Messages recommandés

Posté(e) (modifié)

salut Claire CHAZAL (ca fais drôle , ouh!)


Je jette un oeil sur ton rapport, 2 remarques:


- Tu as gardé la rapport de Spysweeper?


- J'èspère que tu as désactivé le Teatimer de Spybot avant de lancer la désinfection?? "jzcript.dll" est toujours là.... Désactive le Teatimer par les options de Spybot et recommence le scan!

Modifié par charles ingals


A demain Claire!



Quand apparaissent ces popups?? Est ce qu'ils sont là quand tu ne navigue pas sur le net?



En attendant ton retour, télécharge ceci=>




Démarre le programme et clique sur "Run " à sa droite tu dois voir ceci dans le champs:


"C:\WINDOWS\System32" .


Laisse le finir le scan, puis clique sur le bouton "Compare ". Lorsque c'est fini clique sur le bouton "Make a log of


what was found". Poste le rapport ici.


Salut !


Encore un fois je commence mon message par des remerciments car vous les méritez bien!


Je poursuis en vous dissant qu'après le scan de spy sweeper après qu'il a effacer les truc qu'il a trouvé il a souhaité arreter tout les processus et là il a bossé 1h avant que je le redémarre à la barbar... et au rédémarrage j'ai eu droit à un plantage de windows avant l'écran de login mais sur le fond bleu similaire à la page de login il me lister certains fichiers qui avaient supprimer par spy sweeper du style


c:\program files\netinrar\cache\00004a80_43644558_000aded6.


Je me rappelle aussi de certain fichier log du style


ai_29-10-2005.log (ID = 0)



voici le log de sweeper:




01:17: | Start of Session, vendredi 4 novembre 2005 |

01:17: Spy Sweeper started

01:17: Sweep initiated using definitions version 564

01:17: Starting Memory Sweep

01:20: Memory Sweep Complete, Elapsed Time: 00:02:16

01:20: Starting Registry Sweep

01:20: Registry Sweep Complete, Elapsed Time:00:00:09

01:20: Starting Cookie Sweep

01:20: Cookie Sweep Complete, Elapsed Time: 00:00:00

01:20: Starting File Sweep

01:41: File Sweep Complete, Elapsed Time: 00:21:22

01:41: Full Sweep has completed. Elapsed time 00:23:53

01:41: Traces Found: 0


01:17: | Start of Session, vendredi 4 novembre 2005 |

01:17: Spy Sweeper started

01:17: Sweep initiated using definitions version 564

01:17: Starting Memory Sweep

01:17: Sweep Canceled

01:17: Memory Sweep Complete, Elapsed Time: 00:00:05

01:17: Traces Found: 0

01:17: Deletion from quarantine initiated

01:17: Processing: xiti cookie

01:17: Deletion from quarantine completed. Elapsed time 00:00:00

01:17: | End of Session, vendredi 4 novembre 2005 |


00:35: | Start of Session, vendredi 4 novembre 2005 |

00:35: Spy Sweeper started

00:35: Sweep initiated using definitions version 564

00:35: Starting Memory Sweep

00:37: Memory Sweep Complete, Elapsed Time: 00:01:50

00:37: Starting Registry Sweep

00:37: Registry Sweep Complete, Elapsed Time:00:00:07

00:37: Starting Cookie Sweep

00:37: Found Spy Cookie: xiti cookie

00:37: salmon@xiti[1].txt (ID = 3717)

00:37: Cookie Sweep Complete, Elapsed Time: 00:00:02

00:37: Starting File Sweep

01:06: File Sweep Complete, Elapsed Time: 00:29:03

01:06: Full Sweep has completed. Elapsed time 00:31:05

01:06: Traces Found: 1

01:16: Removal process initiated

01:17: Quarantining All Traces: xiti cookie

01:17: Removal process completed. Elapsed time 00:00:01

01:17: | End of Session, vendredi 4 novembre 2005 |


00:33: | Start of Session, vendredi 4 novembre 2005 |

00:33: Spy Sweeper started

00:33: Sweep initiated using definitions version 564

00:33: Starting Memory Sweep

00:33: Sweep Canceled

00:33: Memory Sweep Complete, Elapsed Time: 00:00:04

00:33: Traces Found: 0

00:35: Deletion from quarantine initiated

00:35: Processing: apropos

00:35: Processing: bluestreak cookie

00:35: Processing: hbmediapro cookie

00:35: Processing: icannnews

00:35: Processing: potentially rootkit-masked files

00:35: Processing: trafficmp cookie

00:35: Deletion from quarantine completed. Elapsed time 00:00:01

00:35: | End of Session, vendredi 4 novembre 2005 |


23:32: | Start of Session, jeudi 3 novembre 2005 |

23:32: Spy Sweeper started

23:32: Sweep initiated using definitions version 564

23:32: Starting Memory Sweep

23:34: Found Adware: icannnews

23:34: Detected running threat: C:\WINDOWS\system32\jzcript.dll (ID = 83)

23:34: Detected running threat: C:\WINDOWS\system32\hDl.dll (ID = 83)

23:34: Memory Sweep Complete, Elapsed Time: 00:02:04

23:34: Starting Registry Sweep

23:35: Registry Sweep Complete, Elapsed Time:00:00:07

23:35: Starting Cookie Sweep

23:35: Found Spy Cookie: hbmediapro cookie

23:35: salmon@adopt.hbmediapro[2].txt (ID = 2768)

23:35: Found Spy Cookie: bluestreak cookie

23:35: salmon@bluestreak[1].txt (ID = 2314)

23:35: Found Spy Cookie: trafficmp cookie

23:35: salmon@trafficmp[2].txt (ID = 3581)

23:35: Cookie Sweep Complete, Elapsed Time: 00:00:00

23:35: Starting File Sweep

voici un version light du log de sweeper (sans les stop des spy communication)



01:17: | Start of Session, vendredi 4 novembre 2005 |

01:17: Spy Sweeper started

01:17: Sweep initiated using definitions version 564

01:17: Starting Memory Sweep

01:17: Sweep Canceled

01:17: Memory Sweep Complete, Elapsed Time: 00:00:05

01:17: Traces Found: 0

01:17: Deletion from quarantine initiated

01:17: Processing: xiti cookie

01:17: Deletion from quarantine completed. Elapsed time 00:00:00

01:17: | End of Session, vendredi 4 novembre 2005 |


00:35: | Start of Session, vendredi 4 novembre 2005 |

00:35: Spy Sweeper started

00:35: Sweep initiated using definitions version 564

00:35: Starting Memory Sweep

00:37: Memory Sweep Complete, Elapsed Time: 00:01:50

00:37: Starting Registry Sweep

00:37: Registry Sweep Complete, Elapsed Time:00:00:07

00:37: Starting Cookie Sweep

00:37: Found Spy Cookie: xiti cookie

00:37: salmon@xiti[1].txt (ID = 3717)

00:37: Cookie Sweep Complete, Elapsed Time: 00:00:02

00:37: Starting File Sweep

01:06: File Sweep Complete, Elapsed Time: 00:29:03

01:06: Full Sweep has completed. Elapsed time 00:31:05

01:06: Traces Found: 1

01:16: Removal process initiated

01:17: Quarantining All Traces: xiti cookie

01:17: Removal process completed. Elapsed time 00:00:01

01:17: | End of Session, vendredi 4 novembre 2005 |


00:33: | Start of Session, vendredi 4 novembre 2005 |

00:33: Spy Sweeper started

00:33: Sweep initiated using definitions version 564

00:33: Starting Memory Sweep

00:33: Sweep Canceled

00:33: Memory Sweep Complete, Elapsed Time: 00:00:04

00:33: Traces Found: 0

00:35: Deletion from quarantine initiated

00:35: Processing: apropos

00:35: Processing: bluestreak cookie

00:35: Processing: hbmediapro cookie

00:35: Processing: icannnews

00:35: Processing: potentially rootkit-masked files

00:35: Processing: trafficmp cookie

00:35: Deletion from quarantine completed. Elapsed time 00:00:01

00:35: | End of Session, vendredi 4 novembre 2005 |


23:32: | Start of Session, jeudi 3 novembre 2005 |

23:32: Spy Sweeper started

23:32: Sweep initiated using definitions version 564

23:32: Starting Memory Sweep

23:34: Found Adware: icannnews

23:34: Detected running threat: C:\WINDOWS\system32\jzcript.dll (ID = 83)

23:34: Detected running threat: C:\WINDOWS\system32\hDl.dll (ID = 83)

23:34: Memory Sweep Complete, Elapsed Time: 00:02:04

23:34: Starting Registry Sweep

23:35: Registry Sweep Complete, Elapsed Time:00:00:07

23:35: Starting Cookie Sweep

23:35: Found Spy Cookie: hbmediapro cookie

23:35: salmon@adopt.hbmediapro[2].txt (ID = 2768)

23:35: Found Spy Cookie: bluestreak cookie

23:35: salmon@bluestreak[1].txt (ID = 2314)

23:35: Found Spy Cookie: trafficmp cookie

23:35: salmon@trafficmp[2].txt (ID = 3581)

23:35: Cookie Sweep Complete, Elapsed Time: 00:00:00

23:35: Starting File Sweep

23:39: Found Adware: effective-i toolbar

23:39: 664edb3c-2731-4c28-a182-7b1f23 (ID = 106574)

23:40: Found Adware: apropos

23:40: wingenerics.dll (ID = 50187)

23:44: atmtd.dll._ (ID = 166754)

23:50: atmtd.dll (ID = 166754)

00:08: File Sweep Complete, Elapsed Time: 00:33:00

00:08: Full Sweep has completed. Elapsed time 00:35:14

00:08: Traces Found: 9

00:10: Removal process initiated

00:10: Quarantining All Traces: apropos

00:10: Quarantining All Traces: effective-i toolbar

00:10: Quarantining All Traces: icannnews

00:10: Quarantining All Traces: bluestreak cookie

00:10: Quarantining All Traces: hbmediapro cookie

00:10: Quarantining All Traces: trafficmp cookie

00:10: Warning: Launched explorer.exe

00:10: Warning: Quarantine process could not restart Explorer.

00:12: Preparing to restart your computer. Please wait...

00:12: Removal process completed. Elapsed time 00:02:00


23:32: | Start of Session, jeudi 3 novembre 2005 |

23:32: Spy Sweeper started

23:32: Sweep initiated using definitions version 564

23:32: Starting Memory Sweep

23:32: Sweep Canceled

23:32: Memory Sweep Complete, Elapsed Time: 00:00:03

23:32: Traces Found: 0

23:32: | End of Session, jeudi 3 novembre 2005 |


20:45: | Start of Session, jeudi 3 novembre 2005 |

20:45: Spy Sweeper started

20:45: Sweep initiated using definitions version 564

20:45: Starting Memory Sweep

20:46: Found Adware: icannnews

20:46: Detected running threat: C:\WINDOWS\system32\i4060edseh060.dll (ID = 83)

20:46: Detected running threat: C:\WINDOWS\system32\jzcript.dll (ID = 83)

20:47: Memory Sweep Complete, Elapsed Time: 00:02:39

20:47: Starting Registry Sweep

20:48: Found Adware: look2me

20:48: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\policies\ || dllname (ID = 911234)

20:48: Registry Sweep Complete, Elapsed Time:00:00:25

20:48: Starting Cookie Sweep

20:48: Found Spy Cookie: hbmediapro cookie

20:48: salmon@adopt.hbmediapro[2].txt (ID = 2768)

20:48: Found Spy Cookie: bluestreak cookie

20:48: salmon@bluestreak[1].txt (ID = 2314)

20:48: Found Spy Cookie: trafficmp cookie

20:48: salmon@trafficmp[2].txt (ID = 3581)

20:48: Cookie Sweep Complete, Elapsed Time: 00:00:02

20:48: Starting File Sweep

20:52: Found Adware: effective-i toolbar

20:52: 664edb3c-2731-4c28-a182-7b1f23 (ID = 106574)

20:52: Found Adware: apropos

20:52: wingenerics.dll (ID = 50187)

20:57: atmtd.dll._ (ID = 166754)

21:05: atmtd.dll (ID = 166754)

21:22: Found System Monitor: potentially rootkit-masked files

21:22: 00001481_436a657d_00078340 (ID = 0)

21:22: 000075ef_436a61da_0004048e (ID = 0)

21:22: 0000662a_435aa6ff_00057686 (ID = 0)

21:22: 00004cad_4368e5d6_000900e0 (ID = 0)

21:22: 00005c46_43690e57_000e0b5c (ID = 0)

21:22: 00000786_435af6c3_000a3ba4 (ID = 0)

21:22: 00000bb3_4358f25c_0006a1a6 (ID = 0)

21:22: 00006048_436a6536_0009507c (ID = 0)

21:22: 0000676d_435adc52_000151ac (ID = 0)

21:22: 00005e73_436a66ae_0009ef8c (ID = 0)

21:22: 00004e45_4368e1d4_000cbe0c (ID = 0)

21:22: 00004087_436a657d_000bf1b1 (ID = 0)

21:22: 00004eae_436a67bd_0002e6d4 (ID = 0)

21:22: 0000139d_4368ee36_0001ddb8 (ID = 0)

21:22: 0000470e_436a66af_000054b1 (ID = 0)

21:22: 000048cc_4368f1a8_000ab3c6 (ID = 0)

21:22: 00000ff4_43659410_000e9691 (ID = 0)

21:22: 0000251f_435c1189_00069880 (ID = 0)

21:22: 00004ecf_43656a0d_000ab150 (ID = 0)

21:22: 00002b0c_435a1d95_00076574 (ID = 0)

21:22: 00003459_436a67f8_0000d618 (ID = 0)

21:22: 0000785e_43662180_0009ebac (ID = 0)

21:22: 00007443_43659bf1_000a0231 (ID = 0)

21:22: 000015a1_435a02f6_00071937 (ID = 0)

21:22: 00004365_435aa5c2_000ba39c (ID = 0)

21:22: 00001927_43655328_00020486 (ID = 0)

21:22: 00004baf_43661de6_000a7193 (ID = 0)

21:22: 00003a2d_43690762_0005c739 (ID = 0)

21:22: 00001af4_43690513_000579b4 (ID = 0)

21:22: 00006e9e_43659b2d_00067749 (ID = 0)

21:22: 00005d24_436a67bd_00046e04 (ID = 0)

21:22: 0000491c_43595c17_0005deee (ID = 0)

21:22: 000053b1_436a6968_00014828 (ID = 0)

21:22: 00005878_4364410f_0005de0e (ID = 0)

21:22: 00000677_4368f7f9_000e72b3 (ID = 0)

21:22: 00005753_4368f1b7_0006c0d3 (ID = 0)

21:22: 00002cd6_436439f8_000bd44e (ID = 0)

21:22: 000072ae_4368d16e_000ccc06 (ID = 0)

21:22: 00007153_43654986_000e9c2b (ID = 0)

21:22: 00006443_4368dc5a_000db880 (ID = 0)

21:22: 000054dc_4368f499_000da5d4 (ID = 0)

21:22: 0000758d_43661e3f_000bf0d8 (ID = 0)

21:22: 00005c5e_435a74bb_0002f7cf (ID = 0)

21:22: 00000588_436a67c7_00078d86 (ID = 0)

21:22: 0000190b_43654988_000a11db (ID = 0)

21:22: 00001238_4359771b_000331dc (ID = 0)

21:22: 0000282d_436a6832_00079c9e (ID = 0)

21:22: 000016d4_43690adb_0004fd0e (ID = 0)

21:22: 00005579_436a67c7_000cbf90 (ID = 0)

21:23: 0000263d_436a67fa_00059e06 (ID = 0)

21:23: 00006048_43690763_000e829e (ID = 0)

21:23: 00005f90_4358f14c_0003198c (ID = 0)

21:23: 0000368e_4368f4d9_000dd4e1 (ID = 0)

21:23: 000055bc_43661430_000d94b6 (ID = 0)

21:23: 00004e08_436a692a_0008a12c (ID = 0)

21:23: 000075c1_4364eede_000ebd8e (ID = 0)

21:23: 0000442b_43690937_00056309 (ID = 0)

21:23: 00001ad4_4368e16b_000b5a23 (ID = 0)

21:23: 000008ff_43655331_00087b04 (ID = 0)

21:23: 0000773f_435ae392_0005e288 (ID = 0)

21:23: 000004f0_43653e0c_00075b73 (ID = 0)

21:23: 000057d3_43690764_000e3a01 (ID = 0)

21:23: 000001d3_436906a8_000c8a68 (ID = 0)

21:23: 00007f96_4368e1d0_00094af0 (ID = 0)

21:23: 0000136f_4365994b_0009c7d8 (ID = 0)

21:23: 0000275b_43659411_000db17b (ID = 0)

21:23: 00004d59_436554fc_0007de94 (ID = 0)

21:23: 000043f6_43656a4c_0001d6bb (ID = 0)

21:23: 0000590e_43690a1c_000da0a8 (ID = 0)

21:23: 00000035_4369046f_00025490 (ID = 0)

21:23: 00007f61_43690adb_000b19ce (ID = 0)

21:23: 00007613_4365386b_000d9746 (ID = 0)

21:23: 000007cf_4369047a_000a5d7e (ID = 0)

21:23: 000056ae_436a5ca8_000c3b66 (ID = 0)

21:23: 00003a8d_43690adc_00001ee1 (ID = 0)

21:23: 00006732_4369047f_00065969 (ID = 0)

21:23: 000073d9_43690f01_0004a366 (ID = 0)

21:23: 00006d22_43690482_000cd546 (ID = 0)

21:23: 00007a08_43659388_0007795c (ID = 0)

21:23: 00004509_43597706_00086321 (ID = 0)

21:23: 000036a1_43651453_00034104 (ID = 0)

21:23: 00001649_435b064f_0000cee1 (ID = 0)

21:23: 00006e5d_43597732_000eb3c9 (ID = 0)

21:23: 00004531_43655046_000c3cd1 (ID = 0)

21:23: 00006ca5_43659388_000a87bc (ID = 0)

21:23: 000053b1_4364ee96_0001b2a6 (ID = 0)

21:23: 00001481_4369093e_000e1910 (ID = 0)

21:23: 00004e08_4364ee7c_000c6f30 (ID = 0)

21:23: 00004ae1_436439cd_0005b064 (ID = 0)

21:23: 00000975_436907e5_000880fb (ID = 0)

21:23: 00003ea4_4366208c_0005a101 (ID = 0)

21:23: 00005968_436910a7_0000c4f0 (ID = 0)

21:23: 00002668_43691a72_000322d8 (ID = 0)

21:23: 00004325_43691ac7_000db6bc (ID = 0)

21:23: 00007a61_4364ee83_0002f614 (ID = 0)

21:23: 00007fbe_43690ae8_000f0dc8 (ID = 0)

21:23: 00004bcd_436555af_000a1f26 (ID = 0)

21:23: 00007871_436518cc_000816d9 (ID = 0)

21:24: 000031d8_43655340_000d8c13 (ID = 0)

21:24: 00007dd1_435a160e_0002cc69 (ID = 0)

21:24: 0000765f_43690a1e_000ce850 (ID = 0)

21:24: 00007983_4368f4e3_00009aae (ID = 0)

21:24: 00004e38_435aa6d5_000c5554 (ID = 0)

21:24: 00004db7_435b10d5_0008a8bb (ID = 0)

21:24: 00005173_43654e37_00093718 (ID = 0)

21:24: 0000198c_436555b0_00019620 (ID = 0)

21:24: 00004626_4369217f_0003d4b0 (ID = 0)

21:24: 00005876_4369110b_0004a5be (ID = 0)

21:24: 00003a4c_43654afe_0005e8fc (ID = 0)

21:24: 00004962_43659412_00032be9 (ID = 0)

21:24: 00004087_435a3cb7_00089f91 (ID = 0)

21:24: 0000458f_436454e9_00053806 (ID = 0)

21:24: 00004b40_43644104_0005c74c (ID = 0)

21:24: 0000662a_436501ff_00057156 (ID = 0)

21:24: 00002e39_43692322_0007fea4 (ID = 0)

21:24: 000042be_43653950_000ad458 (ID = 0)

21:24: 00004fc0_435a6413_0007882a (ID = 0)

21:24: 00005422_436442fc_000bcf61 (ID = 0)

21:24: 000052a1_436549b5_00073d03 (ID = 0)

21:24: 00001953_43644d8a_000d4420 (ID = 0)

21:24: 00003bf6_435a01b0_00071e0c (ID = 0)

21:24: 00006443_436a5af1_000afd8e (ID = 0)

21:24: 00006b89_43597ce4_00037e6e (ID = 0)

21:24: 000013a6_43654948_00039ef0 (ID = 0)

21:24: 00004b9d_43655351_000b79cc (ID = 0)

21:24: 0000737d_43653951_000559b1 (ID = 0)

21:24: 00007eb7_435a027a_0003c33e (ID = 0)

21:24: 00000d9f_43653951_000819d4 (ID = 0)

21:24: 00005c67_436a616f_0005074b (ID = 0)

21:24: 000071d5_4366209d_0002a404 (ID = 0)

21:24: 00003960_436912b0_0007a200 (ID = 0)

21:24: 00007389_43653952_000622e9 (ID = 0)

21:24: 00007ff5_43643f4e_000d9316 (ID = 0)

21:24: 0000388a_43653952_0009a6a4 (ID = 0)

21:24: 000071f6_4365938b_0006030c (ID = 0)

21:24: 000037e6_436907f4_000c5916 (ID = 0)

21:24: 00000a41_43653953_00031a29 (ID = 0)

21:24: 00007eb7_436a5faf_000741ac (ID = 0)

21:24: 00002332_435af6e0_00049ae6 (ID = 0)

21:24: 000015fd_43653953_000eb730 (ID = 0)

21:24: 00004fca_436614d3_000b8231 (ID = 0)

21:24: 00006e5d_436a5b82_000e7b6b (ID = 0)

21:24: 00000a41_435ae394_0004dbf3 (ID = 0)

21:24: 00007cb8_43653954_0003e361 (ID = 0)

21:24: 00000124_436a5a49_0003eff1 (ID = 0)

21:24: 0000634f_43653954_000e4774 (ID = 0)

21:24: 00006f68_43653955_000521f4 (ID = 0)

21:24: 000063cb_43597797_0005c43e (ID = 0)

21:25: 000019d9_436907f7_000450ab (ID = 0)

21:25: 00005878_435b18d6_000d7e20 (ID = 0)

21:25: 00007954_435af69e_0004125c (ID = 0)

21:25: 000073da_43644435_000a4879 (ID = 0)

21:25: 0000428b_4368dc7d_00068b33 (ID = 0)

21:25: 000041bb_4358f185_000b61a3 (ID = 0)

21:25: 000037be_43651861_000aef03 (ID = 0)

21:25: 00001850_43690a21_0001350b (ID = 0)

21:25: 00006f11_435c2d2e_000aa9f1 (ID = 0)

21:25: 00000c7b_43690afb_000cdfa3 (ID = 0)

21:25: 0000263d_43691404_00077690 (ID = 0)

21:25: 0000008e_4365162b_00029f78 (ID = 0)

21:25: 00000ecc_43690563_0000a999 (ID = 0)

21:25: ctfcmd.exe (ID = 0)

21:25: 00004f68_43691105_00023936 (ID = 0)

21:25: 00004963_435ad1c8_000d3ec3 (ID = 0)

21:25: 00005064_43690d8e_0001d5ae (ID = 0)

21:25: 00003f9a_4364f078_00051b51 (ID = 0)

21:25: 00002b00_43690a67_0009ed60 (ID = 0)

21:25: 0000591d_436907ff_0006ef91 (ID = 0)

21:25: 00003821_436565b2_000dd9ee (ID = 0)

21:25: 000009ce_43691256_000a8b8c (ID = 0)

21:25: 00001316_4369110c_000f3690 (ID = 0)

21:25: 00001d18_43690c09_0000ed7e (ID = 0)

21:25: 000040a5_4364eec9_00073ff8 (ID = 0)

21:25: 00005005_43690afc_0007b339 (ID = 0)

21:25: 00004d54_43690d93_0004b1f1 (ID = 0)

21:25: 00002213_4368e1e7_000696d1 (ID = 0)

21:25: 00003807_43690b0f_000a68e1 (ID = 0)

21:25: 00007cfe_436911a6_00091f73 (ID = 0)

21:25: 00000ecc_436453ba_000ee95b (ID = 0)

21:25: 000074ad_435a4d41_000e3fe4 (ID = 0)

21:25: 0000486a_43690e5c_000a5584 (ID = 0)

21:25: 00001f16_43690f02_000a506b (ID = 0)

21:25: 00004cd4_43690142_000826d8 (ID = 0)

21:25: 00002ba5_43691f9a_0000a961 (ID = 0)

21:25: 00001d11_4364eece_000c8e21 (ID = 0)

21:25: 00002f14_4368f1c7_0009175e (ID = 0)

21:25: 00001246_435af644_000462e4 (ID = 0)

21:25: 0000001c_4365a067_0008d184 (ID = 0)

21:25: 00006270_43690d32_00057793 (ID = 0)

21:25: 000039ce_43690d94_00052cec (ID = 0)

21:25: 00003492_43690d4e_000886f9 (ID = 0)

21:25: 00000732_43599a62_000bd7c0 (ID = 0)

21:25: 00000633_43690bac_00004270 (ID = 0)

21:26: 00003459_436912b1_00066eac (ID = 0)

21:26: 000049bb_43691120_000542fc (ID = 0)

21:26: 000019da_43690d69_000685d4 (ID = 0)

21:26: 00007874_4368fcf5_000384eb (ID = 0)

21:26: 00001289_43692023_00072fbc (ID = 0)

21:26: 0000773b_43690ba2_000b8018 (ID = 0)

21:26: 00000822_43644333_0009f661 (ID = 0)

21:26: 0000458f_436907da_0002e9f3 (ID = 0)

21:26: 00003bb1_43690d9c_0004e491 (ID = 0)

21:26: 00007874_43644f27_000a931b (ID = 0)

21:26: 00004c85_43690d9c_000b4f8e (ID = 0)

21:26: 0000513e_43690da7_000cc661 (ID = 0)

21:26: 00006ad6_436446c0_0001f8c6 (ID = 0)

21:26: 00004d9a_4364efb2_00095038 (ID = 0)

21:26: 00006d69_43690da8_00066104 (ID = 0)

21:26: 000048e6_43654ee2_00049170 (ID = 0)

21:26: 00006a15_43690da8_000c56a6 (ID = 0)

21:26: 0000182f_43690f13_0004450e (ID = 0)

21:26: 0000288f_4364475a_00058224 (ID = 0)

21:26: 00005fa4_43690145_00015760 (ID = 0)

21:26: 0000520b_4369125a_0000da73 (ID = 0)

21:26: 0000301c_4364409e_000a1ba8 (ID = 0)

21:26: 00000bdb_436440a4_00061d33 (ID = 0)

21:26: 00004d67_43690f19_00001f7b (ID = 0)

21:26: 00005d24_435a4d4f_00067559 (ID = 0)

21:26: 00002044_43654917_0001797b (ID = 0)

21:26: 0000390e_436614e2_000e4878 (ID = 0)

21:26: 00006d73_435ae566_0006b1ab (ID = 0)

21:26: 000056ae_436440ac_000cb530 (ID = 0)

21:26: 00006b72_43644a69_000263b9 (ID = 0)

21:26: 000020ad_436550f6_000da8eb (ID = 0)

21:26: 000058b0_43644436_00051c10 (ID = 0)

21:26: 0000047e_436446c3_000390d6 (ID = 0)

21:26: 00002b43_436599fb_0008e929 (ID = 0)

21:26: 00001796_43690ecf_000eb1d1 (ID = 0)

21:26: 0000263d_4364e355_0000bd79 (ID = 0)

21:26: 00001af4_435c0136_000e670c (ID = 0)

21:26: 00003004_43690e91_0008e6a0 (ID = 0)

21:26: 00005991_43644336_00060e2b (ID = 0)

21:26: 0000282d_435a5437_0005ba97 (ID = 0)

21:27: 00006f11_43691121_000d3ac9 (ID = 0)

21:27: 00002cc6_43657b73_00059106 (ID = 0)

21:27: 00000975_435a3b58_00024942 (ID = 0)

21:27: 00005f1e_436a633e_0000d681 (ID = 0)

21:27: 00006be8_436a62fe_000d5650 (ID = 0)

21:27: 000074ad_43691147_000ead03 (ID = 0)

21:27: 00002852_436911a8_000dc043 (ID = 0)

21:27: 0000658c_43691da0_000e4c5e (ID = 0)

21:27: 00006bcb_43644e12_000b5d53 (ID = 0)

21:27: 000048db_436911a9_0000c8cb (ID = 0)

21:27: 00003a9e_435a01c6_000b1d87 (ID = 0)

21:27: 00005d24_43691149_00089b83 (ID = 0)

21:27: 00005f34_435add7c_000012de (ID = 0)

21:27: 00001cdf_43692190_00093f3b (ID = 0)

21:27: 00004b72_43659216_0000df4c (ID = 0)

21:27: 00005fa8_43691e5e_000666bc (ID = 0)

21:27: 0000159f_435a7d8a_0001052a (ID = 0)

21:27: 00005c5e_4364f9bc_00071ade (ID = 0)

21:27: 00000588_4369116e_000d8bd8 (ID = 0)

21:27: 00003b97_43691406_000228a8 (ID = 0)

21:27: 000027da_4369219b_0003121e (ID = 0)

21:27: 00004e08_43691ada_000d5e04 (ID = 0)

21:27: 000068f5_4369125d_000b4f66 (ID = 0)

21:27: 00003a8d_435c1094_000b7354 (ID = 0)

21:27: 0000412f_43691da8_000cf22e (ID = 0)

21:27: 000075c1_43691ca2_0001fe64 (ID = 0)

21:27: 00004ad4_436910a7_000e85a0 (ID = 0)

21:27: 000065ca_43655304_000496a3 (ID = 0)

21:27: 00007eb7_43644283_0000e658 (ID = 0)

21:27: 00002cf7_436910a8_0001b546 (ID = 0)

21:27: 00000940_43691bdb_0005df6e (ID = 0)

21:27: 000030f1_43691da9_000925d6 (ID = 0)

21:27: 00003f9a_43691e6c_000dbcf3 (ID = 0)

21:27: 00003a2d_436a6536_00077b10 (ID = 0)

21:27: 000018be_436439ab_00000d58 (ID = 0)

21:27: 000033ea_436445b0_000bbc01 (ID = 0)

21:27: 00000e29_4369219f_000e7768 (ID = 0)

21:27: 000045c5_4369125f_000676d9 (ID = 0)

21:27: 00005579_43691170_00015d98 (ID = 0)

21:27: 00007014_43691bef_0001ba5e (ID = 0)

21:27: 00002725_436911ad_000bdfd8 (ID = 0)

21:27: 000074cd_43659c33_00004dc6 (ID = 0)

21:27: 0000412f_435c7695_000e2e30 (ID = 0)

21:27: 00003004_435a494b_0004f53c (ID = 0)

21:27: 000053b1_43691bf0_00020e3b (ID = 0)

21:27: 000054dc_436446c7_000cf994 (ID = 0)

21:27: 00005815_43691dad_00093c56 (ID = 0)

21:27: 00006f3c_436911e6_00044394 (ID = 0)

21:27: 0000138a_43691a31_00090aeb (ID = 0)

21:27: 00003f4a_436910b8_0003bd94 (ID = 0)

21:27: 00000a4a_436910ba_000688f8 (ID = 0)

21:28: 00007a61_43691adb_0009dfe9 (ID = 0)

21:28: 00005e9d_435b95c9_0009236c (ID = 0)

21:28: 00000914_4365545c_000e494c (ID = 0)

21:28: 00006cf4_436911ea_0002abc6 (ID = 0)

21:28: 000030a7_43691e71_00094383 (ID = 0)

21:28: 00002581_43659b80_0001df2c (ID = 0)

21:28: 00005f45_436911f1_0007de11 (ID = 0)

21:28: 0000368e_436446c9_000b7da4 (ID = 0)

21:28: 000013d3_436911fa_0004b414 (ID = 0)

21:28: 00005e76_43691a39_000650a9 (ID = 0)

21:28: 0000187e_4364457d_0001c03e (ID = 0)

21:28: 00006959_43659fc4_000a2071 (ID = 0)

21:28: 0000489c_43644a1f_0003aabb (ID = 0)

21:28: 00002e40_43644191_00000389 (ID = 0)

21:28: 000029d8_436911fc_0004e673 (ID = 0)

21:28: 00000a28_436911fc_00061f66 (ID = 0)

21:28: 000050a9_43692025_0003de60 (ID = 0)

21:28: 00003990_43662095_000388d9 (ID = 0)

21:28: 0000293b_43691c31_0008ade4 (ID = 0)

21:28: 00006486_43691e87_0000e260 (ID = 0)

21:28: 00000ea9_43691d61_00043439 (ID = 0)

21:28: 0000008c_43651933_000772f8 (ID = 0)

21:28: 00000940_436a6941_0003a246 (ID = 0)

21:28: 000046c2_43691e8a_00051374 (ID = 0)

21:28: 000028e2_43691f9a_000df4b6 (ID = 0)

21:28: 00002959_43691a39_00042d00 (ID = 0)

21:28: 00000634_4365a4c2_00061e41 (ID = 0)

21:28: 00002db5_43691e91_0000f381 (ID = 0)

21:28: 00007a54_43691e93_0003e603 (ID = 0)

21:28: 00003f0b_43691d67_0008762e (ID = 0)

21:28: 00005079_4365938c_0004817c (ID = 0)

21:28: 00003087_43691d68_00096684 (ID = 0)

21:28: 00002079_43692025_000873f0 (ID = 0)

21:28: 000050bf_43691e94_00039d66 (ID = 0)

21:28: 0000797d_43644137_0007d0e3 (ID = 0)

21:28: 000037e6_435a3bb3_00024c97 (ID = 0)

21:28: 0000441d_43691dbd_000e7a23 (ID = 0)

21:28: 0000159f_43691f8e_000017a4 (ID = 0)

21:28: 00005ccd_43691a42_0008a6f3 (ID = 0)

21:28: 0000169a_43691ead_000a46c6 (ID = 0)

21:28: 00007f4f_43644be3_00035c46 (ID = 0)

21:28: 00006fc9_43691a42_0007bc3c (ID = 0)

21:28: 00000d6a_43691c3b_0004ed0e (ID = 0)

21:28: 00002f0c_43691fa0_0008bd4e (ID = 0)

21:28: 0000591d_436a6547_00093ac1 (ID = 0)

21:28: 000011f4_4368fd52_0002336e (ID = 0)

21:28: 00002c4e_4365a4d2_000c6de3 (ID = 0)

21:29: 00004dc8_435b1175_000488cb (ID = 0)

21:29: 00005dd5_4368fd53_00060b06 (ID = 0)

21:29: 00002833_435bcbe0_00046ab0 (ID = 0)

21:29: 00004d9a_43691dc2_00059241 (ID = 0)

21:29: 000040a5_43691c46_000291e9 (ID = 0)

21:29: 00001d11_43691c48_000bef68 (ID = 0)

21:29: 00002fe7_43691eb0_00017ac3 (ID = 0)

21:29: 0000675f_4365a223_000e99ee (ID = 0)

21:29: 000036bf_43659fc5_0007db49 (ID = 0)

21:29: 00003295_43691dc5_0007c6cb (ID = 0)

21:29: 00004ad4_435c239d_000018ec (ID = 0)

21:29: 00006df1_43595bcd_00024223 (ID = 0)

21:29: 000010d9_43691eb0_000b9099 (ID = 0)

21:29: 000000c1_43691dcb_00088504 (ID = 0)

21:29: 0000676d_436921a4_00062c00 (ID = 0)

21:29: 000078d4_43691a76_00084443 (ID = 0)

21:29: 00006be8_4368f838_0004d486 (ID = 0)

21:29: 00000728_43691f46_000402eb (ID = 0)

21:29: 00005a9b_43691dd2_00080feb (ID = 0)

21:29: 00001af4_435a33b3_000ec13e (ID = 0)

21:29: 0000797d_435a01c9_000dee8a (ID = 0)

21:29: 00006d69_435a4644_00044791 (ID = 0)

21:29: 00004944_436a5f50_00010b18 (ID = 0)

21:29: 0000030a_436a5c7d_00041af1 (ID = 0)

21:29: 000069d0_43691a39_0009d464 (ID = 0)

21:29: 0000773b_435a405d_00072437 (ID = 0)

21:29: 00000ce1_43691dd9_0006b01b (ID = 0)

21:29: 00004fc0_43691ddd_000d58b6 (ID = 0)

21:29: 00005f23_43691eca_0004098e (ID = 0)

voici une version encore plus light (sans spy communication ni truc du style 21:23: 00006e5d_43597732_000eb3c9 (ID = 0))



01:17: | Start of Session, vendredi 4 novembre 2005 |

01:17: Spy Sweeper started

01:17: Sweep initiated using definitions version 564

01:17: Starting Memory Sweep

01:17: Sweep Canceled

01:17: Memory Sweep Complete, Elapsed Time: 00:00:05

01:17: Traces Found: 0

01:17: Deletion from quarantine initiated

01:17: Processing: xiti cookie

01:17: Deletion from quarantine completed. Elapsed time 00:00:00

01:17: | End of Session, vendredi 4 novembre 2005 |


00:35: | Start of Session, vendredi 4 novembre 2005 |

00:35: Spy Sweeper started

00:35: Sweep initiated using definitions version 564

00:35: Starting Memory Sweep

00:37: Memory Sweep Complete, Elapsed Time: 00:01:50

00:37: Starting Registry Sweep

00:37: Registry Sweep Complete, Elapsed Time:00:00:07

00:37: Starting Cookie Sweep

00:37: Found Spy Cookie: xiti cookie

00:37: salmon@xiti[1].txt (ID = 3717)

00:37: Cookie Sweep Complete, Elapsed Time: 00:00:02

00:37: Starting File Sweep

01:06: File Sweep Complete, Elapsed Time: 00:29:03

01:06: Full Sweep has completed. Elapsed time 00:31:05

01:06: Traces Found: 1

01:16: Removal process initiated

01:17: Quarantining All Traces: xiti cookie

01:17: Removal process completed. Elapsed time 00:00:01

01:17: | End of Session, vendredi 4 novembre 2005 |


00:33: | Start of Session, vendredi 4 novembre 2005 |

00:33: Spy Sweeper started

00:33: Sweep initiated using definitions version 564

00:33: Starting Memory Sweep

00:33: Sweep Canceled

00:33: Memory Sweep Complete, Elapsed Time: 00:00:04

00:33: Traces Found: 0

00:35: Deletion from quarantine initiated

00:35: Processing: apropos

00:35: Processing: bluestreak cookie

00:35: Processing: hbmediapro cookie

00:35: Processing: icannnews

00:35: Processing: potentially rootkit-masked files

00:35: Processing: trafficmp cookie

00:35: Deletion from quarantine completed. Elapsed time 00:00:01

00:35: | End of Session, vendredi 4 novembre 2005 |


23:32: | Start of Session, jeudi 3 novembre 2005 |

23:32: Spy Sweeper started

23:32: Sweep initiated using definitions version 564

23:32: Starting Memory Sweep

23:34: Found Adware: icannnews

23:34: Detected running threat: C:\WINDOWS\system32\jzcript.dll (ID = 83)

23:34: Detected running threat: C:\WINDOWS\system32\hDl.dll (ID = 83)

23:34: Memory Sweep Complete, Elapsed Time: 00:02:04

23:34: Starting Registry Sweep

23:35: Registry Sweep Complete, Elapsed Time:00:00:07

23:35: Starting Cookie Sweep

23:35: Found Spy Cookie: hbmediapro cookie

23:35: salmon@adopt.hbmediapro[2].txt (ID = 2768)

23:35: Found Spy Cookie: bluestreak cookie

23:35: salmon@bluestreak[1].txt (ID = 2314)

23:35: Found Spy Cookie: trafficmp cookie

23:35: salmon@trafficmp[2].txt (ID = 3581)

23:35: Cookie Sweep Complete, Elapsed Time: 00:00:00

23:35: Starting File Sweep

23:39: Found Adware: effective-i toolbar

23:39: 664edb3c-2731-4c28-a182-7b1f23 (ID = 106574)

23:40: Found Adware: apropos

23:40: wingenerics.dll (ID = 50187)

23:44: atmtd.dll._ (ID = 166754)

23:50: atmtd.dll (ID = 166754)

00:08: File Sweep Complete, Elapsed Time: 00:33:00

00:08: Full Sweep has completed. Elapsed time 00:35:14

00:08: Traces Found: 9

00:10: Removal process initiated

00:10: Quarantining All Traces: apropos

00:10: Quarantining All Traces: effective-i toolbar

00:10: Quarantining All Traces: icannnews

00:10: Quarantining All Traces: bluestreak cookie

00:10: Quarantining All Traces: hbmediapro cookie

00:10: Quarantining All Traces: trafficmp cookie

00:10: Warning: Launched explorer.exe

00:10: Warning: Quarantine process could not restart Explorer.

00:12: Preparing to restart your computer. Please wait...

00:12: Removal process completed. Elapsed time 00:02:00


23:32: | Start of Session, jeudi 3 novembre 2005 |

23:32: Spy Sweeper started

23:32: Sweep initiated using definitions version 564

23:32: Starting Memory Sweep

23:32: Sweep Canceled

23:32: Memory Sweep Complete, Elapsed Time: 00:00:03

23:32: Traces Found: 0

23:32: | End of Session, jeudi 3 novembre 2005 |


20:45: | Start of Session, jeudi 3 novembre 2005 |

20:45: Spy Sweeper started

20:45: Sweep initiated using definitions version 564

20:45: Starting Memory Sweep

20:46: Found Adware: icannnews

20:46: Detected running threat: C:\WINDOWS\system32\i4060edseh060.dll (ID = 83)

20:46: Detected running threat: C:\WINDOWS\system32\jzcript.dll (ID = 83)

20:47: Memory Sweep Complete, Elapsed Time: 00:02:39

20:47: Starting Registry Sweep

20:48: Found Adware: look2me

20:48: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\policies\ || dllname (ID = 911234)

20:48: Registry Sweep Complete, Elapsed Time:00:00:25

20:48: Starting Cookie Sweep

20:48: Found Spy Cookie: hbmediapro cookie

20:48: salmon@adopt.hbmediapro[2].txt (ID = 2768)

20:48: Found Spy Cookie: bluestreak cookie

20:48: salmon@bluestreak[1].txt (ID = 2314)

20:48: Found Spy Cookie: trafficmp cookie

20:48: salmon@trafficmp[2].txt (ID = 3581)

20:48: Cookie Sweep Complete, Elapsed Time: 00:00:02

20:48: Starting File Sweep

20:52: Found Adware: effective-i toolbar

20:52: 664edb3c-2731-4c28-a182-7b1f23 (ID = 106574)

20:52: Found Adware: apropos

20:52: wingenerics.dll (ID = 50187)

20:57: atmtd.dll._ (ID = 166754)

21:05: atmtd.dll (ID = 166754)

21:22: Found System Monitor: potentially rootkit-masked files

21:25: ctfcmd.exe (ID = 0)

21:31: setd3d8.exe (ID = 0)

21:31: ace.dll (ID = 0)

21:31: data.bin (ID = 0)

21:42: sdbintel.sys (ID = 0)

21:49: dns (ID = 0)

21:49: psbs32gt.exe (ID = 0)

21:49: Warning: DDAFileExists failed to resolve the MFT number for: c:\program files\netinrar\cache\00004a80_43644558_000aded6.

21:49: Warning: DDAFileExists failed to resolve the MFT number for: c:\program files\netinrar\cache\00003f4a_435c24ea_00054663.

21:49: Warning: DDAFileExists failed to resolve the MFT number for: c:\program files\netinrar\cache\0000030a_4368e3e6_000485dc.

21:49: Warning: DDAFileExists failed to resolve the MFT number for: c:\program files\netinrar\cache\0000323b_4368e1d5_000dd581.

21:50: Warning: DDAFileExists failed to resolve the MFT number for: c:\program files\netinrar\cache\00000784_43651471_0002ff0e.

21:50: Warning: DDAFileExists failed to resolve the MFT number for: c:\program files\netinrar\cache\00000822_435b321e_0002bd41.

21:50: Warning: DDAFileExists failed to resolve the MFT number for: c:\program files\netinrar\cache\00005f45_436a67d2_000d248e.

21:50: Warning: DDAFileExists failed to resolve the MFT number for: c:\program files\netinrar\cache\00001366_436a5f90_000e5e5b.

21:50: Warning: DDAFileExists failed to resolve the MFT number for: c:\program files\netinrar\cache\00006952_43595b73_000de174.

21:50: Warning: DDAFileExists failed to resolve the MFT number for: c:\program files\netinrar\cache\0000212c_4365161a_00079900.

21:50: Warning: DDAFileExists failed to resolve the MFT number for: c:\program files\netinrar\cache\00002f0c_4364ff5b_0007db41.

21:50: Warning: DDAFileExists failed to resolve the MFT number for: c:\program files\netinrar\cache\00000390_4364f5e2_000aa736.

21:53: index (ID = 0)

21:54: ai_29-10-2005.log (ID = 0)

21:54: ai_30-10-2005.log (ID = 0)

21:54: ai_02-11-2005.log (ID = 0)

21:54: ai_31-10-2005.log (ID = 0)

21:55: ai_28-10-2005.log (ID = 0)

21:56: ai_03-11-2005.log (ID = 0)

22:03: Warning: Unhandled Archive Type

22:03: Warning: Unhandled Archive Type

22:07: Warning: Unhandled Archive Type

22:08: File Sweep Complete, Elapsed Time: 01:20:06

22:08: Full Sweep has completed. Elapsed time 01:23:22

22:08: Traces Found: 1845

22:16: Removal process initiated

22:18: Quarantining All Traces: potentially rootkit-masked files

23:23: Warning: Access violation at address 00402BCF in module 'WRSSSDK.exe'. Read of address 05DF4000

23:32: Updating spyware definitions

23:32: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.

23:32: | End of Session, jeudi 3 novembre 2005 |


20:27: | Start of Session, jeudi 3 novembre 2005 |

20:27: Spy Sweeper started

20:38: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.

20:39: Updating spyware definitions

20:40: Your spyware definitions have been updated.

20:45: | End of Session, jeudi 3 novembre 2005 |





Désolé pour les 2 premiers log inutiles de spy sweeper, voici le log de dll compare



* DLLCompare Log version(

Files Found that Windows does not See or cannot Access

*Not everything listed here means you are infected!



C:\WINDOWS\SYSTEM32\dyutil.dll Wed 26 Oct 2005 23:10:52 ..S.R 234 961 229,45 K

C:\WINDOWS\SYSTEM32\i4060e~1.dll Thu 3 Nov 2005 15:02:10 ..S.R 233 657 228,18 K

C:\WINDOWS\SYSTEM32\kqdfi.dll Sun 23 Oct 2005 3:41:56 ..S.R 236 607 231,06 K

C:\WINDOWS\SYSTEM32\ktdla.dll Sun 30 Oct 2005 4:02:00 ..S.R 233 657 228,18 K

C:\WINDOWS\SYSTEM32\kudhe220.dll Thu 27 Oct 2005 23:27:00 ..S.R 235 299 229,78 K

C:\WINDOWS\SYSTEM32\m0rmla~1.dll Fri 28 Oct 2005 23:23:38 ..S.R 236 489 230,95 K

C:\WINDOWS\SYSTEM32\mgimsg.dll Fri 28 Oct 2005 11:42:02 ..S.R 234 961 229,45 K

C:\WINDOWS\SYSTEM32\mpiole16.dll Wed 26 Oct 2005 8:47:48 ..S.R 235 299 229,78 K

C:\WINDOWS\SYSTEM32\mvcpx32r.dll Fri 21 Oct 2005 17:25:42 ..S.R 235 813 230,29 K

C:\WINDOWS\SYSTEM32\n08o0a~1.dll Fri 21 Oct 2005 20:53:56 ..S.R 235 341 229,82 K

C:\WINDOWS\SYSTEM32\ondbse32.dll Sat 29 Oct 2005 0:04:18 ..S.R 235 299 229,78 K

C:\WINDOWS\SYSTEM32\q0nu0a~1.dll Thu 3 Nov 2005 19:30:26 ..S.R 234 191 228,70 K

C:\WINDOWS\SYSTEM32\safolder.dll Thu 3 Nov 2005 14:44:34 ..S.R 234 191 228,70 K

C:\WINDOWS\SYSTEM32\scclient.dll Tue 25 Oct 2005 23:22:10 ..S.R 234 961 229,45 K

C:\WINDOWS\SYSTEM32\sirrnfr.dll Thu 3 Nov 2005 1:02:38 ..S.R 234 191 228,70 K

C:\WINDOWS\SYSTEM32\wpn32spl.dll Thu 3 Nov 2005 14:52:44 ..S.R 233 657 228,18 K



1 421 items found: 1 421 files (16 H/S), 0 directories.

Total of file sizes: 293 065 813 bytes 279,49 M


Administrator Account = Vrai


--------------------End log---------------------


Mon problème semble réglé puisque je n'ai plus de fenêtres intempestives ni de messages dans spy sweeper m'indiquant que mon ordinateur essaye de se connecter à mais "est ce l'arbre qui cache la foret ?" :P]


Reste-il thread tapis dans l'ombre, des processus malveillants qui veillent chacun de mes pas?


C. Chazale paranoïaque

Posté(e) (modifié)

Bonjour Claire Chazal,


voici une version encore plus light


Lol j'adore ton sens de l'oephemisme :P

Il va falloir un peu de temps pour éplucher tout cela. Mais d'apres ce que j'ai pu voir tu as des dll infectieuse ( dll compare ne supprime pas si je ne me trompe pas, elles sont donc encore présente). Je ne sais pas si j'aurais le temps de t'analyser ses rapports mais quelqu'un s'en chargera sinon (lui souhaite bien du plaisir :P:-P ).

Bonne journée


Modifié par S.Birkoff

salut Claire, S.Birkoff :P


Fais ceci ,stp:


L2Mfix ou

- télécharger sur le bureau et double-cliquer sur le fichier L2Mfix.exe

- cliquer sur le bouton "Install" pour dézipper.

- ouvrir le dossier L2Mfix créé sur le bureau

- double-cliquer sur L2Mfix.bat et choisir l'option 1 Run Find Log (entrer 1)

- après 1 ou 2 minutes de recherche, il y a ouverture du Bloc-note ; poster le contenu sur le forum.

(ne pas utiliser l'option 2 ni aucun autre fichier du dossier L2Mfix)


Alors, alors!!!



L2MFIX find log 1.04a

These are the registry keys present



Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]








[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Unimodem]









RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above

Copyright © 1999-2001 Frank Heyne Software (

This program is Freeware, use it on your own risk!


Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:

(ID-NI) ALLOW Read BUILTIN\Utilisateurs

(ID-IO) ALLOW Read BUILTIN\Utilisateurs

(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir

(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir

(ID-NI) ALLOW Full access BUILTIN\Administrateurs

(ID-IO) ALLOW Full access BUILTIN\Administrateurs








Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]




Shell Extension key:

Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"

"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"

"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"

"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"

"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"

"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"

"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"

"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage ?cran du Panneau de configuration"

"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"

"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"

"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"

"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"

"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"

"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"

"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"

"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"

"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"

"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"

"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"

"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"


"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"


"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"

"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"

"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"

"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"

"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"

"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"

"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"

"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"

"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"

"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"

"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"

"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"

"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"

"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"

"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"

"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"

"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"

"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"

"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"

"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"

"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"

"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"


"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"

"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"



"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"


"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"

"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Page de propri‚t‚s des versions pr‚c‚dentes"

"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Versions pr‚c‚dentes"

"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"

"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"

"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"

"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"

"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"

"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"

"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"

"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="?tat du t‚l‚chargement"

"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"

"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"


"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"

"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"

"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"

"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"

"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"


"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"

"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"


"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"

"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"


"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"

"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"

"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"

"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"

"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"

"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"

"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"

"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"

"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"

"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"

"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"

"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"

"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"

"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"


"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"


"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"

"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"

"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"

"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"

"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"

"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"


"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"

"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"

"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"

"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"

"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"


"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"

"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"




"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"



"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"

"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"

"{0B124F8F-91F0-11D1-B8B5-006008059382}"="?num‚rateur d'applications install‚es"

"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"

"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"

"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"

"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"

"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"

"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"

"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"

"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"

"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"

"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"

"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"

"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"

"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"

"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"

"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"

"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"

"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"

"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"

"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"

"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"

"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"

"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"

"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"

"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"

"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"

"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"

"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"

"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"

"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"

"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"

"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"

"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"

"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"

"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"

"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"

"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"

"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"

"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"

"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"

"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"

"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"



"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"

"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"

"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."

"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"

"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"

"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"

"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web"

"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"

"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"

"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"

"{6B19FEC2-A45B-11CF-9045-00A0C9039735}"="Registered ActiveX Controls"

"{D545EBD1-BD92-11CF-8772-00A0C9039735}"="Developer Studio Components"

"{e57ce731-33e8-4c51-8354-bb4de9d215d1}"="P‚riph‚riques Plug and Play universels"

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"








"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration"




Windows Registry Editor Version 5.00





[HKEY_CLASSES_ROOT\CLSID\{F087F83E-36EF-47CB-83A3-861A9CF4F61A}\Implemented Categories]



[HKEY_CLASSES_ROOT\CLSID\{F087F83E-36EF-47CB-83A3-861A9CF4F61A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]







Windows Registry Editor Version 5.00





[HKEY_CLASSES_ROOT\CLSID\{225A7D95-7246-45CB-8845-6768CDC5C7B9}\Implemented Categories]



[HKEY_CLASSES_ROOT\CLSID\{225A7D95-7246-45CB-8845-6768CDC5C7B9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]







Windows Registry Editor Version 5.00





[HKEY_CLASSES_ROOT\CLSID\{879D1CD2-B8BE-4256-BB66-89FFB7A4C2BD}\Implemented Categories]



[HKEY_CLASSES_ROOT\CLSID\{879D1CD2-B8BE-4256-BB66-89FFB7A4C2BD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]







Windows Registry Editor Version 5.00





[HKEY_CLASSES_ROOT\CLSID\{B1ACD05F-FA25-4F7C-BE38-A103E14A9F8F}\Implemented Categories]



[HKEY_CLASSES_ROOT\CLSID\{B1ACD05F-FA25-4F7C-BE38-A103E14A9F8F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]







Windows Registry Editor Version 5.00





[HKEY_CLASSES_ROOT\CLSID\{42D17FC3-7D0B-4510-BB58-70838D8AF4CA}\Implemented Categories]



[HKEY_CLASSES_ROOT\CLSID\{42D17FC3-7D0B-4510-BB58-70838D8AF4CA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]







Windows Registry Editor Version 5.00





[HKEY_CLASSES_ROOT\CLSID\{C37C4409-184E-4B20-ADF4-73E7EF07FA89}\Implemented Categories]



[HKEY_CLASSES_ROOT\CLSID\{C37C4409-184E-4B20-ADF4-73E7EF07FA89}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]








Files Found are not all bad files:



browseui.dll Sat 3 Sep 2005 1:06:12 A.... 1 020 416 996,50 K

cdfview.dll Sat 3 Sep 2005 1:06:12 A.... 152 064 148,50 K

cdosys.dll Sat 10 Sep 2005 2:55:14 A.... 2 067 968 1,97 M

cmdlin~1.dll Thu 6 Oct 2005 14:19:02 A.... 98 304 96,00 K

cmdlin~2.dll Fri 7 Oct 2005 22:41:12 A.... 43 520 42,50 K

danim.dll Sat 3 Sep 2005 1:06:12 A.... 1 056 256 1,00 M

dxtrans.dll Sat 3 Sep 2005 1:06:12 A.... 205 312 200,50 K

dyutil.dll Wed 26 Oct 2005 23:10:52 ..S.R 234 961 229,45 K

extmgr.dll Sat 3 Sep 2005 1:06:12 A.... 55 808 54,50 K

i4060e~1.dll Thu 3 Nov 2005 15:02:10 ..S.R 233 657 228,18 K

iepeers.dll Sat 3 Sep 2005 1:06:12 A.... 251 392 245,50 K

inseng.dll Sat 3 Sep 2005 1:06:12 A.... 96 768 94,50 K

islzma.dll Fri 21 Oct 2005 15:50:14 A.... 102 912 100,50 K

kqdfi.dll Sun 23 Oct 2005 3:41:56 ..S.R 236 607 231,06 K

ktdla.dll Sun 30 Oct 2005 4:02:00 ..S.R 233 657 228,18 K

kudhe220.dll Thu 27 Oct 2005 23:27:00 ..S.R 235 299 229,78 K

linkinfo.dll Thu 1 Sep 2005 2:43:38 A.... 19 968 19,50 K

m0rmla~1.dll Fri 28 Oct 2005 23:23:38 ..S.R 236 489 230,95 K

mgimsg.dll Fri 28 Oct 2005 11:42:02 ..S.R 234 961 229,45 K

mpiole16.dll Wed 26 Oct 2005 8:47:48 ..S.R 235 299 229,78 K

mshtml.dll Tue 4 Oct 2005 16:26:06 A.... 3 013 120 2,87 M

mshtmled.dll Sat 3 Sep 2005 1:06:12 A.... 448 512 438,00 K

msrating.dll Sat 3 Sep 2005 1:06:12 A.... 146 432 143,00 K

mstime.dll Sat 3 Sep 2005 1:06:12 A.... 530 432 518,00 K

mvcpx32r.dll Fri 21 Oct 2005 17:25:42 ..S.R 235 813 230,29 K

n08o0a~1.dll Fri 21 Oct 2005 20:53:56 ..S.R 235 341 229,82 K

netman.dll Mon 22 Aug 2005 19:35:10 A.... 197 632 193,00 K

nwwks.dll Thu 11 Aug 2005 16:11:40 A.... 65 024 63,50 K

ondbse32.dll Sat 29 Oct 2005 0:04:18 ..S.R 235 299 229,78 K

pngfilt.dll Sat 3 Sep 2005 1:06:12 A.... 39 424 38,50 K

q0nu0a~1.dll Thu 3 Nov 2005 19:30:26 ..S.R 234 191 228,70 K

quartz.dll Tue 30 Aug 2005 4:55:44 A.... 1 293 312 1,23 M

safolder.dll Thu 3 Nov 2005 14:44:34 ..S.R 234 191 228,70 K

scclient.dll Tue 25 Oct 2005 23:22:10 ..S.R 234 961 229,45 K

shdocvw.dll Sat 3 Sep 2005 1:06:12 A.... 1 484 288 1,41 M

shell32.dll Fri 23 Sep 2005 4:07:00 A.... 8 506 880 8,11 M

shlwapi.dll Sat 3 Sep 2005 1:06:12 A.... 474 112 463,00 K

sirrnfr.dll Thu 3 Nov 2005 1:02:38 ..S.R 234 191 228,70 K

umpnpmgr.dll Tue 23 Aug 2005 4:39:36 A.... 124 928 122,00 K

urlmon.dll Sat 3 Sep 2005 1:06:12 A.... 605 696 591,50 K

wininet.dll Sat 3 Sep 2005 1:06:12 A.... 662 528 647,00 K

winsrv.dll Thu 1 Sep 2005 2:43:38 A.... 292 352 285,50 K

wpn32spl.dll Thu 3 Nov 2005 14:52:44 ..S.R 233 657 228,18 K

wrlogo~1.dll Mon 24 Oct 2005 12:19:50 A.... 492 544 481,00 K

wrlzma.dll Mon 24 Oct 2005 12:19:46 A.... 17 920 17,50 K


45 items found: 45 files (16 H/S), 0 directories.

Total of file sizes: 27 324 398 bytes 26,05 M

Locate .tmp files:


No matches found.


Directory Listing of system files:

Le volume dans le lecteur C n'a pas de nom.

Le num‚ro de s‚rie du volume est 7CB8-C5E4


R‚pertoire de C:\WINDOWS\System32


03/11/2005 19:30 234ÿ191 q0nu0a59ed.dll

03/11/2005 15:02 233ÿ657 i4060edseh060.dll

03/11/2005 14:52 233ÿ657 wpn32spl.dll

03/11/2005 14:44 234ÿ191 safolder.dll

03/11/2005 01:02 234ÿ191 sirrnfr.dll

30/10/2005 04:01 233ÿ657 ktdla.dll

29/10/2005 00:04 235ÿ299 ondbse32.dll

28/10/2005 23:23 236ÿ489 m0rmla911d.dll

28/10/2005 11:42 234ÿ961 mgimsg.dll

27/10/2005 23:26 235ÿ299 kudhe220.dll

26/10/2005 23:10 234ÿ961 dyutil.dll

26/10/2005 08:47 235ÿ299 mpiole16.dll

25/10/2005 23:22 234ÿ961 scclient.dll

23/10/2005 03:41 236ÿ607 kqdfi.dll

21/10/2005 20:53 235ÿ341 n08o0al3edq.dll

21/10/2005 17:25 235ÿ813 mvcpx32r.dLL

16/10/2005 17:53 <REP> dllcache

29/03/2005 15:50 <REP> Microsoft

16 fichier(s) 3ÿ758ÿ574 octets

2 R‚p(s) 171ÿ085ÿ824 octets libres




