infection - redirection google

[caretdav]

bonjour,

j'ai un souci de redirection google sur des sites comme bediddle.com, lesmeilleursliens.com, moxiesearch.com etc.

ils apparaissent systematiquement dans mes premiers resulats de recherche.

voici un rapport hijackthis tout frais, merci pour votre aide précieuse !

++

david

 

 

----------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:44:43, on 17/12/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTSERV.EXE

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\ATKKBService.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\lclock.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

D:\telechargements\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [LClock] lclock.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User '?')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User '?')

O4 - HKUS\S-1-5-21-1957994488-682003330-839522115-1003\..\Run: [LClock] lclock.exe (User '?')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User '?')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')

O4 - Global Startup: Logitech SetPoint.lnk = ?

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O15 - Trusted Zone: http://www.secuser.com

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.zebulon.fr/outils/antivirus/kav...can_unicode.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTSERV.EXE

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

 

--

End of file - 7786 bytes

[Falkra]

Bonjour, bienvenue.

 

Messages : 1

Si jamais tu as besoin de quelques infos :

Comment participer à un forum

Retrouver ses messages

 

Le logiciel qui suit n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.

Ne pas utiliser en dehors de ce cas de figure ou seul : dangereux.

 

Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).

• Assure toi que tous les programmes sont fermés avant de commencer.
  
• Double-clique combofix.exe afin de l'exécuter.
  
• Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
  
• On va te proposer de télécharger et installer la console de récupération, clique sur "Oui" au message, autorise le téléchargement dans ton firewall si demandé, puis accepte le message de contrat utilisateur final.
  
• Le bureau disparaît, c'est normal, et il va revenir.
  
• Ne ferme pas la fenêtre qui s'ouvre, tu te retrouverais avec un bureau vide.
  
• Lorsque l'analyse sera terminée, un rapport apparaîtra.
  
• Copie-colle ce rapport dans ta prochaine réponse.
  Le rapport se trouve dans : C:\Combofix.txt (si jamais).
  

[caretdav]

le vla

 

 

ComboFix 08-12-16.03 - CARETDAV 2008-12-17 18:57:02.2 - NTFSx86

 

Lancé depuis: c:\documents and settings\CARETDAV\Bureau\plop.exe

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\ntnet.drv

c:\windows\system32\sysaudio.sys

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2008-11-17 au 2008-12-17 ))))))))))))))))))))))))))))))))))))

.

 

2008-12-17 12:39 . 2008-12-17 12:39 <REP> d-------- c:\windows\system32\fr-fr

2008-12-17 12:38 . 2008-12-17 12:39 1,393 --a------ c:\windows\imsins.BAK

2008-12-17 00:34 . 2008-12-17 00:35 <REP> d-------- c:\windows\AU_Temp

2008-12-17 00:34 . 2008-12-17 00:34 21,463,593 --a------ c:\windows\VPTNFILE.713

2008-12-17 00:34 . 2008-12-17 00:34 21,463,593 --a------ c:\windows\LPT$VPN.713

2008-12-17 00:32 . 2008-12-17 00:32 <REP> d-------- c:\windows\system32\Kaspersky Lab

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-17 17:49 --------- d-----w c:\documents and settings\CARETDAV\Application Data\DNA

2008-12-17 17:30 --------- d-----w c:\program files\Mozilla Thunderbird

2008-12-17 17:29 --------- d-----w c:\program files\DNA

2008-12-16 23:35 91,744 ----a-w c:\windows\BPMNT.dll

2008-12-16 23:35 71,749 ----a-w c:\windows\hcextoutput.dll

2008-12-16 23:35 345,157 ----a-w c:\windows\TSC.exe

2008-12-16 23:35 1,213,784 ----a-w c:\windows\vsapi32.dll

2008-12-16 23:34 69,689 ----a-w c:\windows\UNZIP.DLL

2008-12-16 23:34 507,904 ----a-w c:\windows\TMUPDATE.DLL

2008-12-16 23:34 286,720 ----a-w c:\windows\PATCH.EXE

2008-12-16 18:54 --------- d-----w c:\program files\eMule

2008-12-15 22:23 --------- d-----w c:\documents and settings\CARETDAV\Application Data\BitTorrent

2008-11-23 12:22 --------- d-----w c:\documents and settings\CARETDAV\Application Data\dvdcss

2008-11-05 14:25 --------- d-----w c:\program files\Xvid

2008-11-05 14:21 --------- d-----w c:\program files\Virtual Dub

2008-11-05 14:11 --------- d-----w c:\program files\FLV Player

2008-11-02 10:06 --------- d-----w c:\program files\EasyPHP 2.0b1

2008-10-22 13:11 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2008-10-21 14:44 --------- d-----w c:\program files\BitTorrent

2008-10-21 14:11 --------- d-----w c:\program files\Microsoft Works

2008-10-21 14:10 --------- d-----w c:\program files\MSBuild

2008-10-21 14:02 --------- d-----w c:\program files\PyGrenouille

2008-09-22 08:58 7,809 ----a-w c:\program files\hijackthis.log

2007-02-04 12:14 1,455 ----a-w c:\program files\Google Earth.lnk

2006-06-06 20:25 278,528 ----a-w c:\program files\Fichiers communs\FDEUnInstaller.exe

2005-02-16 09:06 218,112 ----a-w c:\program files\HijackThis.exe

2000-06-05 15:47 32,768 ----a-w c:\program files\mozilla firefox\plugins\AppSub32.dll

2006-05-06 16:42 7,260,160 ----a-w c:\program files\mozilla firefox\plugins\libvlc.dll

.

 

------- Sigcheck -------

 

2005-06-28 17:56 359808 77c0c5e7d6cfe2052b8cf28b8722f528 c:\windows\system32\drivers\tcpip.sys

 

2005-03-02 19:13 2181632 3e2a0a4a0c0b19fc113618a9562a3b2a c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

2005-03-02 19:08 2181376 63729dd0f2aae36cc52b89c05505146c c:\windows\Driver Cache\i386\ntoskrnl.exe

2005-06-15 22:00 2321152 bebb29fbd9c14448a7bc12204a362d9e c:\windows\system32\ntoskrnl.exe

 

2005-06-15 22:01 1036288 cc5b99af6247175a151b0cc4e71c7f58 c:\windows\explorer.exe

.

((((((((((((((((((((((((((((( snapshot@2008-09-17_10.55.36.15 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-11-05 14:11:25 473,600 ----a-w c:\windows\Applian FLV Player\uninstall.exe

+ 2008-10-21 14:10:57 4,608 ----a-w c:\windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll

+ 2008-10-21 14:10:52 31,560 ----a-w c:\windows\assembly\GAC\ipdmctrl\11.0.0.0__71e9bce111e9429c\IPDMCTRL.DLL

+ 2008-10-21 14:10:55 8,007,680 ----a-w c:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll

+ 2008-10-21 14:10:52 16,712 ----a-w c:\windows\assembly\GAC\Microsoft.Office.InfoPath.Permission\12.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.Permission.dll

+ 2008-10-21 14:10:08 80,696 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\Microsoft.Office.interop.access.dao.dll

+ 2008-10-21 14:10:35 1,612,592 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll

+ 2008-10-21 14:10:35 1,276,720 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll

+ 2008-10-21 14:10:35 150,320 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll

+ 2008-10-21 14:10:52 404,296 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.SemiTrust\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.SemiTrust.dll

+ 2008-10-21 14:10:35 88,896 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll

+ 2008-10-21 14:10:35 146,232 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll

+ 2008-10-21 14:10:35 248,632 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll

+ 2008-10-21 14:10:35 232,248 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Publisher.dll

+ 2008-10-21 14:10:35 20,280 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll

+ 2008-10-21 14:10:35 781,104 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll

+ 2008-10-21 14:10:55 13,312 ----a-w c:\windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll

- 2007-02-17 19:27:25 371,296 ----a-w c:\windows\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll

+ 2008-10-21 14:10:35 371,496 ----a-w c:\windows\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll

+ 2008-10-21 14:10:35 64,288 ----a-w c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll

+ 2008-10-21 14:10:35 416,544 ----a-w c:\windows\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\OFFICE.DLL

+ 2008-10-21 14:10:08 12,104 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Access.dll

+ 2008-10-21 14:10:09 12,096 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.dll

+ 2008-10-21 14:10:42 12,096 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.dll

+ 2008-10-21 14:10:52 12,616 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml.dll

+ 2008-10-21 14:10:52 12,616 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.dll

+ 2008-10-21 14:10:47 12,112 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll

+ 2008-10-21 14:10:49 12,104 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Publisher.dll

+ 2008-10-21 14:10:43 12,104 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.dll

+ 2008-10-21 14:10:51 12,096 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll

+ 2008-10-21 14:10:44 12,080 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll

+ 2008-10-21 14:10:44 11,544 ----a-w c:\windows\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll

- 2008-04-30 00:28:26 71,749 ----a-w c:\windows\AU_Temp\1\27\hcextoutput.dll

+ 2008-12-10 00:36:32 71,749 ----a-w c:\windows\AU_Temp\1\27\hcextoutput.dll

- 2008-04-30 00:28:26 333,576 ----a-w c:\windows\AU_Temp\1\27\TSC.exe

+ 2008-12-10 00:36:32 345,157 ----a-w c:\windows\AU_Temp\1\27\tsc.exe

- 2006-11-22 15:48:28 91,744 ----a-w c:\windows\AU_Temp\2\4\BPMNT.dll

+ 2006-11-22 16:48:28 91,744 ----a-w c:\windows\AU_Temp\2\4\BPMNT.dll

- 2008-03-30 16:55:22 1,213,784 ----a-w c:\windows\AU_Temp\2\4\vsapi32.dll

+ 2008-03-30 17:55:22 1,213,784 ----a-w c:\windows\AU_Temp\2\4\vsapi32.dll

- 1999-07-23 08:53:20 129,536 ----a-w c:\windows\AuHCcup1.dll

+ 1999-07-23 09:53:20 129,536 ----a-w c:\windows\AuHCcup1.dll

- 2005-10-20 18:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE

+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE

+ 2004-08-19 16:09:20 61,440 -c----w c:\windows\ie7\admparse.dll

+ 2004-08-19 16:09:20 101,888 -c----w c:\windows\ie7\advpack.dll

+ 2005-05-02 20:57:10 1,020,416 -c----w c:\windows\ie7\browseui.dll

+ 2004-08-19 16:09:22 35,328 -c----w c:\windows\ie7\corpol.dll

+ 2004-08-19 16:09:24 357,888 -c----w c:\windows\ie7\dxtmsft.dll

+ 2004-08-19 16:09:24 201,728 -c----w c:\windows\ie7\dxtrans.dll

+ 2004-08-19 16:09:26 55,808 -c----w c:\windows\ie7\extmgr.dll

+ 2004-08-19 16:09:28 38,912 -c----w c:\windows\ie7\hmmapi.dll

+ 2004-08-19 16:09:56 34,304 -c----w c:\windows\ie7\ie4uinit.exe

+ 2004-08-19 16:09:28 139,264 -c----w c:\windows\ie7\ieakeng.dll

+ 2004-08-19 16:09:28 221,696 -c----w c:\windows\ie7\ieaksie.dll

+ 2001-08-28 14:00:00 245,760 -c----w c:\windows\ie7\ieakui.dll

+ 2004-08-19 16:09:28 323,584 -c----w c:\windows\ie7\iedkcs32.dll

+ 2005-05-01 00:19:07 18,432 -c----w c:\windows\ie7\iedw.exe

+ 2004-08-19 16:09:28 81,920 -c----w c:\windows\ie7\ieencode.dll

+ 2005-05-02 20:57:10 250,880 -c----w c:\windows\ie7\iepeers.dll

+ 2004-08-19 16:09:28 49,152 -c----w c:\windows\ie7\iernonce.dll

+ 2004-08-19 16:09:28 63,488 -c----w c:\windows\ie7\iesetup.dll

+ 2004-08-19 16:09:56 93,184 -c----w c:\windows\ie7\iexplore.exe

+ 2004-08-19 16:09:30 35,840 -c----w c:\windows\ie7\imgutil.dll

+ 2005-05-02 20:57:11 96,768 -c----w c:\windows\ie7\inseng.dll

+ 2004-08-19 16:09:32 450,560 -c----w c:\windows\ie7\jscript.dll

+ 2004-08-19 16:09:32 15,872 -c----w c:\windows\ie7\jsproxy.dll

+ 2004-08-19 16:09:32 22,528 -c----w c:\windows\ie7\licmgr10.dll

+ 2004-08-19 16:10:00 29,184 -c----w c:\windows\ie7\mshta.exe

+ 2005-05-02 11:57:12 3,011,072 -c----w c:\windows\ie7\mshtml.dll

+ 2005-05-02 20:57:11 448,512 -c----w c:\windows\ie7\mshtmled.dll

+ 2004-08-19 16:08:28 57,344 -c----w c:\windows\ie7\mshtmler.dll

+ 2001-08-28 14:00:00 146,432 -c----w c:\windows\ie7\msls31.dll

+ 2005-05-02 20:57:11 146,432 -c----w c:\windows\ie7\msrating.dll

+ 2004-08-19 16:09:36 530,432 -c----w c:\windows\ie7\mstime.dll

+ 2004-08-19 16:09:38 97,280 -c----w c:\windows\ie7\occache.dll

+ 2005-05-02 20:57:11 39,424 -c----w c:\windows\ie7\pngfilt.dll

+ 2005-05-02 20:57:12 1,484,288 -c----w c:\windows\ie7\shdocvw.dll

+ 2005-05-02 20:57:12 474,112 -c----w c:\windows\ie7\shlwapi.dll

+ 2007-09-26 17:34:42 33,472 -c----w c:\windows\ie7\spuninst\iecustom.dll

+ 2007-09-26 17:32:30 66,048 -c--a-w c:\windows\ie7\spuninst\ieResetIcons.exe

+ 2006-09-06 16:43:28 216,800 -c----w c:\windows\ie7\spuninst\spuninst.exe

+ 2006-09-06 16:43:30 394,976 -c----w c:\windows\ie7\spuninst\updspapi.dll

+ 2004-08-19 16:09:48 37,888 -c----w c:\windows\ie7\url.dll

+ 2005-05-02 20:57:12 605,696 -c----w c:\windows\ie7\urlmon.dll

+ 2004-08-19 16:09:48 417,792 -c----w c:\windows\ie7\vbscript.dll

+ 2004-08-19 16:09:48 848,384 -c----w c:\windows\ie7\vgx.dll

+ 2004-08-19 16:09:48 281,600 -c----w c:\windows\ie7\webcheck.dll

+ 2005-05-02 20:57:12 662,016 -c----w c:\windows\ie7\wininet.dll

+ 2008-10-21 14:11:33 1,165,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe

+ 2008-10-21 14:11:34 20,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe

+ 2008-10-21 14:11:33 159,504 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe

+ 2008-10-21 14:11:34 217,864 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe

+ 2008-10-21 14:11:34 18,704 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe

+ 2008-10-21 14:11:34 35,088 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe

+ 2008-10-21 14:11:33 845,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe

+ 2008-10-21 14:11:34 922,384 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe

+ 2008-10-21 14:11:34 272,648 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe

+ 2008-10-21 14:11:34 888,080 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe

+ 2008-10-21 14:11:33 1,172,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe

+ 2008-10-21 14:06:58 217,864 ----a-r c:\windows\Installer\{90120000-006E-040C-0000-0000000FF1CE}\misc.exe

+ 2002-10-15 13:29:40 77,824 ----a-w c:\windows\loadhttp.dll

- 2000-08-31 06:00:00 28,672 ----a-w c:\windows\nircmd.exe

+ 2000-08-31 07:00:00 28,672 ----a-w c:\windows\nircmd.exe

+ 2001-12-14 12:34:46 164,864 ----a-w c:\windows\patchw32.dll

+ 2005-11-02 17:07:12 99,328 ----a-w c:\windows\runtsckl.exe

- 2000-08-31 06:00:00 161,792 ----a-w c:\windows\swreg.exe

+ 2000-08-31 07:00:00 161,792 ----a-w c:\windows\swreg.exe

- 2004-08-19 16:09:20 61,440 ----a-w c:\windows\system32\admparse.dll

+ 2007-08-13 17:39:20 71,680 ----a-w c:\windows\system32\admparse.dll

- 2004-08-19 16:09:20 101,888 ----a-w c:\windows\system32\advpack.dll

+ 2007-08-13 17:39:00 123,904 ----a-w c:\windows\system32\advpack.dll

- 2005-05-02 20:57:10 1,020,416 ----a-w c:\windows\system32\browseui.dll

+ 2006-09-23 12:12:56 1,022,976 ----a-w c:\windows\system32\browseui.dll

- 2008-09-11 15:19:30 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2008-12-16 23:35:46 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2008-09-11 15:19:30 16,384 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat

+ 2008-12-16 23:35:46 16,384 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat

+ 2008-09-17 09:42:43 262,144 ----a-w c:\windows\system32\config\systemprofile\NtUser.dat

- 2004-08-19 16:09:22 35,328 ----a-w c:\windows\system32\corpol.dll

+ 2007-08-13 17:42:54 17,408 ----a-w c:\windows\system32\corpol.dll

+ 2007-08-13 17:39:20 71,680 ------w c:\windows\system32\dllcache\admparse.dll

+ 2007-08-13 17:39:00 123,904 ------w c:\windows\system32\dllcache\advpack.dll

+ 2006-09-23 12:12:56 1,022,976 ------w c:\windows\system32\dllcache\browseui.dll

+ 2007-08-13 17:42:54 17,408 ------w c:\windows\system32\dllcache\corpol.dll

+ 2007-08-13 17:54:10 33,792 ------w c:\windows\system32\dllcache\custsat.dll

+ 2007-08-13 17:35:46 346,624 ------w c:\windows\system32\dllcache\dxtmsft.dll

+ 2007-08-13 17:35:38 214,528 ------w c:\windows\system32\dllcache\dxtrans.dll

+ 2007-08-13 17:54:10 131,584 ------w c:\windows\system32\dllcache\extmgr.dll

+ 2007-08-13 17:18:02 60,416 ------w c:\windows\system32\dllcache\hmmapi.dll

+ 2007-08-13 17:39:06 54,784 ------w c:\windows\system32\dllcache\ie4uinit.exe

+ 2007-08-13 17:39:26 152,064 ------w c:\windows\system32\dllcache\ieakeng.dll

+ 2007-08-13 17:39:54 229,376 ------w c:\windows\system32\dllcache\ieaksie.dll

+ 2007-08-13 16:56:54 161,792 ------w c:\windows\system32\dllcache\ieakui.dll

+ 2007-08-13 17:39:50 382,976 ------w c:\windows\system32\dllcache\iedkcs32.dll

+ 2007-08-13 17:44:02 69,120 ------w c:\windows\system32\dllcache\iedw.exe

+ 2007-08-13 17:45:18 78,336 ------w c:\windows\system32\dllcache\ieencode.dll

+ 2007-08-13 17:54:10 191,488 ------w c:\windows\system32\dllcache\iepeers.dll

+ 2007-08-13 17:39:10 43,008 ------w c:\windows\system32\dllcache\iernonce.dll

+ 2007-08-13 17:39:12 55,296 ------w c:\windows\system32\dllcache\iesetup.dll

+ 2007-08-13 17:43:56 622,080 ------w c:\windows\system32\dllcache\iexplore.exe

+ 2007-08-13 17:36:06 36,352 ------w c:\windows\system32\dllcache\imgutil.dll

+ 2007-08-13 17:39:02 92,672 ------w c:\windows\system32\dllcache\inseng.dll

+ 2007-08-13 17:38:04 491,520 ------w c:\windows\system32\dllcache\jscript.dll

+ 2007-08-13 17:54:10 27,136 ------w c:\windows\system32\dllcache\jsproxy.dll

+ 2007-08-13 17:44:18 40,960 ------w c:\windows\system32\dllcache\licmgr10.dll

+ 2007-08-13 17:32:30 45,568 ------w c:\windows\system32\dllcache\mshta.exe

+ 2007-08-13 17:54:12 3,578,368 ------w c:\windows\system32\dllcache\mshtml.dll

+ 2007-08-13 17:54:10 475,648 ------w c:\windows\system32\dllcache\mshtmled.dll

+ 2007-08-13 17:01:12 48,128 ------w c:\windows\system32\dllcache\mshtmler.dll

+ 2007-08-13 17:54:10 156,160 ------w c:\windows\system32\dllcache\msls31.dll

+ 2007-08-13 17:44:26 192,000 ------w c:\windows\system32\dllcache\msrating.dll

+ 2007-08-13 17:54:10 670,720 ------w c:\windows\system32\dllcache\mstime.dll

+ 2007-08-13 17:44:06 101,376 ------w c:\windows\system32\dllcache\occache.dll

+ 2007-08-13 17:36:12 44,544 ------w c:\windows\system32\dllcache\pngfilt.dll

+ 2006-09-23 12:12:56 1,497,088 ------w c:\windows\system32\dllcache\shdocvw.dll

+ 2006-09-23 12:12:56 474,624 ------w c:\windows\system32\dllcache\shlwapi.dll

+ 2007-08-13 17:44:30 105,984 ------w c:\windows\system32\dllcache\url.dll

+ 2007-08-13 17:54:10 1,162,240 ------w c:\windows\system32\dllcache\urlmon.dll

+ 2007-08-13 17:54:10 413,696 ------w c:\windows\system32\dllcache\vbscript.dll

+ 2007-08-13 17:54:10 765,952 ------w c:\windows\system32\dllcache\VGX.dll

+ 2007-08-13 17:54:10 231,424 ------w c:\windows\system32\dllcache\webcheck.dll

+ 2007-08-13 17:54:10 818,688 ------w c:\windows\system32\dllcache\wininet.dll

+ 2008-05-09 11:15:51 45,376 ----a-w c:\windows\system32\drivers\avgntdd.sys

+ 2008-01-21 16:11:28 22,336 ----a-w c:\windows\system32\drivers\avgntmgr.sys

+ 2008-11-25 12:37:40 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys

+ 2007-03-01 08:34:22 28,352 ----a-w c:\windows\system32\drivers\ssmdrv.sys

- 2004-08-19 16:09:24 357,888 ----a-w c:\windows\system32\dxtmsft.dll

+ 2007-08-13 17:35:46 346,624 ----a-w c:\windows\system32\dxtmsft.dll

- 2004-08-19 16:09:24 201,728 ----a-w c:\windows\system32\dxtrans.dll

+ 2007-08-13 17:35:38 214,528 ----a-w c:\windows\system32\dxtrans.dll

- 2004-08-19 16:09:26 55,808 ----a-w c:\windows\system32\extmgr.dll

+ 2007-08-13 17:54:10 131,584 ----a-w c:\windows\system32\extmgr.dll

- 2003-08-03 17:56:16 1,146,184 ----a-w c:\windows\system32\FM20.DLL

+ 2006-10-26 12:10:08 1,190,688 ----a-w c:\windows\system32\FM20.DLL

+ 2006-10-26 12:10:06 33,088 ----a-w c:\windows\system32\FM20ENU.DLL

- 2003-07-31 18:46:08 42,128 ----a-w c:\windows\system32\FM20FRA.DLL

+ 2006-10-26 12:42:36 36,160 ----a-w c:\windows\system32\FM20FRA.DLL

- 2008-07-27 09:30:06 504,216 ----a-w c:\windows\system32\FNTCACHE.DAT

+ 2008-11-20 12:39:09 572,048 ----a-w c:\windows\system32\FNTCACHE.DAT

+ 2007-08-13 17:36:26 61,952 ------w c:\windows\system32\icardie.dll

+ 2006-06-29 07:05:44 26,112 ------w c:\windows\system32\idndl.dll

- 2004-08-19 16:09:56 34,304 ----a-w c:\windows\system32\ie4uinit.exe

+ 2007-08-13 17:39:06 54,784 ----a-w c:\windows\system32\ie4uinit.exe

- 2004-08-19 16:09:28 139,264 ----a-w c:\windows\system32\ieakeng.dll

+ 2007-08-13 17:39:26 152,064 ----a-w c:\windows\system32\ieakeng.dll

- 2004-08-19 16:09:28 221,696 ----a-w c:\windows\system32\ieaksie.dll

+ 2007-08-13 17:39:54 229,376 ----a-w c:\windows\system32\ieaksie.dll

- 2001-08-28 14:00:00 245,760 ----a-w c:\windows\system32\ieakui.dll

+ 2007-08-13 16:56:54 161,792 ----a-w c:\windows\system32\ieakui.dll

+ 2007-02-12 15:10:12 2,451,312 ------w c:\windows\system32\ieapfltr.dat

+ 2007-07-11 11:27:48 383,488 ------w c:\windows\system32\ieapfltr.dll

- 2004-08-19 16:09:28 323,584 ----a-w c:\windows\system32\iedkcs32.dll

+ 2007-08-13 17:39:50 382,976 ----a-w c:\windows\system32\iedkcs32.dll

- 2004-08-19 16:09:28 81,920 ----a-w c:\windows\system32\ieencode.dll

+ 2007-08-13 17:45:18 78,336 ----a-w c:\windows\system32\ieencode.dll

+ 2007-08-13 17:54:10 6,049,280 ------w c:\windows\system32\ieframe.dll

- 2005-05-02 20:57:10 250,880 ----a-w c:\windows\system32\iepeers.dll

+ 2007-08-13 17:54:10 191,488 ----a-w c:\windows\system32\iepeers.dll

- 2004-08-19 16:09:28 49,152 ----a-w c:\windows\system32\iernonce.dll

+ 2007-08-13 17:39:10 43,008 ----a-w c:\windows\system32\iernonce.dll

+ 2007-08-13 17:34:04 266,752 ------w c:\windows\system32\iertutil.dll

- 2004-08-19 16:09:28 63,488 ----a-w c:\windows\system32\iesetup.dll

+ 2007-08-13 17:39:12 55,296 ----a-w c:\windows\system32\iesetup.dll

+ 2007-08-13 17:39:10 13,312 ----a-w c:\windows\system32\ieudinit.exe

+ 2007-08-13 17:54:10 180,736 ------w c:\windows\system32\ieui.dll

- 2004-08-19 16:09:30 35,840 ----a-w c:\windows\system32\imgutil.dll

+ 2007-08-13 17:36:06 36,352 ----a-w c:\windows\system32\imgutil.dll

- 2002-08-21 04:10:16 204,800 ----a-w c:\windows\system32\INKED.DLL

+ 2006-10-26 11:45:04 207,360 ----a-w c:\windows\system32\INKED.DLL

- 2005-05-02 20:57:11 96,768 ----a-w c:\windows\system32\inseng.dll

+ 2007-08-13 17:39:02 92,672 ----a-w c:\windows\system32\inseng.dll

- 2004-08-19 16:09:32 450,560 ----a-w c:\windows\system32\jscript.dll

+ 2007-08-13 17:38:04 491,520 ----a-w c:\windows\system32\jscript.dll

- 2004-08-19 16:09:32 15,872 ----a-w c:\windows\system32\jsproxy.dll

+ 2007-08-13 17:54:10 27,136 ----a-w c:\windows\system32\jsproxy.dll

+ 2005-05-16 18:34:48 213,048 ----a-w c:\windows\system32\Kaspersky Lab\Kaspersky On-line Scanner\kavss.dll

+ 2005-10-13 11:00:58 65,536 ----a-w c:\windows\system32\Kaspersky Lab\Kaspersky On-line Scanner\kavuninstall.exe

+ 2005-10-13 11:00:56 790,528 ----a-w c:\windows\system32\Kaspersky Lab\Kaspersky On-line Scanner\kavwebscan.dll

- 2004-08-19 16:09:32 22,528 ----a-w c:\windows\system32\licmgr10.dll

+ 2007-08-13 17:44:18 40,960 ----a-w c:\windows\system32\licmgr10.dll

- 2007-11-21 00:52:38 2,884,992 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll

+ 2008-10-05 03:24:02 3,695,008 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll

- 2007-11-21 00:52:40 218,496 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

+ 2008-10-05 03:24:04 235,936 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

- 2008-02-29 09:51:51 70,264 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe

+ 2008-10-30 18:37:25 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe

- 2003-06-19 00:31:48 17,920 ----a-w c:\windows\system32\mdimon.dll

+ 2006-10-26 17:58:10 30,512 ----a-w c:\windows\system32\mdimon.dll

+ 2007-08-13 17:54:10 458,752 ------w c:\windows\system32\msfeeds.dll

+ 2007-08-13 17:54:10 50,688 ------w c:\windows\system32\msfeedsbs.dll

+ 2007-08-13 17:36:40 12,288 ------w c:\windows\system32\msfeedssync.exe

- 2004-08-19 16:10:00 29,184 ----a-w c:\windows\system32\mshta.exe

+ 2007-08-13 17:32:30 45,568 ----a-w c:\windows\system32\mshta.exe

- 2005-05-02 11:57:12 3,011,072 ----a-w c:\windows\system32\mshtml.dll

+ 2007-08-13 17:54:12 3,578,368 ----a-w c:\windows\system32\mshtml.dll

- 2005-05-02 20:57:11 448,512 ----a-w c:\windows\system32\mshtmled.dll

+ 2007-08-13 17:54:10 475,648 ----a-w c:\windows\system32\mshtmled.dll

- 2004-08-19 16:08:28 57,344 ----a-w c:\windows\system32\mshtmler.dll

+ 2007-08-13 17:01:12 48,128 ----a-w c:\windows\system32\mshtmler.dll

- 2001-08-28 14:00:00 146,432 ----a-w c:\windows\system32\msls31.dll

+ 2007-08-13 17:54:10 156,160 ----a-w c:\windows\system32\msls31.dll

- 2005-05-02 20:57:11 146,432 ----a-w c:\windows\system32\msrating.dll

+ 2007-08-13 17:44:26 192,000 ----a-w c:\windows\system32\msrating.dll

- 2004-08-19 16:09:36 530,432 ----a-w c:\windows\system32\mstime.dll

+ 2007-08-13 17:54:10 670,720 ----a-w c:\windows\system32\mstime.dll

+ 2006-06-28 16:59:26 24,576 ------w c:\windows\system32\nlsdl.dll

+ 2006-06-29 07:05:44 23,552 ------w c:\windows\system32\normaliz.dll

- 2004-08-19 16:09:38 97,280 ----a-w c:\windows\system32\occache.dll

+ 2007-08-13 17:44:06 101,376 ----a-w c:\windows\system32\occache.dll

- 2008-09-16 10:24:14 53,608 ----a-w c:\windows\system32\perfc009.dat

+ 2008-12-17 11:47:12 53,608 ----a-w c:\windows\system32\perfc009.dat

- 2008-09-16 10:24:14 64,492 ----a-w c:\windows\system32\perfc00C.dat

+ 2008-12-17 11:47:12 64,492 ----a-w c:\windows\system32\perfc00C.dat

- 2008-09-16 10:24:14 383,254 ----a-w c:\windows\system32\perfh009.dat

+ 2008-12-17 11:47:12 383,254 ----a-w c:\windows\system32\perfh009.dat

- 2008-09-16 10:24:14 447,772 ----a-w c:\windows\system32\perfh00C.dat

+ 2008-12-17 11:47:12 447,772 ----a-w c:\windows\system32\perfh00C.dat

- 2005-05-02 20:57:11 39,424 ----a-w c:\windows\system32\pngfilt.dll

+ 2007-08-13 17:36:12 44,544 ----a-w c:\windows\system32\pngfilt.dll

- 2005-05-02 20:57:12 1,484,288 ----a-w c:\windows\system32\shdocvw.dll

+ 2006-09-23 12:12:56 1,497,088 ----a-w c:\windows\system32\shdocvw.dll

- 2005-05-02 20:57:12 474,112 ----a-w c:\windows\system32\shlwapi.dll

+ 2006-09-23 12:12:56 474,624 ----a-w c:\windows\system32\shlwapi.dll

- 2003-06-19 00:31:44 758,784 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mdigraph.dll

+ 2006-10-26 17:58:24 793,392 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mdigraph.dll

- 2003-06-19 00:31:46 35,328 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mdiui.dll

+ 2006-10-26 17:58:16 65,328 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mdiui.dll

- 2003-06-19 00:31:44 758,784 ----a-w c:\windows\system32\spool\drivers\w32x86\mdigraph.dll

+ 2006-10-26 17:58:24 793,392 ----a-w c:\windows\system32\spool\drivers\w32x86\mdigraph.dll

- 2003-06-19 00:31:46 35,328 ----a-w c:\windows\system32\spool\drivers\w32x86\mdiui.dll

+ 2006-10-26 17:58:16 65,328 ----a-w c:\windows\system32\spool\drivers\w32x86\mdiui.dll

- 2003-06-19 00:31:48 18,944 ----a-w c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll

+ 2006-10-26 17:58:12 30,512 ----a-w c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll

- 2004-08-19 16:09:48 37,888 ----a-w c:\windows\system32\url.dll

+ 2007-08-13 17:44:30 105,984 ----a-w c:\windows\system32\url.dll

- 2005-05-02 20:57:12 605,696 ----a-w c:\windows\system32\urlmon.dll

+ 2007-08-13 17:54:10 1,162,240 ----a-w c:\windows\system32\urlmon.dll

- 2004-08-19 16:09:48 417,792 ----a-w c:\windows\system32\vbscript.dll

+ 2007-08-13 17:54:10 413,696 ----a-w c:\windows\system32\vbscript.dll

- 2004-08-19 16:09:48 281,600 ----a-w c:\windows\system32\webcheck.dll

+ 2007-08-13 17:54:10 231,424 ----a-w c:\windows\system32\webcheck.dll

+ 2007-08-13 17:45:16 206,336 ------w c:\windows\system32\WinFXDocObj.exe

- 2005-05-02 20:57:12 662,016 ----a-w c:\windows\system32\wininet.dll

+ 2007-08-13 17:54:10 818,688 ----a-w c:\windows\system32\wininet.dll

- 2002-08-21 04:13:12 189,952 ----a-w c:\windows\system32\WISPTIS.EXE

+ 2006-10-26 11:45:04 293,376 ----a-w c:\windows\system32\WISPTIS.EXE

+ 2006-07-14 15:51:51 121,856 ------w c:\windows\system32\xmllite.dll

- 2006-04-20 14:00:02 856,064 ----a-w c:\windows\system32\xvidcore.dll

+ 2006-11-01 13:52:38 765,952 ----a-w c:\windows\system32\xvidcore.dll

- 2006-02-27 13:30:34 217,088 ----a-w c:\windows\system32\xvidvfw.dll

+ 2006-11-01 13:54:30 180,224 ----a-w c:\windows\system32\xvidvfw.dll

.

-- Instantané actualisé --

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]

"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-11-12 342336]

"LClock"="lclock.exe" [2004-12-08 c:\windows\LClock.exe]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]

"SoundMan"="SOUNDMAN.EXE" [2005-04-15 c:\windows\SOUNDMAN.EXE]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 c:\windows\KHALMNPR.Exe]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 c:\windows\KHALMNPR.Exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"LSD_III"="c:\windows\LSD\end.cmd" [2005-07-14 2310]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-06-04 688128]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoSMBalloonTip"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2007-01-30 01:15 65536 c:\program files\Fichiers communs\Logitech\Bluetooth\LBTWlgn.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.X264"= x264vfw.dll

"VIDC.3iv2"= 3ivxVfWCodec.dll

"VIDC.HFYU"= huffyuv.dll

"vidc.i263"= i263_32.drv

"VIDC.VP31"= vp31vfw.dll

"msacm.l3fhg"= mp3fhg.acm

"msacm.imc"= imc32.acm

"VIDC.VP40"= vp4vfw.dll

"vidc.mpng"= c:\program files\Zweistein t@b (montage video)\0.957\686\tabdec.dll

"vidc.mvjp"= c:\program files\Zweistein t@b (montage video)\0.957\686\tabdec.dll

"vidc.444p"= c:\program files\Zweistein t@b (montage video)\0.957\686\tabdec.dll

"aux"= sysaudio.sys

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk

backup=c:\windows\pss\BTTray.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

--a------ 2008-07-22 19:42 116040 c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2005-10-28 16:25 94208 c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]

--a------ 2007-08-31 20:01 1037736 c:\program files\Microsoft IntelliPoint\ipoint.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero DriveSpeed]

--a------ 2005-10-24 23:36 602112 c:\progra~1\Nero\Nero 7\Nero Toolkit\DriveSpeed.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16bf31b0-83f1-11dd-b427-806d6172696f}]

\Shell\AutoRun\command - H:\WDSetup.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c5e46f7-3ce7-11dc-b277-0013d48d8831}]

\Shell\AutoRun\command - H:\LaunchU3.exe

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.fr/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s

IE: E&xporter vers Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000

IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

FF - ProfilePath - c:\documents and settings\CARETDAV\Application Data\Mozilla\Firefox\Profiles\x2g5djz7.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/

FF - plugin: c:\program files\DNA\plugins\npbtdna.dll

FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava11.dll

FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava12.dll

FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava13.dll

FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava14.dll

FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava32.dll

FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJPI150_07.dll

FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPOJI610.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NpIpx32.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-17 18:57:40

Windows 5.1.2600 Service Pack 2 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(736)

c:\windows\system32\Ati2evxx.dll

c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll

c:\program files\fichiers communs\logitech\bluetooth\LBTServ.dll

c:\program files\fichiers communs\logitech\bluetooth\lbtintw.dll

c:\windows\system32\BtCoreIf.dll

.

Heure de fin: 2008-12-17 18:58:13

ComboFix-quarantined-files.txt 2008-12-17 17:58:00

ComboFix2.txt 2008-09-17 08:55:53

ComboFix3.txt 2007-06-06 19:24:18

 

Avant-CF: 20 191 866 880 octets libres

Après-CF: 20,197,249,024 octets libres

 

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

 

484

[Falkra]

Dis, ça serait pas un windows LSD ?

[caretdav]

oui, une vieille copie que je traine depuis des années ... mais il me semble que j'ai deja fait appel à ce forum et que ça n'a pas posé de problème ... c si grave que ça ?

[Falkra]

Il faudra réinstaller un vrai windows, complet et authentique. De toute manière la charte du forum va contre ce type de windows.

C'est le meilleur conseil que je puisse te donner.

 

tu peux essayer ce type de réinstallation, pour garder tes données (sans formatage) :

http://www.micro-astuce.com/depannage/reparation-windows-XP

[caretdav]

mais lsd est installé sur un xp pro valide !

merci pour le lien, je vais voir ce que je peux faire

++

[Falkra]

Sans doute, mais ces versions posent des problèmes, en raison des allègements justement, et des réactions des programmes spéciaux face à cela.

 

Nous ne pourrons pas faire grand chose.