Votre question

[Rapport Hijackthis] Virus qui fait n'importe quoi help!

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
22 Février 2009 17:14:07

Bonjour,

J'ai un virus, que j'ai choper en jouant à Counter-Strike(Si si) pendant le téléchargement des sons, maps etc d'un serveur, du coup, ces saperlopipette ont mis un virus à l'intérieur, AntiVir la détecté mais maintenant il ralentit mon PC, change mon fond d'écran etc...J'ai un rapport Hijackthis, le voici:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:09:01, on 22/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Steam\Steam.exe
C:\Users\Altuner\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\explorer.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Windows\system32\conime.exe
D:\Programmes\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Users\Altuner\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8800
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [Wbutton] C:\Program Files\Launch Manager\WButton.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [recinfo] c:\recinfo\recinfo.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\Altuner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programmes\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{25D04E0C-3424-4FDB-8825-B02E3888AA20}: NameServer = 86.64.145.142,84.103.237.142
O17 - HKLM\System\CS1\Services\Tcpip\..\{25D04E0C-3424-4FDB-8825-B02E3888AA20}: NameServer = 86.64.145.142,84.103.237.142
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Google Update (gupdate1c99444803666e7) (gupdate1c99444803666e7) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Programmes\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

--
End of file - 9480 bytes

Rapport ComboFix:

ComboFix 09-02-21.01 - Altuner 2009-02-22 17:19:09.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2038.999 [GMT 1:00]
Lancé depuis: c:\users\Altuner\Desktop\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\x64
D:\install.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-22 au 2009-02-22 ))))))))))))))))))))))))))))))))))))
.

2009-02-22 11:53 . 2009-02-22 11:54 <REP> d-------- c:\users\Altuner\AppData\Roaming\inSpeak
2009-02-22 11:53 . 2009-02-22 11:53 <REP> d-------- c:\users\All Users\inSpeak
2009-02-22 11:53 . 2009-02-22 11:53 <REP> d-------- c:\programdata\inSpeak
2009-02-22 11:53 . 2009-02-22 11:53 <REP> d-------- c:\program files\inSpeak
2009-02-22 11:53 . 2003-07-16 00:36 168,960 --a------ c:\windows\System32\speex32.acm
2009-02-20 17:05 . 2009-02-20 17:05 <REP> d-------- c:\program files\Patch MsnCreative
2009-02-19 20:58 . 2009-02-19 21:08 <REP> d-------- c:\windows\ulead.dat
2009-02-19 20:58 . 2009-02-19 21:08 89 --a------ c:\windows\ulead32.ini
2009-02-19 20:58 . 2009-02-19 21:08 12 --ah----- c:\windows\uce.dat
2009-02-18 16:01 . 2009-02-18 16:01 <REP> d-------- c:\program files\Microsoft Silverlight
2009-02-18 15:06 . 2009-02-19 12:49 <REP> d--h----- c:\windows\msdownld.tmp
2009-02-18 14:52 . 2009-02-18 14:55 <REP> d-------- c:\users\All Users\WebacamSurveyor
2009-02-18 14:52 . 2009-02-18 14:55 <REP> d-------- c:\programdata\WebacamSurveyor
2009-02-17 13:35 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-17 13:35 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-17 13:35 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-17 13:35 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-17 13:35 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-17 13:35 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-17 13:35 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-17 13:35 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-17 13:30 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-17 13:30 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-17 13:30 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-17 13:30 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-17 13:30 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-17 10:29 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-17 10:29 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-17 10:29 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-17 10:29 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-17 10:29 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-16 22:45 . 2009-02-16 22:45 <REP> d-------- c:\windows\Google Earth Pro 4.2
2009-02-15 00:23 . 2009-02-15 00:23 50 --a------ c:\windows\MegaManager.INI
2009-02-13 17:12 . 2009-02-13 17:14 <REP> d-------- c:\program files\Paint.NET
2009-02-13 12:49 . 2009-02-13 12:49 <REP> d-------- c:\program files\Windows Live SkyDrive
2009-02-11 16:05 . 2009-02-11 16:05 243,712 --ah---t- C:\VAC2.dll
2009-02-11 16:00 . 2009-02-11 16:00 <REP> d-------- C:\GHCSS
2009-02-10 14:16 . 2009-02-10 14:16 <REP> d-------- c:\users\Altuner\AppData\Roaming\MessengerDiscovery 2
2009-02-10 12:21 . 2009-02-10 12:21 <REP> d-------- c:\windows\PaltalkScene
2009-02-10 12:21 . 2009-02-10 19:04 <REP> d-------- c:\users\Altuner\AppData\Roaming\Paltalk
2009-02-10 12:21 . 2009-02-10 12:22 <REP> d-------- c:\program files\Paltalk Messenger
2009-02-08 17:55 . 2009-02-08 17:55 <REP> d-------- c:\program files\Valve
2009-02-07 17:26 . 2009-02-07 17:26 <REP> d-------- c:\users\Altuner\AppData\Roaming\MAGIX
2009-02-07 17:25 . 2009-02-07 17:32 <REP> d-------- c:\users\All Users\MAGIX
2009-02-07 17:25 . 2009-02-07 17:32 <REP> d-------- c:\programdata\MAGIX
2009-02-07 17:25 . 2009-02-07 17:25 <REP> d-------- c:\program files\Common Files\MAGIX Shared
2009-02-07 17:24 . 2007-04-27 09:43 120,200 --a------ c:\windows\System32\DLLDEV32i.dll
2009-02-07 17:23 . 2009-02-10 18:35 <REP> d-------- c:\windows\System32\MAGIX
2009-02-07 17:23 . 2008-04-15 15:14 700,416 --a------ c:\windows\System32\mgxoschk.dll
2009-02-07 17:23 . 2009-02-07 17:26 7,023 --a------ c:\windows\mgxoschk.ini
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\System32\sirenacm.dll
2009-02-06 17:23 . 2009-02-21 18:46 <REP> d-------- c:\users\All Users\Google Updater
2009-02-06 17:23 . 2009-02-21 18:46 <REP> d-------- c:\programdata\Google Updater
2009-02-05 22:31 . 2009-02-05 22:31 27 --a------ c:\windows\ip32chk.bin
2009-02-04 17:53 . 2009-02-04 17:53 <REP> dr------- c:\windows\System32\config\systemprofile\Music
2009-02-03 19:39 . 2009-02-03 19:50 <REP> d-------- c:\users\Altuner\AppData\Roaming\Notepad++
2009-02-02 19:26 . 2009-02-02 19:26 <REP> d--hs---- c:\windows\ftpcache
2009-01-30 17:59 . 2009-02-04 17:19 <REP> d-------- c:\program files\DkZ Studio
2009-01-30 12:06 . 2009-01-30 12:06 <REP> d-------- c:\program files\JRE
2009-01-30 11:55 . 2009-01-30 11:55 <REP> d-------- c:\users\Altuner\AppData\Roaming\SystemRequirementsLab
2009-01-29 23:11 . 2009-02-21 18:04 <REP> d-a------ c:\users\All Users\TEMP
2009-01-29 23:11 . 2009-02-21 18:04 <REP> d-a------ c:\programdata\TEMP
2009-01-28 20:33 . 2006-05-31 20:25 25,088 --a------ c:\windows\System32\msxml3a.dll
2009-01-27 11:44 . 2009-01-27 11:44 <REP> d-------- c:\users\All Users\Avira
2009-01-27 11:44 . 2009-01-27 11:44 <REP> d-------- c:\programdata\Avira
2009-01-25 23:08 . 2009-02-04 22:39 <REP> d-------- c:\program files\MessengerDiscovery
2009-01-25 18:47 . 2009-01-25 18:47 <REP> d-------- c:\users\Altuner\AppData\Roaming\Desktopicon
2009-01-24 20:50 . 2009-01-24 20:50 <REP> d-------- c:\users\Altuner\AppData\Roaming\RayV
2009-01-24 20:50 . 2009-01-24 20:50 <REP> d-------- c:\program files\RayV
2009-01-24 14:37 . 2009-01-24 14:37 45 ---h----- c:\windows\dsys1006.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-22 16:04 --------- d-----w c:\program files\Steam
2009-02-22 15:47 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-02-22 15:12 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-21 18:17 --------- d-----w c:\users\Altuner\AppData\Roaming\LimeWire
2009-02-21 16:50 --------- d-----w c:\program files\Google
2009-02-19 20:08 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-18 13:51 --------- d-----w c:\users\Altuner\AppData\Roaming\Download Manager
2009-02-17 09:23 --------- d-----w c:\program files\Common Files\Steam
2009-02-12 10:20 --------- d-----w c:\program files\Windows Mail
2009-02-11 19:21 566 ----a-w c:\users\Altuner\AppData\Roaming\wklnhst.dat
2009-02-10 21:49 --------- d-----w c:\program files\Common Files\Adobe
2009-02-06 19:11 --------- d-----w c:\users\Altuner\AppData\Roaming\Dev-Cpp
2009-02-06 17:26 --------- d-----w c:\program files\Picasa2
2009-02-02 17:07 --------- d-----w c:\programdata\Microsoft Help
2009-02-01 11:38 --------- d-----w c:\program files\Messenger Plus! Live
2009-01-30 11:06 --------- d-----w c:\program files\OpenOffice.org 3
2009-01-27 15:56 --------- d-----w c:\program files\Common Files\PX Storage Engine
2009-01-23 17:23 --------- d-----w c:\program files\Opera
2009-01-21 21:28 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-21 17:18 --------- d-----w c:\program files\Avira
2009-01-21 11:23 --------- d-----w c:\programdata\TechSmith
2009-01-21 11:23 --------- d-----w c:\program files\TechSmith
2009-01-15 10:05 911,872 ----a-w c:\windows\System32\wininet.dll
2009-01-15 10:05 43,008 ----a-w c:\windows\System32\licmgr10.dll
2009-01-15 10:04 18,944 ----a-w c:\windows\System32\corpol.dll
2009-01-15 10:04 132,096 ----a-w c:\windows\System32\ieUnatt.exe
2009-01-15 10:04 109,568 ----a-w c:\windows\System32\PDMSetup.exe
2009-01-15 10:04 109,056 ----a-w c:\windows\System32\iesysprep.dll
2009-01-15 10:04 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
2009-01-15 10:04 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
2009-01-15 10:04 103,936 ----a-w c:\windows\System32\SetDepNx.exe
2009-01-15 10:03 72,704 ----a-w c:\windows\System32\admparse.dll
2009-01-15 10:03 71,680 ----a-w c:\windows\System32\iesetup.dll
2009-01-15 10:03 66,560 ----a-w c:\windows\System32\wextract.exe
2009-01-15 10:03 420,352 ----a-w c:\windows\System32\vbscript.dll
2009-01-15 10:02 169,472 ----a-w c:\windows\System32\iexpress.exe
2009-01-15 10:01 34,304 ----a-w c:\windows\System32\imgutil.dll
2009-01-15 10:00 48,128 ----a-w c:\windows\System32\mshtmler.dll
2009-01-15 10:00 45,568 ----a-w c:\windows\System32\mshta.exe
2009-01-15 09:50 156,160 ----a-w c:\windows\System32\msls31.dll
2009-01-13 12:59 --------- d-----w c:\users\Altuner\AppData\Roaming\Screaming Bee
2009-01-13 12:59 --------- d-----w c:\programdata\Screaming Bee
2009-01-13 12:59 --------- d-----w c:\program files\Common Files\Screaming Bee
2009-01-03 08:07 81,920 ----a-w c:\windows\System32\frapsvid.dll
2009-01-02 09:25 --------- d-----w c:\programdata\WindowsSearch
2009-01-02 09:14 --------- d-----w c:\programdata\InstallShield
2009-01-01 18:49 --------- d-----w c:\program files\Common Files\INCA Shared
2008-12-29 18:58 --------- d-----w c:\users\Altuner\AppData\Roaming\teamspeak2
2008-12-28 11:20 603,904 ----a-w c:\windows\System32\TUProgSt.exe
2008-12-28 11:20 360,192 ----a-w c:\windows\System32\TuneUpDefragService.exe
2008-12-28 11:20 --------- d-----w c:\program files\TuneUp Utilities 2009
2008-12-25 18:30 --------- d-----w c:\program files\Intel
2008-12-24 22:07 --------- d-----w c:\program files\CCleaner
2008-12-23 16:50 --------- d-----w c:\users\Altuner\AppData\Roaming\Azureus
2008-12-23 16:39 --------- d-----w c:\programdata\Azureus
2008-12-23 13:29 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-23 13:29 --------- d-----w c:\program files\iTunes
2008-12-23 13:28 --------- d-----w c:\programdata\Apple Computer
2008-12-23 13:28 --------- d-----w c:\program files\iPod
2008-12-23 13:28 --------- d-----w c:\program files\Common Files\Apple
2008-12-22 00:06 --------- d-----w c:\users\Altuner\AppData\Roaming\DAEMON Tools Lite
2008-12-16 10:27 993,816 ----a-w c:\windows\System32\igxpun.exe
2008-12-14 15:29 17,140 ----a-w c:\program files\log_cd2.txt
2008-12-11 12:31 27,904 ----a-w c:\windows\System32\uxtuneup.dll
2008-12-11 12:31 17,152 ----a-w c:\windows\System32\authuitu.dll
2008-12-07 08:42 28,756 ----a-w c:\program files\log.txt
2008-12-02 11:49 8,198,680 ----a-w c:\windows\System32\TVWSetup.exe
2008-12-02 11:49 668,696 ----a-w c:\windows\System32\igfxcfg.exe
2008-12-02 11:49 252,952 ----a-w c:\windows\System32\igfxsrvc.exe
2008-12-02 11:49 173,592 ----a-w c:\windows\System32\hkcmd.exe
2008-12-02 11:49 172,568 ----a-w c:\windows\System32\igfxext.exe
2008-12-02 11:49 150,552 ----a-w c:\windows\System32\igfxpers.exe
2008-12-02 11:49 141,848 ----a-w c:\windows\System32\igfxtray.exe
2008-12-02 11:40 155,648 ----a-w c:\windows\System32\igfxCoIn_v1608.dll
2008-12-02 11:33 3,821,568 ----a-w c:\windows\System32\igdumd32.dll
2008-12-02 11:31 1,498,564 ----a-w c:\windows\System32\igkrng400.bin
2008-12-02 11:27 536,576 ----a-w c:\windows\System32\igdumdx32.dll
2008-12-02 11:22 2,580,480 ----a-w c:\windows\System32\igd10umd32.dll
2008-12-02 11:13 4,112,384 ----a-w c:\windows\System32\ig4icd32.dll
2008-12-02 11:13 2,674,688 ----a-w c:\windows\System32\ig4dev32.dll
2008-12-02 11:04 398,336 ----a-w c:\windows\System32\TVWizudlg.exe
2008-12-02 11:03 59,392 ----a-w c:\windows\System32\oemdspif.dll
2008-12-02 11:03 257,536 ----a-w c:\windows\System32\igfxTMM.dll
2008-12-02 11:03 23,552 ----a-w c:\windows\System32\igfxexps.dll
2008-12-02 11:03 200,192 ----a-w c:\windows\System32\igfxpph.dll
2008-12-02 11:03 140,288 ----a-w c:\windows\System32\igfxtvcx.dll
2008-12-02 11:02 94,208 ----a-w c:\windows\System32\hccutils.dll
2008-12-02 11:02 51,712 ----a-w c:\windows\System32\igfxsrvc.dll
2008-12-02 11:02 5,702,656 ----a-w c:\windows\System32\igfxress.dll
2008-12-02 11:02 210,432 ----a-w c:\windows\System32\igfxdev.dll
2008-12-02 11:02 130,048 ----a-w c:\windows\System32\igfxdo.dll
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
2008-10-24 14:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008102420081025\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"recinfo"="c:\recinfo\recinfo.exe" [2008-02-13 52224]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-20 3885408]
"Steam"="c:\program files\steam\steam.exe" [2009-02-16 1410296]
"Google Update"="c:\users\Altuner\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-11-24 133104]
"SpybotSD TeaTimer"="d:\programmes\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-07-26 192512]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-17 102400]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-02 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-02 150552]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 c:\windows\RtHDVCpl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
"fsc-reg"="c:\programdata\fsc-reg\fscreg.exe" [2007-11-08 533264]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-01-28 10950144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.speex32"= speex32.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SnagIt 9.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SnagIt 9.lnk
backup=c:\windows\pss\SnagIt 9.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-12-10 10:02 216520 d:\programmes\DAEMON Tools Lite\daemon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Altuner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1961205223-498375320-3251691742-1000]
"EnableNotificationsRef"=dword:00000003
"EnableNotifications"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{731544C6-0539-4926-88B7-27BB057BAB48}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2D1118CC-7D3B-4116-967D-0A77446FEE30}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4DD0D956-3FC8-4765-A3CE-0ADE0210043F}"= UDP:c:\program files\Steam\Steam.exe:Steam
"{E76CED31-F116-42CE-BB81-249A0CB7F7DA}"= TCP:c:\program files\Steam\Steam.exe:Steam
"{E1E76D77-6726-49B5-AB1C-DC4ECF4FA1E8}"= UDP:c:\program files\VTFEdit\VTFEdit.exe:VTFEdit
"{2CC324A4-BDBD-4A33-9FD4-C903813D503F}"= TCP:c:\program files\VTFEdit\VTFEdit.exe:VTFEdit
"TCP Query User{705FC956-CAEC-41F0-B6C0-39592FD4CF4E}c:\\program files\\steam\\steamapps\\big_next\\condition zero\\hl.exe"= UDP:c:\program files\steam\steamapps\big_next\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{67ED5832-B898-4F1A-894F-F86FCFC2B14D}c:\\program files\\steam\\steamapps\\big_next\\condition zero\\hl.exe"= TCP:c:\program files\steam\steamapps\big_next\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{6DAB8DBB-85F2-4F9C-86B8-483B9E9DE25D}c:\\program files\\steam\\steamapps\\big_next\\day of defeat source\\hl2.exe"= UDP:c:\program files\steam\steamapps\big_next\day of defeat source\hl2.exe:hl2
"UDP Query User{8AA9B7D0-D6A6-404A-9263-2CE928FC7019}c:\\program files\\steam\\steamapps\\big_next\\day of defeat source\\hl2.exe"= TCP:c:\program files\steam\steamapps\big_next\day of defeat source\hl2.exe:hl2
"TCP Query User{846D3F01-8CE2-4F62-9C86-B3579CEE217E}c:\\program files\\steam\\steamapps\\big_next\\source sdk base\\hl2.exe"= UDP:c:\program files\steam\steamapps\big_next\source sdk base\hl2.exe:hl2
"UDP Query User{FCF1AFB8-2379-4699-B473-DE7DE199C55E}c:\\program files\\steam\\steamapps\\big_next\\source sdk base\\hl2.exe"= TCP:c:\program files\steam\steamapps\big_next\source sdk base\hl2.exe:hl2
"TCP Query User{339C96CC-6DA2-4868-9311-27C5583C1CB7}c:\\program files\\steam\\steamapps\\big_next\\insurgency\\hl2.exe"= UDP:c:\program files\steam\steamapps\big_next\insurgency\hl2.exe:hl2
"UDP Query User{86F3CD9F-AB82-4267-B445-DCDD7D6FC40B}c:\\program files\\steam\\steamapps\\big_next\\insurgency\\hl2.exe"= TCP:c:\program files\steam\steamapps\big_next\insurgency\hl2.exe:hl2
"TCP Query User{42215CC0-84F8-4911-81B9-DEB5DD4BD54C}c:\\program files\\steam\\steamapps\\big_next\\half-life 2 deathmatch\\hl2.exe"= UDP:c:\program files\steam\steamapps\big_next\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{3CCA4B74-3C25-4F9D-B66E-31A38D46F142}c:\\program files\\steam\\steamapps\\big_next\\half-life 2 deathmatch\\hl2.exe"= TCP:c:\program files\steam\steamapps\big_next\half-life 2 deathmatch\hl2.exe:hl2
"TCP Query User{BA998EAE-0F89-4989-8751-1AED81D1C437}c:\\program files\\steam\\steamapps\\big_next\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\big_next\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{7CF99DB8-63DA-4EE2-A781-78A41B93A534}c:\\program files\\steam\\steamapps\\big_next\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\big_next\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{92B8BAC5-0ABE-4159-8D89-A2462E779942}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{C5E705CC-EC23-4B72-A4DE-EB3B276B97AE}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"{076ABBBE-B1A5-462E-9886-7E391136E858}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{E97B1177-B87F-464E-8CC7-FC56EE44E570}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{EC26C6FB-E558-43B7-93EA-E0047D148DB9}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{8F403FE3-E2AE-41AF-A11A-230EA9B3ED72}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"TCP Query User{3AAAFA9B-9B79-4525-8F2E-6D2F76855005}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{E9E474AF-7DCB-43D9-9C20-6B5994452119}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{7496CE05-86B3-4217-B0BE-C1819C1B5FE6}c:\\program files\\steam\\steamapps\\big_next\\dedicated server\\hlds.exe"= UDP:c:\program files\steam\steamapps\big_next\dedicated server\hlds.exe:HLDS Launcher
"UDP Query User{71AC98F1-C61F-4B81-B7DA-12447CC49595}c:\\program files\\steam\\steamapps\\big_next\\dedicated server\\hlds.exe"= TCP:c:\program files\steam\steamapps\big_next\dedicated server\hlds.exe:HLDS Launcher
"{9F4529E2-A41A-4009-B794-6381FBA696A3}"= TCP:27015:Serveur CS
"TCP Query User{9B6FBEE3-EC58-4E84-BC5D-80384DEFF03A}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{43C43749-78F1-4A71-92E7-8984E7CC93B1}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{4DE28781-AD95-4A3E-BDA0-895834E786B9}"= UDP:D :\programmes\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
"{57E10B1B-C47D-40A5-B411-E257AA048843}"= TCP:D :\programmes\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)
"TCP Query User{E9240EEC-95F8-4400-8253-78E842D51110}c:\\program files\\steam\\steamapps\\aytac625\\condition zero\\hl.exe"= UDP:c:\program files\steam\steamapps\aytac625\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{0B25262B-5E23-457E-929C-4B068CF0A5BA}c:\\program files\\steam\\steamapps\\aytac625\\condition zero\\hl.exe"= TCP:c:\program files\steam\steamapps\aytac625\condition zero\hl.exe:Half-Life Launcher
"{6AE0CB57-A1F1-44FE-B12F-0A759BD830F0}"= UDP:D :\programmes\Shareaza\Shareaza.exe:Shareaza
"{9446BB86-0A4A-4A1E-83D7-84EAC1BBD6B3}"= TCP:D :\programmes\Shareaza\Shareaza.exe:Shareaza
"{76FD0032-85EF-44ED-A1C7-505184FFCB8A}"= UDP:6346:LocalSubnet:LocalSubnet:shareazaudp
"{420B0FBE-673D-459D-812C-BD86C686BA24}"= TCP:6346:LocalSubnet:LocalSubnet:shareazaudp
"TCP Query User{A9D8D1B8-522C-4340-B42E-1BE619432AF1}d:\\programmes\\emule\\emule.exe"= UDP:D :\programmes\emule\emule.exe:eMule
"UDP Query User{94443ED6-8446-43CA-8F61-2CC7CF66297C}d:\\programmes\\emule\\emule.exe"= TCP:D :\programmes\emule\emule.exe:eMule
"TCP Query User{BA8FBA3A-01D3-491F-98DE-BD0A6F164E07}c:\\users\\altuner\\program files\\dna\\btdna.exe"= UDP:c:\users\altuner\program files\dna\btdna.exe:btdna.exe
"UDP Query User{17A1C803-407D-4687-9D9F-09B14596908E}c:\\users\\altuner\\program files\\dna\\btdna.exe"= TCP:c:\users\altuner\program files\dna\btdna.exe:btdna.exe
"{1C11A7D7-5AF6-4F39-8C06-998E08C7C5A3}"= UDP:c:\program files\DNA\btdna.exe:D NA (TCP-In)
"{11699A49-650A-4B77-ACD1-A4241F4B649E}"= TCP:c:\program files\DNA\btdna.exe:D NA (UDP-In)
"{AC0DE6DC-3F21-4F1E-B628-F32CC3188DDF}"= UDP:c:\program files\DNA\btdna.exe:D NA (TCP-In)
"{C7177C46-1360-4DEA-B427-B117199FC82A}"= TCP:c:\program files\DNA\btdna.exe:D NA (UDP-In)
"{51037744-C87A-4155-AF2C-8553C9FE9706}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{BC728603-75C3-4004-A9D2-0F77243EF382}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{719C33A7-7A46-439A-8D50-51494565D225}"= UDP:c:\program files\DNA\btdna.exe:D NA (TCP-In)
"{EFE558DA-290A-4A47-B1CB-36DA7E675C56}"= TCP:c:\program files\DNA\btdna.exe:D NA (UDP-In)
"{83870AA6-523F-42CF-9CE8-788AC572DC6D}"= UDP:c:\program files\DNA\btdna.exe:D NA (TCP-In)
"{C327CDFA-B89F-4FBF-86D8-FC96FD1595D8}"= TCP:c:\program files\DNA\btdna.exe:D NA (UDP-In)
"{33236A74-E0EB-4D4F-AC3A-A4ADC761E19E}"= UDP:c:\program files\DNA\btdna.exe:D NA (TCP-In)
"{C27482ED-AC13-4049-8188-082C5869FAB6}"= TCP:c:\program files\DNA\btdna.exe:D NA (UDP-In)
"TCP Query User{49DCC726-B626-45F9-B423-5E3F3A441B96}d:\\programmes\\neuftalk\\neuf talk.exe"= UDP:D :\programmes\neuftalk\neuf talk.exe:neuf Talk
"UDP Query User{C4FAAEAB-7D09-4AE8-9AD7-01E38FBC3D45}d:\\programmes\\neuftalk\\neuf talk.exe"= TCP:D :\programmes\neuftalk\neuf talk.exe:neuf Talk
"TCP Query User{0AE71879-FD56-4941-BFDD-49EDEAE9D6CC}c:\\program files\\steam\\steamapps\\big_next\\insurgency dedicated server\\srcds.exe"= UDP:c:\program files\steam\steamapps\big_next\insurgency dedicated server\srcds.exe:srcds
"UDP Query User{933F8F2F-0D12-4EAE-A36E-3B0F211365CA}c:\\program files\\steam\\steamapps\\big_next\\insurgency dedicated server\\srcds.exe"= TCP:c:\program files\steam\steamapps\big_next\insurgency dedicated server\srcds.exe:srcds
"TCP Query User{9E6F3251-836A-4987-96FC-E0859C5A3EB7}c:\\program files\\steam\\steamapps\\big_next\\source dedicated server\\srcds.exe"= UDP:c:\program files\steam\steamapps\big_next\source dedicated server\srcds.exe:srcds
"UDP Query User{FCBC9581-8C4E-4667-B0AE-749CB78FD4DB}c:\\program files\\steam\\steamapps\\big_next\\source dedicated server\\srcds.exe"= TCP:c:\program files\steam\steamapps\big_next\source dedicated server\srcds.exe:srcds
"TCP Query User{46C73FA4-DFF1-4822-92F5-DA4C12795E82}c:\\program files\\paltalk messenger\\paltalk.exe"= UDP:c:\program files\paltalk messenger\paltalk.exe:p altalkScene
"UDP Query User{E900139D-3C20-4F84-9324-204F871A8EF6}c:\\program files\\paltalk messenger\\paltalk.exe"= TCP:c:\program files\paltalk messenger\paltalk.exe:p altalkScene
"TCP Query User{BF17E022-725A-4F89-9A2C-38A4ABEAF636}c:\\program files\\steam\\steamapps\\big_next\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\big_next\counter-strike source\hl2.exe:hl2
"UDP Query User{DBEE32FF-F04D-49A8-87EE-03F6B9FF5E51}c:\\program files\\steam\\steamapps\\big_next\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\big_next\counter-strike source\hl2.exe:hl2
"TCP Query User{BD0304A8-7322-4497-9D25-1DB03D555599}c:\\program files\\steam\\steamapps\\tayfun45\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\tayfun45\counter-strike source\hl2.exe:hl2
"UDP Query User{C06F014B-CA73-4CF5-ACA8-FCC808C34FC1}c:\\program files\\steam\\steamapps\\tayfun45\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\tayfun45\counter-strike source\hl2.exe:hl2

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"d:\\Programmes\\BitTorrent\\bittorrent.exe"= d:\programmes\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 Hotkey;Hotkey;c:\windows\System32\drivers\HOTKEY.sys [2008-07-02 9867]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2008-12-18 603904]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\System32\drivers\ScreamingBAudio.sys [2006-09-28 21920]
R3 tenCapture;tenCapture;c:\windows\System32\drivers\tenCapture.sys [2007-04-21 9344]
R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2008-07-02 118784]
S2 gupdate1c99444803666e7;Service Google Update (gupdate1c99444803666e7);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 133104]
S2 SBSDWSCService;SBSD Security Center Service;d:\programmes\Spybot - Search & Destroy\SDWinSec.exe [2009-02-22 1153368]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-11-02 195752]
S3 ovt530;Webcam Classic;c:\windows\System32\drivers\ov530vid.sys [2008-11-21 161792]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c51bcc9c-a1d8-11dd-bbfe-806e6f6e6963}]
\shell\AutoRun\command - E:\umenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenu du dossier 'Tâches planifiées'

2009-02-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-21 17:45]

2009-02-22 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 17:50]

2009-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1961205223-498375320-3251691742-1000.job
- c:\users\Altuner\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-24 19:08]

2009-02-22 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 15:04]

2009-02-22 c:\windows\Tasks\User_Feed_Synchronization-{643D8D41-70B9-4440-AC4D-D391DCB1C371}.job
- c:\windows\system32\msfeedssync.exe [2009-01-15 11:01]
.
- - - - ORPHELINS SUPPRIMES - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe
HKLM-Run-LaunchAp - c:\program files\Launch Manager\LaunchAp.exe
HKLM-Run-Wbutton - c:\program files\Launch Manager\WButton.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
uInternet Settings,ProxyServer = localhost:8800
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {25D04E0C-3424-4FDB-8825-B02E3888AA20} = 86.64.145.142,84.103.237.142
FF - ProfilePath - c:\users\Altuner\AppData\Roaming\Mozilla\Firefox\Profiles\ddf0gmn1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - google.fr
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
1 fichier(s) déplacé(s).
FF - component: c:\users\Altuner\AppData\Roaming\Mozilla\Firefox\Profiles\ddf0gmn1.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\users\Altuner\AppData\Roaming\Mozilla\Firefox\Profiles\ddf0gmn1.default\extensions\capturefoxmovie@advancity.net\components\test.dll
FF - component: c:\users\Altuner\AppData\Roaming\Mozilla\Firefox\Profiles\ddf0gmn1.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1508.6312\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npmmaud.dll
FF - plugin: c:\program files\Opera\program\plugins\npmmprog.dll
FF - plugin: c:\program files\Opera\program\plugins\npmmvid.dll
FF - plugin: c:\program files\Opera\program\plugins\npmmzip.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\users\Altuner\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\users\Altuner\AppData\Roaming\Mozilla\Firefox\Profiles\ddf0gmn1.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll

---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-22 17:22:26
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CtrlVol = c:\program files\Launch Manager\CtrlVol.exe?????H? ??????? ?`7 ??X?w????????????0???$???????d???4??v???????????wR??w?????? ??? ???????F?4???o??v?? ?????x? ?t???+?A??? ?????J?A?#???????|?????F?$l@?H???????????? A??Q??????J?A?[?@??? ??v@??? ???????@??? ????
LaunchAp = c:\program files\Launch Manager\LaunchAp.exe????H? ??????? ?`7 ??X?w????????????0???$???????d???4??v???????????wR??w?????? ??? ???????F?4???o??v?? ?????x? ?t???+?A??? ?????J?A?#???????|?????F?$l@?H???????????? A??Q??????J?A?[?@??? ??v@??? ???????@??? ????
Wbutton = c:\program files\Launch Manager\WButton.exe?????H? ??????? ?`7 ??X?w????????????0???$???????d???4??v???????????wR??w?????? ??? ???????F?4???o??v?? ?????x? ?t???+?A??? ?????J?A?#???????|?????F?$l@?H???????????? A??Q??????J?A?[?@??? ??v@??? ???????@??? ????

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2009-02-22 17:25:04
ComboFix-quarantined-files.txt 2009-02-22 16:25:02

Avant-CF: 1 017 913 344 octets libres
Après-CF: 576,839,680 octets libres

391 --- E O F --- 2009-02-20 09:30:53

Autres pages sur : rapport hijackthis virus fait importe help

a b 8 Sécurité
22 Février 2009 21:09:12

Bonjour,

Tu as l'emplacement de l'infection ?
22 Février 2009 22:34:43

Bonjour,

Tout d'abord, merci Angeldark d'avoir répondu. Non :(  J'ai cliquez trop vite sur "Mettre en quarantaine" (Un reflex)...Mais, attend ! Si il est en quarantaine, je peut avoir l'emplacement où il est...

Ps: Mince, aujourd'hui j'ai désinstaller AntiVir pour avoir BitDefender, qui ma causez d'énorme problème, puis je suis revenu sur AntiVir, mais plus de quarantaine :( 
a b 8 Sécurité
23 Février 2009 13:26:21

S'ils sont en quarantaine c'est bon.

Sélectionne l'intégralité du cadre ci-dessous :

Folder::
c:\recinfo

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"recinfo"=-
"SpybotSD TeaTimer"=-


  • Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
  • Enregistre le sous sur ton bureau sous le nom de CFScript.txt
  • Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :

  • Cela va relancer Combofix.
  • Tu devras accepter la licence.

    Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.

    Le rapport se trouve ici : %SystemDrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS