Trojan virtumonde.generic (2 clés de la base registre)

[pitsensas]

Bonjour (et bonnes fêtes à tous)

 

Pour résumé:

Sur le PC de mon oncle, d'un seul coup, impossible de se connecter à Internet. En faisaint un scan avec Nod32, il y a indiqué que le fichier C:\Windows\system32\tuvngxp.dll était infecté par VIRTUMONDE. Donc comme je n'y suis pas longtemps, j'ai voulu faire vite et chercher sur Internet.

Donc, j'ai passé:

- VundoFix

- Virtumondebegone

- ComboFix

- Malwarebytes' Anti-Malware

- Spybot

 

Donc après tout ceci, spybot détécte virtumonde.generic (2 clés de la base registre) mais ne peut pas le supprimer.

J'ai quand même pu retrouver ma connexion Internet. Le fichier infecté d'origine (C:\Windows\system32\tuvngxp.dll) a été supprimé mais je pense que l'infection s'est installée ailleurs.

 

Donc voici le dernier log de HijackThis (que j'ai renommé scanner.exe)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:36:22, on 26/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\PROGRA~1\Wanadoo\WOOBRO~1\DownloadManager.exe
C:\Documents and Settings\Administrateur\Bureau\scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\msagent" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-583907252-1425521274-725345543-1005\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx (User '?')
O4 - HKUS\S-1-5-21-583907252-1425521274-725345543-1005\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart17.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} - 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_02) - 
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.5.0_07) - 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) - 
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - 
O17 - HKLM\System\CS1\Services\Tcpip\..\{11AB21C9-738E-4281-8FFC-E8688376C3F7}: NameServer = 80.10.246.1,80.10.246.139
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk Inc - C:\Program Files\Autodesk\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server -   - C:\Program Files\Autodesk\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9288 bytes

 

Je pense que ces lignes là sont à "fixer" mais je préfére avoir votre avis avant:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\msagent" (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-21-583907252-1425521274-725345543-1005\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx (User '?')

O4 - HKUS\S-1-5-21-583907252-1425521274-725345543-1005\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe (User '?')

 

 

Je vais refaire un passage de combofix et vous transmettre le log !

Modifié le 26 décembre 2008 par pitsensas

[pitsensas]

Voici le log de ComboFix en MODE SANS ECHEC

 

ComboFix 08-12-25.04 - Administrateur 2008-12-26 16:54:16.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel  5.1.2600.2.1252.1.1036.18.1023.804 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\combofix.exe

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\documents and settings\Invité\Application Data\HbTools
c:\documents and settings\Invité\Application Data\HbTools\HbTools.log
c:\documents and settings\KEV\Application Data\HbTools
c:\documents and settings\KEV\Application Data\HbTools\HbTools.log
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\dynamic\1.sdf
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\dynamic\domains.txt
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\29115
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44228
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\dynamic\ustat\359b.dat
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\btntrans.idx
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\btntrans1.dat
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\business_promo.htm
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\buttondir.txt
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\components.cdf
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\cursors.res
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_1000.res
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_2000.res
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_3000.res
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bar.res
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar1.res
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_logos.res
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_other.res
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_weather.res
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\default.cdf
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_511745-514279.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz1.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz10.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz11.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz12.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz13.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz14.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz15.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz16.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz17.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz18.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz19.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz2.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz20.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz3.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz4.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz5.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz6.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz7.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz8.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz9.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_categorize.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_comparison.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_em_PROFL_CA_flow_b_IEB.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_explorer-Mails.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_explorer-people.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_favorites.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_Games.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_Hide.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_hotbarcom.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_Hotmail.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_hsskin.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_jemster.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_jemsterie.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_jemsteruk.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_jobsearch.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_Mails.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_new.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_premium.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_reun.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_ringtones.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_SearchBoxTrapper.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_searchfor.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_searchgo.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_weather.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_yellowpages.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\email-def-511724-548964.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\email-def-511724-9595.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\email-t1-bg.res
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\gamesmenu.cdf
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\gamesMenu.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\hb_ie_menu.res
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\hotbar_promo.htm
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\icons2.res
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\ie_games_icon.res
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\ie_video.res
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\keywords.idx
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\keywords1.dat
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\layout.cdf
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\linkpathlegal.txt
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\more.res
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\new_games.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\progress.res
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\s_icons_buttons.res
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\sales_buttons.res
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\t2_bg.res
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\theweb.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\top7.cdf
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Top7_theweb.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\tsd_bg.res
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\weathericon.res
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\BtnTrans.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\BtnTrans1.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\business_promo.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\cursors.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_1000.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_2000.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_3000.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bar.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar1.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_logos.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_other.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_weather.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\default.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\email-t1-bg.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\gamesmenu.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\hb_ie_menu.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\hotbar_promo.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\icons2.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\ie_games_icon.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\ie_video.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\keywords.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\keywords1.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\layout.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\linkpathlegal.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\more.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\progress.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\s_icons_buttons.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\sales_buttons.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2reg.txt
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2reg.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\t2_bg.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\top7.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\tsd_bg.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\weathericon.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]30104_emte10_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]30104_emte11_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]30104_emte12_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]30104_emte13_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]30104_emte14_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]30104_emte19_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]30104_emte20_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]30104_emte21_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]30104_emte9_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]30203lib_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]33102angel_1_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]33102bigluf_1_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]33102bigsmile_1_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]33102birthday_1_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]33102cheers_1_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]33102flo_1_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]33102good_1_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]33102jump_1_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]33102king_1_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]33102lough_1_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]33102luf_1_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]33102smile_1_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]33102smiled_1_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]33102sor_1_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]33102thanx_1_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]33102uhu_1_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]40103ahh_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]40103wow_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]40104_emi2_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]42102_1134_112_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]50103big_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]50103gig_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]50103hm_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]50103nomail_emoti_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]50103norm_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]60104_ema15_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]60104_ema16_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]60104_ema17_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]60104_ema18_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]60104_ema19_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]60104_ema20_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]60104_ema21_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]60104_ema24_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]60104_ema25_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]60104_ema26_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]60104_ema30_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]60104_ema33_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]60104_ema34_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]62802hippi_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]62802jumpie_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]80402argh_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]80402oops_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]80402ouch_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]82502no_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]82502yes_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\110103_boring1_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\110103_confused_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\110103_crying_ugly_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\110103_fantastic_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\110103_feel_better_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\110103_gimme_break_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\110103_heehee_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\110103_hlopaet_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\110103_ign_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\110103_lol_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\110103_no_comment_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\110103_peace_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\110103_smashing_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\110103_talk2thehand_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\block_sm.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\block_sm2.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\block_smli.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\block_smli2.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\blocked.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\blocked2.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\btn_add-but.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\btn_back-but.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\btn_left_cut_enabled_1.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\btn_left_enabled_1.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\btn_left_pressed_1.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\btn_middle_enabled_1.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\btn_middle_pressed_1.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\btn_right_cut_enabled_1.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\btn_right_enabled_1.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\btn_right_pressed_1.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\business_promo.htm
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\buttondir.txt
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\components.cdf
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\css_cattree.css
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\css_flashpreview.css
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\css2_main.css
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\css2_pagingmodule.css
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\css2_topbuttons.css
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\delete.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\edit_clear_sound.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\edit_fs.htm
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\edit_select.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-def-511745-514279.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-backgrounds.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-bcards.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-ecards.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-edit.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-emoticons.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-estationery.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-funny.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-help.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-images.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-info.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-more.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-my.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-people.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-photo.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-tell.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-temp.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-temp_OI.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-text.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-voice.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-def.cdf
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-premium-email-premium.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-premium-email-premium_OI.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-t1-bg.res
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-temp-bg.res
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\estatationery.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\flashpatch.js
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\flashpreview.htm
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\fs3.htm
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\hotbar_promo.htm
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\icon_checked_1.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\icon_close_1.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\icon_close_pressed_1.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\icon_edit_preview.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\icon_edit_send.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\icon_flash_preview.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\icon_recently_used.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\icon_remove_1.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\icon_remove_pressed_1.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\icon_sand-clock2.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\icon_tell_1.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\icon_tell_pressed_1.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\icon_tree_null.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\icon_unchecked_1.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\icon_unchecked_pressed_1.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\img_barlayout.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\img_barlayout2.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\img_barlayout4.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\img_corner_left.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\img_local_logo.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\js2_basetemplate.js
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\js2_hbgroups.js
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\js2_hbobject3.js
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\js2_hbobjectset3.js
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\js2_hotbarwrapper.js
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\js2_iteratorsandreaders3nf.js
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\js2_pagingmoduleobj3.js
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\js2_texts3.js
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\js2_xmltree3nf.js
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\layout.cdf
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\linkpathlegal.txt
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\more.res
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\n.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\nav_b_2.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\nav_bb_2.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\nav_f_2.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\nav_ff_2.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\progress.res
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\searchbtn.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\submit.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\tab_bg.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\tab_bga.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\tab_bgia.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\tab_l.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\tab_la.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\tab_lia.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\business_promo.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\buttondir.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\code.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\email-def.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\email-t1-bg.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\email-temp-bg.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\hotbar_promo.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\images.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\layout.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\linkpathlegal.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\localcontent.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\more.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\progress.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\tab_r.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\tab_ra.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\tab_ria.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\tree_dots.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\tree_minus.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\tree_plus.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\treedata_animations.xml
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\treedata_backgrounds.xml
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\treedata_ecards.xml
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\treedata_emoticons.xml
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\treedata_notifiers.xml
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\treedata_text.xml
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\treexml.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]30104_emte10_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]30104_emte11_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]30104_emte12_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]30104_emte13_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]30104_emte14_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]30104_emte19_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]30104_emte20_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]30104_emte21_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]30104_emte9_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]30203lib_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]33102angel_1_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]33102bigluf_1_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]33102bigsmile_1_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]33102birthday_1_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]33102cheers_1_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]33102flo_1_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]33102good_1_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]33102jump_1_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]33102king_1_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]33102lough_1_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]33102luf_1_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]33102smile_1_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]33102smiled_1_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]33102sor_1_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]33102thanx_1_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]33102uhu_1_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]40103ahh_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]40103wow_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]40104_emi2_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]42102_1134_112_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]50103big_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]50103gig_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]50103hm_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]50103nomail_emoti_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]50103norm_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]60104_ema15_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]60104_ema16_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]60104_ema17_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]60104_ema18_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]60104_ema19_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]60104_ema20_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]60104_ema21_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]60104_ema24_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]60104_ema25_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]60104_ema26_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]60104_ema30_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]60104_ema33_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]60104_ema34_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]62802hippi_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]62802jumpie_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]80402argh_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]80402oops_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]80402ouch_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]82502no_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]82502yes_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\110103_boring1_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\110103_confused_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\110103_crying_ugly_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\110103_fantastic_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\110103_feel_better_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\110103_gimme_break_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\110103_heehee_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\110103_hlopaet_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\110103_ign_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\110103_lol_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\110103_no_comment_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\110103_peace_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\110103_smashing_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\110103_talk2thehand_prv.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\block_sm.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\block_sm2.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\block_smli.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\block_smli2.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\blocked.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\blocked2.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\btn_add-but.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\btn_back-but.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\btn_left_cut_enabled_1.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\btn_left_enabled_1.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\btn_left_pressed_1.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\btn_middle_enabled_1.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\btn_middle_pressed_1.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\btn_right_cut_enabled_1.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\btn_right_enabled_1.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\btn_right_pressed_1.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\business_promo.htm
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\buttondir.txt
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\components.cdf
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\css_cattree.css
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\css_flashpreview.css
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\css2_main.css
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\css2_pagingmodule.css
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\css2_topbuttons.css
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\delete.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\edit_clear_sound.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\edit_fs.htm
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\edit_select.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-511724-543450.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-511724-548964.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-511724-589306.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-511724-591943.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-511724-592579.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-511724-598579.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-511724-603763.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-511724-9595.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-511724-9696.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-511745-514279.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-email-backgrounds.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-email-bcards.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-email-ecards.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-email-emoticons.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-email-estationery.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-email-funny.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-email-help.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-email-images.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-email-info.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-email-more.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-email-my.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-email-new.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-email-new2.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-email-options.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-email-people.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-email-photo.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-email-tell.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-email-temp.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-email-text.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-email-voice.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def.cdf
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-premium-email-premium.mnu
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-t1-bg.res
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-temp-bg.res
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\estatationery.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\flashpatch.js
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\flashpreview.htm
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\fs3.htm
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\hotbar_promo.htm
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\icon_checked_1.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\icon_close_1.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\icon_close_pressed_1.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\icon_edit_preview.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\icon_edit_send.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\icon_flash_preview.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\icon_recently_used.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\icon_remove_1.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\icon_remove_pressed_1.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\icon_sand-clock2.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\icon_tell_1.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\icon_tell_pressed_1.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\icon_tree_null.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\icon_unchecked_1.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\icon_unchecked_pressed_1.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\img_barlayout.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\img_barlayout2.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\img_barlayout4.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\img_corner_left.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\img_local_logo.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\js2_basetemplate.js
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\js2_hbgroups.js
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\js2_hbobject3.js
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\js2_hbobjectset3.js
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\js2_hotbarwrapper.js
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\js2_iteratorsandreaders3nf.js
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\js2_pagingmoduleobj3.js
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\js2_texts3.js
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\js2_xmltree3nf.js
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\layout.cdf
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\linkpathlegal.txt
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\more.res
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\n.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\nav_b_2.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\nav_bb_2.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\nav_f_2.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\nav_ff_2.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\pro_hb_fo_word.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\progress.res
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\sales_buttons.res
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\searchbtn.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\submit.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\tab_bg.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\tab_bga.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\tab_bgia.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\tab_l.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\tab_la.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\tab_lia.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\tab_r.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\tab_ra.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\tab_ria.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\tree_dots.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\tree_minus.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\tree_plus.gif
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\treedata_animations.xml
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\treedata_backgrounds.xml
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\treedata_ecards.xml
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\treedata_emoticons.xml
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\treedata_notifiers.xml
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\treedata_text.xml
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\DownLoad\business_promo.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\DownLoad\buttondir.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\DownLoad\code.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\DownLoad\email-def.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\DownLoad\email-t1-bg.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\DownLoad\email-temp-bg.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\DownLoad\hotbar_promo.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\DownLoad\images.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\DownLoad\layout.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\DownLoad\linkpathlegal.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\DownLoad\localcontent.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\DownLoad\more.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\DownLoad\pro_hb_fo_word.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\DownLoad\progress.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\DownLoad\sales_buttons.xip
c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\DownLoad\treexml.xip
c:\documents and settings\KEV\Application Data\HbTools_Icons
c:\documents and settings\KEV\Application Data\HbTools_Icons\meetic.ico
c:\documents and settings\KEV\Application Data\HbTools_Icons\Registryrepair.ico
c:\documents and settings\KEV\Application Data\HbTools_Icons\wallpapere1.ico
c:\documents and settings\KEV\Bureau\Free PC Wallpapers.lnk
c:\documents and settings\KEV\Menu Démarrer\Programmes\Spyware-Secure
c:\documents and settings\KEV\Menu Démarrer\Programmes\Spyware-Secure\Spyware-Secure.lnk
c:\documents and settings\KEV\Menu Démarrer\Programmes\Spyware-Secure\Website.lnk
c:\windows\pack.epk
c:\windows\system32\eojpqlau.dll
c:\windows\system32\gooaunjp.dll
c:\windows\system32\jonesuke.dll
c:\windows\system32\qloqxm.dll
c:\windows\system32\terobila.dll
c:\windows\system32\tubakile.dll
c:\windows\system32\yosimanu.dll
c:\windows\System32csrss.exe
c:\windows\Tasks\swfovzsl.job

.
(((((((((((((((((((((((((((((   Fichiers créés du 2008-11-26 au 2008-12-26  ))))))))))))))))))))))))))))))))))))
.

2008-12-25 16:30 . 2008-12-25 16:42    1,393    --a------    c:\windows\imsins.BAK
2008-12-25 16:21 . 2001-08-17 21:28    794,654    --a--c---    c:\windows\system32\dllcache\usr1801.sys
2008-12-25 16:20 . 2004-08-03 22:41    404,990    --a--c---    c:\windows\system32\dllcache\slntamr.sys
2008-12-25 16:19 . 2001-08-23 17:18    899,914    --a--c---    c:\windows\system32\dllcache\r2mdkxga.sys
2008-12-25 16:18 . 2001-08-17 22:05    351,616    --a--c---    c:\windows\system32\dllcache\ovcodek2.sys
2008-12-25 16:17 . 2004-08-19 16:09    1,737,856    --a--c---    c:\windows\system32\dllcache\mtxparhd.dll
2008-12-25 16:16 . 2001-08-23 17:00    728,554    --a--c---    c:\windows\system32\dllcache\ltck000c.sys
2008-12-25 16:15 . 2004-08-03 22:41    1,041,536    --a--c---    c:\windows\system32\dllcache\hsfdpsp2.sys
2008-12-25 16:14 . 2001-08-23 17:46    1,733,120    --a--c---    c:\windows\system32\dllcache\g400d.dll
2008-12-25 16:13 . 2001-08-23 17:13    634,166    --a--c---    c:\windows\system32\dllcache\el656ct5.sys
2008-12-25 16:12 . 2001-08-17 20:14    952,007    --a--c---    c:\windows\system32\dllcache\diwan.sys
2008-12-25 16:11 . 2001-08-23 17:04    980,034    --a--c---    c:\windows\system32\dllcache\cicap.sys
2008-12-25 16:10 . 2001-08-23 17:46    105,472    --a--c---    c:\windows\system32\dllcache\binlsvc.dll
2008-12-25 16:09 . 2004-08-19 16:09    1,888,992    --a--c---    c:\windows\system32\dllcache\ati3duag.dll
2008-12-25 16:08 . 2001-08-17 21:28    762,780    --a--c---    c:\windows\system32\dllcache\3cwmcru.sys
2008-12-25 16:04 . 2008-12-25 16:04    <REP>    d--------    c:\windows\srchasst
2008-12-25 16:04 . 2008-12-25 16:04    <REP>    d--------    c:\windows\msagent
2008-12-25 16:00 . 2008-12-25 16:00    <REP>    d--------    c:\windows\ERUNT
2008-12-25 15:57 . 2008-12-25 16:10    <REP>    d--------    C:\SDFix
2008-12-25 15:51 . 2008-12-25 15:50    512,096    --a------    c:\windows\system32\drivers\amon.sys
2008-12-25 15:51 . 2008-12-25 15:51    298,104    --a------    c:\windows\system32\imon.dll
2008-12-25 15:51 . 2008-12-25 15:50    15,424    --a------    c:\windows\system32\drivers\nod32drv.sys
2008-12-25 15:50 . 2008-12-25 15:50    <REP>    d--------    c:\temp\NOD32_v2.70_Anti-virus
2008-12-25 15:13 . 2008-12-25 15:59    <REP>    d--------    c:\program files\Spybot - Search & Destroy
2008-12-25 15:05 . 2008-12-25 15:05    <REP>    d--------    c:\program files\Malwarebytes' Anti-Malware
2008-12-25 15:05 . 2008-12-25 15:05    <REP>    d--------    c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-25 15:05 . 2008-12-25 15:05    <REP>    d--------    c:\documents and settings\Administrateur\Application Data\Malwarebytes
2008-12-25 15:05 . 2008-12-03 19:52    38,496    --a------    c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-25 15:05 . 2008-12-03 19:52    15,504    --a------    c:\windows\system32\drivers\mbam.sys
2008-12-25 13:10 . 2008-12-25 13:10    <REP>    d--------    c:\documents and settings\All Users\Application Data\ESET
2008-12-25 13:07 . 2006-11-11 04:47    527,136    -ra------    c:\windows\system32\LVUI2RC.dll
2008-12-25 13:07 . 2006-11-11 04:47    211,744    -ra------    c:\windows\system32\LVUI2.dll
2008-12-25 13:07 . 2006-11-11 04:45    121,632    -ra------    c:\windows\system32\lvcoinst.dll
2008-12-25 13:07 . 2006-11-11 03:31    42,594    -ra------    c:\windows\system32\lvcoinst.ini
2008-12-25 13:07 . 2006-11-11 04:48    40,352    -ra------    c:\windows\system32\drivers\LVUSBSta.sys
2008-12-25 13:07 . 2006-11-11 03:30    7,734    -ra------    c:\windows\system32\Repository.reg
2008-12-25 13:06 . 2006-11-11 04:43    933,536    -ra------    c:\windows\system32\drivers\LV302V32.SYS
2008-12-25 13:06 . 2006-11-11 04:44    264,992    -ra------    c:\windows\system32\lvcodec2.dll
2008-12-25 12:56 . 2008-12-25 13:08    <REP>    d--------    c:\program files\Fichiers communs\Logitech
2008-12-25 12:28 . 2008-12-25 12:28    11,868,440    --a------    c:\temp\launch.exe
2008-12-25 12:00 . 2008-12-25 12:00    <REP>    d--------    c:\windows\system32\AlertModule
2008-12-25 12:00 . 2004-08-23 14:49    40,960    --a------    c:\windows\system32\FTRTSVC.exe
2008-12-25 12:00 . 2005-10-06 14:55    36,864    --a------    c:\windows\system32\IfHelper.dll
2008-12-25 11:57 . 2008-12-25 11:57    <REP>    d--------    c:\program files\SAGEM
2008-12-09 16:23 . 2008-12-09 16:23    25,088    --a------    c:\windows\system32\5
2008-12-08 16:21 . 2008-12-08 16:21    29,703    --a------    C:\msv2008.exe
2008-12-07 15:48 . 2008-12-08 19:37    1,025    --a------    C:\osy.exe
2008-11-30 22:30 . 2008-11-30 23:00    1,025    --a------    C:\ous.exe

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-26 15:59    ---------    d-----w    c:\program files\Wanadoo
2008-12-25 19:00    ---------    d-----w    c:\program files\Eset
2008-12-25 14:56    ---------    d-----w    c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-25 12:05    ---------    d-----w    c:\program files\Fichiers communs\LogiShrd
2008-12-25 10:57    ---------    d--h--w    c:\program files\InstallShield Installation Information
2008-12-25 10:57    ---------    d-----w    c:\program files\Fichiers communs\InstallShield
2008-12-25 10:41    ---------    d-----w    c:\program files\Windows Live Toolbar
2008-12-22 17:54    ---------    d-----w    c:\documents and settings\Administrateur\Application Data\U3
2008-12-01 16:45    ---------    d-----w    c:\documents and settings\Administrateur\Application Data\LimeWire
2008-11-26 17:50    1,025    ----a-w    C:\wnx.exe
2008-10-29 23:37    ---------    d-----w    c:\program files\Zylom Games
2008-02-25 19:37    15,397    ----a-w    c:\program files\settings.dat
2007-08-22 11:37    53,864    ----a-w    c:\documents and settings\Administrateur\Application Data\GDIPFONTCACHEV1.DAT
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"SweetIM"="c:\program files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 103712]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-12 7626752]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-12 86016]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_07\bin\jusched.exe" [2006-05-03 36975]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"LVCOMSX"="c:\program files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" [2006-11-15 244512]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-12-25 949376]
"nwiz"="nwiz.exe" [2006-07-12 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Acc‚l‚rateur de d‚marrage AutoCAD.lnk - c:\program files\Fichiers communs\Autodesk Shared\acstart17.exe [2006-03-05 11000]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Microsoft Librarys Server    REG_SZ             c:\windows\system32csrss.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati5vbxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Librarys Server]
--a------ 2004-08-19 17:09 6144 c:\windows\system32\csrss.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\pes6.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\MSN Messenger\\usnsvc.exe"=
"c:\\Program Files\\Fichiers communs\\LightScribe\\LSSrvc.exe"=
"c:\\WINDOWS\\system32\\WgaTray.exe"=
"c:\\WINDOWS\\RTHDCPL.exe"=
"c:\\Program Files\\Eset\\nod32krn.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Microsoft SQL Server\\MSSQL$AUTODESKVAULT\\Binn\\sqlservr.exe"=
"c:\\Program Files\\Fichiers communs\\LogiShrd\\LComMgr\\Communications_Helper.exe"=
"c:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NMIndexingService.exe"=
"c:\\Program Files\\Java\\jre1.5.0_07\\bin\\jusched.exe"=
"c:\\Program Files\\Wanadoo\\Toaster.exe"=
"c:\\Program Files\\Logitech\\QuickCam10\\QuickCam10.exe"=
"c:\\Program Files\\Wanadoo\\Inactivity.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwuSchd2.exe"=
"c:\\Program Files\\Adobe\\Reader 8.0\\Reader\\reader_sl.exe"=
"c:\\WINDOWS\\system32\\FTRTSVC.exe"=
"c:\\Program Files\\Wanadoo\\ComComp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-12-25 15424]
S0 ati5vbxx;ati5vbxx;c:\windows\system32\Drivers\ati5vbxx.sys []
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-12-25 38496]
S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;"c:\program files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE" -i AUTODESKVAULT [2005-05-03 323584]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3dd0c4ea-289b-11dc-aef1-8605c2ab9b60}]
\Shell\AutoRun\command - L:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9dbc9d04-d048-11dc-b15d-00192150d241}]
\Shell\AutoRun\command - I:\Eautorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d72d3b59-b566-11dc-b120-00192150d241}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-msnmsgr - ~c:\program files\MSN Messenger\msnmsgr.exe
SafeBoot-ati4sxxx.sys
SafeBoot-ati5tyxx.sys
SafeBoot-ati6yfxx.sys
MSConfigStartUp-msnmsgr - ~c:\program files\MSN Messenger\msnmsgr.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.orange.fr
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-26 16:58:15
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'lsass.exe'(804)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\rundll32.exe
c:\progra~1\Wanadoo\GestionnaireInternet.exe
c:\progra~1\Wanadoo\ComComp.exe
c:\progra~1\Wanadoo\Toaster.exe
c:\progra~1\Wanadoo\Inactivity.exe
c:\progra~1\Wanadoo\PollingModule.exe
c:\windows\system32\FTRTSVC.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe
c:\program files\Eset\nod32krn.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe
c:\progra~1\Wanadoo\Watch.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\system32\ALERTM~1\ALERTM~1.EXE
.
**************************************************************************
.
Heure de fin: 2008-12-26 17:01:02 - La machine a redémarré
ComboFix-quarantined-files.txt  2008-12-26 16:00:59

Avant-CF: 48 234 196 992 octets libres
Après-CF: 48,071,143,424 octets libres

784    --- E O F ---    2008-12-26 15:50:56

 

 

Pour ces 2 log, j'attends votre avis !

D'avance merci

Modifié le 26 décembre 2008 par pitsensas

[no.ppp]

Bonsoir,

 

- VundoFix

- Virtumondebegone

- ComboFix

- Malwarebytes' Anti-Malware

 

Ouch, il faut éviter de passer des outils à l'aveuglette comme çà, comme ComboFix par exemple. C'est très dangereux.

 

As-tu le rapport MalwareBytes' Anti-Malware ? Et les autres : VundoFix et VirtumondebeGone ?

 

Je regarde le rapport ComboFix en attendant.

[no.ppp]

Re,

 

Tu as passé SDFix également, envoie-moi le rapport stp.

 

Fais ceci en plus :

Rends-toi sur ce site : http://www.virustotal.com/

• Clique sur "Parcourir" et cherche ce fichier : C:\msv2008.exe
  
• Clique sur "Send File".
  
• Un rapport va s'élaborer ligne à ligne.
  
• Attends la fin. Il doit comprendre la taille du fichier envoyé.
  
• Sauvegarde le rapport avec le bloc-note.
  
• Copie le dans ta réponse.
  
• Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton "Reanalyser" le fichier maintenant
  

Idem pour : C:\osy.exe et C:\ous.exe

[pitsensas]

Bonsoir,

 

Je ne suis pas chez moi donc je ne peux pas encore transmettre tous les éléments.

Pour VundoFix, il n'a rien trouvé

Pour VirtumondebeGone, il a trouvé des problèmes et les a nettoyé (en particulier le fichier C:\Windows\system32\tuvngxp.dll) mais je n'ai pas gardé le rapport.

Pour MalwareBytes' Anti-Malware, il a aussi trouvé des erreurs et je transmets le rapport dès que possible.

 

A+ tard.

 

PS: Pour HijackThis, puis "fixer" les lignes ci-dessous

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\msagent" (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-21-583907252-1425521274-725345543-1005\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx (User '?')

O4 - HKUS\S-1-5-21-583907252-1425521274-725345543-1005\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe (User '?')

Modifié le 26 décembre 2008 par pitsensas

[pitsensas]

Première analyse rapide Mbam : mbam-log-2008-12-25 (15-13-59).txt

 

Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1544
Windows 5.1.2600 Service Pack 2

25/12/2008 15:13:59
mbam-log-2008-12-25 (15-13-59).txt

Type de recherche: Examen rapide
Eléments examinés: 28832
Temps écoulé: 7 minute(s), 38 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 5
Clé(s) du Registre infectée(s): 12
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 5
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\zidoyowi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\gerogije.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\sagujele.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\gepesiso.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ppeuml.dll (Trojan.Vundo) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6a53864d-dbd6-4995-92ee-0b10d4f83df8} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6a53864d-dbd6-4995-92ee-0b10d4f83df8} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{097894f9-686a-4751-a069-9f8a50c41f13} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{097894f9-686a-4751-a069-9f8a50c41f13} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{097894f9-686a-4751-a069-9f8a50c41f13} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6a53864d-dbd6-4995-92ee-0b10d4f83df8} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7e66936c-fea0-4984-ad26-7b6661ac5b2e} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7e66936c-fea0-4984-ad26-7b6661ac5b2e} (Adware.Hotbar) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\9c88d685 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ruruzatuwe (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm9fbbe519 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\zidoyowi.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\zidoyowi.dll  -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\zidoyowi.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\gepesiso.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\gepesiso.dll -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\ppeuml.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\sagujele.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\gepesiso.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\gerogije.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\zidoyowi.dll (Trojan.Vundo.H) -> Delete on reboot.

 

Deuxième analyse rapide mbam-log-2008-12-25 (15-22-11).txt

 

Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1544
Windows 5.1.2600 Service Pack 2

25/12/2008 15:22:11
mbam-log-2008-12-25 (15-22-11).txt

Type de recherche: Examen rapide
Eléments examinés: 26660
Temps écoulé: 1 minute(s), 8 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{097894f9-686a-4751-a069-9f8a50c41f13} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{097894f9-686a-4751-a069-9f8a50c41f13} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm9fbbe519 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ruruzatuwe (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

 

Dernière analyse COMPLETE mbam-log-2008-12-25 (15-52-42).txt

 

Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1544
Windows 5.1.2600 Service Pack 2

25/12/2008 15:52:42
mbam-log-2008-12-25 (15-52-42).txt

Type de recherche: Examen complet (C:\|J:\|)
Eléments examinés: 41870
Temps écoulé: 8 minute(s), 51 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

[pitsensas]

Rapport sur http://www.virustotal.com pour C:\msv2008.exe

Pour les 2 autres fichiers (C:\osy.exe et C:\ous.exe) => pas de problème

 

a-squared	4.0.0.73	2008.12.27	Riskware.Win32.VBInject!IK
AhnLab-V3	2008.12.25.0	2008.12.27	Win-Trojan/Xema.29703
AntiVir	7.9.0.45	2008.12.27	TR/Dropper.Gen
Authentium	5.1.0.4	2008.12.27	-
Avast	4.8.1281.0	2008.12.26	Win32:Trojan-gen {Other}
AVG	8.0.0.199	2008.12.26	Agent.AOQH
BitDefender	7.2	2008.12.27	Trojan.Generic.1224858
CAT-QuickHeal	10.00	2008.12.27	Trojan.Agent.atkb
ClamAV	0.94.1	2008.12.27	Trojan.VB-5381
Comodo	826	2008.12.27	TrojWare.Win32.Trojan.Agent.~CIJ
DrWeb	4.44.0.09170	2008.12.27	-
eSafe	7.0.17.0	2008.12.24	-
eTrust-Vet	31.6.6276	2008.12.24	Win32/Hamweq.BQ
Ewido	4.0	2008.12.27	-
F-Prot	4.4.4.56	2008.12.24	-
F-Secure	8.0.14332.0	2008.12.27	Trojan.Win32.Agent.atkb
Fortinet	3.117.0.0	2008.12.27	W32/Agent.ATKB!tr
GData	19	2008.12.27	Trojan.Generic.1224858
Ikarus	T3.1.1.45.0	2008.12.27	VirTool.Win32.VBInject
K7AntiVirus	7.10.568	2008.12.27	Trojan.Win32.Agent.atkb
Kaspersky	7.0.0.125	2008.12.27	Trojan.Win32.Agent.atkb
McAfee	5475	2008.12.26	Generic.dx
McAfee+Artemis	5475	2008.12.26	Generic.dx
Microsoft	1.4205	2008.12.27	Trojan:Win32/VB.IT
NOD32	3718	2008.12.26	probably a variant of Win32/Agent
Norman	5.80.02	2008.12.26	-
Panda	9.0.0.4	2008.12.27	Trj/Agent.LCI
PCTools	4.4.2.0	2008.12.27	Trojan.Agent!sd6
Prevx1	V2	2008.12.27	-
Rising	21.09.52.00	2008.12.27	-
SecureWeb-Gateway	6.7.6	2008.12.27	Trojan.Dropper.Gen
Sophos	4.37.0	2008.12.27	Troj/Agent-ILI
Sunbelt	3.2.1809.2	2008.12.22	-
Symantec	10	2008.12.27	Trojan.Dropper
TheHacker	6.3.1.4.200	2008.12.26	Trojan/Agent.atkb
TrendMicro	8.700.0.1004	2008.12.26	TROJ_AGENT.YEA
VBA32	3.12.8.10	2008.12.26	Trojan.Win32.Agent.atkb
ViRobot	2008.12.26.1536	2008.12.26	Spyware.Agent.29703
VirusBuster	4.5.11.0	2008.12.26	-
Information additionnelle
File size: 29703 bytes
MD5...: 119ed536ca742f319dd787ae72299ae7
SHA1..: 9a1d95bc87121d55ec013ea3f835cd4a961d9736
SHA256: 0aa80b2e31a0d9552987b767d9b3c5f62663d4589aae0c83d2a049df8209c30c
SHA512: 7f6750f7c4cc390f5ecb639be393345db0d59869a655eaba77bac005822a5f78
f51608bb0413fba341f557de475debaebc6d4f0c06ad73a6b9b3ef036d7049d0
ssdeep: 384:tDiBg1Q+k+x/DM11FXPXNUa7RAP9gzhgwoHQZSk7iCf:bQ+k+BYFXPXWa7WU
MH/JCf
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x401090
timedatestamp.....: 0x493c9c15 (Mon Dec 08 04:01:25 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1a7c 0x2000 4.10 365b502a8f383665b700fd8cfa948cae
.data 0x3000 0x4b8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x4000 0x8c8 0x4407 7.17 0259211abcb8047f0aa3b5014ff50ab6

( 1 imports ) 
> MSVBVM60.DLL: -, -, DllFunctionCall, __vbaExceptHandler, -, -, -, ProcCallEngine, -, -, -, -, -

( 0 exports ) 
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=119ed536ca742f319dd787ae72299ae7' target='_blank'>http://www.threatexpert.com/report.aspx?md5=119ed536ca742f319dd787ae72299ae7</a>
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=119ed536ca742f319dd787ae72299ae7' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=119ed536ca742f319dd787ae72299ae7</a>
ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.

[no.ppp]

Bonsoir,

 

C'est-à-dire pas de problème pour : Pour les 2 autres fichiers (C:\osy.exe et C:\ous.exe) => pas de problème ?

Tu les as fait analyser ? Envoie les rapports que je regarde

 

Télécharge OTMoveIt3 (d'Old_Timer) sur ton Bureau.

• Copie (Ctrl+C) le texte se situant ci-dessous :

  :processes
  explorer.exe
   
  :files
  c:\windows\srchasst
  c:\windows\msagent
  C:\msv2008.exe
  C:\WINDOWS\system32\zidoyowi.dll
  C:\WINDOWS\system32\gerogije.dll
  C:\WINDOWS\system32\sagujele.dll
  c:\WINDOWS\system32\gepesiso.dll
  C:\WINDOWS\system32\ppeuml.dll
   
  :commands
  [emptytemp]
  [reboot]

• Double-clique sur OTMoveIt3.exe pour le lancer.
  
• Colle (ou Ctrl+V) le texte précédemment copié dans le cadre : Paste Instructions for Items to be Moved
  
• Clique sur MoveIt! pour lancer la suppression.
  
• Le résultat apparaîtra dans le cadre Results
  
• Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES..
  
• Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
  
• Le nom du rapport correspond au moment de sa création : date_heure.log
  

 

 

Télécharge random's system information tool (RSIT) (de random/random) sur ton Bureau.

• Double-clique sur RSIT.exe afin de lancer RSIT.
  
• Clique Continue à l'écran Disclaimer.
  
• Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
  
• Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
  
• ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  

[pitsensas]

Analyse http://www.virustotal.com pour le fichier C:\ous.exe

 

 

Antivirus	Version	Dernière mise à jour	Résultat
a-squared	4.0.0.73	2008.12.27	-
AhnLab-V3	2008.12.25.0	2008.12.27	-
AntiVir	7.9.0.45	2008.12.27	-
Authentium	5.1.0.4	2008.12.27	-
Avast	4.8.1281.0	2008.12.26	-
AVG	8.0.0.199	2008.12.26	-
BitDefender	7.2	2008.12.27	-
CAT-QuickHeal	10.00	2008.12.27	-
ClamAV	0.94.1	2008.12.27	-
Comodo	826	2008.12.27	-
DrWeb	4.44.0.09170	2008.12.27	-
eSafe	7.0.17.0	2008.12.24	-
eTrust-Vet	31.6.6276	2008.12.24	-
Ewido	4.0	2008.12.27	-
F-Prot	4.4.4.56	2008.12.26	-
F-Secure	8.0.14332.0	2008.12.27	-
Fortinet	3.117.0.0	2008.12.27	-
GData	19	2008.12.27	-
Ikarus	T3.1.1.45.0	2008.12.27	-
K7AntiVirus	7.10.568	2008.12.27	-
Kaspersky	7.0.0.125	2008.12.27	-
McAfee	5475	2008.12.26	-
McAfee+Artemis	5475	2008.12.26	-
Microsoft	1.4205	2008.12.27	-
NOD32	3718	2008.12.26	-
Norman	5.80.02	2008.12.26	-
Panda	9.0.0.4	2008.12.27	-
PCTools	4.4.2.0	2008.12.27	-
Prevx1	V2	2008.12.27	-
Rising	21.09.52.00	2008.12.27	-
SecureWeb-Gateway	6.7.6	2008.12.27	-
Sophos	4.37.0	2008.12.27	-
Sunbelt	3.2.1809.2	2008.12.22	-
Symantec	10	2008.12.27	-
TheHacker	6.3.1.4.200	2008.12.26	-
TrendMicro	8.700.0.1004	2008.12.26	-
VBA32	3.12.8.10	2008.12.26	-
ViRobot	2008.12.26.1536	2008.12.26	-
VirusBuster	4.5.11.0	2008.12.26	-
Information additionnelle
File size: 1025 bytes
MD5...: 67d89ff9e7dbba37e70465bca3ac91a0
SHA1..: 9b9c804cc76db97637fc1318329e4b5fffd16d39
SHA256: 3eeb3bc607ce2010711785661bfc43d85f64297fc52382b0b91d4341357864b6
SHA512: aa6a28135aa0b7814f8dcad39ac48d453fe6414ad40723a037c539da81d5c837
d1ec1476522cc99992e995d14477759622e36e011a6d2be1c5a70f5c7850e054
ssdeep: 12:0L+RFWekzAPD/Weocz4DzRxho/cGxPV5OP7KkyLcghVg3ZaGgLSu:0a/Wed7W
eXz6xhoDxt8K/LYZyLSu
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.

 

Analyse http://www.virustotal.com pour le fichier C:\osy.exe

 

a-squared	4.0.0.73	2008.12.27	-
AhnLab-V3	2008.12.25.0	2008.12.27	-
AntiVir	7.9.0.45	2008.12.27	-
Authentium	5.1.0.4	2008.12.27	-
Avast	4.8.1281.0	2008.12.26	-
AVG	8.0.0.199	2008.12.26	-
BitDefender	7.2	2008.12.27	-
CAT-QuickHeal	10.00	2008.12.27	-
ClamAV	0.94.1	2008.12.27	-
Comodo	826	2008.12.27	-
DrWeb	4.44.0.09170	2008.12.27	-
eSafe	7.0.17.0	2008.12.24	-
eTrust-Vet	31.6.6276	2008.12.24	-
Ewido	4.0	2008.12.27	-
F-Prot	4.4.4.56	2008.12.26	-
F-Secure	8.0.14332.0	2008.12.27	-
Fortinet	3.117.0.0	2008.12.27	-
GData	19	2008.12.27	-
Ikarus	T3.1.1.45.0	2008.12.27	-
K7AntiVirus	7.10.568	2008.12.27	-
Kaspersky	7.0.0.125	2008.12.27	-
McAfee	5475	2008.12.26	-
McAfee+Artemis	5475	2008.12.26	-
Microsoft	1.4205	2008.12.27	-
NOD32	3718	2008.12.26	-
Norman	5.80.02	2008.12.26	-
Panda	9.0.0.4	2008.12.27	-
PCTools	4.4.2.0	2008.12.27	-
Prevx1	V2	2008.12.27	-
Rising	21.09.52.00	2008.12.27	-
SecureWeb-Gateway	6.7.6	2008.12.27	-
Sophos	4.37.0	2008.12.27	-
Sunbelt	3.2.1809.2	2008.12.22	-
Symantec	10	2008.12.27	-
TheHacker	6.3.1.4.200	2008.12.26	-
TrendMicro	8.700.0.1004	2008.12.26	-
VBA32	3.12.8.10	2008.12.26	-
ViRobot	2008.12.26.1536	2008.12.26	-
VirusBuster	4.5.11.0	2008.12.26	-

Modifié le 27 décembre 2008 par pitsensas

[no.ppp]

Bonsoir,

 

Il manque un bout