx\fonts\ar08.bmp
C:\Program Files\PokerStars\Gx\fonts\ar08.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\ar08.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\ar08.pff
C:\Program Files\PokerStars\Gx\fonts\ar09.bmp
C:\Program Files\PokerStars\Gx\fonts\ar09.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\ar09.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\ar09.pff
C:\Program Files\PokerStars\Gx\fonts\arb08.bmp
C:\Program Files\PokerStars\Gx\fonts\arb08.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\arb08.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\arb08.pff
C:\Program Files\PokerStars\Gx\fonts\arb09.bmp
C:\Program Files\PokerStars\Gx\fonts\arb09.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\arb09.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\arb09.pff
C:\Program Files\PokerStars\Gx\fonts\arb10.bmp
C:\Program Files\PokerStars\Gx\fonts\arb10.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\arb10.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\arb10.pff
C:\Program Files\PokerStars\Gx\fonts\arb11.bmp
C:\Program Files\PokerStars\Gx\fonts\arb11.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\arb11.cp1250i.bmp
C:\Program Files\PokerStars\Gx\fonts\arb11.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\arb11.cp1252i.bmp
C:\Program Files\PokerStars\Gx\fonts\arb11.pff
C:\Program Files\PokerStars\Gx\fonts\arb11i.bmp
C:\Program Files\PokerStars\Gx\fonts\arb12.bmp
C:\Program Files\PokerStars\Gx\fonts\arb12.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\arb12.cp1250i.bmp
C:\Program Files\PokerStars\Gx\fonts\arb12.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\arb12.cp1252i.bmp
C:\Program Files\PokerStars\Gx\fonts\arb12.pff
C:\Program Files\PokerStars\Gx\fonts\arb12i.bmp
C:\Program Files\PokerStars\Gx\fonts\arb14.bmp
C:\Program Files\PokerStars\Gx\fonts\arb14.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\arb14.cp1250i.bmp
C:\Program Files\PokerStars\Gx\fonts\arb14.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\arb14.cp1252i.bmp
C:\Program Files\PokerStars\Gx\fonts\arb14.pff
C:\Program Files\PokerStars\Gx\fonts\arb14i.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu09.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu09.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu09.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu09.pff
C:\Program Files\PokerStars\Gx\fonts\arbu10.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu10.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu10.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu10.pff
C:\Program Files\PokerStars\Gx\fonts\arbu12.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu12.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu12.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu12.pff
C:\Program Files\PokerStars\Gx\fonts\arbu12i.bmp
C:\Program Files\PokerStars\Gx\fonts\aru08.bmp
C:\Program Files\PokerStars\Gx\fonts\aru08.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\aru08.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\aru08.pff
C:\Program Files\PokerStars\Gx\fonts\aru09.bmp
C:\Program Files\PokerStars\Gx\fonts\aru09.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\aru09.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\aru09.pff
C:\Program Files\PokerStars\Gx\fonts\aru10.bmp
C:\Program Files\PokerStars\Gx\fonts\aru10.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\aru10.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\aru10.pff
C:\Program Files\PokerStars\Gx\fonts\gmb075.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb075.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb075.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb075.pff
C:\Program Files\PokerStars\Gx\fonts\gmb08.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb08.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb08.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb08.pff
C:\Program Files\PokerStars\
voici le deuxiéme:
ComboFix 07-11-19.3 - HP_Propriétaire 2007-11-25 15:01:32.5 - NTFSx86 NETWORK
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.278 [GMT 1:00]
Running from: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Propriétaire\Bureau\CFScript.txt
FILE
C:\WINDOWS\system32\mlljj.dll
C:\WINDOWS\system32\oflyrqkf.ini
C:\WINDOWS\system32\qhrsbbgx.ini
C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
.
Incapable d'obtenir les privilèges Système
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\hp\digital imaging\bin\hp promotions
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\HPpromo.exe
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\main.cfg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftwareInstaller\Data1.cab
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftwareInstaller\JourneySoftware.msi
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftwareInstaller\setup.exe
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\main.cfg
C:\Program Files\PokerStars
C:\Program Files\PokerStars\_update2g.dat
C:\Program Files\PokerStars\_update2gcd.dat
C:\Program Files\PokerStars\_update2ni.dat
C:\Program Files\PokerStars\_update2rare.dat
C:\Program Files\PokerStars\_update2s.dat
C:\Program Files\PokerStars\_updcache.dat
C:\Program Files\PokerStars\backup\Gx\cashierpaysystem.jpg
C:\Program Files\PokerStars\backup\Gx\templates\browser.css
C:\Program Files\PokerStars\backup\Gx\templates\dialog.html
C:\Program Files\PokerStars\backup\Gx\templates\help.html
C:\Program Files\PokerStars\backup\Gx\templates\menu.xml
C:\Program Files\PokerStars\backup\i18n.msg_cli.txt
C:\Program Files\PokerStars\backup\PokerStars.exe
C:\Program Files\PokerStars\backup\Themes\&default\gx.ini
C:\Program Files\PokerStars\backup\Themes\themes.ini
C:\Program Files\PokerStars\backup\update.ini
C:\Program Files\PokerStars\fw.ini
C:\Program Files\PokerStars\Gx\arr.a.bmp
C:\Program Files\PokerStars\Gx\arr.bmp
C:\Program Files\PokerStars\Gx\bg.jpg
C:\Program Files\PokerStars\Gx\blt.a.bmp
C:\Program Files\PokerStars\Gx\blt.bmp
C:\Program Files\PokerStars\Gx\cashierpaysystem.a.bmp
C:\Program Files\PokerStars\Gx\cashierpaysystem.bmp
C:\Program Files\PokerStars\Gx\cashierpaysystem.jpg
C:\Program Files\PokerStars\Gx\cheque.jpg
C:\Program Files\PokerStars\Gx\chequeCA.jpg
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip-d.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip-d.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip000001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip000001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip000005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip000005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip000025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip000025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip0001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip0001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip0005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip0005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip0025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip0025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip0100.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip0100.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip0500.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip0500.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip1000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip1000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip100000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip100000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip1000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip1000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip25000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip25000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip5000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip5000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip500000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip500000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip5000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip5000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip-d.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip-d.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip000001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip000001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip000005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip000005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip000025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip000025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0100.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0100.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0500.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0500.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip1000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip1000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip100000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip100000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip1000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip1000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip25000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip25000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip5000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip5000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip500000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip500000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip5000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip5000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip-d.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip-d.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip000001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip000001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip000005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip000005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip000025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip000025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0100.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0100.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0500.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0500.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip1000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip1000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip100000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip100000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip1000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip1000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip25000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip25000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip5000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip5000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip500000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip500000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip5000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip5000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip-d.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip-d.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip000001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip000001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip000005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip000005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip000025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip000025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0100.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0100.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0500.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0500.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip1000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip1000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip100000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip100000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip1000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip1000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip25000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip25000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip5000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip5000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip500000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip500000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip5000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip5000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip-d.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip-d.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip000001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip000001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip000005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip000005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip000025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip000025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0100.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0100.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0500.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0500.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip1000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip1000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip100000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip100000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip1000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip1000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip25000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip25000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip5000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip5000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip500000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip500000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip5000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip5000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip-d.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip-d.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip000001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip000001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip000005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip000005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip000025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip000025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0100.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0100.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0500.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0500.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip1000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip1000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip100000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip100000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip1000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip1000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip25000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip25000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip5000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip5000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip500000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip500000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip5000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip5000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip-d.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip-d.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip000001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip000001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip000005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip000005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip000025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip000025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0100.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0100.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0500.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0500.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip1000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip1000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip100000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip100000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip1000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip1000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip25000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip25000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip5000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip5000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip500000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip500000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip5000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip5000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\[u]0[/u]\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\[u]0[/u]\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\[u]0[/u]\cardface.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\[u]0[/u]\cardface.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\1\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\1\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\1\cardface.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\1\cardface.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\2\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\2\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\2\cardface.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\2\cardface.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\2\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\2\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\3\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\3\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\3\cardface.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\3\cardface.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\3\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\3\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\4\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\4\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\4\cardface.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\4\cardface.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\4\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\4\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\5\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\5\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\5\cardface.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\5\cardface.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\5\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\5\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\6\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\6\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\6\cardface.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\6\cardface.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\6\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\6\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\back.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\cardfade.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\cardfade.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\deck.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\smback.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\smback.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\[u]0[/u]\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\[u]0[/u]\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\[u]0[/u]\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\[u]0[/u]\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\[u]0[/u]\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\1\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\1\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\1\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\1\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\1\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\2\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\2\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\2\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\2\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\2\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\3\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\3\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\3\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\3\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\3\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\4\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\4\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\4\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\4\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\4\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\5\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\5\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\5\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\5\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\5\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\6\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\6\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\6\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\6\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\6\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\[u]0[/u]\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\[u]0[/u]\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\[u]0[/u]\cardrank.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\[u]0[/u]\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\[u]0[/u]\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\[u]0[/u]\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\[u]0[/u]\deck.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\[u]0[/u]\deck.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\1\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\1\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\1\cardrank.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\1\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\1\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\1\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\1\deck.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\1\deck.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\2\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\2\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\2\cardrank.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\2\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\2\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\2\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\2\deck.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\2\deck.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\3\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\3\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\3\cardrank.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\3\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\3\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\3\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\3\deck.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\3\deck.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\4\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\4\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\4\cardrank.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\4\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\4\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\4\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\4\deck.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\4\deck.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\5\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\5\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\5\cardrank.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\5\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\5\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\5\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\5\deck.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\5\deck.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\6\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\6\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\6\cardrank.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\6\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\6\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\6\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\6\deck.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\6\deck.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\back.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\back.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\cardfade.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\cardfade.bmp
C:\Program Files\PokerStars\Gx\close.a.bmp
C:\Program Files\PokerStars\Gx\close.bmp
C:\Program Files\PokerStars\Gx\ctep.bmp
C:\Program Files\PokerStars\Gx\ctrls\bb.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\bb.bmp
C:\Program Files\PokerStars\Gx\ctrls\btn.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\btn.bmp
C:\Program Files\PokerStars\Gx\ctrls\cashierb.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\cashierb.bmp
C:\Program Files\PokerStars\Gx\ctrls\cashiergb.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\cashiergb.bmp
C:\Program Files\PokerStars\Gx\ctrls\cashierrb.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\cashierrb.bmp
C:\Program Files\PokerStars\Gx\ctrls\cb.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\cb.bmp
C:\Program Files\PokerStars\Gx\ctrls\cb2.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\cb2.bmp
C:\Program Files\PokerStars\Gx\ctrls\cbtn.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\cbtn.bmp
C:\Program Files\PokerStars\Gx\ctrls\lb.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\lb.bmp
C:\Program Files\PokerStars\Gx\ctrls\rbtn.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\rbtn.bmp
C:\Program Files\PokerStars\Gx\ctrls\sizebox.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\sizebox.bmp
C:\Program Files\PokerStars\Gx\ctrls\slider-grip.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\slider-grip.bmp
C:\Program Files\PokerStars\Gx\ctrls\slider.bmp
C:\Program Files\PokerStars\Gx\ctrls\stb.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\stb.bmp
C:\Program Files\PokerStars\Gx\ctrls\tabs.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\tabs.bmp
C:\Program Files\PokerStars\Gx\ctrls\wb.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\wb.bmp
C:\Program Files\PokerStars\Gx\cvn.jpg
C:\Program Files\PokerStars\Gx\dialog.a.bmp
C:\Program Files\PokerStars\Gx\dialog.bmp
C:\Program Files\PokerStars\Gx\fg.a.bmp
C:\Program Files\PokerStars\Gx\fg.bmp
C:\Program Files\PokerStars\Gx\filter.a.bmp
C:\Program Files\PokerStars\Gx\filter.bmp
C:\Program Files\PokerStars\Gx\filterb.bmp
C:\Program Files\PokerStars\Gx\fonts\ar08.bmp
C:\Program Files\PokerStars\Gx\fonts\ar08.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\ar08.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\ar08.pff
C:\Program Files\PokerStars\Gx\fonts\ar09.bmp
C:\Program Files\PokerStars\Gx\fonts\ar09.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\ar09.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\ar09.pff
C:\Program Files\PokerStars\Gx\fonts\arb08.bmp
C:\Program Files\PokerStars\Gx\fonts\arb08.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\arb08.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\arb08.pff
C:\Program Files\PokerStars\Gx\fonts\arb09.bmp
C:\Program Files\PokerStars\Gx\fonts\arb09.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\arb09.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\arb09.pff
C:\Program Files\PokerStars\Gx\fonts\arb10.bmp
C:\Program Files\PokerStars\Gx\fonts\arb10.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\arb10.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\arb10.pff
C:\Program Files\PokerStars\Gx\fonts\arb11.bmp
C:\Program Files\PokerStars\Gx\fonts\arb11.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\arb11.cp1250i.bmp
C:\Program Files\PokerStars\Gx\fonts\arb11.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\arb11.cp1252i.bmp
C:\Program Files\PokerStars\Gx\fonts\arb11.pff
C:\Program Files\PokerStars\Gx\fonts\arb11i.bmp
C:\Program Files\PokerStars\Gx\fonts\arb12.bmp
C:\Program Files\PokerStars\Gx\fonts\arb12.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\arb12.cp1250i.bmp
C:\Program Files\PokerStars\Gx\fonts\arb12.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\arb12.cp1252i.bmp
C:\Program Files\PokerStars\Gx\fonts\arb12.pff
C:\Program Files\PokerStars\Gx\fonts\arb12i.bmp
C:\Program Files\PokerStars\Gx\fonts\arb14.bmp
C:\Program Files\PokerStars\Gx\fonts\arb14.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\arb14.cp1250i.bmp
C:\Program Files\PokerStars\Gx\fonts\arb14.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\arb14.cp1252i.bmp
C:\Program Files\PokerStars\Gx\fonts\arb14.pff
C:\Program Files\PokerStars\Gx\fonts\arb14i.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu09.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu09.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu09.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu09.pff
C:\Program Files\PokerStars\Gx\fonts\arbu10.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu10.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu10.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu10.pff
C:\Program Files\PokerStars\Gx\fonts\arbu12.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu12.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu12.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu12.pff
C:\Program Files\PokerStars\Gx\fonts\arbu12i.bmp
C:\Program Files\PokerStars\Gx\fonts\aru08.bmp
C:\Program Files\PokerStars\Gx\fonts\aru08.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\aru08.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\aru08.pff
C:\Program Files\PokerStars\Gx\fonts\aru09.bmp
C:\Program Files\PokerStars\Gx\fonts\aru09.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\aru09.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\aru09.pff
C:\Program Files\PokerStars\Gx\fonts\aru10.bmp
C:\Program Files\PokerStars\Gx\fonts\aru10.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\aru10.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\aru10.pff
C:\Program Files\PokerStars\Gx\fonts\gmb075.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb075.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb075.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb075.pff
C:\Program Files\PokerStars\Gx\fonts\gmb08.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb08.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb08.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb08.pff
C:\Program Files\PokerStars\Gx\fonts\gmb09.bmp
C:\Progr
ComboFix 07-11-19.3 - HP_Propriétaire 2007-11-25 15:01:32.5 - NTFSx86 NETWORK
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.278 [GMT 1:00]
Running from: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Propriétaire\Bureau\CFScript.txt
FILE
C:\WINDOWS\system32\mlljj.dll
C:\WINDOWS\system32\oflyrqkf.ini
C:\WINDOWS\system32\qhrsbbgx.ini
C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
.
Incapable d'obtenir les privilèges Système
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\hp\digital imaging\bin\hp promotions
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\HPpromo.exe
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\cs\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\da\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\de\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\el\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\en\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\es\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fi\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\fr\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\hu\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\it\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\nl\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\no\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pl\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\pt\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\ru\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\sv\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\CONGRATULATIONS1.html
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\images\landing_page\arrow.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\images\landing_page\button00.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\images\landing_page\button01.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\images\landing_page\button02.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\images\landing_page\button10.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\images\landing_page\button12.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\images\landing_page\button20.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\images\landing_page\button22.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\images\landing_page\clear.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\images\landing_page\close.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\images\landing_page\hp.gif
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\languages\tr\images\landing_page\main.jpg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftware\main.cfg
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftwareInstaller\Data1.cab
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftwareInstaller\JourneySoftware.msi
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\JourneySoftwareInstaller\setup.exe
C:\Program Files\hp\digital imaging\bin\hp promotions\JourneySoftware\main.cfg
C:\Program Files\PokerStars
C:\Program Files\PokerStars\_update2g.dat
C:\Program Files\PokerStars\_update2gcd.dat
C:\Program Files\PokerStars\_update2ni.dat
C:\Program Files\PokerStars\_update2rare.dat
C:\Program Files\PokerStars\_update2s.dat
C:\Program Files\PokerStars\_updcache.dat
C:\Program Files\PokerStars\backup\Gx\cashierpaysystem.jpg
C:\Program Files\PokerStars\backup\Gx\templates\browser.css
C:\Program Files\PokerStars\backup\Gx\templates\dialog.html
C:\Program Files\PokerStars\backup\Gx\templates\help.html
C:\Program Files\PokerStars\backup\Gx\templates\menu.xml
C:\Program Files\PokerStars\backup\i18n.msg_cli.txt
C:\Program Files\PokerStars\backup\PokerStars.exe
C:\Program Files\PokerStars\backup\Themes\&default\gx.ini
C:\Program Files\PokerStars\backup\Themes\themes.ini
C:\Program Files\PokerStars\backup\update.ini
C:\Program Files\PokerStars\fw.ini
C:\Program Files\PokerStars\Gx\arr.a.bmp
C:\Program Files\PokerStars\Gx\arr.bmp
C:\Program Files\PokerStars\Gx\bg.jpg
C:\Program Files\PokerStars\Gx\blt.a.bmp
C:\Program Files\PokerStars\Gx\blt.bmp
C:\Program Files\PokerStars\Gx\cashierpaysystem.a.bmp
C:\Program Files\PokerStars\Gx\cashierpaysystem.bmp
C:\Program Files\PokerStars\Gx\cashierpaysystem.jpg
C:\Program Files\PokerStars\Gx\cheque.jpg
C:\Program Files\PokerStars\Gx\chequeCA.jpg
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip-d.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip-d.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip000001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip000001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip000005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip000005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip000025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip000025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip0001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip0001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip0005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip0005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip0025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip0025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip0100.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip0100.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip0500.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip0500.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip1000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip1000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip100000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip100000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip1000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip1000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip25000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip25000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip5000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip5000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip500000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip500000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip5000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\[u]0[/u]\chip5000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip-d.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip-d.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip000001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip000001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip000005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip000005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip000025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip000025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0100.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0100.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0500.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0500.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip1000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip1000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip100000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip100000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip1000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip1000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip25000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip25000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip5000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip5000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip500000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip500000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip5000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip5000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip-d.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip-d.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip000001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip000001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip000005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip000005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip000025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip000025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0100.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0100.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0500.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0500.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip1000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip1000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip100000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip100000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip1000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip1000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip25000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip25000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip5000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip5000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip500000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip500000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip5000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip5000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip-d.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip-d.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip000001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip000001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip000005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip000005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip000025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip000025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0100.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0100.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0500.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0500.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip1000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip1000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip100000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip100000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip1000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip1000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip25000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip25000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip5000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip5000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip500000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip500000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip5000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip5000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip-d.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip-d.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip000001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip000001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip000005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip000005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip000025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip000025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0100.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0100.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0500.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0500.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip1000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip1000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip100000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip100000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip1000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip1000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip25000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip25000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip5000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip5000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip500000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip500000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip5000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip5000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip-d.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip-d.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip000001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip000001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip000005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip000005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip000025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip000025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0100.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0100.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0500.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0500.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip1000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip1000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip100000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip100000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip1000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip1000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip25000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip25000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip5000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip5000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip500000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip500000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip5000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip5000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip-d.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip-d.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip000001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip000001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip000005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip000005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip000025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip000025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0100.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0100.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0500.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0500.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip1000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip1000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip100000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip100000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip1000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip1000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip25000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip25000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip5000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip5000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip500000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip500000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip5000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip5000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\[u]0[/u]\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\[u]0[/u]\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\[u]0[/u]\cardface.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\[u]0[/u]\cardface.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\1\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\1\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\1\cardface.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\1\cardface.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\2\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\2\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\2\cardface.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\2\cardface.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\2\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\2\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\3\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\3\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\3\cardface.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\3\cardface.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\3\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\3\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\4\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\4\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\4\cardface.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\4\cardface.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\4\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\4\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\5\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\5\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\5\cardface.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\5\cardface.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\5\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\5\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\6\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\6\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\6\cardface.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\6\cardface.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\6\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\6\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\back.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\cardfade.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\cardfade.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\deck.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\smback.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\smback.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\[u]0[/u]\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\[u]0[/u]\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\[u]0[/u]\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\[u]0[/u]\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\[u]0[/u]\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\1\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\1\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\1\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\1\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\1\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\2\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\2\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\2\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\2\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\2\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\3\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\3\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\3\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\3\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\3\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\4\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\4\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\4\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\4\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\4\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\5\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\5\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\5\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\5\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\5\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\6\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\6\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\6\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\6\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\6\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\[u]0[/u]\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\[u]0[/u]\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\[u]0[/u]\cardrank.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\[u]0[/u]\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\[u]0[/u]\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\[u]0[/u]\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\[u]0[/u]\deck.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\[u]0[/u]\deck.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\1\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\1\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\1\cardrank.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\1\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\1\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\1\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\1\deck.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\1\deck.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\2\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\2\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\2\cardrank.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\2\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\2\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\2\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\2\deck.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\2\deck.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\3\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\3\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\3\cardrank.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\3\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\3\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\3\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\3\deck.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\3\deck.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\4\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\4\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\4\cardrank.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\4\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\4\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\4\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\4\deck.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\4\deck.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\5\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\5\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\5\cardrank.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\5\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\5\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\5\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\5\deck.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\5\deck.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\6\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\6\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\6\cardrank.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\6\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\6\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\6\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\6\deck.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\6\deck.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\back.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\back.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\cardfade.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\cardfade.bmp
C:\Program Files\PokerStars\Gx\close.a.bmp
C:\Program Files\PokerStars\Gx\close.bmp
C:\Program Files\PokerStars\Gx\ctep.bmp
C:\Program Files\PokerStars\Gx\ctrls\bb.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\bb.bmp
C:\Program Files\PokerStars\Gx\ctrls\btn.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\btn.bmp
C:\Program Files\PokerStars\Gx\ctrls\cashierb.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\cashierb.bmp
C:\Program Files\PokerStars\Gx\ctrls\cashiergb.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\cashiergb.bmp
C:\Program Files\PokerStars\Gx\ctrls\cashierrb.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\cashierrb.bmp
C:\Program Files\PokerStars\Gx\ctrls\cb.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\cb.bmp
C:\Program Files\PokerStars\Gx\ctrls\cb2.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\cb2.bmp
C:\Program Files\PokerStars\Gx\ctrls\cbtn.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\cbtn.bmp
C:\Program Files\PokerStars\Gx\ctrls\lb.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\lb.bmp
C:\Program Files\PokerStars\Gx\ctrls\rbtn.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\rbtn.bmp
C:\Program Files\PokerStars\Gx\ctrls\sizebox.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\sizebox.bmp
C:\Program Files\PokerStars\Gx\ctrls\slider-grip.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\slider-grip.bmp
C:\Program Files\PokerStars\Gx\ctrls\slider.bmp
C:\Program Files\PokerStars\Gx\ctrls\stb.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\stb.bmp
C:\Program Files\PokerStars\Gx\ctrls\tabs.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\tabs.bmp
C:\Program Files\PokerStars\Gx\ctrls\wb.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\wb.bmp
C:\Program Files\PokerStars\Gx\cvn.jpg
C:\Program Files\PokerStars\Gx\dialog.a.bmp
C:\Program Files\PokerStars\Gx\dialog.bmp
C:\Program Files\PokerStars\Gx\fg.a.bmp
C:\Program Files\PokerStars\Gx\fg.bmp
C:\Program Files\PokerStars\Gx\filter.a.bmp
C:\Program Files\PokerStars\Gx\filter.bmp
C:\Program Files\PokerStars\Gx\filterb.bmp
C:\Program Files\PokerStars\Gx\fonts\ar08.bmp
C:\Program Files\PokerStars\Gx\fonts\ar08.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\ar08.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\ar08.pff
C:\Program Files\PokerStars\Gx\fonts\ar09.bmp
C:\Program Files\PokerStars\Gx\fonts\ar09.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\ar09.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\ar09.pff
C:\Program Files\PokerStars\Gx\fonts\arb08.bmp
C:\Program Files\PokerStars\Gx\fonts\arb08.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\arb08.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\arb08.pff
C:\Program Files\PokerStars\Gx\fonts\arb09.bmp
C:\Program Files\PokerStars\Gx\fonts\arb09.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\arb09.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\arb09.pff
C:\Program Files\PokerStars\Gx\fonts\arb10.bmp
C:\Program Files\PokerStars\Gx\fonts\arb10.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\arb10.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\arb10.pff
C:\Program Files\PokerStars\Gx\fonts\arb11.bmp
C:\Program Files\PokerStars\Gx\fonts\arb11.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\arb11.cp1250i.bmp
C:\Program Files\PokerStars\Gx\fonts\arb11.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\arb11.cp1252i.bmp
C:\Program Files\PokerStars\Gx\fonts\arb11.pff
C:\Program Files\PokerStars\Gx\fonts\arb11i.bmp
C:\Program Files\PokerStars\Gx\fonts\arb12.bmp
C:\Program Files\PokerStars\Gx\fonts\arb12.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\arb12.cp1250i.bmp
C:\Program Files\PokerStars\Gx\fonts\arb12.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\arb12.cp1252i.bmp
C:\Program Files\PokerStars\Gx\fonts\arb12.pff
C:\Program Files\PokerStars\Gx\fonts\arb12i.bmp
C:\Program Files\PokerStars\Gx\fonts\arb14.bmp
C:\Program Files\PokerStars\Gx\fonts\arb14.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\arb14.cp1250i.bmp
C:\Program Files\PokerStars\Gx\fonts\arb14.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\arb14.cp1252i.bmp
C:\Program Files\PokerStars\Gx\fonts\arb14.pff
C:\Program Files\PokerStars\Gx\fonts\arb14i.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu09.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu09.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu09.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu09.pff
C:\Program Files\PokerStars\Gx\fonts\arbu10.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu10.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu10.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu10.pff
C:\Program Files\PokerStars\Gx\fonts\arbu12.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu12.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu12.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu12.pff
C:\Program Files\PokerStars\Gx\fonts\arbu12i.bmp
C:\Program Files\PokerStars\Gx\fonts\aru08.bmp
C:\Program Files\PokerStars\Gx\fonts\aru08.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\aru08.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\aru08.pff
C:\Program Files\PokerStars\Gx\fonts\aru09.bmp
C:\Program Files\PokerStars\Gx\fonts\aru09.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\aru09.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\aru09.pff
C:\Program Files\PokerStars\Gx\fonts\aru10.bmp
C:\Program Files\PokerStars\Gx\fonts\aru10.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\aru10.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\aru10.pff
C:\Program Files\PokerStars\Gx\fonts\gmb075.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb075.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb075.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb075.pff
C:\Program Files\PokerStars\Gx\fonts\gmb08.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb08.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb08.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb08.pff
C:\Program Files\PokerStars\Gx\fonts\gmb09.bmp
C:\Progr
voici le deuxiéme:
ComboFix 07-11-19.3 - HP_Propriétaire 2007-11-25 15:24:48.6 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.68 [GMT 1:00]
Running from: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-10-25 to 2007-11-25 ))))))))))))))))))))))))))))))))))))
.
2007-11-24 14:19 <REP> d----c--- C:\VundoFix Backups
2007-11-24 14:01 <REP> d----c--- C:\Documents and Settings\HP_Propriétaire\Application Data\CasaPortale.de
2007-11-22 17:42 <REP> d-------- C:\Program Files\Real
2007-11-22 17:42 <REP> d-------- C:\Program Files\Fichiers communs\Real
2007-11-21 11:51 <REP> d-------- C:\Program Files\SAGEM
2007-11-20 23:09 <REP> d-------- C:\Program Files\SAGEM(2)
2007-11-20 22:56 <REP> d-------- C:\Program Files\Securitoo
2007-11-20 15:56 104,480 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-20 15:56 75,932 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-11-20 15:56 74,396 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-11-20 15:56 2,300 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-20 15:55 110,360 --a------ C:\WINDOWS\system32\drivers\kl1.sys
2007-11-20 15:55 58,727 --a------ C:\WINDOWS\system32\vsconfig.xml
2007-11-20 14:59 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2007-11-20 13:49 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-11-20 13:48 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2007-11-20 13:48 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2007-11-20 13:45 <REP> d-------- C:\WINDOWS\Internet Logs
2007-11-19 11:39 90,425 --a------ C:\WINDOWS\hpoins06.dat
2007-11-19 11:39 5,389 --------- C:\WINDOWS\hpomdl06.dat
2007-11-17 11:25 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-11-17 11:21 <REP> d----c--- C:\Documents and Settings\HP_Propriétaire\Application Data\Grisoft
2007-11-17 11:21 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-17 11:21 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-17 11:11 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-17 11:06 <REP> d-------- C:\Program Files\CCleaner
2007-11-16 23:22 <REP> d-------- C:\WINDOWS\ERUNT
2007-11-16 23:18 <REP> d----c--- C:\coucou
2007-11-16 19:08 <REP> d-------- C:\Program Files\Trend Micro
2007-11-15 22:57 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-02 19:02 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-11-02 13:39 <REP> d-a--c--- C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-02 09:42 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Logishrd
2007-10-28 18:49 <REP> d-------- C:\Program Files\Windows Live
2007-10-28 18:49 <REP> d-------- C:\Program Files\Messenger Plus! Live
2007-10-25 10:39 1,783,864 --a------ C:\WINDOWS\system32\WINPY.MB
2007-10-25 10:39 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2007-10-25 10:39 838,144 --a--c--- C:\WINDOWS\system32\dllcache\chtbrkr.dll
2007-10-25 10:39 211,938 --a------ C:\WINDOWS\system32\lcphrase.tbl
2007-10-25 10:39 83,748 --a------ C:\WINDOWS\system32\prcp.nls
2007-10-25 10:39 83,748 --a------ C:\WINDOWS\system32\prc.nls
2007-10-25 10:39 82,172 --a--c--- C:\WINDOWS\system32\dllcache\bopomofo.nls
2007-10-25 10:39 69,120 --a------ C:\WINDOWS\system32\WINGB.IME
2007-10-25 10:39 66,728 --a--c--- C:\WINDOWS\system32\dllcache\big5.nls
2007-10-25 10:39 43,242 --a------ C:\WINDOWS\system32\phoncode.tbl
2007-10-25 10:39 19,456 --a--c--- C:\WINDOWS\system32\dllcache\agt0804.dll
2007-10-25 10:39 16,254 --a------ C:\WINDOWS\system32\PINTLPAE.HLP
2007-10-25 10:39 14,821 --a------ C:\WINDOWS\system32\PINTLPAD.HLP
2007-10-25 10:39 14,336 --a--c--- C:\WINDOWS\system32\dllcache\padrs412.dll
2007-10-25 10:39 4,071 --a------ C:\WINDOWS\system32\phon.tbl
2007-10-25 10:39 2,714 --a------ C:\WINDOWS\system32\phonptr.tbl
2007-10-25 10:38 189,986 --a------ C:\WINDOWS\system32\c_1361.nls
2007-10-25 10:38 143,422 --a--c--- C:\WINDOWS\system32\dllcache\softkey.dll
2007-10-25 10:38 59,904 --a--c--- C:\WINDOWS\system32\dllcache\imkrinst.exe
2007-10-25 10:38 36,927 --a--c--- C:\WINDOWS\system32\dllcache\padrs411.dll
2007-10-25 10:38 19,456 --a--c--- C:\WINDOWS\system32\dllcache\agt0412.dll
2007-10-25 10:38 19,456 --a--c--- C:\WINDOWS\system32\dllcache\agt0411.dll
2007-10-25 10:38 7,168 --a--c--- C:\WINDOWS\system32\dllcache\f3ahvoas.dll
2007-10-25 10:38 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll
2007-10-25 10:38 6,144 --a------ C:\WINDOWS\system32\kbd106n.dll
2007-10-25 10:37 811,064 --a--c--- C:\WINDOWS\system32\dllcache\imjp81k.dll
2007-10-25 10:37 482,304 --a------ C:\WINDOWS\system32\PINTLGNT.IME
2007-10-25 10:37 340,023 --a--c--- C:\WINDOWS\system32\dllcache\imjp81.ime
2007-10-25 10:37 177,698 --a------ C:\WINDOWS\system32\c_20949.nls
2007-10-25 10:37 156,672 --a------ C:\WINDOWS\system32\WINSP.IME
2007-10-25 10:37 156,672 --a------ C:\WINDOWS\system32\WINPY.IME
2007-10-25 10:37 102,456 --a--c--- C:\WINDOWS\system32\dllcache\imlang.dll
2007-10-25 10:37 79,360 --a------ C:\WINDOWS\system32\winar30.ime
2007-10-25 10:37 79,360 --a------ C:\WINDOWS\system32\phon.ime
2007-10-25 10:37 78,848 --a------ C:\WINDOWS\system32\dayi.ime
2007-10-25 10:37 78,336 --a--c--- C:\WINDOWS\system32\dllcache\chajei.ime
2007-10-25 10:37 65,536 --a------ C:\WINDOWS\system32\winime.ime
2007-10-25 10:37 59,392 --a--c--- C:\WINDOWS\system32\dllcache\imscinst.exe
2007-10-25 10:37 21,504 --a------ C:\WINDOWS\system32\CINTLGNT.IME
2007-10-25 10:37 15,872 --a--c--- C:\WINDOWS\system32\dllcache\padrs404.dll
2007-10-25 10:37 8,704 --a--c--- C:\WINDOWS\system32\dllcache\kbdjpn.dll
2007-10-25 10:37 8,192 --a--c--- C:\WINDOWS\system32\dllcache\kbdkor.dll
2007-10-25 10:37 6,656 --a------ C:\WINDOWS\system32\c_is2022.dll
2007-10-25 10:37 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-10-25 10:37 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-10-25 10:37 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-10-25 10:37 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-10-25 10:26 53,248 --a------ C:\WINDOWS\bdoscandel.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-25 14:15 --------- d-----w C:\Program Files\Wanadoo
2007-11-25 13:27 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-24 15:57 32,216 -c--a-w C:\Documents and Settings\HP_Propriétaire\Application Data\wklnhst.dat
2007-11-16 17:05 5,304 ----a-w C:\WINDOWS\system32\tmp.reg
2007-11-15 14:24 --------- d-----w C:\Program Files\eMule
2007-11-11 09:41 72,288 -c--a-w C:\Documents and Settings\HP_Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
2007-11-05 22:22 --------- d-----w C:\Program Files\Easy Internet signup
2007-11-02 08:51 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2007-11-02 08:48 --------- d-----w C:\Program Files\Fichiers communs\LogiShrd
2007-11-02 08:40 --------- d-----w C:\Program Files\Logitech
2007-10-28 17:49 --------- d-----w C:\Program Files\MSN Messenger
2007-10-26 15:50 --------- d-----w C:\Program Files\Picasa2
2007-10-19 12:16 2,109,976 ----a-w C:\WINDOWS\system32\drivers\Lvckap.sys
2007-10-17 12:55 --------- dc----w C:\Documents and Settings\HP_Propriétaire\Application Data\Shareaza
2007-10-17 12:55 --------- d-----w C:\Program Files\Shareaza
2007-10-11 19:44 --------- d-----w C:\Program Files\LimeWire
2007-10-11 17:59 25,624 ----a-w C:\WINDOWS\system32\drivers\LVPr2Mon.sys
2007-10-11 17:59 2,142,488 ----a-w C:\WINDOWS\system32\drivers\LVMVdrv.sys
2007-10-04 17:17 --------- dc----w C:\Documents and Settings\All Users\Application Data\MGS
2007-09-28 21:32 --------- d-----w C:\Program Files\InterActual
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 10:00 95,608 -c--a-w C:\WINDOWS\system32\AVASTSS.scr
2006-05-26 12:20 13,012 -c--a-w C:\Documents and Settings\HP_Propriétaire\Bubblets.dat
2006-05-26 12:20 13,012 -c--a-w C:\Documents and Settings\HP_Propriétaire\Bubblets.dat
2005-05-11 21:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
1995-09-20 14:16 456,976 -c--a-w C:\Program Files\Fichiers communs\dao3032.dll
2005-07-05 11:32 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
.
((((((((((((((((((((((((((((( snapshot@2007-11-24_10.06.06.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-25 14:11:21 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_530.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\Program Files\Wanadoo\Shell.exe" [2004-08-23 14:50]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 11:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-19 18:27]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" []
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 22:55]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 18:53]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 18:43]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 13:03]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-06-16 13:03]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 20:43]
"VTTimer"="VTTimer.exe" []
"SiSPower"="Rundll32.exe" [2004-08-05 11:00 C:\WINDOWS\system32\rundll32.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 17:06 C:\WINDOWS\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-07-29 00:40 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-09 20:10]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-29 01:34 C:\WINDOWS\ALCWZRD.EXE]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 21:54]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2003-12-18 00:31]
"EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 04:00]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 16:24]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-29 10:08]
"EPSON Stylus CX3600 Series (Copie 2)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 04:00]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12]
"AutoTBar"="c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE" []
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 15:44]
"Volume Shadow Configuration"="vbmsvc.exe" []
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" []
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-11 23:49:24]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S2 LicCtrlService;LicCtrl Service;rundll32.exe C:\WINDOWS\mmfs.dll,Service
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 v800bus;Sony Ericsson V800-Vodafone 802SE driver (WDM);C:\WINDOWS\system32\DRIVERS\v800bus.sys
S3 v800mdfl;Sony Ericsson V800-Vodafone 802SE USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\v800mdfl.sys
S3 v800mdm;Sony Ericsson V800-Vodafone 802SE USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\v800mdm.sys
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-11-25 13:31:02 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-25 15:28:17
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-25 15:30:21
C:\ComboFix2.txt ... 2007-11-25 15:17
C:\ComboFix3.txt ... 2007-11-24 16:49
.
--- E O F ---
ComboFix 07-11-19.3 - HP_Propriétaire 2007-11-25 15:24:48.6 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.68 [GMT 1:00]
Running from: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-10-25 to 2007-11-25 ))))))))))))))))))))))))))))))))))))
.
2007-11-24 14:19 <REP> d----c--- C:\VundoFix Backups
2007-11-24 14:01 <REP> d----c--- C:\Documents and Settings\HP_Propriétaire\Application Data\CasaPortale.de
2007-11-22 17:42 <REP> d-------- C:\Program Files\Real
2007-11-22 17:42 <REP> d-------- C:\Program Files\Fichiers communs\Real
2007-11-21 11:51 <REP> d-------- C:\Program Files\SAGEM
2007-11-20 23:09 <REP> d-------- C:\Program Files\SAGEM(2)
2007-11-20 22:56 <REP> d-------- C:\Program Files\Securitoo
2007-11-20 15:56 104,480 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-20 15:56 75,932 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-11-20 15:56 74,396 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-11-20 15:56 2,300 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-20 15:55 110,360 --a------ C:\WINDOWS\system32\drivers\kl1.sys
2007-11-20 15:55 58,727 --a------ C:\WINDOWS\system32\vsconfig.xml
2007-11-20 14:59 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2007-11-20 13:49 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-11-20 13:48 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2007-11-20 13:48 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2007-11-20 13:45 <REP> d-------- C:\WINDOWS\Internet Logs
2007-11-19 11:39 90,425 --a------ C:\WINDOWS\hpoins06.dat
2007-11-19 11:39 5,389 --------- C:\WINDOWS\hpomdl06.dat
2007-11-17 11:25 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-11-17 11:21 <REP> d----c--- C:\Documents and Settings\HP_Propriétaire\Application Data\Grisoft
2007-11-17 11:21 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-17 11:21 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-17 11:11 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-17 11:06 <REP> d-------- C:\Program Files\CCleaner
2007-11-16 23:22 <REP> d-------- C:\WINDOWS\ERUNT
2007-11-16 23:18 <REP> d----c--- C:\coucou
2007-11-16 19:08 <REP> d-------- C:\Program Files\Trend Micro
2007-11-15 22:57 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-02 19:02 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-11-02 13:39 <REP> d-a--c--- C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-02 09:42 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Logishrd
2007-10-28 18:49 <REP> d-------- C:\Program Files\Windows Live
2007-10-28 18:49 <REP> d-------- C:\Program Files\Messenger Plus! Live
2007-10-25 10:39 1,783,864 --a------ C:\WINDOWS\system32\WINPY.MB
2007-10-25 10:39 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2007-10-25 10:39 838,144 --a--c--- C:\WINDOWS\system32\dllcache\chtbrkr.dll
2007-10-25 10:39 211,938 --a------ C:\WINDOWS\system32\lcphrase.tbl
2007-10-25 10:39 83,748 --a------ C:\WINDOWS\system32\prcp.nls
2007-10-25 10:39 83,748 --a------ C:\WINDOWS\system32\prc.nls
2007-10-25 10:39 82,172 --a--c--- C:\WINDOWS\system32\dllcache\bopomofo.nls
2007-10-25 10:39 69,120 --a------ C:\WINDOWS\system32\WINGB.IME
2007-10-25 10:39 66,728 --a--c--- C:\WINDOWS\system32\dllcache\big5.nls
2007-10-25 10:39 43,242 --a------ C:\WINDOWS\system32\phoncode.tbl
2007-10-25 10:39 19,456 --a--c--- C:\WINDOWS\system32\dllcache\agt0804.dll
2007-10-25 10:39 16,254 --a------ C:\WINDOWS\system32\PINTLPAE.HLP
2007-10-25 10:39 14,821 --a------ C:\WINDOWS\system32\PINTLPAD.HLP
2007-10-25 10:39 14,336 --a--c--- C:\WINDOWS\system32\dllcache\padrs412.dll
2007-10-25 10:39 4,071 --a------ C:\WINDOWS\system32\phon.tbl
2007-10-25 10:39 2,714 --a------ C:\WINDOWS\system32\phonptr.tbl
2007-10-25 10:38 189,986 --a------ C:\WINDOWS\system32\c_1361.nls
2007-10-25 10:38 143,422 --a--c--- C:\WINDOWS\system32\dllcache\softkey.dll
2007-10-25 10:38 59,904 --a--c--- C:\WINDOWS\system32\dllcache\imkrinst.exe
2007-10-25 10:38 36,927 --a--c--- C:\WINDOWS\system32\dllcache\padrs411.dll
2007-10-25 10:38 19,456 --a--c--- C:\WINDOWS\system32\dllcache\agt0412.dll
2007-10-25 10:38 19,456 --a--c--- C:\WINDOWS\system32\dllcache\agt0411.dll
2007-10-25 10:38 7,168 --a--c--- C:\WINDOWS\system32\dllcache\f3ahvoas.dll
2007-10-25 10:38 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll
2007-10-25 10:38 6,144 --a------ C:\WINDOWS\system32\kbd106n.dll
2007-10-25 10:37 811,064 --a--c--- C:\WINDOWS\system32\dllcache\imjp81k.dll
2007-10-25 10:37 482,304 --a------ C:\WINDOWS\system32\PINTLGNT.IME
2007-10-25 10:37 340,023 --a--c--- C:\WINDOWS\system32\dllcache\imjp81.ime
2007-10-25 10:37 177,698 --a------ C:\WINDOWS\system32\c_20949.nls
2007-10-25 10:37 156,672 --a------ C:\WINDOWS\system32\WINSP.IME
2007-10-25 10:37 156,672 --a------ C:\WINDOWS\system32\WINPY.IME
2007-10-25 10:37 102,456 --a--c--- C:\WINDOWS\system32\dllcache\imlang.dll
2007-10-25 10:37 79,360 --a------ C:\WINDOWS\system32\winar30.ime
2007-10-25 10:37 79,360 --a------ C:\WINDOWS\system32\phon.ime
2007-10-25 10:37 78,848 --a------ C:\WINDOWS\system32\dayi.ime
2007-10-25 10:37 78,336 --a--c--- C:\WINDOWS\system32\dllcache\chajei.ime
2007-10-25 10:37 65,536 --a------ C:\WINDOWS\system32\winime.ime
2007-10-25 10:37 59,392 --a--c--- C:\WINDOWS\system32\dllcache\imscinst.exe
2007-10-25 10:37 21,504 --a------ C:\WINDOWS\system32\CINTLGNT.IME
2007-10-25 10:37 15,872 --a--c--- C:\WINDOWS\system32\dllcache\padrs404.dll
2007-10-25 10:37 8,704 --a--c--- C:\WINDOWS\system32\dllcache\kbdjpn.dll
2007-10-25 10:37 8,192 --a--c--- C:\WINDOWS\system32\dllcache\kbdkor.dll
2007-10-25 10:37 6,656 --a------ C:\WINDOWS\system32\c_is2022.dll
2007-10-25 10:37 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-10-25 10:37 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-10-25 10:37 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-10-25 10:37 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-10-25 10:26 53,248 --a------ C:\WINDOWS\bdoscandel.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-25 14:15 --------- d-----w C:\Program Files\Wanadoo
2007-11-25 13:27 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-24 15:57 32,216 -c--a-w C:\Documents and Settings\HP_Propriétaire\Application Data\wklnhst.dat
2007-11-16 17:05 5,304 ----a-w C:\WINDOWS\system32\tmp.reg
2007-11-15 14:24 --------- d-----w C:\Program Files\eMule
2007-11-11 09:41 72,288 -c--a-w C:\Documents and Settings\HP_Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
2007-11-05 22:22 --------- d-----w C:\Program Files\Easy Internet signup
2007-11-02 08:51 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2007-11-02 08:48 --------- d-----w C:\Program Files\Fichiers communs\LogiShrd
2007-11-02 08:40 --------- d-----w C:\Program Files\Logitech
2007-10-28 17:49 --------- d-----w C:\Program Files\MSN Messenger
2007-10-26 15:50 --------- d-----w C:\Program Files\Picasa2
2007-10-19 12:16 2,109,976 ----a-w C:\WINDOWS\system32\drivers\Lvckap.sys
2007-10-17 12:55 --------- dc----w C:\Documents and Settings\HP_Propriétaire\Application Data\Shareaza
2007-10-17 12:55 --------- d-----w C:\Program Files\Shareaza
2007-10-11 19:44 --------- d-----w C:\Program Files\LimeWire
2007-10-11 17:59 25,624 ----a-w C:\WINDOWS\system32\drivers\LVPr2Mon.sys
2007-10-11 17:59 2,142,488 ----a-w C:\WINDOWS\system32\drivers\LVMVdrv.sys
2007-10-04 17:17 --------- dc----w C:\Documents and Settings\All Users\Application Data\MGS
2007-09-28 21:32 --------- d-----w C:\Program Files\InterActual
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 10:00 95,608 -c--a-w C:\WINDOWS\system32\AVASTSS.scr
2006-05-26 12:20 13,012 -c--a-w C:\Documents and Settings\HP_Propriétaire\Bubblets.dat
2006-05-26 12:20 13,012 -c--a-w C:\Documents and Settings\HP_Propriétaire\Bubblets.dat
2005-05-11 21:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
1995-09-20 14:16 456,976 -c--a-w C:\Program Files\Fichiers communs\dao3032.dll
2005-07-05 11:32 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
.
((((((((((((((((((((((((((((( snapshot@2007-11-24_10.06.06.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-25 14:11:21 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_530.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\Program Files\Wanadoo\Shell.exe" [2004-08-23 14:50]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 11:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-19 18:27]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" []
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 22:55]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 18:53]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 18:43]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 13:03]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-06-16 13:03]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 20:43]
"VTTimer"="VTTimer.exe" []
"SiSPower"="Rundll32.exe" [2004-08-05 11:00 C:\WINDOWS\system32\rundll32.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 17:06 C:\WINDOWS\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-07-29 00:40 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-09 20:10]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-29 01:34 C:\WINDOWS\ALCWZRD.EXE]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 21:54]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2003-12-18 00:31]
"EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 04:00]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 16:24]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-29 10:08]
"EPSON Stylus CX3600 Series (Copie 2)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 04:00]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12]
"AutoTBar"="c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE" []
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 15:44]
"Volume Shadow Configuration"="vbmsvc.exe" []
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" []
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-11 23:49:24]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S2 LicCtrlService;LicCtrl Service;rundll32.exe C:\WINDOWS\mmfs.dll,Service
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 v800bus;Sony Ericsson V800-Vodafone 802SE driver (WDM);C:\WINDOWS\system32\DRIVERS\v800bus.sys
S3 v800mdfl;Sony Ericsson V800-Vodafone 802SE USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\v800mdfl.sys
S3 v800mdm;Sony Ericsson V800-Vodafone 802SE USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\v800mdm.sys
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-11-25 13:31:02 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-25 15:28:17
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-25 15:30:21
C:\ComboFix2.txt ... 2007-11-25 15:17
C:\ComboFix3.txt ... 2007-11-24 16:49
.
--- E O F ---
Ok samos,
Merci
Lance cette commande directe, SVP; comme ceci: ==> Clic "démarrer" > "exécuter" > copier/coller ceci :
cmd /c del /a C:\WINDOWS\Tasks\HPpromotions journeysoftware.job
(toute la ligne en une traite) et valide par [entrée].
N'oublie pas ANTIVIR à la fin.
Bonne ap-midi
Al.
Merci
Lance cette commande directe, SVP; comme ceci: ==> Clic "démarrer" > "exécuter" > copier/coller ceci :
cmd /c del /a C:\WINDOWS\Tasks\HPpromotions journeysoftware.job
(toute la ligne en une traite) et valide par [entrée].
N'oublie pas ANTIVIR à la fin.
Bonne ap-midi
Al.
Pour Java, regarde pour poursuivre https://www.hiboox.com
Pour France Telecom..........
Fais ceci : Démarrer > Exécuter et taper Services.msc puis OK
Choisir le mode "Etendu" (onglets inférieurs)
Grâce à la barre de défilement (à droite) rechercher le service suivant:
France Telecom Routing Table Service (FTRTSVC)
Dans la colonne de gauche "Nom", double-clic gauche sur le service FTRTSVC pour faire apparaître "Propriétés".
- Vérifie dans "Chemin d'accès des fichiers exécutables" qu'il s'agit bien de l'emplacement ci-contre : C:\WINDOWS\System32\FTRTSVC.exe
- Sous l'onglet "Général" cliquer sur le bouton [Arrêter],
- Ensuite, dans le menu déroulant "Type de démarrage", sélectionne "Désactivé".
- Valide la modification par OK
- Ferme la fenêtre des Services.
Pour France Telecom..........
Fais ceci : Démarrer > Exécuter et taper Services.msc puis OK
Choisir le mode "Etendu" (onglets inférieurs)
Grâce à la barre de défilement (à droite) rechercher le service suivant:
France Telecom Routing Table Service (FTRTSVC)
Dans la colonne de gauche "Nom", double-clic gauche sur le service FTRTSVC pour faire apparaître "Propriétés".
- Vérifie dans "Chemin d'accès des fichiers exécutables" qu'il s'agit bien de l'emplacement ci-contre : C:\WINDOWS\System32\FTRTSVC.exe
- Sous l'onglet "Général" cliquer sur le bouton [Arrêter],
- Ensuite, dans le menu déroulant "Type de démarrage", sélectionne "Désactivé".
- Valide la modification par OK
- Ferme la fenêtre des Services.
voici le rapport de antivir:
AntiVir PersonalEdition Classic
Report file date: dimanche 25 novembre 2007 16:59
Scanning for 835736 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: HP_Propriétaire
Computer name: NOM-B0A1C0A3909
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 14:27:04
ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 14:27:13
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 17:43:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: F:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: dimanche 25 novembre 2007 16:59
Starting search for hidden objects.
The driver could not be initialized.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
14 processes with 14 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
Master boot sector HD1
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD2
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD3
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD4
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'G:\'
[NOTE] In the drive 'G:\' no data medium is inserted!
Boot sector 'H:\'
[NOTE] In the drive 'H:\' no data medium is inserted!
Boot sector 'I:\'
[NOTE] In the drive 'I:\' no data medium is inserted!
Boot sector 'J:\'
[NOTE] In the drive 'J:\' no data medium is inserted!
Starting to scan the registry.
The registry was scanned ( '52' files ).
Starting the file scan:
Begin scan in 'C:\' <HP_PAVILION>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Quarantine\{00003A92-3D52-C73E-B18F-B9F4020289B5}\DATA.cab
[0] Archive type: CAB (Microsoft)
--> RESOURCE1
[DETECTION] Contains detection pattern of the dropper DR/WinFixer.AB
[INFO] The file was moved to '479d9c54.qua'!
C:\Documents and Settings\HP_Propriétaire\Incomplete\T-2038763-04 Track 4.wma
[DETECTION] Is the Trojan horse TR/Wimad.A.Gen
[INFO] The file was moved to '477b9dbc.qua'!
C:\Program Files\eMule\Temp\2_PC -rec.tmp
[0] Archive type: ACE
--> TOMB RAIDER - LARA CROFT PACK\TOMB RAIDER - LARA CROFT PACK - 8 GAMES.img
[WARNING] An exception has been identified!
[WARNING] An exception has been identified!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <HP_RECOVERY>
Begin scan in 'G:\'
Search path G:\ could not be opened!
Le périphérique n'est pas prêt.
Begin scan in 'H:\'
Search path H:\ could not be opened!
Le périphérique n'est pas prêt.
Begin scan in 'I:\'
Search path I:\ could not be opened!
Le périphérique n'est pas prêt.
Begin scan in 'J:\'
Search path J:\ could not be opened!
Le périphérique n'est pas prêt.
Begin scan in 'E:\'
Search path E:\ could not be opened!
Le périphérique n'est pas prêt.
Begin scan in 'F:\'
Search path F:\ could not be opened!
Le périphérique n'est pas prêt.
End of the scan: dimanche 25 novembre 2007 19:55
Used time: 2:56:26 min
The scan has been done completely.
7099 Scanning directories
398500 Files were scanned
2 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
398498 Files not concerned
15249 Archives were scanned
5 Warnings
0 Notes
par contre il a tourner pendant pratiquement 3 heures c'est normal
je continu pour java ...merci
AntiVir PersonalEdition Classic
Report file date: dimanche 25 novembre 2007 16:59
Scanning for 835736 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: HP_Propriétaire
Computer name: NOM-B0A1C0A3909
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 14:27:04
ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 14:27:13
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 17:43:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: F:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: dimanche 25 novembre 2007 16:59
Starting search for hidden objects.
The driver could not be initialized.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
14 processes with 14 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
Master boot sector HD1
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD2
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD3
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD4
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'G:\'
[NOTE] In the drive 'G:\' no data medium is inserted!
Boot sector 'H:\'
[NOTE] In the drive 'H:\' no data medium is inserted!
Boot sector 'I:\'
[NOTE] In the drive 'I:\' no data medium is inserted!
Boot sector 'J:\'
[NOTE] In the drive 'J:\' no data medium is inserted!
Starting to scan the registry.
The registry was scanned ( '52' files ).
Starting the file scan:
Begin scan in 'C:\' <HP_PAVILION>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Quarantine\{00003A92-3D52-C73E-B18F-B9F4020289B5}\DATA.cab
[0] Archive type: CAB (Microsoft)
--> RESOURCE1
[DETECTION] Contains detection pattern of the dropper DR/WinFixer.AB
[INFO] The file was moved to '479d9c54.qua'!
C:\Documents and Settings\HP_Propriétaire\Incomplete\T-2038763-04 Track 4.wma
[DETECTION] Is the Trojan horse TR/Wimad.A.Gen
[INFO] The file was moved to '477b9dbc.qua'!
C:\Program Files\eMule\Temp\2_PC -rec.tmp
[0] Archive type: ACE
--> TOMB RAIDER - LARA CROFT PACK\TOMB RAIDER - LARA CROFT PACK - 8 GAMES.img
[WARNING] An exception has been identified!
[WARNING] An exception has been identified!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <HP_RECOVERY>
Begin scan in 'G:\'
Search path G:\ could not be opened!
Le périphérique n'est pas prêt.
Begin scan in 'H:\'
Search path H:\ could not be opened!
Le périphérique n'est pas prêt.
Begin scan in 'I:\'
Search path I:\ could not be opened!
Le périphérique n'est pas prêt.
Begin scan in 'J:\'
Search path J:\ could not be opened!
Le périphérique n'est pas prêt.
Begin scan in 'E:\'
Search path E:\ could not be opened!
Le périphérique n'est pas prêt.
Begin scan in 'F:\'
Search path F:\ could not be opened!
Le périphérique n'est pas prêt.
End of the scan: dimanche 25 novembre 2007 19:55
Used time: 2:56:26 min
The scan has been done completely.
7099 Scanning directories
398500 Files were scanned
2 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
398498 Files not concerned
15249 Archives were scanned
5 Warnings
0 Notes
par contre il a tourner pendant pratiquement 3 heures c'est normal
je continu pour java ...merci
je voit qu'il y a tomb raider je m'en fiche j'hallucine qu'il soit encore là je n'ai jamais réussi à jouer avec !!snif!!
alors si il peut partir définitivement pas de probléme
...et aussi j'ai vu peandant le scanner qu'il analysé "architecture 3d ,ça fait longtemps que je l'avait désinstallé ,alors que j'ai vu des fichiers défilés à moins que se soit un fichier qui porte le même nom et qu'il est indispensable à mon ordi?
je sais pas si tu as compris se "charabia"
pour france télecom c'est fait je fini de mettre en place "java
merci encore
alors si il peut partir définitivement pas de probléme
...et aussi j'ai vu peandant le scanner qu'il analysé "architecture 3d ,ça fait longtemps que je l'avait désinstallé ,alors que j'ai vu des fichiers défilés à moins que se soit un fichier qui porte le même nom et qu'il est indispensable à mon ordi?
je sais pas si tu as compris se "charabia"
pour france télecom c'est fait je fini de mettre en place "java
merci encore
je suis désolée ,je sais que j'abuse un peu mais j'ai aussi 2 petites choses à te demander:
1)
dans l'onglet "ajouter ou supprimer "j'ai retirée "java" il me reste:
*java(tm)6update2
*java(tm)6update3*
*java(tm)SE Development Kit6update 3
*java(tm)SE Runtime Environment 6 update 1
je suppose que tout c'est fichier font parti de la version que je viens de télecharger ou faut il que j'en supprime?
2)
mon chéri va être deçu car "pokerStars" est toujours en raccourci sur mon bureau mais apparement il faut l'ouvrir avec quelque chose
je pense qu'il a était désinstallé
avant il avait "everest pocker" mais on a chopé trop de virus
alors on a mis celui-ci mais ce n'est peut être pas mieux?
dois-je le retélecharger ou connais tu un autre jeu de pocker pour fiable?
si je t'embête de trop fait le moi savoir
merci d'avance
1)
dans l'onglet "ajouter ou supprimer "j'ai retirée "java" il me reste:
*java(tm)6update2
*java(tm)6update3*
*java(tm)SE Development Kit6update 3
*java(tm)SE Runtime Environment 6 update 1
je suppose que tout c'est fichier font parti de la version que je viens de télecharger ou faut il que j'en supprime?
2)
mon chéri va être deçu car "pokerStars" est toujours en raccourci sur mon bureau mais apparement il faut l'ouvrir avec quelque chose
je pense qu'il a était désinstallé
avant il avait "everest pocker" mais on a chopé trop de virus
alors on a mis celui-ci mais ce n'est peut être pas mieux?
dois-je le retélecharger ou connais tu un autre jeu de pocker pour fiable?
si je t'embête de trop fait le moi savoir
merci d'avance
Merci samos,
A)- Supprime ces deux-là:
java(tm)SE Runtime Environment 6 update 1
java(tm)6update2
B)- "PokerStars" est aussi contagieux; mais ton cher peut le re-télécharger et le passer à l'antivirus avant de l'installer .
En attendant, supprime l'actuel raccourci caduc qui est sur le bureau .
J'ai 65 piges, et je ne joue plus.
C)- Pour "architecture 3d", je ne sais pas .
D)- Pour "TOMB RAIDER" et pour "WinFixer" si tu les trouves, supprime .
Tu peux aussi lancer une recherche dans la Base de Regitres via "REGEDIT".
E)- Télécharge _OTMoveIt < [ http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe ] > sur le bureau.
1°-Clique sur Démarrer - Clic droit sur le Poste de Travail - Propriétés - Restauration du systéme - Cocher la case "Désactiver la restauration du système" et cliquer sur [Appliquer].
2°- Double-cliquer sur OTMoveIt.exe (qui est sur le bureau)pour le lancer.
3°- Copier/coller la liste ci-dessous ( en une seule passe ) qui contient le chemin exact des éléments infectieux à supprimer … :
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Quarantine\{00003A92-3D52-C73E-B18F-B9F4020289B5}\DATA.cab
C:\Program Files\eMule\Temp\2_PC -rec.tmp
C:\Documents and Settings\HP_Propriétaire\Incomplete\T-2038763-04 Track 4.wma
… dans le cadre de gauche de _OTMoveIt: " Paste List of Files/Folders to be moved ".
-clique sur MoveIt! pour lancer la suppression.
-le résultat apparaitra dans le cadre "Results".
-clique sur "Exit" pour fermer.
Il te sera peut-être demandé de redémarrer le pc pour achever la suppression.
Si c'est le cas accepte par Yes.
Si ce n'est pas le cas, redémarre quand même.
•- Poste le rapport qui se trouve en C:\_OTMoveIt\MovedFiles.
4°- Double-cliquer sur OTMoveIt.exe (qui est sur le bureau)pour le lancer.
- Clique sur CleanUp!(le programme va télécharger un fichier texte qui servira a nettoyer les programmes que l'on a téléchargé).
NOTE : Normalement, ton Firewall (parefeu) devrait te demander si _OTMoveIt peut accéder a Internet, Autorise-le.
- Une liste apparaît dans la partie gauche d' _OTMoveIt.
-- Un message apparaît pour confirmer le nettoyage. Confirme
•- Redémarre le PC
5°- •- Clique sur Démarrer - Clic droit sur le Poste de Travail - Propriétés - Restauration du système - Décocher la case "Désactiver la restauration du système" et cliquer sur [Appliquer].
F)- Dis-moi ensuite comment se comporte le PC.
G)- Termine avec ceci SVP:
Fais un scan en ligne avec Kaspersky < https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr >
Le scan ne marche que sous Internet Explorer.
Sous < https://www.informatruc.com >, on t'explique la marche à suivre .
Clic sur l'image « Kaspersky Online Scanner »
Puis sur "démarrer scan online " en bas à droite de la page.
< http://pictures.kaspersky.fr/bouton-scann1.jpg >
Clic sur « J'accepte » ( ou I agree )
On va te demander de télécharger un contrôle active x, accepte .
( on va peut-être demander installer ==> clic sur "installer" )
Tu attends que la mise à jour se termine ( patienter ), une fois terminé, clic sur « Suivant »
Clic sur « Paramètres d'analyse »
Coche la case « Étendue » >> Ok
Dans le menu « Choisissez la cible de l'analyse »
Clic sur "Poste de travail" pour faire un scan complet ( si tu as un disque amovible/externe, branche-le )
Une fois le scan fini à 100%, clic sur "Enregistrer rapport sous..."
Enregistrer le rapport au format .txt (en nom tu mets «KAS» , et en « Type » tu choisis « fichier texte » (*.txt), puis [Enregistrer]
Tu ouvres le fichier que tu viens de sauvegarder,
Copier/coller le rapport généré, et poste-le
AIDE :
-Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", vas dans Ajout/Suppression de programmes et désinstalle On-Line Scanner, reconnecte-toi sur le site de Kaspersky pour retenter le scan en ligne.
-Si il y a un problème, assure-toi que les contrôles active x sont bien configurés dans les options internet comme il est décrit sur ce lien=> http://www.inoculer.com/activex.php3
NOTES :
- En cas de problème vérifier ces quelques points < https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId898809 >
- Ton antivirus résident pourrait empêcher ou perturber le déroulement du scan. Kaspersky conseille de le désactiver avant de lancer le scan. (pour la durée du scan uniquement)
- En cas de problème tu trouveras une démonstration animée sur le lien donné ou si besoin un tutoriel < https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId291566 >
Ça peut durer plus d’1 heure.
Patienter
Je crois que c'est terminé.
Merci
Bonne soirée
Al.
EDIT: Fais analyser ce fichier chez VirusTotal C:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
à cette adresse < https://www.virustotal.com/gui/ > Merci
A)- Supprime ces deux-là:
java(tm)SE Runtime Environment 6 update 1
java(tm)6update2
B)- "PokerStars" est aussi contagieux; mais ton cher peut le re-télécharger et le passer à l'antivirus avant de l'installer .
En attendant, supprime l'actuel raccourci caduc qui est sur le bureau .
J'ai 65 piges, et je ne joue plus.
C)- Pour "architecture 3d", je ne sais pas .
D)- Pour "TOMB RAIDER" et pour "WinFixer" si tu les trouves, supprime .
Tu peux aussi lancer une recherche dans la Base de Regitres via "REGEDIT".
E)- Télécharge _OTMoveIt < [ http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe ] > sur le bureau.
1°-Clique sur Démarrer - Clic droit sur le Poste de Travail - Propriétés - Restauration du systéme - Cocher la case "Désactiver la restauration du système" et cliquer sur [Appliquer].
2°- Double-cliquer sur OTMoveIt.exe (qui est sur le bureau)pour le lancer.
3°- Copier/coller la liste ci-dessous ( en une seule passe ) qui contient le chemin exact des éléments infectieux à supprimer … :
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Quarantine\{00003A92-3D52-C73E-B18F-B9F4020289B5}\DATA.cab
C:\Program Files\eMule\Temp\2_PC -rec.tmp
C:\Documents and Settings\HP_Propriétaire\Incomplete\T-2038763-04 Track 4.wma
… dans le cadre de gauche de _OTMoveIt: " Paste List of Files/Folders to be moved ".
-clique sur MoveIt! pour lancer la suppression.
-le résultat apparaitra dans le cadre "Results".
-clique sur "Exit" pour fermer.
Il te sera peut-être demandé de redémarrer le pc pour achever la suppression.
Si c'est le cas accepte par Yes.
Si ce n'est pas le cas, redémarre quand même.
•- Poste le rapport qui se trouve en C:\_OTMoveIt\MovedFiles.
4°- Double-cliquer sur OTMoveIt.exe (qui est sur le bureau)pour le lancer.
- Clique sur CleanUp!(le programme va télécharger un fichier texte qui servira a nettoyer les programmes que l'on a téléchargé).
NOTE : Normalement, ton Firewall (parefeu) devrait te demander si _OTMoveIt peut accéder a Internet, Autorise-le.
- Une liste apparaît dans la partie gauche d' _OTMoveIt.
-- Un message apparaît pour confirmer le nettoyage. Confirme
•- Redémarre le PC
5°- •- Clique sur Démarrer - Clic droit sur le Poste de Travail - Propriétés - Restauration du système - Décocher la case "Désactiver la restauration du système" et cliquer sur [Appliquer].
F)- Dis-moi ensuite comment se comporte le PC.
G)- Termine avec ceci SVP:
Fais un scan en ligne avec Kaspersky < https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr >
Le scan ne marche que sous Internet Explorer.
Sous < https://www.informatruc.com >, on t'explique la marche à suivre .
Clic sur l'image « Kaspersky Online Scanner »
Puis sur "démarrer scan online " en bas à droite de la page.
< http://pictures.kaspersky.fr/bouton-scann1.jpg >
Clic sur « J'accepte » ( ou I agree )
On va te demander de télécharger un contrôle active x, accepte .
( on va peut-être demander installer ==> clic sur "installer" )
Tu attends que la mise à jour se termine ( patienter ), une fois terminé, clic sur « Suivant »
Clic sur « Paramètres d'analyse »
Coche la case « Étendue » >> Ok
Dans le menu « Choisissez la cible de l'analyse »
Clic sur "Poste de travail" pour faire un scan complet ( si tu as un disque amovible/externe, branche-le )
Une fois le scan fini à 100%, clic sur "Enregistrer rapport sous..."
Enregistrer le rapport au format .txt (en nom tu mets «KAS» , et en « Type » tu choisis « fichier texte » (*.txt), puis [Enregistrer]
Tu ouvres le fichier que tu viens de sauvegarder,
Copier/coller le rapport généré, et poste-le
AIDE :
-Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", vas dans Ajout/Suppression de programmes et désinstalle On-Line Scanner, reconnecte-toi sur le site de Kaspersky pour retenter le scan en ligne.
-Si il y a un problème, assure-toi que les contrôles active x sont bien configurés dans les options internet comme il est décrit sur ce lien=> http://www.inoculer.com/activex.php3
NOTES :
- En cas de problème vérifier ces quelques points < https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId898809 >
- Ton antivirus résident pourrait empêcher ou perturber le déroulement du scan. Kaspersky conseille de le désactiver avant de lancer le scan. (pour la durée du scan uniquement)
- En cas de problème tu trouveras une démonstration animée sur le lien donné ou si besoin un tutoriel < https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId291566 >
Ça peut durer plus d’1 heure.
Patienter
Je crois que c'est terminé.
Merci
Bonne soirée
Al.
EDIT: Fais analyser ce fichier chez VirusTotal C:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
à cette adresse < https://www.virustotal.com/gui/ > Merci
si tu est encore là voici le rapport:
éspérent que c'est ça?
File/Folder not found.
File/Folder C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Quarantine\{00003A92-3D52-C73E-B18F-B9F4020289B5}\DATA.cab not found.
C:\Program Files\eMule\Temp\2_PC -rec.tmp moved successfully.
File/Folder C:\Documents and Settings\HP_Propriétaire\Incomplete\T-2038763-04 Track 4.wma not found.
File/Folder not found.
Created on 11/25/2007 22:31:44
éspérent que c'est ça?
File/Folder not found.
File/Folder C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Quarantine\{00003A92-3D52-C73E-B18F-B9F4020289B5}\DATA.cab not found.
C:\Program Files\eMule\Temp\2_PC -rec.tmp moved successfully.
File/Folder C:\Documents and Settings\HP_Propriétaire\Incomplete\T-2038763-04 Track 4.wma not found.
File/Folder not found.
Created on 11/25/2007 22:31:44
Re,
Vide la quarantaine de ANTIVIR ==> elle devrait au moins contenir ceci '479d9c54.qua' et cela '477b9dbc.qua'.
N'oublie pas l'analyse chez VirusTotal (quand Kaspersky aura fini).
Bonne nuit
Al.
Vide la quarantaine de ANTIVIR ==> elle devrait au moins contenir ceci '479d9c54.qua' et cela '477b9dbc.qua'.
N'oublie pas l'analyse chez VirusTotal (quand Kaspersky aura fini).
Bonne nuit
Al.
VOICI LE RAPPORT /
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, November 26, 2007 1:23:08 AM
Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 25/11/2007
Enregistrements dans la base antivirus Kaspersky : 465574
-------------------------------------------------------------------------------
Paramètres d'analyse:
Analyser avec la base antivirus suivante: étendue
Analyser les archives: vrai
Analyser les bases de messagerie: vrai
Cible de l'analyse - Poste de travail:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
Statistiques de l'analyse:
Total d'objets analysés: 92162
Nombre de virus trouvés: 1
Nombre d'objets infectés: 2 / 0
Nombre d'objets suspects: 0
Durée de l'analyse: 02:07:21
Nom de l'objet infecté / Nom du virus / Dernière action
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Incomplete\Preview-T-4183160-03 Track 3.wma Infecté : Trojan-Downloader.WMA.Wimad.l ignoré
C:\Documents and Settings\HP_Propriétaire\Incomplete\T-4183160-03 Track 3.wma Infecté : Trojan-Downloader.WMA.Wimad.l ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Historique\History.IE5\MSHist012007112520071126\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\hpodvd09.log L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\~DF799A.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\ntuser.dat L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\temp\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\temp\Fichiers Internet temporaires\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\temp\History\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\00000002.ps1 L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\00000002.ps2 L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\cicat.fid L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\cicat.hsh L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\CiCL0001.000 L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\CiP10000.000 L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\CiP20000.000 L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\CiPT0000.000 L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\CiSL0001.000 L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\CiSP0000.000 L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\CiST0000.000 L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\CiVP0000.000 L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\INDEX.000 L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\propstor.bk1 L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\propstor.bk2 L'objet est verrouillé ignoré
C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP1\change.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\EventCache\{47B182F9-9DBB-4696-BD64-7D089A854080}.bin L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\spool\PRINTERS\00034.SPL L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
Analyse terminée.
a)
le fichier dans "virus total "n'y est pas,je suis sûr de moi!!
b)
Pour supprimer la quarantaine de antivir tu fait quoi?
tu cliques sur les objets et tu les mets dans le panier?
car quand je clic droit ,l'anglais c'est pas mon fort!!
"je pique du nez" alors direction dodo!!
à demain pour la suite
MERCI encore
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, November 26, 2007 1:23:08 AM
Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 25/11/2007
Enregistrements dans la base antivirus Kaspersky : 465574
-------------------------------------------------------------------------------
Paramètres d'analyse:
Analyser avec la base antivirus suivante: étendue
Analyser les archives: vrai
Analyser les bases de messagerie: vrai
Cible de l'analyse - Poste de travail:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
Statistiques de l'analyse:
Total d'objets analysés: 92162
Nombre de virus trouvés: 1
Nombre d'objets infectés: 2 / 0
Nombre d'objets suspects: 0
Durée de l'analyse: 02:07:21
Nom de l'objet infecté / Nom du virus / Dernière action
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Incomplete\Preview-T-4183160-03 Track 3.wma Infecté : Trojan-Downloader.WMA.Wimad.l ignoré
C:\Documents and Settings\HP_Propriétaire\Incomplete\T-4183160-03 Track 3.wma Infecté : Trojan-Downloader.WMA.Wimad.l ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Historique\History.IE5\MSHist012007112520071126\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\hpodvd09.log L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\~DF799A.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\ntuser.dat L'objet est verrouillé ignoré
C:\Documents and Settings\HP_Propriétaire\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\temp\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\temp\Fichiers Internet temporaires\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\temp\History\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\00000002.ps1 L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\00000002.ps2 L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\cicat.fid L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\cicat.hsh L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\CiCL0001.000 L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\CiP10000.000 L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\CiP20000.000 L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\CiPT0000.000 L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\CiSL0001.000 L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\CiSP0000.000 L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\CiST0000.000 L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\CiVP0000.000 L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\INDEX.000 L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\propstor.bk1 L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\propstor.bk2 L'objet est verrouillé ignoré
C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP1\change.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\EventCache\{47B182F9-9DBB-4696-BD64-7D089A854080}.bin L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\spool\PRINTERS\00034.SPL L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
Analyse terminée.
a)
le fichier dans "virus total "n'y est pas,je suis sûr de moi!!
b)
Pour supprimer la quarantaine de antivir tu fait quoi?
tu cliques sur les objets et tu les mets dans le panier?
car quand je clic droit ,l'anglais c'est pas mon fort!!
"je pique du nez" alors direction dodo!!
à demain pour la suite
MERCI encore
Bonjour samos,
Décidément, ce n'est pas évident.
A)- Dans le tuto ANTIVIR qui explique en français (livré au post # 103 §5°), je trouve ceci: http://www.astucesinternet.com/jseffects/img/blank.gif et le texte suivant qui en détaille les éléments.
Je lis que la poubelle de Antivir de dénomme QUARANTINE ; ce doit être un dossier que tu dois retrouver dans le répertoire , là où tu as installé le logiciel.
Je n'ai pas Antivir chez moi, désolé. ==> et depuis toujours, je me tape la tête au mur avec ces tutos incomplets !!
Quoique, ... dans le second tuto en français de Malekal_morte (livré au post # 103 §5°), je lis ceci au chapitre QUARANTAINE https://www.malekal.com/fichiers/antivir/antivir_quarantaine.png et le texte suivant qui en détaille les éléments :
« En sélectionnant le fichier en quarantaine, vous pouvez à partir des icônes :
-Rescanner le fichier
-Afficher les propriétés du fichier (voir plus bas).
-Restorer le fichier, l'icône de gauche restaure le fichier dans son emplacement originale, l'icône de droite restaure le fichier dans l'emplacement de votre choix.
-Ajouter un nouveau fichier dans la quarantaine, en allant le sélectionnant.
-Permet d'envoyer le fichier incriminé par mail.
-Supprimer définitivement le fichier. »
B)- ScanOnlineKaspersky a trouvé ceci:
C:\Documents and Settings\HP_Propriétaire\Incomplete\Preview-T-4183160-03 Track 3.wma Infecté : Trojan-Downloader.WMA.Wimad.l ignoré
C:\Documents and Settings\HP_Propriétaire\Incomplete\T-4183160-03 Track 3.wma Infecté : Trojan-Downloader.WMA.Wimad.l ignoré
Visiblement, il y des soucis avec cette HP.
Vas voir dans le dossier Incomplete ce qu'il contient; et supprime-y ces deux fichiers T-4183160-03 infectés.
Je ne connais pas ce dossier Incomplete (il est absent chez moi); je suis donc tenté de le faire supprimer (ça dépend de son contenu).
C)- # 118 C:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
Télécharger OAD (Outil d'Aide au Diagnostic)< http://sosvirus.changelog.fr/OAD.exe >
•-Enregistre-le sur ton bureau
•- Lancer « OAD.exe » en faisant un double-clic sur le fichier < http://sosvirus.changelog.fr/OAD/1.bmp >
•- Saisir la valeur recherchée ( = nom de fichier à rechercher ) : taper (ou faire un copier/coller de) : valeur à rechercher avec l’extension du fichier , soit AUTOTBAR.EXE
- Type de recherche : sélectionner l'option 6 puis valide [entrée]< http://sosvirus.changelog.fr/OAD/4.bmp >
•- OAD va maintenant rechercher le fichier.
Laisse-le travailler jusqu'à ce qu'il en ait terminé.
Suivant la taille des disques durs cette recherche peut prendre plusieurs minutes.
Patienter.
•- Le rapport de recherche s'affichera automatiquement dès qu'il en aura terminé.
•- Faire un copier/coller de ce rapport dans ton prochain post.
•-Note: Certains Antivirus (comme Panda) peuvent émettre une alerte lors du téléchargement / utilisation
Merci
Al.
Décidément, ce n'est pas évident.
A)- Dans le tuto ANTIVIR qui explique en français (livré au post # 103 §5°), je trouve ceci: http://www.astucesinternet.com/jseffects/img/blank.gif et le texte suivant qui en détaille les éléments.
Je lis que la poubelle de Antivir de dénomme QUARANTINE ; ce doit être un dossier que tu dois retrouver dans le répertoire , là où tu as installé le logiciel.
Je n'ai pas Antivir chez moi, désolé. ==> et depuis toujours, je me tape la tête au mur avec ces tutos incomplets !!
Quoique, ... dans le second tuto en français de Malekal_morte (livré au post # 103 §5°), je lis ceci au chapitre QUARANTAINE https://www.malekal.com/fichiers/antivir/antivir_quarantaine.png et le texte suivant qui en détaille les éléments :
« En sélectionnant le fichier en quarantaine, vous pouvez à partir des icônes :
-Rescanner le fichier
-Afficher les propriétés du fichier (voir plus bas).
-Restorer le fichier, l'icône de gauche restaure le fichier dans son emplacement originale, l'icône de droite restaure le fichier dans l'emplacement de votre choix.
-Ajouter un nouveau fichier dans la quarantaine, en allant le sélectionnant.
-Permet d'envoyer le fichier incriminé par mail.
-Supprimer définitivement le fichier. »
B)- ScanOnlineKaspersky a trouvé ceci:
C:\Documents and Settings\HP_Propriétaire\Incomplete\Preview-T-4183160-03 Track 3.wma Infecté : Trojan-Downloader.WMA.Wimad.l ignoré
C:\Documents and Settings\HP_Propriétaire\Incomplete\T-4183160-03 Track 3.wma Infecté : Trojan-Downloader.WMA.Wimad.l ignoré
Visiblement, il y des soucis avec cette HP.
Vas voir dans le dossier Incomplete ce qu'il contient; et supprime-y ces deux fichiers T-4183160-03 infectés.
Je ne connais pas ce dossier Incomplete (il est absent chez moi); je suis donc tenté de le faire supprimer (ça dépend de son contenu).
C)- # 118 C:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
Télécharger OAD (Outil d'Aide au Diagnostic)< http://sosvirus.changelog.fr/OAD.exe >
•-Enregistre-le sur ton bureau
•- Lancer « OAD.exe » en faisant un double-clic sur le fichier < http://sosvirus.changelog.fr/OAD/1.bmp >
•- Saisir la valeur recherchée ( = nom de fichier à rechercher ) : taper (ou faire un copier/coller de) : valeur à rechercher avec l’extension du fichier , soit AUTOTBAR.EXE
- Type de recherche : sélectionner l'option 6 puis valide [entrée]< http://sosvirus.changelog.fr/OAD/4.bmp >
•- OAD va maintenant rechercher le fichier.
Laisse-le travailler jusqu'à ce qu'il en ait terminé.
Suivant la taille des disques durs cette recherche peut prendre plusieurs minutes.
Patienter.
•- Le rapport de recherche s'affichera automatiquement dès qu'il en aura terminé.
•- Faire un copier/coller de ce rapport dans ton prochain post.
•-Note: Certains Antivirus (comme Panda) peuvent émettre une alerte lors du téléchargement / utilisation
Merci
Al.
AntiVir PersonalEdition Classic
Report file date: lundi 26 novembre 2007 12:43
Scanning for 835736 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: HP_Propriétaire
Computer name: NOM-B0A1C0A3909
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 14:27:04
ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 14:27:13
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 17:43:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: ShlExt
Configuration file...............: C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\2dc2b83d.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: off
Scan registry....................: off
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: lundi 26 novembre 2007 12:43
Starting the file scan:
Begin scan in 'C:\Documents and Settings\HP_Propriétaire\Incomplete'
salut
j'ai scanné manuellement INCOMPLeTE voilà le scan
dedans c'est des télechargement que ma petite soeur à fait de "lorie" avec lime wire ha la coquine!!
End of the scan: lundi 26 novembre 2007 12:43
Used time: 00:14 min
The scan has been done completely.
1 Scanning directories
42 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
0 Files cannot be scanned
42 Files not concerned
0 Archives were scanned
0 Warnings
0 Notes
pour le supprimer je peut le faire direct par là il ne va pas me rester quelque chose?
Report file date: lundi 26 novembre 2007 12:43
Scanning for 835736 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: HP_Propriétaire
Computer name: NOM-B0A1C0A3909
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 14:27:04
ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 14:27:13
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 17:43:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: ShlExt
Configuration file...............: C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\2dc2b83d.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: off
Scan registry....................: off
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: lundi 26 novembre 2007 12:43
Starting the file scan:
Begin scan in 'C:\Documents and Settings\HP_Propriétaire\Incomplete'
salut
j'ai scanné manuellement INCOMPLeTE voilà le scan
dedans c'est des télechargement que ma petite soeur à fait de "lorie" avec lime wire ha la coquine!!
End of the scan: lundi 26 novembre 2007 12:43
Used time: 00:14 min
The scan has been done completely.
1 Scanning directories
42 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
0 Files cannot be scanned
42 Files not concerned
0 Archives were scanned
0 Warnings
0 Notes
pour le supprimer je peut le faire direct par là il ne va pas me rester quelque chose?
et voici pour AUTOTBAR.EXE
... 26/11/2007 ---- 12:44:18,00
----------------------------------
§§§§§§ [AUTOTBAR.EXE ] §§§§§§
----------------------------------
[X] Registre
-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete
********************
[Registre]
********************
Aucune entrée détectée
*******************
[Fichier]
*******************
*********************
[Même date]
*********************
Aucun fichier créé à la même date détecté
Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------
... 26/11/2007 ---- 12:44:18,00
----------------------------------
§§§§§§ [AUTOTBAR.EXE ] §§§§§§
----------------------------------
[X] Registre
-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete
********************
[Registre]
********************
Aucune entrée détectée
*******************
[Fichier]
*******************
*********************
[Même date]
*********************
Aucun fichier créé à la même date détecté
Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------
lorsque que nous aurons términé pourras-tu me dire si je garde ou je supprime:
****antivir (je suppose fortement que non!!)
****spybot
****ccleaner
****ad-aware
****avg anti-spaywre
..et lorsque je l'ai fait tourner je peut les lancer en même temps ou il ne vaut mieux ?
..et derniére chose ,j'ai compris qu'il vallait mieux que je les fasses tourner en mode sans echec,aprés ça est-il necéssaire de le faire en mode normal
ouf!!!je sais je sui un peu embêtente!!!
merci d'avance de ta "patience"
****antivir (je suppose fortement que non!!)
****spybot
****ccleaner
****ad-aware
****avg anti-spaywre
..et lorsque je l'ai fait tourner je peut les lancer en même temps ou il ne vaut mieux ?
..et derniére chose ,j'ai compris qu'il vallait mieux que je les fasses tourner en mode sans echec,aprés ça est-il necéssaire de le faire en mode normal
ouf!!!je sais je sui un peu embêtente!!!
merci d'avance de ta "patience"
Re,
A)- Réponses:
Oui, il est recommandé de lancer les outils de désinfections (analyse ou fix) en Mode sans Echec (MSE).
Ce n'est pas toujours possible ==> dans ce cas, une fois le logiciel téléchargé, il faut se déconnecter du Net lors de son installation.
Ou aussi, les utiliser en "Mode sans Echec avec prise en charge de réseau" (toujours via F8 ou F5).
Garde:
•- AVG-Antispyware ==> mais le bouclier résident n'est plus en service après 29 jours ( heureusement, parce qu'il ralenti sensiblement le déparrage PC)
•- CCleaner ==> lancer tous les jours le nettoyeur, et 1x/mois le correcteur des erreurs registres.
•- Antivir ==> très important (relire les tutos).
•- Kerio ==> pare-feu qui analyse les fichiers sortants de ton PC (ce que ne fait pas le pare-feu interne de Windows) .
Je n'ai ni Spybot S&D, ni Ad-Aware ==> AVG-Antispyware suffit; tu l'utilises chaque fois avant d'installer un nouveau logiciel téléchargé.
•- Comment protéger efficacement son PC ?
http://mickael.barroux.free.fr/securite/protection.php
https://forums.studyrama.com/topic/2748-entretenir-et-prot%C3%A9ger-son-pc/
•- Phénomène de sur-multiplication des logiciels de protection < http://forum.malekal.com/ftopic4650.php >
•- Sécuriser son ordinateur et connaitre les menaces < https://www.malekal.com/proteger-pc-virus-pirates/ >.
B)- Je voudrais que tu termines ce topic avec cette vérification, SVP.
•- Désactive ta restauration système
(Clic sur « Démarrer »
Clic droit sur « Poste de travail », puis sur « Propriétés »,
Vas sur l’onglet « Restauration système »
Tu y coches la case « Désactiver la restauration »
Termine par [Appliquer] [OK])
•- Ouvre Internet explorer --> Outils --> Options Internet --> onglet "sécurité" --> Valide "niveau par défaut".
•- Toujours sur Internet explorer --> Outils --> Options Internet --> onglet "avancé" --> valide "Paramètres par défaut".
•- Créer un nouveau dossier sur ton Bureau (Clic-droit > Nouveau > Dossier - nomme-le "Virut"- )
•- Pour effectuer le Scan, désactive ton antivirus et les logiciels de protections ;
•- Arrête, puis redémarre via F8 en « Mode sans Échec avec prise en charge de réseau ».
• Télécharger ces 2 fichiers dans ce dossier "Virut", et pas ailleurs:
< http://download.grisoft.cz/filedir/util/avg_rem_sup.dir/rmvirut/ >
C'est-à-dire:
< http://free.grisoft.com/filedir/util/avg_rem_sup.dir/rmvirut/rmvirut.exe >
< http://free.grisoft.com/filedir/util/avg_rem_sup.dir/rmvirut/rmvirut.nt >
• Exécute rmvirut.exe, et laisse-le faire.
Poste le rapport sur un forum d'entraide si tu le peux, sinon tu feras:
• File > Save log > Enregistre le sur le Bureau, pour mieux le retrouver (Il se nommera VirusRemover.log ).
•- Arrête puis redémarre le PC normalement.
•- Ensuite réactive ta restauration système
(Clic droit sur « Poste de travail », puis sur « Propriétés »,
Vas sur l’onglet « Restauration système »
Tu décoches la case « Désactiver la restauration »
Termine par [Appliquer] [OK])
•- Poste le rapport SVP
Merci
Bonne chance.
Al.
A)- Réponses:
Oui, il est recommandé de lancer les outils de désinfections (analyse ou fix) en Mode sans Echec (MSE).
Ce n'est pas toujours possible ==> dans ce cas, une fois le logiciel téléchargé, il faut se déconnecter du Net lors de son installation.
Ou aussi, les utiliser en "Mode sans Echec avec prise en charge de réseau" (toujours via F8 ou F5).
Garde:
•- AVG-Antispyware ==> mais le bouclier résident n'est plus en service après 29 jours ( heureusement, parce qu'il ralenti sensiblement le déparrage PC)
•- CCleaner ==> lancer tous les jours le nettoyeur, et 1x/mois le correcteur des erreurs registres.
•- Antivir ==> très important (relire les tutos).
•- Kerio ==> pare-feu qui analyse les fichiers sortants de ton PC (ce que ne fait pas le pare-feu interne de Windows) .
Je n'ai ni Spybot S&D, ni Ad-Aware ==> AVG-Antispyware suffit; tu l'utilises chaque fois avant d'installer un nouveau logiciel téléchargé.
•- Comment protéger efficacement son PC ?
http://mickael.barroux.free.fr/securite/protection.php
https://forums.studyrama.com/topic/2748-entretenir-et-prot%C3%A9ger-son-pc/
•- Phénomène de sur-multiplication des logiciels de protection < http://forum.malekal.com/ftopic4650.php >
•- Sécuriser son ordinateur et connaitre les menaces < https://www.malekal.com/proteger-pc-virus-pirates/ >.
B)- Je voudrais que tu termines ce topic avec cette vérification, SVP.
•- Désactive ta restauration système
(Clic sur « Démarrer »
Clic droit sur « Poste de travail », puis sur « Propriétés »,
Vas sur l’onglet « Restauration système »
Tu y coches la case « Désactiver la restauration »
Termine par [Appliquer] [OK])
•- Ouvre Internet explorer --> Outils --> Options Internet --> onglet "sécurité" --> Valide "niveau par défaut".
•- Toujours sur Internet explorer --> Outils --> Options Internet --> onglet "avancé" --> valide "Paramètres par défaut".
•- Créer un nouveau dossier sur ton Bureau (Clic-droit > Nouveau > Dossier - nomme-le "Virut"- )
•- Pour effectuer le Scan, désactive ton antivirus et les logiciels de protections ;
•- Arrête, puis redémarre via F8 en « Mode sans Échec avec prise en charge de réseau ».
• Télécharger ces 2 fichiers dans ce dossier "Virut", et pas ailleurs:
< http://download.grisoft.cz/filedir/util/avg_rem_sup.dir/rmvirut/ >
C'est-à-dire:
< http://free.grisoft.com/filedir/util/avg_rem_sup.dir/rmvirut/rmvirut.exe >
< http://free.grisoft.com/filedir/util/avg_rem_sup.dir/rmvirut/rmvirut.nt >
• Exécute rmvirut.exe, et laisse-le faire.
Poste le rapport sur un forum d'entraide si tu le peux, sinon tu feras:
• File > Save log > Enregistre le sur le Bureau, pour mieux le retrouver (Il se nommera VirusRemover.log ).
•- Arrête puis redémarre le PC normalement.
•- Ensuite réactive ta restauration système
(Clic droit sur « Poste de travail », puis sur « Propriétés »,
Vas sur l’onglet « Restauration système »
Tu décoches la case « Désactiver la restauration »
Termine par [Appliquer] [OK])
•- Poste le rapport SVP
Merci
Bonne chance.
Al.
salut
pour ce qui est de kerio
alors je désactive windows prea feu aprés ou je peut le laisser?
(de toute façon je vais le faire plus tard)
pour l'instant je suis:
dans "avancé" de l'onglet "outils" il y a écrit "rétablir les paramétres avancés" c'est ça qu'il faut que je clic pur les mettre par défault?
merci j'attend...
pour ce qui est de kerio
alors je désactive windows prea feu aprés ou je peut le laisser?
(de toute façon je vais le faire plus tard)
pour l'instant je suis:
dans "avancé" de l'onglet "outils" il y a écrit "rétablir les paramétres avancés" c'est ça qu'il faut que je clic pur les mettre par défault?
merci j'attend...