Votre question

TROJAN [RESOLU]

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
3 Mars 2008 20:07:29

Bonsoir
je suis sur l'ordi d'un ami qui s'est chopé une cochonnerie!!!
son fond d'écran est bloqué : il est rouge avec un logo étrange, et il est inscrit sur ce fond : your privacy is in danger
download privacy protection soft ware now
Kaspersky a été installé, il l'a trouvé, le copain a supprimé apparemment le virus ou je ne sais quoi...mais il est toujours présent!!!
Merci de votre aide.
mika79000


ci dessous le rapport hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:03:30, on 03/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MESSEN~1\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\STK014_V2.01\STK014M.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\PROGRA~1\Wanadoo\WOOBRO~2\DownloadManager.exe
C:\Documents and Settings\user\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer optimisé pour MSN
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: emotrlq - {7B1E78A2-2FC8-4947-A9D1-5177D10B38E6} - C:\WINDOWS\emotrlq.dll (file missing)
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [zzzHPSETUP] H:\Setup.exe \RESET
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: STK014 PNP Monitor.lnk = ?
O4 - Global Startup: STK016 PNP Monitor.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jh...
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?89a25d8b299a4b15a038f8117cad0e99
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?89a25d8b299a4b15a038f8117cad0e99
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O9 - Extra button: Groom - {66F83792-DAE1-4823-8F20-ADA94B33A4FF} - C:\Program Files\Toox\Groom\Groom.exe (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.antivirus-france.com/kavwebscan_unico...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113w.bay113.mail.live.com/mail/resources/MsnPU...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-fr.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4886480-1F46-4394-9F84-D665C26AFC9B}: NameServer = 192.168.1.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O21 - SSODL: bdmnopx - {A60E1366-4F5D-49D6-8F45-DAD1063E8617} - C:\WINDOWS\bdmnopx.dll (file missing)
O21 - SSODL: admggxp - {07C84809-4E89-4DE6-BC35-0B83CC0D5837} - C:\WINDOWS\admggxp.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 13123 bytes

Autres pages sur : trojan resolu

3 Mars 2008 20:16:55

quelqu'un pour aider???
a b 8 Sécurité
3 Mars 2008 20:42:58

Bonjour,

Télécharge Smitfraudfix (de S!ri).
Enregistre-le sur ton bureau.
Lance SmitfraudFix.exe (le .exe peut ne pas apparaitre).
Choisis l'Option 1 (Recherche)
Poste le premier rapport ici.

**Si le lien ne fonctionne pas, clique ici**
Contenus similaires
3 Mars 2008 20:48:02

rapport Smitfraudix

SmitFraudFix v2.300

Rapport fait à 20:46:40,45, 03/03/2008
Executé à partir de C:\Documents and Settings\user\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MESSEN~1\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\STK014_V2.01\STK014M.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\privacy_danger PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\user


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\user\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\user\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm"
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NVIDIA nForce MCP Networking Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{F4886480-1F46-4394-9F84-D665C26AFC9B}: NameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F4886480-1F46-4394-9F84-D665C26AFC9B}: NameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{F4886480-1F46-4394-9F84-D665C26AFC9B}: NameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

a b 8 Sécurité
3 Mars 2008 20:58:03

Re,

Redémarre en mode sans échec

Lance SmitfraudFix.exe et choisis cette fois l'Option 2 et réponds oui à la ou les questions.
Sauvegarde le rapport sur ton Bureau.

Redémarre normalement.

Poste les rapports Hijackthis et SmitfraudFix.
3 Mars 2008 20:59:20

ok a tout à l'heure
a b 8 Sécurité
3 Mars 2008 21:01:24

Ok ;) 
3 Mars 2008 21:39:54

Angeldark
impossible de redémarrer l'ordi en mode sans échec
j'ai tenté je ne sais combien de fois...je vais bien sur la page mode sans échec mais ensuite le bureau ne s'affiche pas!!!
je fais quoi??? :( 
a b 8 Sécurité
3 Mars 2008 21:45:49

Fais le en mode normal alors.
3 Mars 2008 21:46:40

ok merci parce que je vais péter un cable ou l'ordi au choix :) 
3 Mars 2008 21:52:40

rapports Smitfraudix et hijackthis



SmitFraudFix v2.300

Rapport fait à 21:47:28,00, 03/03/2008
Executé à partir de C:\Documents and Settings\user\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\privacy_danger\ supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:52:12, on 03/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\STK014_V2.01\STK014M.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\user\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer optimisé pour MSN
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: emotrlq - {7B1E78A2-2FC8-4947-A9D1-5177D10B38E6} - C:\WINDOWS\emotrlq.dll (file missing)
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [zzzHPSETUP] H:\Setup.exe \RESET
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1482476501-764733703-839522115-1004\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe (User '?')
O4 - HKUS\S-1-5-21-1482476501-764733703-839522115-1004\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1482476501-764733703-839522115-1004\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-1482476501-764733703-839522115-1004\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: STK014 PNP Monitor.lnk = ?
O4 - Global Startup: STK016 PNP Monitor.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jh...
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O9 - Extra button: Groom - {66F83792-DAE1-4823-8F20-ADA94B33A4FF} - C:\Program Files\Toox\Groom\Groom.exe (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.antivirus-france.com/kavwebscan_unico...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113w.bay113.mail.live.com/mail/resources/MsnPU...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-fr.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4886480-1F46-4394-9F84-D665C26AFC9B}: NameServer = 192.168.1.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O21 - SSODL: bdmnopx - {A60E1366-4F5D-49D6-8F45-DAD1063E8617} - C:\WINDOWS\bdmnopx.dll (file missing)
O21 - SSODL: admggxp - {07C84809-4E89-4DE6-BC35-0B83CC0D5837} - C:\WINDOWS\admggxp.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 11271 bytes
3 Mars 2008 22:12:50

que dois je faire ensuite???
Merci
3 Mars 2008 22:30:59

plus personne pour me guider???
merci
a b 8 Sécurité
4 Mars 2008 12:24:48

JE T'AI DIT DE PATIENTER ! ON NE UP QU'APRES UN JOUR !

Télécharge BTFix ([#ff0000]Bibi26[/#f]).
Dézippe l'archive sur ton Bureau.
  • Ouvre le dossier BTFix.
  • Double clique sur BTFix.exe.
  • Clique sur Rechercher.
  • Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.

    &

    [#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    4 Mars 2008 14:02:38

    ok angeldark
    excuse je ne savais pas...jer retourne chez le copain pour finir le nettoyage...
    merci
    4 Mars 2008 14:58:27

    les deux rapports de Combofix

    BTFix 1.081 (par bibi26) - 04/03/2008 14:42:20 - Analyse
    Lancé depuis C:\Documents and Settings\user\Bureau\BTFix\BTFix.exe

    ---> Fichiers/Dossiers trouvés

    - C:\WINDOWS\Downloaded Program Files\HbTools.inf
    - C:\WINDOWS\system32\f3PSSavr.scr
    - C:\Program Files\MyWebSearch\
    - C:\Program Files\HbTools\
    - C:\Program Files\FunWebProducts\
    - C:\Program Files\ShopperReports\
    - C:\Program Files\MSN Messenger\RICHED20.dll
    - C:\Documents and Settings\user\Application Data\HbTools\
    - C:\Documents and Settings\user\Application Data\ShopperReports\

    ---> Analyse terminée



    ComboFix 08-03-04.2 - user 2008-03-04 14:47:53.1 - NTFSx86

    Endroit: C:\Documents and Settings\user\Bureau\combofix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\Documents and Settings\user\Application Data\HbTools
    C:\Documents and Settings\user\Application Data\HbTools\eskin\060105_emmo10_em.htm
    C:\Documents and Settings\user\Application Data\HbTools\eskin\060105_emmo10_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\eskin\080105_emna1_em.htm
    C:\Documents and Settings\user\Application Data\HbTools\eskin\080105_emna1_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\eskin\080105_emya4_em.htm
    C:\Documents and Settings\user\Application Data\HbTools\eskin\080105_emya4_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\eskin\FileManager.txt
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\1.sdf
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\1055531.sdf
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\1065003.sdf
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\1383356.sdf
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\1383577.sdf
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\1396621.sdf
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\1407227.sdf
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\1418656.sdf
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\2282965.sdf
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\2565330.sdf
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\2683645.sdf
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\2883904.sdf
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\2885069.sdf
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\2896152.sdf
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\3436451.sdf
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\877979.sdf
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\ASPL1.dat
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\domains.txt
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1058
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\130921
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1370
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1424
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\148687
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\16173
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\16204
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\17025
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\182864
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\18721
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\20299
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\21431
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\223130
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\223385
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\22913
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\24625
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\25063
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\26664
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\27414
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\27503
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\29115
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\29642
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\297253
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\30455
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\31387
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\3338
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\34123
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\34186
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\35006
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\37081
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\386789
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\39245
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\40999
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\427075
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\42916
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\43907
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44228
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44300
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44878
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\45833
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\479505
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\51166
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\52335
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\52968
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\57904
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\59234
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\59844
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\598613
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\607711
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\611492
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\613373
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\616919
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\61837
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\628262
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\6304
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\641647
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\641659
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\653138
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\656652
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\65782
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\65933
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\66274
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\67226
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\673474
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\68019
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\68031
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\68040
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\680480
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\688368
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\697059
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\703600
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\704974
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705021
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705060
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705124
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705129
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705133
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705142
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705150
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705156
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705157
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705232
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705234
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705239
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705243
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705314
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705338
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705438
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\706853
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\707001
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\707408
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\707856
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\708643
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\709652
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\710723
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\710726
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\711372
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\711393
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\711415
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\711772
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\72123
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\73540
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\79977
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\79989
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\80026
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\82011
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\86379
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\87770
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\89075
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\896
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\91231
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\9665
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\dynamic\ustat\331a.dat
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\ads.cdf
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\btntrans.idx
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\btntrans1.dat
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\business_promo.htm
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\buttondir.txt
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\components.cdf
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_1000.res
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_2000.res
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_3000.res
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bar.res
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar1.res
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_logos.res
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_other.res
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_weather.res
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\default.cdf
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\Default_511745-514279.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\Default_categorize.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\Default_comparison.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\Default_explorer-Mails.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\Default_explorer-people.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\Default_favorites.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\Default_Games.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\Default_Hide.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\Default_hotbarcom.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\Default_Hotmail.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\Default_hsskin.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\Default_Mails.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\Default_new.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\Default_premium.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\Default_reun.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\Default_ringtones.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\Default_SearchBoxTrapper.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\Default_searchfor.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\Default_searchgo.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\Default_weather.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\Default_yellowpages.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\email-def-511724-548964.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\email-def-511724-9595.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\email-t1-bg.res
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\hotbar-premium-hotbar-premium.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\hotbar-premium.cdf
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\hotbar_promo.htm
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\icons2.res
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\keywords.idx
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\keywords1.dat
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\layout.cdf
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\linkpathlegal.txt
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\progress.res
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\s_icons_buttons.res
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\t2_bg.res
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\theweb.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\top7.cdf
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\Top7_theweb.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\1\tsd_bg.res
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\ads.cdf
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\btntrans.idx
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\btntrans1.dat
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\business_promo.htm
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\buttondir.txt
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\components.cdf
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_1000.res
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_2000.res
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_3000.res
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_bar.res
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_bbar1.res
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_logos.res
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_other.res
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_weather.res
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\default.cdf
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\Default_511745-514279.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\Default_categorize.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\Default_comparison.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\Default_explorer-Mails.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\Default_explorer-people.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\Default_favorites.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\Default_Games.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\Default_Hide.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\Default_hotbarcom.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\Default_Hotmail.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\Default_hsskin.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\Default_Mails.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\Default_new.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\Default_premium.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\Default_reun.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\Default_ringtones.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\Default_SearchBoxTrapper.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\Default_searchfor.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\Default_searchgo.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\Default_weather.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\Default_yellowpages.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\email-def-511724-548964.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\email-def-511724-9595.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\email-t1-bg.res
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\hotbar-premium-hotbar-premium.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\hotbar-premium.cdf
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\hotbar_promo.htm
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\icons2.res
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\keywords.idx
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\keywords1.dat
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\layout.cdf
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\linkpathlegal.txt
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\progress.res
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\s_icons_buttons.res
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\t2_bg.res
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\theweb.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\top7.cdf
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\Top7_theweb.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\2\tsd_bg.res
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\DownLoad\ads.xip
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\DownLoad\BtnTrans.xip
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\DownLoad\BtnTrans1.xip
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\DownLoad\business_promo.xip
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\DownLoad\buttondir.xip
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\DownLoad\country.xip
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_1000.xip
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_2000.xip
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_3000.xip
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bar.xip
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar1.xip
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_logos.xip
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_other.xip
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_weather.xip
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\DownLoad\default.xip
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\DownLoad\email-t1-bg.xip
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\DownLoad\hotbar-premium.xip
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\DownLoad\hotbar_promo.xip
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\DownLoad\icons2.xip
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\DownLoad\keywords.xip
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\DownLoad\keywords1.xip
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\DownLoad\layout.xip
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\DownLoad\linkpathlegal.xip
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\DownLoad\progress.xip
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\DownLoad\s_icons_buttons.xip
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2.txt
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2.xip
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\DownLoad\t2_bg.xip
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\DownLoad\top7.xip
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HbTools\static\DownLoad\tsd_bg.xip
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\030104_emte10_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\030104_emte11_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\030104_emte12_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\030104_emte13_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\030104_emte14_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\030104_emte19_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\030104_emte20_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\030104_emte21_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\030104_emte9_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\030203lib_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\033102angel_1_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\033102bigluf_1_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\033102bigsmile_1_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\033102birthday_1_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\033102cheers_1_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\033102flo_1_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\033102good_1_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\033102jump_1_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\033102king_1_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\033102lough_1_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\033102luf_1_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\033102smile_1_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\033102smiled_1_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\033102sor_1_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\033102thanx_1_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\033102uhu_1_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\040103ahh_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\040103wow_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\040104_emi2_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\042102_1134_112_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\050103big_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\050103gig_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\050103hm_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\050103nomail_emoti_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\050103norm_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\060104_ema15_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\060104_ema16_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\060104_ema17_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\060104_ema18_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\060104_ema19_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\060104_ema20_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\060104_ema21_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\060104_ema24_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\060104_ema25_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\060104_ema26_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\060104_ema30_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\060104_ema33_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\060104_ema34_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\062802hippi_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\062802jumpie_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\080402argh_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\080402oops_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\080402ouch_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\082502no_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\082502yes_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\110103_boring1_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\110103_confused_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\110103_crying_ugly_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\110103_fantastic_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\110103_feel_better_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\110103_gimme_break_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\110103_heehee_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\110103_hlopaet_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\110103_ign_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\110103_lol_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\110103_no_comment_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\110103_peace_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\110103_smashing_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\110103_talk2thehand_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\block_sm.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\block_sm2.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\block_smli.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\block_smli2.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\blocked.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\blocked2.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\btn_add-but.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\btn_back-but.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\btn_left_cut_enabled_1.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\btn_left_enabled_1.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\btn_left_pressed_1.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\btn_middle_enabled_1.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\btn_middle_pressed_1.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\btn_right_cut_enabled_1.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\btn_right_enabled_1.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\btn_right_pressed_1.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\business_promo.htm
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\buttondir.txt
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\components.cdf
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\css_cattree.css
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\css_flashpreview.css
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\css2_main.css
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\css2_pagingmodule.css
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\css2_topbuttons.css
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\delete.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\edit_clear_sound.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\edit_fs.htm
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\edit_select.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\email-def-511745-514279.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-backgrounds.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-bcards.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-ecards.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-edit.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-emoticons.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-estationery.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-funny.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-help.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-images.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-info.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-more.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-my.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-people.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-photo.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-tell.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-temp.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-temp_OI.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-text.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-voice.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\email-def.cdf
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\email-premium-email-premium.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\email-premium-email-premium_OI.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\email-t1-bg.res
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\email-temp-bg.res
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\estatationery.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\flashpreview.htm
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\fs3.htm
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\hotbar_promo.htm
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\icon_checked_1.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\icon_close_1.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\icon_close_pressed_1.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\icon_edit_preview.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\icon_edit_send.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\icon_flash_preview.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\icon_recently_used.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\icon_remove_1.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\icon_remove_pressed_1.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\icon_sand-clock2.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\icon_tell_1.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\icon_tell_pressed_1.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\icon_tree_null.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\icon_unchecked_1.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\icon_unchecked_pressed_1.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\img_barlayout.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\img_barlayout2.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\img_barlayout4.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\img_corner_left.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\img_local_logo.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\js2_basetemplate.js
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\js2_hbgroups.js
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\js2_hbobject3.js
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\js2_hbobjectset3.js
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\js2_hotbarwrapper.js
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\js2_iteratorsandreaders3nf.js
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\js2_pagingmoduleobj3.js
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\js2_texts3.js
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\js2_xmltree3nf.js
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\layout.cdf
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\linkpathlegal.txt
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\n.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\nav_b_2.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\nav_bb_2.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\nav_f_2.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\nav_ff_2.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\progress.res
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\searchbtn.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\submit.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\tab_bg.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\tab_bga.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\tab_bgia.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\tab_l.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\tab_la.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\tab_lia.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\tab_r.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\tab_ra.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\tab_ria.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\tree_dots.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\tree_minus.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\tree_plus.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\treedata_animations.xml
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\treedata_backgrounds.xml
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\treedata_ecards.xml
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\treedata_emoticons.xml
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\treedata_notifiers.xml
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\1\treedata_text.xml
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\DownLoad\business_promo.xip
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\DownLoad\buttondir.xip
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\DownLoad\code.xip
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\DownLoad\email-def.xip
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\DownLoad\email-t1-bg.xip
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\DownLoad\email-temp-bg.xip
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\DownLoad\hotbar_promo.xip
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\DownLoad\images.xip
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\DownLoad\layout.xip
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\DownLoad\linkpathlegal.xip
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\DownLoad\localcontent.xip
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\DownLoad\progress.xip
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOI\static\DownLoad\treexml.xip
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\030104_emte10_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\030104_emte11_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\030104_emte12_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\030104_emte13_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\030104_emte14_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\030104_emte19_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\030104_emte20_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\030104_emte21_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\030104_emte9_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\030203lib_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\033102angel_1_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\033102bigluf_1_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\033102bigsmile_1_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\033102birthday_1_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\033102cheers_1_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\033102flo_1_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\033102good_1_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\033102jump_1_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\033102king_1_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\033102lough_1_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\033102luf_1_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\033102smile_1_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\033102smiled_1_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\033102sor_1_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\033102thanx_1_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\033102uhu_1_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\040103ahh_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\040103wow_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\040104_emi2_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\042102_1134_112_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\050103big_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\050103gig_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\050103hm_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\050103nomail_emoti_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\050103norm_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\060104_ema15_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\060104_ema16_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\060104_ema17_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\060104_ema18_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\060104_ema19_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\060104_ema20_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\060104_ema21_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\060104_ema24_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\060104_ema25_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\060104_ema26_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\060104_ema30_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\060104_ema33_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\060104_ema34_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\062802hippi_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\062802jumpie_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\080402argh_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\080402oops_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\080402ouch_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\082502no_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\082502yes_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\110103_boring1_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\110103_confused_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\110103_crying_ugly_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\110103_fantastic_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\110103_feel_better_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\110103_gimme_break_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\110103_heehee_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\110103_hlopaet_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\110103_ign_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\110103_lol_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\110103_no_comment_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\110103_peace_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\110103_smashing_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\110103_talk2thehand_prv.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\block_sm.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\block_sm2.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\block_smli.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\block_smli2.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\blocked.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\blocked2.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\btn_add-but.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\btn_back-but.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\btn_left_cut_enabled_1.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\btn_left_enabled_1.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\btn_left_pressed_1.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\btn_middle_enabled_1.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\btn_middle_pressed_1.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\btn_right_cut_enabled_1.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\btn_right_enabled_1.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\btn_right_pressed_1.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\business_promo.htm
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\buttondir.txt
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\components.cdf
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\css_cattree.css
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\css_flashpreview.css
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\css2_main.css
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\css2_pagingmodule.css
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\css2_topbuttons.css
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\delete.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\edit_clear_sound.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\edit_fs.htm
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\edit_select.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\email-def-511724-543450.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\email-def-511724-548964.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\email-def-511724-589306.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\email-def-511724-9595.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\email-def-511724-9696.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\email-def-511745-514279.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\email-def-email-backgrounds.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\email-def-email-bcards.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\email-def-email-ecards.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\email-def-email-emoticons.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\email-def-email-estationery.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\email-def-email-funny.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\email-def-email-help.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\email-def-email-images.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\email-def-email-info.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\email-def-email-more.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\email-def-email-my.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\email-def-email-new.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\email-def-email-new2.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\email-def-email-options.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\email-def-email-people.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\email-def-email-photo.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\email-def-email-tell.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\email-def-email-temp.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\email-def-email-text.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\email-def-email-voice.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\email-def.cdf
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\email-premium-email-premium.mnu
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\email-t1-bg.res
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\email-temp-bg.res
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\estatationery.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\flashpreview.htm
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\fs3.htm
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\hotbar_promo.htm
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\icon_checked_1.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\icon_close_1.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\icon_close_pressed_1.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\icon_edit_preview.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\icon_edit_send.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\icon_flash_preview.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\icon_recently_used.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\icon_remove_1.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\icon_remove_pressed_1.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\icon_sand-clock2.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\icon_tell_1.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\icon_tell_pressed_1.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\icon_tree_null.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\icon_unchecked_1.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\icon_unchecked_pressed_1.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\img_barlayout.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\img_barlayout2.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\img_barlayout4.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\img_corner_left.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\img_local_logo.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\js2_basetemplate.js
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\js2_hbgroups.js
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\js2_hbobject3.js
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\js2_hbobjectset3.js
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\js2_hotbarwrapper.js
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\js2_iteratorsandreaders3nf.js
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\js2_pagingmoduleobj3.js
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\js2_texts3.js
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\js2_xmltree3nf.js
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\layout.cdf
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\linkpathlegal.txt
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\n.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\nav_b_2.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\nav_bb_2.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\nav_f_2.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\nav_ff_2.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\progress.res
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\searchbtn.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\submit.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\tab_bg.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\tab_bga.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\tab_bgia.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\tab_l.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\tab_la.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\tab_lia.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\tab_r.gif
    C:\Documents and Settings\user\Application Data\HbTools\v3.0\HostOL\static\1\tab_ra.gif
    C:\Doc
    a b 8 Sécurité
    4 Mars 2008 17:22:07

    Re,

  • Ouvre à nouveau BTFix.
  • Clique sur Nettoyer.
  • Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.

    Refais un scan Combofix.
    6 Mars 2008 12:32:49

    Désolée pas pu faire le nettoyage avant...rapport BTFix et combo

    BTFix 1.082 (par bibi26) - 06/03/2008 12:13:09 - Nettoyage - Mode normal
    Lancé depuis C:\Documents and Settings\user\Bureau\BTFix\BTFix.exe

    ---> Fichiers/dossiers supprimés (Première passe)

    - Fichiers temporaires effacés
    - C:\WINDOWS\Downloaded Program Files\HbTools.inf
    - C:\Program Files\ShopperReports\cs\
    - C:\Program Files\ShopperReports\
    - C:\Program Files\MSN Messenger\RICHED20.dll
    - C:\Documents and Settings\user\Application Data\ShopperReports\cs\db\
    - C:\Documents and Settings\user\Application Data\ShopperReports\cs\dwld\
    - C:\Documents and Settings\user\Application Data\ShopperReports\cs\report\
    - C:\Documents and Settings\user\Application Data\ShopperReports\cs\res2\
    - C:\Documents and Settings\user\Application Data\ShopperReports\cs\
    - C:\Documents and Settings\user\Application Data\ShopperReports\

    ---> Nettoyage terminé

    ComboFix 08-03-05.3 - user 2008-03-06 12:20:13.2 - NTFSx86

    Endroit: C:\Documents and Settings\user\Bureau\combofix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-06 to 2008-03-06 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-29 11:58 . 2008-02-29 11:58 <REP> d-------- C:\Program Files\Kaspersky Lab
    2008-02-29 11:58 . 2008-03-06 11:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-02-29 11:58 . 2008-03-06 12:29 3,589,408 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2008-02-29 11:58 . 2008-02-29 12:14 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
    2008-02-29 11:58 . 2008-02-29 12:14 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
    2008-02-29 11:58 . 2008-03-06 12:29 54,816 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
    2008-02-29 11:58 . 2008-03-06 02:47 48,416 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2008-02-29 11:58 . 2008-03-06 02:47 6,920 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
    2008-02-28 13:01 . 2008-02-28 13:01 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-06 11:14 --------- d-----w C:\Program Files\Wanadoo
    2008-03-06 11:13 --------- d-----w C:\Program Files\MSN Messenger
    2008-03-03 20:48 3,186 ----a-w C:\WINDOWS\system32\tmp.reg
    2008-03-03 20:36 --------- d-----w C:\Program Files\Windows Live
    2008-03-01 22:12 86,016 ----a-w C:\WINDOWS\system32\VACFix.exe
    2008-02-29 22:48 82,432 ----a-w C:\WINDOWS\system32\IEDFix.exe
    2008-02-29 12:13 --------- d-----w C:\Program Files\STK016_V2.01
    2008-02-23 23:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-02-04 16:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
    2008-02-04 16:00 --------- d-----w C:\Program Files\Fichiers communs\LogiShrd
    2008-02-04 15:57 --------- d-----w C:\Program Files\Logitech
    2008-02-01 19:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-01 19:15 --------- d-----w C:\Program Files\STK014_V2.01
    2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2008-01-31 18:09 --------- d-----w C:\Program Files\Ahead
    2008-01-03 17:56 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
    2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88}
    {2318C2B1-4965-11D4-9B18-009027A5CD4F}
    {7B1E78A2-2FC8-4947-A9D1-5177D10B38E6}

    [HKEY_CLASSES_ROOT\clsid\{7b1e78a2-2fc8-4947-a9d1-5177d10b38e6}]
    [HKEY_CLASSES_ROOT\emotrlq.1]
    [HKEY_CLASSES_ROOT\TypeLib\{0BF108AC-194F-4AA4-ABF0-5F9E7B5B3ABB}]
    [HKEY_CLASSES_ROOT\emotrlq]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-12-16 12:57 94208]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
    "MSMSGS"="C:\PROGRA~1\MESSEN~1\msmsgs.exe" [2004-10-13 17:24 1694208]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-09 18:43 68856]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MULTIMEDIA KEYBOARD"="C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2002-06-19 10:50 180224]
    "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 14:54 241664]
    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-06-21 19:50 172032]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 13:38 49152]
    "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2003-07-08 10:59 1134642]
    "NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 09:50 155648]
    "zzzHPSETUP"="H:\Setup.exe" [ ]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55 32768]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [ ]
    "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]
    "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51 218376]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 23:06:36 53248]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 22:31:38 241664]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-01-03 18:56:36 67128]
    STK014 PNP Monitor.lnk - C:\Program Files\STK014_V2.01\STK014M.exe [2008-02-01 20:15:33 151552]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "bdmnopx"= {A60E1366-4F5D-49D6-8F45-DAD1063E8617} - C:\WINDOWS\bdmnopx.dll [ ]
    "admggxp"= {07C84809-4E89-4DE6-BC35-0B83CC0D5837} - C:\WINDOWS\admggxp.dll [ ]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^MyWebSearch Email Plugin.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\MyWebSearch Email Plugin.lnk
    backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Démarrer^Programmes^Démarrage^Groom Agent.lnk]
    path=C:\Documents and Settings\user\Menu Démarrer\Programmes\Démarrage\Groom Agent.lnk
    backup=C:\WINDOWS\pss\Groom Agent.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Démarrer^Programmes^Démarrage^MyWebSearch Email Plugin.lnk]
    path=C:\Documents and Settings\user\Menu Démarrer\Programmes\Démarrage\MyWebSearch Email Plugin.lnk
    backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    --a------ 2003-06-05 11:35 335872 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    --a------ 2004-08-20 00:09 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    C:\WINDOWS\system32\dumprep 0 -k

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
    C:\WINDOWS\system32\LVCOMSX.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
    C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
    --a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Show funk online global]
    C:\Documents and Settings\All Users\Application Data\Mpeg Warn Show Funk\Cash Load.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
    --a------ 2004-08-23 13:50 122880 C:\PROGRA~1\Wanadoo\Shell.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
    --------- 2004-10-14 15:55 32768 C:\PROGRA~1\Wanadoo\GestMaj.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
    --------- 2004-08-23 13:49 20480 C:\PROGRA~1\Wanadoo\Watch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zzzHPSETUP]
    H:\Setup.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "WLSetupSvc"=3 (0x3)
    "usnjsvc"=3 (0x3)
    "nhksrv"=2 (0x2)
    "mnmsrvc"=3 (0x3)
    "MDM"=2 (0x2)
    "helpsvc"=2 (0x2)
    "gusvc"=3 (0x3)
    "Eventlog"=2 (0x2)
    "BITS"=2 (0x2)
    "xmlprov"=3 (0x3)
    "WZCSVC"=2 (0x2)
    "WmdmPmSN"=3 (0x3)
    "SysmonLog"=3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=


    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-06 12:29:50
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-06 12:32:20
    ComboFix-quarantined-files.txt 2008-03-06 11:32:08
    ComboFix2.txt 2008-03-04 13:57:52
    .
    2008-02-27 22:08:02 --- E O F ---
    6 Mars 2008 13:26:34

    Angeldark
    décsolée de ne pas avoir pu faire le netoyage avant
    dois je faire autre chose???
    Merci...:) 
    a b 8 Sécurité
    6 Mars 2008 13:57:02

    Tu as encore les mêmes soucis ?
    6 Mars 2008 13:58:47

    non apparemment tout est rentré dans l'ordre...
    juste deux questions...
    dois je refaire un rapport hijackthis???
    et^puis je sur mon propre ordi faire un nettoyage avec BTFix et Combofix???
    Merci
    a b 8 Sécurité
    6 Mars 2008 18:11:35

    Citation :
    dois je refaire un rapport hijackthis???

    Si tu veux.

    Citation :
    et^puis je sur mon propre ordi faire un nettoyage avec BTFix et Combofix???

    BTFix oui mais pas Combofix.
    6 Mars 2008 19:30:02

    Merci Angeldark
    Je pense que l'ordi de mon ami est sain maintenant..donc je mets résolu...et merci pour l'info pour combofix...
    bon courage à tous
    mika79000
    a b 8 Sécurité
    6 Mars 2008 21:02:30

    Bon surf ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS