Se connecter / S'enregistrer
Votre question

Pc infecter malgres Kaspersky

Tags :
  • Kaspersky
  • Sécurité
Dernière réponse : dans Sécurité et virus
24 Novembre 2010 18:13:52

Bonsoir,

Je vines demandé de l'aide car mon pc est infecter , sa se remarque avec des apparitions de pub ainsi que bug etc...
Kaspersky m'envoie des message pour les supprimer mais en fin de compte a chaque fois les virus réapparait .


OTL logfile created on: 24/11/2010 18:21:10 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\hakim\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 59,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 179,32 Gb Total Space | 150,78 Gb Free Space | 84,08% Space Free | Partition Type: NTFS
Drive D: | 6,96 Gb Total Space | 1,03 Gb Free Space | 14,72% Space Free | Partition Type: FAT32

Computer Name: HAKIM-PC | User Name: hakim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\hakim\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\OfferBox\OfferBox.exe (Secure Digital Services Limited)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\hakim\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) Programme d’installation ActiveX (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (wampmysqld) -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe ()
SRV - (wampapache) -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe (Apache Software Foundation)


========== Driver Services (SafeList) ==========

DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 4F 97 EA B0 6B CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.0.4
FF - prefs.js..extensions.enabledItems: offerboxffx@offerbox.com:2.1.3182.77
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\offerboxffx@offerbox.com: C:\Program Files\OfferBox\offerboxffx@offerbox.com [2010/11/21 20:45:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/30 15:37:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/31 14:44:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010/11/24 17:23:39 | 000,000,000 | ---D | M]

[2010/11/08 21:39:17 | 000,000,000 | ---D | M] -- C:\Users\hakim\AppData\Roaming\mozilla\Extensions
[2010/11/08 21:39:17 | 000,000,000 | ---D | M] -- C:\Users\hakim\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/10/31 23:02:30 | 000,000,000 | ---D | M] -- C:\Users\hakim\AppData\Roaming\mozilla\Firefox\Profiles\2d2m7r13.default\extensions
[2010/10/17 06:38:26 | 000,001,832 | ---- | M] () -- C:\Users\hakim\AppData\Roaming\Mozilla\FireFox\Profiles\2d2m7r13.default\searchplugins\bing.xml
[2010/11/24 18:06:35 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010/10/17 22:41:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/11/21 20:45:21 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\ffxtlbr@Facemoods.com
[2010/11/24 18:04:48 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\KavAntiBanner@Kaspersky.ru
[2010/11/24 18:04:48 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\linkfilter@kaspersky.ru
[2010/10/17 22:40:58 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/09/14 22:32:19 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2010/09/14 22:32:19 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/09/14 22:32:19 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2010/09/14 22:32:19 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2010/09/14 22:32:19 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010/11/24 18:06:17 | 000,008,147 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.4 www.total.com
O1 - Hosts: 127.0.0.7 www.friendster.com
O1 - Hosts: 127.0.0.8 www.twitter.com
O1 - Hosts: 127.0.0.10 www.ripway.com
O1 - Hosts: 127.0.0.11 www.rapidshare.com
O1 - Hosts: 127.0.0.12 www.hotfile.com
O1 - Hosts: 127.0.0.13 www.progenic.com
O1 - Hosts: 127.0.0.25 www.esetnod32keys.com
O1 - Hosts: 127.0.0.18 www.freeforums.org
O1 - Hosts: 127.0.0.20 www.fortiguard.com
O1 - Hosts: 127.0.0.21 www.mediafire.com
O1 - Hosts: 127.0.0.22 www.webs.com
O1 - Hosts: 127.0.0.23 www.tumblr.com
O1 - Hosts: 127.0.0.4 www.total.com
O1 - Hosts: 127.0.0.7 www.friendster.com
O1 - Hosts: 127.0.0.8 www.twitter.com
O1 - Hosts: 127.0.0.10 www.ripway.com
O1 - Hosts: 127.0.0.11 www.rapidshare.com
O1 - Hosts: 127.0.0.12 www.hotfile.com
O1 - Hosts: 127.0.0.13 www.progenic.com
O1 - Hosts: 127.0.0.25 www.esetnod32keys.com
O1 - Hosts: 127.0.0.18 www.freeforums.org
O1 - Hosts: 127.0.0.20 www.fortiguard.com
O1 - Hosts: 127.0.0.21 www.mediafire.com
O1 - Hosts: 127.0.0.22 www.webs.com
O1 - Hosts: 261 more lines...
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.3.62.1\facemoods.dll (facemoods.com)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (OfferBox) - {FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} - C:\Program Files\OfferBox\OfferBoxBHO.dll (Secure Digital Services Limited)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKCU..\Run: [codeaudiogen.exe] C:\Users\hakim\AppData\Local\Temp\codeaudiogen.exe (Hijack This)
O4 - Startup: C:\Users\hakim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-wind... (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-wind... (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-wind... (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/24 17:23:21 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2010/11/24 17:23:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010/11/24 17:22:54 | 000,495,192 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010/11/24 17:21:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010/11/24 11:29:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\Bifrost
[2010/11/22 07:37:48 | 000,000,000 | ---D | C] -- C:\Program Files\Dofus 2
[2010/11/21 20:45:21 | 000,000,000 | ---D | C] -- C:\Program Files\facemoods.com
[2010/11/21 20:45:12 | 000,000,000 | ---D | C] -- C:\Users\hakim\AppData\Roaming\OfferBox
[2010/11/21 20:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\OfferBox
[2010/11/21 17:15:04 | 000,000,000 | ---D | C] -- C:\Microsoft Product
[2010/11/21 16:20:34 | 000,000,000 | RHSD | C] -- C:\Windows\Drivers
[2010/11/20 14:53:06 | 000,148,908 | -H-- | C] (Hijack This) -- C:\Windows\codeaudiogen.exe
[2010/11/19 12:01:45 | 000,000,000 | ---D | C] -- C:\Users\hakim\AppData\Roaming\Dofus-4.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/11/11 12:58:28 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/11/10 18:40:16 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/11/10 18:40:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SourceTec
[2010/11/10 18:40:10 | 000,000,000 | ---D | C] -- C:\Program Files\SourceTec
[2010/11/09 19:32:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\java
[2010/11/08 21:42:48 | 000,000,000 | ---D | C] -- C:\Users\hakim\AppData\Local\Shareaza
[2010/11/08 21:42:40 | 000,000,000 | ---D | C] -- C:\Users\hakim\AppData\Roaming\Shareaza
[2010/11/08 21:42:38 | 000,000,000 | ---D | C] -- C:\Program Files\Shareaza
[2010/11/08 21:39:26 | 000,000,000 | ---D | C] -- C:\Users\hakim\Documents\LimeWire
[2010/11/08 21:38:44 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2010/11/06 19:07:09 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Users\hakim\Desktop\osk.exe
[2010/11/05 12:40:01 | 000,000,000 | ---D | C] -- C:\Users\hakim\AppData\Roaming\Dofus-3.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/11/05 11:50:32 | 000,000,000 | ---D | C] -- C:\Users\hakim\AppData\Roaming\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/11/05 07:30:52 | 000,000,000 | ---D | C] -- C:\Users\hakim\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/11/05 07:30:52 | 000,000,000 | ---D | C] -- C:\Users\hakim\AppData\Roaming\app
[2010/11/05 07:30:50 | 000,000,000 | ---D | C] -- C:\Users\hakim\AppData\Roaming\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/11/05 07:30:50 | 000,000,000 | ---D | C] -- C:\Users\hakim\AppData\Roaming\Dofus 2
[2010/11/04 19:50:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/11/04 07:40:48 | 000,000,000 | ---D | C] -- C:\Users\hakim\AppData\Local\Xenocode
[2010/11/03 21:18:04 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle
[2010/11/02 20:09:02 | 000,000,000 | ---D | C] -- C:\Users\hakim\AppData\Roaming\vlc
[2010/11/02 20:08:37 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/11/01 10:36:34 | 001,077,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCTL.OCX
[2010/11/01 10:36:34 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Comdlg32.ocx
[2010/11/01 10:36:34 | 000,109,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mswinsck.ocx
[2010/11/01 10:36:34 | 000,049,152 | ---- | C] (CPAM de Metz) -- C:\Windows\System32\VbHTTPCopy.ocx
[2010/11/01 10:36:34 | 000,045,056 | ---- | C] (CPAM de Metz) -- C:\Windows\System32\HttpCopy_OCX.ocx
[2010/10/31 14:44:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/10/31 14:44:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/10/31 14:44:03 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/10/31 14:41:05 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010/10/31 14:41:05 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/10/31 14:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010/10/31 14:41:00 | 000,000,000 | ---D | C] -- C:\Users\hakim\AppData\Local\Adobe
[2010/10/29 17:15:17 | 000,000,000 | ---D | C] -- C:\Users\hakim\Documents\Navicat
[2010/10/29 12:24:32 | 000,000,000 | ---D | C] -- C:\wamp
[2010/10/29 12:22:54 | 000,000,000 | ---D | C] -- C:\Program Files\PremiumSoft
[2010/10/27 07:04:14 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010/10/27 07:04:14 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010/10/27 07:04:14 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/10/27 07:04:14 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010/10/27 07:04:10 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys

========== Files - Modified Within 30 Days ==========

[2010/11/24 18:11:51 | 000,019,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/24 18:11:51 | 000,019,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/24 18:08:53 | 000,694,766 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/11/24 18:08:53 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/24 18:08:53 | 000,127,478 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/11/24 18:08:53 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/24 18:06:17 | 000,008,147 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/11/24 18:04:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/24 18:04:22 | 1408,933,888 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/24 17:53:38 | 000,860,423 | -H-- | M] () -- C:\Users\hakim\AppData\Roaming\logs.dat
[2010/11/24 17:53:38 | 000,115,965 | -H-- | M] () -- C:\Users\hakim\AppData\Roaming\cglogs.dat
[2010/11/24 17:42:00 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/24 17:24:19 | 000,113,933 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2010/11/24 17:24:19 | 000,097,549 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2010/11/24 17:22:54 | 000,495,192 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010/11/24 16:39:05 | 000,000,008 | ---- | M] () -- C:\Users\hakim\AppData\Roaming\DofusAppId0_2
[2010/11/24 16:33:04 | 000,523,264 | ---- | M] () -- C:\Users\hakim\AppData\Roaming\Hac.k Kamas v3.exe
[2010/11/24 16:31:44 | 000,000,173 | ---- | M] () -- C:\Users\hakim\AppData\Roaming\D2Info0
[2010/11/24 16:28:14 | 000,000,008 | ---- | M] () -- C:\Users\hakim\AppData\Roaming\DofusAppId0_1
[2010/11/24 15:54:36 | 000,001,885 | ---- | M] () -- C:\Users\hakim\Desktop\Mozilla Firefox.lnk
[2010/11/24 12:31:44 | 000,000,008 | ---- | M] () -- C:\Users\hakim\AppData\Roaming\DofusAppId0_3
[2010/11/23 19:51:07 | 000,000,008 | ---- | M] () -- C:\Users\hakim\AppData\Roaming\DofusAppId0_4
[2010/11/22 07:37:49 | 000,001,066 | ---- | M] () -- C:\Users\hakim\Desktop\Dofus 2.lnk
[2010/11/20 14:53:03 | 000,148,908 | -H-- | M] (Hijack This) -- C:\Windows\codeaudiogen.exe
[2010/11/11 11:07:07 | 000,000,974 | ---- | M] () -- C:\Users\hakim\Application Data\Microsoft\Internet Explorer\Quick Launch\Dofus.lnk
[2010/11/10 18:40:17 | 000,000,023 | ---- | M] () -- C:\Windows\SWFDecompiler.INI
[2010/11/10 18:40:13 | 000,001,150 | ---- | M] () -- C:\Users\hakim\Application Data\Microsoft\Internet Explorer\Quick Launch\Sothink SWF Decompiler.lnk
[2010/11/04 18:34:06 | 000,596,093 | ---- | M] () -- C:\Users\hakim\AppData\Roaming\KashimaBot.exe
[2010/11/04 07:40:50 | 000,000,000 | ---- | M] () -- C:\Users\hakim\AppData\Roaming\chrtmp
[2010/11/03 14:42:06 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/11/03 14:42:06 | 000,001,810 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/11/02 20:08:48 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/10/31 14:44:12 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/28 14:32:06 | 000,015,360 | ---- | M] () -- C:\Users\hakim\Documents\newsletter 3.doc

========== Files Created - No Company Name ==========

[2010/11/24 17:24:19 | 000,113,933 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2010/11/24 17:24:19 | 000,097,549 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010/11/24 15:54:36 | 000,001,885 | ---- | C] () -- C:\Users\hakim\Desktop\Mozilla Firefox.lnk
[2010/11/22 07:37:49 | 000,001,066 | ---- | C] () -- C:\Users\hakim\Desktop\Dofus 2.lnk
[2010/11/21 16:14:05 | 000,523,264 | ---- | C] () -- C:\Users\hakim\AppData\Roaming\Hac.k Kamas v3.exe
[2010/11/19 12:01:45 | 000,000,008 | ---- | C] () -- C:\Users\hakim\AppData\Roaming\DofusAppId0_4
[2010/11/11 11:07:07 | 000,000,974 | ---- | C] () -- C:\Users\hakim\Application Data\Microsoft\Internet Explorer\Quick Launch\Dofus.lnk
[2010/11/10 18:40:17 | 000,000,023 | ---- | C] () -- C:\Windows\SWFDecompiler.INI
[2010/11/10 18:40:13 | 000,001,150 | ---- | C] () -- C:\Users\hakim\Application Data\Microsoft\Internet Explorer\Quick Launch\Sothink SWF Decompiler.lnk
[2010/11/05 12:40:01 | 000,000,008 | ---- | C] () -- C:\Users\hakim\AppData\Roaming\DofusAppId0_3
[2010/11/05 11:50:32 | 000,000,008 | ---- | C] () -- C:\Users\hakim\AppData\Roaming\DofusAppId0_1
[2010/11/05 07:30:50 | 000,000,173 | ---- | C] () -- C:\Users\hakim\AppData\Roaming\D2Info0
[2010/11/05 07:30:50 | 000,000,008 | ---- | C] () -- C:\Users\hakim\AppData\Roaming\DofusAppId0_2
[2010/11/04 07:40:50 | 000,000,000 | ---- | C] () -- C:\Users\hakim\AppData\Roaming\chrtmp
[2010/11/04 07:40:48 | 000,596,093 | ---- | C] () -- C:\Users\hakim\AppData\Roaming\KashimaBot.exe
[2010/11/02 20:08:48 | 000,001,024 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/10/31 14:44:12 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/31 14:41:04 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/10/31 14:41:04 | 000,001,810 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/10/29 12:22:58 | 001,589,248 | ---- | C] () -- C:\Windows\System32\libmysql_d.dll
[2010/10/28 20:29:58 | 000,015,360 | ---- | C] () -- C:\Users\hakim\Documents\newsletter 3.doc
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2005/04/08 03:16:43 | 000,860,423 | -H-- | C] () -- C:\Users\hakim\AppData\Roaming\logs.dat
[2005/04/08 03:16:43 | 000,115,965 | -H-- | C] () -- C:\Users\hakim\AppData\Roaming\cglogs.dat

========== LOP Check ==========

[2010/11/05 07:30:52 | 000,000,000 | ---D | M] -- C:\Users\hakim\AppData\Roaming\app
[2010/11/23 20:00:46 | 000,000,000 | ---D | M] -- C:\Users\hakim\AppData\Roaming\Dofus 2
[2010/11/20 15:45:36 | 000,000,000 | ---D | M] -- C:\Users\hakim\AppData\Roaming\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/11/05 12:40:01 | 000,000,000 | ---D | M] -- C:\Users\hakim\AppData\Roaming\Dofus-3.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/11/19 12:01:45 | 000,000,000 | ---D | M] -- C:\Users\hakim\AppData\Roaming\Dofus-4.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/11/20 15:46:07 | 000,000,000 | ---D | M] -- C:\Users\hakim\AppData\Roaming\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/11/23 20:45:49 | 000,000,000 | ---D | M] -- C:\Users\hakim\AppData\Roaming\OfferBox
[2010/10/17 22:42:34 | 000,000,000 | ---D | M] -- C:\Users\hakim\AppData\Roaming\OpenOffice.org
[2010/11/05 07:30:52 | 000,000,000 | ---D | M] -- C:\Users\hakim\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/11/08 21:48:45 | 000,000,000 | ---D | M] -- C:\Users\hakim\AppData\Roaming\Shareaza
[2006/04/01 08:29:27 | 000,000,000 | RHSD | M] -- C:\Users\hakim\AppData\Roaming\zlvp
[2009/07/14 05:53:46 | 000,023,312 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Users\hakim\Downloads:Shareaza.GUID
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:0C1EFF69

< End of report >

Autres pages sur : infecter malgres kaspersky

a c 296 8 Sécurité
24 Novembre 2010 22:35:14

Bonjour,

  • Télécharge Ad-Remover (de C_XX) sur ton Bureau.
  • Déconnecte-toi et ferme toutes applications en cours.
  • Double-clique sur AD-R situé sur ton Bureau pour le lancer.
  • Choisis Nettoyer puis valide.
  • Poste le rapport qui apparaît à la fin (C:\Ad-Report-CLEAN.log).

    (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
    26 Novembre 2010 18:16:56

    Bonsoir et merci de ton aide :
    ======= RAPPORT D'AD-REMOVER 2.0.0.2,B | UNIQUEMENT XP/VISTA/7 =======

    Mis à jour par TeamXscript le 11/11/10 à 11:40
    Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
    Site web: http://www.teamxscript.org

    C:\Program Files\Ad-Remover\main.exe (CLEAN [3]) -> Lancé à 18:10:38 le 26/11/2010, Mode normal

    Microsoft Windows 7 Édition Familiale Premium (X86)
    hakim@HAKIM-PC (Gigabyte Technology Co., Ltd. M61PME-S2)

    ============== ACTION(S) ==============



    (!) -- Fichiers temporaires supprimés.



    ============== SCAN ADDITIONNEL ==============

    ** Mozilla Firefox Version [3.6.12 (fr)] **

    -- C:\Users\hakim\AppData\Roaming\Mozilla\FireFox\Profiles\2d2m7r13.default\Prefs.js --
    browser.download.lastDir, C:\\Users\\hakim\\Pictures
    browser.search.defaultenginename, Bing
    browser.search.defaulturl, hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
    browser.search.selectedEngine, Google
    browser.startup.homepage, hxxp://www.google.fr/
    browser.startup.homepage_override.mstone, rv:1.9.2.12
    keyword.URL, hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=

    ========================================

    ** Internet Explorer Version [8.0.7600.16385] **

    [HKCU\Software\Microsoft\Internet Explorer\Main]
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Do404Search: 0x01000000
    Enable Browser Extensions: yes
    Local Page: C:\Windows\system32\blank.htm
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    Show_ToolBar: yes
    Start Page: hxxp://fr.msn.com/

    [HKLM\Software\Microsoft\Internet Explorer\Main]
    AutoHide: yes
    Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Delete_Temp_Files_On_Exit: yes
    Local Page: C:\Windows\System32\blank.htm
    Search bar: hxxp://search.msn.com/spbasic.htm
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start Page: hxxp://fr.msn.com/

    [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
    Tabs: res://ieframe.dll/tabswelcome.htm
    Blank: res://mshtml.dll/blank.htm

    ========================================

    C:\Program Files\Ad-Remover\Quarantine: 16 Fichier(s)
    C:\Program Files\Ad-Remover\Backup: 16 Fichier(s)

    C:\Ad-Report-CLEAN[1].txt - 26/11/2010 (471 Octet(s))
    C:\Ad-Report-CLEAN[2].txt - 26/11/2010 (4435 Octet(s))
    C:\Ad-Report-CLEAN[3].txt - 26/11/2010 (2452 Octet(s))

    Fin à: 18:12:22, 26/11/2010

    ============== E.O.F ==============
    Contenus similaires
    a c 296 8 Sécurité
    26 Novembre 2010 18:53:37

  • Relance Ad-Remover et choisis Désinstaller.

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher. L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    27 Novembre 2010 11:24:50

    Ok voila ce que sa me donne :


    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Version de la base de données: 5194

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    27/11/2010 11:16:42
    mbam-log-2010-11-27 (11-16-42).txt

    Type d'examen: Examen rapide
    Elément(s) analysé(s): 137324
    Temps écoulé: 8 minute(s), 0 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 5
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 3
    Dossier(s) infecté(s): 1
    Fichier(s) infecté(s): 6

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{r0e1575f-3m8p-0m0m-68o1-f0l73n08lwlv} (Generic.Bot.H) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{9d71d88c-c598-4935-c5d1-43aa4db90836} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9d71d88c-c598-4935-c5d1-43aa4db90836} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\bifrost (Bifrose.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\bifrost (Bifrose.Trace) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.

    Elément(s) de données du Registre infecté(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun (Hijack.Run) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\Windows\System32\Bifrost (Backdoor.Bifrose) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Windows\System32\Update\Microsoft_3569.exe (Generic.Bot.H) -> Quarantined and deleted successfully.
    C:\Users\hakim\AppData\Roaming\Hac.k Kamas v3.exe (PWS.Dybalom) -> Quarantined and deleted successfully.
    C:\Users\hakim\downloads\kamas.exe (Spyware.Onlinegames) -> Quarantined and deleted successfully.
    C:\Windows\System32\Bifrost\logg.dat (Backdoor.Bifrose) -> Quarantined and deleted successfully.
    C:\Users\hakim\AppData\Roaming\cglogs.dat (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Users\hakim\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
    a c 296 8 Sécurité
    27 Novembre 2010 15:36:12

    Le PC va mieux ?

  • Relance MBAM, va dans Quarantaine et supprime tout.

  • Refais un scan OTL et poste le rapport.
    27 Novembre 2010 20:19:29

    Y a moins de pub mais toujours de la lenteur et des crash sur certain logiciel :


    alwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Version de la base de données: 5194

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    27/11/2010 20:19:18
    mbam-log-2010-11-27 (20-19-18).txt

    Type d'examen: Examen rapide
    Elément(s) analysé(s): 137076
    Temps écoulé: 6 minute(s), 3 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)

    a c 296 8 Sécurité
    28 Novembre 2010 16:45:28

    Le scan OTL, c'est ce que tu as fait toi-même au début.
    28 Novembre 2010 23:14:42

    OTL logfile created on: 28/11/2010 23:10:10 - Run 2
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\hakim\Downloads
    Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 61,00% Memory free
    3,00 Gb Paging File | 2,00 Gb Available in Paging File | 69,00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 179,32 Gb Total Space | 146,96 Gb Free Space | 81,95% Space Free | Partition Type: NTFS
    Drive D: | 6,96 Gb Total Space | 1,03 Gb Free Space | 14,72% Space Free | Partition Type: FAT32
    Drive E: | 644,75 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

    Computer Name: HAKIM-PC | User Name: hakim | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
    PRC - C:\Users\hakim\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
    PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
    PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
    PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)


    ========== Modules (SafeList) ==========

    MOD - C:\Users\hakim\Downloads\OTL.exe (OldTimer Tools)
    MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
    MOD - C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky Lab ZAO)
    MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
    MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
    MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
    MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
    MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
    MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
    MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
    MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
    MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
    MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe File not found
    SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
    SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
    SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
    SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
    SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
    SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
    SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
    SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
    SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
    SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
    SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
    SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
    SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
    SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
    SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
    SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
    SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
    SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
    SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
    SRV - (AxInstSV) Programme d’installation ActiveX (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
    SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
    SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
    SRV - (wampmysqld) -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe ()
    SRV - (wampapache) -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe (Apache Software Foundation)


    ========== Driver Services (SafeList) ==========

    DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
    DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
    DRV - (KL1) -- C:\Windows\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO)
    DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
    DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
    DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
    DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
    DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
    DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
    DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
    DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
    DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
    DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
    DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
    DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
    DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
    DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
    DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
    DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
    DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
    DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
    DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
    DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
    DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
    DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
    DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
    DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
    DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
    DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
    DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
    DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
    DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
    DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
    DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
    DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
    DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
    DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
    DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
    DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
    DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
    DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
    DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
    DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
    DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
    DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
    DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
    DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
    DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
    DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
    DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
    DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
    DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
    DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
    DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
    DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
    DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
    DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
    DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
    DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
    DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
    DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
    DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
    DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
    DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
    DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
    DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
    DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
    DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
    DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
    DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
    DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
    DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
    DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 4F 97 EA B0 6B CB 01 [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Bing"
    FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q="
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.0.4
    FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.1.400
    FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400
    FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q="

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/30 15:37:37 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/31 14:44:11 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010/11/24 17:23:39 | 000,000,000 | ---D | M]

    [2010/11/08 21:39:17 | 000,000,000 | ---D | M] -- C:\Users\hakim\AppData\Roaming\mozilla\Extensions
    [2010/11/08 21:39:17 | 000,000,000 | ---D | M] -- C:\Users\hakim\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
    [2010/10/31 23:02:30 | 000,000,000 | ---D | M] -- C:\Users\hakim\AppData\Roaming\mozilla\Firefox\Profiles\2d2m7r13.default\extensions
    [2010/10/17 06:38:26 | 000,001,832 | ---- | M] () -- C:\Users\hakim\AppData\Roaming\Mozilla\FireFox\Profiles\2d2m7r13.default\searchplugins\bing.xml
    [2010/11/28 12:50:01 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
    [2010/10/17 22:41:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/11/21 20:45:21 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\ffxtlbr@Facemoods.com
    [2010/11/24 18:04:48 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\KavAntiBanner@Kaspersky.ru
    [2010/11/24 18:04:48 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\linkfilter@kaspersky.ru
    [2010/10/17 22:40:58 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2010/09/14 22:32:19 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
    [2010/09/14 22:32:19 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
    [2010/09/14 22:32:19 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
    [2010/09/14 22:32:19 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
    [2010/09/14 22:32:19 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

    O1 HOSTS File: ([2010/11/24 19:15:17 | 000,007,048 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.4 www.total.com
    O1 - Hosts: 127.0.0.7 www.friendster.com
    O1 - Hosts: 127.0.0.8 www.twitter.com
    O1 - Hosts: 127.0.0.10 www.ripway.com
    O1 - Hosts: 127.0.0.11 www.rapidshare.com
    O1 - Hosts: 127.0.0.12 www.hotfile.com
    O1 - Hosts: 127.0.0.13 www.progenic.com
    O1 - Hosts: 127.0.0.25 www.esetnod32keys.com
    O1 - Hosts: 127.0.0.18 www.freeforums.org
    O1 - Hosts: 127.0.0.20 www.fortiguard.com
    O1 - Hosts: 127.0.0.21 www.mediafire.com
    O1 - Hosts: 127.0.0.22 www.webs.com
    O1 - Hosts: 127.0.0.23 www.tumblr.com
    O1 - Hosts: 127.0.0.4 www.total.com
    O1 - Hosts: 127.0.0.7 www.friendster.com
    O1 - Hosts: 127.0.0.8 www.twitter.com
    O1 - Hosts: 127.0.0.10 www.ripway.com
    O1 - Hosts: 127.0.0.11 www.rapidshare.com
    O1 - Hosts: 127.0.0.12 www.hotfile.com
    O1 - Hosts: 127.0.0.13 www.progenic.com
    O1 - Hosts: 127.0.0.25 www.esetnod32keys.com
    O1 - Hosts: 127.0.0.18 www.freeforums.org
    O1 - Hosts: 127.0.0.20 www.fortiguard.com
    O1 - Hosts: 127.0.0.21 www.mediafire.com
    O1 - Hosts: 127.0.0.22 www.webs.com
    O1 - Hosts: 281 more lines...
    O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
    O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.3.62.1\facemoods.dll (facemoods.com)
    O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
    O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [HKLM] C:\Windows\System32\Update\Microsoft_3569.exe File not found
    O4 - HKCU..\Run: [codeaudiogen.exe] C:\Users\hakim\AppData\Local\Temp\codeaudiogen.exe File not found
    O4 - HKCU..\Run: [HKCU] C:\Windows\System32\Update\Microsoft_3569.exe File not found
    O4 - Startup: C:\Users\hakim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Windows\system32\Update\Microsoft_3569.exe File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Windows\system32\Update\Microsoft_3569.exe File not found
    O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
    O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
    O9 - Extra Button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
    O9 - Extra Button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
    O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
    O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-wind... (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-wind... (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-wind... (Java Plug-in 1.6.0_20)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky Lab ZAO)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/28 08:39:59 | 000,000,000 | ---D | C] -- C:\Program Files\Serveur Constellation
    [2010/11/26 22:01:38 | 000,000,000 | ---D | C] -- C:\Users\hakim\AppData\Roaming\Malwarebytes
    [2010/11/26 22:01:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/11/26 22:01:28 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/11/26 22:01:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/11/26 22:01:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/11/25 03:01:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
    [2010/11/24 17:23:21 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
    [2010/11/24 17:23:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
    [2010/11/24 17:22:54 | 000,488,024 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
    [2010/11/24 17:21:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
    [2010/11/22 07:37:48 | 000,000,000 | ---D | C] -- C:\Program Files\Dofus 2
    [2010/11/21 20:45:21 | 000,000,000 | ---D | C] -- C:\Program Files\facemoods.com
    [2010/11/21 17:15:04 | 000,000,000 | ---D | C] -- C:\Microsoft Product
    [2010/11/21 16:20:34 | 000,000,000 | RHSD | C] -- C:\Windows\Drivers
    [2010/11/20 14:53:06 | 000,148,908 | -H-- | C] (Hijack This) -- C:\Windows\codeaudiogen.exe
    [2010/11/19 12:01:45 | 000,000,000 | ---D | C] -- C:\Users\hakim\AppData\Roaming\Dofus-4.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
    [2010/11/11 12:58:28 | 000,000,000 | ---D | C] -- C:\Windows\Sun
    [2010/11/10 18:40:16 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
    [2010/11/10 18:40:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SourceTec
    [2010/11/10 18:40:10 | 000,000,000 | ---D | C] -- C:\Program Files\SourceTec
    [2010/11/09 19:32:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\java
    [2010/11/08 21:42:48 | 000,000,000 | ---D | C] -- C:\Users\hakim\AppData\Local\Shareaza
    [2010/11/08 21:42:40 | 000,000,000 | ---D | C] -- C:\Users\hakim\AppData\Roaming\Shareaza
    [2010/11/08 21:42:38 | 000,000,000 | ---D | C] -- C:\Program Files\Shareaza
    [2010/11/08 21:39:26 | 000,000,000 | ---D | C] -- C:\Users\hakim\Documents\LimeWire
    [2010/11/08 21:38:44 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
    [2010/11/06 19:07:09 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Users\hakim\Desktop\osk.exe
    [2010/11/05 12:40:01 | 000,000,000 | ---D | C] -- C:\Users\hakim\AppData\Roaming\Dofus-3.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
    [2010/11/05 11:50:32 | 000,000,000 | ---D | C] -- C:\Users\hakim\AppData\Roaming\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
    [2010/11/05 07:30:52 | 000,000,000 | ---D | C] -- C:\Users\hakim\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
    [2010/11/05 07:30:52 | 000,000,000 | ---D | C] -- C:\Users\hakim\AppData\Roaming\app
    [2010/11/05 07:30:50 | 000,000,000 | ---D | C] -- C:\Users\hakim\AppData\Roaming\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
    [2010/11/05 07:30:50 | 000,000,000 | ---D | C] -- C:\Users\hakim\AppData\Roaming\Dofus 2
    [2010/11/04 19:50:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
    [2010/11/04 07:40:48 | 000,000,000 | ---D | C] -- C:\Users\hakim\AppData\Local\Xenocode
    [2010/11/03 21:18:04 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle
    [2010/11/02 20:09:02 | 000,000,000 | ---D | C] -- C:\Users\hakim\AppData\Roaming\vlc
    [2010/11/02 20:08:37 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
    [2010/11/01 10:36:34 | 001,077,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCTL.OCX
    [2010/11/01 10:36:34 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Comdlg32.ocx
    [2010/11/01 10:36:34 | 000,109,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mswinsck.ocx
    [2010/11/01 10:36:34 | 000,049,152 | ---- | C] (CPAM de Metz) -- C:\Windows\System32\VbHTTPCopy.ocx
    [2010/11/01 10:36:34 | 000,045,056 | ---- | C] (CPAM de Metz) -- C:\Windows\System32\HttpCopy_OCX.ocx
    [2010/10/31 14:44:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
    [2010/10/31 14:44:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
    [2010/10/31 14:44:03 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
    [2010/10/31 14:41:05 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
    [2010/10/31 14:41:05 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
    [2010/10/31 14:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
    [2010/10/31 14:41:00 | 000,000,000 | ---D | C] -- C:\Users\hakim\AppData\Local\Adobe

    ========== Files - Modified Within 30 Days ==========

    [2010/11/28 22:59:03 | 000,000,610 | -HS- | M] () -- C:\Windows\KLIF.spi
    [2010/11/28 11:56:16 | 000,704,242 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
    [2010/11/28 11:56:16 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/11/28 11:56:16 | 000,130,548 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
    [2010/11/28 11:56:16 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/11/28 08:44:03 | 000,000,974 | ---- | M] () -- C:\Users\hakim\Application Data\Microsoft\Internet Explorer\Quick Launch\Dofus.lnk
    [2010/11/28 08:44:03 | 000,000,950 | ---- | M] () -- C:\Users\hakim\Desktop\Dofus.lnk
    [2010/11/28 08:06:44 | 000,019,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/11/28 08:06:44 | 000,019,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/11/28 07:59:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/11/28 07:59:14 | 1408,933,888 | -HS- | M] () -- C:\hiberfil.sys
    [2010/11/27 15:55:17 | 000,000,008 | ---- | M] () -- C:\Users\hakim\AppData\Roaming\DofusAppId0_2
    [2010/11/27 15:53:55 | 000,000,173 | ---- | M] () -- C:\Users\hakim\AppData\Roaming\D2Info0
    [2010/11/27 14:46:53 | 000,000,008 | ---- | M] () -- C:\Users\hakim\AppData\Roaming\DofusAppId0_1
    [2010/11/27 10:56:09 | 000,000,008 | ---- | M] () -- C:\Users\hakim\AppData\Roaming\DofusAppId0_3
    [2010/11/26 22:01:31 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/11/26 01:02:23 | 000,488,024 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
    [2010/11/26 01:02:21 | 000,115,465 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
    [2010/11/26 01:02:21 | 000,097,545 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
    [2010/11/25 17:23:20 | 000,000,724 | ---- | M] () -- C:\Program Files\Bibliothèques - Raccourci.lnk
    [2010/11/24 19:15:17 | 000,007,048 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2010/11/24 19:13:38 | 000,024,165 | ---- | M] () -- C:\Windows\System32\sound.wav
    [2010/11/24 17:42:00 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010/11/23 19:51:07 | 000,000,008 | ---- | M] () -- C:\Users\hakim\AppData\Roaming\DofusAppId0_4
    [2010/11/20 14:53:03 | 000,148,908 | -H-- | M] (Hijack This) -- C:\Windows\codeaudiogen.exe
    [2010/11/10 18:40:17 | 000,000,023 | ---- | M] () -- C:\Windows\SWFDecompiler.INI
    [2010/11/10 18:40:13 | 000,001,150 | ---- | M] () -- C:\Users\hakim\Application Data\Microsoft\Internet Explorer\Quick Launch\Sothink SWF Decompiler.lnk
    [2010/11/04 07:40:50 | 000,000,000 | ---- | M] () -- C:\Users\hakim\AppData\Roaming\chrtmp
    [2010/11/03 14:42:06 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    [2010/11/03 14:42:06 | 000,001,810 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    [2010/11/02 20:08:48 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2010/10/31 14:44:12 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

    ========== Files Created - No Company Name ==========

    [2010/11/28 11:54:27 | 000,000,610 | -HS- | C] () -- C:\Windows\KLIF.spi
    [2010/11/28 08:44:03 | 000,000,974 | ---- | C] () -- C:\Users\hakim\Application Data\Microsoft\Internet Explorer\Quick Launch\Dofus.lnk
    [2010/11/28 08:44:03 | 000,000,950 | ---- | C] () -- C:\Users\hakim\Desktop\Dofus.lnk
    [2010/11/26 22:01:31 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/11/25 17:23:20 | 000,000,724 | ---- | C] () -- C:\Program Files\Bibliothèques - Raccourci.lnk
    [2010/11/24 19:13:38 | 000,024,165 | ---- | C] () -- C:\Windows\System32\sound.wav
    [2010/11/24 17:24:19 | 000,115,465 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
    [2010/11/24 17:24:19 | 000,097,545 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
    [2010/11/19 12:01:45 | 000,000,008 | ---- | C] () -- C:\Users\hakim\AppData\Roaming\DofusAppId0_4
    [2010/11/10 18:40:17 | 000,000,023 | ---- | C] () -- C:\Windows\SWFDecompiler.INI
    [2010/11/10 18:40:13 | 000,001,150 | ---- | C] () -- C:\Users\hakim\Application Data\Microsoft\Internet Explorer\Quick Launch\Sothink SWF Decompiler.lnk
    [2010/11/05 12:40:01 | 000,000,008 | ---- | C] () -- C:\Users\hakim\AppData\Roaming\DofusAppId0_3
    [2010/11/05 11:50:32 | 000,000,008 | ---- | C] () -- C:\Users\hakim\AppData\Roaming\DofusAppId0_1
    [2010/11/05 07:30:50 | 000,000,173 | ---- | C] () -- C:\Users\hakim\AppData\Roaming\D2Info0
    [2010/11/05 07:30:50 | 000,000,008 | ---- | C] () -- C:\Users\hakim\AppData\Roaming\DofusAppId0_2
    [2010/11/04 07:40:50 | 000,000,000 | ---- | C] () -- C:\Users\hakim\AppData\Roaming\chrtmp
    [2010/11/02 20:08:48 | 000,001,024 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2010/10/31 14:44:12 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2010/10/31 14:41:04 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    [2010/10/31 14:41:04 | 000,001,810 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    [2010/10/29 12:22:58 | 001,589,248 | ---- | C] () -- C:\Windows\System32\libmysql_d.dll
    [2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 16 bytes -> C:\Users\hakim\Downloads:Shareaza.GUID
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:0C1EFF69

    < End of report >
    a c 296 8 Sécurité
    29 Novembre 2010 18:10:40

    Tu n'avais pas d'antivirus avant ?
    1 Décembre 2010 16:17:10

    Ouais mais la j'ai tout mes dossier qui se supprime , je les récupères avec la corbeille heureusement .
    Pourtant les pub n'apparaisse plus .
    a c 296 8 Sécurité
    1 Décembre 2010 18:00:10

    Kaspersky ne détecte rien ?
    1 Décembre 2010 23:07:03

    Si mais même si je les supprime , kaspersky m'informe encore du virus en gros il les re détecte la je vais faire un scan du pc .
    a c 296 8 Sécurité
    2 Décembre 2010 01:29:14

    Tu peux me donner plus d'infos genre le nom du fichier détecté, l'emplacement, etc.
    2 Décembre 2010 07:52:25

    C:\Documents and Settings\hakim\AppData\Local\Xenocode\ApplianceCaches\Hack Kamas.exe_v7D9E4FF5\Native\STUBEXE\@APPDATALOCAL@\Xenocode\ApplianceCaches\Hack Kamas.exe_v7D9E4FF5\UserConfig\MODIFIED\@APPDATALOCAL@\Xenocode\ApplianceCaches\KashimaBot.exe_v6E94C804\TheApp\STUBEXE\@APPDATA@\KashimaBot.exe
    5 Décembre 2010 12:28:16

    Tu as pas d'idées ?
    a c 296 8 Sécurité
    5 Décembre 2010 20:41:54

    Il n'est pas capable de les supprimer ?
    a c 296 8 Sécurité
    9 Décembre 2010 21:14:15

    Tu utilises une version d'évaluation de Kaspersky. Pourquoi ne pas utiliser un antivirus gratuit comme AntiVir ?
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS