Se connecter / S'enregistrer
Votre question

Braviax.exe ? virus immortel( [Hijackthis]

Tags :
  • Hijackthis
  • Sécurité
Dernière réponse : dans Sécurité et virus
6 Février 2008 08:55:29

Bonjour,

ça plusieurs heures que jessaie d'eradiquer un virus de mon pc.

voici le rapport hijack apres avoir fait plusieurs tour en sans echec :
++++++++++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++++++
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:37:00, on 06/02/2008
Platform: Windows XP SP2, v.2149 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2149)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tgaud\Bureau\antivir\HijackTdhis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [braviax] braviax.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O20 - AppInit_DLLs: cru629.dat
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

--
End of file - 1682 bytes
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Le probleme cest que quand je "fix" dans le registre le fichier cru269.dat et un dernier qui apparait (sur un rapport sur deux : braviax.exe)
et voir meme que je vais effacer manuellement ces valeurs dans le registre ET dans les fichiers Windows\ ainsi que Windows\system32\
en mode sans echec d'un reboot sur l'autre, Rien à faire, au prochain redemarrage elles reaparraissent.

(meme la clé CTFMON.EXE present en 4 exemplaire avant je lavais effacé, et un est recféé)


DIAGNOSTIC SYMPTOME :

un faux message popup windows s'affiche dans ma barre des tache me disant "your computer is infected!"
lorsque le lance spydoctor i lme dis qu'un processsus caché existe : braviax.exe
Il bloque au passage mon antivirus AVAST et empeche d'executer les logiciel comme hijackthis à moi de bidouiller en renommant et changeant de place lexecutable etc.


Cela dis j'ai bidouillé et j'ai reussi à les rallumer (bizzarrement ) deux démarrage mode normal, le virus etait absent, mais il est revenu tout seul au demarrage suivant..)
Bref cette "treve" ma permis de lancer des scans avec les dernieres mise a jour d'avast et d'ad aware.
Avast trouve bien les fichier braviax mais ne parviens pas à leffacer, ce que j'ai fait de force avec killbox/ OTmoveIt
Mais il se recré au prochain redemarrage
Ensuite
J'ai essayé en mode sans echec / correction :


Fixewareout.exe
CCleaner.exe (dont le nettoyage de la base)
LopSD
SDfix
Combofix (au passage celui la il a une minibarre de chargement puis ensuite... rien, meme pas une fenetre donc je sais pas si il a fonctionné)
SmitFraudFix
Hijackthis

Ils m'ont trouvé d'autre trojan mais pas celui ci.


Qu'est ce que je peut faire? c'est un nouveau virus?

Autres pages sur : braviax exe virus immortel hijackthis

Anonyme
6 Février 2008 11:10:40

Tu as essayé de désactiver ta restauration système ?

Certains virus se servent de ce programme pour pouvoir se régénérer automatiquement, si tu désactives ta restauration, que tu supprimes à nouveau le virus, tu rebootes, normalement il devrait avoir disparu pour de bon

Petit conseil également: Tu gagnerais à remplacer Avast par Antivir, car Avast ne verrait pas un virus même si tu le lui agitais sous le nez ( Même s'il essaye de rattrapper un peu ses lacunes en matière de détection en trouvant pas mal de faux positifs......... il doit se dire qu'en trouvant des virus qui n'en sont pas, ça compense le fait qu'il ne trouve pas certains virus qui en sont vraiment ) :lol: 

Prends également d'avoir un bon antispyware ( Ce sont les spywares qui commettent le plus de dégats actuellement, plus que les virus )
Je ne sais pas ce que tu as actuellement, mais je te recommande AVG anti spyware, pas de protection résidente, comme tous les gratuits d'ailleurs, mais un bon taux de detection.
En anti spyware gratuit avec protection résidente, il existe bien Spyware Terminator, mais ce dernier jouit d'une réputation assez obscure, donc méfiance ( on l'a soupçonné d'être un rogue pendant un moment )
a b 8 Sécurité
6 Février 2008 13:39:56

Poste pour suivre.
Contenus similaires
8 Février 2008 08:58:30

Bonjour

Mon ordinateur vient également d'être infecté par Braviax.

Au départ il s'allumait et s'éteignait "en boucle" donc j'ai eu peur d'avoir perdu toutes mes données.

En mode sans échec j'ai réussi à supprimer des fichiers braviax et cru29...dès lors il m'a été possible d'accéder à ma session en mode normal.

A présent je peux utiliser mon ordinateur mais les fichiers cru29 sont réapparus dans windows et dans windows system32...

Comment faire pour éradiquer totalement ce virus? Y a t il des alternatives au reformatage? quels sont les risques actuels pour mon ordinateur?

J'ai bien lu le conseil de Shamrock mais comment fait on pour bloquer la restauration du système? Est ce efficace Tgaud?

Ci joint le rapport Deckard System Scanner

Merci par avance pour les conseils que vous pourrez me donner...je précise que je ne suis pas une pro de l'informatique!!!



Deckard's System Scanner v20071014.68
Run by Administrateur on 2008-02-08 00:02:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 4 Restore Point(s) --
4: 2008-02-07 22:52:00 UTC - RP1042 - Deckard's System Scanner Restore Point
3: 2008-02-07 19:14:39 UTC - RP1041 - Point de vérification système
2: 2008-02-05 13:02:38 UTC - RP1040 - Point de vérification système
1: 2008-02-05 12:21:36 UTC - RP1039 - Point de vérification système


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-08 00:08:52
Platform: Windows XP Service Pack 1 (5.01.2600)
MSIE: Internet Explorer (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\NMSSvc.Exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\mHotkey.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVComS.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrateur\Bureau\scan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/fr/srchasst/srchcust.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar4.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [NvCplScan] nvsc32.exe
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\RunServices: [NvCplScan] nvsc32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MediaDico] C:\Program Files\Micro Application\MediaDICO\MediaDICO.exe Lancement
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NvCplScan] nvsc32.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [braviax] C:\WINDOWS\System32\braviax.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [NvCplScan] nvsc32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [NvCplScan] nvsc32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [NvCplScan] nvsc32.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [NvCplScan] nvsc32.exe (User 'Default user')
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Interface Chat Voila () - http://chat14.x-echo.com/version5/Applet/vchatsign.cab
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/fhg.CAB
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/direc...
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/importer/MypixUploader.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab301...
O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (PIXACO Drag and Drop upload plugin) - http://www.pixaco.fr/static/download/pixacodndupload.ca...
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yins...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com//tools/activex/fpu.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypixmania.com/importer/MypixUploader.cab
O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmt.bouyguestelecom.fr/mmawap/jsp/composer/playe...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoways.com/clients/ImageUploader3.cab
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
O16 - DPF: {D27CDB55-0000-0000-0000-000000000000} () - http://download.macromedia.com/pub/shockwave/cabs/flash...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash...
O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - http://www.fnacmusic.com/telechargementFnacmusic/FnacCo...
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/...
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader_s...
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{EB07C399-42B2-496F-AADD-21B5DFF7A80A}: NameServer = 212.151.136.242 212.151.137.170
O18 - Protocol: bw+0 - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {ca72c391-3e6b-498c-a4b1-ddcd14f763ea} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: offline-8876480 - {CA72C391-3E6B-498C-A4B1-DDCD14F763EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\cru629.dat
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Labs - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.Exe
O23 - Service: Service Messenger Sharing Folders USN Journal Reader (usnjsvc) - Unknown owner - C:\Program Files\MSN


--
End of file - 26204 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 AFS2K - c:\windows\system32\drivers\afs2k.sys <Not Verified; Oak Technology Inc.; AFS>
R1 Klmc - c:\windows\system32\drivers\klmc.sys <Not Verified; Kaspersky Labs; Kaspersky Anti-Virus Personal>
R3 NMSCFG (NIC Management Service Configuration Driver) - c:\windows\system32\drivers\nmscfg.sys <Not Verified; Intel Corporation; Intel(R) NMSCFG Driver>
R3 Stmatm (ATM/ADSL miniport) - c:\windows\system32\drivers\stmatm.sys <Not Verified; STMicroelectronics; Unicorn ADSL>
R3 TaurusUsb (ADSL Modem USB Service) - c:\windows\system32\drivers\torususb.sys

S3 GMSIPCI - e:\install\gmsipci.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 NMSSvc (Intel(R) NMS) - c:\windows\system32\nmssvc.exe <Not Verified; Intel Corporation; NMS>

S2 kavsvc - c:\program files\kaspersky lab\kaspersky anti-virus personal\kavsvc.exe <Not Verified; Kaspersky Labs; Kaspersky Anti-Virus Personal>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Device
Device ID: PCI\VEN_8086&DEV_2551&SUBSYS_25518086&REV_03\3&13C0B0C5&0&01
Manufacturer:
Name: PCI Device
PNP Device ID: PCI\VEN_8086&DEV_2551&SUBSYS_25518086&REV_03\3&13C0B0C5&0&01
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1039&SUBSYS_10398086&REV_82\4&1A671D0C&0&40F0
Manufacturer: Intel
Name: Intel(R) PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1039&SUBSYS_10398086&REV_82\4&1A671D0C&0&40F0
Service: E100B

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Contrôleur de bus SM
Device ID: PCI\VEN_8086&DEV_24C3&SUBSYS_71101462&REV_02\3&13C0B0C5&0&FB
Manufacturer:
Name: Contrôleur de bus SM
PNP Device ID: PCI\VEN_8086&DEV_24C3&SUBSYS_71101462&REV_02\3&13C0B0C5&0&FB
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-01-20 15:56:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-01-08 and 2008-02-08 -----------------------------

2008-02-08 00:01:42 11264 --a------ C:\WINDOWS\System32\braviax.exe
2008-02-08 00:01:41 11264 --a------ C:\WINDOWS\braviax.exe
2008-02-07 23:02:37 16384 --a------ C:\WINDOWS\System32\suspend.exe
2008-02-07 23:02:37 80 --a------ C:\WINDOWS\System32\suspend.bin
2008-02-07 23:02:34 16384 --a------ C:\WINDOWS\System32\nod32se.exe
2008-02-07 22:59:11 0 d-------- C:\Documents and Settings\Administrateur\.housecall6.6
2008-02-07 22:41:34 6144 --a------ C:\WINDOWS\cru629.dat
2008-02-07 21:01:53 6144 --a------ C:\WINDOWS\System32\cru629.dat
2008-01-21 15:37:56 0 d-------- C:\Program Files\Téléchargement PHOTOWAYS


-- Find3M Report ---------------------------------------------------------------

2008-02-08 00:02:48 6656 --a------ C:\WINDOWS\System32\users32.dat
2008-02-07 22:31:11 0 d-------- C:\Program Files\MSN Messenger
2008-02-07 22:29:55 0 d-------- C:\Program Files\MSN Apps


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [07/01/2003 11:09 C:\WINDOWS\SOUNDMAN.EXE]
"CHotkey"="mHotkey.exe" [05/07/2002 16:37 C:\WINDOWS\mHotkey.exe]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [10/12/2002 17:54]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [10/12/2002 18:32]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [10/12/2002 18:31]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [17/12/2002 11:40]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" [11/03/2003 11:08]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [02/12/2002 20:56]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [03/06/2002 11:38]
"AdslTaskBar"="stmctrl.dll" [19/09/2003 12:24 C:\WINDOWS\system32\stmctrl.dll]
"NvCplScan"="nvsc32.exe" []
"KAVPersonal50"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" [18/04/2004 14:44]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [01/07/2005 11:35]
"SemanticInsight"="C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [13/04/2005 03:48]
"YeppStudioAgent"="C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [12/09/2005 14:21]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/09/2006 14:57]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [12/09/2006 00:58]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [17/10/2006 02:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [29/08/2002 11:45]
"MediaDico"="C:\Program Files\Micro Application\MediaDICO\MediaDICO.exe" [17/01/2001 18:45]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" []
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" []
"NvCplScan"="nvsc32.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [17/07/2007 22:02]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [19/01/2007 12:55]
"braviax"="C:\WINDOWS\System32\braviax.exe" [08/02/2008 00:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"NvCplScan"=nvsc32.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"NvCplScan"=nvsc32.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
"NvCplScan"=nvsc32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\cru629.dat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

*Newly Created Service* - NMSCFG



-- End of Deckard's System Scanner: finished at 2008-02-08 00:10:52 ------------
a b 8 Sécurité
8 Février 2008 13:24:42

Re,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS