Sujet Précédent Sujet Suivant

Problème avec antivirus 2009

Fermé
lapatatebleue - 3 janv. 2009 à 08:42
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 - 23 janv. 2009 à 00:04
Bonjour,
j'ai moi aussi un probleme avec ce virus, est ce que quelquun peut m'aider, j'ai essayer de downloader kaspersky mais je ne suis pas capable parce que je n'ai pas réussi a désactiver avira antivir
voici le scan que jai fait avec hijackthis
merci pour tout

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:34:19, on 2009-01-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Antivirus 2009\av2009.exe
C:\WINDOWS\system32\explorer32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\regsvr32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Standard\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Program Files\Netscape\Users\User00\prefs.js)
O2 - BHO: &Research - {037C7B8A-151A-49E6-BAED-CC05FCB50328} - C:\WINDOWS\SYSTEM32\winsrc.dll (file missing)
O2 - BHO: addestination - {4f6b2136-a096-43d9-6de2-ff062e459793} - C:\WINDOWS\system32\nsdC.dll
O2 - BHO: addestination search enhancer - {737336BB-896D-6F69-576D-2C074902A631} - C:\WINDOWS\system32\bdfvosqifwojd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: addestination browser enhancer - {AACEC581-3C40-F0B8-CE58-9321B25A43B7} - C:\WINDOWS\system32\ltaefrnapi.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Documents and Settings\Standard\Mes documents\Winamp\winampa.exe"
O4 - HKLM\..\Run: [xpmlvwuqhc] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\ltaefrnapi.dll"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [63377635974051802795269627863054] C:\Program Files\Antivirus 2009\av2009.exe
O4 - HKCU\..\Run: [ieupdate] "C:\WINDOWS\system32\explorer32.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1113486031430
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
A voir également:

16 réponses

Réponse 1 / 16
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
3 janv. 2009 à 08:50
Bonjour,

tu télécharges smitfraudfix de S!Ri sur ton bureau
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
Double clique sur l’exécutable. Il va crée un un dossier SmitFraudFix et lancer l’outil.

tu choisis l' option 1 .
Un rapport sera crée.
Copie/colle le rapport dans ton prochain message.

A+
0
lapatatebleue
3 janv. 2009 à 22:33
et voila Verni29
merci pour tout

SmitFraudFix v2.388

Rapport fait à 16:25:05,19, 2009-01-03
Executé à partir de C:\Documents and Settings\Standard\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est FAT32
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Antivirus 2009\av2009.exe
C:\WINDOWS\system32\explorer32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\regsvr32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\ieupdates.exe PRESENT !
C:\WINDOWS\system32\migicons.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Standard


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Standard\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Standard\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\STANDARD\FAVORIS


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Google\googletoolbar1.dll PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/100+ MiniPCI
DNS Server Search Order: 192.168.2.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E760F5EC-F710-4B2B-817F-DFB7640E43EC}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E760F5EC-F710-4B2B-817F-DFB7640E43EC}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E760F5EC-F710-4B2B-817F-DFB7640E43EC}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 2 / 16
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
3 janv. 2009 à 23:42
Tu télécharges MalwareBytes.
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Tu l'installes. Choisis les options par défaut.
A la fin de l’installation, il te sera demandé de mettre à jour MalwareBytes et de l’exécuter .
Ne choisis que la mise à jour. Le logiciel sera lancé en mode sans échec.

1) Redémarre en mode sans échec :
Pour cela, tu tapotes la touche F8 à l’allumage du pc sans t’arrêter.

Une fenêtre va s’ouvrir. Choisis démarrer en mode sans échec puis tape entrée.
Choisis ton compte.

Relance le programme Smitfraud,
Pour cela, tu vas dans le dossier SmitFraudFix crée sur ton bureau et tu doubles-cliques sur SmitFraudFix.cmd.
Cette fois choisis l’option 2, répond oui a tous ;
Sauvegarde le rapport.

RESTE EN MODE SANS ECHEC.

2) Pour lancer MalwareBytes, double-clique sur le raccourci du bureau.

Dans l’onglet Recherche, sélectionne Exécuter un examen complet.
Clique sur recherche. Tu ne sélectionnes que les disques durs de l’ordinateur.
Clique sur lancer l’examen.

A la fin de la recherche, Comme il est demandé, clique sur afficher les résultats de la recherche.
Choisis alors Supprimer la selection pour nettoyer les infections.
Tu postes le rapport dans ton prochain message.

Si tu ne le retrouves pas, ouvre MalwareBytes et regarde dans l’onglet Rapport/logs. Il y est.
Clique dessus et choisir ouvrir.

A+

0
Réponse 3 / 16
lapatatebleue
4 janv. 2009 à 07:55
j'ai enregistré le rapport mais je ne le retrouve plus,en fait il n'est plus ou je l'ai mis, et je suis aller chercher dans rapports/logs et il n'y a rien, dois-je faire un autre scan et envoyer le rapport??
merci encore
Lapatateblue
0
Réponse 4 / 16
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
4 janv. 2009 à 08:35
Pour SmitFraudfix, as-tu le rapport ?
Si tu ne trouves pas, il est à C:\rapport.txt

Pour Malwarebytes, je préfère que tu refasses un scan .
Fais-le sous windows .

poste moi ensuite un rapport Hijackthis.

A+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 16
lapatatebleue
5 janv. 2009 à 07:34
voici le rapport de SmitFraudFix

SmitFraudFix v2.388

Rapport fait à 22:40:59,26, 2009-01-03
Executé à partir de C:\Documents and Settings\Standard\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est FAT32
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\system32\ieupdates.exe supprimé
C:\WINDOWS\system32\migicons.exe supprimé
C:\Program Files\Google\googletoolbar1.dll supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E760F5EC-F710-4B2B-817F-DFB7640E43EC}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E760F5EC-F710-4B2B-817F-DFB7640E43EC}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E760F5EC-F710-4B2B-817F-DFB7640E43EC}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Voici le rapport Malwarebytes

Malwarebytes' Anti-Malware 1.31
Database version: 1607
Windows 5.1.2600 Service Pack 2

2009-01-03 23:18:37
mbam-log-2009-01-03 (23-18-37).txt

Scan type: Full Scan (C:\|)
Objects scanned: 76370
Time elapsed: 30 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{0507fdde-f3b7-49f5-9e8f-c557e991f39b} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\WeatherOnTray.EXE (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aacec581-3c40-f0b8-ce58-9321b25a43b7} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{aacec581-3c40-f0b8-ce58-9321b25a43b7} (Adware.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xpmlvwuqhc (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Antivirus 2009 (Rogue.Antivirus 2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\Standard\Menu Démarrer\Antivirus 2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\SYSTEM32\explorer32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{99AE428E-4F5D-4AB7-8856-82D75693C5EC}\RP235\A0051766.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\Antivirus 2009\av2009.exe (Rogue.Antivirus 2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\Standard\Menu Démarrer\Antivirus 2009\Antivirus 2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Standard\Menu Démarrer\Antivirus 2009\Uninstall Antivirus 2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ltaefrnapi.dll (Trojan.Agent) -> Quarantined and deleted successfully.


Et voici celui de hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:34:04, on 2009-01-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Standard\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Program Files\Netscape\Users\User00\prefs.js)
O2 - BHO: addestination - {4f6b2136-a096-43d9-6de2-ff062e459793} - C:\WINDOWS\system32\nsdC.dll
O2 - BHO: addestination search enhancer - {737336BB-896D-6F69-576D-2C074902A631} - C:\WINDOWS\system32\bdfvosqifwojd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Documents and Settings\Standard\Mes documents\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [63377635974051802795269627863054] C:\Program Files\Antivirus 2009\av2009.exe
O4 - HKCU\..\Run: [ieupdate] "C:\WINDOWS\system32\explorer32.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1113486031430
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
0
Réponse 6 / 16
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
5 janv. 2009 à 08:44
Télécharges Random's System Information Tool (RSIT) de random/random et enregistre le sur ton Bureau.
http://images.malwareremoval.com/random/RSIT.exe

Double-clique sur " RSIT.exe " pour le lancer .
dans la fenêtre qui va s’ouvrir choisis 1 month pour l'option "List files/folders created ..." ,
cliques ensuite sur " Continue " pour lancer l'analyse ...

Si la dernière version de HijackThis n'est pas trouvée sur ton PC, RSIT la téléchargera et te demandera d'accepter la licence.

Attends jusqu’à la fin de l’analyse.
deux rapports vont être generés.

Poste le contenu de " log.txt ", ainsi que de " info.txt " ( dans la barre des tâches), pour analyse et attends la suite ...

Si tu ne les trouves pas,les rapports sont sauvegardés dans le dossier C:\rsit.

A+
0
Réponse 7 / 16
lapatatebleue
6 janv. 2009 à 03:48
log.txt

Logfile of random's system information tool 1.05 (written by random/random)
Run by Standard at 2009-01-05 21:43:56
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 3 GB (34%) free of 10 GB
Total RAM: 191 MB (32% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:44:15, on 2009-01-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Standard\Bureau\RSIT.exe
C:\Documents and Settings\Standard\Bureau\Standard.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Program Files\Netscape\Users\User00\prefs.js)
O2 - BHO: addestination - {4f6b2136-a096-43d9-6de2-ff062e459793} - C:\WINDOWS\system32\nsdC.dll
O2 - BHO: addestination search enhancer - {737336BB-896D-6F69-576D-2C074902A631} - C:\WINDOWS\system32\bdfvosqifwojd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Documents and Settings\Standard\Mes documents\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [63377635974051802795269627863054] C:\Program Files\Antivirus 2009\av2009.exe
O4 - HKCU\..\Run: [ieupdate] "C:\WINDOWS\system32\explorer32.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1113486031430
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
0
Réponse 8 / 16
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
6 janv. 2009 à 08:52
SmitFraudFix a supprimé la google Toolbar car il y a un risque d'infections avec une barre d'outil similaire.
Il faudra sans doute la réinstaller.

1) Lance Hijackthis et tu choisis " Do a system scan only ".
Tu sélectionnes les lignes suivantes :

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKCU\..\Run: [63377635974051802795269627863054] C:\Program Files\Antivirus 2009\av2009.exe
O4 - HKCU\..\Run: [ieupdate] "C:\WINDOWS\system32\explorer32.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

Tu choisis l'option " Fixchecked" en bas de la page.

2) Télécharge OTMoveIt3 (de Old_Timer) sur ton Bureau.
http://oldtimer.geekstogo.com/OTMoveIt3.exe

Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve en citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste Instructions for Items to be Moved.

:Processes
explorer.exe

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f6b2136-a096-43d9-6de2-ff062e459793}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{737336BB-896D-6F69-576D-2C074902A631}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=-

:Files
C:\WINDOWS\system32\nsdC.dll
C:\WINDOWS\system32\bdfvosqifwojd.dll
C:\WINDOWS\system32\bdfvosqifwojd.dll-uninst.exe
C:\WINDOWS\system32\cont_addestination-remove.exe
C:\WINDOWS\system32\euvcbqghzql.exe
C:\FOUND.001

:Commands
[emptytemp]
[start explorer]
[Reboot]

clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre "Results".
ton ordinateur redémarrera pour supprimer les fichiers.

Un rapport va s'ouvrir après redémarrage.
Poste le rapport . Si tu ne le trouves pas; il est ( fichier .log ) situé dans C:\_OTMoveIt\MovedFiles.

3) Télécharge Toolbar-S&D sur ton Bureau :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique sur le raccourci de Toolbar-S&D.
* Sélectionne la langue puis valide.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Copie/colle le contenu du rapport qui va s’afficher.
Si tu ne le trouves pas, il est situé à C:\TB.txt .

A+
0
Réponse 9 / 16
lapatatebleue
8 janv. 2009 à 03:33
OTmoveIt3

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f6b2136-a096-43d9-6de2-ff062e459793}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{737336BB-896D-6F69-576D-2C074902A631}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\\ not found.
========== FILES ==========
File/Folder C:\WINDOWS\system32\nsdC.dll not found.
C:\WINDOWS\system32\bdfvosqifwojd.dll unregistered successfully.
C:\WINDOWS\system32\bdfvosqifwojd.dll moved successfully.
C:\WINDOWS\system32\bdfvosqifwojd.dll-uninst.exe moved successfully.
C:\WINDOWS\system32\cont_addestination-remove.exe moved successfully.
C:\WINDOWS\system32\euvcbqghzql.exe moved successfully.
C:\FOUND.001 moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01072009_173736

Files moved on Reboot...
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.


tool-bar S&D


-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Processeur Intel Celeron )
BIOS : Satellite2800 v2.00 TOSHIBA
USER : Standard ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
A:\ (USB)
C:\ (Local Disk) - FAT32 - Total:9 Go (Free:3 Go)
D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 2009-01-07|21:30 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\IESkins
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\reports.txt
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\eskin
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOI
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\DownLoad
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\DownLoad\layout.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\DownLoad\buttondir.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\DownLoad\linkpathlegal.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.txt
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\DownLoad\keywords1.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\DownLoad\keywords.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_1000.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_2000.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_3000.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_logos.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_other.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_weather.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\DownLoad\tsd_bg.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\DownLoad\t2_bg.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\DownLoad\s_icons_buttons.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\DownLoad\progress.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\DownLoad\keywords_sdf.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\DownLoad\keywords_idx.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\DownLoad\email-t1-bg.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bar.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar1.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar2.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar3.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar4.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar5.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar6.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar7.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar8.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar9.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar10.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar11.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_x.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar12.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar13.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar14.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\DownLoad\business_promo.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar_promo.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\DownLoad\default.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\DownLoad\icons2.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\DownLoad\top7.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\DownLoad\ads.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar-premium.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\Default_Games.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\Default_Hide.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\Default_Hotmail.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\Default_Mails.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\Default_SearchBoxTrapper.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\Default_categorize.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\Default_comparison.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\Default_explorer-Mails.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\Default_favorites.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\Default_hotbarcom.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\Default_hsskin.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\Default_new.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\Default_premium.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\Default_ringtone.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\Default_searchfor.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\Default_searchgo.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\Default_weather.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\Default_yellowpages.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\Top7_theweb.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\ads.cdf
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\business_promo.htm
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\buttondir.txt
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\components.cdf
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_1000.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_2000.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_3000.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bar.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar1.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar10.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar11.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar12.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar13.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar14.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar2.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar3.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar4.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar5.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar6.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar7.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar8.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar9.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_logos.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_other.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_x.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\d_icons_weather.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\default.cdf
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\email-def-511724-9595.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\email-t1-bg.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\hotbar-premium-hotbar-premium.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\hotbar-premium.cdf
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\hotbar_promo.htm
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\hotbarcom.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\icons2.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\keywords.idx
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\keywords1.dat
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\keywords_idx.idx
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\keywords_sdf.sdf
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\layout.cdf
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\linkpathlegal.txt
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\progress.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\s_icons_buttons.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\t2_bg.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\theweb.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\top7.cdf
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\1\tsd_bg.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\Default_Games.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\Default_Hide.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\Default_Hotmail.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\Default_Mails.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\Default_SearchBoxTrapper.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\Default_categorize.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\Default_comparison.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\Default_explorer-Mails.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\Default_favorites.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\Default_hotbarcom.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\Default_hsskin.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\Default_new.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\Default_premium.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\Default_ringtone.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\Default_searchfor.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\Default_searchgo.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\Default_weather.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\Default_yellowpages.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\Top7_theweb.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\ads.cdf
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\business_promo.htm
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\buttondir.txt
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\components.cdf
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_1000.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_2000.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_3000.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bar.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar1.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar10.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar11.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar12.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar13.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar14.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar2.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar3.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar4.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar5.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar6.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar7.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar8.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar9.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_logos.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_other.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_x.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\d_icons_weather.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\default.cdf
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\email-def-511724-9595.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\email-t1-bg.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\hotbar-premium-hotbar-premium.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\hotbar-premium.cdf
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\hotbar_promo.htm
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\hotbarcom.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\icons2.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\keywords.idx
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\keywords1.dat
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\keywords_idx.idx
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\keywords_sdf.sdf
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\layout.cdf
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\linkpathlegal.txt
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\progress.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\s_icons_buttons.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\t2_bg.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\theweb.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\top7.cdf
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\static\2\tsd_bg.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\ustat
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\hstat
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\344stat
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\1.sdf
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\domains.txt
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\ASPL1.dat
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\1387587.sdf
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\1387588.sdf
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\1409564.sdf
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\566217.sdf
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\819382.sdf
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\1389480.sdf
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\1111394.sdf
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\1409567.sdf
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\805478.sdf
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\625696.sdf
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\890068.sdf
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\471737.sdf
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\344723.sdf
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\1385779.sdf
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\1057845.sdf
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\1055531.sdf
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\1420235.sdf
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\1065003.sdf
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\194671.sdf
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\41312.sdf
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\953694.sdf
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\ustat\3112.dat
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\ustat\3113.dat
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34123
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\35047
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44878
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\80670
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\85062
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\83216
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\90358
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20299
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26664
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\42916
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\43907
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44300
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\15803
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\15807
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\15955
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\32676
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\42425
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\67733
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\86140
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\56815
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\64646
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20549
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\82292
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\97499
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\97518
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\99008
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\17025
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\18721
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\45833
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\67226
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\86379
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34186
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\52335
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\61779
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\59844
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\95716
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\32418
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\4442
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\61207
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\70650
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\97524
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\14633
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44271
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\61837
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\27503
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34237
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\66836
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20935
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\58804
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\59243
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\72748
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\73576
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\79079
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\71822
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\32242
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\95645
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\36834
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\87215
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\60709
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\19475
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\81529
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34267
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\42034
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44462
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\575586
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\66855
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\184591
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\579123
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\43979
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\58197
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\71009
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\77468
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\Hotbar\dynamic\hstat\3113.dat
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\dynamic
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\DownLoad
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\DownLoad\buttondir.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\DownLoad\linkpathlegal.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\DownLoad\layout.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\DownLoad\progress.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\DownLoad\email-t1-bg.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\DownLoad\code.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\DownLoad\images.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\DownLoad\treexml.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\DownLoad\business_promo.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\DownLoad\hotbar_promo.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\DownLoad\localcontent.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\DownLoad\email-def.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\DownLoad\meetpeople.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\011203flk_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\030203free_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\030203us_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\033102angry_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\033102bad_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\033102band_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\033102bebe_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\033102beer_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\033102bigangry_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\033102bigblink_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\033102bigkiss_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\033102biglove_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\033102bigluf_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\033102bigsad_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\033102bigscream_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\033102bigsmile_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\033102bigtong_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\033102biguhm_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\033102birthday_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\033102blink_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\033102cheers_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\033102clown_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\033102cry_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\033102fight_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\033102flo_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\033102good_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\033102jump_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\033102kiss_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\033102kite_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\033102lough_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\033102love_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\033102lovu_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\033102luf_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\033102mad_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\033102shamed_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\033102smile_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\033102sor_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\033102stupid_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\033102thanx_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\033102tongue_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\033102uu_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\040103ahh_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\040103bg_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\040103wow_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\050103crazicon4_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\062802pirat_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\080402call_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\080402cool_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\080402gudl_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\080402help_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\080402miss_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\080402uthere_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\082502btw_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\082502bye_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\082502hi_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\082502no_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\082502now_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\082502yes_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\110103_krasneet_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\110103_obliz_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\block_sm.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\block_sm2.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\block_smli.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\block_smli2.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\blocked.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\blocked2.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\btn_add-but.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\btn_back-but.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\btn_left_cut_enabled_1.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\btn_left_enabled_1.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\btn_left_pressed_1.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\btn_middle_enabled_1.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\btn_middle_pressed_1.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\btn_right_cut_enabled_1.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\btn_right_enabled_1.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\btn_right_pressed_1.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\business_promo.htm
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\buttondir.txt
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\components.cdf
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\css2_main.css
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\css2_pagingmodule.css
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\css2_topbuttons.css
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\css_cattree.css
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\css_flashpreview.css
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\delete.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\edit_clear_sound.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\edit_fs.htm
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\edit_select.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\email-def-511724-9595.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\email-def-email-backgrounds.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\email-def-email-bcards.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\email-def-email-ecards.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\email-def-email-emoticons.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\email-def-email-estationery.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\email-def-email-funny.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\email-def-email-help.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\email-def-email-images.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\email-def-email-info.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\email-def-email-more.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\email-def-email-my.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\email-def-email-new.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\email-def-email-new2.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\email-def-email-options.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\email-def-email-people.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\email-def-email-photo.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\email-def-email-tell.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\email-def-email-temp.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\email-def-email-text.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\email-def-email-voice.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\email-def.cdf
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\email-premium-email-premium.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\email-t1-bg.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\estatationery.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\flashpreview.htm
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\fs3.htm
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\hotbar_promo.htm
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\icon_checked_1.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\icon_close_1.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\icon_close_pressed_1.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\icon_edit_preview.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\icon_edit_send.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\icon_flash_preview.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\icon_recently_used.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\icon_remove_1.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\icon_remove_pressed_1.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\icon_sand-clock2.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\icon_tell_1.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\icon_tell_pressed_1.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\icon_tree_null.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\icon_unchecked_1.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\icon_unchecked_pressed_1.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\img_barlayout.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\img_barlayout2.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\img_barlayout4.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\img_corner_left.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\img_local_logo.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\js2_basetemplate.js
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\js2_hbgroups.js
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\js2_hbobject3.js
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\js2_hbobjectset3.js
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\js2_hotbarwrapper.js
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\js2_iteratorsandreaders3nf.js
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\js2_pagingmoduleobj3.js
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\js2_texts3.js
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\js2_xmltree3nf.js
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\layout.cdf
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\linkpathlegal.txt
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\meetpeople.cdf
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\n.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\nav_b_2.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\nav_bb_2.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\nav_f_2.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\nav_ff_2.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\progress.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\searchbtn.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\submit.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\tab_bg.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\tab_bga.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\tab_bgia.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\tab_l.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\tab_la.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\tab_lia.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\tab_r.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\tab_ra.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\tab_ria.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\tree_dots.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\tree_minus.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\tree_plus.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\treedata_animations.xml
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\treedata_backgrounds.xml
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\treedata_ecards.xml
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\treedata_emoticons.xml
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\treedata_notifiers.xml
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\1\treedata_text.xml
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\011203flk_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\030203free_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\030203us_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\033102angry_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\033102bad_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\033102band_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\033102bebe_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\033102beer_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\033102bigangry_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\033102bigblink_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\033102bigkiss_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\033102biglove_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\033102bigluf_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\033102bigsad_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\033102bigscream_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\033102bigsmile_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\033102bigtong_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\033102biguhm_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\033102birthday_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\033102blink_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\033102cheers_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\033102clown_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\033102cry_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\033102fight_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\033102flo_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\033102good_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\033102jump_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\033102kiss_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\033102kite_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\033102lough_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\033102love_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\033102lovu_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\033102luf_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\033102mad_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\033102shamed_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\033102smile_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\033102sor_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\033102stupid_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\033102thanx_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\033102tongue_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\033102uu_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\040103ahh_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\040103bg_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\040103wow_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\050103crazicon4_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\062802pirat_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\080402call_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\080402cool_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\080402gudl_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\080402help_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\080402miss_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\080402uthere_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\082502btw_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\082502bye_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\082502hi_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\082502no_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\082502now_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\082502yes_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\110103_krasneet_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\110103_obliz_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\block_sm.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\block_sm2.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\block_smli.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\block_smli2.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\blocked.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\blocked2.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\btn_add-but.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\btn_back-but.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\btn_left_cut_enabled_1.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\btn_left_enabled_1.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\btn_left_pressed_1.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\btn_middle_enabled_1.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\btn_middle_pressed_1.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\btn_right_cut_enabled_1.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\btn_right_enabled_1.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\btn_right_pressed_1.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\business_promo.htm
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\buttondir.txt
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\components.cdf
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\css2_main.css
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\css2_pagingmodule.css
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\css2_topbuttons.css
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\css_cattree.css
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\css_flashpreview.css
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\delete.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\edit_clear_sound.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\edit_fs.htm
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\edit_select.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\email-def-511724-9595.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\email-def-email-backgrounds.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\email-def-email-bcards.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\email-def-email-ecards.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\email-def-email-emoticons.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\email-def-email-estationery.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\email-def-email-funny.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\email-def-email-help.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\email-def-email-images.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\email-def-email-info.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\email-def-email-more.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\email-def-email-my.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\email-def-email-new.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\email-def-email-new2.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\email-def-email-options.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\email-def-email-people.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\email-def-email-photo.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\email-def-email-tell.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\email-def-email-temp.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\email-def-email-text.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\email-def-email-voice.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\email-def.cdf
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\email-premium-email-premium.mnu
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\email-t1-bg.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\flashpreview.htm
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\fs3.htm
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\hotbar_promo.htm
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\icon_checked_1.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\icon_close_1.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\icon_close_pressed_1.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\icon_edit_preview.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\icon_edit_send.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\icon_flash_preview.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\icon_recently_used.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\icon_remove_1.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\icon_remove_pressed_1.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\icon_sand-clock2.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\icon_tell_1.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\icon_tell_pressed_1.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\icon_tree_null.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\icon_unchecked_1.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\icon_unchecked_pressed_1.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\img_barlayout.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\img_barlayout2.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\img_barlayout4.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\img_corner_left.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\img_local_logo.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\js2_basetemplate.js
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\js2_hbgroups.js
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\js2_hbobject3.js
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\js2_hbobjectset3.js
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\js2_hotbarwrapper.js
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\js2_iteratorsandreaders3nf.js
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\js2_pagingmoduleobj3.js
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\js2_texts3.js
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\js2_xmltree3nf.js
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\layout.cdf
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\linkpathlegal.txt
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\meetpeople.cdf
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\n.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\nav_b_2.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\nav_bb_2.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\nav_f_2.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\nav_ff_2.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\progress.res
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\submit.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\tab_bg.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\tab_bga.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\tab_bgia.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\tab_l.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\tab_la.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\tab_lia.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\tab_r.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\tab_ra.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\tab_ria.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\tree_dots.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\tree_minus.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\tree_plus.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\treedata_animations.xml
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\treedata_backgrounds.xml
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\treedata_ecards.xml
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\treedata_emoticons.xml
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\treedata_notifiers.xml
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOL\static\2\treedata_text.xml
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOI\dynamic
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOI\static
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOI\static\DownLoad
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOI\static\1
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOI\static\2
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOI\static\DownLoad\buttondir.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOI\static\DownLoad\linkpathlegal.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOI\static\DownLoad\layout.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOI\static\DownLoad\progress.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOI\static\DownLoad\email-t1-bg.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOI\static\DownLoad\code.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOI\static\DownLoad\images.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOI\static\DownLoad\treexml.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOI\static\DownLoad\business_promo.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOI\static\DownLoad\hotbar_promo.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOI\static\DownLoad\localcontent.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOI\static\DownLoad\email-def.xip
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOI\static\1\011203flk_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOI\static\1\030203free_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOI\static\1\030203us_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOI\static\1\033102angry_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOI\static\1\033102bad_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOI\static\1\033102band_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOI\static\1\033102bebe_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOI\static\1\033102beer_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOI\static\1\033102bigangry_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOI\static\1\033102bigblink_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOI\static\1\033102bigkiss_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOI\static\1\033102biglove_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOI\static\1\033102bigluf_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOI\static\1\033102bigsad_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOI\static\1\033102bigscream_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOI\static\1\033102bigsmile_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOI\static\1\033102bigtong_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOI\static\1\033102biguhm_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOI\static\1\033102birthday_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOI\static\1\033102blink_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOI\static\1\033102cheers_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOI\static\1\033102clown_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOI\static\1\033102cry_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOI\static\1\033102fight_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0\HostOI\static\1\033102flo_1_prv.gif
C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0
0
Réponse 10 / 16
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
8 janv. 2009 à 12:26
le rapport de ToolBarS&D n'est pas complet.
Ce n'est pas bien grave pour ce premier rapport.

1) Relance Toolbar-S&D en double-cliquant sur le raccourci.

choisis l'option "2" puis valide en appuyant sur "Entrée".
Ne ferme pas la fenêtre lors de la suppression.

Un nouveau rapport sera généré, poste son contenu ici ( en entier s'il te plait )

2) Poste moi aussi un nouveau rapport Hijackthis.

A+
0
Réponse 11 / 16
lapatatebleue
15 janv. 2009 à 04:29
-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Processeur Intel Celeron )
BIOS : Satellite2800 v2.00 TOSHIBA
USER : Standard ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
A:\ (USB)
C:\ (Local Disk) - FAT32 - Total:9 Go (Free:3 Go)
D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 2009-01-14|22:21 )

-----------\\ SUPPRESSION

Supprime! - C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\IESkins
Supprime! - C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\v3.0
Supprime! - C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\reports.txt
Supprime! - C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar\eskin
Supprime! - C:\DOCUME~1\STANDARD\APPLIC~1\Hotbar

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.google.ca/?gws_rd=ssl"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\STANDARD\Recent\Crack.lnk



1 - "C:\ToolBar SD\TB_1.txt" - 2009-01-07|21:32 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 2009-01-14|22:24 - Option : [2]

-----------\\ Fin du rapport a 22:24:21,97





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:29:36, on 2009-01-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Standard\Bureau\jack truc much.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Program Files\Netscape\Users\User00\prefs.js)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Documents and Settings\Standard\Mes documents\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1113486031430
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
0
Réponse 12 / 16
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
15 janv. 2009 à 06:50
Il y a des restes de Norton symantec sur le PC.
Utilise ceci pour enlever ce qu'il reste :
Pour désinstaller Norton :
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924

Tu vas sur le site de Kaspersky:
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
utilise Internet Explorer.

Clique sur Demarrer Online-scanner ( en bas de page à droite ) pour commencer l'analyse.
Il te sera demandé d'installer un logiciel de Kaspersky, accepte.

A la fin de cette analyse, clique sur enregistrer le rapport.
Poste le contenu de ce rapport dans ton prochain message.

tuto :
https://forum.pcastuces.com/default.asp

A+
0
Réponse 13 / 16
lapatatebleue
20 janv. 2009 à 05:09
KASPERSKY ON-LINE SCANNER REPORT
Monday, January 19, 2009 11:08:06 PM
Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.84.2
Dernière mise à jour de la base antivirus Kaspersky : 19/01/2009
Enregistrements dans la base antivirus Kaspersky : 1481291


Paramètres d'analyse
Analyser avec la base antivirus suivante standard
Analyser les archives vrai
Analyser les bases de messagerie vrai

Cible de l'analyse Zones critiques
C:\WINDOWS
C:\DOCUME~1\Standard\LOCALS~1\Temp\

Statistiques de l'analyse
Total d'objets analysés 21279
Nombre de virus trouvés 0
Nombre d'objets infectés 0 / 0
Nombre d'objets suspects 0
Durée de l'analyse 02:14:37

Nom de l'objet infecté Nom du virus Dernière action
C:\WINDOWS\SYSTEM32\wbem\REPOSITORY\FS\MAPPING1.MAP L'objet est verrouillé ignoré

C:\WINDOWS\SYSTEM32\wbem\REPOSITORY\FS\MAPPING2.MAP L'objet est verrouillé ignoré

C:\WINDOWS\SYSTEM32\wbem\REPOSITORY\FS\MAPPING.VER L'objet est verrouillé ignoré

C:\WINDOWS\SYSTEM32\wbem\REPOSITORY\FS\INDEX.MAP L'objet est verrouillé ignoré

C:\WINDOWS\SYSTEM32\wbem\REPOSITORY\FS\OBJECTS.MAP L'objet est verrouillé ignoré

C:\WINDOWS\SYSTEM32\wbem\REPOSITORY\FS\OBJECTS.DATA L'objet est verrouillé ignoré

C:\WINDOWS\SYSTEM32\wbem\REPOSITORY\FS\INDEX.BTR L'objet est verrouillé ignoré

C:\WINDOWS\SYSTEM32\config\system.LOG L'objet est verrouillé ignoré

C:\WINDOWS\SYSTEM32\config\software.LOG L'objet est verrouillé ignoré

C:\WINDOWS\SYSTEM32\config\default.LOG L'objet est verrouillé ignoré

C:\WINDOWS\SYSTEM32\config\SECURITY L'objet est verrouillé ignoré

C:\WINDOWS\SYSTEM32\config\SAM L'objet est verrouillé ignoré

C:\WINDOWS\SYSTEM32\config\SAM.LOG L'objet est verrouillé ignoré

C:\WINDOWS\SYSTEM32\config\SECURITY.LOG L'objet est verrouillé ignoré

C:\WINDOWS\SYSTEM32\config\AppEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS\SYSTEM32\config\SecEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS\SYSTEM32\config\SysEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS\SYSTEM32\config\SYSTEM L'objet est verrouillé ignoré

C:\WINDOWS\SYSTEM32\config\SOFTWARE L'objet est verrouillé ignoré

C:\WINDOWS\SYSTEM32\config\DEFAULT L'objet est verrouillé ignoré

C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb L'objet est verrouillé ignoré

C:\WINDOWS\SYSTEM32\CatRoot2\edb.log L'objet est verrouillé ignoré

C:\WINDOWS\SYSTEM32\h323log.txt L'objet est verrouillé ignoré

C:\WINDOWS\SYSTEM32\nsfB.dll L'objet est verrouillé ignoré

C:\WINDOWS\SYSTEM32\Agent.OMZ.Fix.exe L'objet est verrouillé ignoré

C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré

C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré

C:\WINDOWS\CSC\00000001 L'objet est verrouillé ignoré

C:\WINDOWS\SchedLog.Txt L'objet est verrouillé ignoré

C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré

C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré

C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré

Analyse terminée.
0
Réponse 14 / 16
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
20 janv. 2009 à 07:26
poste moi un nouveau rapport RSIT.

A+
0
Réponse 15 / 16
lapatatebleue
22 janv. 2009 à 23:10
Logfile of random's system information tool 1.05 (written by random/random)
Run by Standard at 2009-01-22 17:08:11
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 3 GB (33%) free of 10 GB
Total RAM: 191 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:09:02, on 2009-01-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Standard\Bureau\RSIT.exe
C:\Program Files\trend micro\Standard.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Program Files\Netscape\Users\User00\prefs.js)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Documents and Settings\Standard\Mes documents\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/...
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
0
Réponse 16 / 16
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
23 janv. 2009 à 00:04
OK,

Il faut que tu installes un parefeu.
n va installer un parefeu. C'est un peu compliqué car les parefeus actuels peuvent être capricieux.
Ils interfèrent dans toutes les applications qui veulent accéder au net.
Tu as donc dans un premier temps des alertes qui te demandent si tu acceptes ou pas que tel ou tel programme accède à tel ou tel autre programme.

Si tu n'es pas très habitué à ce genre d'alertes, je te conseille de ne pas choisir un niveau trop élevé de protections. Ce sera suffisant mais tu ne seras pas gené tout le temps.

je t'indique trois produits. Installe en un et dis moi ton choix.
Essaie le et comprend le fonctionnement de ce type de protection.

pare-feu gratuits :

Zone alarm :
https://www.malekal.com/tutoriel-zonealarm-firewall/

- Comodo™ Firewall ( version 3.0 en anglais, sinon 2.4 multi-langues )
https://www.malekal.com/tutorial-comodo-firewall/
http://www.personalfirewall.comodo.com/download_firewall.html#fw2.4
Attention décochez lors de l'installation les options relatives à AskBar

- Kerio Personal Firewall
https://www.malekal.com/tutorial-et-guide-counterspy/

Le meilleur, à mon avis, est Comodo., mais il faut savoir le configurer.
il y a différents niveaux de protection ( trial pour apprentissage, safe par défaut, .., paranoid déconseillé ).

ZoneAlarm est connu. Lis le tuto. Il y a une partie Contrôle des programmes et leurs accès à internet. Ceci t'expliquera comment réagir avec les alertes.

Tu me postes ensuite un log Hijackthis ( pas RSIT )

A+
0

Discussions similaires

Télécharger le logiciel Encarta gratuit 2015 version française.
Rémy M. SAKI -
medab -

13 réponses
Telecharger encarta junior 2015 Gratuit en Francais
Chairman -
Weuz -

2 réponses