Cheval de Troie qui se connecte à Msn ??

Fabriice45 -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour, souvent quand je rentre chez moi le soir g sur mon ordinateur le message me disant que je suis connecter à messenger sur un autre ordinateur alors que ce n est pas le cas. Mon anti virus Kasperski 2009 détecte des trojans mais g l impressions qu'il ne les éradique pas tous . ca commence a m inquiéter. Merci de m 'aider !!
A voir également:

13 réponses

Réponse 1 / 13
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt tu as le rapport kaspersky? mets le nous


et


Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit
0
Réponse 2 / 13
Fabriice45
 
ok je vais le faire de suite merci et je l envoi
0
Réponse 3 / 13
Fabriice45
 
voila ce qu'il y a ds log

Logfile of random's system information tool 1.05 (written by random/random)
Run by Fabrice et Stéphanie at 2008-12-19 21:40:19
Microsoft® Windows Vista™ Édition Familiale Premium
System drive C: has 77 GB (55%) free of 141 GB
Total RAM: 2046 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:40:21, on 19/12/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Lexmark 4800 Series\lxdemon.exe
C:\Program Files\Lexmark 4800 Series\lxdeamon.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Canal\Canal Widget\Canal Widget.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Fabrice et Stéphanie\Program Files\DNA\btdna.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\Fabrice et Stéphanie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OC11JHFK\RSIT[1].exe
C:\Program Files\trend micro\Fabrice et Stéphanie.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [lxdemon.exe] "C:\Program Files\Lexmark 4800 Series\lxdemon.exe"
O4 - HKLM\..\Run: [lxdeamon] "C:\Program Files\Lexmark 4800 Series\lxdeamon.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Canal Widget] "C:\Program Files\Canal\Canal Widget\Launcher.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Fabrice et Stéphanie\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: fluxhttp - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdeCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdeserv.exe
O23 - Service: lxde_device - - C:\Windows\system32\lxdecoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
0
Réponse 4 / 13
Fabriice45
 
voila ce qu'il y a ds info

info.txt logfile of random's system information tool 1.05 2008-12-19 21:35:45

======Uninstall list======

-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Bricks of Egypt\Uninstall.exe"
-->"C:\Program Files\HP Games\Chicken Invaders 3 - Revenge of the Yolk\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash 2 Restaurant Rescue\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Fish Tycoon\Uninstall.exe"
-->"C:\Program Files\HP Games\Gem Shop\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Magic Academy\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Ocean Express\Uninstall.exe"
-->"C:\Program Files\HP Games\Peggle\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\Puzzle Express\Uninstall.exe"
-->"C:\Program Files\HP Games\Shooting Stars Pool\Uninstall.exe"
-->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Sudoku Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - A New Home\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
Adobe Shockwave Player-->MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}
Apple Software Update-->MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Burn4Free CD and DVD-->"C:\Program Files\Burn4Free\uninstall.exe"
CANAL WIDGET-->MsiExec.exe /X{04DA096D-6236-4A5D-8FB6-3081E67009BA}
Cerebral Training - Mon coach particulier-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7E41A97B-173F-4B0F-A3EE-3F278979D9D7}\Setup.exe" -l0x40c
Condemned - Criminal Origins-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB47D7EA-7EF1-475C-9C14-AF5B8FCA45E2}\setup.exe" -l0x40c -removeonly
CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
eMule-->"C:\Program Files\eMule\Uninstall.exe"
ESU for Microsoft Vista-->MsiExec.exe /I{AD3FDC40-BCF4-476D-A2D6-C4B154DD9DF5}
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)-->C:\PROGRA~1\WinTV\UNSftMCE.EXE C:\PROGRA~1\WinTV\softMCE.LOG
Hewlett-Packard Active Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD0E2B92-3814-46F0-893B-4612EA010C7E}\setup.exe" -l0x9 -removeonly
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}\setup.exe" -l0x9 -removeonly
HP Help and Support-->MsiExec.exe /I{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}
HP Quick Launch Buttons 6.30 E1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x040c uninst
HP QuickPlay 3.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP QuickTouch 1.00 C4-->MsiExec.exe /I{7DC4A410-9986-4329-9E5D-687B2C42CA39}
HP Total Care Advisor-->MsiExec.exe /X{b02df929-29a7-4fd2-9a70-81a644b635f7}
HP Update-->MsiExec.exe /X{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}
HP User Guides 0088-->MsiExec.exe /I{8347A7A5-4AB8-433F-82AA-496B0D189A9B}
HP Wireless Assistant-->MsiExec.exe /I{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}
Installation Wizard-->"C:\Program Files\Setup Wizard\unins000.exe"
Intel® Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall
Lexmark 4800 Series-->C:\Program Files\Lexmark 4800 Series\Install\x86\Uninst.exe
Lexmark Barre d'outils-->regsvr32.exe /s /u "C:\Program Files\Lexmark Toolbar\toolband.dll"
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
livebox-->C:\Program Files\InstallShield Installation Information\{17342E3B-0818-4A6F-BFF8-99476605ADD6}\Setup.exe -runfromtemp -l0x040c -removeonly
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{3B160861-7250-451E-B5EE-8B92BF30A710}
Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Motorola SM56 Data Fax Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller
MSCU for Microsoft Vista-->MsiExec.exe /I{E87F5651-CE15-493F-AE99-3B670E25A54E}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
Nero 8 Trial-->MsiExec.exe /X{D6C9AF27-9414-46C8-B9D8-D878BA041036}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
QuickPlay SlingPlayer 0.4.4-->"C:\Program Files\HP\QuickPlay\unins000.exe"
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x040c -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
Ressources Windows Mobile-->C:\Program Files\Ressources Windows Mobile\Windows Mobile Device Handbook\Bin\DHUninstall.exe
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x40c anything
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Solutions de télécopie Lexmark-->C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Tir aux lapins 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{86CD3EEB-E39B-4978-8A26-A44D4686ED25}\SETUP.EXE" -l0x40c
Trojan Remover 6.7.5-->"C:\Program Files\Trojan Remover\unins000.exe"
TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
VC_MergeModuleToMSI-->MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B2}

======Security center information======

AV: Kaspersky Internet Security
AV: Norton Internet Security (outdated)
FW: Norton Internet Security
FW: Kaspersky Internet Security
AS: AVG Anti-Spyware (outdated)
AS: Windows Defender
AS: Kaspersky Internet Security
AS: Norton Internet Security (outdated)

System event log

Computer Name: PC-Fab-et-Steph
Event Code: 4201
Message: Le système a détecté que la carte réseau Connexion réseau sans fil était connectée au réseau, et a lancé une opération normale.
Record Number: 210932
Source Name: Tcpip
Time Written: 20081219161842.352000-000
Event Type: Information
User:

Computer Name: P
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 13
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
tu as le rapport kaspersky?
0
Réponse 6 / 13
Fabriice45
 
ou trouves tu le rapport kaspersky ?
0
Réponse 7 / 13
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
tu scanne avec kaspersky et tu colle le rapport


ou



colle le rapport d'un scan en ligne
avec un des suivants:


bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
0
Réponse 8 / 13
Fabriice45
 
ok c ce que je suis en train de faire
0
Réponse 9 / 13
Fabriice45
 
voici deja aussi le rapport sur l etat du systeme


Rapport d'йtude du systиme
Kaspersky Internet Security 2009 8.0.0.506 (base de donnйes publiйe 20/12/2008; 11:35)

Liste des processus
Nom du fichier PID Description Copyright MD5 Informations
c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe
Script: Quarantaine, Supprimer, Supprimer via BC, Quitter 1936 Kaspersky Anti-Virus Copyright © Kaspersky Lab 1996-2008. ?? 201.26 ko, rsAh,
crйй le: 11/11/2008 19:59:16,
modifiй le: 11/11/2008 19:59:16
Ligne de commande:
"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r
c:\users\fabrice et stйphanie\program files\dna\btdna.exe
Script: Quarantaine, Supprimer, Supprimer via BC, Quitter 1268 ?? Erreur lors de la rйception des informations sur le fichier,
le nom contient un caractиre national
Ligne de commande:
btdna.exe /BRINGTOFRONT
c:\program files\canal\canal widget\canal widget.exe
Script: Quarantaine, Supprimer, Supprimer via BC, Quitter 3500 ?? 93.00 ko, rsAh,
crйй le: 24/10/2008 15:00:52,
modifiй le: 17/12/2008 16:01:43
Ligne de commande:
"Canal Widget.exe" 13579 1
c:\program files\canal\canal widget\vod\canalplus.vod.exe
Script: Quarantaine, Supprimer, Supprimer via BC, Quitter 1948 CanalPlus.VOD.Service Copyright © Canal+ Active 2008 ?? 60.00 ko, rsAh,
crйй le: 17/12/2008 12:37:39,
modifiй le: 18/12/2008 20:08:01
Ligne de commande:
"C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe"
c:\program files\hewlett-packard\hp advisor\hpadvisor.exe
Script: Quarantaine, Supprimer, Supprimer via BC, Quitter 3988 HP Advisor Copyright @ Hewlett Packard 2006 ?? 1741.34 ko, rsAh,
crйй le: 01/10/2007 16:10:48,
modifiй le: 01/10/2007 16:10:48
Ligne de commande:
"C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" autoRun
c:\program files\hewlett-packard\hp health check\hphc_service.exe
Script: Quarantaine, Supprimer, Supprimer via BC, Quitter 3476 HP Health Check Service 2006-2007 Hewlett-Packard Development Company, L P. ?? 64.00 ko, rsAh,
crйй le: 19/09/2007 17:30:52,
modifiй le: 19/09/2007 17:30:52
Ligne de commande:
"c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe"
c:\program files\intel\intel matrix storage manager\iaanotif.exe
Script: Quarantaine, Supprimer, Supprimer via BC, Quitter 3996 Event Monitor User Notification Tool Copyright(C) Intel Corporation 2003-2007 ?? 170.52 ko, rsAh,
crйй le: 21/03/2008 18:47:11,
modifiй le: 25/07/2007 07:02:42
Ligne de commande:
"C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe"
c:\program files\internet explorer\iexplore.exe
Script: Quarantaine, Supprimer, Supprimer via BC, Quitter 3264 Internet Explorer © Microsoft Corporation. Tous droits rйservйs. ?? 619.16 ko, rsAh,
crйй le: 10/12/2008 06:41:08,
modifiй le: 16/10/2008 05:42:58
Ligne de commande:
"C:\Program Files\Internet Explorer\iexplore.exe"
c:\program files\lexmark 4800 series\lxdeamon.exe
Script: Quarantaine, Supprimer, Supprimer via BC, Quitter 2668 Printer Card Transfer Monitor ?? 20.00 ko, rsAh,
crйй le: 18/08/2008 19:56:56,
modifiй le: 01/06/2007 09:06:09
Ligne de commande:
"C:\Program Files\Lexmark 4800 Series\lxdeamon.exe"
c:\program files\lexmark 4800 series\lxdemon.exe
Script: Quarantaine, Supprimer, Supprimer via BC, Quitter 2052 Printer Device Monitor ?? 444.92 ko, rsAh,
crйй le: 18/08/2008 19:56:42,
modifiй le: 11/06/2007 14:53:14
Ligne de commande:
"C:\Program Files\Lexmark 4800 Series\lxdemon.exe"
c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe
Script: Quarantaine, Supprimer, Supprimer via BC, Quitter 5508 Windows Presentation Foundation Font Cache Service © Microsoft Corporation. All rights reserved. ?? 36.00 ko, rsAh,
crйй le: 02/11/2006 13:36:00,
modifiй le: 02/11/2006 13:36:00
Ligne de commande:
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\spoolsv.exe
Script: Quarantaine, Supprimer, Supprimer via BC, Quitter 1692 Application sous-systиme spouleur © Microsoft Corporation. Tous droits rйservйs. ?? 122.00 ko, rsAh,
crйй le: 02/11/2006 10:15:34,
modifiй le: 02/11/2006 10:45:46
Ligne de commande:
C:\Windows\System32\spoolsv.exe
Dйtectйs:87, dont un nombre d'inoffensifs йgal а 84
Nom du module Handle Description Copyright MD5 Processus en cours d'utilisation
C:\Program Files\Canal\Canal Widget\Canal Widget.exe
Script: Quarantaine, Supprimer, Supprimer via BC 4194304 ?? 3500
C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.Common.dll
Script: Quarantaine, Supprimer, Supprimer via BC 1923743744 CanalPlus.VOD.Common Copyright © Canal+ Active 2008 -- 1948
C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.DownloadManager.dll
Script: Quarantaine, Supprimer, Supprimer via BC 1923416064 CanalPlus.VOD.DownloadManager Copyright © Canal+ Active 2008 -- 1948
C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
Script: Quarantaine, Supprimer, Supprimer via BC 13893632 CanalPlus.VOD.Service Copyright © Canal+ Active 2008 ?? 1948
C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.Net.dll
Script: Quarantaine, Supprimer, Supprimer via BC 1910898688 CanalPlus.VOD.Net Copyright © Canal+ Active 2008 -- 1948
C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.Plugin.dll
Script: Quarantaine, Supprimer, Supprimer via BC 1925382144 CanalPlus.VOD.Plugin Copyright © Canal+ Active 2008 -- 1948
C:\Program Files\Hewlett-Packard\HP Advisor\Content.dll
Script: Quarantaine, Supprimer, Supprimer via BC 1813315584 Content Copyright © Hewlett-Packard Company 2006 -- 3988
C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
Script: Quarantaine, Supprimer, Supprimer via BC 1804009472 -- 3988
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.Common.Windows.dll
Script: Quarantaine, Supprimer, Supprimer via BC 1835335680 Windows Copyright © Hewlett-Packard Company 2006 -- 3988
C:\Program Files\Hewlett-Packard\HP Advisor\InterfaceServices.dll
Script: Quarantaine, Supprimer, Supprimer via BC 1962344448 HP Advisor - InterfaceServices Copyright © Hewlett-Packard Company 2006 -- 3988
C:\Program Files\Hewlett-Packard\HP Advisor\Interop.RulesEngineLib.dll
Script: Quarantaine, Supprimer, Supprimer via BC 1781465088 -- 3988
C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
Script: Quarantaine, Supprimer, Supprimer via BC 1781399552 Clients Copyright © 2006 -- 3988
C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
Script: Quarantaine, Supprimer, Supprimer via BC 1810169856 Interface Copyright © 2006 -- 3988
C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
Script: Quarantaine, Supprimer, Supprimer via BC 1810104320 Messages Copyright © 2006 -- 3988
C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
Script: Quarantaine, Supprimer, Supprimer via BC 1810235392 Server Copyright © 2006 -- 3988
C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\Market\Interop.MLDeskBand.dll
Script: Quarantaine, Supprimer, Supprimer via BC 1804075008 -- 3988
C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\Market\MarketPillar.dll
Script: Quarantaine, Supprimer, Supprimer via BC 1805647872 hpPillarMarket Copyright @ Hewlett Packard 2006 -- 3988
C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
Script: Quarantaine, Supprimer, Supprimer via BC 1804140544 PCAlerts Copyright @ 2006 -- 3988
C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCHealthSecurity\PCHealthSecurityPillar.dll
Script: Quarantaine, Supprimer, Supprimer via BC 1809842176 PC Health & Security Pillar Copyright @ Hewlett-Packard Company 2006 -- 3988
C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCHelp\HowToPillar.dll
Script: Quarantaine, Supprimer, Supprimer via BC 1812660224 HowTo Copyright @ HP 2006 -- 3988
C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
Script: Quarantaine, Supprimer, Supprimer via BC 1837039616 RemotingClient Copyright © 2006 -- 3988
C:\Program Files\Hewlett-Packard\HP Advisor\SystemStatus.dll
Script: Quarantaine, Supprimer, Supprimer via BC 1805713408 SystemStatus Copyright © Hewlett-Packard Company 2006 -- 3988
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAMon_FRA.dll
Script: Quarantaine, Supprimer, Supprimer via BC 3932160 Event Monitor User Notification Tool Copyright(C) Intel Corporation 2003-2007 -- 3996
C:\Program Files\Lexmark 4800 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll
Script: Quarantaine, Supprimer, Supprimer via BC 268435456 -- 2668
C:\Program Files\Lexmark 4800 Series\app4r.devmons.mcmdevmon.dll
Script: Quarantaine, Supprimer, Supprimer via BC 1861681152 -- 2668
C:\Program Files\Lexmark 4800 Series\App4R.Monitor.Common.dll
Script: Quarantaine, Supprimer, Supprimer via BC 1961230336 -- 2668
C:\Program Files\Lexmark 4800 Series\App4R.Monitor.Core.dll
Script: Quarantaine, Supprimer, Supprimer via BC 1956970496 -- 2668
C:\Program Files\Lexmark 4800 Series\lxdemonr.dll
Script: Quarantaine, Supprimer, Supprimer via BC 12648448 Copyright © 2005 -- 2052
C:\Program Files\Lexmark 4800 Series\lxdescw.dll
Script: Quarantaine, Supprimer, Supprimer via BC 268435456 -- 2052
C:\Program Files\Lexmark Fax Solutions\ipcmt.dll
Script: Quarantaine, Supprimer, Supprimer via BC 7471104 IPC Core Dll Copyright (C) 2003 -- 1692
C:\Program Files\Lexmark Toolbar\resource.dll
Script: Quarantaine, Supprimer, Supprimer via BC 44761088 -- 3264
C:\Program Files\Lexmark Toolbar\toolband.dll
Script: Quarantaine, Supprimer, Supprimer via BC 268435456 -- 3264
C:\ProgramData\Kaspersky Lab\AVP8\Bases\klavemu.kdl
Script: Quarantaine, Supprimer, Supprimer via BC 943718400 Heuristics engine Copyright © Kaspersky Lab 1996-2008. -- 1936
C:\Users\Fabrice et Stйphanie\Program Files\DNA\btdna.exe
Script: Quarantaine, Supprimer, Supprimer via BC 4194304 ?? 1268
C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
Script: Quarantaine, Supprimer, Supprimer via BC 1836580864 HP Active Support Library 2006-2007 Hewlett-Packard Development Company, L P. -- 3476
C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\81e201b865ca4b1dc1baa769353a1d32\PresentationCore.ni.dll
Script: Quarantaine, Supprimer, Supprimer via BC 1401159680 Windows Presentation Foundation Core Components Library © Microsoft Corporation. All rights reserved. -- 3988, 5508
C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\7633a09e08c8e47895c22bed87b9c939\PresentationFontCache.ni.exe
Script: Quarantaine, Supprimer, Supprimer via BC 805306368 Windows Presentation Foundation Font Cache Service © Microsoft Corporation. All rights reserved. -- 5508
C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7108eaf5b5973bf7cdbdb47875e616e4\PresentationFramework.Aero.ni.dll
Script: Quarantaine, Supprimer, Supprimer via BC 59375616 Windows Presentation Foundation Aero Theme © Microsoft Corporation. All rights reserved. -- 3988
C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a9141ad6851ff94ece503a1898c4ca3a\PresentationFramework.ni.dll
Script: Quarantaine, Supprimer, Supprimer via BC 1424293888 Windows Presentation Foundation Framework Library © Microsoft Corporation. All rights reserved. -- 3988
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\8fbca0140921ed343cb511595869a0ed\System.Runtime.Remoting.ni.dll
Script: Quarantaine, Supprimer, Supprimer via BC 1735852032 Microsoft .NET Runtime Object Remoting © Microsoft Corporation. All rights reserved. -- 3988, 3476
C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
Script: Quarantaine, Supprimer, Supprimer via BC 1667629056 Kaspersky Anti-Virus Single Scanner Library Copyright (C) 1999-2002 Kaspersky Lab. -- 3264
C:\Windows\System32\LXF3OEM.DLL
Script: Quarantaine, Supprimer, Supprimer via BC 268435456 Lexmark Fax Solutions Software Copyright (C) 2004 -- 1692
C:\Windows\System32\LXF3PMON.DLL
Script: Quarantaine, Supprimer, Supprimer via BC 1346371584 Print Monitor (Win2k/WinXP) -- 1692
C:\Windows\System32\LXF3PMRC.DLL
Script: Quarantaine, Supprimer, Supprimer via BC 7536640 Copyright (c) 2003 -- 1692
Modules dйcouverts:817, dont un nombre d'inoffensifs йgal а 773

Modules de l'espace du noyau
Module Adresse de base Taille dans la mйmoire Description Fournisseur
C:\Windows\System32\Drivers\dump_iaStor.sys
Script: Quarantaine, Supprimer, Supprimer via BC 8EAB9000 0C7000 (815104)
C:\Windows\system32\DRIVERS\ithsgt.sys
Script: Quarantaine, Supprimer, Supprimer via BC 9CF18000 028000 (163840)
C:\Windows\system32\DRIVERS\lilsgt.sys
Script: Quarantaine, Supprimer, Supprimer via BC 9C5E2000 003000 (12288)
Modules dйcouverts - 156, inoffensifs - 153

Services
Service Description Йtat Le fichier Groupe Dйpendance
CanalPlus.VOD
Service: Arrкter, Supprimer, Dйsactiver CanalPlus.VOD Fonctionne C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
Script: Quarantaine, Supprimer, Supprimer via BC
Com4Qlb
Service: Arrкter, Supprimer, Dйsactiver Com4Qlb Non exйcutйs C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
Script: Quarantaine, Supprimer, Supprimer via BC RPCSS
msiserver
Service: Arrкter, Supprimer, Dйsactiver Windows Installer Non exйcutйs C:\Windows\system32\msiexec
Script: Quarantaine, Supprimer, Supprimer via BC rpcss
Dйtectйs - 151, inoffensifs - 148

Pilotes
Service Description Йtat Le fichier Groupe Dйpendance
ithsgt
Pilote: Dйcharger, Supprimer, Dйsactiver ithsgt Fonctionne C:\Windows\system32\DRIVERS\ithsgt.sys
Script: Quarantaine, Supprimer, Supprimer via BC
lilsgt
Pilote: Dйcharger, Supprimer, Dйsactiver lilsgt Fonctionne C:\Windows\system32\DRIVERS\lilsgt.sys
Script: Quarantaine, Supprimer, Supprimer via BC
blbdrive
Pilote: Dйcharger, Supprimer, Dйsactiver blbdrive Non exйcutйs C:\Windows\system32\drivers\blbdrive.sys
Script: Quarantaine, Supprimer, Supprimer via BC
IpInIp
Pilote: Dйcharger, Supprimer, Dйsactiver IP in IP Tunnel Driver Non exйcutйs C:\Windows\system32\DRIVERS\ipinip.sys
Script: Quarantaine, Supprimer, Supprimer via BC Tcpip
NwlnkFlt
Pilote: Dйcharger, Supprimer, Dйsactiver IPX Traffic Filter Driver Non exйcutйs C:\Windows\system32\DRIVERS\nwlnkflt.sys
Script: Quarantaine, Supprimer, Supprimer via BC NwlnkFwd
NwlnkFwd
Pilote: Dйcharger, Supprimer, Dйsactiver IPX Traffic Forwarder Driver Non exйcutйs C:\Windows\system32\DRIVERS\nwlnkfwd.sys
Script: Quarantaine, Supprimer, Supprimer via BC
SymIM
Pilote: Dйcharger, Supprimer, Dйsactiver Symantec Network Security Intermediate Filter Service Non exйcutйs C:\Windows\system32\DRIVERS\SymIM.sys
Script: Quarantaine, Supprimer, Supprimer via BC
SymIMMP
Pilote: Dйcharger, Supprimer, Dйsactiver SymIMMP Non exйcutйs C:\Windows\system32\DRIVERS\SymIM.sys
Script: Quarantaine, Supprimer, Supprimer via BC
Dйtectйs - 241, inoffensifs - 233

Lancement automatique
Nom du fichier Йtat Mйthode de lancement Description
[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
Script: Quarantaine, Supprimer, Supprimer via BC Actif Clй de registre HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, HP Health Check Scheduler
rdpclip
Script: Quarantaine, Supprimer, Supprimer via BC Actif Clй de registre HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd, StartupPrograms
Йlйments de lancement automatique dйcouverts - 58, inoffensifs - 56

Modules d'extension de Microsoft Internet Explorer (BHO, panneau ...)
Nom du fichier Type Description Fournisseur CLSID
BHO {02478D38-C3F9-4efb-9B51-7695ECA05670}
Supprimer
C:\Program Files\Lexmark Toolbar\toolband.dll
Script: Quarantaine, Supprimer, Supprimer via BC BHO {1017A80C-6F09-4548-A84D-EDD6AC9525F0}
Supprimer
BHO {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}
Supprimer
BHO {7E853D72-626A-48EC-A868-BA8D5E23E045}
Supprimer
Panneau {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Supprimer
C:\Program Files\Lexmark Toolbar\toolband.dll
Script: Quarantaine, Supprimer, Supprimer via BC Panneau {1017A80C-6F09-4548-A84D-EDD6AC9525F0}
Supprimer
Module d'extension {2670000A-7350-4f3c-8081-5663EE0C6C49}
Supprimer
Йlйments dйcouverts - 16, inoffensifs - 9

Modules d'extension de l'Explorateur Windows
Nom du fichier Cible Description Fournisseur CLSID
%CommonProgramFiles%\System\Ole DB\oledb32.dll
Script: Quarantaine, Supprimer, Supprimer via BC Microsoft Data Link {2206CDB2-19C1-11D1-89E0-00C04FD7A829}
lnkfile {00020d75-0000-0000-c000-000000000046}
Color Control Panel Applet {b2c761c6-29bc-4f19-9251-e6195265baf1}
Add New Hardware {7A979262-40CE-46ff-AEEE-7884AC3B6136}
Get Programs Online {3e7efb4c-faf1-453d-89eb-56026875ef90}
Taskbar and Start Menu {0DF44EAA-FF21-4412-828E-260A8728E7F1}
ActiveDirectory Folder {1b24a030-9b20-49bc-97ac-1be4426f9e59}
ActiveDirectory Folder {34449847-FD14-4fc8-A75A-7432F5181EFB}
Sam Account Folder {C8494E42-ACDD-4739-B0FB-217361E4894F}
Sam Account Folder {E29F9716-5C08-4FCD-955A-119FDB5A522D}
Control Panel command object for Start menu {5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}
Default Programs command object for Start menu {E44E5D18-0652-4508-A4E2-8A090067BCB0}
Folder Options {6dfd7c5c-2451-11d3-a299-00c04f8ef6af}
Explorer Query Band {2C2577C2-63A7-40e3-9B7F-586602617ECB}
View Available Networks {38a98528-6cbf-4ca9-8dc0-b1e1d10f7b1b}
%CommonProgramFiles%\System\wab32.dll
Script: Quarantaine, Supprimer, Supprimer via BC Windows Contact Preview Handler {13D3C4B8-B179-4ebb-BF62-F704173E7448}
Contacts folder {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48}
%CommonProgramFiles%\System\wab32.dll
Script: Quarantaine, Supprimer, Supprimer via BC .group shell extension handler {4F58F63F-244B-4c07-B29F-210BE59BE9B4}
%CommonProgramFiles%\System\wab32.dll
Script: Quarantaine, Supprimer, Supprimer via BC .contact shell extension handler {8082C5E6-4C27-48ec-A809-B8E1122E8F97}
%CommonProgramFiles%\System\wab32.dll
Script: Quarantaine, Supprimer, Supprimer via BC group_wab_auto_file {16C2C29D-0E5F-45f3-A445-03E03F587B7D}
%CommonProgramFiles%\System\wab32.dll
Script: Quarantaine, Supprimer, Supprimer via BC contact_wab_auto_file {CF67796C-F57F-45F8-92FB-AD698826C602}
Windows Firewall {4026492f-2f69-46b8-b9bf-5654fc07e423}
Problem Reports and Solutions {fcfeecae-ee1b-4849-ae50-685dcf7717ec}
iSCSI Initiator {a304259d-52b8-4526-8b1a-a1d6cecc8243}
.cab or .zip files {911051fa-c21c-4246-b470-070cd8df6dc4}
Windows Search Shell Service {da67b8ad-e81b-4c70-9b91b417b5e33527}
Microsoft.ScannersAndCameras {00f2886f-cd64-4fc9-8ec5-30ef6cdbe8c3}
"C:\Windows\System32\rundll32.exe" "C:\Program Files\\Windows Photo Gallery\PhotoViewer.dll",ImageView_COMServer {9D687A4C-1404-41ef-A089-883B6FBECDE6}
Script: Quarantaine, Supprimer, Supprimer via BC Windows Photo Gallery Viewer Autoplay Handler {9D687A4C-1404-41ef-A089-883B6FBECDE6}
Windows Sidebar Properties {37efd44d-ef8d-41b1-940d-96973a50e9e0}
Windows Features {67718415-c450-4f3c-bf8a-b487642dc39b}
Windows Defender {d8559eb9-20c0-410e-beda-7ed416aecc2a}
Mobility Center Control Panel {5ea4f148-308c-46d7-98a9-49041b1dd468}
%CommonProgramFiles%\microsoft shared\ink\TipBand.dll
Script: Quarantaine, Supprimer, Supprimer via BC Tablet PC Input Panel {15D633E2-AD00-465b-9EC7-F56B7CDF8E27}
"C:\Program Files\\Windows Media Player\wmprph.exe"
Script: Quarantaine, Supprimer, Supprimer via BC Windows Media Player Rich Preview Handler {031EE060-67BC-460d-8847-E4A7C5E45A27}
User Accounts {7A9D77BD-5403-11d2-8785-2E0420524153}
C:\Windows\System32\ShellvRTF.dll
Script: Quarantaine, Supprimer, Supprimer via BC ShellViewRTF ShellvRTF Copyright © 2002-2006,2007 {7F67036B-66F1-411A-AD85-759FB9C5B0DB}
C:\PROGRA~1\COMMON~1\fluxDVD\Lib\XEB\XEBShell.dll
Script: Quarantaine, Supprimer, Supprimer via BC fluxDVD Shell Extension fluxDVD Shell Extension Copyright © 2005-2007 ACE GmbH {C9CF278C-460E-4917-BC43-3F75E6E47D3D}
C:\Windows\System32\b4fm.dll
Script: Quarantaine, Supprimer, Supprimer via BC ShellPlusContextMenu {1C311AAA-D8B1-4A0A-BEE5-2387FEC583DA}
Йlйments dйcouverts - 296, inoffensifs - 258

Modules d'extension du systиme d'impression (moniteurs d'impression, fournisseurs)
Nom du fichier Type Dйsignation Description Fournisseur
LXF3PMON.DLL
Script: Quarantaine, Supprimer, Supprimer via BC Moniteur Lexmark Print-2-Fax Port Print Monitor (Win2k/WinXP)
Йlйments dйcouverts - 9, inoffensifs - 8

Programmation des tвches Task Scheduler
Nom du fichier Nom de la tвche Йtat de la tвche Description Fournisseur
Йlйments dйcouverts - 1, inoffensifs - 1

Paramиtres SPI/LSP
Fournisseur d'espace de nom (NSP) Fournisseur Йtat Fichier exйc. Description GUID
Dйtectйs - 6, inoffensifs - 6
Fournisseurs de protocole de transfert (TSP, LSP) Fournisseur Fichier exйc. Description
Dйtectйs - 20, inoffensifs - 20
Rйsultats de l'analyse automatique des paramиtres SPI Les paramиtres LSP ont йtй vйrifiйs. Aucune erreur n'a йtй identifiйe


Ports TCP/UDP
Port Йtat Remote Host Remote Port Application Remarques
Ports TCP
7 LISTENING 0.0.0.0 0 [0]
9 LISTENING 0.0.0.0 0 [0]
13 LISTENING 0.0.0.0 0 [0]
17 LISTENING 0.0.0.0 0 [0]
19 LISTENING 0.0.0.0 0 [0]
135 LISTENING 0.0.0.0 0 [0]
139 LISTENING 0.0.0.0 0 [0]
990 LISTENING 0.0.0.0 0 [0]
1110 ESTABLISHED 127.0.0.1 52193 [0]
1110 ESTABLISHED 127.0.0.1 52376 [0]
1110 ESTABLISHED 127.0.0.1 52383 [0]
1110 TIME_WAIT 127.0.0.1 52387 [0]
1110 ESTABLISHED 127.0.0.1 52391 [0]
1110 TIME_WAIT 127.0.0.1 52392 [0]
1110 TIME_WAIT 127.0.0.1 52397 [0]
1110 TIME_WAIT 127.0.0.1 52400 [0]
1110 ESTABLISHED 127.0.0.1 52406 [0]
1110 ESTABLISHED 127.0.0.1 52407 [0]
1110 TIME_WAIT 127.0.0.1 52430 [0]
1110 TIME_WAIT 127.0.0.1 52433 [0]
1110 TIME_WAIT 127.0.0.1 52435 [0]
1110 TIME_WAIT 127.0.0.1 52442 [0]
1110 TIME_WAIT 127.0.0.1 52496 [0]
1110 TIME_WAIT 127.0.0.1 52499 [0]
1110 TIME_WAIT 127.0.0.1 52502 [0]
1110 TIME_WAIT 127.0.0.1 52503 [0]
1110 TIME_WAIT 127.0.0.1 52511 [0]
1110 ESTABLISHED 127.0.0.1 52514 [0]
1110 TIME_WAIT 127.0.0.1 52516 [0]
1110 TIME_WAIT 127.0.0.1 52520 [0]
1110 TIME_WAIT 127.0.0.1 52523 [0]
1110 TIME_WAIT 127.0.0.1 52526 [0]
1110 TIME_WAIT 127.0.0.1 52527 [0]
1110 TIME_WAIT 127.0.0.1 52532 [0]
1110 TIME_WAIT 127.0.0.1 52535 [0]
1110 TIME_WAIT 127.0.0.1 52541 [0]
1110 TIME_WAIT 127.0.0.1 52544 [0]
1110 TIME_WAIT 127.0.0.1 52549 [0]
1110 ESTABLISHED 127.0.0.1 52552 [0]
1110 TIME_WAIT 127.0.0.1 52557 [0]
1110 ESTABLISHED 127.0.0.1 52560 [0]
1110 TIME_WAIT 127.0.0.1 52563 [0]
1110 ESTABLISHED 127.0.0.1 52566 [0]
1110 ESTABLISHED 127.0.0.1 52569 [0]
1110 TIME_WAIT 127.0.0.1 52572 [0]
1110 TIME_WAIT 127.0.0.1 52575 [0]
1110 TIME_WAIT 127.0.0.1 52578 [0]
1110 ESTABLISHED 127.0.0.1 52581 [0]
1110 ESTABLISHED 127.0.0.1 63856 [0]
1110 LISTENING 0.0.0.0 0 [0]
5679 LISTENING 0.0.0.0 0 [0]
7438 LISTENING 0.0.0.0 0 [0]
10005 LISTENING 0.0.0.0 0 [0]
19780 LISTENING 0.0.0.0 0 [0]
49152 LISTENING 0.0.0.0 0 [0]
49153 LISTENING 0.0.0.0 0 [0]
49154 LISTENING 0.0.0.0 0 [0]
49155 LISTENING 0.0.0.0 0 [0]
49156 LISTENING 0.0.0.0 0 [0]
49157 ESTABLISHED 127.0.0.1 49205 [0]
49157 LISTENING 0.0.0.0 0 [0]
49159 LISTENING 0.0.0.0 0 [0]
49184 LISTENING 0.0.0.0 0 [0]
49205 ESTABLISHED 127.0.0.1 49157 [0]
52193 ESTABLISHED 127.0.0.1 1110 [0]
52195 ESTABLISHED 85.12.58.201 80 [0]
52198 TIME_WAIT 81.52.160.16 80 [0]
52209 TIME_WAIT 91.103.137.193 80 [0]
52261 TIME_WAIT 81.52.160.59 80 [0]
52375 TIME_WAIT 81.52.160.16 80 [0]
52376 ESTABLISHED 127.0.0.1 1110 [0]
52378 ESTABLISHED 81.52.160.16 80 [0]
52381 TIME_WAIT 81.52.160.56 80 [0]
52383 ESTABLISHED 127.0.0.1 1110 [0]
52385 TIME_WAIT 81.52.160.16 80 [0]
52389 ESTABLISHED 81.52.160.16 80 [0]
52391 ESTABLISHED 127.0.0.1 1110 [0]
52394 ESTABLISHED 91.103.137.193 80 [0]
52405 TIME_WAIT 81.52.160.16 80 [0]
52406 ESTABLISHED 127.0.0.1 1110 [0]
52407 ESTABLISHED 127.0.0.1 1110 [0]
52411 ESTABLISHED 81.52.160.16 80 [0]
52412 ESTABLISHED 81.52.160.16 80 [0]
52429 TIME_WAIT 81.52.160.10 80 [0]
52441 TIME_WAIT 81.52.160.27 80 [0]
52514 ESTABLISHED 127.0.0.1 1110 [0]
52518 ESTABLISHED 81.52.160.59 80 [0]
52552 ESTABLISHED 127.0.0.1 1110 [0]
52554 ESTABLISHED 209.62.179.54 80 [0]
52560 ESTABLISHED 127.0.0.1 1110 [0]
52562 ESTABLISHED 207.123.61.126 80 [0]
52566 ESTABLISHED 127.0.0.1 1110 [0]
52568 ESTABLISHED 74.125.77.157 80 [0]
52569 ESTABLISHED 127.0.0.1 1110 [0]
52571 ESTABLISHED 74.125.77.157 80 [0]
52581 ESTABLISHED 127.0.0.1 1110 [0]
52583 ESTABLISHED 66.102.9.127 80 [0]
63777 LISTENING 0.0.0.0 0 [0]
63856 ESTABLISHED 127.0.0.1 1110 [0]
63858 ESTABLISHED 207.46.111.44 1863 [0]
Ports UDP
7 LISTENING -- -- [0]
9 LISTENING -- -- [0]
13 LISTENING -- -- [0]
17 LISTENING -- -- [0]
19 LISTENING -- -- [0]
123 LISTENING -- -- [0]
137 LISTENING -- -- [0]
138 LISTENING -- -- [0]
161 LISTENING -- -- [0]
500 LISTENING -- -- [0]
520 LISTENING -- -- [0]
1900 LISTENING -- -- [0]
1900 LISTENING -- -- [0]
1900 LISTENING -- -- [0]
4500 LISTENING -- -- [0]
8284 LISTENING -- -- [0]
39032 LISTENING -- -- [0]
50226 LISTENING -- -- [0]
50829 LISTENING -- -- [0]
52479 LISTENING -- -- [0]
52480 LISTENING -- -- [0]
57264 LISTENING -- -- [0]
59418 LISTENING -- -- [0]
61097 LISTENING -- -- [0]
61470 LISTENING -- -- [0]
63330 LISTENING -- -- [0]
63777 LISTENING -- -- [0]
65352 LISTENING -- -- [0]

Downloaded Program Files (DPF)
Nom du fichier Description Fournisseur CLSID URL de chargement
Йlйments dйcouverts - 10, inoffensifs - 10

Applet du panneau d'administration (CPL)
Nom du fichier Description Fournisseur
Йlйments dйcouverts - 23, inoffensifs - 23

Active Setup
Nom du fichier Description Fournisseur CLSID
Йlйments dйcouverts - 10, inoffensifs - 10

Fichier HOSTS
Ecriture du fichier Hosts



127.0.0.1 localhost


::1 localhost



Rapports et traitements
Nom du fichier Type Description Fournisseur CLSID
Йlйments dйcouverts - 21, inoffensifs - 21

Objets suspects
Le fichier Description Type
c:\users\fabrice et stйphanie\program files\dna\btdna.exe
Script: Quarantaine, Supprimer, Supprimer via BC Suspicion de RootKit Suspicion de RootKit
C:\ProgramData\Kaspersky Lab\AVP8\Bases\klavemu.kdl
Script: Quarantaine, Supprimer, Supprimer via BC Suspicion de KeyLogger Suspicion de Keylogger ou de DLL de cheval de Troie


--------------------------------------------------------------------------------

Script principal d'йtude
Version de Windows: Windows Vista (TM) Home Premium, Build=6000, SP=""
Restauration du systиme: active
>>>> Suspicion de dissimulation d'un fichier de processus: c:\users\fabrice et stйphanie\program files\dna\btdna.exe
1.1 Recherche d'intercepteurs API fonctionnant en UserMode
Analyse kernel32.dll, un tableau d'exportation a йtй trouvй dans la section .text
Fonction kernel32.dll:CreateProcessA (150) a йtй interceptй, mйthode ProcAddressHijack.GetProcAddress ->76691D5C->6DA41370
Fonction kernel32.dll:CreateProcessW (153) a йtй interceptй, mйthode ProcAddressHijack.GetProcAddress ->76691D27->6DA413D0
Fonction kernel32.dll:FreeLibrary (334) a йtй interceptй, mйthode ProcAddressHijack.GetProcAddress ->766D45A7->6DA41530
Fonction kernel32.dll:GetModuleFileNameA (502) a йtй interceptй, mйthode ProcAddressHijack.GetProcAddress ->766DB578->6DA41470
Fonction kernel32.dll:GetModuleFileNameW (503) a йtй interceptй, mйthode ProcAddressHijack.GetProcAddress ->766D99ED->6DA414B0
Fonction kernel32.dll:GetProcAddress (546) a йtй interceptй, mйthode ProcAddressHijack.GetProcAddress ->766D4120->6DA41570
Fonction kernel32.dll:LoadLibraryA (754) a йtй interceptй, mйthode ProcAddressHijack.GetProcAddress ->766B9A9E->6DA410B0
Fonction kernel32.dll:LoadLibraryExA (755) a йtй interceptй, mйthode ProcAddressHijack.GetProcAddress ->766B9A76->6DA41230
Fonction kernel32.dll:LoadLibraryExW (756) a йtй interceptй, mйthode ProcAddressHijack.GetProcAddress ->766B95AF->6DA412F0
Fonction kernel32.dll:LoadLibraryW (757) a йtй interceptй, mйthode ProcAddressHijack.GetProcAddress ->766B9727->6DA41170
Une modification d'IAT a йtй identifiйe: LoadLibraryW - 00D40010<>766B9727
Une modification d'IAT a йtй identifiйe: GetModuleFileNameW - 00D4003A<>766D99ED
Une modification d'IAT a йtй identifiйe: GetModuleFileNameA - 00D40064<>766DB578
Une modification d'IAT a йtй identifiйe: CreateProcessA - 00D400B8<>76691D5C
Une modification d'IAT a йtй identifiйe: LoadLibraryA - 00D4010C<>766B9A9E
Une modification d'IAT a йtй identifiйe: GetProcAddress - 00D40136<>766D4120
Une modification d'IAT a йtй identifiйe: FreeLibrary - 00D40160<>766D45A7
Analyse ntdll.dll, un tableau d'exportation a йtй trouvй dans la section .text
Analyse user32.dll, un tableau d'exportation a йtй trouvй dans la section .text
Analyse advapi32.dll, un tableau d'exportation a йtй trouvй dans la section .text
Analyse ws2_32.dll, un tableau d'exportation a йtй trouvй dans la section .text
Analyse wininet.dll, un tableau d'exportation a йtй trouvй dans la section .text
Analyse rasapi32.dll, un tableau d'exportation a йtй trouvй dans la section .text
Analyse urlmon.dll, un tableau d'exportation a йtй trouvй dans la section .text
Analyse netapi32.dll, un tableau d'exportation a йtй trouvй dans la section .text
1.2 Recherche d'intercepteurs API fonctionnant en mode KernelMode
Le chargement du pilote a rйussi
SDT trouvй (RVA=131B00)
Noyau ntkrnlpa.exe trouvй dans la mйmoire а l'adresse 82000000
SDT = 82131B00
KiST = 820807B4 (398)
Fonctions vйrifiйes: 398, interception de: 0, restauration de: 0
1.3 Analyse d'IDT et de SYSENTER
Analyse pour le processeur 1
Analyse pour le processeur 2
L'analyse d'IDT et de SYSENTER est terminйe
Le chargement du pilote a rйussi
1.5 Analyse des dispositifs de traitement IRP
L'analyse est terminйe
C:\ProgramData\Kaspersky Lab\AVP8\Bases\klavemu.kdl --> Suspicion de Keylogger ou de DLL de cheval de Troie
C:\ProgramData\Kaspersky Lab\AVP8\Bases\klavemu.kdl>>> Analyse du comportement
Aucun comportement typique des enregistreurs de frappe n'a йtй enregistrй
Remarque : il NE FAUT PAS supprimer les fichiers suspects mais bien les envoyer pour analyse (cf. dйtails dans les FAQ et l'aide) car il existe de nombreux intercepteurs de bibliothиques dynamiques utiles
Suspicion de chargement dissimulй de bibliothиques via AppInit_DLLs: "C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"
>> Services: un service potentiellement dangereux est autorisй TermService (@%SystemRoot%\System32\termsrv.dll,-268)
>> Services: un service potentiellement dangereux est autorisй SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100)
>> Services: un service potentiellement dangereux est autorisй Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
> Services : Attention - la sйlection de services exploitйs sur l'ordinateur dйpend du domaine d'application de celui-ci (ordinateur particulier, ordinateur dans un rйseau d'entreprise ...)!
>> Sйcuritй : le lancement automatique des programmes depuis le cйdйrom est autorisй
>> Sйcuritй : l'accиs en tant qu'administrateur aux disques locaux (C$, D$...) est autorisй
>> Sйcuritй: un utilisateur anonyme peut accйder а l'ordinateur
>> Sйcuritй : l'envoi d'une invitation а un assistant а distance est autorisй
>> Dйsactiver le lancement automatique depuis le disque dur
>> Dйsactiver le lancement automatique depuis les disques de rйseau
>> Dйsactiver le lancement automatique depuis le cйdйrom
>> Dйsactivez le lancement automatique depuis les disques amovibles
L'йtude du systиme est en cours

Instructions du script
Ajouter des commandes au script:Neutralisation des interceptions de fonctions а l'aide d'un antirootkitActiver AVZGuardBootCleaner - importation de la liste des fichiers supprimйsNettoyer le registre aprиs la suppression des fichiersBootCleaner - activationRedйmarrerIntroduire un champ pour QuarantineFile() - mise en quarantaine du fichierIntroduire un champ pour BC_QrFile() - mise du fichier en quarantaine via BCIntroduire un champ pour DeleteFile() - suppression du fichierIntroduire un champ pour DelCLSID() - suppression de la classe CLSID du registreOpйrations complйmentaires:Optimisation - dйsactiver le service TermService (@%SystemRoot%\System32\termsrv.dll,-268)Optimisation - dйsactiver le service SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100)Optimisation - dйsactiver le service Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)Optimisation - sйcuritй - dйsactiver le lancement automatique des programmes depuis le cйdйromOptimisation - sйcuritй - dйsactiver l'accиs en tant qu'administrateur aux disques locauxOptimisation - sйcuritй - bloquer la connexion des utilisateurs anonymesSйcuritй - interdire l'envoi d'invitations а un assistant а distance--------------------------------------------------------------------------------
Liste des fichiers
0
Réponse 10 / 13
Fabriice45
 
y a ca aussi ds le rapport du systeme

<?xml version="1.0" encoding="windows-1251" ?>
- <!-- AVZ XML Report
-->
- <AVZ>
- <PROCESS>
<ITEM PID="1936" File="c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe" CheckResult="0" Descr="Kaspersky Anti-Virus" LegalCopyright="Copyright © Kaspersky Lab 1996-2008." Hidden="-1" CmdLine=""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r" Size="206088" Attr="rsAh" CreateDate="11/11/2008 19:59:16" ChageDate="11/11/2008 19:59:16" MD5="16784221EA2556605EAD8F09439CA638" />
<ITEM PID="1268" File="c:\users\fabrice et stйphanie\program files\dna\btdna.exe" CheckResult="-1" Descr="" LegalCopyright="" CmdLine="btdna.exe /BRINGTOFRONT" NationalName="Y" />
<ITEM PID="3500" File="c:\program files\canal\canal widget\canal widget.exe" CheckResult="-1" Descr="" LegalCopyright="" CmdLine=""Canal Widget.exe" 13579 1" Size="95232" Attr="rsAh" CreateDate="24/10/2008 15:00:52" ChageDate="17/12/2008 16:01:43" MD5="303087EC95750D6FCCB8BFA1E4DDC632" />
<ITEM PID="1948" File="c:\program files\canal\canal widget\vod\canalplus.vod.exe" CheckResult="-1" Descr="CanalPlus.VOD.Service" LegalCopyright="Copyright © Canal+ Active 2008" CmdLine=""C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe"" Size="61440" Attr="rsAh" CreateDate="17/12/2008 12:37:39" ChageDate="18/12/2008 20:08:01" MD5="C903CE49BB8E714CFA573E2966D4D0A9" />
<ITEM PID="3988" File="c:\program files\hewlett-packard\hp advisor\hpadvisor.exe" CheckResult="0" Descr="HP Advisor" LegalCopyright="Copyright @ Hewlett Packard 2006" Hidden="-1" CmdLine=""C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" autoRun" Size="1783136" Attr="rsAh" CreateDate="01/10/2007 16:10:48" ChageDate="01/10/2007 16:10:48" MD5="A75685AEE9F5BE8163A2074068BD6B54" />
<ITEM PID="3476" File="c:\program files\hewlett-packard\hp health check\hphc_service.exe" CheckResult="0" Descr="HP Health Check Service" LegalCopyright="2006-2007 Hewlett-Packard Development Company, L P." Hidden="-1" CmdLine=""c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe"" Size="65536" Attr="rsAh" CreateDate="19/09/2007 17:30:52" ChageDate="19/09/2007 17:30:52" MD5="0D26C438E2938A3E6BDD91173BC96FF0" />
<ITEM PID="3996" File="c:\program files\intel\intel matrix storage manager\iaanotif.exe" CheckResult="0" Descr="Event Monitor User Notification Tool" LegalCopyright="Copyright(C) Intel Corporation 2003-2007" Hidden="-1" CmdLine=""C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe"" Size="174616" Attr="rsAh" CreateDate="21/03/2008 18:47:11" ChageDate="25/07/2007 07:02:42" MD5="FBC211A75FE4C2DEAA10B130728D376D" />
<ITEM PID="3264" File="c:\program files\internet explorer\iexplore.exe" CheckResult="0" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. Tous droits rйservйs." Hidden="-1" CmdLine=""C:\Program Files\Internet Explorer\iexplore.exe"" Size="634024" Attr="rsAh" CreateDate="10/12/2008 06:41:08" ChageDate="16/10/2008 05:42:58" MD5="D762642A109433EEDCD332B0A9511137" />
<ITEM PID="2668" File="c:\program files\lexmark 4800 series\lxdeamon.exe" CheckResult="0" Descr="Printer Card Transfer Monitor" LegalCopyright="" Hidden="-1" CmdLine=""C:\Program Files\Lexmark 4800 Series\lxdeamon.exe"" Size="20480" Attr="rsAh" CreateDate="18/08/2008 19:56:56" ChageDate="01/06/2007 09:06:09" MD5="9D8762E2802C4E34CFD41DBB3D934CAE" />
<ITEM PID="2052" File="c:\program files\lexmark 4800 series\lxdemon.exe" CheckResult="0" Descr="Printer Device Monitor" LegalCopyright="" Hidden="-1" CmdLine=""C:\Program Files\Lexmark 4800 Series\lxdemon.exe"" Size="455600" Attr="rsAh" CreateDate="18/08/2008 19:56:42" ChageDate="11/06/2007 14:53:14" MD5="F53DB15F76283D29065F339FA6DA089B" />
<ITEM PID="5508" File="c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe" CheckResult="0" Descr="Windows Presentation Foundation Font Cache Service" LegalCopyright="© Microsoft Corporation. All rights reserved." Hidden="-1" CmdLine="C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe" Size="36864" Attr="rsAh" CreateDate="02/11/2006 13:36:00" ChageDate="02/11/2006 13:36:00" MD5="7EF57375636991F794BF40B522A8E7EF" />
<ITEM PID="1692" File="c:\windows\system32\spoolsv.exe" CheckResult="0" Descr="Application sous-systиme spouleur" LegalCopyright="© Microsoft Corporation. Tous droits rйservйs." Hidden="-1" CmdLine="C:\Windows\System32\spoolsv.exe" Size="124928" Attr="rsAh" CreateDate="02/11/2006 10:15:34" ChageDate="02/11/2006 10:45:46" MD5="DA612EF2556776DF2630B68BF2D48935" />
</PROCESS>
- <DLL>
<ITEM File="C:\ProgramData\Kaspersky Lab\AVP8\Bases\klavemu.kdl" CheckResult="-1" Descr="Heuristics engine" LegalCopyright="Copyright © Kaspersky Lab 1996-2008." UsedBy="1936" Hidden="-1" Size="754688" Attr="rsAh" CreateDate="20/10/2008 13:55:20" ChageDate="16/12/2008 12:33:29" MD5="6F7A293DC5E5F4B2014DDB83D2A69422" />
<ITEM File="C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.Plugin.dll" CheckResult="-1" Descr="CanalPlus.VOD.Plugin" LegalCopyright="Copyright © Canal+ Active 2008" UsedBy="1948" Hidden="-1" Size="16384" Attr="rsAh" CreateDate="18/12/2008 20:08:02" ChageDate="18/12/2008 20:08:02" MD5="A828729E9DF94A4D70BF2232C05E3D99" />
<ITEM File="C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.DownloadManager.dll" CheckResult="-1" Descr="CanalPlus.VOD.DownloadManager" LegalCopyright="Copyright © Canal+ Active 2008" UsedBy="1948" Hidden="-1" Size="200704" Attr="rsAh" CreateDate="18/12/2008 20:08:01" ChageDate="18/12/2008 20:08:01" MD5="44F468E37F57725C3BAF3AC5659C4135" />
<ITEM File="C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.Common.dll" CheckResult="-1" Descr="CanalPlus.VOD.Common" LegalCopyright="Copyright © Canal+ Active 2008" UsedBy="1948" Hidden="-1" Size="28672" Attr="rsAh" CreateDate="17/12/2008 14:54:48" ChageDate="18/12/2008 20:08:01" MD5="EB8AF1EB55017FA2F5AE323FE7BBB582" />
<ITEM File="C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.Net.dll" CheckResult="-1" Descr="CanalPlus.VOD.Net" LegalCopyright="Copyright © Canal+ Active 2008" UsedBy="1948" Hidden="-1" Size="24576" Attr="rsAh" CreateDate="18/12/2008 20:08:02" ChageDate="18/12/2008 20:08:02" MD5="BFA2F0DE66E8BF44CE610FD972977A6A" />
<ITEM File="C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\81e201b865ca4b1dc1baa769353a1d32\PresentationCore.ni.dll" CheckResult="-1" Descr="Windows Presentation Foundation Core Components Library" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="3988,5508" Hidden="-1" Size="12025856" Attr="rsAh" CreateDate="27/11/2007 01:19:40" ChageDate="27/11/2007 01:19:41" MD5="CBC03385DC02496997DF6343A84E7E81" />
<ITEM File="C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a9141ad6851ff94ece503a1898c4ca3a\PresentationFramework.ni.dll" CheckResult="-1" Descr="Windows Presentation Foundation Framework Library" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="3988" Hidden="-1" Size="14594048" Attr="rsAh" CreateDate="27/11/2007 01:20:48" ChageDate="27/11/2007 01:20:51" MD5="D49CAA89319D6EDDC7BFDC0E4BF453A8" />
<ITEM File="C:\Program Files\Hewlett-Packard\HP Advisor\InterfaceServices.dll" CheckResult="-1" Descr="HP Advisor - InterfaceServices" LegalCopyright="Copyright © Hewlett-Packard Company 2006" UsedBy="3988" Hidden="-1" Size="40960" Attr="rsAh" CreateDate="01/10/2007 16:10:20" ChageDate="01/10/2007 16:10:20" MD5="9D6BD07A1653F0A296FD357A440CAD89" />
<ITEM File="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.Common.Windows.dll" CheckResult="-1" Descr="Windows" LegalCopyright="Copyright © Hewlett-Packard Company 2006" UsedBy="3988" Hidden="-1" Size="49152" Attr="rsAh" CreateDate="01/10/2007 16:10:18" ChageDate="01/10/2007 16:10:18" MD5="13B9D4B19F79EEE8D52B5F0EC1D491EC" />
<ITEM File="C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7108eaf5b5973bf7cdbdb47875e616e4\PresentationFramework.Aero.ni.dll" CheckResult="-1" Descr="Windows Presentation Foundation Aero Theme" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="3988" Hidden="-1" Size="393216" Attr="rsAh" CreateDate="27/11/2007 01:20:53" ChageDate="27/11/2007 01:20:53" MD5="31E3C5A2236FA843FC33E84152F14FB0" />
<ITEM File="C:\Program Files\Hewlett-Packard\HP Advisor\Content.dll" CheckResult="-1" Descr="Content" LegalCopyright="Copyright © Hewlett-Packard Company 2006" UsedBy="3988" Hidden="-1" Size="16896" Attr="rsAh" CreateDate="01/10/2007 16:10:20" ChageDate="01/10/2007 16:10:20" MD5="54712EF058ABA728BF04D2DBC117BF9D" />
<ITEM File="C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCHealthSecurity\PCHealthSecurityPillar.dll" CheckResult="-1" Descr="PC Health & Security Pillar" LegalCopyright="Copyright @ Hewlett-Packard Company 2006" UsedBy="3988" Hidden="-1" Size="188416" Attr="rsAh" CreateDate="01/10/2007 16:10:52" ChageDate="01/10/2007 16:10:52" MD5="E01E16362A9FB10AD6A4964F4FCF914C" />
<ITEM File="C:\Program Files\Hewlett-Packard\HP Advisor\SystemStatus.dll" CheckResult="-1" Descr="SystemStatus" LegalCopyright="Copyright © Hewlett-Packard Company 2006" UsedBy="3988" Hidden="-1" Size="114688" Attr="rsAh" CreateDate="01/10/2007 16:10:22" ChageDate="01/10/2007 16:10:22" MD5="2AAD9CACB29E52579DDA923A44201652" />
<ITEM File="C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll" CheckResult="-1" Descr="PCAlerts" LegalCopyright="Copyright @ 2006" UsedBy="3988" Hidden="-1" Size="57344" Attr="rsAh" CreateDate="01/10/2007 16:10:50" ChageDate="01/10/2007 16:10:50" MD5="EE2D4E3BF5B10E3D732E4B9030A7A767" />
<ITEM File="C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCHelp\HowToPillar.dll" CheckResult="-1" Descr="HowTo" LegalCopyright="Copyright @ HP 2006" UsedBy="3988" Hidden="-1" Size="36864" Attr="rsAh" CreateDate="01/10/2007 16:10:50" ChageDate="01/10/2007 16:10:50" MD5="1D99BDC2E42CF4699621018CFB49F274" />
<ITEM File="C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\Market\MarketPillar.dll" CheckResult="-1" Descr="hpPillarMarket" LegalCopyright="Copyright @ Hewlett Packard 2006" UsedBy="3988" Hidden="-1" Size="32768" Attr="rsAh" CreateDate="01/10/2007 16:10:50" ChageDate="01/10/2007 16:10:50" MD5="19F2FEE1B54183E00B1B5BDC0922D1A8" />
<ITEM File="C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\Market\Interop.MLDeskBand.dll" CheckResult="-1" Descr="" LegalCopyright="" UsedBy="3988" Hidden="-1" Size="3584" Attr="rsAh" CreateDate="01/10/2007 16:10:50" ChageDate="01/10/2007 16:10:50" MD5="605D22EA2656F4DC54D2AB7607FE6368" />
<ITEM File="C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll" CheckResult="-1" Descr="" LegalCopyright="" UsedBy="3988" Hidden="-1" Size="36864" Attr="rsAh" CreateDate="01/10/2007 16:11:02" ChageDate="01/10/2007 16:11:02" MD5="B99E5569BA71D244C2BDEF469525E735" />
<ITEM File="C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll" CheckResult="-1" Descr="Server" LegalCopyright="Copyright © 2006" UsedBy="3988" Hidden="-1" Size="40960" Attr="rsAh" CreateDate="01/10/2007 16:10:20" ChageDate="01/10/2007 16:10:20" MD5="331D8783F52A2A9A0B0D89FC6E1546AE" />
<ITEM File="C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll" CheckResult="-1" Descr="Interface" LegalCopyright="Copyright © 2006" UsedBy="3988" Hidden="-1" Size="6144" Attr="rsAh" CreateDate="01/10/2007 16:10:20" ChageDate="01/10/2007 16:10:20" MD5="4B145D6994564B265F9376A1236CA7E2" />
<ITEM File="C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll" CheckResult="-1" Descr="Messages" LegalCopyright="Copyright © 2006" UsedBy="3988" Hidden="-1" Size="28672" Attr="rsAh" CreateDate="01/10/2007 16:10:20" ChageDate="01/10/2007 16:10:20" MD5="BBBA5DB933CB089454C91DBB6FF62402" />
<ITEM File="C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll" CheckResult="-1" Descr="Clients" LegalCopyright="Copyright © 2006" UsedBy="3988" Hidden="-1" Size="36864" Attr="rsAh" CreateDate="01/10/2007 16:10:28" ChageDate="01/10/2007 16:10:28" MD5="D16C1C5F115B662A1994762B4EDC2B77" />
<ITEM File="C:\Program Files\Hewlett-Packard\HP Advisor\Interop.RulesEngineLib.dll" CheckResult="-1" Descr="" LegalCopyright="" UsedBy="3988" Hidden="-1" Size="28672" Attr="rsAh" CreateDate="01/10/2007 16:10:28" ChageDate="01/10/2007 16:10:28" MD5="3D4EC3C54315A6AF68F5EAECD72321E3" />
<ITEM File="C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll" CheckResult="-1" Descr="RemotingClient" LegalCopyright="Copyright © 2006" UsedBy="3988" Hidden="-1" Size="7168" Attr="rsAh" CreateDate="01/10/2007 16:11:00" ChageDate="01/10/2007 16:11:00" MD5="C896A4EB1C335CFAEE127CE9BDBF526C" />
<ITEM File="C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\8fbca0140921ed343cb511595869a0ed\System.Runtime.Remoting.ni.dll" CheckResult="-1" Descr="Microsoft .NET Runtime Object Remoting" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="3988,3476" Hidden="-1" Size="815104" Attr="rsAh" CreateDate="27/11/2007 01:22:19" ChageDate="27/11/2007 01:22:19" MD5="90ED34BAF7847132D4ABB25D9B15732D" />
<ITEM File="C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll" CheckResult="-1" Descr="HP Active Support Library" LegalCopyright="2006-2007 Hewlett-Packard Development Company, L P." UsedBy="3476" Hidden="-1" Size="86016" Attr="rsAh" CreateDate="27/11/2007 01:17:11" ChageDate="27/11/2007 01:17:11" MD5="0775A7424B1828AD1452BAE43F7069A8" />
<ITEM File="C:\Program Files\Intel\Intel Matrix Storage Manager\IAAMon_FRA.dll" CheckResult="-1" Descr="Event Monitor User Notification Tool" LegalCopyright="Copyright(C) Intel Corporation 2003-2007" UsedBy="3996" Hidden="-1" Size="73728" Attr="rsAh" CreateDate="21/03/2008 18:47:09" ChageDate="26/04/2007 01:16:08" MD5="EC7B58AC7FAC4CC74F7874F5C77517B0" />
<ITEM File="C:\Program Files\Lexmark Toolbar\toolband.dll" CheckResult="-1" Descr="" LegalCopyright="" UsedBy="3264" Hidden="-1" Size="258048" Attr="rsAh" CreateDate="29/05/2007 10:04:00" ChageDate="29/05/2007 10:04:00" MD5="D631086D9E561B99D1140C3C912BD0D9" />
<ITEM File="C:\Program Files\Lexmark Toolbar\resource.dll" CheckResult="-1" Descr="" LegalCopyright="" UsedBy="3264" Hidden="-1" Size="360448" Attr="rsAh" CreateDate="14/05/2007 03:16:05" ChageDate="14/05/2007 03:16:05" MD5="CCDE13B9B3DBD0089619082460D8C229" />
<ITEM File="C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll" CheckResult="-1" Descr="Kaspersky Anti-Virus Single Scanner Library" LegalCopyright="Copyright (C) 1999-2002 Kaspersky Lab." UsedBy="3264" Hidden="-1" Size="213048" Attr="rsAh" CreateDate="16/05/2005 19:34:48" ChageDate="16/05/2005 19:34:48" MD5="09A567F52562BEAFB0420F1B8196182E" />
<ITEM File="C:\Program Files\Lexmark 4800 Series\App4R.Monitor.Common.dll" CheckResult="-1" Descr="" LegalCopyright="" UsedBy="2668" Hidden="-1" Size="28672" Attr="rsAh" CreateDate="18/08/2008 19:56:56" ChageDate="08/06/2007 05:52:43" MD5="C18AE300DDD6A303029E6EE1FA020B69" />
<ITEM File="C:\Program Files\Lexmark 4800 Series\App4R.Monitor.Core.dll" CheckResult="-1" Descr="" LegalCopyright="" UsedBy="2668" Hidden="-1" Size="36864" Attr="rsAh" CreateDate="18/08/2008 19:56:56" ChageDate="08/06/2007 05:52:43" MD5="2C2C958CE20A83075BB19B381122BD47" />
<ITEM File="C:\Program Files\Lexmark 4800 Series\app4r.devmons.mcmdevmon.dll" CheckResult="-1" Descr="" LegalCopyright="" UsedBy="2668" Hidden="-1" Size="57344" Attr="rsAh" CreateDate="18/08/2008 19:56:49" ChageDate="08/06/2007 05:52:00" MD5="6B8058F3C32AF7000806EA2A962ADF20" />
<ITEM File="C:\Program Files\Lexmark 4800 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll" CheckResult="-1" Descr="" LegalCopyright="" UsedBy="2668" Hidden="-1" Size="11776" Attr="rsAh" CreateDate="18/08/2008 19:56:49" ChageDate="01/06/2007 09:06:28" MD5="D694E7B796163A3CB1A86F3201807D87" />
<ITEM File="C:\Program Files\Lexmark 4800 Series\lxdescw.dll" CheckResult="-1" Descr="" LegalCopyright="" UsedBy="2052" Hidden="-1" Size="278528" Attr="rsAh" CreateDate="18/08/2008 19:56:42" ChageDate="24/05/2007 17:21:25" MD5="686AD6FB264D1CA888117CE99D276F28" />
<ITEM File="C:\Program Files\Lexmark 4800 Series\lxdemonr.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2005" UsedBy="2052" Hidden="-1" Size="77824" Attr="rsAh" CreateDate="18/08/2008 19:56:40" ChageDate="22/05/2007 10:55:41" MD5="35C88F333028C6B882E24F3692B8707C" />
<ITEM File="C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\7633a09e08c8e47895c22bed87b9c939\PresentationFontCache.ni.exe" CheckResult="-1" Descr="Windows Presentation Foundation Font Cache Service" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="5508" Hidden="-1" Size="48640" Attr="rsAh" CreateDate="27/11/2007 01:24:13" ChageDate="27/11/2007 01:24:13" MD5="C42BAA9416C1012C093E39B2B721F602" />
<ITEM File="C:\Windows\System32\LXF3PMON.DLL" CheckResult="-1" Descr="Print Monitor (Win2k/WinXP)" LegalCopyright="" UsedBy="1692" Hidden="-1" Size="45056" Attr="rsAh" CreateDate="18/08/2008 19:00:23" ChageDate="23/05/2007 04:42:41" MD5="F48E41774689A22F38EEB1377EF53532" />
<ITEM File="C:\Windows\System32\LXF3OEM.DLL" CheckResult="-1" Descr="Lexmark Fax Solutions Software" LegalCopyright="Copyright (C) 2004" UsedBy="1692" Hidden="-1" Size="36864" Attr="rsAh" CreateDate="18/08/2008 19:00:23" ChageDate="17/01/2007 08:07:05" MD5="3CBC10D49D53CEF46B24A4981C40957F" />
<ITEM File="C:\Program Files\Lexmark Fax Solutions\ipcmt.dll" CheckResult="-1" Descr="IPC Core Dll" LegalCopyright="Copyright (C) 2003" UsedBy="1692" Hidden="-1" Size="32768" Attr="rsAh" CreateDate="18/08/2008 19:00:13" ChageDate="23/05/2007 04:40:43" MD5="D1A7F33D87F297720EA9EA7F7F2D86F1" />
<ITEM File="C:\Windows\System32\LXF3PMRC.DLL" CheckResult="-1" Descr="" LegalCopyright="Copyright (c) 2003" UsedBy="1692" Hidden="-1" Size="12288" Attr="rsAh" CreateDate="18/08/2008 19:00:23" ChageDate="23/05/2007 04:44:12" MD5="3D9853F9D1794547A94DC15B3C902067" />
</DLL>
- <KERNELOBJ>
<ITEM File="C:\Windows\System32\Drivers\dump_iaStor.sys" CheckResult="-1" Base="8EAB9000" MemSize="0C7000" Descr="" LegalCopyright="" />
<ITEM File="C:\Windows\system32\DRIVERS\ithsgt.sys" CheckResult="-1" Base="9CF18000" MemSize="028000" Descr="" LegalCopyright="" Size="162432" Attr="rsAh" CreateDate="06/04/2008 19:18:39" ChageDate="06/04/2008 19:18:39" MD5="B7A5FADF67136FDA7E8F25303565B674" />
<ITEM File="C:\Windows\system32\DRIVERS\lilsgt.sys" CheckResult="-1" Base="9C5E2000" MemSize="003000" Descr="" LegalCopyright="" Size="12032" Attr="rsAh" CreateDate="06/04/2008 19:18:39" ChageDate="06/04/2008 19:18:39" MD5="16767EA492B5D140E1DE3679A65EAE74" />
</KERNELOBJ>
- <Service>
<ITEM File="C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe" Name="CanalPlus.VOD" CheckResult="-1" Type="16" State="4" Size="61440" Attr="rsAh" CreateDate="17/12/2008 12:37:39" ChageDate="18/12/2008 20:08:01" MD5="C903CE49BB8E714CFA573E2966D4D0A9" />
<ITEM File="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe" Name="Com4Qlb" CheckResult="-1" Type="16" State="1" Size="110592" Attr="rsAh" CreateDate="21/03/2008 18:54:55" ChageDate="05/03/2007 10:30:06" MD5="D8774ACE03B46C9B01A49818055F9AD4" />
<ITEM File="C:\Windows\system32\msiexec" Name="msiserver" CheckResult="-1" Type="16" State="1" />
</Service>
- <Drivers>
<ITEM File="C:\Windows\system32\DRIVERS\ithsgt.sys" Name="ithsgt" CheckResult="-1" Type="1" State="4" Size="162432" Attr="rsAh" CreateDate="06/04/2008 19:18:39" ChageDate="06/04/2008 19:18:39" MD5="B7A5FADF67136FDA7E8F25303565B674" />
<ITEM File="C:\Windows\system32\DRIVERS\lilsgt.sys" Name="lilsgt" CheckResult="-1" Type="1" State="4" Size="12032" Attr="rsAh" CreateDate="06/04/2008 19:18:39" ChageDate="06/04/2008 19:18:39" MD5="16767EA492B5D140E1DE3679A65EAE74" />
<ITEM File="C:\Windows\system32\drivers\blbdrive.sys" Name="blbdrive" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\Windows\system32\DRIVERS\ipinip.sys" Name="IpInIp" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\Windows\system32\DRIVERS\nwlnkflt.sys" Name="NwlnkFlt" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\Windows\system32\DRIVERS\nwlnkfwd.sys" Name="NwlnkFwd" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\Windows\system32\DRIVERS\SymIM.sys" Name="SymIM" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\Windows\system32\DRIVERS\SymIM.sys" Name="SymIMMP" CheckResult="-1" Type="1" State="1" />
</Drivers>
- <AUTORUN>
<ITEM File="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\Run" X3="HP Health Check Scheduler" />
<ITEM File="rdpclip" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd" X3="StartupPrograms" />
</AUTORUN>
- <BHO>
<ITEM File="" CheckResult="-1" Enabled="1" BHOType="1" RegKey="Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" CLSID="{02478D38-C3F9-4efb-9B51-7695ECA05670}" Descr="" LegalCopyright="" />
<ITEM File="C:\Program Files\Lexmark Toolbar\toolband.dll" CheckResult="-1" Enabled="1" BHOType="1" RegKey="Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" CLSID="{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" Descr="" LegalCopyright="" Size="258048" Attr="rsAh" CreateDate="29/05/2007 10:04:00" ChageDate="29/05/2007 10:04:00" MD5="D631086D9E561B99D1140C3C912BD0D9" />
<ITEM File="" CheckResult="-1" Enabled="1" BHOType="1" RegKey="Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" CLSID="{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" BHOType="1" RegKey="Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" CLSID="{7E853D72-626A-48EC-A868-BA8D5E23E045}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" BHOType="2" RegKey="SOFTWARE\Microsoft\Internet Explorer\Toolbar" CLSID="{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" Descr="" LegalCopyright="" />
<ITEM File="C:\Program Files\Lexmark Toolbar\toolband.dll" CheckResult="-1" Enabled="1" BHOType="2" RegKey="SOFTWARE\Microsoft\Internet Explorer\Toolbar" CLSID="{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" Descr="" LegalCopyright="" Size="258048" Attr="rsAh" CreateDate="29/05/2007 10:04:00" ChageDate="29/05/2007 10:04:00" MD5="D631086D9E561B99D1140C3C912BD0D9" />
<ITEM File="" CheckResult="-1" Enabled="1" BHOType="3" RegKey="Software\Microsoft\Internet Explorer\Extensions" CLSID="{2670000A-7350-4f3c-8081-5663EE0C6C49}" Descr="" LegalCopyright="" />
</BHO>
- <ExplorerExt>
<ITEM File="%CommonProgramFiles%\System\Ole DB\oledb32.dll" CheckResult="-1" Enabled="1" ExtName="Microsoft Data Link" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{2206CDB2-19C1-11D1-89E0-00C04FD7A829}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="lnkfile" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{00020d75-0000-0000-c000-000000000046}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Color Control Panel Applet" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{b2c761c6-29bc-4f19-9251-e6195265baf1}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Add New Hardware" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{7A979262-40CE-46ff-AEEE-7884AC3B6136}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Get Programs Online" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{3e7efb4c-faf1-453d-89eb-56026875ef90}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Taskbar and Start Menu" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{0DF44EAA-FF21-4412-828E-260A8728E7F1}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="ActiveDirectory Folder" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{1b24a030-9b20-49bc-97ac-1be4426f9e59}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="ActiveDirectory Folder" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{34449847-FD14-4fc8-A75A-7432F5181EFB}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Sam Account Folder" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{C8494E42-ACDD-4739-B0FB-217361E4894F}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Sam Account Folder" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{E29F9716-5C08-4FCD-955A-119FDB5A522D}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Control Panel command object for Start menu" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Default Programs command object for Start menu" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{E44E5D18-0652-4508-A4E2-8A090067BCB0}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Folder Options" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{6dfd7c5c-2451-11d3-a299-00c04f8ef6af}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Explorer Query Band" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{2C2577C2-63A7-40e3-9B7F-586602617ECB}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="View Available Networks" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{38a98528-6cbf-4ca9-8dc0-b1e1d10f7b1b}" Descr="" LegalCopyright="" />
<ITEM File="%CommonProgramFiles%\System\wab32.dll" CheckResult="-1" Enabled="1" ExtName="Windows Contact Preview Handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{13D3C4B8-B179-4ebb-BF62-F704173E7448}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Contacts folder" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48}" Descr="" LegalCopyright="" />
<ITEM File="%CommonProgramFiles%\System\wab32.dll" CheckResult="-1" Enabled="1" ExtName=".group shell extension handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{4F58F63F-244B-4c07-B29F-210BE59BE9B4}" Descr="" LegalCopyright="" />
<ITEM File="%CommonProgramFiles%\System\wab32.dll" CheckResult="-1" Enabled="1" ExtName=".contact shell extension handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{8082C5E6-4C27-48ec-A809-B8E1122E8F97}" Descr="" LegalCopyright="" />
<ITEM File="%CommonProgramFiles%\System\wab32.dll" CheckResult="-1" Enabled="1" ExtName="group_wab_auto_file" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{16C2C29D-0E5F-45f3-A445-03E03F587B7D}" Descr="" LegalCopyright="" />
<ITEM File="%CommonProgramFiles%\System\wab32.dll" CheckResult="-1" Enabled="1" ExtName="contact_wab_auto_file" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{CF67796C-F57F-45F8-92FB-AD698826C602}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Windows Firewall" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{4026492f-2f69-46b8-b9bf-5654fc07e423}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Problem Reports and Solutions" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{fcfeecae-ee1b-4849-ae50-685dcf7717ec}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="iSCSI Initiator" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{a304259d-52b8-4526-8b1a-a1d6cecc8243}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName=".cab or .zip files" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{911051fa-c21c-4246-b470-070cd8df6dc4}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Windows Search Shell Service" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{da67b8ad-e81b-4c70-9b91b417b5e33527}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Microsoft.ScannersAndCameras" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{00f2886f-cd64-4fc9-8ec5-30ef6cdbe8c3}" Descr="" LegalCopyright="" />
<ITEM File=""C:\Windows\System32\rundll32.exe" "C:\Program Files\\Windows Photo Gallery\PhotoViewer.dll",ImageView_COMServer {9D687A4C-1404-41ef-A089-883B6FBECDE6}" CheckResult="-1" Enabled="1" ExtName="Windows Photo Gallery Viewer Autoplay Handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{9D687A4C-1404-41ef-A089-883B6FBECDE6}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Windows Sidebar Properties" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{37efd44d-ef8d-41b1-940d-96973a50e9e0}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Windows Features" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{67718415-c450-4f3c-bf8a-b487642dc39b}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Windows Defender" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{d8559eb9-20c0-410e-beda-7ed416aecc2a}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Mobility Center Control Panel" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{5ea4f148-308c-46d7-98a9-49041b1dd468}" Descr="" LegalCopyright="" />
<ITEM File="%CommonProgramFiles%\microsoft shared\ink\TipBand.dll" CheckResult="-1" Enabled="1" ExtName="Tablet PC Input Panel" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{15D633E2-AD00-465b-9EC7-F56B7CDF8E27}" Descr="" LegalCopyright="" />
<ITEM File=""C:\Program Files\\Windows Media Player\wmprph.exe"" CheckResult="-1" Enabled="1" ExtName="Windows Media Player Rich Preview Handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{031EE060-67BC-460d-8847-E4A7C5E45A27}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="User Accounts" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{7A9D77BD-5403-11d2-8785-2E0420524153}" Descr="" LegalCopyright="" />
<ITEM File="C:\Windows\System32\ShellvRTF.dll" CheckResult="-1" Enabled="1" ExtName="ShellViewRTF" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" Descr="ShellvRTF" LegalCopyright="Copyright © 2002-2006,2007" Size="274432" Attr="rsAh" CreateDate="27/11/2007 01:17:41" ChageDate="31/08/2007 18:14:54" MD5="1AD7E7296F62B998C157A4BDA006EC01" />
<ITEM File="C:\PROGRA~1\COMMON~1\fluxDVD\Lib\XEB\XEBShell.dll" CheckResult="-1" Enabled="1" ExtName="fluxDVD Shell Extension" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{C9CF278C-460E-4917-BC43-3F75E6E47D3D}" Descr="fluxDVD Shell Extension" LegalCopyright="Copyright © 2005-2007 ACE GmbH" Size="224256" Attr="rsAh" CreateDate="03/05/2007 10:42:36" ChageDate="03/05/2007 10:42:36" MD5="7D9FDF76E25E515AE58552B1FB5266CE" />
<ITEM File="C:\Windows\System32\b4fm.dll" CheckResult="-1" Enabled="1" ExtName="ShellPlusContextMenu" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{1C311AAA-D8B1-4A0A-BEE5-2387FEC583DA}" Descr="" LegalCopyright="" Size="223744" Attr="rsAh" CreateDate="29/02/2008 05:14:04" ChageDate="29/02/2008 05:14:04" MD5="F4BEDA3A2FDF001C38137F3FA52D4FE8" />
</ExplorerExt>
- <PrintEXT>
<ITEM File="LXF3PMON.DLL" CheckResult="-1" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors" Descr="Print Monitor (Win2k/WinXP)" LegalCopyright="" Size="45056" Attr="rsAh" CreateDate="18/08/2008 19:00:23" ChageDate="23/05/2007 04:42:41" MD5="F48E41774689A22F38EEB1377EF53532" />
</PrintEXT>
<TaskScheduler />
<DPF />
<CPL />
<ActiveSetup />
- <HOSTS>
<ITEM Line="127.0.0.1 localhost" />
<ITEM Line="::1 localhost" />
</HOSTS>
- <SuspFiles>
<ITEM File="c:\users\fabrice et stйphanie\program files\dna\btdna.exe" VirType="4" Descr="Suspicion de RootKit" />
<ITEM File="C:\ProgramData\Kaspersky Lab\AVP8\Bases\klavemu.kdl" VirType="5" Descr="Suspicion de Keylogger ou de DLL de cheval de Troie" />
</SuspFiles>
- <RK_UM>
<ITEM DLL="kernel32.dll" FNaim="CreateProcessA" FIndx="148" HookPtr="6DA41370" HookType="1" />
<ITEM DLL="kernel32.dll" FNaim="CreateProcessW" FIndx="151" HookPtr="6DA413D0" HookType="1" />
<ITEM DLL="kernel32.dll" FNaim="FreeLibrary" FIndx="332" HookPtr="6DA41530" HookType="1" />
<ITEM DLL="kernel32.dll" FNaim="GetModuleFileNameA" FIndx="500" HookPtr="6DA41470" HookType="1" />
<ITEM DLL="kernel32.dll" FNaim="GetModuleFileNameW" FIndx="501" HookPtr="6DA414B0" HookType="1" />
<ITEM DLL="kernel32.dll" FNaim="GetProcAddress" FIndx="544" HookPtr="6DA41570" HookType="1" />
<ITEM DLL="kernel32.dll" FNaim="LoadLibraryA" FIndx="753" HookPtr="6DA410B0" HookType="1" />
<ITEM DLL="kernel32.dll" FNaim="LoadLibraryExA" FIndx="754" HookPtr="6DA41230" HookType="1" />
<ITEM DLL="kernel32.dll" FNaim="LoadLibraryExW" FIndx="755" HookPtr="6DA412F0" HookType="1" />
<ITEM DLL="kernel32.dll" FNaim="LoadLibraryW" FIndx="756" HookPtr="6DA41170" HookType="1" />
</RK_UM>
- <KEYLOGGER>
<ITEM File="C:\ProgramData\Kaspersky Lab\AVP8\Bases\klavemu.kdl" Verdict="" CheckResult="-1" Size="754688" Attr="rsAh" CreateDate="20/10/2008 13:55:20" ChageDate="16/12/2008 12:33:29" MD5="6F7A293DC5E5F4B2014DDB83D2A69422" />
</KEYLOGGER>
- <WIZARD-TSW>
<ITEM ID="58" Level="3" Fixed="0" />
<ITEM ID="59" Level="3" Fixed="0" />
<ITEM ID="60" Level="1" Fixed="0" />
<ITEM ID="61" Level="2" Fixed="0" />
</WIZARD-TSW>
</AVZ>
0
Réponse 11 / 13
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.


télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

si impossible ici renommé en killfix (=combofix)

http://sd-1.archive-host.com/membres/up/193094576412487685/killfix.exe

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
Réponse 12 / 13
Fabriice45
 
voila le rapport de combo fix alors dis moi ?? que vois tu ?


ComboFix 08-12-21.04 - Fabrice et Stéphanie 2008-12-22 21:22:31.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.2046.1115 [GMT 1:00]
Lancé depuis: c:\users\Fabrice et Stéphanie\Desktop\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Setup Wizard
c:\program files\Setup Wizard\settings.ini
c:\program files\Setup Wizard\SetupWizard.exe
c:\program files\Setup Wizard\ttn7.exe
c:\program files\Setup Wizard\unins000.dat
c:\program files\Setup Wizard\unins000.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\PlayMP3z
c:\programdata\Microsoft\Windows\Start Menu\Programs\Setup Wizard
c:\programdata\Microsoft\Windows\Start Menu\Programs\Setup Wizard\Désinstaller SetupWizard.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Setup Wizard\SetupWizard.lnk
c:\users\FABRIC~1\AppData\Local\Temp\jewhfwje
c:\windows\system32\KBL.LOG

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_iprip


((((((((((((((((((((((((((((( Fichiers créés du 2008-11-22 au 2008-12-22 ))))))))))))))))))))))))))))))))))))
.

2008-12-22 20:49 . 2008-12-22 21:15 <REP> dr------- c:\users\Fabrice et Stéphanie\Documents
2008-12-22 20:49 . 2008-12-22 21:15 <REP> dr------- c:\users\Fabrice et Stéphanie\Documents
2008-12-22 15:47 . 2008-12-22 15:47 <REP> d-------- c:\users\Fabrice et Stéphanie\AppData\Roaming\Zylom
2008-12-22 15:47 . 2008-12-22 15:47 <REP> d-------- c:\program files\Google
2008-12-20 13:20 . 2008-12-20 13:20 <REP> d-------- c:\windows\System32\Kaspersky Lab
2008-12-19 21:35 . 2008-12-19 21:35 <REP> d-------- C:\rsit
2008-12-19 21:35 . 2008-12-19 21:40 <REP> d-------- c:\program files\trend micro
2008-12-18 20:18 . 2008-12-12 02:53 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2008-12-18 12:37 . 2008-12-18 12:37 <REP> d-------- c:\windows\BDOSCAN8
2008-12-18 12:34 . 2008-12-18 12:34 <REP> d--h----- c:\users\All Users\TEMP
2008-12-18 12:34 . 2008-12-18 12:34 <REP> d--h----- c:\programdata\TEMP
2008-12-18 12:33 . 2008-12-18 12:33 <REP> d-------- c:\users\Fabrice et Stéphanie\AppData\Roaming\Simply Super Software
2008-12-18 12:33 . 2008-12-18 12:33 <REP> d-------- c:\users\All Users\Simply Super Software
2008-12-18 12:33 . 2008-12-18 12:33 <REP> d-------- c:\programdata\Simply Super Software
2008-12-18 12:33 . 2008-12-18 12:33 <REP> d-------- c:\program files\Trojan Remover
2008-12-18 12:33 . 2006-05-25 14:52 162,304 --a------ c:\windows\System32\ztvunrar36.dll
2008-12-18 12:33 . 2003-02-02 19:06 153,088 --a------ c:\windows\System32\UNRAR3.dll
2008-12-18 12:33 . 2005-08-26 00:50 77,312 --a------ c:\windows\System32\ztvunace26.dll
2008-12-18 12:33 . 2002-03-06 00:00 75,264 --a------ c:\windows\System32\unacev2.dll
2008-12-18 12:33 . 2006-06-19 12:01 69,632 --a------ c:\windows\System32\ztvcabinet.dll
2008-12-16 13:33 . 2008-12-16 13:33 58,954 --a------ c:\windows\System32\%LocalXml%
2008-12-16 12:25 . 2008-12-16 12:25 96,976 --a------ c:\windows\System32\drivers\klin.dat
2008-12-16 12:25 . 2008-12-16 12:25 87,855 --a------ c:\windows\System32\drivers\klick.dat
2008-12-16 12:23 . 2008-12-22 21:29 <REP> d-------- c:\users\All Users\Kaspersky Lab
2008-12-16 12:23 . 2008-12-22 21:29 <REP> d-------- c:\programdata\Kaspersky Lab
2008-12-16 12:23 . 2008-12-16 12:23 <REP> d-------- c:\program files\Kaspersky Lab
2008-12-16 12:23 . 2008-12-22 21:27 5,225,504 --ahs---- c:\windows\System32\drivers\fidbox.dat
2008-12-16 12:23 . 2008-12-22 21:27 827,424 --ahs---- c:\windows\System32\drivers\fidbox2.dat
2008-12-16 12:23 . 2008-12-22 21:27 42,952 --ahs---- c:\windows\System32\drivers\fidbox.idx
2008-12-16 12:23 . 2008-12-22 21:27 3,908 --ahs---- c:\windows\System32\drivers\fidbox2.idx
2008-12-16 08:23 . 2008-12-16 12:02 <REP> d-------- c:\program files\Fighters
2008-12-15 20:43 . 2008-12-15 20:43 <REP> d-------- c:\users\All Users\Grisoft
2008-12-15 20:43 . 2008-12-15 20:43 <REP> d-------- c:\programdata\Grisoft
2008-12-11 03:03 . 2008-10-22 00:31 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-10 06:44 . 2008-10-21 06:16 297,472 --a------ c:\windows\System32\gdi32.dll
2008-12-10 06:43 . 2008-11-01 00:38 4,247,552 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-10 06:43 . 2008-11-01 04:33 1,687,040 --a------ c:\windows\System32\gameux.dll
2008-12-10 06:43 . 2008-11-01 04:33 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2008-12-10 06:40 . 2008-06-23 02:52 2,855,424 --a------ c:\windows\System32\mf.dll
2008-12-10 06:40 . 2008-06-23 02:52 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2008-12-10 06:40 . 2008-06-23 02:52 98,816 --a------ c:\windows\System32\mfps.dll
2008-12-10 06:40 . 2008-06-23 02:52 94,720 --a------ c:\windows\System32\logagent.exe
2008-12-10 06:40 . 2008-06-23 02:52 52,736 --a------ c:\windows\System32\rrinstaller.exe
2008-12-10 06:40 . 2008-06-23 02:52 24,576 --a------ c:\windows\System32\mfpmp.exe
2008-12-10 06:40 . 2008-06-22 23:34 2,048 --a------ c:\windows\System32\mferror.dll
2008-11-30 09:22 . 2008-11-30 09:22 <REP> d-------- c:\program files\Canal
2008-11-30 09:21 . 2008-11-30 09:21 <REP> d-------- c:\program files\Common Files\Adobe AIR
2008-11-26 21:10 . 2008-11-26 21:11 <REP> d-------- c:\users\All Users\WinZip
2008-11-26 21:10 . 2008-11-26 21:11 <REP> d-------- c:\programdata\WinZip
2008-11-26 20:54 . 1999-05-07 00:00 140,288 --a------ c:\windows\System32\Comdlg32.ocx
2008-11-26 20:54 . 2007-06-04 16:10 132,880 --a------ c:\windows\System32\MSINET.OCX
2008-11-26 20:54 . 2005-06-06 13:31 108,336 --a------ c:\windows\System32\Mswinsck.OCX

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-22 20:30 2,883,584 --sha-w c:\users\Fabrice et Stéphanie\NTUSER.DAT
2008-12-22 20:30 2,883,584 --sha-w c:\users\Fabrice et Stéphanie\NTUSER.DAT
2008-12-22 20:11 --------- d-----w c:\users\Fabrice et Stéphanie\AppData\Roaming\DNA
2008-12-22 20:04 --------- d-----w c:\programdata\Lx_cats
2008-12-22 19:43 28,760 ----a-w c:\users\Fabrice et Stéphanie\AppData\Roaming\nvModes.dat
2008-12-22 14:47 --------- d-----w c:\users\Fabrice et Stéphanie\AppData\Roaming\Zylom
2008-12-18 11:33 --------- d-----w c:\users\Fabrice et Stéphanie\AppData\Roaming\Simply Super Software
2008-12-16 07:32 --------- d-----w c:\program files\eMule
2008-12-11 02:14 174 --sha-w c:\program files\desktop.ini
2008-12-11 02:05 --------- d-----w c:\programdata\Microsoft Help
2008-12-01 12:24 --------- d-----w c:\users\Fabrice et Stéphanie\AppData\Roaming\BitTorrent
2008-11-20 19:21 --------- d-----w c:\users\Fabrice et Stéphanie\AppData\Roaming\LimeWire
2008-11-11 19:00 218,376 ----a-w c:\windows\System32\klogon.dll
2008-11-11 18:58 25,601 ----a-w c:\windows\system32\drivers\klopp.dat
2008-11-09 19:48 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-09 19:48 --------- d-----w c:\program files\Micro Application
2008-11-09 09:03 --------- d-----w c:\program files\Windows Mail
2008-11-09 08:43 --------- d-----w c:\program files\Microsoft Silverlight
2008-11-08 20:10 --------- d-----w c:\program files\TVAnts
2008-11-01 03:33 537,600 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:33 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:33 449,536 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:33 2,144,256 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:33 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-31 23:23 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-10-29 06:20 2,923,520 ----a-w c:\windows\explorer.exe
2008-10-22 18:11 --------- d-----w c:\users\Fabrice et Stéphanie\AppData\Roaming\WinRAR
2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll
2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll
2008-10-16 13:08 162,064 ----a-w c:\windows\System32\wuwebv.dll
2008-10-16 12:56 31,232 ----a-w c:\windows\System32\wuapp.exe
2008-10-16 04:40 826,368 ----a-w c:\windows\System32\wininet.dll
2008-10-16 04:40 56,320 ----a-w c:\windows\System32\iesetup.dll
2008-10-16 04:40 26,624 ----a-w c:\windows\System32\ieUnatt.exe
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-04-11 1232896]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 1783136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-12-22 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-09-30 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 316336]
"lxdemon.exe"="c:\program files\Lexmark 4800 Series\lxdemon.exe" [2007-06-11 455600]
"lxdeamon"="c:\program files\Lexmark 4800 Series\lxdeamon.exe" [2007-06-01 20480]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"Canal Widget"="c:\program files\Canal\Canal Widget\Launcher.exe" [2008-12-17 105528]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-11-11 206088]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2008-12-10 1230728]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 c:\windows\RtHDVCpl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll,c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll,c:\progra~1\KASPER~1\KASPER~1\adialhk.dll,c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E2ECC289-81AE-4826-8822-31D900F6722A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9D9BBB5D-3D65-4819-95CF-72534A566222}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{42B4EF3F-6BD2-4544-9B21-8BB601DD1940}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{112A677E-27B7-4DFA-BDB6-871D9D39BD16}c:\\program files\\emule\\emule.exe"= Disabled:UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{9CEB47D8-1F80-48EA-97CB-0F034C46559B}c:\\program files\\emule\\emule.exe"= Disabled:TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{DB087F86-E3B4-45EA-8431-7A983FB9BA0E}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{6A18CAA3-2D53-4478-9B34-D4FF9BA2E5A9}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{FBECC37A-78B1-45B7-AB2D-276797DB249F}c:\\program files\\ea sports\\fifa 08\\fifa08.exe"= UDP:c:\program files\ea sports\fifa 08\fifa08.exe:FIFA08
"UDP Query User{0FD11EB8-8C3A-4C83-A44E-E98928932652}c:\\program files\\ea sports\\fifa 08\\fifa08.exe"= TCP:c:\program files\ea sports\fifa 08\fifa08.exe:FIFA08
"TCP Query User{BBE63316-D5DC-455B-B09A-615D10930318}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{0B5DE662-1465-49C8-8A35-1841849EADF1}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"{A646A413-4B41-4E16-B42E-57BD4C05F6F6}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A2625E7D-1CAA-4CE7-9CE1-46E73F554251}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{3E878A24-210D-4FAA-88C5-34CCF9DDC239}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{57CE5D6F-FA29-42D3-801F-97845D0DCC23}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{CB48C35D-B25A-4142-9141-F5DFB2180189}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{6FA7B599-B9E8-4379-9127-93704A68BAD6}c:\\users\\fabrice et stéphanie\\program files\\dna\\btdna.exe"= UDP:c:\users\fabrice et stéphanie\program files\dna\btdna.exe:btdna.exe
"UDP Query User{B12CE5CB-48E6-443B-9E6E-C6FBA7989F47}c:\\users\\fabrice et stéphanie\\program files\\dna\\btdna.exe"= TCP:c:\users\fabrice et stéphanie\program files\dna\btdna.exe:btdna.exe
"{F0F810EF-1DA1-40B0-A918-BA3EE4268161}"= UDP:c:\program files\Lecteur CANALPLAY\CanalPlayer.exe:Lecteur CANALPLAY
"{DE107C66-DBF7-41FA-84EB-D37EDCA3A472}"= TCP:c:\program files\Lecteur CANALPLAY\CanalPlayer.exe:Lecteur CANALPLAY
"{0FDD0DDC-FB02-4D1E-BE4B-52565E3F3D11}"= UDP:c:\windows\System32\lxdecoms.exe:Lexmark Communications System
"{D4895196-BF5C-48A1-AC53-597CA368A912}"= TCP:c:\windows\System32\lxdecoms.exe:Lexmark Communications System
"{C7114863-97B1-4A98-93B5-715BF974134E}"= UDP:c:\program files\Lexmark 4800 Series\lxdeamon.exe:Lexmark Device Monitor
"{726EF763-7D36-4FFD-9DC5-1791B15A3C07}"= TCP:c:\program files\Lexmark 4800 Series\lxdeamon.exe:Lexmark Device Monitor
"{733E3F2E-8C06-4C7D-9AD1-05D53AB98458}"= UDP:c:\program files\Lexmark 4800 Series\frun.exe:Lexmark Productivity Studio
"{E6F52D41-D7C5-4365-82C8-8147662C2BF6}"= TCP:c:\program files\Lexmark 4800 Series\frun.exe:Lexmark Productivity Studio
"{64FBC0CD-6891-4E62-9EDF-33F84E4DC038}"= UDP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{3B87B1AC-B224-4F2C-A617-F012B532B1CC}"= TCP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{BF732A98-7FFB-4B30-B3EA-423C88E05154}"= UDP:c:\program files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
"{E933483A-8CEE-4840-B2BC-98D94C6C8E22}"= TCP:c:\program files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
"{33EBBF4A-9B29-4732-BF9D-632040E6CC58}"= UDP:c:\program files\Lexmark 4800 Series\lxdemon.exe:Printer Device Monitor
"{A1FA721E-72F8-4EFA-934F-82BE1D350958}"= TCP:c:\program files\Lexmark 4800 Series\lxdemon.exe:Printer Device Monitor
"{BE1CBFA7-7911-45FF-A915-6D607EF7E2E2}"= UDP:c:\users\Fabrice et Stéphanie\AppData\Local\Temp\lxde\wireless\FRENCH\lxdewpss.exe:
"{D622CB54-CE3B-4AAA-B773-C31378B8CC2C}"= TCP:c:\users\Fabrice et Stéphanie\AppData\Local\Temp\lxde\wireless\FRENCH\lxdewpss.exe:
"{41E8B4B4-E388-437D-9742-087CA1AD39DA}"= UDP:c:\windows\System32\lxdecfg.exe:Printer Communication System
"{CCDFE3F2-84CD-4D1D-8EBB-ABC2FEB93215}"= TCP:c:\windows\System32\lxdecfg.exe:Printer Communication System
"{E4360A18-589F-49C4-9703-14AA496A67E5}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdepswx.exe:Printer Status Window Interface
"{272AD6F0-37E0-44C2-BB4B-C21FFCF62A4A}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdepswx.exe:Printer Status Window Interface
"{CBF179CD-184B-4920-AE35-14B48CBA4D6B}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdetime.exe:Lexmark Connect Time Executable
"{D55CDEAC-10C1-436E-B6A3-D99665AB98A6}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdetime.exe:Lexmark Connect Time Executable
"{85707C1D-0D95-4BE4-BF71-60B77C0FFCD8}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdejswx.exe:Job Status Window Interface
"{6B4F54D7-654F-47FD-A7F0-A190E1F68F63}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdejswx.exe:Job Status Window Interface
"{2C64092E-1C23-40E4-8121-5DF870A7B2C3}"= UDP:990:LocalSubnet:LocalSubnet|IF={CE0890AC-E863-48E8-8D5E-DADE1FF1696B}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{77ED78A7-5F79-40C2-94A6-DA8AFE056311}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{53C6A373-94C8-4124-B49D-8BA644491E82}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Configurable\System]
"Rip-Listener-1"= TCP:520|%SystemRoot%\System32\svchost.exe|Svc=iprip:@iprip.dll,-200|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
"SNMP-1"= TCP:%SystemRoot%\system32\snmp.exe|Svc=SNMP:@%SystemRoot%\system32\snmp.exe,-5|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2008-07-09 20496]
R2 CanalPlus.VOD;CanalPlus.VOD;"c:\program files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe" [2008-12-17 61440]
R2 lxde_device;lxde_device;c:\windows\system32\lxdecoms.exe -service []
R2 lxdeCATSCustConnectService;lxdeCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdeserv.exe [2007-05-29 99248]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
rsmsvcs REG_MULTI_SZ ntmssvc
ipripsvc REG_MULTI_SZ iprip
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae43462f-244c-11dd-a240-001e6832830d}]
\shell\AutoRun\command - G:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f453827e-02f7-11dd-954b-806e6f6e6963}]
\shell\AutoRun\command - E:\EAutorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5592d85-6eaa-11dd-8479-001e6832830d}]
\shell\AutoRun\command - F:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f559301f-6eaa-11dd-8479-001e6832830d}]
\shell\AutoRun\command - F:\InstallTomTomHOME.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2008-12-22 c:\windows\Tasks\User_Feed_Synchronization-{17B65D65-947D-4F8C-AE52-875B7F5949AF}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 10:45]
.
- - - - ORPHELINS SUPPRIMES - - - -

WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
HKCU-Run-TomTomHOME.exe - c:\program files\TomTom HOME 2\HOMERunner.exe
HKCU-Run-CanalPlayer - c:\program files\Lecteur CANALPLAY\CanalPlayer.exe
HKCU-Run-BitComet - c:\program files\BitComet\BitComet.exe
HKCU-Run-BitTorrent DNA - c:\users\Fabrice et Stéphanie\Program Files\DNA\btdna.exe
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-22 21:29:10
Windows 6.0.6000 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\CISVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\spool\drivers\w32x86\3\lxdeserv.exe
c:\windows\System32\lxdecoms.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Hp\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\windows\System32\TCPSVCS.EXE
c:\windows\System32\snmp.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\Hp\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Canal\Canal Widget\Canal Widget.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\System32\conime.exe
c:\windows\ehome\mcupdate.exe
.
**************************************************************************
.
Heure de fin: 2008-12-22 21:39:34 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-22 20:39:20

Avant-CF: 86 158 295 040 octets libres
Après-CF: 87,716,790,272 octets libres

311 --- E O F --- 2008-12-19 00:13:25
0
Réponse 13 / 13
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
encore des soucis? remets un rapport RSIT

a plus
0

Discussions similaires

"Nous n'avons pas pu nous connecter à ce réseau"
Aurore_1606 -
Damiennn -

25 réponses
symboles et écritures pour nick msn
Pando -
roro -

20 réponses