Bonjour un rapport de l'AV après scan.
Cordialement
<?xml version="1.0" encoding="windows-1251" ?>
- <!-- AVZ XML Report
-->
- <AVZ>
- <PROCESS>
<ITEM PID="180" File="c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe" CheckResult="0" Descr="Kaspersky Anti-Virus" LegalCopyright="Copyright © Kaspersky Lab 1996-2008." Hidden="-1" CmdLine=""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" -r" Size="208616" Attr="rsAh" CreateDate="11/11/2008 19:59:16" ChageDate="21/07/2009 14:17:50" MD5="24419DB0AD42B68CAFFA6BF903BE364A" />
<ITEM PID="916" File="c:\windows\dit.exe" CheckResult="-1" Descr="" LegalCopyright="" CmdLine=""C:\WINDOWS\Dit.exe"" Size="81920" Attr="rsAh" CreateDate="23/10/2008 20:31:52" ChageDate="19/05/2003 16:39:16" MD5="103CF6C4D03EC5EE49C4291182F4A60A" />
<ITEM PID="976" File="c:\windows\ditexp.exe" CheckResult="-1" Descr="" LegalCopyright="" CmdLine="DitExp.exe" Size="61440" Attr="rsAh" CreateDate="23/10/2008 20:31:52" ChageDate="20/03/2003 14:47:08" MD5="DE5ADD40C4AEFC76672BA844B2EF1B2D" />
<ITEM PID="348" File="c:\windows\explorer.exe" CheckResult="0" Descr="Explorateur Windows" LegalCopyright="© Microsoft Corporation. Tous droits rйservйs." Hidden="-1" CmdLine="C:\WINDOWS\Explorer.EXE" Size="1037824" Attr="rsah" CreateDate="02/03/2006 13:00:00" ChageDate="14/04/2008 03:34:03" MD5="F2317622D29F9FF0F88AEECD5F60F0DD" />
<ITEM PID="2900" File="c:\program files\mozilla firefox\firefox.exe" CheckResult="0" Descr="Firefox" LegalCopyright="©Firefox and Mozilla Developers, according to the MPL 1.1/GPL 2.0/LGPL 2.1 licenses, as applicable." Hidden="-1" CmdLine=""C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "http://dvb-dz.info/forum/login.php?do=lostpw"" Size="908280" Attr="rsAh" CreateDate="29/10/2009 21:22:42" ChageDate="16/10/2009 21:16:19" MD5="344C69625A205B36C8A3A0731F21D12D" />
<ITEM PID="2092" File="c:\program files\hp\digital imaging\bin\hpqste08.exe" CheckResult="0" Descr="HP CUE Status Root" LegalCopyright="Copyright (C) Hewlett-Packard Co. 1995-2008" Hidden="-1" CmdLine=""C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe" -CtxID "#Hewlett-Packard#HP Photosmart C5300 series#1246126413" -Startup" Size="184320" Attr="rsAh" CreateDate="25/03/2008 19:49:02" ChageDate="25/03/2008 19:49:02" MD5="80B8AE8E18FF57BE13FF4A5959DB0EC1" />
<ITEM PID="1340" File="c:\program files\hp\digital imaging\bin\hpqtra08.exe" CheckResult="0" Descr="HP Digital Imaging Monitor" LegalCopyright="Copyright (C) Hewlett-Packard Co. 1995-2008" Hidden="-1" CmdLine=""C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"" Size="214360" Attr="rsAh" CreateDate="25/03/2008 19:40:42" ChageDate="25/03/2008 19:40:42" MD5="CF03C8F6F6B0D71F6E5BCE167FCF7CA6" />
<ITEM PID="884" File="c:\program files\hp wireless adapter\hpwlan.exe" CheckResult="0" Descr="RtWLan MFC Application" LegalCopyright="Copyright (C) 2003-2005" Hidden="-1" CmdLine=""C:\Program Files\HP Wireless Adapter\HPWLAN.exe"" Size="618496" Attr="rsAh" CreateDate="27/06/2009 21:03:22" ChageDate="04/10/2006 21:51:06" MD5="3DD0117B42F9248212E94FB797D189FF" />
<ITEM PID="1304" File="c:\program files\internet explorer\iexplore.exe" CheckResult="0" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Hidden="-1" CmdLine=""C:\Program Files\internet explorer\iexplore.exe" SCODEF:2644 CREDAT:79873" Size="638816" Attr="rsAh" CreateDate="15/10/2008 14:58:54" ChageDate="08/03/2009 13:09:26" MD5="B60DDDD2D63CE41CB8C487FCFBB6419E" />
<ITEM PID="716" File="c:\windows\system32\rundll32.exe" CheckResult="0" Descr="Exйcuter une DLL en tant qu'application" LegalCopyright="© Microsoft Corporation. Tous droits rйservйs." Hidden="-1" CmdLine=""C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" Size="33792" Attr="rsAh" CreateDate="02/03/2006 13:00:00" ChageDate="14/04/2008 03:34:20" MD5="93AD0B78C7357A05F50E594EC7C22300" />
<ITEM PID="536" File="c:\windows\system32\svchost.exe" CheckResult="0" Descr="Generic Host Process for Win32 Services" LegalCopyright="© Microsoft Corporation. All rights reserved." Hidden="-1" CmdLine="C:\WINDOWS\system32\svchost.exe -k hpdevmgmt" Size="14336" Attr="rsah" CreateDate="02/03/2006 13:00:00" ChageDate="14/04/2008 03:34:23" MD5="E4BDF223CD75478BF44567B4D5C2634D" />
<ITEM PID="2368" File="c:\program files\spyware doctor\tfengine\tfservice.exe" CheckResult="0" Descr="PC Tools ThreatFire Service" LegalCopyright="Copyright © 2005-2008 PC Tools. All Rights Reserved." Hidden="-1" CmdLine=""C:\Program Files\Spyware Doctor\TFEngine\TFService.exe" service" Size="70944" Attr="rsAh" CreateDate="10/05/2009 18:45:51" ChageDate="31/03/2009 10:23:06" MD5="F25E880E8B2F09110E980F7D6FE893A2" />
<ITEM PID="1268" File="c:\program files\belkin\f1u201.401\usbshare.exe" CheckResult="-1" Descr="" LegalCopyright="" CmdLine=""C:\Program Files\Belkin\F1U201.401\usbshare.exe"" Size="135168" Attr="rsAh" CreateDate="03/03/2009 20:31:39" ChageDate="08/04/2003 14:42:28" MD5="BB633ED02FE2E7FA8350B23656EEB970" />
</PROCESS>
- <DLL>
<ITEM File="C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Bases\klavemu.kdl" CheckResult="-1" Descr="Heuristics engine" LegalCopyright="Copyright © Kaspersky Lab 1997-2009." UsedBy="180" Hidden="-1" Size="811008" Attr="rsAh" CreateDate="20/10/2008 13:55:20" ChageDate="03/11/2009 10:12:23" MD5="6A3A10866EF4401A7F42A01A71968C8B" />
<ITEM File="C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Bases\kjim.kdl" CheckResult="-1" Descr="Script Heuristics Engine" LegalCopyright="Copyright © Kaspersky Lab 1997-2009." UsedBy="180" Hidden="-1" Size="224256" Attr="rsAh" CreateDate="15/01/2009 18:27:50" ChageDate="03/11/2009 08:02:36" MD5="22EEE044D4BEDB900C84AE229282FAC6" />
<ITEM File="C:\WINDOWS\system32\NVRSFR.DLL" CheckResult="-1" Descr="NVIDIA French language resource library" LegalCopyright="(C) NVIDIA Corporation. All rights reserved." UsedBy="348,716" Hidden="-1" Size="282624" Attr="rsAh" CreateDate="17/08/2009 02:04:12" ChageDate="17/08/2009 02:04:12" MD5="88D12EFEA556C7535B005D0A94D81E64" />
<ITEM File="C:\Program Files\Mozilla Firefox\softokn3.dll" CheckResult="-1" Descr="NSS PKCS #11 Library" LegalCopyright="" UsedBy="2900" Hidden="-1" Size="155648" Attr="rsAh" CreateDate="29/10/2009 21:22:42" ChageDate="16/10/2009 18:58:43" MD5="EEE350478BB1A8F91592E68D02912C7F" />
<ITEM File="C:\Program Files\Mozilla Firefox\nssdbm3.dll" CheckResult="-1" Descr="Legacy Database Driver" LegalCopyright="" UsedBy="2900" Hidden="-1" Size="98304" Attr="rsAh" CreateDate="29/10/2009 21:22:42" ChageDate="16/10/2009 18:58:44" MD5="E94B16182C5A452F064D5CF6C4401B94" />
<ITEM File="C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll" CheckResult="-1" Descr="HP OfficeJet COM Device IO Objects (CUE)" LegalCopyright="Copyright (C) Hewlett-Packard Co. 1995-2008" UsedBy="2092,1340" Hidden="-1" Size="1015808" Attr="rsAh" CreateDate="15/05/2008 01:11:42" ChageDate="15/05/2008 01:11:42" MD5="A5B72211763C370888F269D91360EB7F" />
<ITEM File="C:\Program Files\HP\Digital Imaging\bin\hpotra08.rsc" CheckResult="-1" Descr="AiO TrayAppPlugIn Combined resource DLL" LegalCopyright="Copyright (C) Hewlett-Packard Co. 1995-2008" UsedBy="1340" Hidden="-1" Size="31744" Attr="rsAh" CreateDate="15/05/2008 01:11:42" ChageDate="15/05/2008 01:11:42" MD5="A07E7EB4D74980806A970B7EB22462FB" />
<ITEM File="C:\Program Files\HP\Digital Imaging\bin\hpotradd.dll" CheckResult="-1" Descr="HP Digital Imaging Monitor PlugIn (AiO)" LegalCopyright="Copyright (C) Hewlett-Packard Co. 1995-2008" UsedBy="1340" Hidden="-1" Size="77824" Attr="rsAh" CreateDate="15/05/2008 01:11:42" ChageDate="15/05/2008 01:11:42" MD5="FF6C05C8C145802B91BDBC4E24A2F5DB" />
<ITEM File="C:\Program Files\HP Wireless Adapter\EnumDongleLib.dll" CheckResult="-1" Descr="EnumDongleLib DLL" LegalCopyright="Copyright (C) 2003-2006" UsedBy="884" Hidden="-1" Size="131072" Attr="rsAh" CreateDate="27/06/2009 21:03:22" ChageDate="09/05/2006 13:05:44" MD5="87F66FF632945FE3629D99296FE93973" />
<ITEM File="C:\Program Files\HP Wireless Adapter\HpDongleLib.dll" CheckResult="-1" Descr="HpDongleLib DLL(EAPPkt)" LegalCopyright="Copyright (C) 2002-2006" UsedBy="884" Hidden="-1" Size="208896" Attr="rsAh" CreateDate="27/06/2009 21:03:22" ChageDate="23/08/2006 20:26:26" MD5="24147A9C0A6B6EB52F399F2F005A3541" />
<ITEM File="C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" CheckResult="-1" Descr="Java(TM) Quick Starter binary" LegalCopyright="Copyright © 2004" UsedBy="1304" Hidden="-1" Size="73728" Attr="rsAh" CreateDate="25/12/2008 17:24:20" ChageDate="11/10/2009 04:17:12" MD5="DEE8F03D1EACE0C8F914A2C76568EA32" />
<ITEM File="C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll" CheckResult="-1" Descr="HP CUE/AiO Context Information Objects" LegalCopyright="Copyright (C) Hewlett-Packard Co. 1995-2008" UsedBy="536" Hidden="-1" Size="442368" Attr="rsAh" CreateDate="15/05/2008 01:11:42" ChageDate="15/05/2008 01:11:42" MD5="986AB8B2083FEBB8958B8277149AAEFB" />
<ITEM File="C:\Program Files\Spyware Doctor\TFEngine\TFMisc.dll" CheckResult="-1" Descr="PC Tools ThreatFire" LegalCopyright="Copyright © 2005-2008 PC Tools. All Rights Reserved." UsedBy="2368" Hidden="-1" Size="754976" Attr="rsAh" CreateDate="10/05/2009 18:45:51" ChageDate="31/03/2009 10:23:44" MD5="B0B39349C64DAAFFEB37C90F319DA029" />
</DLL>
- <KERNELOBJ>
<ITEM File="C:\WINDOWS\System32\Drivers\dump_atapi.sys" CheckResult="-1" Base="B3ED8000" MemSize="018000" Descr="" LegalCopyright="" />
<ITEM File="C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS" CheckResult="-1" Base="B85BE000" MemSize="002000" Descr="" LegalCopyright="" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\HPEAPPkt.sys" CheckResult="-1" Base="B3A97000" MemSize="011000" Descr="NDIS User mode I/O Driver" LegalCopyright="" Size="68864" Attr="rsAh" CreateDate="27/06/2009 21:03:22" ChageDate="12/05/2006 12:31:12" MD5="4BA96E24C86AA9114862A4185DFEF090" />
<ITEM File="C:\WINDOWS\system32\Drivers\mchInjDrv.sys" CheckResult="-1" Base="B870D000" MemSize="001000" Descr="" LegalCopyright="" />
</KERNELOBJ>
- <Service>
<ITEM File="c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" Name="Adobe Version Cue CS2" CheckResult="-1" Type="16" State="1" />
<ITEM File="C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe" Name="FirebirdServerMAGIXInstance" CheckResult="-1" Type="272" State="1" />
<ITEM File="C:\Program Files\CyberLink\Shared Files\RichVideo.exe" Name="RichVideo" CheckResult="-1" Type="272" State="1" />
</Service>
- <Drivers>
<ITEM File="C:\WINDOWS\system32\DRIVERS\HPEAPPkt.sys" Name="HPEAPPkt" CheckResult="-1" Type="1" State="4" Size="68864" Attr="rsAh" CreateDate="27/06/2009 21:03:22" ChageDate="12/05/2006 12:31:12" MD5="4BA96E24C86AA9114862A4185DFEF090" />
<ITEM File="Abiosdsk.sys" Name="Abiosdsk" CheckResult="-1" Type="1" State="1" />
<ITEM File="abp480n5.sys" Name="abp480n5" CheckResult="-1" Type="1" State="1" />
<ITEM File="adpu160m.sys" Name="adpu160m" CheckResult="-1" Type="1" State="1" />
<ITEM File="Aha154x.sys" Name="Aha154x" CheckResult="-1" Type="1" State="1" />
<ITEM File="aic78u2.sys" Name="aic78u2" CheckResult="-1" Type="1" State="1" />
<ITEM File="aic78xx.sys" Name="aic78xx" CheckResult="-1" Type="1" State="1" />
<ITEM File="AliIde.sys" Name="AliIde" CheckResult="-1" Type="1" State="1" />
<ITEM File="amsint.sys" Name="amsint" CheckResult="-1" Type="1" State="1" />
<ITEM File="asc.sys" Name="asc" CheckResult="-1" Type="1" State="1" />
<ITEM File="asc3350p.sys" Name="asc3350p" CheckResult="-1" Type="1" State="1" />
<ITEM File="asc3550.sys" Name="asc3550" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\WINDOWS\system32\drivers\aspi32.sys" Name="Aspi32" CheckResult="-1" Type="1" State="1" />
<ITEM File="Atdisk.sys" Name="Atdisk" CheckResult="-1" Type="1" State="1" />
<ITEM File="cd20xrnt.sys" Name="cd20xrnt" CheckResult="-1" Type="1" State="1" />
<ITEM File="Changer.sys" Name="Changer" CheckResult="-1" Type="1" State="1" />
<ITEM File="CmdIde.sys" Name="CmdIde" CheckResult="-1" Type="1" State="1" />
<ITEM File="Cpqarray.sys" Name="Cpqarray" CheckResult="-1" Type="1" State="1" />
<ITEM File="dac960nt.sys" Name="dac960nt" CheckResult="-1" Type="1" State="1" />
<ITEM File="dpti2o.sys" Name="dpti2o" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\DOCUME~1\POUSSA~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys" Name="F-Secure Standalone Minifilter" CheckResult="-1" Type="1" State="1" />
<ITEM File="hpn.sys" Name="hpn" CheckResult="-1" Type="1" State="1" />
<ITEM File="i2omgmt.sys" Name="i2omgmt" CheckResult="-1" Type="1" State="1" />
<ITEM File="i2omp.sys" Name="i2omp" CheckResult="-1" Type="1" State="1" />
<ITEM File="ini910u.sys" Name="ini910u" CheckResult="-1" Type="1" State="1" />
<ITEM File="IntelIde.sys" Name="IntelIde" CheckResult="-1" Type="1" State="1" />
<ITEM File="lbrtfdc.sys" Name="lbrtfdc" CheckResult="-1" Type="1" State="1" />
<ITEM File="mraid35x.sys" Name="mraid35x" CheckResult="-1" Type="1" State="1" />
<ITEM File="PCIDump.sys" Name="PCIDump" CheckResult="-1" Type="1" State="1" />
<ITEM File="PDCOMP.sys" Name="PDCOMP" CheckResult="-1" Type="1" State="1" />
<ITEM File="PDFRAME.sys" Name="PDFRAME" CheckResult="-1" Type="1" State="1" />
<ITEM File="PDRELI.sys" Name="PDRELI" CheckResult="-1" Type="1" State="1" />
<ITEM File="PDRFRAME.sys" Name="PDRFRAME" CheckResult="-1" Type="1" State="1" />
<ITEM File="perc2.sys" Name="perc2" CheckResult="-1" Type="1" State="1" />
<ITEM File="perc2hib.sys" Name="perc2hib" CheckResult="-1" Type="1" State="1" />
<ITEM File="ql1080.sys" Name="ql1080" CheckResult="-1" Type="1" State="1" />
<ITEM File="Ql10wnt.sys" Name="Ql10wnt" CheckResult="-1" Type="1" State="1" />
<ITEM File="ql12160.sys" Name="ql12160" CheckResult="-1" Type="1" State="1" />
<ITEM File="ql1240.sys" Name="ql1240" CheckResult="-1" Type="1" State="1" />
<ITEM File="ql1280.sys" Name="ql1280" CheckResult="-1" Type="1" State="1" />
<ITEM File="Simbad.sys" Name="Simbad" CheckResult="-1" Type="1" State="1" />
<ITEM File="Sparrow.sys" Name="Sparrow" CheckResult="-1" Type="1" State="1" />
<ITEM File="sym_hi.sys" Name="sym_hi" CheckResult="-1" Type="1" State="1" />
<ITEM File="sym_u3.sys" Name="sym_u3" CheckResult="-1" Type="1" State="1" />
<ITEM File="symc810.sys" Name="symc810" CheckResult="-1" Type="1" State="1" />
<ITEM File="symc8xx.sys" Name="symc8xx" CheckResult="-1" Type="1" State="1" />
<ITEM File="TosIde.sys" Name="TosIde" CheckResult="-1" Type="1" State="1" />
<ITEM File="ultra.sys" Name="ultra" CheckResult="-1" Type="1" State="1" />
<ITEM File="ViaIde.sys" Name="ViaIde" CheckResult="-1" Type="1" State="1" />
<ITEM File="WDICA.sys" Name="WDICA" CheckResult="-1" Type="1" State="1" />
</Drivers>
- <AUTORUN>
<ITEM File="C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\<FILE_REGISTRATION_APP>" CheckResult="-1" Enabled="1" Type="LNK" X1="C:\Documents and Settings\All Users\Menu Dйmarrer\Programmes\Dйmarrage\" X2="C:\Documents and Settings\All Users\Menu Dйmarrer\Programmes\Dйmarrage\Register Mask Pro 3.0.lnk" X3="" />
<ITEM File="C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Register PhotoTune 2.exe" CheckResult="-1" Enabled="1" Type="LNK" X1="C:\Documents and Settings\All Users\Menu Dйmarrer\Programmes\Dйmarrage\" X2="C:\Documents and Settings\All Users\Menu Dйmarrer\Programmes\Dйmarrage\Register PhotoTune 2.lnk" X3="" />
<ITEM File="C:\Program Files\Belkin\F1U201.401\usbshare.exe" CheckResult="-1" Enabled="1" Type="LNK" Size="135168" Attr="rsAh" CreateDate="03/03/2009 20:31:39" ChageDate="08/04/2003 14:42:28" MD5="BB633ED02FE2E7FA8350B23656EEB970" X1="C:\Documents and Settings\All Users\Menu Dйmarrer\Programmes\Dйmarrage\" X2="C:\Documents and Settings\All Users\Menu Dйmarrer\Programmes\Dйmarrage\F1U201.401.lnk" X3="" />
<ITEM File="C:\Program Files\onOne Software\FocalPoint 1.0\Register FocalPoint 1.0.exe" CheckResult="-1" Enabled="1" Type="LNK" X1="C:\Documents and Settings\All Users\Menu Dйmarrer\Programmes\Dйmarrage\" X2="C:\Documents and Settings\All Users\Menu Dйmarrer\Programmes\Dйmarrage\Register FocalPoint 1.0.lnk" X3="" />
<ITEM File="C:\Program Files\onOne Software\Genuine Fractals 6.0 Professional Edition\Register Genuine Fractals 6.0 Professional Edition.exe" CheckResult="-1" Enabled="1" Type="LNK" X1="C:\Documents and Settings\All Users\Menu Dйmarrer\Programmes\Dйmarrage\" X2="C:\Documents and Settings\All Users\Menu Dйmarrer\Programmes\Dйmarrage\Register Genuine Fractals 6.0 Professional Edition.lnk" X3="" />
<ITEM File="C:\Program Files\onOne Software\PhotoTools 1.0 Professional Edition\Register PhotoTools 1.0 Professional Edition.exe" CheckResult="-1" Enabled="1" Type="LNK" X1="C:\Documents and Settings\All Users\Menu Dйmarrer\Programmes\Dйmarrage\" X2="C:\Documents and Settings\All Users\Menu Dйmarrer\Programmes\Dйmarrage\Register PhotoTools 1.0 Professional Edition.lnk" X3="" />
<ITEM File="C:\WINDOWS\Dit.exe" CheckResult="-1" Enabled="1" Type="REG" Size="81920" Attr="rsAh" CreateDate="23/10/2008 20:31:52" ChageDate="19/05/2003 16:39:16" MD5="103CF6C4D03EC5EE49C4291182F4A60A" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\Run" X3="Dit" />
<ITEM File="C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe" CheckResult="-1" Enabled="1" Type="LNK" X1="C:\Documents and Settings\All Users\Menu Dйmarrer\Programmes\Dйmarrage\" X2="C:\Documents and Settings\All Users\Menu Dйmarrer\Programmes\Dйmarrage\Lancement rapide d'Adobe Acrobat.lnk" X3="" />
<ITEM File="appmgmts.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}" X3="DLLName" />
</AUTORUN>
- <BHO>
<ITEM File="C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" CheckResult="-1" Enabled="1" BHOType="1" RegKey="Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" CLSID="{E7E6F031-17CE-4C07-BC86-EABFE594F69C}" Descr="Java(TM) Quick Starter binary" LegalCopyright="Copyright © 2004" Size="73728" Attr="rsAh" CreateDate="25/12/2008 17:24:20" ChageDate="11/10/2009 04:17:12" MD5="DEE8F03D1EACE0C8F914A2C76568EA32" />
</BHO>
- <ExplorerExt>
<ITEM File="deskpan.dll" CheckResult="-1" Enabled="1" ExtName="Extension Affichage Panorama du Panneau de configuration" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{42071714-76d4-11d1-8b24-00a0c9068ff3}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Extensions de l'environnement de compression de fichiers" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{764BF0E1-F219-11ce-972D-00AA00A14F56}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Menu contextuel de cryptage" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Barre des tвches et menu Dйmarrer" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{0DF44EAA-FF21-4412-828E-260A8728E7F1}" Descr="" LegalCopyright="" />
<ITEM File="rundll32.exe C:\WINDOWS\system32\shimgvw.dll,ImageView_COMServer {00E7B358-F65B-4dcf-83DF-CD026B94BFD4}" CheckResult="-1" Enabled="1" ExtName="Autoplay for SlideShow" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Comptes d'utilisateurs" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{7A9D77BD-5403-11d2-8785-2E0420524153}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Messenger Sharing Folders" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Microsoft Browser Architecture" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="IE User Assist" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="DOPMenuV5" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{178AA11F-3F30-446D-ACE7-610B6039D9BC}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Statistiques de la protection du trafic Internet" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="blue.shell" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{79BC0345-1015-11D2-A299-006008312725}" Descr="" LegalCopyright="" />
<ITEM File="C:\Program Files\Fichiers communs\onOne Software Shared\lt_lib_gf_iconShellEx.dll" CheckResult="-1" Enabled="1" ExtName="GF Shell Extension" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{EE337094-9F50-4B8C-9B53-C00F52A3289B}" Descr="lt_lib_gf_iconShellEx Module" LegalCopyright="Copyright 2005 onOne Software, Inc." Size="679936" Attr="rsAh" CreateDate="08/02/2009 12:08:52" ChageDate="22/07/2009 11:58:16" MD5="C412B27311D5A1E8F73D16E2ED8E0316" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="AutopanoShell.ShellPropertySheet Class by Kolor" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{C4853253-CD11-4798-ABF3-EC03F7C8A493}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="AutopanoShell.ShellExtractImage Class by Kolor" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{C4853253-CD11-4798-ABF3-EC03F7C8A494}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="AutopanoShell.ShellQueryInfo Class by Kolor" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{C4853253-CD11-4798-ABF3-EC03F7C8A495}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="AutopanoShell.ShellColumnProvider Class by Kolor" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{C4853253-CD11-4798-ABF3-EC03F7C8A496}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="AutopanoShell.ShellContextMenu Class by Kolor" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{C4853253-CD11-4798-ABF3-EC03F7C8A498}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="CDR Icon Handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{DE902992-61FC-4A01-8091-53E1895C9775}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="CPT Icon Handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{DE902993-61FC-4A01-8091-53E1895C9775}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="CMX Icon Handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{DE902994-61FC-4A01-8091-53E1895C9775}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="CDR Thumbnail Provider" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{1462EBAA-96E7-4D93-9A66-0E4068DE4FCF}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="CPT Thumbnail Provider" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{1462EBAB-96E7-4D93-9A66-0E4068DE4FCF}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="CMX Thumbnail Provider" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{1462EBAC-96E7-4D93-9A66-0E4068DE4FCF}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="CDR Property Handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{F9633464-9E18-4C06-9D3A-E131C036A9FA}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="CPT Property Handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{F9633465-9E18-4C06-9D3A-E131C036A9FA}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="CDR Property Sheet" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{7DDDBFE0-09C4-4680-9E13-8CE7D00EDE57}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="CPT Property Sheet" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{7DDDBFE1-09C4-4680-9E13-8CE7D00EDE57}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="CMX Property Sheet" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{7DDDBFE2-09C4-4680-9E13-8CE7D00EDE57}" Descr="" LegalCopyright="" />
<ITEM File=""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" CheckResult="-1" Enabled="1" ExtName="OpenOffice.org Column Handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" Descr="" LegalCopyright="" />
<ITEM File=""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" CheckResult="-1" Enabled="1" ExtName="OpenOffice.org Infotip Handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" Descr="" LegalCopyright="" />
<ITEM File=""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" CheckResult="-1" Enabled="1" ExtName="OpenOffice.org Property Sheet Handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{63542C48-9552-494A-84F7-73AA6A7C99C1}" Descr="" LegalCopyright="" />
<ITEM File=""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" CheckResult="-1" Enabled="1" ExtName="OpenOffice.org Thumbnail Viewer" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{3B092F0C-7696-40E3-A80F-68D74DA84210}" Descr="" LegalCopyright="" />
</ExplorerExt>
<PrintEXT />
<TaskScheduler />
- <DPF>
<ITEM File="" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Microsoft\Code Store Database\Distribution Units" CLSID="{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" CodeBase="http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Microsoft\Code Store Database\Distribution Units" CLSID="{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" CodeBase="http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab" Descr="" LegalCopyright="" />
</DPF>
- <CPL>
<ITEM File="C:\WINDOWS\system32\javacpl.cpl" CheckResult="-1" Enabled="1" Descr="Java(TM) Control Panel" LegalCopyright="Copyright © 2004" Size="73728" Attr="rsAh" CreateDate="25/12/2008 17:24:26" ChageDate="11/10/2009 02:14:35" MD5="80D852AFDC9FD524CF6A6F3485FD3A10" />
</CPL>
<ActiveSetup />
- <HOSTS>
<ITEM Line="127.0.0.1 localhost" />
</HOSTS>
- <SuspFiles>
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" VirType="4" Descr="Intercepteur KernelMode" />
<ITEM File="C:\WINDOWS\system32\Drivers\PCTCore.sys" VirType="4" Descr="Intercepteur KernelMode" />
<ITEM File="C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Bases\klavemu.kdl" VirType="5" Descr="Suspicion de Keylogger ou de DLL de cheval de Troie" />
<ITEM File="C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Bases\kjim.kdl" VirType="5" Descr="Suspicion de Keylogger ou de DLL de cheval de Troie" />
</SuspFiles>
- <RK_UM>
<ITEM DLL="kernel32.dll" FNaim="CreateProcessA" FIndx="98" HookPtr="6DA41370" HookType="1" />
<ITEM DLL="kernel32.dll" FNaim="CreateProcessW" FIndx="102" HookPtr="6DA413D0" HookType="1" />
<ITEM DLL="kernel32.dll" FNaim="FreeLibrary" FIndx="240" HookPtr="6DA41530" HookType="1" />
<ITEM DLL="kernel32.dll" FNaim="GetModuleFileNameA" FIndx="372" HookPtr="6DA41470" HookType="1" />
<ITEM DLL="kernel32.dll" FNaim="GetModuleFileNameW" FIndx="373" HookPtr="6DA414B0" HookType="1" />
<ITEM DLL="kernel32.dll" FNaim="GetProcAddress" FIndx="408" HookPtr="6DA41570" HookType="1" />
<ITEM DLL="kernel32.dll" FNaim="LoadLibraryA" FIndx="580" HookPtr="6DA410B0" HookType="1" />
<ITEM DLL="kernel32.dll" FNaim="LoadLibraryExA" FIndx="581" HookPtr="6DA41230" HookType="1" />
<ITEM DLL="kernel32.dll" FNaim="LoadLibraryExW" FIndx="582" HookPtr="6DA412F0" HookType="1" />
<ITEM DLL="kernel32.dll" FNaim="LoadLibraryW" FIndx="583" HookPtr="6DA41170" HookType="1" />
<ITEM DLL="rasapi32.dll" FNaim="RasConnectionNotificationW" FIndx="13" HookPtr="9A0BB6" HookType="1" />
<ITEM DLL="rasapi32.dll" FNaim="RasEnumConnectionsW" FIndx="28" HookPtr="9A0BE0" HookType="1" />
<ITEM DLL="rasapi32.dll" FNaim="RasEnumEntriesW" FIndx="33" HookPtr="9A0C0A" HookType="1" />
<ITEM DLL="rasapi32.dll" FNaim="RasGetEntryPropertiesW" FIndx="63" HookPtr="9A0C34" HookType="1" />
</RK_UM>
- <RK_KM>
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtAdjustPrivilegesToken" FIndx="11" HookPtr="B41EA1DA" HookType="1" CheckResult="0" Size="226832" Attr="rsAh" CreateDate="18/11/2008 16:09:34" ChageDate="04/02/2009 18:19:08" MD5="2627C389BA33065B2E98118CE9D71E57" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtClose" FIndx="25" HookPtr="B41EA7AE" HookType="1" CheckResult="0" Size="226832" Attr="rsAh" CreateDate="18/11/2008 16:09:34" ChageDate="04/02/2009 18:19:08" MD5="2627C389BA33065B2E98118CE9D71E57" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtConnectPort" FIndx="31" HookPtr="B41EC1EA" HookType="1" CheckResult="0" Size="226832" Attr="rsAh" CreateDate="18/11/2008 16:09:34" ChageDate="04/02/2009 18:19:08" MD5="2627C389BA33065B2E98118CE9D71E57" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtCreateFile" FIndx="37" HookPtr="B41EBB9C" HookType="1" CheckResult="0" Size="226832" Attr="rsAh" CreateDate="18/11/2008 16:09:34" ChageDate="04/02/2009 18:19:08" MD5="2627C389BA33065B2E98118CE9D71E57" />
<ITEM File="C:\WINDOWS\system32\Drivers\PCTCore.sys" FNaim="NtCreateKey" FIndx="41" HookPtr="B7EEFD72" HookType="1" CheckResult="0" Size="206256" Attr="rsAh" CreateDate="10/05/2009 18:45:57" ChageDate="01/09/2009 06:20:21" MD5="D302A59E6D1842A201930928A5BAD68B" />
<ITEM File="C:\WINDOWS\system32\Drivers\PCTCore.sys" FNaim="NtCreateProcess" FIndx="47" HookPtr="B7ED09A6" HookType="1" CheckResult="0" Size="206256" Attr="rsAh" CreateDate="10/05/2009 18:45:57" ChageDate="01/09/2009 06:20:21" MD5="D302A59E6D1842A201930928A5BAD68B" />
<ITEM File="C:\WINDOWS\system32\Drivers\PCTCore.sys" FNaim="NtCreateProcessEx" FIndx="48" HookPtr="B7ED0B98" HookType="1" CheckResult="0" Size="206256" Attr="rsAh" CreateDate="10/05/2009 18:45:57" ChageDate="01/09/2009 06:20:21" MD5="D302A59E6D1842A201930928A5BAD68B" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtCreateSymbolicLinkObject" FIndx="52" HookPtr="B41EDB7C" HookType="1" CheckResult="0" Size="226832" Attr="rsAh" CreateDate="18/11/2008 16:09:34" ChageDate="04/02/2009 18:19:08" MD5="2627C389BA33065B2E98118CE9D71E57" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtCreateThread" FIndx="53" HookPtr="B41EA5AE" HookType="1" CheckResult="0" Size="226832" Attr="rsAh" CreateDate="18/11/2008 16:09:34" ChageDate="04/02/2009 18:19:08" MD5="2627C389BA33065B2E98118CE9D71E57" />
<ITEM File="C:\WINDOWS\system32\Drivers\PCTCore.sys" FNaim="NtDeleteKey" FIndx="63" HookPtr="B7EF0568" HookType="1" CheckResult="0" Size="206256" Attr="rsAh" CreateDate="10/05/2009 18:45:57" ChageDate="01/09/2009 06:20:21" MD5="D302A59E6D1842A201930928A5BAD68B" />
<ITEM File="C:\WINDOWS\system32\Drivers\PCTCore.sys" FNaim="NtDeleteValueKey" FIndx="65" HookPtr="B7EF0820" HookType="1" CheckResult="0" Size="206256" Attr="rsAh" CreateDate="10/05/2009 18:45:57" ChageDate="01/09/2009 06:20:21" MD5="D302A59E6D1842A201930928A5BAD68B" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtDeviceIoControlFile" FIndx="66" HookPtr="B41EBEAC" HookType="1" CheckResult="0" Size="226832" Attr="rsAh" CreateDate="18/11/2008 16:09:34" ChageDate="04/02/2009 18:19:08" MD5="2627C389BA33065B2E98118CE9D71E57" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtDuplicateObject" FIndx="68" HookPtr="B41EE084" HookType="1" CheckResult="0" Size="226832" Attr="rsAh" CreateDate="18/11/2008 16:09:34" ChageDate="04/02/2009 18:19:08" MD5="2627C389BA33065B2E98118CE9D71E57" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtEnumerateKey" FIndx="71" HookPtr="B41EA0A8" HookType="1" CheckResult="0" Size="226832" Attr="rsAh" CreateDate="18/11/2008 16:09:34" ChageDate="04/02/2009 18:19:08" MD5="2627C389BA33065B2E98118CE9D71E57" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtEnumerateValueKey" FIndx="73" HookPtr="B41EA110" HookType="1" CheckResult="0" Size="226832" Attr="rsAh" CreateDate="18/11/2008 16:09:34" ChageDate="04/02/2009 18:19:08" MD5="2627C389BA33065B2E98118CE9D71E57" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtFsControlFile" FIndx="84" HookPtr="B41EBD5E" HookType="1" CheckResult="0" Size="226832" Attr="rsAh" CreateDate="18/11/2008 16:09:34" ChageDate="04/02/2009 18:19:08" MD5="2627C389BA33065B2E98118CE9D71E57" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtLoadDriver" FIndx="97" HookPtr="B41ED620" HookType="1" CheckResult="0" Size="226832" Attr="rsAh" CreateDate="18/11/2008 16:09:34" ChageDate="04/02/2009 18:19:08" MD5="2627C389BA33065B2E98118CE9D71E57" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtOpenFile" FIndx="116" HookPtr="B41EB9F8" HookType="1" CheckResult="0" Size="226832" Attr="rsAh" CreateDate="18/11/2008 16:09:34" ChageDate="04/02/2009 18:19:08" MD5="2627C389BA33065B2E98118CE9D71E57" />
<ITEM File="C:\WINDOWS\system32\Drivers\PCTCore.sys" FNaim="NtOpenKey" FIndx="119" HookPtr="B7EEEA80" HookType="1" CheckResult="0" Size="206256" Attr="rsAh" CreateDate="10/05/2009 18:45:57" ChageDate="01/09/2009 06:20:21" MD5="D302A59E6D1842A201930928A5BAD68B" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtOpenProcess" FIndx="122" HookPtr="B41EA3B2" HookType="1" CheckResult="0" Size="226832" Attr="rsAh" CreateDate="18/11/2008 16:09:34" ChageDate="04/02/2009 18:19:08" MD5="2627C389BA33065B2E98118CE9D71E57" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtOpenSection" FIndx="125" HookPtr="B41EDBA6" HookType="1" CheckResult="0" Size="226832" Attr="rsAh" CreateDate="18/11/2008 16:09:34" ChageDate="04/02/2009 18:19:08" MD5="2627C389BA33065B2E98118CE9D71E57" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtOpenThread" FIndx="128" HookPtr="B41EA2FE" HookType="1" CheckResult="0" Size="226832" Attr="rsAh" CreateDate="18/11/2008 16:09:34" ChageDate="04/02/2009 18:19:08" MD5="2627C389BA33065B2E98118CE9D71E57" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtQueryKey" FIndx="160" HookPtr="B41EA178" HookType="1" CheckResult="0" Size="226832" Attr="rsAh" CreateDate="18/11/2008 16:09:34" ChageDate="04/02/2009 18:19:08" MD5="2627C389BA33065B2E98118CE9D71E57" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtQueryMultipleValueKey" FIndx="161" HookPtr="B41E9E7C" HookType="1" CheckResult="0" Size="226832" Attr="rsAh" CreateDate="18/11/2008 16:09:34" ChageDate="04/02/2009 18:19:08" MD5="2627C389BA33065B2E98118CE9D71E57" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtQueryValueKey" FIndx="177" HookPtr="B41E9C5A" HookType="1" CheckResult="0" Size="226832" Attr="rsAh" CreateDate="18/11/2008 16:09:34" ChageDate="04/02/2009 18:19:08" MD5="2627C389BA33065B2E98118CE9D71E57" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtQueueApcThread" FIndx="180" HookPtr="B41ED888" HookType="1" CheckResult="0" Size="226832" Attr="rsAh" CreateDate="18/11/2008 16:09:34" ChageDate="04/02/2009 18:19:08" MD5="2627C389BA33065B2E98118CE9D71E57" />
<ITEM File="C:\WINDOWS\system32\Drivers\PCTCore.sys" FNaim="NtRenameKey" FIndx="192" HookPtr="B7EF0C8A" HookType="1" CheckResult="0" Size="206256" Attr="rsAh" CreateDate="10/05/2009 18:45:57" ChageDate="01/09/2009 06:20:21" MD5="D302A59E6D1842A201930928A5BAD68B" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtReplaceKey" FIndx="193" HookPtr="B41E95D2" HookType="1" CheckResult="0" Size="226832" Attr="rsAh" CreateDate="18/11/2008 16:09:34" ChageDate="04/02/2009 18:19:08" MD5="2627C389BA33065B2E98118CE9D71E57" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtRequestWaitReplyPort" FIndx="200" HookPtr="B41ECA74" HookType="1" CheckResult="0" Size="226832" Attr="rsAh" CreateDate="18/11/2008 16:09:34" ChageDate="04/02/2009 18:19:08" MD5="2627C389BA33065B2E98118CE9D71E57" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtRestoreKey" FIndx="204" HookPtr="B41E9734" HookType="1" CheckResult="0" Size="226832" Attr="rsAh" CreateDate="18/11/2008 16:09:34" ChageDate="04/02/2009 18:19:08" MD5="2627C389BA33065B2E98118CE9D71E57" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtResumeThread" FIndx="206" HookPtr="B41EDF56" HookType="1" CheckResult="0" Size="226832" Attr="rsAh" CreateDate="18/11/2008 16:09:34" ChageDate="04/02/2009 18:19:08" MD5="2627C389BA33065B2E98118CE9D71E57" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtSaveKey" FIndx="207" HookPtr="B41E93D0" HookType="1" CheckResult="0" Size="226832" Attr="rsAh" CreateDate="18/11/2008 16:09:34" ChageDate="04/02/2009 18:19:08" MD5="2627C389BA33065B2E98118CE9D71E57" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtSecureConnectPort" FIndx="210" HookPtr="B41EC08C" HookType="1" CheckResult="0" Size="226832" Attr="rsAh" CreateDate="18/11/2008 16:09:34" ChageDate="04/02/2009 18:19:08" MD5="2627C389BA33065B2E98118CE9D71E57" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtSetContextThread" FIndx="213" HookPtr="B41EA6AC" HookType="1" CheckResult="0" Size="226832" Attr="rsAh" CreateDate="18/11/2008 16:09:34" ChageDate="04/02/2009 18:19:08" MD5="2627C389BA33065B2E98118CE9D71E57" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtSetSecurityObject" FIndx="237" HookPtr="B41ED71A" HookType="1" CheckResult="0" Size="226832" Attr="rsAh" CreateDate="18/11/2008 16:09:34" ChageDate="04/02/2009 18:19:08" MD5="2627C389BA33065B2E98118CE9D71E57" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtSetSystemInformation" FIndx="240" HookPtr="B41EDBD0" HookType="1" CheckResult="0" Size="226832" Attr="rsAh" CreateDate="18/11/2008 16:09:34" ChageDate="04/02/2009 18:19:08" MD5="2627C389BA33065B2E98118CE9D71E57" />
<ITEM File="C:\WINDOWS\system32\Drivers\PCTCore.sys" FNaim="NtSetValueKey" FIndx="247" HookPtr="B7EF0036" HookType="1" CheckResult="0" Size="206256" Attr="rsAh" CreateDate="10/05/2009 18:45:57" ChageDate="01/09/2009 06:20:21" MD5="D302A59E6D1842A201930928A5BAD68B" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtSuspendProcess" FIndx="253" HookPtr="B41EDCB4" HookType="1" CheckResult="0" Size="226832" Attr="rsAh" CreateDate="18/11/2008 16:09:34" ChageDate="04/02/2009 18:19:08" MD5="2627C389BA33065B2E98118CE9D71E57" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtSuspendThread" FIndx="254" HookPtr="B41EDDE0" HookType="1" CheckResult="0" Size="226832" Attr="rsAh" CreateDate="18/11/2008 16:09:34" ChageDate="04/02/2009 18:19:08" MD5="2627C389BA33065B2E98118CE9D71E57" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtSystemDebugControl" FIndx="255" HookPtr="B41ED54C" HookType="1" CheckResult="0" Size="226832" Attr="rsAh" CreateDate="18/11/2008 16:09:34" ChageDate="04/02/2009 18:19:08" MD5="2627C389BA33065B2E98118CE9D71E57" />
<ITEM File="C:\WINDOWS\system32\Drivers\PCTCore.sys" FNaim="NtTerminateProcess" FIndx="257" HookPtr="B7ED0656" HookType="1" CheckResult="0" Size="206256" Attr="rsAh" CreateDate="10/05/2009 18:45:57" ChageDate="01/09/2009 06:20:21" MD5="D302A59E6D1842A201930928A5BAD68B" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtWriteVirtualMemory" FIndx="277" HookPtr="B41EA4F0" HookType="1" CheckResult="0" Size="226832" Attr="rsAh" CreateDate="18/11/2008 16:09:34" ChageDate="04/02/2009 18:19:08" MD5="2627C389BA33065B2E98118CE9D71E57" />
<ITEM File="\SystemRoot\system32\DRIVERS\klif.sys" FNaim="NtQueryPerformanceCounter" FIndx="165" HookPtr="805CB90C" HookType="3" />
<ITEM File="\SystemRoot\system32\DRIVERS\klif.sys" FNaim="" FIndx="387" HookPtr="805CB90C" HookType="3" />
</RK_KM>
- <KEYLOGGER>
<ITEM File="C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Bases\klavemu.kdl" Verdict="" CheckResult="-1" Size="811008" Attr="rsAh" CreateDate="20/10/2008 13:55:20" ChageDate="03/11/2009 10:12:23" MD5="6A3A10866EF4401A7F42A01A71968C8B" />
<ITEM File="C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Bases\kjim.kdl" Verdict="" CheckResult="-1" Size="224256" Attr="rsAh" CreateDate="15/01/2009 18:27:50" ChageDate="03/11/2009 08:02:36" MD5="22EEE044D4BEDB900C84AE229282FAC6" />
</KEYLOGGER>
- <WIZARD-TSW>
<ITEM ID="58" Level="3" Fixed="0" />
<ITEM ID="59" Level="3" Fixed="0" />
<ITEM ID="60" Level="1" Fixed="0" />
<ITEM ID="61" Level="2" Fixed="0" />
</WIZARD-TSW>
</AVZ>