aymanmomo

Voilà le scan Hijackthis après nettoyage des fichiers temporaires : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:28:16, on 13/08/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\crypserv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Nico\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=dst.emn.fr:3128;http=kgb.emn.fr:3128;https=kgb.emn.fr:443;socks=ftk.emn.fr:1 234 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [JustVoip] "C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe" -nosplash -minimized O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart O4 - Startup: MaxTV.lnk = C:\Program Files\DMV\MaxTV4\maxtv.exe O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\ADS Tech\Instant TV Remote\ADSRMT.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://campus.emn.fr O15 - Trusted Zone: http://cia.emn.fr O15 - Trusted Zone: http://gev.industrie.gouv.fr O17 - HKLM\System\CCS\Services\Tcpip\..\{7107DAF9-A071-4D2B-A102-694B845409E4}: NameServer = 172.16.1.10,193.54.77.78 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 6667 bytes

ComboFix 09-08-10.06 - Nico 12/08/2009 22:11.2.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.502.252 [GMT 2:00] Running from: c:\documents and settings\Nico\Bureau\COlaF.exe Command switches used :: c:\documents and settings\Nico\Bureau\CFScript.txt WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: "c:\documents and settings\nico\msword98.exe" "c:\windows\system32\msword98.exe" . ((((((((((((((((((((((((( Files Created from 2009-07-12 to 2009-08-12 ))))))))))))))))))))))))))))))) . 2009-08-12 18:45 . 2009-08-12 18:45 -------- d-----w- c:\documents and settings\Nico\Application Data\Malwarebytes 2009-08-12 18:45 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-12 18:45 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-12 18:09 . 2009-08-12 18:09 -------- d-----w- c:\windows\system32\wbem\Repository 2009-08-12 18:02 . 2009-08-12 18:07 -------- d-----w- c:\documents and settings\Administrateur\Modèles 2009-08-12 18:02 . 2009-08-12 18:07 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Microsoft 2009-08-12 18:02 . 2009-08-12 18:07 -------- d-s---w- c:\documents and settings\Administrateur 2009-08-12 17:00 . 2009-08-12 17:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-12 17:00 . 2009-08-12 18:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-12 14:05 . 2009-08-12 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-08-12 14:05 . 2009-08-12 14:05 -------- d-----w- c:\program files\Lavasoft 2009-08-09 01:07 . 2009-08-09 01:07 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-09 01:07 . 2009-08-09 01:07 -------- d-----w- c:\program files\MSBuild 2009-08-09 01:07 . 2009-08-09 01:07 -------- d-----w- c:\program files\Reference Assemblies 2009-08-09 01:06 . 2009-08-09 01:07 -------- d-----w- C:\f2b886607bcd4dd4aeaca9 2009-08-09 01:06 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-09 01:06 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-09 01:06 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-09 01:06 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-09 01:06 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-09 01:06 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-09 01:06 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-07-19 20:06 . 2009-07-19 20:06 -------- d-----w- c:\windows\Sun 2009-07-16 22:32 . 2009-07-16 22:32 -------- d-----w- c:\documents and settings\Nico\Local Settings\Application Data\Cooliris 2009-07-16 22:32 . 2009-07-06 20:44 103424 ----a-w- c:\documents and settings\Nico\Application Data\Mozilla\Firefox\Profiles\1cs0ku2w.default\extensions\piclens@cooliris.com\libs\pixomatic.dll 2009-07-16 22:32 . 2009-07-06 20:44 937984 ----a-w- c:\documents and settings\Nico\Application Data\Mozilla\Firefox\Profiles\1cs0ku2w.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe 2009-07-16 22:32 . 2009-07-06 20:44 65536 ----a-w- c:\documents and settings\Nico\Application Data\Mozilla\Firefox\Profiles\1cs0ku2w.default\extensions\piclens@cooliris.com\components\coolirisstub.dll 2009-07-16 22:32 . 2009-07-06 20:44 106496 ----a-w- c:\documents and settings\Nico\Application Data\Mozilla\Firefox\Profiles\1cs0ku2w.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll 2009-07-16 22:32 . 2009-07-06 20:44 4722688 ----a-w- c:\documents and settings\Nico\Application Data\Mozilla\Firefox\Profiles\1cs0ku2w.default\extensions\piclens@cooliris.com\libs\cooliris19.dll 2009-07-16 22:32 . 2009-07-06 20:44 344064 ----a-w- c:\documents and settings\Nico\Application Data\Mozilla\Firefox\Profiles\1cs0ku2w.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-12 20:18 . 2009-05-02 10:57 -------- d-----w- c:\program files\eMule 2009-08-12 20:18 . 2009-05-10 11:19 -------- d-----w- c:\program files\DNA 2009-08-12 20:18 . 2009-05-10 11:19 -------- d-----w- c:\documents and settings\Nico\Application Data\DNA 2009-08-12 18:08 . 2009-05-28 00:11 -------- d-----w- c:\documents and settings\Nico\Application Data\dvdcss 2009-08-12 18:08 . 2009-05-10 11:20 -------- d-----w- c:\documents and settings\Nico\Application Data\BitTorrent 2009-08-12 14:37 . 2004-08-05 12:00 84964 ----a-w- c:\windows\system32\perfc00C.dat 2009-08-12 14:37 . 2004-08-05 12:00 510980 ----a-w- c:\windows\system32\perfh00C.dat 2009-08-12 14:03 . 2009-05-26 10:28 91520 ----a-w- c:\documents and settings\Nico\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-10 17:33 . 2009-04-21 23:32 -------- d-----w- c:\documents and settings\Nico\Application Data\Skype 2009-08-10 16:58 . 2009-04-21 23:38 -------- d-----w- c:\documents and settings\Nico\Application Data\skypePM 2009-07-15 18:09 . 2009-04-23 08:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-07-12 17:17 . 2009-04-21 23:10 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-11 11:20 . 2009-05-22 01:31 -------- d-----w- c:\documents and settings\Nico\Application Data\LimeWire 2009-07-10 23:08 . 2009-07-10 23:08 -------- d-----w- c:\program files\Fichiers communs\DVDVideoSoft 2009-07-10 23:07 . 2009-07-10 23:07 -------- d-----w- c:\program files\DVDVideoSoft 2009-07-05 23:51 . 2009-07-05 23:51 -------- d-----w- c:\documents and settings\Nico\Application Data\Maxwell for Rhino 4 2009-07-03 14:18 . 2009-07-03 14:15 -------- d-----w- c:\documents and settings\Nico\Application Data\JustVoip 2009-07-03 14:13 . 2009-07-03 14:13 -------- d-----w- c:\program files\JustVoip.com 2009-07-03 11:42 . 2009-07-03 11:42 -------- d-----w- c:\program files\TimeAdjuster 2009-06-26 16:50 . 2004-08-05 12:00 670720 ----a-w- c:\windows\system32\wininet.dll 2009-06-26 16:50 . 2004-08-05 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-06-16 14:40 . 2004-08-05 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:40 . 2004-08-05 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-13 15:38 . 2009-06-13 14:48 249856 ------w- c:\windows\Setup1.exe 2009-06-13 15:38 . 2009-06-13 14:48 73216 ----a-w- c:\windows\ST6UNST.EXE 2009-06-03 19:10 . 2004-08-05 12:00 1297408 ----a-w- c:\windows\system32\quartz.dll 2009-05-22 01:18 . 2009-05-22 01:18 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-05-22 01:17 . 2009-05-22 01:17 152576 ----a-w- c:\documents and settings\Nico\Application Data\Sun\Java\jre1.6.0_11\lzma.dll . ((((((((((((((((((((((((((((( SnapShot@2009-08-12_18.25.45 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-12 20:18 . 2009-08-12 20:18 16384 c:\windows\temp\Perflib_Perfdata_6b0.dat + 2009-08-11 02:02 . 2009-08-12 18:58 258048 c:\windows\system32\config\systemprofile\ntuser.dat - 2009-08-11 02:02 . 2009-08-11 02:02 258048 c:\windows\system32\config\systemprofile\ntuser.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-05-10 342848] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "JustVoip"="c:\program files\JustVoip.com\JustVoip\JustVoip.exe" [2008-09-17 8963888] "eMuleAutoStart"="c:\program files\eMule\emule.exe" [2008-05-11 5423104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-02-08 159744] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-12-13 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-12-13 126976] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-09-07 213054] "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-22 136600] "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-08-24 88363] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ TV Remote Control.lnk - c:\program files\ADS Tech\Instant TV Remote\ADSRMT.exe [2009-4-22 73728] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\JustVoip.com\\JustVoip\\JustVoip.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 d344bus;d344bus;c:\windows\system32\drivers\d344bus.sys [01/05/2009 14:39 137216] R0 d344prt;d344prt;c:\windows\system32\drivers\d344prt.sys [01/05/2009 14:39 5248] S3 MODBDA2;DiBcom MOD3000 TV receiver;c:\windows\system32\drivers\modbda2.sys [22/04/2009 03:34 22144] S3 MODLOAD2;DVB-T USB2.0 adapter firmware loader;c:\windows\system32\drivers\modload2.sys [22/04/2009 03:34 16768] . Contents of the 'Scheduled Tasks' folder 2009-08-12 c:\windows\Tasks\Etape_01 CLM Monaco-Monaco (soccers.fr).job - e:\films\Lucky Luciano.avi [2008-08-16 07:59] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.fr/ uInternet Settings,ProxyServer = ftp=dst.emn.fr:3128;http=kgb.emn.fr:3128;https=kgb.emn.fr:443;socks=ftk.emn.fr:1 234 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: emn.fr\campus Trusted Zone: emn.fr\cia Trusted Zone: gouv.fr\gev.industrie TCP: {7107DAF9-A071-4D2B-A102-694B845409E4} = 172.16.1.10,193.54.77.78 FF - ProfilePath - c:\documents and settings\Nico\Application Data\Mozilla\Firefox\Profiles\1cs0ku2w.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr FF - prefs.js: network.proxy.ftp - dst.emn.fr FF - prefs.js: network.proxy.ftp_port - 3128 FF - prefs.js: network.proxy.http - fbi.emn.fr FF - prefs.js: network.proxy.http_port - 3128 FF - prefs.js: network.proxy.socks - ftk.emn.fr FF - prefs.js: network.proxy.socks_port - 1234 FF - prefs.js: network.proxy.ssl - kgb.emn.fr FF - prefs.js: network.proxy.ssl_port - 443 FF - prefs.js: network.proxy.type - 4 FF - component: c:\documents and settings\Nico\Application Data\Mozilla\Firefox\Profiles\1cs0ku2w.default\extensions\piclens@cooliris.com\components\coolirisstub.dll FF - plugin: c:\documents and settings\Nico\Application Data\Mozilla\Firefox\Profiles\1cs0ku2w.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll ---- FIREFOX POLICIES ---- FF - user.js: google.toolbar.linkdoctor.enabled - false . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-12 22:18 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????8?9?8?4??????? ???B???????????????B? ?????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2576) c:\windows\system32\eappprxy.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Crypserv.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\wscntfy.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Completion time: 2009-08-12 22:23 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-12 20:23 ComboFix2.txt 2009-08-12 18:27 Pre-Run: 8 757 829 632 octets libres Post-Run: 8 716 136 448 octets libres 184 --- E O F --- 2009-08-10 01:01

Juste pour information, au moment où j'ai vu que ComboFix ne fonctionnait pas j'ai effectué une restauration système (à la date d'hier), et j'ai ensuite vu le post m'indiquant de renommer l'exécutable... J'ai l'impression de ne pas avoir le virus pour le moment car la croix blanche et rouge qui était en bas me disant que j'étais infecté par un spyware a disparu. Savez-vous si c'est temporaire ou si le virus est toujours présent suivant le rapport que j'ai posté ?

Voilà le rapport : ComboFix 09-08-10.06 - Nico 12/08/2009 20:19.1.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.502.119 [GMT 2:00] Running from: c:\documents and settings\Nico\Bureau\COlaF.exe AV: avast! antivirus 4.7.1043 [VPS 000000-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd c:\documents and settings\Nico\Application Data\wiaserva.log c:\documents and settings\Nico\oashdihasidhasuidhiasdhiashdiuasdhasd c:\windows\cru629.dat c:\windows\system32\cru629.dat . ((((((((((((((((((((((((( Files Created from 2009-07-12 to 2009-08-12 ))))))))))))))))))))))))))))))) . 2009-08-12 18:09 . 2009-08-12 18:09 -------- d-----w- c:\windows\system32\wbem\Repository 2009-08-12 18:02 . 2009-08-12 18:07 -------- d-----w- c:\documents and settings\Administrateur\Modèles 2009-08-12 18:02 . 2009-08-12 18:07 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Microsoft 2009-08-12 18:02 . 2009-08-12 18:07 -------- d-s---w- c:\documents and settings\Administrateur 2009-08-12 17:00 . 2009-08-12 17:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-12 17:00 . 2009-08-12 18:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-12 14:05 . 2009-08-12 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-08-12 14:05 . 2009-08-12 14:05 -------- d-----w- c:\program files\Lavasoft 2009-08-09 01:07 . 2009-08-09 01:07 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-09 01:07 . 2009-08-09 01:07 -------- d-----w- c:\program files\MSBuild 2009-08-09 01:07 . 2009-08-09 01:07 -------- d-----w- c:\program files\Reference Assemblies 2009-08-09 01:06 . 2009-08-09 01:07 -------- d-----w- C:\f2b886607bcd4dd4aeaca9 2009-08-09 01:06 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-09 01:06 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-09 01:06 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-09 01:06 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-09 01:06 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-09 01:06 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-09 01:06 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-07-19 20:06 . 2009-07-19 20:06 -------- d-----w- c:\windows\Sun 2009-07-16 22:32 . 2009-07-16 22:32 -------- d-----w- c:\documents and settings\Nico\Local Settings\Application Data\Cooliris 2009-07-16 22:32 . 2009-07-06 20:44 103424 ----a-w- c:\documents and settings\Nico\Application Data\Mozilla\Firefox\Profiles\1cs0ku2w.default\extensions\piclens@cooliris.com\libs\pixomatic.dll 2009-07-16 22:32 . 2009-07-06 20:44 937984 ----a-w- c:\documents and settings\Nico\Application Data\Mozilla\Firefox\Profiles\1cs0ku2w.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe 2009-07-16 22:32 . 2009-07-06 20:44 65536 ----a-w- c:\documents and settings\Nico\Application Data\Mozilla\Firefox\Profiles\1cs0ku2w.default\extensions\piclens@cooliris.com\components\coolirisstub.dll 2009-07-16 22:32 . 2009-07-06 20:44 106496 ----a-w- c:\documents and settings\Nico\Application Data\Mozilla\Firefox\Profiles\1cs0ku2w.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll 2009-07-16 22:32 . 2009-07-06 20:44 4722688 ----a-w- c:\documents and settings\Nico\Application Data\Mozilla\Firefox\Profiles\1cs0ku2w.default\extensions\piclens@cooliris.com\libs\cooliris19.dll 2009-07-16 22:32 . 2009-07-06 20:44 344064 ----a-w- c:\documents and settings\Nico\Application Data\Mozilla\Firefox\Profiles\1cs0ku2w.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-12 18:22 . 2009-05-10 11:19 -------- d-----w- c:\documents and settings\Nico\Application Data\DNA 2009-08-12 18:12 . 2009-05-02 10:57 -------- d-----w- c:\program files\eMule 2009-08-12 18:12 . 2009-05-10 11:19 -------- d-----w- c:\program files\DNA 2009-08-12 18:08 . 2009-05-28 00:11 -------- d-----w- c:\documents and settings\Nico\Application Data\dvdcss 2009-08-12 18:08 . 2009-05-10 11:20 -------- d-----w- c:\documents and settings\Nico\Application Data\BitTorrent 2009-08-12 14:37 . 2004-08-05 12:00 84964 ----a-w- c:\windows\system32\perfc00C.dat 2009-08-12 14:37 . 2004-08-05 12:00 510980 ----a-w- c:\windows\system32\perfh00C.dat 2009-08-12 14:03 . 2009-05-26 10:28 91520 ----a-w- c:\documents and settings\Nico\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-10 17:33 . 2009-04-21 23:32 -------- d-----w- c:\documents and settings\Nico\Application Data\Skype 2009-08-10 16:58 . 2009-04-21 23:38 -------- d-----w- c:\documents and settings\Nico\Application Data\skypePM 2009-07-15 18:09 . 2009-04-23 08:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-07-12 17:17 . 2009-04-21 23:10 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-11 11:20 . 2009-05-22 01:31 -------- d-----w- c:\documents and settings\Nico\Application Data\LimeWire 2009-07-10 23:08 . 2009-07-10 23:08 -------- d-----w- c:\program files\Fichiers communs\DVDVideoSoft 2009-07-10 23:07 . 2009-07-10 23:07 -------- d-----w- c:\program files\DVDVideoSoft 2009-07-05 23:51 . 2009-07-05 23:51 -------- d-----w- c:\documents and settings\Nico\Application Data\Maxwell for Rhino 4 2009-07-03 14:18 . 2009-07-03 14:15 -------- d-----w- c:\documents and settings\Nico\Application Data\JustVoip 2009-07-03 14:13 . 2009-07-03 14:13 -------- d-----w- c:\program files\JustVoip.com 2009-07-03 11:42 . 2009-07-03 11:42 -------- d-----w- c:\program files\TimeAdjuster 2009-06-26 16:50 . 2004-08-05 12:00 670720 ----a-w- c:\windows\system32\wininet.dll 2009-06-26 16:50 . 2004-08-05 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-06-16 14:40 . 2004-08-05 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:40 . 2004-08-05 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-13 15:38 . 2009-06-13 14:48 249856 ------w- c:\windows\Setup1.exe 2009-06-13 15:38 . 2009-06-13 14:48 73216 ----a-w- c:\windows\ST6UNST.EXE 2009-06-03 19:10 . 2004-08-05 12:00 1297408 ----a-w- c:\windows\system32\quartz.dll 2009-05-22 01:18 . 2009-05-22 01:18 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-05-22 01:17 . 2009-05-22 01:17 152576 ----a-w- c:\documents and settings\Nico\Application Data\Sun\Java\jre1.6.0_11\lzma.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-05-10 342848] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "JustVoip"="c:\program files\JustVoip.com\JustVoip\JustVoip.exe" [2008-09-17 8963888] "eMuleAutoStart"="c:\program files\eMule\emule.exe" [2008-05-11 5423104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-02-08 159744] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-12-13 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-12-13 126976] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-09-07 213054] "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-22 136600] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 79224] "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-08-24 88363] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ TV Remote Control.lnk - c:\program files\ADS Tech\Instant TV Remote\ADSRMT.exe [2009-4-22 73728] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\JustVoip.com\\JustVoip\\JustVoip.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 d344bus;d344bus;c:\windows\system32\drivers\d344bus.sys [01/05/2009 14:39 137216] R0 d344prt;d344prt;c:\windows\system32\drivers\d344prt.sys [01/05/2009 14:39 5248] S3 MODBDA2;DiBcom MOD3000 TV receiver;c:\windows\system32\drivers\modbda2.sys [22/04/2009 03:34 22144] S3 MODLOAD2;DVB-T USB2.0 adapter firmware loader;c:\windows\system32\drivers\modload2.sys [22/04/2009 03:34 16768] . Contents of the 'Scheduled Tasks' folder 2009-08-12 c:\windows\Tasks\Etape_01 CLM Monaco-Monaco (soccers.fr).job - e:\films\Lucky Luciano.avi [2008-08-16 07:59] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.fr/ uInternet Settings,ProxyServer = ftp=dst.emn.fr:3128;http=kgb.emn.fr:3128;https=kgb.emn.fr:443;socks=ftk.emn.fr:1 234 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: emn.fr\campus Trusted Zone: emn.fr\cia Trusted Zone: gouv.fr\gev.industrie TCP: {7107DAF9-A071-4D2B-A102-694B845409E4} = 172.16.1.10,193.54.77.78 FF - ProfilePath - c:\documents and settings\Nico\Application Data\Mozilla\Firefox\Profiles\1cs0ku2w.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr FF - prefs.js: network.proxy.ftp - dst.emn.fr FF - prefs.js: network.proxy.ftp_port - 3128 FF - prefs.js: network.proxy.http - fbi.emn.fr FF - prefs.js: network.proxy.http_port - 3128 FF - prefs.js: network.proxy.socks - ftk.emn.fr FF - prefs.js: network.proxy.socks_port - 1234 FF - prefs.js: network.proxy.ssl - kgb.emn.fr FF - prefs.js: network.proxy.ssl_port - 443 FF - prefs.js: network.proxy.type - 4 FF - component: c:\documents and settings\Nico\Application Data\Mozilla\Firefox\Profiles\1cs0ku2w.default\extensions\piclens@cooliris.com\components\coolirisstub.dll FF - plugin: c:\documents and settings\Nico\Application Data\Mozilla\Firefox\Profiles\1cs0ku2w.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll ---- FIREFOX POLICIES ---- FF - user.js: google.toolbar.linkdoctor.enabled - false . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-12 20:25 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????8?9?8?4??`???? ???B???????????????B? ?????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-08-12 20:27 ComboFix-quarantined-files.txt 2009-08-12 18:27 Pre-Run: 7 667 318 784 octets libres Post-Run: 7 658 795 008 octets libres 165 --- E O F --- 2009-08-10 01:01

Bonsoir, Merci pour ton aide, j'ai téléchargé ComboFix mais après avoir cliqué sur Exécuter il ne se passe rien meme apres redémarrage de l'ordinateur. De meme, mon Antivirus Avast s'est bloqué automatiquement. Que dois-je faire ?

Bonjour, Personne pour m'aider ? Le système commence à s'exciter et une icone "your computer is infected" s'ouvre sans arret. Merci pour vos réponses et de m'indiquer ce que je dois faire...

Bonjour, Depuis ce matin, Avast m'avertit sans arrêt de la présence d'un virus qu'il n peut supprimer : "Un logiciel malveillant a été trouvé, C:\WINDOWS\system32\dllcache\beep.sys" Voici le rapport que me donne HijackThis si cela peut être utile. Merci de votre aide! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:56:19, on 12/08/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\msword98.exe C:\WINDOWS\system32\msword98.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\eMule\emule.exe C:\Documents and Settings\Nico\msword98.exe C:\Documents and Settings\Nico\msword98.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\crypserv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\TEMP\BN10.tmp C:\Program Files\Java\jre6\bin\jucheck.exe C:\WINDOWS\System32\svchost.exe C:\DOCUME~1\Nico\LOCALS~1\Temp\BN11.tmp C:\WINDOWS\System32\svchost.exe C:\DOCUME~1\Nico\LOCALS~1\Temp\BN16.tmp C:\WINDOWS\System32\svchost.exe C:\DOCUME~1\Nico\LOCALS~1\Temp\BN17.tmp C:\WINDOWS\System32\svchost.exe C:\DOCUME~1\Nico\LOCALS~1\Temp\BN18.tmp C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\WINDOWS\system32\NOTEPAD.EXE R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=dst.emn.fr:3128;http=kgb.emn.fr:3128;https=kgb.emn.fr:443;socks=ftk.emn.fr:1 234 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [msword98] C:\WINDOWS\system32\msword98.exe O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [JustVoip] "C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe" -nosplash -minimized O4 - HKCU\..\Run: [msword98] C:\Documents and Settings\Nico\msword98.exe O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart O4 - HKUS\S-1-5-18\..\Run: [braviax] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [braviax] (User 'Default user') O4 - Startup: ikowin32.exe O4 - Startup: MaxTV.lnk = C:\Program Files\DMV\MaxTV4\maxtv.exe O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\ADS Tech\Instant TV Remote\ADSRMT.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://campus.emn.fr O15 - Trusted Zone: http://cia.emn.fr O15 - Trusted Zone: http://gev.industrie.gouv.fr O17 - HKLM\System\CCS\Services\Tcpip\..\{7107DAF9-A071-4D2B-A102-694B845409E4}: NameServer = 172.16.1.10,193.54.77.78 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 6746 bytes