Se connecter / S'enregistrer
Votre question

Hldrrr.exe, Hidr.exe et wintems.exe

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
2 Juin 2007 16:27:09


Posté le 02-06-2007 à 14:46:00 profileditEdition rapideansweranswer +answer -MPFavoris
Prévenir les modérateurs en cas d'abus


Bonjours,

donc voilà mon problème :
J'ai téléchargé: Un livre de code pour console et malheureusement c'était une archive infécté : Wintems.exe et Hldrrr.exe, hidr.exe

J'ai en logiciel de protection : Jetico Personnal Firewall, Process Guard, Avast, Spyware Terminator, Ykill, un pare feu physique dans mon routeur Dlink .
Sinon jai Control Cleaner, Regseeker !
J'ai téléchargé FSBL, Clean !

J'ai mis à jour avast et à premiere vu il n'est plus bloqué !

Et jai une question, qu'est ce que c'est Boltjoygram.exe il génere des erreurs à chaque démarrage !!!

Merci

Autres pages sur : hldrrr exe hidr exe wintems exe

a b 8 Sécurité
2 Juin 2007 16:44:26

Bonjour,

Télécharge ELIBAGLA en bas de cette page.
Clique sur le bouton Descargar Elibagla, cela va télécharger le fichier, place-le sur ton Bureau.
Double-clique dessus pour l'ouvrir.
Assure-toi que dans le menu déroulant Unidad, vous ayez bien C:\
Vérifie aussi aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente soit bien cochée.
Clique sur le bouton Explorar pour lancer l'analyse.
Poste le rapport généré en fin fin d'analyse.

AIDE : Comment supprimer Bagle ?
2 Juin 2007 19:19:44

Donc j'ai fais une analyse avec elibagla, mais il y a aucun fichier de rapport !!!
a b 8 Sécurité
2 Juin 2007 19:21:55

Re,

Télécharge Blacklight (F-Secure), clique sur " I ACCEPT " en bas de la page :
Clique sur le premier " Download " afin de télécharger le programme
Sauvegarde le sur ton Bureau
Double-clique fsbl.exe et accepte la licence; clique Scan puis Next.

A la fin du scan, NE TOUCHE A RIEN !

Tu verras un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
Nous devons analyser ce rapport, ferme donc le BlackLight.

Poste le rapport sur le forum.

AIDE : Tuto sur BlackLight (Malekal)
2 Juin 2007 19:46:21

06/02/07 19:24:20 [Info]: BlackLight Engine 1.0.61 initialized
06/02/07 19:24:20 [Info]: OS: 5.0 build 2195 (Service Pack 4)
06/02/07 19:24:20 [Note]: 7019 4
06/02/07 19:24:20 [Note]: 7005 0
06/02/07 19:24:25 [Error]: 6024 1
06/02/07 19:24:25 [Error]: 6024 1
06/02/07 19:24:25 [Note]: 7006 0
06/02/07 19:24:26 [Note]: 7027 1
06/02/07 19:24:26 [Note]: 7027 0
06/02/07 19:24:33 [Note]: 7026 0
06/02/07 19:24:34 [Note]: 7026 0
06/02/07 19:24:34 [Error]: 6024 1
06/02/07 19:24:58 [Note]: FSRAW library version 1.7.1021
06/02/07 19:27:10 [Error]: 6023 5
06/02/07 19:42:27 [Note]: 7007 0

Est ce que je dois télécharger Hijackthis ????
a b 8 Sécurité
2 Juin 2007 19:51:04

Oui :) 
2 Juin 2007 19:54:20

donc je l'ai téléchargé, et qu'est ce que je dois faire avec ?
a b 8 Sécurité
2 Juin 2007 19:55:55

Citation :
Télécharge Hijackthis (de Merjin).
Dézippe-le dans un dossier ou sur ton Bureau.

Lance l'application (Hijackthis.exe) :
- Choisis l'option "Do a system scan and save a logfile"
- Le Bloc-Notes s'ouvre, poste son contenu :

-> Edition / Sélectionner tout
-> Edition / Copier
-> Clique-Droit / Coller dans ta réponse


AIDE : Tuto en vidéo sur Hijackthis

;) 
2 Juin 2007 20:05:42

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:00:38, on 02/06/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ProcessGuard\dcsuserprot.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
D:\Program files\Winamp\Winampa.exe
C:\WINNT\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\ProcessGuard\pgaccount.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\ProcessGuard\procguard.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\Mozilla downloads\HiJackThis_v2.exe
D:\Mozilla downloads\EliBaglA.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.ircfast.com/index.php?rvs=hompag
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Program files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe"
O4 - HKLM\..\Run: [!1_pgaccount] "C:\Program Files\ProcessGuard\pgaccount.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Browsefrag] C:\DOCUME~1\simon\APPLIC~1\ACIDSI~1\boltjoygram.exe
O4 - HKCU\..\Run: [!1_ProcessGuard_Startup] "C:\Program Files\ProcessGuard\procguard.exe" -minimize
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jh...
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Gestion d'applications (AppMgmt) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Explorateur d'ordinateur (Browser) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: DiamondCS ProcessGuard Service v3.410 (DCSPGSRV) - DiamondCS - C:\Program Files\ProcessGuard\dcsuserprot.exe
O23 - Service: Client DHCP (Dhcp) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINNT\System32\dmadmin.exe
O23 - Service: Gestionnaire de disque logique (dmserver) - Unknown owner - C:\WINNT\System32\services.exe
O23 - Service: Client DNS (Dnscache) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Service de télécopie (Fax) - Unknown owner - C:\WINNT\system32\faxsvc.exe
O23 - Service: Serveur (lanmanserver) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Station de travail (lanmanworkstation) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Service d'application d'assistance TCP/IP NetBIOS (LmHosts) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Affichage des messages (Messenger) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINNT\system32\mnmsrvc.exe
O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINNT\system32\netdde.exe
O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINNT\system32\netdde.exe
O23 - Service: Ouverture de session réseau (Netlogon) - Unknown owner - C:\WINNT\system32\lsass.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Fournisseur de la prise en charge de sécurité LM NT (NtLmSsp) - Unknown owner - C:\WINNT\system32\lsass.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Agent de stratégie IPSEC (PolicyAgent) - Unknown owner - C:\WINNT\system32\lsass.exe
O23 - Service: Emplacement protégé (ProtectedStorage) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Gestionnaire de comptes de sécurité (SamSs) - Unknown owner - C:\WINNT\system32\lsass.exe
O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINNT\System32\SCardSvr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINNT\System32\SCardSvr.exe
O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - C:\WINNT\system32\MSTask.exe
O23 - Service: Service d'exécution par délégation (seclogon) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Service SNMP (SNMP) - Unknown owner - C:\WINNT\System32\snmp.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINNT\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINNT\system32\tlntsvr.exe
O23 - Service: Client de suivi de lien distribué (TrkWks) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Gestionnaire d'utilitaires (UtilMan) - Unknown owner - C:\WINNT\System32\UtilMan.exe
O23 - Service: Horloge Windows (W32Time) - Unknown owner - C:\WINNT\System32\services.exe
O23 - Service: Infrastructure de gestion Windows (WinMgmt) - Unknown owner - C:\WINNT\System32\WBEM\WinMgmt.exe
O23 - Service: Extensions du pilote WMI (Wmi) - Unknown owner - C:\WINNT\system32\Services.exe

--
End of file - 11051 bytes
2 Juin 2007 20:08:02

voila le rapport de Elibagle, je viens de le trouvé :)  //

Sat Jun 02 19:06:11 2007
EliBagle v10.40 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINNT\SYSTEM32\WINTEMS.EXE --> Eliminado Bagle
C:\WINNT\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\SIMON\APPLICATION DATA\HIDIRES\HIDR.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\SIMON\APPLICATION DATA\HIDIRES\M_HOOK.SYS --> Eliminado Bagle (rootkit)
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.40
a "virus@satinfo.es". Gracias.
C:\WINNT\SYSTEM32\HLDRRR.EXE --> Eliminado Bagle
Eliminada Carpeta "%WinDir%\exefld"
Restaurada Clave: "SafeBoot\Minimal y Network"

Sat Jun 02 19:06:51 2007
EliBagle v10.40 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Sat Jun 02 19:11:34 2007
EliBagle v10.40 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Sat Jun 02 19:52:47 2007
EliBagle v10.40 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Eliminada Carpeta "%AppData%\Hidires"

Sat Jun 02 19:52:58 2007
EliBagle v10.40 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
3 Juin 2007 11:01:32

Merci angeldark, c'est logiciel ont été éliminé !!!!!
Mon pc est enfin décontaminé !!!
a b 8 Sécurité
3 Juin 2007 20:50:05

On n'a pas terminé :) 

Télécharge LopResearch.zip
Dézippe-le sur ton Bureau uniquement.
Double-clique sur le fichier Scan.bat
Un rapport sera généré, poste son contenu ici.
3 Juin 2007 23:00:52

:)  ok désolé, mais en tout cas il n'y a plus de problème apparant !!!
4 Juin 2007 18:22:28

Rapport lopxpMH2 version 2.0 fait à 22:58:37,00 le dim. 03/06/2007
C:\Documents and Settings\simon\Bureau\Protection

******************************************
## Répertoires Application Data

Le volume dans le lecteur C s'appelle HDD System
Le numéro de série du volume est 8853-26B9

Répertoire de C:\Documents and Settings\Administrateur\Application Data

09/03/2007 02:18 <DIR> .
09/03/2007 02:18 <DIR> ..
09/03/2007 02:18 <DIR> Identities
09/03/2007 02:18 <DIR> Microsoft
10/03/2007 16:04 <DIR> Mozilla
10/03/2007 16:05 <DIR> Talkback
0 fichier(s) 0 octets
6 Rép(s) 4 703 629 312 octets libres
Le volume dans le lecteur C s'appelle HDD System
Le numéro de série du volume est 8853-26B9

Répertoire de C:\Documents and Settings\Administrateur\Local Settings\Application Data

09/03/2007 02:18 <DIR> .
09/03/2007 02:18 <DIR> ..
09/03/2007 02:18 <DIR> Microsoft
10/03/2007 16:04 <DIR> Mozilla
0 fichier(s) 0 octets
4 Rép(s) 4 703 625 216 octets libres
Le volume dans le lecteur C s'appelle HDD System
Le numéro de série du volume est 8853-26B9

Répertoire de C:\Documents and Settings\All Users\Application Data

09/03/2007 01:24 <DIR> .
09/03/2007 01:24 <DIR> ..
09/03/2007 03:46 <DIR> Adobe
11/03/2007 17:01 <DIR> Adobe Systems
10/03/2007 23:24 <DIR> DVD Shrink
17/03/2007 00:36 <DIR> Enc Build Mode Start
13/04/2007 21:06 <DIR> Messenger Plus!
09/03/2007 01:43 <DIR> Microsoft
08/04/2007 18:43 <DIR> Spyware Terminator
10/03/2007 22:43 <DIR> Yahoo! Companion
0 fichier(s) 0 octets
10 Rép(s) 4 703 625 216 octets libres
Le volume dans le lecteur C s'appelle HDD System
Le numéro de série du volume est 8853-26B9

Répertoire de C:\Documents and Settings\Default User\Application Data

09/03/2007 01:24 <DIR> .
09/03/2007 01:24 <DIR> ..
09/03/2007 02:04 <DIR> Microsoft
08/04/2007 18:48 <DIR> Spyware Terminator
0 fichier(s) 0 octets
4 Rép(s) 4 703 625 216 octets libres
Le volume dans le lecteur C s'appelle HDD System
Le numéro de série du volume est 8853-26B9

Répertoire de C:\Documents and Settings\Default User\Local Settings\Application Data

09/03/2007 01:24 <DIR> .
09/03/2007 01:24 <DIR> ..
0 fichier(s) 0 octets
2 Rép(s) 4 703 625 216 octets libres
Le volume dans le lecteur C s'appelle HDD System
Le numéro de série du volume est 8853-26B9

Répertoire de C:\Documents and Settings\sim2\Application Data

20/03/2007 21:39 <DIR> .
20/03/2007 21:39 <DIR> ..
20/03/2007 21:39 <DIR> Identities
20/03/2007 21:39 <DIR> Microsoft
20/03/2007 21:43 <DIR> Mozilla
20/03/2007 21:43 <DIR> Talkback
0 fichier(s) 0 octets
6 Rép(s) 4 703 625 216 octets libres
Le volume dans le lecteur C s'appelle HDD System
Le numéro de série du volume est 8853-26B9

Répertoire de C:\Documents and Settings\sim2\Local Settings\Application Data

20/03/2007 21:39 <DIR> .
20/03/2007 21:39 <DIR> ..
20/03/2007 21:39 <DIR> Microsoft
20/03/2007 21:43 <DIR> Mozilla
0 fichier(s) 0 octets
4 Rép(s) 4 703 625 216 octets libres
Le volume dans le lecteur C s'appelle HDD System
Le numéro de série du volume est 8853-26B9

Répertoire de C:\Documents and Settings\simon\Application Data

09/03/2007 02:46 <DIR> .
09/03/2007 02:46 <DIR> ..
15/03/2007 23:11 <DIR> Acid sign book
09/03/2007 03:25 <DIR> Adobe
09/03/2007 03:25 <DIR> AdobeUM
11/03/2007 12:17 <DIR> Ahead
12/03/2007 23:49 <DIR> Azureus
01/04/2007 01:44 <DIR> dvdcss
11/03/2007 21:08 <DIR> Help
09/03/2007 02:46 <DIR> Identities
22/03/2007 23:16 <DIR> Jetico Personal Firewall
09/03/2007 03:14 <DIR> Macromedia
09/03/2007 02:46 <DIR> Microsoft
09/03/2007 03:41 <DIR> Mozilla
26/05/2007 13:22 <DIR> Nvu
29/03/2007 20:57 <DIR> OpenOffice.org2
27/05/2007 13:05 <DIR> Opera
22/04/2007 12:42 <DIR> Real
15/05/2007 18:57 <DIR> Shareaza
18/05/2007 22:22 <DIR> Skype
08/04/2007 18:43 <DIR> Spyware Terminator
24/05/2007 19:41 <DIR> Sun
09/03/2007 03:43 <DIR> Talkback
08/04/2007 18:58 <DIR> Thunderbird
13/03/2007 22:50 <DIR> utorrent
10/03/2007 23:28 <DIR> vlc
09/03/2007 14:37 0 AVSDVDPlayer.m3u
1 fichier(s) 0 octets
26 Rép(s) 4 703 559 680 octets libres
Le volume dans le lecteur C s'appelle HDD System
Le numéro de série du volume est 8853-26B9

Répertoire de C:\Documents and Settings\simon\Local Settings\Application Data

09/03/2007 02:46 <DIR> .
09/03/2007 02:46 <DIR> ..
09/03/2007 03:25 <DIR> Adobe
11/03/2007 12:39 <DIR> Ahead
11/03/2007 21:08 <DIR> Help
09/03/2007 02:46 <DIR> Microsoft
09/03/2007 03:41 <DIR> Mozilla
15/05/2007 18:57 <DIR> Shareaza
08/04/2007 18:58 <DIR> Thunderbird
0 fichier(s) 0 octets
9 Rép(s) 4 703 621 120 octets libres

******************************************
Recherche des taches planifiées dans C:\WINNT\tasks

******************************************
## Répertoires de C:\Program Files

Le volume dans le lecteur C s'appelle HDD System
Le numéro de série du volume est 8853-26B9

Répertoire de C:\Program Files

09/03/2007 02:01 <DIR> Accessoires
17/03/2007 00:35 <DIR> Acid sign book
11/03/2007 17:12 <DIR> Adobe
09/03/2007 03:01 <DIR> Alwil Software
12/03/2007 22:01 <DIR> AVSMedia
11/03/2007 21:06 <DIR> Axon Data
26/03/2007 21:39 <DIR> CD'n'Go! Suite
29/03/2007 22:07 <DIR> CEDP Stealer 6.0 for Messenger
09/03/2007 02:03 <DIR> ComPlus Applications
03/06/2007 18:55 <DIR> eMule
18/03/2007 13:50 <DIR> EPSON
09/03/2007 02:29 <DIR> ERUNT
22/04/2007 20:03 <DIR> Fichiers communs
29/05/2007 21:17 <DIR> FunWebProducts
18/03/2007 15:48 <DIR> FusionSoft DVD Player XP
29/05/2007 20:15 <DIR> Internet Explorer
09/03/2007 04:01 <DIR> IZArc
23/05/2007 13:47 <DIR> Java
22/03/2007 23:04 <DIR> Jetico
19/03/2007 21:27 <DIR> Lavalys
09/03/2007 02:02 <DIR> Lecteur Windows Media
13/03/2007 21:40 <DIR> Logitech
12/03/2007 23:18 <DIR> Messenger
13/04/2007 20:57 <DIR> MessengerPlus! 3
09/03/2007 02:07 <DIR> microsoft frontpage
24/05/2007 19:13 <DIR> Movie Maker
31/05/2007 22:13 <DIR> Mozilla Firefox
03/06/2007 22:38 <DIR> Mozilla Thunderbird
29/05/2007 20:15 <DIR> MSN Messenger
29/05/2007 20:15 <DIR> MyWebSearch
11/03/2007 12:13 <DIR> Nero
09/03/2007 15:00 <DIR> NetMeeting
10/03/2007 15:55 <DIR> Netropa
26/05/2007 11:37 <DIR> Nvu
09/03/2007 13:04 <DIR> OpenOffice.org 2.1
20/03/2007 21:39 <DIR> Outlook Express
26/03/2007 19:38 <DIR> ProcessGuard
22/04/2007 12:43 <DIR> Real
12/03/2007 19:26 <DIR> Rippackv3
18/05/2007 22:21 <DIR> Skype
03/06/2007 20:10 <DIR> Spyware Terminator
09/03/2007 02:32 <DIR> VideoLAN
09/03/2007 02:23 <DIR> Western Digital
09/03/2007 13:29 <DIR> Western Digital Technologies
24/05/2007 19:12 <DIR> Windows Media Player
09/03/2007 03:41 <DIR> Windows NT
09/03/2007 02:28 <DIR> WinPcap
05/05/2007 00:00 <DIR> XBC
01/05/2007 16:33 <DIR> Xbox Controller
09/03/2007 03:30 <DIR> xp-AntiSpy
10/03/2007 22:31 <DIR> Yahoo!
22/03/2007 23:43 <DIR> YKill
0 fichier(s) 0 octets
53 Rép(s) 4 703 555 584 octets libres

******************************************
## Popups autorisées

* Internet Explorer

* Mozilla Firefox (1 autorisé 2 interdit)
Rapport fait à 18:18:49,55 le lun. 04/06/2007

Le volume dans le lecteur C s'appelle HDD System
Le num‚ro de s‚rie du volume est 8853-26B9

R‚pertoire de C:\Documents and Settings\Administrateur\Application Data

10/03/2007 16:05 <DIR> Talkback
10/03/2007 16:04 <DIR> Mozilla
09/03/2007 02:18 <DIR> Identities
09/03/2007 02:18 <DIR> Microsoft
09/03/2007 02:18 <DIR> ..
09/03/2007 02:18 <DIR> .
0 fichier(s) 0 octets
6 R‚p(s) 4704296960 octets libres
Le volume dans le lecteur C s'appelle HDD System
Le num‚ro de s‚rie du volume est 8853-26B9

R‚pertoire de C:\Documents and Settings\All Users\Application Data

13/04/2007 21:06 <DIR> Messenger Plus!
08/04/2007 18:43 <DIR> Spyware Terminator
17/03/2007 00:36 <DIR> Enc Build Mode Start
11/03/2007 17:01 <DIR> Adobe Systems
10/03/2007 23:24 <DIR> DVD Shrink
10/03/2007 22:43 <DIR> Yahoo! Companion
09/03/2007 03:46 <DIR> Adobe
09/03/2007 01:43 <DIR> Microsoft
09/03/2007 01:24 <DIR> ..
09/03/2007 01:24 <DIR> .
0 fichier(s) 0 octets
10 R‚p(s) 4704296960 octets libres
Le volume dans le lecteur C s'appelle HDD System
Le num‚ro de s‚rie du volume est 8853-26B9

R‚pertoire de C:\Documents and Settings\Default User\Application Data

08/04/2007 18:48 <DIR> Spyware Terminator
09/03/2007 02:04 <DIR> Microsoft
09/03/2007 01:24 <DIR> ..
09/03/2007 01:24 <DIR> .
0 fichier(s) 0 octets
4 R‚p(s) 4704296960 octets libres
Le volume dans le lecteur C s'appelle HDD System
Le num‚ro de s‚rie du volume est 8853-26B9

R‚pertoire de C:\Documents and Settings\sim2\Application Data

20/03/2007 21:43 <DIR> Talkback
20/03/2007 21:43 <DIR> Mozilla
20/03/2007 21:39 <DIR> Identities
20/03/2007 21:39 <DIR> Microsoft
20/03/2007 21:39 <DIR> ..
20/03/2007 21:39 <DIR> .
0 fichier(s) 0 octets
6 R‚p(s) 4704296960 octets libres
Le volume dans le lecteur C s'appelle HDD System
Le num‚ro de s‚rie du volume est 8853-26B9

R‚pertoire de C:\Documents and Settings\simon\Application Data

27/05/2007 13:05 <DIR> Opera
26/05/2007 13:22 <DIR> Nvu
24/05/2007 19:41 <DIR> Sun
18/05/2007 22:22 <DIR> Skype
15/05/2007 18:57 <DIR> Shareaza
22/04/2007 12:42 <DIR> Real
08/04/2007 18:58 <DIR> Thunderbird
08/04/2007 18:43 <DIR> Spyware Terminator
01/04/2007 01:44 <DIR> dvdcss
29/03/2007 20:57 <DIR> OpenOffice.org2
22/03/2007 23:16 <DIR> Jetico Personal Firewall
15/03/2007 23:11 <DIR> Acid sign book
13/03/2007 22:50 <DIR> utorrent
12/03/2007 23:49 <DIR> Azureus
11/03/2007 21:08 <DIR> Help
11/03/2007 12:17 <DIR> Ahead
10/03/2007 23:28 <DIR> vlc
09/03/2007 14:37 0 AVSDVDPlayer.m3u
09/03/2007 03:43 <DIR> Talkback
09/03/2007 03:41 <DIR> Mozilla
09/03/2007 03:25 <DIR> AdobeUM
09/03/2007 03:25 <DIR> Adobe
09/03/2007 03:14 <DIR> Macromedia
09/03/2007 02:46 <DIR> Identities
09/03/2007 02:46 <DIR> Microsoft
09/03/2007 02:46 <DIR> ..
09/03/2007 02:46 <DIR> .
1 fichier(s) 0 octets
26 R‚p(s) 4704231424 octets libres
******************************************
Recherche des taches planifiées dans C:\WINNT\tasks

Le volume dans le lecteur C s'appelle HDD System
Le num‚ro de s‚rie du volume est 8853-26B9

R‚pertoire de C:\WINNT\Tasks

09/03/2007 02:05 6 SA.DAT
09/03/2007 02:04 65 desktop.ini
09/03/2007 02:04 <DIR> ..
09/03/2007 02:04 <DIR> .
2 fichier(s) 71 octets
2 R‚p(s) 4ÿ704ÿ292ÿ864 octets libres

******************************************
Recherche dans Program files

Pas de dossiers relatifs à Lop
******************************************
Recherche d'infections connues


C:\WINNT\system32\csrss.exe Wareout possible ! [#ff0000]faux-positif si csrss.exe ![/#f]
*************** Fin du rapport ****************
5 Juin 2007 18:29:03

Logfile of HijackThis v1.99.1
Scan saved at 18:12:48, on 05/06/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ProcessGuard\dcsuserprot.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
D:\Program files\Winamp\Winampa.exe
C:\WINNT\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\ProcessGuard\pgaccount.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\ProcessGuard\procguard.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PROGRA~1\IZArc\IZArc.exe
C:\Documents and Settings\simon\Bureau\Protection\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.ircfast.com/index.php?rvs=hompag
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Program files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe"
O4 - HKLM\..\Run: [!1_pgaccount] "C:\Program Files\ProcessGuard\pgaccount.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Browsefrag] C:\DOCUME~1\simon\APPLIC~1\ACIDSI~1\boltjoygram.exe
O4 - HKCU\..\Run: [!1_ProcessGuard_Startup] "C:\Program Files\ProcessGuard\procguard.exe" -minimize
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jh...
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DiamondCS ProcessGuard Service v3.410 (DCSPGSRV) - DiamondCS - C:\Program Files\ProcessGuard\dcsuserprot.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

a b 8 Sécurité
5 Juin 2007 18:36:41

Re,

Re,

- Lance Hijackthis ->Do a system scan only
->Coche les lignes ci-dessous :

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Browsefrag] C:\DOCUME~1\simon\APPLIC~1\ACIDSI~1\boltjoygram.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolb [...] p=ZNfox000

Clique sur Fix checked (en bas à gauche)

Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
Sélectionne TOUS les emplacements en gras ci-dessous :

C:\Program Files\MyWebSearch
C:\Documents and Settings\All Users\Application Data\Enc Build Mode Start
C:\Documents and Settings\simon\Application Data\Acid sign book
C:\Program Files\Acid sign book


---> Clique-droit puis Copier (ou Ctrl+C)

Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
Clique maintenant sur [#ff0000]MoveIt![/#f]

[#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.[/#f]

Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
6 Juin 2007 21:16:29

C:\Program Files\MyWebSearch\SrchAstt moved successfully.
C:\Program Files\MyWebSearch\bar\Settings moved successfully.
C:\Program Files\MyWebSearch\bar\Notifier moved successfully.
C:\Program Files\MyWebSearch\bar\Message moved successfully.
C:\Program Files\MyWebSearch\bar\icons moved successfully.
Folder move failed. C:\Program Files\MyWebSearch\bar\History\search2 scheduled to be moved on reboot.
C:\Program Files\MyWebSearch\bar\History moved successfully.
C:\Program Files\MyWebSearch\bar\Game moved successfully.
Folder move failed. C:\Program Files\MyWebSearch\bar\Cache\0070E30D scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MyWebSearch\bar\Cache\00051A86 scheduled to be moved on reboot.
C:\Program Files\MyWebSearch\bar\Cache moved successfully.
C:\Program Files\MyWebSearch\bar\Avatar moved successfully.
Folder cleanup failed. C:\Program Files\MyWebSearch\bar scheduled to be deleted on reboot.
Folder cleanup failed. C:\Program Files\MyWebSearch scheduled to be deleted on reboot.
C:\Documents and Settings\All Users\Application Data\Enc Build Mode Start moved successfully.
C:\Documents and Settings\simon\Application Data\Acid sign book moved successfully.
C:\Program Files\Acid sign book moved successfully.
File/Folder not found.

Created on 06/06/2007 19:29:57
a b 8 Sécurité
6 Juin 2007 21:30:17

Reposte un rapport Hijackthis.
7 Juin 2007 18:32:50

ok :) 
7 Juin 2007 18:34:06

Logfile of HijackThis v1.99.1
Scan saved at 18:31:04, on 07/06/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ProcessGuard\dcsuserprot.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
D:\Program files\Winamp\Winampa.exe
C:\WINNT\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe
C:\Program Files\ProcessGuard\pgaccount.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\ProcessGuard\procguard.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\simon\Bureau\Protection\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.ircfast.com/index.php?rvs=hompag
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Program files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe"
O4 - HKLM\..\Run: [!1_pgaccount] "C:\Program Files\ProcessGuard\pgaccount.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [!1_ProcessGuard_Startup] "C:\Program Files\ProcessGuard\procguard.exe" -minimize
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DiamondCS ProcessGuard Service v3.410 (DCSPGSRV) - DiamondCS - C:\Program Files\ProcessGuard\dcsuserprot.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
a b 8 Sécurité
7 Juin 2007 19:35:15

Re,

  • Fais un scan en ligne Kaspersky avec Internet Explorer :
  • Clique sur
  • Clique maintenant sur J'accepte.
  • Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
  • Patiente pendant l'installation des Mises à jour.
  • Choisis par la suite l'analyse du Poste de travail
  • Sauvegarde puis colle le rapport généré en fin d'analyse.

    AIDE : Tuto sur le scan en ligne

    NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
    28 Mai 2008 21:55:45

    Bonjour, j'ai le même probléme, j'ai lu ce topic et je n'arrive pas à me débarasser de ces rootkit :( 
    Je vous donne le rapport BlackLight, aidez moi s'il vous plait j'en peux plus :sweat: 

    05/28/08 21:17:19 [Info]: BlackLight Engine 1.0.70 initialized
    05/28/08 21:17:19 [Info]: OS: 5.1 build 2600 (Service Pack 3)
    05/28/08 21:17:19 [Note]: 7019 4
    05/28/08 21:17:19 [Note]: 7005 0
    05/28/08 21:17:59 [Note]: 7006 0
    05/28/08 21:17:59 [Note]: 7011 1544
    05/28/08 21:17:59 [Note]: 7035 0
    05/28/08 21:18:29 [Note]: 7026 0
    05/28/08 21:19:00 [Note]: 7026 0
    05/28/08 21:19:00 [Note]: 7024 3
    05/28/08 21:19:00 [Info]: Hidden process: C:\Documents and Settings\Rahaimii\Application Data\m\flec006.exe
    05/28/08 21:19:01 [Note]: 7024 3
    05/28/08 21:19:01 [Info]: Hidden process: C:\WINDOWS\system32\drivers\hldrrr.exe
    05/28/08 21:19:38 [Note]: FSRAW library version 1.7.1024
    05/28/08 21:19:54 [Info]: Hidden file: C:\Documents and Settings\Rahaimii\Application Data\m\flec006.exe
    05/28/08 21:19:54 [Note]: 10002 2
    05/28/08 21:19:55 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\1st Security Agent 6.5.zi
    05/28/08 21:19:55 [Note]: 10002 3
    05/28/08 21:19:55 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\1toX 2.65 Key+Serial.zip
    05/28/08 21:19:55 [Note]: 10002 3
    05/28/08 21:19:55 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\2D GhostForest Interactiv
    05/28/08 21:19:55 [Note]: 10002 3
    05/28/08 21:19:55 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\2Wbmp 5.2 Crack.zip
    05/28/08 21:19:55 [Note]: 10002 3
    05/28/08 21:19:55 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\360.3D Project 6.1.zip
    05/28/08 21:19:55 [Note]: 10002 3
    05/28/08 21:19:55 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\3D Editor 1.03.zip
    05/28/08 21:19:55 [Note]: 10002 3
    05/28/08 21:19:55 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\3GP Player 1.95.zip
    05/28/08 21:19:55 [Note]: 10002 3
    05/28/08 21:19:55 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\A+ GuardPrivacy Remote Co
    05/28/08 21:19:56 [Note]: 10002 3
    05/28/08 21:19:56 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\AccelMan 3 build 3250.zip
    05/28/08 21:19:56 [Note]: 10002 3
    05/28/08 21:19:56 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Acne Free - The Natural W
    05/28/08 21:19:56 [Note]: 10002 3
    05/28/08 21:19:56 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\ADOBE ACE Photoshop CS ce
    05/28/08 21:19:56 [Note]: 10002 3
    05/28/08 21:19:56 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Advanced Biorhythms 2004
    05/28/08 21:19:56 [Note]: 10002 3
    05/28/08 21:19:56 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Age of Mythology - World
    05/28/08 21:19:56 [Note]: 10002 3
    05/28/08 21:19:56 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\All Tracks Gone Internet
    05/28/08 21:19:56 [Note]: 10002 3
    05/28/08 21:19:56 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Alloy Network Inventory 4
    05/28/08 21:19:56 [Note]: 10002 3
    05/28/08 21:19:56 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\MvPCinfo 2.2.1.1.zip
    05/28/08 21:19:56 [Note]: 10002 3
    05/28/08 21:19:56 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\MyBAK 1.0.35.zip
    05/28/08 21:19:56 [Note]: 10002 3
    05/28/08 21:19:56 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\MyToolkit 2.1.0.0.zip
    05/28/08 21:19:56 [Note]: 10002 3
    05/28/08 21:19:56 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\NC Import for Rhino 1.0 (
    05/28/08 21:19:56 [Note]: 10002 3
    05/28/08 21:19:56 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Network Diagnostic Tool 9
    05/28/08 21:19:56 [Note]: 10002 3
    05/28/08 21:19:56 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\NetYAK Voice Client 1.10.
    05/28/08 21:19:56 [Note]: 10002 3
    05/28/08 21:19:56 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\NTS File Mover 1.52.zip
    05/28/08 21:19:56 [Note]: 10002 3
    05/28/08 21:19:56 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Odbc 4 All 2.1.zip
    05/28/08 21:19:56 [Note]: 10002 3
    05/28/08 21:19:56 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Overture DomainFinder 1.0
    05/28/08 21:19:56 [Note]: 10002 3
    05/28/08 21:19:56 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Parent Tools for AIM 2.5.
    05/28/08 21:19:56 [Note]: 10002 3
    05/28/08 21:19:56 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Paypal Flash Button Enhan
    05/28/08 21:19:56 [Note]: 10002 3
    05/28/08 21:19:56 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\PC Error Eliminator 3.00
    05/28/08 21:19:56 [Note]: 10002 3
    05/28/08 21:19:56 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\PC-control 2.2.zip
    05/28/08 21:19:56 [Note]: 10002 3
    05/28/08 21:19:56 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\PC-TVS 2150.zip
    05/28/08 21:19:56 [Note]: 10002 3
    05/28/08 21:19:56 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\The Halo Effect Celebrity
    05/28/08 21:19:56 [Note]: 10002 3
    05/28/08 21:19:56 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\The PS3 Report 1.zip
    05/28/08 21:19:56 [Note]: 10002 3
    05/28/08 21:19:56 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\The Sims President Career
    05/28/08 21:19:56 [Note]: 10002 3
    05/28/08 21:19:56 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Trend Micro Anti-Spyware
    05/28/08 21:19:56 [Note]: 10002 3
    05/28/08 21:19:56 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Trialware Submit 3.200.zi
    05/28/08 21:19:56 [Note]: 10002 3
    05/28/08 21:19:57 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\TypeBlaster 3D Desktop To
    05/28/08 21:19:57 [Note]: 10002 3
    05/28/08 21:19:57 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Valentines Day Screensave
    05/28/08 21:19:57 [Note]: 10002 3
    05/28/08 21:19:57 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\VBA Password Recovery Key
    05/28/08 21:19:57 [Note]: 10002 3
    05/28/08 21:19:57 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\VBMOTIF 1.1.05.zip
    05/28/08 21:19:57 [Note]: 10002 3
    05/28/08 21:19:57 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Vendatron - Easy ASP-Base
    05/28/08 21:19:57 [Note]: 10002 3
    05/28/08 21:19:57 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\VideoTrak 2.0.zip
    05/28/08 21:19:57 [Note]: 10002 3
    05/28/08 21:19:57 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Gagne's Nine Events of In
    05/28/08 21:19:57 [Note]: 10002 3
    05/28/08 21:19:57 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Girls Next Door Screen Sa
    05/28/08 21:19:57 [Note]: 10002 3
    05/28/08 21:19:57 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Gmail2Stream 1.7.1.zip
    05/28/08 21:19:57 [Note]: 10002 3
    05/28/08 21:19:57 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Google Earth 4 beta.zip
    05/28/08 21:19:57 [Note]: 10002 3
    05/28/08 21:19:57 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Griffin iMate Driver 2.52
    05/28/08 21:19:57 [Note]: 10002 3
    05/28/08 21:19:57 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\HashTrie 1.0.zip
    05/28/08 21:19:57 [Note]: 10002 3
    05/28/08 21:19:57 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\HelpBox 3.6 Crack.zip
    05/28/08 21:19:57 [Note]: 10002 3
    05/28/08 21:19:57 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Hero Photo Show 2.5.zip
    05/28/08 21:19:57 [Note]: 10002 3
    05/28/08 21:19:57 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\HideIt 2.1.1.zip
    05/28/08 21:19:57 [Note]: 10002 3
    05/28/08 21:19:57 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\HighViewer 2.zip
    05/28/08 21:19:57 [Note]: 10002 3
    05/28/08 21:19:57 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Hot Door Perspective 2.0.
    05/28/08 21:19:57 [Note]: 10002 3
    05/28/08 21:19:57 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Image Recognition Web Tes
    05/28/08 21:19:57 [Note]: 10002 3
    05/28/08 21:19:57 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Images of Mars Screensave
    05/28/08 21:19:57 [Note]: 10002 3
    05/28/08 21:19:57 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Battlefield Vietnam Engli
    05/28/08 21:19:57 [Note]: 10002 3
    05/28/08 21:19:57 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\BezierDraw 1.00.0008.zip
    05/28/08 21:19:57 [Note]: 10002 3
    05/28/08 21:19:57 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Birthday Reminder 1.1.zip
    05/28/08 21:19:57 [Note]: 10002 3
    05/28/08 21:19:57 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Body Tracker 6.1.zip
    05/28/08 21:19:57 [Note]: 10002 3
    05/28/08 21:19:57 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Bullet Witch Screensaver
    05/28/08 21:19:57 [Note]: 10002 3
    05/28/08 21:19:57 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\CallRecorder 1.7.zip
    05/28/08 21:19:58 [Note]: 10002 3
    05/28/08 21:19:58 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\CD Stack 1.0.2.zip
    05/28/08 21:19:58 [Note]: 10002 3
    05/28/08 21:19:58 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\CDBrowser 3.2.zip
    05/28/08 21:19:58 [Note]: 10002 3
    05/28/08 21:19:58 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Change Navigator 1.2.zip
    05/28/08 21:19:58 [Note]: 10002 3
    05/28/08 21:19:58 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Civil Netizen Beta 8.zip
    05/28/08 21:19:58 [Note]: 10002 3
    05/28/08 21:19:58 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\ConversionTrack 1.1.zip
    05/28/08 21:19:58 [Note]: 10002 3
    05/28/08 21:19:58 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Copernicus 1.1.zip
    05/28/08 21:19:58 [Note]: 10002 3
    05/28/08 21:19:58 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Credit Card Manager 2007
    05/28/08 21:19:58 [Note]: 10002 3
    05/28/08 21:19:58 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\CSSTidy 1.3.zip
    05/28/08 21:19:58 [Note]: 10002 3
    05/28/08 21:19:58 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Appointment Book 3.8.zip
    05/28/08 21:19:58 [Note]: 10002 3
    05/28/08 21:19:58 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\eCleaner 2.01.zip
    05/28/08 21:19:58 [Note]: 10002 3
    05/28/08 21:19:58 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\EZOutlookSync 1.6 (Cracke
    05/28/08 21:19:58 [Note]: 10002 3
    05/28/08 21:19:58 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Intel Application Acceler
    05/28/08 21:19:58 [Note]: 10002 3
    05/28/08 21:19:58 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\LingvoSoft Picture Dictio
    05/28/08 21:19:58 [Note]: 10002 3
    05/28/08 21:19:58 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Publish Query to HTML for
    05/28/08 21:19:58 [Note]: 10002 3
    05/28/08 21:19:58 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Return to Castle Wolfenst
    05/28/08 21:19:58 [Note]: 10002 3
    05/28/08 21:19:58 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\SolarWinds Cirrus Configu
    05/28/08 21:19:58 [Note]: 10002 3
    05/28/08 21:19:58 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Survey 2003 1.0.zip
    05/28/08 21:19:58 [Note]: 10002 3
    05/28/08 21:19:58 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\The Elastic Balls Screen
    05/28/08 21:19:58 [Note]: 10002 3
    05/28/08 21:19:58 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Windows HTML To WORD 4.0.
    05/28/08 21:19:58 [Note]: 10002 3
    05/28/08 21:19:58 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Rollercoaster Tycoon 2 Th
    05/28/08 21:19:58 [Note]: 10002 3
    05/28/08 21:19:58 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Roster Faster 8.1 [Serial
    05/28/08 21:19:58 [Note]: 10002 3
    05/28/08 21:19:59 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\RWX Remote Control 2.0 (W
    05/28/08 21:19:59 [Note]: 10002 3
    05/28/08 21:19:59 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\SBNews 10.4.zip
    05/28/08 21:19:59 [Note]: 10002 3
    05/28/08 21:19:59 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Scrapboy 1.0.5.zip
    05/28/08 21:19:59 [Note]: 10002 3
    05/28/08 21:19:59 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Screen Creator Deluxe 7.0
    05/28/08 21:19:59 [Note]: 10002 3
    05/28/08 21:19:59 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\SideStep Toolbar 4.1.20.z
    05/28/08 21:19:59 [Note]: 10002 3
    05/28/08 21:19:59 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\SignGenius SASL Pro 3.1.3
    05/28/08 21:19:59 [Note]: 10002 3
    05/28/08 21:19:59 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Snow3 1.3.1.zip
    05/28/08 21:19:59 [Note]: 10002 3
    05/28/08 21:19:59 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Softdiv MP3 to WAV Conver
    05/28/08 21:19:59 [Note]: 10002 3
    05/28/08 21:19:59 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Link Popularity Monitor 1
    05/28/08 21:19:59 [Note]: 10002 3
    05/28/08 21:19:59 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Lunascape 4.1.3.zip
    05/28/08 21:19:59 [Note]: 10002 3
    05/28/08 21:19:59 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\MacTidy 1.0b14.zip
    05/28/08 21:19:59 [Note]: 10002 3
    05/28/08 21:19:59 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\MDaemon 9.zip
    05/28/08 21:19:59 [Note]: 10002 3
    05/28/08 21:19:59 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\MenuMagic 2.6 build 50.zi
    05/28/08 21:19:59 [Note]: 10002 3
    05/28/08 21:19:59 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Metric Converter 2.1.zip
    05/28/08 21:19:59 [Note]: 10002 3
    05/28/08 21:19:59 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Microsoft Office Dinosaur
    05/28/08 21:19:59 [Note]: 10002 3
    05/28/08 21:19:59 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\MidConverter 4.2.zip
    05/28/08 21:19:59 [Note]: 10002 3
    05/28/08 21:19:59 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\MixMeister Studio 7.0.2.z
    05/28/08 21:19:59 [Note]: 10002 3
    05/28/08 21:19:59 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\MonoFill 1.2.zip
    05/28/08 21:19:59 [Note]: 10002 3
    05/28/08 21:19:59 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\MovKit Video Pack 1.5 Pat
    05/28/08 21:19:59 [Note]: 10002 3
    05/28/08 21:19:59 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Multi Racing Countdown a.
    05/28/08 21:20:00 [Note]: 10002 3
    05/28/08 21:20:00 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Windows Password Analyser
    05/28/08 21:20:00 [Note]: 10002 3
    05/28/08 21:20:00 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\WinRamTurbo Pro v4.92.zip
    05/28/08 21:20:00 [Note]: 10002 3
    05/28/08 21:20:00 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\WiseDesktop 1.5.zip
    05/28/08 21:20:00 [Note]: 10002 3
    05/28/08 21:20:00 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\WordToWeb 2.5d (With Crac
    05/28/08 21:20:00 [Note]: 10002 3
    05/28/08 21:20:00 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Workrave 1.8.4.zip
    05/28/08 21:20:00 [Note]: 10002 3
    05/28/08 21:20:00 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\X-Win32 8.0.2122.zip
    05/28/08 21:20:00 [Note]: 10002 3
    05/28/08 21:20:00 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\XMLMaker 3.0.zip
    05/28/08 21:20:00 [Note]: 10002 3
    05/28/08 21:20:00 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\XNap 3.0-pre1.zip
    05/28/08 21:20:00 [Note]: 10002 3
    05/28/08 21:20:00 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\XP32 3.7.86.zip
    05/28/08 21:20:00 [Note]: 10002 3
    05/28/08 21:20:00 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\YourBestCatalog 0.92.16.z
    05/28/08 21:20:00 [Note]: 10002 3
    05/28/08 21:20:00 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Zalasoft Reminder 2.1.zip
    05/28/08 21:20:00 [Note]: 10002 3
    05/28/08 21:20:00 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\AM-DeadLink 3.1.zip
    05/28/08 21:20:00 [Note]: 10002 3
    05/28/08 21:20:00 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Amor WMV to AVI MPEG VCD
    05/28/08 21:20:00 [Note]: 10002 3
    05/28/08 21:20:00 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Anonymous Surfing 2.0.4.z
    05/28/08 21:20:00 [Note]: 10002 3
    05/28/08 21:20:00 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Antivirus.F-Prot.3.14b.es
    05/28/08 21:20:00 [Note]: 10002 3
    05/28/08 21:20:00 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Any Outlook Express Backu
    05/28/08 21:20:00 [Note]: 10002 3
    05/28/08 21:20:00 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Apex PowerPoint Screensav
    05/28/08 21:20:00 [Note]: 10002 3
    05/28/08 21:20:00 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\ElectraDrive Sync Engine
    05/28/08 21:20:00 [Note]: 10002 3
    05/28/08 21:20:00 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Elephant All-Stars Screen
    05/28/08 21:20:00 [Note]: 10002 3
    05/28/08 21:20:00 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Eltima Serial Port Monito
    05/28/08 21:20:00 [Note]: 10002 3
    05/28/08 21:20:00 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\EndTask Pro 3.2.40.zip
    05/28/08 21:20:00 [Note]: 10002 3
    05/28/08 21:20:00 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\English & Armenian Dictio
    05/28/08 21:20:00 [Note]: 10002 3
    05/28/08 21:20:01 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\EphPod 2.58.zip
    05/28/08 21:20:01 [Note]: 10002 3
    05/28/08 21:20:01 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\ErgoEnterprise Single Use
    05/28/08 21:20:01 [Note]: 10002 3
    05/28/08 21:20:01 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\EvenTrigger 2.2.zip
    05/28/08 21:20:01 [Note]: 10002 3
    05/28/08 21:20:01 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Express Rip 1.41.zip
    05/28/08 21:20:01 [Note]: 10002 3
    05/28/08 21:20:01 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Eye of Horus with JRE 1.0
    05/28/08 21:20:01 [Note]: 10002 3
    05/28/08 21:20:01 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Speed Test Pro 1.0.0.zip
    05/28/08 21:20:01 [Note]: 10002 3
    05/28/08 21:20:01 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Spooky Mansion 1.0.0 [Pat
    05/28/08 21:20:01 [Note]: 10002 3
    05/28/08 21:20:01 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\StatBar 2.406.zip
    05/28/08 21:20:01 [Note]: 10002 3
    05/28/08 21:20:01 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Streamripper for Winamp 2
    05/28/08 21:20:01 [Note]: 10002 3
    05/28/08 21:20:01 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Style XP 3.19 [Serial].zi
    05/28/08 21:20:01 [Note]: 10002 3
    05/28/08 21:20:01 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Survey Galaxy Console 1.0
    05/28/08 21:20:01 [Note]: 10002 3
    05/28/08 21:20:01 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Perfect Screens Lite 4.1.
    05/28/08 21:20:01 [Note]: 10002 3
    05/28/08 21:20:01 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Personal Search Engine 1.
    05/28/08 21:20:01 [Note]: 10002 3
    05/28/08 21:20:01 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Phone Recorder Plus 1.0.z
    05/28/08 21:20:01 [Note]: 10002 3
    05/28/08 21:20:01 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Photo Equalizer 1.0 [Crac
    05/28/08 21:20:01 [Note]: 10002 3
    05/28/08 21:20:01 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Photo-Lux 3.5.571.zip
    05/28/08 21:20:02 [Note]: 10002 3
    05/28/08 21:20:02 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\PocketMoku 1.zip
    05/28/08 21:20:02 [Note]: 10002 3
    05/28/08 21:20:02 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\PrEditor 2.1 [KeyGen].zip
    05/28/08 21:20:02 [Note]: 10002 3
    05/28/08 21:20:02 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\ProChef 7.5.0.zip
    05/28/08 21:20:02 [Note]: 10002 3
    05/28/08 21:20:02 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\CubeVision Clock 1.0.1.zi
    05/28/08 21:20:02 [Note]: 10002 3
    05/28/08 21:20:02 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\CV Sender 1.0.zip
    05/28/08 21:20:02 [Note]: 10002 3
    05/28/08 21:20:02 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\CwGet 1.60 [Patch].zip
    05/28/08 21:20:02 [Note]: 10002 3
    05/28/08 21:20:02 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\CyberLat RAM Cleaner 2.3.
    05/28/08 21:20:02 [Note]: 10002 3
    05/28/08 21:20:02 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Div Divx Fix Repair Joine
    05/28/08 21:20:02 [Note]: 10002 3
    05/28/08 21:20:02 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\DNC Precision 2.0.1 build
    05/28/08 21:20:02 [Note]: 10002 3
    05/28/08 21:20:02 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Dr.Salman's Window Power
    05/28/08 21:20:02 [Note]: 10002 3
    05/28/08 21:20:02 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\dvdXsoft PSP Video Conver
    05/28/08 21:20:02 [Note]: 10002 3
    05/28/08 21:20:02 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Eastsea Outlook Backup 2.
    05/28/08 21:20:02 [Note]: 10002 3
    05/28/08 21:20:02 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Easy Date Converter 9.57.
    05/28/08 21:20:02 [Note]: 10002 3
    05/28/08 21:20:02 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\EasyProjectPlan 11.6.zip
    05/28/08 21:20:02 [Note]: 10002 3
    05/28/08 21:20:02 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\IPCheck Server Monitor 5.
    05/28/08 21:20:02 [Note]: 10002 3
    05/28/08 21:20:02 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\JCreator LE 3.5.zip
    05/28/08 21:20:02 [Note]: 10002 3
    05/28/08 21:20:02 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\JPEG Wizard for Photoshop
    05/28/08 21:20:02 [Note]: 10002 3
    05/28/08 21:20:02 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Jump Style Player Widget
    05/28/08 21:20:03 [Note]: 10002 3
    05/28/08 21:20:03 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\KDfleX 1.0.zip
    05/28/08 21:20:03 [Note]: 10002 3
    05/28/08 21:20:03 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\LAN Aware Chat 1.0.zip
    05/28/08 21:20:03 [Note]: 10002 3
    05/28/08 21:20:03 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Lector 2.1.zip
    05/28/08 21:20:03 [Note]: 10002 3
    05/28/08 21:20:03 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Leeds Learning Colors and
    05/28/08 21:20:03 [Note]: 10002 3
    05/28/08 21:20:03 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Fallen Haven demo.zip
    05/28/08 21:20:03 [Note]: 10002 3
    05/28/08 21:20:03 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Fiddler 2.0.9.0 Beta.zip
    05/28/08 21:20:03 [Note]: 10002 3
    05/28/08 21:20:03 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Filler 1.0.zip
    05/28/08 21:20:03 [Note]: 10002 3
    05/28/08 21:20:03 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\FixLinks 2.01.1 [Crack].z
    05/28/08 21:20:03 [Note]: 10002 3
    05/28/08 21:20:03 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\FlashMessage 3.7.zip
    05/28/08 21:20:03 [Note]: 10002 3
    05/28/08 21:20:03 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\FMR Online 1.0.zip
    05/28/08 21:20:03 [Note]: 10002 3
    05/28/08 21:20:03 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\FontLister 3.4.9.zip
    05/28/08 21:20:03 [Note]: 10002 3
    05/28/08 21:20:03 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\FriendAlyzer 1.0 [Serial]
    05/28/08 21:20:03 [Note]: 10002 3
    05/28/08 21:20:03 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Frootz 1.3.zip
    05/28/08 21:20:03 [Note]: 10002 3
    05/28/08 21:20:03 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Funny Bunny Demo Screensa
    05/28/08 21:20:03 [Note]: 10002 3
    05/28/08 21:20:03 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Viking Insult Generator 1
    05/28/08 21:20:03 [Note]: 10002 3
    05/28/08 21:20:03 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\VintaSoftTiff.NET Library
    05/28/08 21:20:03 [Note]: 10002 3
    05/28/08 21:20:03 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Viou 2.4.zip
    05/28/08 21:20:03 [Note]: 10002 3
    05/28/08 21:20:03 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Wallpaper Desktop 1.4.zip
    05/28/08 21:20:03 [Note]: 10002 3
    05/28/08 21:20:03 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Wallpaper Switcher .NET 1
    05/28/08 21:20:03 [Note]: 10002 3
    05/28/08 21:20:03 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Web Picture Downloader 0.
    05/28/08 21:20:03 [Note]: 10002 3
    05/28/08 21:20:04 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Web Snapshot 2.zip
    05/28/08 21:20:04 [Note]: 10002 3
    05/28/08 21:20:04 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\WebBlinds 1.06 Key.zip
    05/28/08 21:20:04 [Note]: 10002 3
    05/28/08 21:20:04 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\WebCab Portfolio for .NET
    05/28/08 21:20:04 [Note]: 10002 3
    05/28/08 21:20:04 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Wild Flowers Screensaver
    05/28/08 21:20:04 [Note]: 10002 3
    05/28/08 21:20:04 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Win Desktop Manager Pro 1
    05/28/08 21:20:04 [Note]: 10002 3
    05/28/08 21:20:04 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\SWF Toolbox 3.1.12.153.zi
    05/28/08 21:20:04 [Note]: 10002 3
    05/28/08 21:20:04 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Symantec.Norton.Antivirus
    05/28/08 21:20:04 [Note]: 10002 3
    05/28/08 21:20:04 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Tab Scope 0.1.5.zip
    05/28/08 21:20:04 [Note]: 10002 3
    05/28/08 21:20:04 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\TaskMonifier 1.0.0 build
    05/28/08 21:20:04 [Note]: 10002 3
    05/28/08 21:20:04 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\The American Outdoorsman
    05/28/08 21:20:04 [Note]: 10002 3
    05/28/08 21:20:04 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\AuctionIntelligence 1.6.2
    05/28/08 21:20:04 [Note]: 10002 3
    05/28/08 21:20:04 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Aurigma File Downloader 1
    05/28/08 21:20:04 [Note]: 10002 3
    05/28/08 21:20:04 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\AutoATLibX 1.0 (Key+Seria
    05/28/08 21:20:04 [Note]: 10002 3
    05/28/08 21:20:04 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Autostitch 2.187 [Cracked
    05/28/08 21:20:04 [Note]: 10002 3
    05/28/08 21:20:04 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Ballistik 1.0.zip
    05/28/08 21:20:04 [Note]: 10002 3
    05/28/08 21:20:04 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\BASICcalc 1.1.zip
    05/28/08 21:20:04 [Note]: 10002 3
    05/28/08 21:20:04 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Batch Video Joiner 3.1.zi
    05/28/08 21:20:04 [Note]: 10002 3
    05/28/08 21:20:05 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\PW0-205 - Wireless LAN An
    05/28/08 21:20:05 [Note]: 10002 3
    05/28/08 21:20:05 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Quick 3D Cover 1.42 (Key)
    05/28/08 21:20:05 [Note]: 10002 3
    05/28/08 21:20:05 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\RealtyWare 2.0.1.3 [KeyGe
    05/28/08 21:20:05 [Note]: 10002 3
    05/28/08 21:20:05 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\rebuilt.Key.Kaspersky.Int
    05/28/08 21:20:05 [Note]: 10002 3
    05/28/08 21:20:05 [Info]: Hidden file: c:\Documents and Settings\Rahaimii\Application Data\m\shared\Registry First Aid 6.0.0.
    05/28/08 21:20:05 [Note]: 10002 3
    05/28/08 21:20:05 [Note]: 10002 2
    05/28/08 21:20:05 [Note]: 10002 2
    05/28/08 21:24:39 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\empty.txt
    05/28/08 21:24:39 [Note]: 10002 3
    05/28/08 21:24:39 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\filters.xml
    05/28/08 21:24:39 [Note]: 10002 3
    05/28/08 21:24:39 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\news.png
    05/28/08 21:24:39 [Note]: 10002 3
    05/28/08 21:24:39 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\paint.png
    05/28/08 21:24:39 [Note]: 10002 3
    05/28/08 21:24:39 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\profiles\blank.txt
    05/28/08 21:24:39 [Note]: 10002 3
    05/28/08 21:24:39 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\sample1.jpg
    05/28/08 21:24:39 [Note]: 10002 3
    05/28/08 21:24:39 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\sample2.jpg
    05/28/08 21:24:39 [Note]: 10002 3
    05/28/08 21:24:39 [Note]: 10002 2
    05/28/08 21:24:39 [Note]: 10002 2
    05/28/08 21:29:24 [Info]: Hidden file: c:\WINDOWS\ime\shared\imepaden.hlp
    05/28/08 21:29:24 [Note]: 10002 3
    05/28/08 21:29:24 [Info]: Hidden file: c:\WINDOWS\ime\shared\imepadsm.dll
    05/28/08 21:29:24 [Note]: 10002 3
    05/28/08 21:29:24 [Info]: Hidden file: c:\WINDOWS\ime\shared\imepadsv.exe
    05/28/08 21:29:24 [Note]: 10002 3
    05/28/08 21:29:24 [Info]: Hidden file: c:\WINDOWS\ime\shared\imlang.dll
    05/28/08 21:29:24 [Note]: 10002 3
    05/28/08 21:29:24 [Info]: Hidden file: c:\WINDOWS\ime\shared\res\padrs404.dll
    05/28/08 21:29:24 [Note]: 10002 3
    05/28/08 21:29:24 [Info]: Hidden file: c:\WINDOWS\ime\shared\res\padrs411.dll
    05/28/08 21:29:24 [Note]: 10002 3
    05/28/08 21:29:24 [Info]: Hidden file: c:\WINDOWS\ime\shared\res\padrs412.dll
    05/28/08 21:29:24 [Note]: 10002 3
    05/28/08 21:29:24 [Info]: Hidden file: c:\WINDOWS\ime\shared\res\padrs804.dll
    05/28/08 21:29:24 [Note]: 10002 3
    05/28/08 21:29:24 [Note]: 10002 2
    05/28/08 21:29:24 [Note]: 10002 2
    05/28/08 21:32:08 [Info]: Hidden file: c:\WINDOWS\system32\mdelk.exe
    05/28/08 21:32:08 [Note]: 10002 2
    05/28/08 21:32:08 [Info]: Hidden file: c:\WINDOWS\system32\wintems.exe
    05/28/08 21:32:08 [Note]: 10002 2
    05/28/08 21:32:58 [Info]: Hidden file: C:\WINDOWS\system32\drivers\hldrrr.exe
    05/28/08 21:32:58 [Note]: 10002 2
    05/28/08 21:33:36 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\15326859.exe
    05/28/08 21:33:36 [Note]: 10002 3
    05/28/08 21:33:36 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\15397312.exe
    05/28/08 21:33:36 [Note]: 10002 3
    05/28/08 21:33:36 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\15420406.exe
    05/28/08 21:33:36 [Note]: 10002 3
    05/28/08 21:33:36 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\15494203.exe
    05/28/08 21:33:36 [Note]: 10002 3
    05/28/08 21:33:36 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\15503187.exe
    05/28/08 21:33:36 [Note]: 10002 3
    05/28/08 21:33:36 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\15504265.exe
    05/28/08 21:33:36 [Note]: 10002 3
    05/28/08 21:33:36 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\15509281.exe
    05/28/08 21:33:36 [Note]: 10002 3
    05/28/08 21:33:36 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\222125.exe
    05/28/08 21:33:36 [Note]: 10002 3
    05/28/08 21:33:36 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\264500.exe
    05/28/08 21:33:36 [Note]: 10002 3
    05/28/08 21:33:36 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\296671.exe
    05/28/08 21:33:36 [Note]: 10002 3
    05/28/08 21:33:36 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\749062.exe
    05/28/08 21:33:36 [Note]: 10002 3
    05/28/08 21:33:36 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\826953.exe
    05/28/08 21:33:36 [Note]: 10002 3
    05/28/08 21:33:36 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\837062.exe
    05/28/08 21:33:36 [Note]: 10002 3
    05/28/08 21:33:36 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\882281.exe
    05/28/08 21:33:36 [Note]: 10002 3
    05/28/08 21:33:36 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\882687.exe
    05/28/08 21:33:36 [Note]: 10002 3
    05/28/08 21:33:36 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\885921.exe
    05/28/08 21:33:37 [Note]: 10002 3
    05/28/08 21:33:37 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\899828.exe
    05/28/08 21:33:37 [Note]: 10002 3
    05/28/08 21:33:37 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\915906.exe
    05/28/08 21:33:37 [Note]: 10002 3
    05/28/08 21:33:37 [Note]: 10002 2
    05/28/08 21:33:37 [Note]: 10002 2
    05/28/08 21:33:37 [Info]: Hidden file: c:\WINDOWS\system32\drivers\mdelk.exe
    05/28/08 21:33:37 [Note]: 10002 2
    05/28/08 21:33:37 [Info]: Hidden file: c:\WINDOWS\system32\drivers\srosa.sys
    05/28/08 21:33:37 [Note]: 10002 2
    05/28/08 21:40:26 [Note]: 7007 0
    28 Mai 2008 22:14:03

    Désolé du double post, je vais aussi poster le rapport ELIBAGLA:


    Wed May 28 20:57:35 2008
    EliBagle v11.43 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 28 de Mayo del 2008)
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):
    C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
    C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
    C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
    C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
    C:\DOCUMENTS AND SETTINGS\RAHAIMII\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado.
    C:\DOCUMENTS AND SETTINGS\RAHAIMII\APPLICATION DATA\M\LIST.OCT --> Eliminado Bagle
    Restaurada Clave: "SafeBoot\Minimal y Network"
    Reinicie para Completar la Limpieza.

    Wed May 28 20:58:44 2008
    EliBagle v11.43 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 28 de Mayo del 2008)
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):
    C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
    C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
    C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
    C:\DOCUMENTS AND SETTINGS\RAHAIMII\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado.
    Restaurada Clave: "SafeBoot\Minimal y Network"
    Reinicie para Completar la Limpieza.

    Wed May 28 20:59:01 2008
    EliBagle v11.43 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 28 de Mayo del 2008)
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando Unidad C:\

    Wed May 28 20:59:18 2008
    EliBagle v11.43 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 28 de Mayo del 2008)
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):
    C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
    C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
    C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
    C:\DOCUMENTS AND SETTINGS\RAHAIMII\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado.
    Restaurada Clave: "SafeBoot\Minimal y Network"
    Reinicie para Completar la Limpieza.

    Wed May 28 20:59:22 2008
    EliBagle v11.43 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 28 de Mayo del 2008)
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando Unidad C:\

    Wed May 28 21:00:11 2008
    EliBagle v11.43 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 28 de Mayo del 2008)
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):
    C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
    C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
    C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
    C:\DOCUMENTS AND SETTINGS\RAHAIMII\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado.
    Restaurada Clave: "SafeBoot\Minimal y Network"
    Reinicie para Completar la Limpieza.

    Wed May 28 21:00:17 2008
    EliBagle v11.43 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 28 de Mayo del 2008)
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando Unidad C:\

    Wed May 28 21:02:23 2008
    EliBagle v11.43 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 28 de Mayo del 2008)
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):
    C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
    C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
    C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
    C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
    C:\DOCUMENTS AND SETTINGS\RAHAIMII\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado.
    Restaurada Clave: "SafeBoot\Minimal y Network"
    Reinicie para Completar la Limpieza.

    Wed May 28 21:02:44 2008
    EliBagle v11.43 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 28 de Mayo del 2008)
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):
    C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
    C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
    C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
    C:\DOCUMENTS AND SETTINGS\RAHAIMII\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado.
    Restaurada Clave: "SafeBoot\Minimal y Network"
    Reinicie para Completar la Limpieza.

    Wed May 28 21:02:48 2008
    EliBagle v11.43 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 28 de Mayo del 2008)
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando Unidad C:\

    Wed May 28 21:09:49 2008
    EliBagle v11.43 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 28 de Mayo del 2008)
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):
    C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
    C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
    C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
    C:\DOCUMENTS AND SETTINGS\RAHAIMII\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado.
    Restaurada Clave: "SafeBoot\Minimal y Network"
    Reinicie para Completar la Limpieza.

    Wed May 28 21:09:58 2008
    EliBagle v11.43 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 28 de Mayo del 2008)
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando Unidad C:\

    Wed May 28 22:08:44 2008
    EliBagle v11.43 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 28 de Mayo del 2008)
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):
    C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
    C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
    C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
    C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
    C:\DOCUMENTS AND SETTINGS\RAHAIMII\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado.
    Restaurada Clave: "SafeBoot\Minimal y Network"
    Reinicie para Completar la Limpieza.

    Wed May 28 22:08:48 2008
    EliBagle v11.43 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 28 de Mayo del 2008)
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando Unidad C:\


    Merci d'avance de votre aide :) 

    Par contre HijhackThis ne se lance pas, comme pour les antivirus (il y le même message parlant du win32).
    17 Juin 2008 11:52:11

    189674,2,181940 a dit :
    Bonjour,

    Télécharge http://descargas.mariwel.com/ en bas de cette page.
    Clique sur le bouton Descargar Elibagla, cela va télécharger le fichier, place-le sur ton Bureau.
    Double-clique dessus pour l'ouvrir.
    Assure-toi que dans le menu déroulant Unidad, vous ayez bien C:\
    Vérifie aussi aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente soit bien cochée.
    Clique sur le bouton Explorar pour lancer l'analyse.
    Poste le rapport généré en fin fin d'analyse.

    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS