Volledige versie bekijken : zelf een fout gemaakt
Kapstertje 16 April 2008, 09:39 Ik ben gisteren ergens mee bezig eweest wat ik niet had moeten doen,met als gevolg mijn pc van slag.:cry:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:49, on 16-4-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
D:\3.0\Apps\apdproxy.exe
C:\Program Files\antiviirus.exe
C:\WINDOWS\system32\ctfmon.exe
D:\WHATPU~1.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\fwpuvudo.exe
C:\Program Files\tmp0.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\tmp1.exe
C:\Program Files\tmp2.exe
C:\Program Files\tmp3.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: qtvglped - {C8F0EE32-3AF7-4730-9D8C-9EB9D0315290} - C:\WINDOWS\qtvglped.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [WhatPulse] D:\WHATPU~1.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [tmdjcbqh] C:\WINDOWS\system32\fwpuvudo.exe
O4 - HKLM\..\Policies\Explorer\Run: [fzYj0xIVBo] C:\Documents and Settings\All Users\Application Data\byrkjuxq\lmzizcho.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174850598187
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O21 - SSODL: SysSys - {5f7abfdf-fea0-47dc-b285-0a230fd7ce46} - C:\WINDOWS\Resources\SysSys.dll
O21 - SSODL: zip - {2702b446-cee4-40aa-bee1-c03fde659597} - C:\WINDOWS\Installer\{2702b446-cee4-40aa-bee1-c03fde659597}\zip.dll
O21 - SSODL: pmsoarbf - {B1466823-9944-4A78-8704-ACEBAF45D0F1} - C:\WINDOWS\pmsoarbf.dll
O21 - SSODL: omlbpkaw - {539DB6AD-3FD8-4963-9C06-B7B83BD320FA} - C:\WINDOWS\omlbpkaw.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
--
End of file - 6683 bytes
Recep 16 April 2008, 13:58 Hallo Kapstertje,
Ik ga even voor je kijken :D
Recep
Kapstertje 16 April 2008, 18:41 Graag want alles gaat hier fout,de ene na de andere popup,:damn:ander buroblad,vastlopen,Ik kan ook al niet in veilige modus opstarten:cry:
Dat ik nu online ben is gewoon een toevalstreffer:frown:
4stroker 16 April 2008, 18:46 Graag want alles gaat hier fout,de ene na de andere popup,:damn:ander buroblad,vastlopen,Ik kan ook al niet in veilige modus opstarten:cry:
Dat ik nu online ben is gewoon een toevalstreffer:frown:
Misschien is een systeemherstel hier wel aan te raden?
Rosty 16 April 2008, 18:53 Misschien is een systeemherstel hier wel aan te raden?
Ik vrees van niet!!! Kapstertje heeft hulp nodig en snel denk ik zo. Recep heef wel gepost dat hij gaat helpen dus ik wacht nog tot 20u, is hij dan niet on-line en een nieuwe Fix gepost heeft in het opleidingscentrum dan post ik een Fix.
4stroker 16 April 2008, 19:11 Ik vrees van niet!!! Kapstertje heeft hulp nodig en snel denk ik zo. Recep heef wel gepost dat hij gaat helpen dus ik wacht nog tot 20u, is hij dan niet on-line en een nieuwe Fix gepost heeft in het opleidingscentrum dan post ik een Fix.
Nuja, ik snap wat je zegt, maar vond dit gewoon logisch, als je iets verkeerd gedaan hebt op je pc en je weet niet juist wat, keer terug naar een punt waar alles nog in orde was. Net voor je bezig was met de dingen waarmee je niet moest bezig zijn. Dit zou ik in dit geval toch doen. In ieder geval, veel succes ermee ;)
Rosty 16 April 2008, 20:43 Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) en sla het progje op naar je bureaublad.
Dubbelklik SDFix.exe en kies Install om het uit te pakken. Versie 1.40 en hoger zal de uitgepakte SDFix map automatisch naar je systeemdrive verplaatsen (waarschijnlijk hier: C:\SDFix).
Herstart de pc in de veilige modus.
Safe mode for Windows XP
Herstart de computer
Zodra uw computer klaar is met het laden van de BIOS (zwarte scherm en witte letters, of een ander beginscherm)en vlak voordat Windows wordt geladen
Tap op de F8-toets (of de F5)-toets totdat u in het Windows option-menu terechtkomt Kies hier voor opstarten in veilige modus (Safe mode) door het gebruik van de pijltjestoetsen en daarna Enter
Open de uitgepakte SDFix folder (meestal hier te vinden: C:\SDFix) en dubbelklik RunThis.bat om het script te starten.
Typ Y en klik enter om het schoonmaakproces te starten.
Er zullen Trojan Services en/of Registry Entries worden verwijderd als ze worden gevonden en je zult een toets voor herstart moeten indrukken.
De computer zal dan herstarten; dit duurt langer dan gewoonlijk.
De Fixtool zal opnieuw gaan werken en het verwijderingproces vervolgen, dan wordt Finished, getoond, wacht geduldig af totdat je weer een toets moeten indrukken om het script te beëindigen en je bureaubladiconen weer te laden.
Zodra je bureaublad weer normaal is zal het SDFix report openen en ook te vinden zijn in de SDFix folder als Report.txt.
Copy/paste de inhoud van dit report Report.txt in je volgende antwoord hier samen met een nieuw HijackThis log
Kapstertje 16 April 2008, 21:13 Ik krijg hem niet in veilige modus
<windos-hoofdmap>\system32\ntoskrnnl.exe.
Ik heb xp home maar hij geeft alleen xp prof. en dan geeft hij dat aan.:damn:
Rosty 16 April 2008, 21:32 Doe eens in normale modus!
Kapstertje 16 April 2008, 21:36 dus nu in normale modus gewoon op run
Rosty 16 April 2008, 22:05 dus nu in normale modus gewoon op run
Yep. :)
Kapstertje 16 April 2008, 22:08 pff ik blijf aan het rebooten hij houd het nog geen 5 min vol
hij geeft geen Y
Heb wel u gedaan voor de laatste versie
Rosty 16 April 2008, 22:11 Dan maar op deze manier beginnen:
Download SmitfraudFix (http://siri.urz.free.fr/Fix/SmitfraudFix.exe) (vanS!Ri), en sla het op je bureaublad op.
* Dubbelklik Smitfraudfix.exe
* Kies optie #1 - Search door 1 te typen, en druk op "Enter";
Er zal een tekstbestandje openen.
Plaats de inhoud van dat tekstbestandje in je volgende antwoord samen met een nieuw logje van HijackThis
Kapstertje 16 April 2008, 22:15 SmitFraudFix v2.314
Scan done at 22:13:07,35, wo 16-04-2008
Run from C:\Documents and Settings\Kim\Bureaublad\SmitfraudFix
OS: Microsoft Windows XP [versie 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\byrkjuxq\lmzizcho.exe
D:\3.0\Apps\apdproxy.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\fwpuvudo.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\system32\mspaint.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Kim
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Kim\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Kim\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\tmp???????.exe FOUND !
C:\Program Files\tmp?.exe FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Mijn huidige introductiepagina"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
+--------------------------------------------------+
[!] Suspicious: lgmxvpatkmb.dll
BHO: DVA Storm - {52676F4A-D830-4513-BE81-3A0C28B32C2F}
TypeLib: {DE36BE36-BAB0-4213-B730-C0B88A0814DC}
Interface: {8CA36FBF-55D3-4DE4-B2DA-AC0F421B063F}
Interface: {915DE45F-7C6A-44C6-8DFD-26BAD624D26E}
[!] Suspicious: qtvglped.dll
Toolbar: qtvglped - {C8F0EE32-3AF7-4730-9D8C-9EB9D0315290}
TypeLib: {E802C3EE-8324-48FC-8290-32F38433386A}
Interface: {401BA9BF-7A17-4B62-AC79-BE141C1D0C27}
Classe: qtvglped.bbok
Classe: qtvglped.ToolBar.1
[!] Suspicious: pmsoarbf.dll
SSODL: pmsoarbf - {B1466823-9944-4A78-8704-ACEBAF45D0F1}
[!] Suspicious: omlbpkaw.dll
SSODL: omlbpkaw - {539DB6AD-3FD8-4963-9C06-B7B83BD320FA}
[!] Suspicious: SysSys.dll
SSODL: SysSys - {5f7abfdf-fea0-47dc-b285-0a230fd7ce46}
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Pakketplanner-minipoort
DNS Server Search Order: 10.0.0.138
HKLM\SYSTEM\CCS\Services\Tcpip\..\{3BE24969-93B4-4194-83CA-4A04E002ADAD}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3BE24969-93B4-4194-83CA-4A04E002ADAD}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS2\Services\Tcpip\..\{3BE24969-93B4-4194-83CA-4A04E002ADAD}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:15:39, on 16-4-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\byrkjuxq\lmzizcho.exe
D:\3.0\Apps\apdproxy.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\fwpuvudo.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\system32\mspaint.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: qtvglped - {C8F0EE32-3AF7-4730-9D8C-9EB9D0315290} - C:\WINDOWS\qtvglped.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [WhatPulse] D:\WHATPU~1.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [tmdjcbqh] C:\WINDOWS\system32\fwpuvudo.exe
O4 - HKLM\..\Policies\Explorer\Run: [fzYj0xIVBo] C:\Documents and Settings\All Users\Application Data\byrkjuxq\lmzizcho.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174850598187
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O21 - SSODL: SysSys - {5f7abfdf-fea0-47dc-b285-0a230fd7ce46} - C:\WINDOWS\Resources\SysSys.dll
O21 - SSODL: pmsoarbf - {B1466823-9944-4A78-8704-ACEBAF45D0F1} - C:\WINDOWS\pmsoarbf.dll
O21 - SSODL: omlbpkaw - {539DB6AD-3FD8-4963-9C06-B7B83BD320FA} - C:\WINDOWS\omlbpkaw.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
--
End of file - 6448 bytes
Rosty 16 April 2008, 22:33 Hoi, dit is voor het geval je al kan opstarten in veilige modus.
Print onderstaande instructies uit of kopieer ze naar een .txt bestand.
Start op in Veilige modus (http://www.virushelp.nl/veilige_modus.htm)
Eenmaal opgestart in veilige modus, open je SmitfraudFix.exe.
Kies optie #2 - Clean door 2 te typen, en druk op "Enter" om de
geïnfecteerde bestanden te verwijderen.
Je zal een vraag krijgen: "Registry cleaning - Do you want to clean the registry ?"
Antwoord "Yes" door Y te typen en druk op "Enter".
(Als je pc daarna niet herstart, start hem dan handmatig terug op in normale modus)
Er zal een tekstbestandje openen met de resultaten van de fix.
Post de inhoud van dit bestandje in je volgende antwoord (Je kan het rapport ook vinden in c:\rapport.txt).
Indien je niet kan opstarten in veilige modus doe dan volgende:
Download MBAM (Malwarebytes' Anti-Malware) via hier (http://www.besttechie.net/tools/mbam-setup.exe) of hier (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html).
Dubbelklik op mbam-setup.exe om het programma te installeren.
Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".
Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.
Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.
Het scannen kan een tijdje duren, dus wees geduldig.
Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)
De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.
Kopieer en plak de inhoud van het logje in je volgend antwoord, samen met een nieuw HijackThis log.
Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.
Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.
Kapstertje 16 April 2008, 23:05 Malwarebytes' Anti-Malware 1.11
Database versie: 636
Scan type: Snelle Scan
Objecten gescand: 33356
Verstreken tijd: 5 minute(s), 34 second(s)
Geheugenprocessen geïnfecteerd: 2
Geheugenmodulen geïnfecteerd: 9
Registersleutels geïnfecteerd: 55
Registerwaarden geïnfecteerd: 8
Registerdata bestanden geïnfecteerd: 2
Mappen geïnfecteerd: 4
Bestanden geïnfecteerd: 69
Geheugenprocessen geïnfecteerd:
C:\WINDOWS\system32\fwpuvudo.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\Documents and Settings\All Users\Application Data\byrkjuxq\lmzizcho.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Geheugenmodulen geïnfecteerd:
c:\WINDOWS\system32\wlcstp32.dll (Spyware.Agent) -> Unloaded module successfully.
C:\WINDOWS\system32\pmnmjJcB.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\umkjmwxy.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\nnnmNHAp.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\Resources\SysSys.dll (Trojan.Clicker) -> Unloaded module successfully.
C:\WINDOWS\qtvglped.dll (Trojan.FakeAlert) -> Unloaded module successfully.
C:\WINDOWS\pmsoarbf.dll (Trojan.FakeAlert) -> Unloaded module successfully.
C:\WINDOWS\omlbpkaw.dll (Trojan.FakeAlert) -> Unloaded module successfully.
C:\WINDOWS\lgmxvpatkmb.dll (Trojan.FakeAlert) -> Unloaded module successfully.
Registersleutels geïnfecteerd:
HKEY_CLASSES_ROOT\CLSID\{7348d74c-731b-dece-9f8a-a37d8214708e} (Spyware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{7348d74c-731b-dece-9f8a-a37d8214708e} (Spyware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{f9735039-3de6-485e-9c68-1544a6ac4416} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{f9735039-3de6-485e-9c68-1544a6ac4416} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{f3aef888-a3e2-44eb-bd85-f0c85ba7673f} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{f3aef888-a3e2-44eb-bd85-f0c85ba7673f} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnmnhap (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\Interface\{401ba9bf-7a17-4b62-ac79-be141c1d0c27} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e802c3ee-8324-48fc-8290-32f38433386a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ca36fbf-55d3-4de4-b2da-ac0f421b063f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{915de45f-7c6a-44c6-8dfd-26bad624d26e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{de36be36-bab0-4213-b730-c0b88a0814dc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5f7abfdf-fea0-47dc-b285-0a230fd7ce46} (Trojan.Clicker) -> Delete on reboot.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Classes\HOL5_VXIEWER.FU LL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Classes\applications\ac cessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c8f0ee32-3af7-4730-9d8c-9eb9d0315290} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b1466823-9944-4a78-8704-acebaf45d0f1} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{539db6ad-3fd8-4963-9c06-b7b83bd320fa} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{52676f4a-d830-4513-be81-3a0c28b32c2f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{52676f4a-d830-4513-be81-3a0c28b32c2f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qtvglped.bbok (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qtvglped.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\W MPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VideoPlugin (Trojan.Fakealert) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\tmdjcbqh (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\Explorer\Run\fzYj0xIVBo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\{f3aef888-a3e2-44eb-bd85-f0c85ba7673f} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad\SysSys (Trojan.Clicker) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{c8f0ee32-3af7-4730-9d8c-9eb9d0315290} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad\pmsoarbf (Trojan.FakeAlert) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad\omlbpkaw (Trojan.FakeAlert) -> Delete on reboot.
Registerdata bestanden geïnfecteerd:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\pmnmjjcb -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\pmnmjjcb -> Delete on reboot.
Mappen geïnfecteerd:
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
Bestanden geïnfecteerd:
c:\WINDOWS\system32\wlcstp32.dll (Spyware.Agent) -> Delete on reboot.
C:\WINDOWS\system32\pmnmjJcB.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\BcJjmnmp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\BcJjmnmp.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\umkjmwxy.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\yxwmjkmu.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\fwpuvudo.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\byrkjuxq\lmzizcho.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnmNHAp.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\Web\def.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\tmp1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\tmp2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\tmp3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\rtqmekwg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\016B8C2D.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32akttzn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32anticipator.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32awtoolb.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32bdn.com (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32bsva-egihsg52.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32dpcproxy.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32emesx.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32h@tkeysh@@k.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32hoproxy.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32hxiwlgpm.dat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32hxiwlgpm.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32medup012.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32medup020.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32msgp.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32msnbho.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32mssecu.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32msvchost.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32mtr2.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32mwin32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32netode.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32newsd32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32ps1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32psof1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32psoft1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32regc64.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32regm64.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32Rundl1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32sncntr.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32ssurf022.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32ssvchost.com (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32ssvchost.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32sysreq.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32taack.dat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32taack.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32temp#01.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32thun.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32thun32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32VBIEWER.OCX (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32vbsys2.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32vcatchpi.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32winlogonpc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32WINWGPX.EXE (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\Resources\SysSys.dll (Trojan.Clicker) -> Delete on reboot.
C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\qtvglped.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\pmsoarbf.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\omlbpkaw.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\npqtsrak.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\lgmxvpatkmb.dll (Trojan.FakeAlert) -> Delete on reboot.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:02:37, on 16-4-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\3.0\Apps\apdproxy.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [4c9bdb7d] rundll32.exe "C:\WINDOWS\system32\umkjmwxy.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [WhatPulse] D:\WHATPU~1.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174850598187
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
--
End of file - 6035 bytes
Bedankt voor je hulp,ik was net wat kort ,maar moest soms tijdens het reageren wel 3 keer opnieuw opstarten:damn:
En dan wordt je verhaal steeds korter hé;)
Rosty 17 April 2008, 05:53 Hoi MBAM heeft al heel wat gefixt en verwijderd.(y)
Deze regel mag je nog Fixen In HJT:
O4 - HKLM\..\Run: [4c9bdb7d] rundll32.exe "C:\WINDOWS\system32\umkjmwxy.dll",b
Download Combofix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) naar je Bureaublad.
Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
Dubbelklik op Combofix.exe
Volg de instructies, aanvaard de disclaimer door 1 (continue) te typen, gevolgd door ENTER.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post samen met een nieuw HijackThis log.
Kapstertje 17 April 2008, 18:08 U vraagt wij draaien:D
ComboFix 08-04-16.5 - Kim 2008-04-17 17:24:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.592 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Kim\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Kim\Bureaubladblackbird.jpg
C:\Documents and Settings\Kim\BureaubladEditorFKWP1.5.exe
C:\Documents and Settings\Kim\BureaubladEditorFKWP2.0.exe
C:\Documents and Settings\Kim\Bureaubladfilemanagerclient.exe
C:\Documents and Settings\Kim\Bureaubladfkwp1.5.exe
C:\Documents and Settings\Kim\Bureaubladfkwp2.0.exe
C:\Documents and Settings\Kim\Bureaubladfwebd.exe
C:\Documents and Settings\Kim\BureaubladFWebdEditor.exe
C:\Documents and Settings\Kim\BureaubladTrojan.Win32.BlackBird.exe
C:\Documents and Settings\Kim\Bureaubladvirii
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\resources\SysSys.dll
C:\WINDOWS\system32\BcJjmnmp.ini
C:\WINDOWS\system32\BcJjmnmp.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nnnmNHAp.dll
C:\WINDOWS\system32\pmnmjJcB.dll
C:\WINDOWS\system32\umkjmwxy.dll
C:\WINDOWS\system32\yxwmjkmu.ini
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-03-17 to 2008-04-17 ))))))))))))))))))))))))))))))
.
2008-04-16 22:44 . 2008-04-16 22:44 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-16 22:44 . 2008-04-16 22:44 <DIR> d-------- C:\Documents and Settings\Kim\Application Data\Malwarebytes
2008-04-16 22:44 . 2008-04-16 22:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-16 22:13 . 2008-04-16 22:13 1,442 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-16 21:53 . 2008-04-16 22:09 <DIR> d-------- C:\SDFix
2008-04-16 21:50 . 2008-04-16 21:52 1,420,141 --a------ C:\SDFix.exe
2008-04-16 17:43 . 2008-04-16 17:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-04-16 17:39 . 2008-04-16 17:35 159,112 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-04-16 17:35 . 2008-04-16 17:36 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-04-16 17:32 . 2008-04-16 17:32 <DIR> dr------- C:\Documents and Settings\LocalService\Favorieten
2008-04-16 08:54 . 2008-04-16 08:54 <DIR> d-------- C:\Documents and Settings\Kim\Application Data\TmpRecentIcons
2008-04-15 22:06 . 2008-04-16 22:06 <DIR> dr-h----- C:\Documents and Settings\Kim\Onlangs geopend
2008-04-15 22:03 . 2008-04-16 22:57 10,240 --------- C:\WINDOWS\system32\wlcstp32.dll
2008-04-15 22:02 . 2008-04-16 22:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\byrkjuxq
2008-04-15 22:02 . 2008-04-16 22:57 266,240 --------- C:\WINDOWS\omlbpkaw.dll
2008-04-15 22:02 . 2008-04-16 22:57 258,048 --------- C:\WINDOWS\lgmxvpatkmb.dll
2008-04-15 22:02 . 2008-04-16 22:57 229,376 --------- C:\WINDOWS\pmsoarbf.dll
2008-04-15 22:02 . 2008-04-16 22:57 184,320 --------- C:\WINDOWS\qtvglped.dll
2008-04-15 21:46 . 2008-04-15 21:46 <DIR> d-------- C:\Program Files\Photoshop
2008-04-14 13:55 . 2008-04-14 13:55 <DIR> d-------- C:\Program Files\PSP Thumbnail Handler
2008-04-09 10:49 . 2008-04-09 10:49 <DIR> d-------- C:\Documents and Settings\Kim\Application Data\fltk.org
2008-04-09 09:05 . 2008-04-09 10:49 <DIR> d-------- C:\Documents and Settings\Kim\Application Data\TuxPaint
2008-04-07 10:40 . 2008-04-07 10:40 <DIR> d-------- C:\Program Files\Apollo DVD Copy
2008-04-07 10:40 . 2008-04-07 10:40 <DIR> d-------- C:\Program Files\Anti-Leech
2008-04-07 10:40 . 2008-04-07 10:40 <DIR> d-------- C:\Program Files\Ahead
2008-04-07 10:40 . 2008-04-07 10:40 <DIR> d-------- C:\Program Files\Advanced Font Viewer
2008-03-29 19:24 . 2008-03-29 19:33 <DIR> d-------- C:\Documents and Settings\Kim\Application Data\Filter Forge
2008-03-29 19:05 . 2008-03-29 19:05 <DIR> d-------- C:\Program Files\Filter Forge
2008-03-29 19:05 . 2006-11-10 19:41 1,030,144 --a------ C:\WINDOWS\system32\dbghelp-xfw.dll
2008-03-28 00:09 . 2008-03-28 00:09 <DIR> d-------- C:\Documents and Settings\Kim\Application Data\Alien Skin
2008-03-28 00:06 . 1993-07-23 19:31 210,944 --a------ C:\WINDOWS\system32\MSVCRT10.DLL
2008-03-28 00:06 . 1996-10-30 10:35 32,768 --a------ C:\WINDOWS\system32\PLUGIN.DLL
2008-03-27 23:38 . 1998-10-09 10:18 296,448 --a------ C:\WINDOWS\Xenofex.ini
2008-03-27 22:37 . 2008-04-15 19:58 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-27 22:37 . 2008-03-27 22:37 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-27 21:24 . 2008-03-27 21:24 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-03-27 20:24 . 2008-03-27 20:24 <DIR> d-------- C:\Program Files\VS Revo Group
2008-03-26 23:37 . 2008-03-26 23:40 16 --a------ C:\WINDOWS\popcinfo.dat
2008-03-26 23:36 . 2008-03-26 23:36 <DIR> d-------- C:\Program Files\GameHouse
2008-03-26 18:19 . 2008-03-26 18:17 110,269 --a------ C:\WINDOWS\system32\dll_files.zip
2008-03-26 11:47 . 2008-03-27 21:24 <DIR> d-------- C:\Program Files\Common Files\Corel(2)
2008-03-22 14:56 . 2008-03-22 14:56 1,409 --a------ C:\WINDOWS\system32\tmpA1C58.FOT
2008-03-22 14:56 . 2008-03-22 14:56 1,409 --a------ C:\WINDOWS\system32\tmp41D58.FOT
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-04-17 15:22 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-17 15:22 --------- d-----w C:\Program Files\Spyware Doctor
2008-04-14 16:25 --------- d-----w C:\Program Files\PokerStars
2008-04-08 19:42 --------- d-----w C:\Program Files\PKR
2008-03-27 19:54 --------- d-----w C:\Program Files\Jasc Software Inc
2008-03-27 19:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-27 19:14 --------- d-----w C:\Program Files\Corel
2008-03-20 15:04 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-19 08:19 --------- d-----w C:\Program Files\Java
2008-03-12 16:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2008-03-11 19:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\namesuppressed
2008-03-11 19:09 44,544 ------w C:\WINDOWS\AWuninstall.exe
2008-03-10 00:12 --------- d-----w C:\Program Files\MSN Messenger
2008-03-09 18:40 --------- d-----w C:\Documents and Settings\Kim\Application Data\LimeWirePlus
2008-03-09 10:50 180,224 ----a-w C:\WINDOWS\UninstallWSST.exe
2008-03-05 09:45 --------- d-----w C:\Program Files\Scrippy
2008-03-05 09:44 --------- d-----w C:\Program Files\e frontier
2008-03-05 09:14 --------- d-----w C:\Program Files\Google
2008-03-04 22:25 --------- d-----w C:\Program Files\SimBoePro
2008-03-04 20:56 --------- d-----w C:\Program Files\Peer2Mail
2004-12-01 17:34 716 ---ha-w C:\Documents and Settings\All Users\Application Data\pb7msys.dat
2007-09-25 19:20 952 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
------- Sigcheck -------
2005-03-02 20:15 2183936 5db3e8dec987b5d350e4a105dceaee6a C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2006-12-19 20:47 2186368 4cb6c3b16587971c56aaa8a9b0511bc7 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 18:09 2186496 59dca97dc201792c1ccf9fe621ee5ed7 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2004-08-04 01:58 2185344 87aaea3908e069fb1be37380c895dfb8 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 20:09 2183680 281a1e82f5f8fc0b2f4b57ef296a4240 C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 20:25 2184704 f609063bae4d058a4019c4d99a1fd8dd C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 18:05 2184704 caaa8fd3c034a227691a43b60873f097 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 18:05 2184704 caaa8fd3c034a227691a43b60873f097 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:03 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"WhatPulse"="D:\WHATPU~1.EXE" [2004-12-05 12:20 543744]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-03-10 11:19 68856]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Adobe Photo Downloader"="D:\3.0\Apps\apdproxy.exe" [2005-07-14 16:09 57344]
"QuickTime Task"="D:\qttask.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:03 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-05-10 11:12 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
D:\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
-ra------ 2007-10-14 19:09 103712 C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-03-10 11:19 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherDPA]
C:\Program Files\Zango\bin\10.3.37.0\Weather.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoOE]
C:\Program Files\Zango\bin\10.3.37.0\OEAddOn.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoSA]
C:\Program Files\Zango\bin\10.3.37.0\ZangoSA.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"ProtexisLicensing"=2 (0x2)
"ose"=3 (0x3)
"McShield"=3 (0x3)
"gusvc"=3 (0x3)
"C-DillaCdaC11BA"=2 (0x2)
"AvSynMgr"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\e frontier\\Poser 7 Demo\\PoserDemo.exe"=
"C:\\Program Files\\LimeWire Plus\\LimeWire.exe"=
R0 NaiFsRec;NaiFsRec;C:\WINDOWS\system32\drivers\NaiF sRec.sys [2001-04-30 04:51]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.s ys [2008-04-16 17:35]
S4 AvSynMgr;AVSync Manager;"C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe" [2001-04-30 04:51]
.
************************************************** ************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-17 17:28:29
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wscntfy.exe
.
************************************************** ************************
.
Voltooingstijd: 2008-04-17 17:33:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-17 15:32:42
Pre-Run: 142,173,077,504 bytes beschikbaar
Post-Run: 142,209,814,528 bytes beschikbaar
.
2008-04-16 21:44:03 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:08:07, on 17-4-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
D:\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [WhatPulse] D:\WHATPU~1.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174850598187
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
--
End of file - 5726 bytes
Rosty 17 April 2008, 18:45 Hoi kapstertje,
ik raad je ten zeerste aan om een Anti-Virus en Firewall te instaleren hoor!!
Kijk hier voor een AV: http://users.telenet.be/bluepatchy/miekiemoes/Links.html#AntiVirus%20Scanners
en hier voor een FW: http://users.telenet.be/bluepatchy/miekiemoes/Links.html#Firewalls
Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
File::
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\omlbpkaw.dll
C:\WINDOWS\lgmxvpatkmb.dll
C:\WINDOWS\pmsoarbf.dll
C:\WINDOWS\qtvglped.dll
Folder::
C:\SDFix
C:\Documents and Settings\All Users\Application Data\byrkjuxq
C:\Program Files\PokerStars
C:\Program Files\MyWebSearch
C:\Program Files\Zango
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
Sla dit op op je Bureaublad als CFScript .
Sleep CFScript in ComboFix.exe zoals getoond in onderstaand voorbeeld :
http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif
Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord.
Kapstertje 17 April 2008, 19:16 ComboFix 08-04-16.5 - Kim 2008-04-17 19:00:59.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.563 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Kim\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Kim\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
FILE ::
C:\WINDOWS\lgmxvpatkmb.dll
C:\WINDOWS\omlbpkaw.dll
C:\WINDOWS\pmsoarbf.dll
C:\WINDOWS\qtvglped.dll
C:\WINDOWS\system32\tmp.reg
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\byrkjuxq
C:\Program Files\PokerStars
C:\Program Files\PokerStars\_update2def.dat
C:\Program Files\PokerStars\_update2g.dat
C:\Program Files\PokerStars\_update2gcd.dat
C:\Program Files\PokerStars\_update2ni.dat
C:\Program Files\PokerStars\_update2rare.dat
C:\Program Files\PokerStars\_update2s.dat
C:\Program Files\PokerStars\_updcache.dat
C:\Program Files\PokerStars\backup\Gx\cashierpaysystem.jpg
C:\Program Files\PokerStars\backup\Gx\table.jpg
C:\Program Files\PokerStars\backup\Gx\templates\browser.css
C:\Program Files\PokerStars\backup\Gx\templates\dialog.html
C:\Program Files\PokerStars\backup\Gx\templates\help.html
C:\Program Files\PokerStars\backup\Gx\templates\menu.xml
C:\Program Files\PokerStars\backup\Gx\tmp.jpg
C:\Program Files\PokerStars\backup\Gx\update.bmp
C:\Program Files\PokerStars\backup\i18n.msg_cli.txt
C:\Program Files\PokerStars\backup\PokerStars.exe
C:\Program Files\PokerStars\backup\PokerStars.ini
C:\Program Files\PokerStars\backup\Themes\&default\gx.ini
C:\Program Files\PokerStars\backup\update.ini
C:\Program Files\PokerStars\fw.ini
C:\Program Files\PokerStars\Gx\arr.a.bmp
C:\Program Files\PokerStars\Gx\arr.bmp
C:\Program Files\PokerStars\Gx\bg.jpg
C:\Program Files\PokerStars\Gx\blt.a.bmp
C:\Program Files\PokerStars\Gx\blt.bmp
C:\Program Files\PokerStars\Gx\cashierpaysystem.a.bmp
C:\Program Files\PokerStars\Gx\cashierpaysystem.bmp
C:\Program Files\PokerStars\Gx\cashierpaysystem.jpg
C:\Program Files\PokerStars\Gx\cheque.jpg
C:\Program Files\PokerStars\Gx\chequeCA.jpg
C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip-d.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip-d.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip000001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip000001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip000005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip000005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip000025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip000025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip0001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip0001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip0005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip0005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip0025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip0025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip0100.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip0100.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip0500.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip0500.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip1000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip1000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip100000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip100000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip1000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip1000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip25000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip25000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip5000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip5000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip500000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip500000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip5000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip5000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip-d.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip-d.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip000001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip000001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip000005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip000005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip000025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip000025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0100.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0100.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0500.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0500.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip1000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip1000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip100000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip100000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip1000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip1000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip25000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip25000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip5000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip5000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip500000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip500000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip5000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip5000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip-d.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip-d.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip000001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip000001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip000005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip000005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip000025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip000025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0100.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0100.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0500.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0500.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip1000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip1000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip100000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip100000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip1000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip1000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip25000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip25000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip5000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip5000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip500000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip500000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip5000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip5000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip-d.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip-d.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip000001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip000001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip000005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip000005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip000025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip000025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0100.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0100.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0500.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0500.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip1000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip1000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip100000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip100000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip1000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip1000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip25000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip25000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip5000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip5000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip500000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip500000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip5000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip5000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip-d.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip-d.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip000001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip000001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip000005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip000005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip000025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip000025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0100.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0100.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0500.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0500.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip1000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip1000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip100000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip100000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip1000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip1000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip25000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip25000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip5000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip5000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip500000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip500000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip5000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip5000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip-d.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip-d.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip000001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip000001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip000005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip000005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip000025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip000025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0100.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0100.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0500.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0500.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip1000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip1000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip100000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip100000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip1000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip1000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip25000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip25000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip5000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip5000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip500000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip500000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip5000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip5000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip-d.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip-d.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip000001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip000001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip000005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip000005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip000025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip000025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0001.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0001.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0005.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0005.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0025.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0025.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0100.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0100.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0500.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0500.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip1000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip1000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip100000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip100000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip1000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip1000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip25000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip25000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip5000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip5000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip500000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip500000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip5000000.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip5000000.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\0\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\0\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\0\cardface.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\0\cardface.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\1\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\1\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\1\cardface.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\1\cardface.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\2\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\2\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\2\cardface.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\2\cardface.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\2\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\2\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\3\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\3\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\3\cardface.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\3\cardface.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\3\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\3\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\4\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\4\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\4\cardface.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\4\cardface.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\4\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\4\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\5\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\5\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\5\cardface.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\5\cardface.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\5\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\5\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\6\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\6\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\6\cardface.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\6\cardface.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\6\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\6\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\back.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\cardfade.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\cardfade.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\deck.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\smback.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\default\smback.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\0\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\0\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\0\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\0\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\0\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\1\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\1\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\1\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\1\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\1\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\2\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\2\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\2\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\2\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\2\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\3\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\3\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\3\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\3\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\3\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\4\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\4\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\4\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\4\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\4\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\5\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\5\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\5\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\5\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\5\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\6\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\6\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\6\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\6\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\6\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\large\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\0\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\0\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\0\cardrank.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\0\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\0\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\0\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\0\deck.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\0\deck.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\1\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\1\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\1\cardrank.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\1\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\1\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\1\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\1\deck.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\1\deck.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\2\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\2\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\2\cardrank.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\2\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\2\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\2\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\2\deck.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\2\deck.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\3\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\3\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\3\cardrank.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\3\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\3\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\3\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\3\deck.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\3\deck.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\4\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\4\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\4\cardrank.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\4\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\4\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\4\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\4\deck.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\4\deck.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\5\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\5\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\5\cardrank.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\5\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\5\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\5\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\5\deck.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\5\deck.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\6\cardbase.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\6\cardbase.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\6\cardrank.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\6\cardrank.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\6\cardsuit.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\6\cardsuit.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\6\deck.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\6\deck.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\back.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\back.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\cardfade.a.bmp
C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\cardfade.bmp
C:\Program Files\PokerStars\Gx\close.a.bmp
C:\Program Files\PokerStars\Gx\close.bmp
C:\Program Files\PokerStars\Gx\ctep.bmp
C:\Program Files\PokerStars\Gx\ctrls\bb.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\bb.bmp
C:\Program Files\PokerStars\Gx\ctrls\btn.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\btn.bmp
C:\Program Files\PokerStars\Gx\ctrls\cashierb.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\cashierb.bmp
C:\Program Files\PokerStars\Gx\ctrls\cashiergb.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\cashiergb.bmp
C:\Program Files\PokerStars\Gx\ctrls\cashierrb.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\cashierrb.bmp
C:\Program Files\PokerStars\Gx\ctrls\cb.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\cb.bmp
C:\Program Files\PokerStars\Gx\ctrls\cb2.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\cb2.bmp
C:\Program Files\PokerStars\Gx\ctrls\cbtn.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\cbtn.bmp
C:\Program Files\PokerStars\Gx\ctrls\lb.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\lb.bmp
C:\Program Files\PokerStars\Gx\ctrls\lobbyb.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\lobbyb.bmp
C:\Program Files\PokerStars\Gx\ctrls\lobbylb.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\lobbylb.bmp
C:\Program Files\PokerStars\Gx\ctrls\login.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\login.bmp
C:\Program Files\PokerStars\Gx\ctrls\mtgb.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\mtgb.bmp
C:\Program Files\PokerStars\Gx\ctrls\rbtn.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\rbtn.bmp
C:\Program Files\PokerStars\Gx\ctrls\sizebox.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\sizebox.bmp
C:\Program Files\PokerStars\Gx\ctrls\slider-grip.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\slider-grip.bmp
C:\Program Files\PokerStars\Gx\ctrls\slider.bmp
C:\Program Files\PokerStars\Gx\ctrls\stb.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\stb.bmp
C:\Program Files\PokerStars\Gx\ctrls\tabs.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\tabs.bmp
C:\Program Files\PokerStars\Gx\ctrls\wb.a.bmp
C:\Program Files\PokerStars\Gx\ctrls\wb.bmp
C:\Program Files\PokerStars\Gx\cvn.jpg
C:\Program Files\PokerStars\Gx\dialog.a.bmp
C:\Program Files\PokerStars\Gx\dialog.bmp
C:\Program Files\PokerStars\Gx\fg.a.bmp
C:\Program Files\PokerStars\Gx\fg.bmp
C:\Program Files\PokerStars\Gx\filter.a.bmp
C:\Program Files\PokerStars\Gx\filter.bmp
C:\Program Files\PokerStars\Gx\filterb.bmp
C:\Program Files\PokerStars\Gx\fonts\ar08.bmp
C:\Program Files\PokerStars\Gx\fonts\ar08.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\ar08.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\ar08.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\ar08.pff
C:\Program Files\PokerStars\Gx\fonts\ar09.bmp
C:\Program Files\PokerStars\Gx\fonts\ar09.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\ar09.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\ar09.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\ar09.pff
C:\Program Files\PokerStars\Gx\fonts\arb08.bmp
C:\Program Files\PokerStars\Gx\fonts\arb08.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\arb08.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\arb08.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\arb08.pff
C:\Program Files\PokerStars\Gx\fonts\arb09.bmp
C:\Program Files\PokerStars\Gx\fonts\arb09.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\arb09.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\arb09.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\arb09.pff
C:\Program Files\PokerStars\Gx\fonts\arb10.bmp
C:\Program Files\PokerStars\Gx\fonts\arb10.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\arb10.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\arb10.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\arb10.pff
C:\Program Files\PokerStars\Gx\fonts\arb11.bmp
C:\Program Files\PokerStars\Gx\fonts\arb11.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\arb11.cp1250i.bmp
C:\Program Files\PokerStars\Gx\fonts\arb11.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\arb11.cp1251i.bmp
C:\Program Files\PokerStars\Gx\fonts\arb11.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\arb11.cp1252i.bmp
C:\Program Files\PokerStars\Gx\fonts\arb11.pff
C:\Program Files\PokerStars\Gx\fonts\arb11i.bmp
C:\Program Files\PokerStars\Gx\fonts\arb12.bmp
C:\Program Files\PokerStars\Gx\fonts\arb12.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\arb12.cp1250i.bmp
C:\Program Files\PokerStars\Gx\fonts\arb12.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\arb12.cp1251i.bmp
C:\Program Files\PokerStars\Gx\fonts\arb12.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\arb12.cp1252i.bmp
C:\Program Files\PokerStars\Gx\fonts\arb12.pff
C:\Program Files\PokerStars\Gx\fonts\arb12i.bmp
C:\Program Files\PokerStars\Gx\fonts\arb14.bmp
C:\Program Files\PokerStars\Gx\fonts\arb14.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\arb14.cp1250i.bmp
C:\Program Files\PokerStars\Gx\fonts\arb14.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\arb14.cp1251i.bmp
C:\Program Files\PokerStars\Gx\fonts\arb14.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\arb14.cp1252i.bmp
C:\Program Files\PokerStars\Gx\fonts\arb14.pff
C:\Program Files\PokerStars\Gx\fonts\arb14i.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu09.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu09.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu09.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu09.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu09.pff
C:\Program Files\PokerStars\Gx\fonts\arbu10.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu10.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu10.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu10.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu10.pff
C:\Program Files\PokerStars\Gx\fonts\arbu12.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu12.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu12.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu12.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\arbu12.pff
C:\Program Files\PokerStars\Gx\fonts\arbu12i.bmp
C:\Program Files\PokerStars\Gx\fonts\aru08.bmp
C:\Program Files\PokerStars\Gx\fonts\aru08.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\aru08.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\aru08.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\aru08.pff
C:\Program Files\PokerStars\Gx\fonts\aru09.bmp
C:\Program Files\PokerStars\Gx\fonts\aru09.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\aru09.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\aru09.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\aru09.pff
C:\Program Files\PokerStars\Gx\fonts\aru10.bmp
C:\Program Files\PokerStars\Gx\fonts\aru10.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\aru10.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\aru10.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\aru10.pff
C:\Program Files\PokerStars\Gx\fonts\gmb075.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb075.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb075.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb075.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb075.pff
C:\Program Files\PokerStars\Gx\fonts\gmb08.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb08.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb08.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb08.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb08.pff
C:\Program Files\PokerStars\Gx\fonts\gmb09.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb09.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb09.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb09.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb09.pff
C:\Program Files\PokerStars\Gx\fonts\gmb10.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb10.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb10.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb10.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb10.pff
C:\Program Files\PokerStars\Gx\fonts\gmb11.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb11.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb11.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb11.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb11.pff
C:\Program Files\PokerStars\Gx\fonts\gmb12.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb12.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb12.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb12.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb12.pff
C:\Program Files\PokerStars\Gx\fonts\gmb14.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb14.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb14.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb14.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb14.pff
C:\Program Files\PokerStars\Gx\fonts\gmb16.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb16.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb16.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb16.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb16.pff
C:\Program Files\PokerStars\Gx\fonts\gmb18.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb18.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb18.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb18.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb18.pff
C:\Program Files\PokerStars\Gx\fonts\gmb20.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb20.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb20.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb20.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\gmb20.pff
C:\Program Files\PokerStars\Gx\fonts\lg08.bmp
C:\Program Files\PokerStars\Gx\fonts\lg08.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\lg08.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\lg08.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\lg08.pff
C:\Program Files\PokerStars\Gx\fonts\lg09.bmp
C:\Program Files\PokerStars\Gx\fonts\lg09.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\lg09.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\lg09.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\lg09.pff
C:\Program Files\PokerStars\Gx\fonts\lgb075.bmp
C:\Program Files\PokerStars\Gx\fonts\lgb075.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\lgb075.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\lgb075.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\lgb075.pff
C:\Program Files\PokerStars\Gx\fonts\lgb08.bmp
C:\Program Files\PokerStars\Gx\fonts\lgb08.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\lgb08.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\lgb08.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\lgb08.pff
C:\Program Files\PokerStars\Gx\fonts\lgb09.bmp
C:\Program Files\PokerStars\Gx\fonts\lgb09.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\lgb09.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\lgb09.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\lgb09.pff
C:\Program Files\PokerStars\Gx\fonts\lgb10.bmp
C:\Program Files\PokerStars\Gx\fonts\lgb10.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\lgb10.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\lgb10.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\lgb10.pff
C:\Program Files\PokerStars\Gx\fonts\lgb11.bmp
C:\Program Files\PokerStars\Gx\fonts\lgb11.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\lgb11.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\lgb11.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\lgb11.pff
C:\Program Files\PokerStars\Gx\fonts\lgb12.bmp
C:\Program Files\PokerStars\Gx\fonts\lgb12.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\lgb12.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\lgb12.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\lgb12.pff
C:\Program Files\PokerStars\Gx\fonts\lgb14.bmp
C:\Program Files\PokerStars\Gx\fonts\lgb14.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\lgb14.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\lgb14.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\lgb14.pff
C:\Program Files\PokerStars\Gx\fonts\lgb16.bmp
C:\Program Files\PokerStars\Gx\fonts\lgb16.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\lgb16.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\lgb16.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\lgb16.pff
C:\Program Files\PokerStars\Gx\fonts\lgb18.bmp
C:\Program Files\PokerStars\Gx\fonts\lgb18.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\lgb18.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\lgb18.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\lgb18.pff
C:\Program Files\PokerStars\Gx\fonts\lgb20.bmp
C:\Program Files\PokerStars\Gx\fonts\lgb20.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\lgb20.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\lgb20.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\lgb20.pff
C:\Program Files\PokerStars\Gx\fonts\lgbu09.bmp
C:\Program Files\PokerStars\Gx\fonts\lgbu09.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\lgbu09.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\lgbu09.pff
C:\Program Files\PokerStars\Gx\fonts\lgbu10.bmp
C:\Program Files\PokerStars\Gx\fonts\lgbu10.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\lgbu10.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\lgbu10.pff
C:\Program Files\PokerStars\Gx\fonts\lgbu12.bmp
C:\Program Files\PokerStars\Gx\fonts\lgbu12.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\lgbu12.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\lgbu12.pff
C:\Program Files\PokerStars\Gx\fonts\lgu08.bmp
C:\Program Files\PokerStars\Gx\fonts\lgu08.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\lgu08.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\lgu08.pff
C:\Program Files\PokerStars\Gx\fonts\sb08.bmp
C:\Program Files\PokerStars\Gx\fonts\sb08.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\sb08.cp1250x.bmp
C:\Program Files\PokerStars\Gx\fonts\sb08.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\sb08.cp1251x.bmp
C:\Program Files\PokerStars\Gx\fonts\sb08.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\sb08.cp1252x.bmp
C:\Program Files\PokerStars\Gx\fonts\sb08.pff
C:\Program Files\PokerStars\Gx\fonts\sb08x.bmp
C:\Program Files\PokerStars\Gx\fonts\sb09.bmp
C:\Program Files\PokerStars\Gx\fonts\sb09.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\sb09.cp1250x.bmp
C:\Program Files\PokerStars\Gx\fonts\sb09.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\sb09.cp1251x.bmp
C:\Program Files\PokerStars\Gx\fonts\sb09.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\sb09.cp1252x.bmp
C:\Program Files\PokerStars\Gx\fonts\sb09.pff
C:\Program Files\PokerStars\Gx\fonts\sb09x.bmp
C:\Program Files\PokerStars\Gx\fonts\sb10.bmp
C:\Program Files\PokerStars\Gx\fonts\sb10.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\sb10.cp1250x.bmp
C:\Program Files\PokerStars\Gx\fonts\sb10.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\sb10.cp1251x.bmp
C:\Program Files\PokerStars\Gx\fonts\sb10.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\sb10.cp1252x.bmp
C:\Program Files\PokerStars\Gx\fonts\sb10.pff
C:\Program Files\PokerStars\Gx\fonts\sb10x.bmp
C:\Program Files\PokerStars\Gx\fonts\sb11.bmp
C:\Program Files\PokerStars\Gx\fonts\sb11.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\sb11.cp1250x.bmp
C:\Program Files\PokerStars\Gx\fonts\sb11.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\sb11.cp1251x.bmp
C:\Program Files\PokerStars\Gx\fonts\sb11.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\sb11.cp1252x.bmp
C:\Program Files\PokerStars\Gx\fonts\sb11.pff
C:\Program Files\PokerStars\Gx\fonts\sb11x.bmp
C:\Program Files\PokerStars\Gx\fonts\sb12.bmp
C:\Program Files\PokerStars\Gx\fonts\sb12.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\sb12.cp1250x.bmp
C:\Program Files\PokerStars\Gx\fonts\sb12.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\sb12.cp1251x.bmp
C:\Program Files\PokerStars\Gx\fonts\sb12.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\sb12.cp1252x.bmp
C:\Program Files\PokerStars\Gx\fonts\sb12.pff
C:\Program Files\PokerStars\Gx\fonts\sb12x.bmp
C:\Program Files\PokerStars\Gx\fonts\sb14.bmp
C:\Program Files\PokerStars\Gx\fonts\sb14.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\sb14.cp1250x.bmp
C:\Program Files\PokerStars\Gx\fonts\sb14.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\sb14.cp1251x.bmp
C:\Program Files\PokerStars\Gx\fonts\sb14.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\sb14.cp1252x.bmp
C:\Program Files\PokerStars\Gx\fonts\sb14.pff
C:\Program Files\PokerStars\Gx\fonts\sb14x.bmp
C:\Program Files\PokerStars\Gx\fonts\sb16.bmp
C:\Program Files\PokerStars\Gx\fonts\sb16.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\sb16.cp1250x.bmp
C:\Program Files\PokerStars\Gx\fonts\sb16.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\sb16.cp1251x.bmp
C:\Program Files\PokerStars\Gx\fonts\sb16.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\sb16.cp1252x.bmp
C:\Program Files\PokerStars\Gx\fonts\sb16.pff
C:\Program Files\PokerStars\Gx\fonts\sb16x.bmp
C:\Program Files\PokerStars\Gx\fonts\sbr10.bmp
C:\Program Files\PokerStars\Gx\fonts\sbr10.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\sbr10.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\sbr10.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\sbr10.pff
C:\Program Files\PokerStars\Gx\fonts\sbr11.bmp
C:\Program Files\PokerStars\Gx\fonts\sbr11.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\sbr11.cp1250x.bmp
C:\Program Files\PokerStars\Gx\fonts\sbr11.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\sbr11.cp1251x.bmp
C:\Program Files\PokerStars\Gx\fonts\sbr11.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\sbr11.cp1252x.bmp
C:\Program Files\PokerStars\Gx\fonts\sbr11.pff
C:\Program Files\PokerStars\Gx\fonts\sbr11x.bmp
C:\Program Files\PokerStars\Gx\fonts\sf05.bmp
C:\Program Files\PokerStars\Gx\fonts\sf05.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\sf05.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\sf05.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\sf05.pff
C:\Program Files\PokerStars\Gx\fonts\sf06.bmp
C:\Program Files\PokerStars\Gx\fonts\sf06.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\sf06.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\sf06.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\sf06.pff
C:\Program Files\PokerStars\Gx\fonts\sf07.bmp
C:\Program Files\PokerStars\Gx\fonts\sf07.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\sf07.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\sf07.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\sf07.pff
C:\Program Files\PokerStars\Gx\fonts\sfu06.bmp
C:\Program Files\PokerStars\Gx\fonts\sfu06.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\sfu06.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\sfu06.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\sfu06.pff
C:\Program Files\PokerStars\Gx\fonts\sfu07.bmp
C:\Program Files\PokerStars\Gx\fonts\sfu07.cp1250.bmp
C:\Program Files\PokerStars\Gx\fonts\sfu07.cp1251.bmp
C:\Program Files\PokerStars\Gx\fonts\sfu07.cp1252.bmp
C:\Program Files\PokerStars\Gx\fonts\sfu07.pff
C:\Program Files\PokerStars\Gx\fonts\subst.ini
C:\Program Files\PokerStars\Gx\ico.a.bmp
C:\Program Files\PokerStars\Gx\ico.bmp
C:\Program Files\PokerStars\Gx\instacashlogo.bmp
C:\Program Files\PokerStars\Gx\ipb.a.bmp
C:\Program Files\PokerStars\Gx\ipb.bmp
C:\Program Files\PokerStars\Gx\ipkt1.a.bmp
C:\Program Files\PokerStars\Gx\ipkt1.bmp
C:\Program Files\PokerStars\Gx\ipkt2.a.bmp
C:\Program Files\PokerStars\Gx\ipkt2.bmp
C:\Program Files\PokerStars\Gx\ipkt3.a.bmp
C:\Program Files\PokerStars\Gx\ipkt3.bmp
C:\Program Files\PokerStars\Gx\label\border.a.bmp
C:\Program Files\PokerStars\Gx\label\border.bmp
C:\Program Files\PokerStars\Gx\label\borderb.a.bmp
C:\Program Files\PokerStars\Gx\label\borderb.bmp
C:\Program Files\PokerStars\Gx\label\emblem.a.bmp
C:\Program Files\PokerStars\Gx\label\emblem.bmp
C:\Program Files\PokerStars\Gx\label\note.a.bmp
C:\Program Files\PokerStars\Gx\label\note.bmp
C:\Program Files\PokerStars\Gx\label\pm.a.bmp
C:\Program Files\PokerStars\Gx\label\pm.bmp
C:\Program Files\PokerStars\Gx\label\ps.a.bmp
C:\Program Files\PokerStars\Gx\label\ps.bmp
C:\Program Files\PokerStars\Gx\label\psw.a.bmp
C:\Program Files\PokerStars\Gx\label\psw.bmp
C:\Program Files\PokerStars\Gx\label\seat.a.bmp
C:\Program Files\PokerStars\Gx\label\seat.bmp
C:\Program Files\PokerStars\Gx\label\status.a.bmp
C:\Program Files\PokerStars\Gx\label\status.bmp
C:\Program Files\PokerStars\Gx\label\statusb.a.bmp
C:\Program Files\PokerStars\Gx\label\statusb.bmp
C:\Program Files\PokerStars\Gx\label\tlg-w.a.bmp
C:\Program Files\PokerStars\Gx\label\tlg-w.bmp
C:\Program Files\PokerStars\Gx\label\tlg.a.bmp
C:\Program Files\PokerStars\Gx\label\tlg.bmp
C:\Program Files\PokerStars\Gx\label\tt.a.bmp
C:\Program Files\PokerStars\Gx\label\tt.bmp
C:\Program Files\PokerStars\Gx\label\userface.bmp
C:\Program Files\PokerStars\Gx\lobby.jpg
C:\Program Files\PokerStars\Gx\lobby\apply.a.bmp
C:\Program Files\PokerStars\Gx\lobby\apply.bmp
C:\Program Files\PokerStars\Gx\lobby\b.a.bmp
C:\Program Files\PokerStars\Gx\lobby\b.bmp
C:\Program Files\PokerStars\Gx\lobby\bi.a.bmp
C:\Program Files\PokerStars\Gx\lobby\bi.bmp
C:\Program Files\PokerStars\Gx\lobby\bl.a.bmp
C:\Program Files\PokerStars\Gx\lobby\bl.bmp
C:\Program Files\PokerStars\Gx\lobby\bm.a.bmp
C:\Program Files\PokerStars\Gx\lobby\bm.bmp
C:\Program Files\PokerStars\Gx\lobby\cb.bmp
C:\Program Files\PokerStars\Gx\lobby\cbg.a.bmp
C:\Program Files\PokerStars\Gx\lobby\cbg.bmp
C:\Program Files\PokerStars\Gx\lobby\en\b.a.bmp
C:\Program Files\PokerStars\Gx\lobby\en\b.bmp
C:\Program Files\PokerStars\Gx\lobby\en\bl.a.bmp
C:\Program Files\PokerStars\Gx\lobby\en\bl.bmp
C:\Program Files\PokerStars\Gx\lobby\en\bm.a.bmp
C:\Program Files\PokerStars\Gx\lobby\en\bm.bmp
C:\Program Files\PokerStars\Gx\lobby\f-arr.a.bmp
C:\Program Files\PokerStars\Gx\lobby\f-arr.bmp
C:\Program Files\PokerStars\Gx\lobby\f.a.bmp
C:\Program Files\PokerStars\Gx\lobby\f.bmp
C:\Program Files\PokerStars\Gx\lobby\lb.bmp
C:\Program Files\PokerStars\Gx\lobby\lbbc.a.bmp
C:\Program Files\PokerStars\Gx\lobby\lbbc.bmp
C:\Program Files\PokerStars\Gx\lobby\lbbl.a.bmp
C:\Program Files\PokerStars\Gx\lobby\lbbl.bmp
C:\Program Files\PokerStars\Gx\lobby\lbbr.a.bmp
C:\Program Files\PokerStars\Gx\lobby\lbbr.bmp
C:\Program Files\PokerStars\Gx\lobby\lbml.a.bmp
C:\Program Files\PokerStars\Gx\lobby\lbml.bmp
C:\Program Files\PokerStars\Gx\lobby\lbmr.a.bmp
C:\Program Files\PokerStars\Gx\lobby\lbmr.bmp
C:\Program Files\PokerStars\Gx\lobby\lbo.a.bmp
C:\Program Files\PokerStars\Gx\lobby\lbo.bmp
C:\Program Files\PokerStars\Gx\lobby\lbtc.a.bmp
C:\Program Files\PokerStars\Gx\lobby\lbtc.bmp
C:\Program Files\PokerStars\Gx\lobby\lbtl.a.bmp
C:\Program Files\PokerStars\Gx\lobby\lbtl.bmp
C:\Program Files\PokerStars\Gx\lobby\lbtr.a.bmp
C:\Program Files\PokerStars\Gx\lobby\lbtr.bmp
C:\Program Files\PokerStars\Gx\lobby\lmi.a.bmp
C:\Program Files\PokerStars\Gx\lobby\lmi.bmp
C:\Program Files\PokerStars\Gx\lobby\ltb1.a.bmp
C:\Program Files\PokerStars\Gx\lobby\ltb1.bmp
C:\Program Files\PokerStars\Gx\lobby\ltb2.bmp
C:\Program Files\PokerStars\Gx\lobby\ltb3.bmp
C:\Program Files\PokerStars\Gx\lobby\lto.a.bmp
C:\Program Files\PokerStars\Gx\lobby\lto.bmp
C:\Program Files\PokerStars\Gx\lobby\mbc.a.bmp
C:\Program Files\PokerStars\Gx\lobby\mbc.bmp
C:\Program Files\PokerStars\Gx\lobby\mbl.a.bmp
C:\Program Files\PokerStars\Gx\lobby\mbl.bmp
C:\Program Files\PokerStars\Gx\lobby\mbr.a.bmp
C:\Program Files\PokerStars\Gx\lobby\mbr.bmp
C:\Program Files\PokerStars\Gx\lobby\pbbc.a.bmp
C:\Program Files\PokerStars\Gx\lobby\pbbc.bmp
C:\Program Files\PokerStars\Gx\lobby\pbbcr.a.bmp
C:\Program Files\PokerStars\Gx\lobby\pbbcr.bmp
C:\Program Files\PokerStars\Gx\lobby\pbbl.a.bmp
C:\Program Files\PokerStars\Gx\lobby\pbbl.bmp
C:\Program Files\PokerStars\Gx\lobby\pbbr.a.bmp
C:\Program Files\PokerStars\Gx\lobby\pbbr.bmp
C:\Program Files\PokerStars\Gx\lobby\pbml.a.bmp
C:\Program Files\PokerStars\Gx\lobby\pbml.bmp
C:\Program Files\PokerStars\Gx\lobby\pbmr.a.bmp
C:\Program Files\PokerStars\Gx\lobby\pbmr.bmp
C:\Program Files\PokerStars\Gx\lobby\pbtc.a.bmp
C:\Program Files\PokerStars\Gx\lobby\pbtc.bmp
C:\Program Files\PokerStars\Gx\lobby\pbtc2.a.bmp
C:\Program Files\PokerStars\Gx\lobby\pbtc2.bmp
C:\Program Files\PokerStars\Gx\lobby\pbtl.a.bmp
C:\Program Files\PokerStars\Gx\lobby\pbtl.bmp
C:\Program Files\PokerStars\Gx\lobby\pbtl2.a.bmp
C:\Program Files\PokerStars\Gx\lobby\pbtl2.bmp
C:\Program Files\PokerStars\Gx\lobby\pbtr.a.bmp
C:\Program Files\PokerStars\Gx\lobby\pbtr.bmp
C:\Program Files\PokerStars\Gx\lobby\pbtr2.a.bmp
C:\Program Files\PokerStars\Gx\lobby\pbtr2.bmp
C:\Program Files\PokerStars\Gx\lobby\ps.a.bmp
C:\Program Files\PokerStars\Gx\lobby\ps.bmp
C:\Program Files\PokerStars\Gx\lobby\quote.a.bmp
C:\Program Files\PokerStars\Gx\lobby\quote.bmp
C:\Program Files\PokerStars\Gx\lobby\r1.a.bmp
C:\Program Files\PokerStars\Gx\lobby\r1.bmp
C:\Program Files\PokerStars\Gx\lobby\r2.a.bmp
C:\Program Files\PokerStars\Gx\lobby\r2.bmp
C:\Program Files\PokerStars\Gx\lobby\r3.bmp
C:\Program Files\PokerStars\Gx\lobby\select-bg.a.bmp
C:\Program Files\PokerStars\Gx\lobby\select-bg.bmp
C:\Program Files\PokerStars\Gx\lobby\tlmc.a.bmp
C:\Program Files\PokerStars\Gx\lobby\tlmc.bmp
C:\Program Files\PokerStars\Gx\lobby\tlml.a.bmp
C:\Program Files\PokerStars\Gx\lobby\tlml.bmp
C:\Program Files\PokerStars\Gx\lobby\tlmr.a.bmp
C:\Program Files\PokerStars\Gx\lobby\tlmr.bmp
C:\Program Files\PokerStars\Gx\lobby\tltc.a.bmp
C:\Program Files\PokerStars\Gx\lobby\tltc.bmp
C:\Program Files\PokerStars\Gx\lobby\tltl.a.bmp
C:\Program Files\PokerStars\Gx\lobby\tltl.bmp
C:\Program Files\PokerStars\Gx\lobby\tltr.a.bmp
C:\Program Files\PokerStars\Gx\lobby\tltr.bmp
C:\Program Files\PokerStars\Gx\lobby\tm.a.bmp
C:\Program Files\PokerStars\Gx\lobby\tm.bmp
C:\Program Files\PokerStars\Gx\lobby\tmb.a.bmp
C:\Program Files\PokerStars\Gx\lobby\tmb.bmp
C:\Program Files\PokerStars\Gx\lobby\tmi.a.bmp
C:\Program Files\PokerStars\Gx\lobby\tmi.bmp
C:\Program Files\PokerStars\Gx\lobby\tn.bmp
C:\Program Files\PokerStars\Gx\mtlobby.jpg
C:\Program Files\PokerStars\Gx\pb.a.bmp
C:\Program Files\PokerStars\Gx\pb.bmp
C:\Program Files\PokerStars\Gx\pbb.a.bmp
C:\Program Files\PokerStars\Gx\pbb.bmp
C:\Program Files\PokerStars\Gx\pbc.bmp
C:\Program Files\PokerStars\Gx\pblt.a.bmp
C:\Program Files\PokerStars\Gx\pblt.bmp
C:\Program Files\PokerStars\Gx\pci.a.bmp
C:\Program Files\PokerStars\Gx\pci.bmp
C:\Program Files\PokerStars\Gx\pib.bmp
C:\Program Files\PokerStars\Gx\pmsp.bmp
C:\Program Files\PokerStars\Gx\pmt.bmp
C:\Program Files\PokerStars\Gx\ps.a.bmp
C:\Program Files\PokerStars\Gx\ps.bmp
C:\Program Files\PokerStars\Gx\ptb.bmp
C:\Program Files\PokerStars\Gx\reserved.a.bmp
C:\Program Files\PokerStars\Gx\reserved.bmp
C:\Program Files\PokerStars\Gx\table.jpg
C:\Program Files\PokerStars\Gx\tableseat.a.bmp
C:\Program Files\PokerStars\Gx\tableseat.bmp
C:\Program Files\PokerStars\Gx\templates\browser.css
C:\Program Files\PokerStars\Gx\templates\dialog.css
C:\Program Files\PokerStars\Gx\templates\dialog.html
C:\Program Files\PokerStars\Gx\templates\dialog.xml
C:\Program Files\PokerStars\Gx\templates\help.html
C:\Program Files\PokerStars\Gx\templates\menu.xml
C:\Program Files\PokerStars\Gx\tmp.jpg
C:\Program Files\PokerStars\Gx\tourneyinfo.bmp
C:\Program Files\PokerStars\Gx\update.bmp
C:\Program Files\PokerStars\i18n.msg_cli.txt
C:\Program Files\PokerStars\ImgCache\0001E809.psi
C:\Program Files\PokerStars\ImgCache\00046846.psi
C:\Program Files\PokerStars\ImgCache\00047138.psi
C:\Program Files\PokerStars\ImgCache\0005FA1C.psi
C:\Program Files\PokerStars\ImgCache\000B252A.psi
C:\Program Files\PokerStars\ImgCache\000FE8BD.psi
C:\Program Files\PokerStars\ImgCache\001126C0.psi
C:\Program Files\PokerStars\ImgCache\00134403.psi
C:\Program Files\PokerStars\ImgCache\0015675A.psi
C:\Program Files\PokerStars\ImgCache\0018310C.psi
C:\Program Files\PokerStars\ImgCache\001BA845.psi
C:\Program Files\PokerStars\ImgCache\001E2756.psi
C:\Program Files\PokerStars\ImgCache\001E2E95.psi
C:\Program Files\PokerStars\ImgCache\001ECC57.psi
C:\Program Files\PokerStars\ImgCache\001F7B1C.psi
C:\Program Files\PokerStars\ImgCache\0020CD0B.psi
C:\Program Files\PokerStars\ImgCache\00242455.psi
C:\Program Files\PokerStars\ImgCache\0025D269.psi
C:\Program Files\PokerStars\ImgCache\0026B852.psi
C:\Program Files\PokerStars\ImgCache\002751B2.psi
C:\Program Files\PokerStars\ImgCache\002851A1.psi
C:\Program Files\PokerStars\ImgCache\0029648E.psi
C:\Program Files\PokerStars\ImgCache\002A119C.psi
C:\Program Files\PokerStars\ImgCache\002AED94.psi
C:\Program Files\PokerStars\ImgCache\002C3BF1.psi
C:\Program Files\PokerStars\ImgCache\002DFDD3.psi
C:\Program Files\PokerStars\ImgCache\002E079C.psi
C:\Program Files\PokerStars\ImgCache\002E49AA.psi
C:\Program Files\PokerStars\ImgCache\002E8CA5.psi
C:\Program Files\PokerStars\ImgCache\002E9FB3.psi
C:\Program Files\PokerStars\ImgCache\002EA1D1.psi
C:\Program Files\PokerStars\ImgCache\002F6333.psi
C:\Program Files\PokerStars\ImgCache\002F67C0.psi
C:\Program Files\PokerStars\ImgCache\002FBAAC.psi
C:\Program Files\PokerStars\ImgCache\00305637.psi
C:\Program Files\PokerStars\ImgCache\0030EE77.psi
C:\Program Files\PokerStars\ImgCache\00316E18.psi
C:\Program Files\PokerStars\ImgCache\0031CB34.psi
C:\Program Files\PokerStars\ImgCache\0032F005.psi
C:\Program Files\PokerStars\ImgCache\00338651.psi
C:\Program Files\PokerStars\ImgCache\0034CC93.psi
C:\Program Files\PokerStars\ImgCache\00354A80.psi
C:\Program Files\PokerStars\ImgCache\003664A3.psi
C:\Program Files\PokerStars\ImgCache\00367277.psi
C:\Program Files\PokerStars\ImgCache\0036BAA4.psi
C:\Program Files\PokerStars\ImgCache\00374200.psi
C:\Program Files\PokerStars\ImgCache\0037B68B.psi
C:\Program Files\PokerStars\ImgCache\00384B2E.psi
C:\Program Files\PokerStars\ImgCache\00385B41.psi
C:\Program Files\PokerStars\ImgCache\0038787D.psi
C:\Program Files\PokerStars\ImgCache\0038E4F3.psi
C:\Program Files\PokerStars\ImgCache\0038E8F4.psi
C:\Program Files\PokerStars\ImgCache\0038F807.psi
C:\Program Files\PokerStars\ImgCache\0039AD28.psi
C:\Program Files\PokerStars\ImgCache\0039E95E.psi
C:\Program Files\PokerStars\ImgCache\003A66D6.psi
C:\Program Files\PokerStars\ImgCache\003A69A3.psi
C:\Program Files\PokerStars\ImgCache\003B10AC.psi
C:\Program Files\PokerStars\ImgCache\003B15B8.psi
C:\Program Files\PokerStars\ImgCache\003B501F.psi
C:\Program Files\PokerStars\ImgCache\003D4090.psi
C:\Program Files\PokerStars\ImgCache\003DD08A.psi
C:\Program Files\PokerStars\ImgCache\003DE60F.psi
C:\Program Files\PokerStars\ImgCache\003E4B2A.psi
C:\Program Files\PokerStars\ImgCache\003EB3A9.psi
C:\Program Files\PokerStars\ImgCache\003ECC83.psi
C:\Program Files\PokerStars\ImgCache\003F79CA.psi
C:\Program Files\PokerStars\ImgCache\003FD581.psi
C:\Program Files\PokerStars\ImgCache\003FDB24.psi
C:\Program Files\PokerStars\ImgCache\003FEE0A.psi
C:\Program Files\PokerStars\ImgCache\00401870.psi
C:\Program Files\PokerStars\ImgCache\0040F058.psi
C:\Program Files\PokerStars\ImgCache\0041326F.psi
C:\Program Files\PokerStars\ImgCache\00419BDD.psi
C:\Program Files\PokerStars\ImgCache\00426231.psi
C:\Program Files\PokerStars\ImgCache\0042D048.psi
C:\Program Files\PokerStars\ImgCache\00434A06.psi
C:\Program Files\PokerStars\ImgCache\00438603.psi
C:\Program Files\PokerStars\ImgCache\0043C8A5.psi
C:\Program Files\PokerStars\ImgCache\0043D080.psi
C:\Program Files\PokerStars\ImgCache\00448FE9.psi
C:\Program Files\PokerStars\ImgCache\0044FAD9.psi
C:\Program Files\PokerStars\ImgCache\00455242.psi
C:\Program Files\PokerStars\ImgCache\004561A0.psi
C:\Program Files\PokerStars\ImgCache\00458F9C.psi
C:\Program Files\PokerStars\ImgCache\00463700.psi
C:\Program Files\PokerStars\ImgCache\0046EE78.psi
C:\Program Files\PokerStars\ImgCache\0046F64A.psi
C:\Program Files\PokerStars\ImgCache\00476100.psi
C:\Program Files\PokerStars\ImgCache\004774CA.psi
C:\Program Files\PokerStars\ImgCache\00479FB8.psi
C:\Program Files\PokerStars\ImgCache\0047B277.psi
C:\Program Files\PokerStars\ImgCache\004800CF.psi
C:\Program Files\PokerStars\ImgCache\00485197.psi
C:\Program Files\PokerStars\ImgCache\00486FEA.psi
C:\Program Files\PokerStars\ImgCache\00492F3C.psi
C:\Program Files\PokerStars\ImgCache\00499CD1.psi
C:\Program Files\PokerStars\ImgCache\004A10F1.psi
C:\Program Files\PokerStars\ImgCache\004A36D7.psi
C:\Program Files\PokerStars\ImgCache\004A679C.psi
C:\Program Files\PokerStars\ImgCache\004A7746.psi
C:\Program Files\PokerStars\ImgCache\004ABAD0.psi
C:\Program Files\PokerStars\ImgCache\004ACDEC.psi
C:\Program Files\PokerStars\ImgCache\004B21C3.psi
C:\Program Files\PokerStars\ImgCache\004B37CA.psi
C:\Program Files\PokerStars\ImgCache\004B5741.psi
C:\Program Files\PokerStars\ImgCache\004B61E1.psi
C:\Program Files\PokerStars\ImgCache\004C0C2C.psi
C:\Program Files\PokerStars\ImgCache\004C1F69.psi
C:\Program Files\PokerStars\ImgCache\004C5187.psi
C:\Program Files\PokerStars\ImgCache\004C5E2C.psi
C:\Program Files\PokerStars\ImgCache\004C6DDB.psi
C:\Program Files\PokerStars\ImgCache\004CCE52.psi
C:\Program Files\PokerStars\ImgCache\004D342E.psi
C:\Program Files\PokerStars\ImgCache\004D75CB.psi
C:\Program Files\PokerStars\ImgCache\004D75D7.psi
C:\Program Files\PokerStars\ImgCache\004D75DC.psi
C:\Program Files\PokerStars\ImgCache\004D75ED.psi
C:\Program Files\PokerStars\ImgCache\004D7606.psi
C:\Program Files\PokerStars\ImgCache\004D7609.psi
C:\Program Files\PokerStars\ImgCache\004D760B.psi
C:\Program Files\PokerStars\ImgCache\004D760F.psi
C:\Program Files\PokerStars\ImgCache\004D7611.psi
C:\Program Files\PokerStars\ImgCache\004D7613.psi
C:\Program Files\PokerStars\ImgCache\004DB07B.psi
C:\Program Files\PokerStars\ImgCache\004E310F.psi
C:\Program Files\PokerStars\ImgCache\004E3DF1.psi
C:\Program Files\PokerStars\ImgCache\004E498A.psi
C:\Program Files\PokerStars\ImgCache\004EE1A0.psi
C:\Program Files\PokerStars\ImgCache\004F6D2F.psi
C:\Program Files\PokerStars\ImgCache\004F9842.psi
C:\Program Files\PokerStars\ImgCache\004FBB53.psi
C:\Program Files\PokerStars\ImgCache\004FC0A3.psi
C:\Program Files\PokerStars\ImgCache\004FD219.psi
C:\Program Files\PokerStars\ImgCache\005017C9.psi
C:\Program Files\PokerStars\ImgCache\0050522E.psi
C:\Program Files\PokerStars\ImgCache\00505510.psi
C:\Program Files\PokerStars\ImgCache\005073B9.psi
C:\Program Files\PokerStars\ImgCache\00509867.psi
C:\Program Files\PokerStars\ImgCache\00509BDA.psi
C:\Program Files\PokerStars\ImgCache\0050ABD6.psi
C:\Program Files\PokerStars\ImgCache\0050DAA0.psi
C:\Program Files\PokerStars\ImgCache\0051178A.psi
C:\Program Files\PokerStars\ImgCache\005135F5.psi
C:\Program Files\PokerStars\ImgCache\0051C7FC.psi
C:\Program Files\PokerStars\ImgCache\0051F2BF.psi
C:\Program Files\PokerStars\ImgCache\00521D48.psi
C:\Program Files\PokerStars\ImgCache\0052206F.psi
C:\Program Files\PokerStars\ImgCache\00524647.psi
C:\Program Files\PokerStars\ImgCache\005260DC.psi
C:\Program Files\PokerStars\ImgCache\00527E94.psi
C:\Program Files\PokerStars\ImgCache\0052834A.psi
C:\Program Files\PokerStars\ImgCache\00532DAE.psi
C:\Program Files\PokerStars\ImgCache\00533256.psi
C:\Program Files\PokerStars\ImgCache\00533522.psi
C:\Program Files\PokerStars\ImgCache\00534044.psi
C:\Program Files\PokerStars\ImgCache\005343EE.psi
C:\Program Files\PokerStars\ImgCache\0053C661.psi
C:\Program Files\PokerStars\ImgCache\0053C7B3.psi
C:\Program Files\PokerStars\ImgCache\0053D8A7.psi
C:\Program Files\PokerStars\ImgCache\0053E5D9.psi
C:\Program Files\PokerStars\ImgCache\0053E723.psi
C:\Program Files\PokerStars\ImgCache\0053F4C2.psi
C:\Program Files\PokerStars\ImgCache\005400E3.psi
C:\Program Files\PokerStars\ImgCache\00540BEB.psi
C:\Program Files\PokerStars\ImgCache\0054765C.psi
C:\Program Files\PokerStars\ImgCache\00549EFA.psi
C:\Program Files\PokerStars\ImgCache\0054E04E.psi
C:\Program Files\PokerStars\ImgCache\0054FAAD.psi
C:\Program Files\PokerStars\ImgCache\0054FBFA.psi
C:\Program Files\PokerStars\ImgCache\005501F0.psi
C:\Program Files\PokerStars\ImgCache\00555B54.psi
C:\Program Files\PokerStars\ImgCache\00557E70.psi
C:\Program Files\PokerStars\ImgCache\0055AD58.psi
C:\Program Files\PokerStars\ImgCache\0055CF2D.psi
C:\Program Files\PokerStars\ImgCache\0055ED6A.psi
C:\Program Files\PokerStars\ImgCache\00560380.psi
C:\Program Files\PokerStars\ImgCache\00560524.psi
C:\Program Files\PokerStars\ImgCache\00564CFD.psi
C:\Program Files\PokerStars\ImgCache\0056A9B1.psi
C:\Program Files\PokerStars\ImgCache\0056D0B4.psi
C:\Program Files\PokerStars\ImgCache\0056D213.psi
C:\Program Files\PokerStars\ImgCache\0056FAB1.psi
C:\Program Files\PokerStars\ImgCache\0057105E.psi
C:\Program Files\PokerStars\ImgCache\0057267B.psi
C:\Program Files\PokerStars\ImgCache\00573FE2.psi
C:\Program Files\PokerStars\ImgCache\005741AF.psi
C:\Program Files\PokerStars\ImgCache\0057428E.psi
C:\Program Files\PokerStars\ImgCache\00575D47.psi
C:\Program Files\PokerStars\ImgCache\00576E34.psi
C:\Program Files\PokerStars\ImgCache\005771B1.psi
C:\Program Files\PokerStars\ImgCache\00577FD1.psi
C:\Program Files\PokerStars\ImgCache\0057846E.psi
C:\Program Files\PokerStars\ImgCache\00578FB5.psi
C:\Program Files\PokerStars\ImgCache\00581277.psi
C:\Program Files\PokerStars\ImgCache\005832AA.psi
C:\Program Files\PokerStars\ImgCache\0058A550.psi
C:\Program Files\PokerStars\ImgCache\0058CB38.psi
C:\Program Files\PokerStars\ImgCache\0058F72E.psi
C:\Program Files\PokerStars\ImgCache\00590215.psi
C:\Program Files\PokerStars\ImgCache\00597703.psi
C:\Program Files\PokerStars\ImgCache\00597DCC.psi
C:\Program Files\PokerStars\ImgCache\00599513.psi
C:\Program Files\PokerStars\ImgCache\0059980B.psi
C:\Program Files\PokerStars\ImgCache\00599825.psi
C:\Program Files\PokerStars\ImgCache\0059982B.psi
C:\Program Files\PokerStars\ImgCache\0059A740.psi
C:\Program Files\PokerStars\ImgCache\005A12AC.psi
C:\Program Files\PokerStars\ImgCache\005A259E.psi
C:\Program Files\PokerStars\ImgCache\005A48A1.psi
C:\Program Files\PokerStars\ImgCache\005A591E.psi
C:\Program Files\PokerStars\ImgCache\005A5ACD.psi
C:\Program Files\PokerStars\ImgCache\005A73D3.psi
C:\Program Files\PokerStars\ImgCache\005A7813.psi
C:\Program Files\PokerStars\ImgCache\005ACA66.psi
C:\Program Files\PokerStars\ImgCache\005AD0EC.psi
C:\Program Files\PokerStars\ImgCache\005AE84F.psi
C:\Program Files\PokerStars\ImgCache\005B02FB.psi
C:\Program Files\PokerStars\ImgCache\005B30E0.psi
C:\Program Files\PokerStars\ImgCache\005B39DC.psi
C:\Program Files\PokerStars\ImgCache\005B3C02.psi
C:\Program Files\PokerStars\ImgCache\005B6720.psi
C:\Program Files\PokerStars\ImgCache\005B690F.psi
C:\Program Files\PokerStars\ImgCache\005BA763.psi
C:\Program Files\PokerStars\ImgCache\005BCAF6.psi
C:\Program Files\PokerStars\ImgCache\005BED3E.psi
C:\Program Files\PokerStars\ImgCache\005C14CF.psi
C:\Program Files\PokerStars\ImgCache\005C3925.psi
C:\Program Files\PokerStars\ImgCache\005C562A.psi
C:\Program Files\PokerStars\ImgCache\005C5DCF.psi
C:\Program Files\PokerStars\ImgCache\005C604A.psi
C:\Program Files\PokerStars\ImgCache\005C6E72.psi
C:\Program Files\PokerStars\ImgCache\005C7AFA.psi
C:\Program Files\PokerStars\ImgCache\005CD3BC.psi
C:\Program Files\PokerStars\ImgCache\005CD7F6.psi
C:\Program Files\PokerStars\ImgCache\005CF043.psi
C:\Program Files\PokerStars\ImgCache\005CF296.psi
C:\Program Files\PokerStars\ImgCache\005CF875.psi
C:\Program Files\PokerStars\ImgCache\005D13C0.psi
C:\Program Files\PokerStars\ImgCache\005D160A.psi
C:\Program Files\PokerStars\ImgCache\005D55A4.psi
C:\Program Files\PokerStars\ImgCache\005D5E0D.psi
C:\Program Files\PokerStars\ImgCache\005D7A20.psi
C:\Program Files\PokerStars\ImgCache\005D8347.psi
C:\Program Files\PokerStars\ImgCache\005D8E74.psi
C:\Program Files\PokerStars\ImgCache\005D8EE2.psi
C:\Program Files\PokerStars\ImgCache\005D9639.psi
C:\Program Files\PokerStars\ImgCache\005D9E6B.psi
C:\Program Files\PokerStars\ImgCache\005DE0D1.psi
C:\Program Files\PokerStars\ImgCache\005DFDE3.psi
C:\Program Files\PokerStars\ImgCache\005E4112.psi
C:\Program Files\PokerStars\ImgCache\005E6CE9.psi
C:\Program Files\PokerStars\ImgCache\005E6DCB.psi
C:\Program Files\PokerStars\ImgCache\005E703A.psi
C:\Program Files\PokerStars\ImgCache\005E9AC3.psi
C:\Program Files\PokerStars\ImgCache\005EABFE.psi
C:\Program Files\PokerStars\ImgCache\005EAC9A.psi
C:\Program Files\PokerStars\ImgCache\005EB43B.psi
C:\Program Files\PokerStars\ImgCache\005EBECA.psi
C:\Program Files\PokerStars\ImgCache\005EC0C6.psi
C:\Program Files\PokerStars\ImgCache\005EC67C.psi
C:\Program Files\PokerStars\ImgCache\005EEA17.psi
C:\Program Files\PokerStars\ImgCache\005F2F22.psi
C:\Program Files\PokerStars\ImgCache\005F4152.psi
C:\Program Files\PokerStars\ImgCache\005F6D8C.psi
C:\Program Files\PokerStars\ImgCache\005F79B8.psi
C:\Program Files\PokerStars\ImgCache\005F8C9F.psi
C:\Program Files\PokerStars\ImgCache\005F90A2.psi
C:\Program Files\PokerStars\ImgCache\005FC8CA.psi
C:\Program Files\PokerStars\ImgCache\005FF2F5.psi
C:\Program Files\PokerStars\ImgCache\0060229B.psi
C:\Program Files\PokerStars\ImgCache\00603B22.psi
C:\Program Files\PokerStars\ImgCache\0060602E.psi
C:\Program Files\PokerStars\ImgCache\006085C5.psi
C:\Program Files\PokerStars\ImgCache\006086C7.psi
C:\Program Files\PokerStars\ImgCache\006086CE.psi
C:\Program Files\PokerStars\ImgCache\00608973.psi
C:\Program Files\PokerStars\ImgCache\0060C537.psi
C:\Program Files\PokerStars\ImgCache\0060F908.psi
C:\Program Files\PokerStars\ImgCache\00611490.psi
C:\Program Files\PokerStars\ImgCache\006152EA.psi
C:\Program Files\PokerStars\ImgCache\006167FA.psi
C:\Program Files\PokerStars\ImgCache\00618537.psi
C:\Program Files\PokerStars\ImgCache\00619A21.psi
C:\Program Files\PokerStars\ImgCache\00619FE2.psi
C:\Program Files\PokerStars\ImgCache\0061CE42.psi
C:\Program Files\PokerStars\ImgCache\0061F327.psi
C:\Program Files\PokerStars\ImgCache\006203BC.psi
C:\Program Files\PokerStars\ImgCache\00621C27.psi
C:\Program Files\PokerStars\ImgCache\00629AC8.psi
C:\Program Files\PokerStars\ImgCache\0062A3E0.psi
C:\Program Files\PokerStars\ImgCache\0062E1D1.psi
C:\Program Files\PokerStars\ImgCache\0062E1D8.psi
C:\Program Files\PokerStars\ImgCache\0062E4F8.psi
C:\Program Files\PokerStars\ImgCache\0062FF11.psi
C:\Program Files\PokerStars\ImgCache\00636361.psi
C:\Program Files\PokerStars\ImgCache\0063674A.psi
C:\Program Files\PokerStars\ImgCache\006395C1.psi
C:\Program Files\PokerStars\ImgCache\0063B0EB.psi
C:\Program Files\PokerStars\ImgCache\0063E41A.psi
C:\Program Files\PokerStars\ImgCache\img.idx
C:\Program Files\PokerStars\Install.log
C:\Program Files\PokerStars\main.ico
C:\Program Files\PokerStars\Notes.txt
C:\Program Files\PokerStars\PokerStars.exe
C:\Program Files\PokerStars\PokerStars.ini
C:\Program Files\PokerStars\PokerStars.log.0
C:\Program Files\PokerStars\PokerStars.log.1
C:\Program Files\PokerStars\PokerStarsCommunicate.exe
C:\Program Files\PokerStars\PokerStarsUninstall.exe
C:\Program Files\PokerStars\PokerStarsUpdate.exe
C:\Program Files\PokerStars\PokerStarsUpdate.log.0
C:\Program Files\PokerStars\PokerStarsUpdate.log.1
C:\Program Files\PokerStars\Snd\snd0.wav
C:\Program Files\PokerStars\Snd\snd1.wav
C:\Program Files\PokerStars\Snd\snd2.wav
C:\Program Files\PokerStars\Snd\snd3.wav
C:\Program Files\PokerStars\Snd\snd4.wav
C:\Program Files\PokerStars\Snd\snd5.wav
C:\Program Files\PokerStars\Snd\snd6.wav
C:\Program Files\PokerStars\Snd\snd7.wav
C:\Program Files\PokerStars\Stub.exe
C:\Program Files\PokerStars\Themes\&default\gx.ini
C:\Program Files\PokerStars\Themes\default\gx.ini
C:\Program Files\PokerStars\Themes\preview\azure.jpg
C:\Program Files\PokerStars\Themes\preview\marine.jpg
C:\Program Files\PokerStars\Themes\preview\ordinary.jpg
C:\Program Files\PokerStars\Themes\preview\renaissance.green. jpg
C:\Program Files\PokerStars\Themes\preview\renaissance.jpg
C:\Program Files\PokerStars\Themes\preview\renaissance.purple .jpg
C:\Program Files\PokerStars\Themes\preview\renaissance.red.jp g
C:\Program Files\PokerStars\Themes\preview\saloon.jpg
C:\Program Files\PokerStars\Themes\preview\shiny.jpg
C:\Program Files\PokerStars\Themes\preview\stars.jpg
C:\Program Files\PokerStars\Themes\preview\techno.jpg
C:\Program Files\PokerStars\Themes\simple\gx.ini
C:\Program Files\PokerStars\Themes\simple\label\border.a.bmp
C:\Program Files\PokerStars\Themes\simple\label\border.bmp
C:\Program Files\PokerStars\Themes\simple\label\borderb.a.bmp
C:\Program Files\PokerStars\Themes\simple\label\borderb.bmp
C:\Program Files\PokerStars\Themes\simple\label\seat.a.bmp
C:\Program Files\PokerStars\Themes\simple\label\seat.bmp
C:\Program Files\PokerStars\Themes\simple\label\status.a.bmp
C:\Program Files\PokerStars\Themes\simple\label\status.bmp
C:\Program Files\PokerStars\Themes\simple\label\statusb.a.bmp
C:\Program Files\PokerStars\Themes\simple\label\statusb.bmp
C:\Program Files\PokerStars\Themes\simple\reserved.a.bmp
C:\Program Files\PokerStars\Themes\simple\reserved.bmp
C:\Program Files\PokerStars\Themes\themes.ini
C:\Program Files\PokerStars\trace.ini
C:\Program Files\PokerStars\Tracer.exe
C:\Program Files\PokerStars\Uninstall PokerStars.lnk
C:\Program Files\PokerStars\update.ini
C:\Program Files\PokerStars\update\_update2.dat
C:\Program Files\PokerStars\user.ini
C:\SDFix
C:\SDFix\apps\assosfix.reg
C:\SDFix\apps\cliptext.exe
C:\SDFix\apps\download.exe
C:\SDFix\apps\dummy.sys
C:\SDFix\apps\Enable_Command_Prompt.reg
C:\SDFix\apps\ERDNT.E_E
C:\SDFix\apps\ERDNTDOS.LOC
C:\SDFix\apps\ERDNTWIN.LOC
C:\SDFix\apps\ERUNT.EXE
C:\SDFix\apps\ERUNT.LOC
C:\SDFix\apps\fix.reg
C:\SDFix\apps\FixBH.reg
C:\SDFix\apps\FixComponents.reg
C:\SDFix\apps\FIXCU.reg
C:\SDFix\apps\FIXLM.reg
C:\SDFix\apps\FixPath.exe
C:\SDFix\apps\FixRedir.reg
C:\SDFix\apps\FixSchedule.reg
C:\SDFix\apps\FixWebCheck.reg
C:\SDFix\apps\fixXP.reg
C:\SDFix\apps\FixXPsp2.reg
C:\SDFix\apps\grep.exe
C:\SDFix\apps\HPFix.reg
C:\SDFix\apps\HPFix2.reg
C:\SDFix\apps\HPFix3.reg
C:\SDFix\apps\HPFix4.reg
C:\SDFix\apps\HPFix5.reg
C:\SDFix\apps\HPFix6.reg
C:\SDFix\apps\HPFix7.reg
C:\SDFix\apps\isadmin.exe
C:\SDFix\apps\leg2.txt
C:\SDFix\apps\legacy.txt
C:\SDFix\apps\legacybk.txt
C:\SDFix\apps\locate.com
C:\SDFix\apps\LS.exe
C:\SDFix\apps\MD5File.exe
C:\SDFix\apps\MyGcpvFix.reg
C:\SDFix\apps\MyGkFix2.reg
C:\SDFix\apps\Process.exe
C:\SDFix\apps\procs.exe
C:\SDFix\apps\psservice.exe
C:\SDFix\apps\Rem.txt
C:\SDFix\apps\Rem2.txt
C:\SDFix\apps\Replace\regedit.exe
C:\SDFix\apps\Replace\W2K.exe
C:\SDFix\apps\Replace\w2k\beep.sys
C:\SDFix\apps\Replace\w2k\null.sys
C:\SDFix\apps\Replace\XP.exe
C:\SDFix\apps\Replace\xp\beep.sys
C:\SDFix\apps\Replace\xp\null.sys
C:\SDFix\apps\Reset_AppInit_DLLs.reg
C:\SDFix\apps\RestartIt!.exe
C:\SDFix\apps\Restore_SecurityCenter.reg
C:\SDFix\apps\Restore_SharedAccess.reg
C:\SDFix\apps\sc.exe
C:\SDFix\apps\sed.exe
C:\SDFix\apps\SF.exe
C:\SDFix\apps\shutdown.exe
C:\SDFix\apps\srv2.txt
C:\SDFix\apps\srv2bk.txt
C:\SDFix\apps\svc.txt
C:\SDFix\apps\svcbk.txt
C:\SDFix\apps\swreg.exe
C:\SDFix\apps\swsc.exe
C:\SDFix\apps\unzip.exe
C:\SDFix\apps\vfind.exe
C:\SDFix\apps\WINMSG.EXE
C:\SDFix\apps\winsec.reg
C:\SDFix\apps\zip.exe
C:\SDFix\catchme.exe
C:\SDFix\dummy.sys
C:\SDFix\RunThis.bat
C:\SDFix\SDFIX_ReadMe_Online.url
C:\WINDOWS\lgmxvpatkmb.dll
C:\WINDOWS\omlbpkaw.dll
C:\WINDOWS\pmsoarbf.dll
C:\WINDOWS\qtvglped.dll
C:\WINDOWS\system32\tmp.reg
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-03-17 to 2008-04-17 ))))))))))))))))))))))))))))))
.
2008-04-16 22:44 . 2008-04-16 22:44 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-16 22:44 . 2008-04-16 22:44 <DIR> d-------- C:\Documents and Settings\Kim\Application Data\Malwarebytes
2008-04-16 22:44 . 2008-04-16 22:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-16 21:50 . 2008-04-16 21:52 1,420,141 --a------ C:\SDFix.exe
2008-04-16 17:43 . 2008-04-16 17:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-04-16 17:39 . 2008-04-16 17:35 159,112 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-04-16 17:35 . 2008-04-16 17:36 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-04-16 17:32 . 2008-04-16 17:32 <DIR> dr------- C:\Documents and Settings\LocalService\Favorieten
2008-04-16 08:54 . 2008-04-16 08:54 <DIR> d-------- C:\Documents and Settings\Kim\Application Data\TmpRecentIcons
2008-04-15 22:06 . 2008-04-17 18:56 <DIR> dr-h----- C:\Documents and Settings\Kim\Onlangs geopend
2008-04-15 22:03 . 2008-04-16 22:57 10,240 --------- C:\WINDOWS\system32\wlcstp32.dll
2008-04-15 21:46 . 2008-04-15 21:46 <DIR> d-------- C:\Program Files\Photoshop
2008-04-14 13:55 . 2008-04-14 13:55 <DIR> d-------- C:\Program Files\PSP Thumbnail Handler
2008-04-09 10:49 . 2008-04-09 10:49 <DIR> d-------- C:\Documents and Settings\Kim\Application Data\fltk.org
2008-04-09 09:05 . 2008-04-09 10:49 <DIR> d-------- C:\Documents and Settings\Kim\Application Data\TuxPaint
2008-04-07 10:40 . 2008-04-07 10:40 <DIR> d-------- C:\Program Files\Apollo DVD Copy
2008-04-07 10:40 . 2008-04-07 10:40 <DIR> d-------- C:\Program Files\Anti-Leech
2008-04-07 10:40 . 2008-04-07 10:40 <DIR> d-------- C:\Program Files\Ahead
2008-04-07 10:40 . 2008-04-07 10:40 <DIR> d-------- C:\Program Files\Advanced Font Viewer
2008-03-29 19:24 . 2008-03-29 19:33 <DIR> d-------- C:\Documents and Settings\Kim\Application Data\Filter Forge
2008-03-29 19:05 . 2008-03-29 19:05 <DIR> d-------- C:\Program Files\Filter Forge
2008-03-29 19:05 . 2006-11-10 19:41 1,030,144 --a------ C:\WINDOWS\system32\dbghelp-xfw.dll
2008-03-28 00:09 . 2008-03-28 00:09 <DIR> d-------- C:\Documents and Settings\Kim\Application Data\Alien Skin
2008-03-28 00:06 . 1993-07-23 19:31 210,944 --a------ C:\WINDOWS\system32\MSVCRT10.DLL
2008-03-28 00:06 . 1996-10-30 10:35 32,768 --a------ C:\WINDOWS\system32\PLUGIN.DLL
2008-03-27 23:38 . 1998-10-09 10:18 296,448 --a------ C:\WINDOWS\Xenofex.ini
2008-03-27 22:37 . 2008-04-15 19:58 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-27 22:37 . 2008-03-27 22:37 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-27 21:24 . 2008-03-27 21:24 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-03-27 20:24 . 2008-03-27 20:24 <DIR> d-------- C:\Program Files\VS Revo Group
2008-03-26 23:37 . 2008-03-26 23:40 16 --a------ C:\WINDOWS\popcinfo.dat
2008-03-26 23:36 . 2008-03-26 23:36 <DIR> d-------- C:\Program Files\GameHouse
2008-03-26 18:19 . 2008-03-26 18:17 110,269 --a------ C:\WINDOWS\system32\dll_files.zip
2008-03-26 11:47 . 2008-03-27 21:24 <DIR> d-------- C:\Program Files\Common Files\Corel(2)
2008-03-22 14:56 . 2008-03-22 14:56 1,409 --a------ C:\WINDOWS\system32\tmpA1C58.FOT
2008-03-22 14:56 . 2008-03-22 14:56 1,409 --a------ C:\WINDOWS\system32\tmp41D58.FOT
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-04-17 16:59 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-17 16:59 --------- d-----w C:\Program Files\Spyware Doctor
2008-04-08 19:42 --------- d-----w C:\Program Files\PKR
2008-03-27 19:54 --------- d-----w C:\Program Files\Jasc Software Inc
2008-03-27 19:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-27 19:14 --------- d-----w C:\Program Files\Corel
2008-03-20 15:04 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 08:19 --------- d-----w C:\Program Files\Java
2008-03-12 16:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2008-03-11 19:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\namesuppressed
2008-03-11 19:09 44,544 ------w C:\WINDOWS\AWuninstall.exe
2008-03-10 00:12 --------- d-----w C:\Program Files\MSN Messenger
2008-03-09 18:40 --------- d-----w C:\Documents and Settings\Kim\Application Data\LimeWirePlus
2008-03-09 10:50 28,672 ----a-w C:\WINDOWS\system32\ssconfig.exe
2008-03-09 10:50 180,224 ----a-w C:\WINDOWS\UninstallWSST.exe
2008-03-05 09:45 --------- d-----w C:\Program Files\Scrippy
2008-03-05 09:44 --------- d-----w C:\Program Files\e frontier
2008-03-05 09:14 --------- d-----w C:\Program Files\Google
2008-03-04 22:25 --------- d-----w C:\Program Files\SimBoePro
2008-03-04 20:56 --------- d-----w C:\Program Files\Peer2Mail
2008-03-01 13:05 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2004-12-01 17:34 716 ---ha-w C:\Documents and Settings\All Users\Application Data\pb7msys.dat
2007-09-25 19:20 952 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
------- Sigcheck -------
2005-03-02 20:15 2183936 5db3e8dec987b5d350e4a105dceaee6a C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2006-12-19 20:47 2186368 4cb6c3b16587971c56aaa8a9b0511bc7 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 18:09 2186496 59dca97dc201792c1ccf9fe621ee5ed7 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2004-08-04 01:58 2185344 87aaea3908e069fb1be37380c895dfb8 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 20:09 2183680 281a1e82f5f8fc0b2f4b57ef296a4240 C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 20:25 2184704 f609063bae4d058a4019c4d99a1fd8dd C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 18:05 2184704 caaa8fd3c034a227691a43b60873f097 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 18:05 2184704 caaa8fd3c034a227691a43b60873f097 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:03 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"WhatPulse"="D:\WHATPU~1.EXE" [2004-12-05 12:20 543744]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-03-10 11:19 68856]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Adobe Photo Downloader"="D:\3.0\Apps\apdproxy.exe" [2005-07-14 16:09 57344]
"QuickTime Task"="D:\qttask.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:03 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-05-10 11:12 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
D:\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
-ra------ 2007-10-14 19:09 103712 C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-03-10 11:19 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherDPA]
C:\Program Files\Zango\bin\10.3.37.0\Weather.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoOE]
C:\Program Files\Zango\bin\10.3.37.0\OEAddOn.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoSA]
C:\Program Files\Zango\bin\10.3.37.0\ZangoSA.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"ProtexisLicensing"=2 (0x2)
"ose"=3 (0x3)
"McShield"=3 (0x3)
"gusvc"=3 (0x3)
"C-DillaCdaC11BA"=2 (0x2)
"AvSynMgr"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\e frontier\\Poser 7 Demo\\PoserDemo.exe"=
"C:\\Program Files\\LimeWire Plus\\LimeWire.exe"=
R0 NaiFsRec;NaiFsRec;C:\WINDOWS\system32\drivers\NaiF sRec.sys [2001-04-30 04:51]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.s ys [2008-04-16 17:35]
S4 AvSynMgr;AVSync Manager;"C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe" [2001-04-30 04:51]
.
************************************************** ************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-17 19:04:41
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
************************************************** ************************
.
Voltooingstijd: 2008-04-17 19:07:49
ComboFix-quarantined-files.txt 2008-04-17 17:06:47
ComboFix2.txt 2008-04-17 15:33:47
Pre-Run: 142,206,623,744 bytes beschikbaar
Post-Run: 142,189,379,584 bytes beschikbaar
.
2008-04-16 21:44:03 --- E O F ---
Ik heb de standaard firewall van windows ,en mijn anti virus moest ik uitschakelen anders deed combofix het niet en blokkeerde hij,en dat is spywaredokter.(wel goed of niet goed?)
En die pokerstars daar ben ik lid van:shy:
We pokeren nogal graag:good:
Rosty 17 April 2008, 19:26 Hoi,
Ik heb de standaard firewall van windows ,en mijn anti virus moest ik uitschakelen anders deed combofix het niet en blokkeerde hij,en dat is spywaredokter.(wel goed of niet goed?)
En die pokerstars daar ben ik lid van
We pokeren nogal graag
De standaard FireWall is goed, maar ik verkies persoonlijk een anders!! Spywaredoctor is geen Anti-Virus hoor, maar een Spyware progje!
Wat die pokerstars betrefd, die dingen brengen nogal eens wat troep mee, due zul je moeten herinstaleren hoor als je verder wilt pokeren.
Maar je log ziet er goed uit hoor. Hoe werkt alles nu?
Kapstertje 17 April 2008, 20:35 ;)Verder gaat alles prima nu,buroblad is nu blauw dus waarschijnlijk op standaard terug gezet.
Ik zal je advies om toch een andere firewall te nemen opvolgen.Ik heb toen een tijd zone alarm gehad ,maar dat vond ik zo'n drama dat ik nu dus de windows versie pakte.
Ik heb deze versie van sp dokter(zie bijlage) ,ik meende dat dat ook anti virus was:shy::shy:Edit:klopt antivirus pas gedownload hiervan toen het virus er al in zat.
Maar als jij het aanraad een andere te gebruiken doe ik dat.
Ik wil je heel hartelijk bedanken voor je hulp.
Ik moest sommige posts in 3x doen moest steeds opstarten als hij weer vastliep:damn:dus werden mijn antwoorden steeds korter:lol:
Ik geloof dat het een hardnekkige was of niet?
ps welke adviseer jij??Staan er nog al wat.:lol:
Rosty 17 April 2008, 21:06 Ikzelf gebruik Sunbelt Personal Firewall, en ben er tevreden over.
Ik geloof dat het een hardnekkige was of niet?
Je was redelijk zwaar besmet hoor en het was een hardnekkige.
Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak Combofix /U klik op OK of toets Enter.
http://hicheckthis.gethost.nl/images/Uninstall_combofix.JPG
Dit zal Combofix verwijderen+gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en reset je Systeemherstel opnieuw.
Kapstertje 17 April 2008, 21:31 Ok sunbelt staat er al op;)
Is die spyware dokter ok?
Anders welke dan?
En combofix is eraf:good:
Rosty 18 April 2008, 16:40 Ok sunbelt staat er al op;)
Is die spyware dokter ok?
Anders welke dan?
En combofix is eraf:good:
Als jij tevreden bent over Spyware doctor is dat voor mij goed. Ik gebruik zelf Avast!, is gratis en is in het nederlands.
Kapstertje 18 April 2008, 22:31 Gisteren liep hij toch op een gegeven moment weer vast,Maar alles ziet er tot nu toe goed uit:good:
Heel heel heeeel erg bedankt voor het helpen.
Als we jullie toch niet hadden:bow::bow:
|
|