nuage orangé

Cette fois je n'ai pas réussi à suivre tes instructions : Rien n'apparait dans Full Path of file to delete, peut-être parce que j'ai déjà supprimé ces deux fichiers manuellement ? J'ai refais un scan Panda, il n'y a plus que des cookies : Incident Statut Analyse Spyware:Cookie/2o7 No Désinfecté C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@2o7[2].txt Spyware:Cookie/Advertising No Désinfecté C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@advertising[1].txt Spyware:Cookie/Falkag No Désinfecté C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@as1.falkag[1].txt Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@atdmt[2].txt Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@bluestreak[1].txt Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@doubleclick[1].txt Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@weborama[2].txt Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@xiti[1].txt Voili, voilou

Bonjour, bonjour... C'est l'histoire de deux PC qui tournent sous XP pro. L'un avec le service pack 1, l'autre avec le service pack 2. Appelons les SP1 et SP2. SP2 partageait sa connexion internet sans (trop de) problèmes, quand un jour leurs utilisateurs décident, pour des raisons ininteressantes, de changer d'ordi hôte. SP1 récupère le carte réseau PCI et deviens l'hôte. Mais il est beaucoup moins doué : SP2 perd constamment l'accès à internet, alors les utilisateurs n'en finissent plus d'exécuter l'assistant de configuration de réseau domestique, de redémarrer tout le monde... Parfois, SP1 déclare qu'il est impossible de terminer l'assistant, alors les utilisateurs bidouillent des ponts réseaux manuellement sur SP1, lesquels fonctionnent... quelques minutes, quelques heures tout au plus. SP2 continue de perdre sa connexion. C'est alors que SP1 est contaminé. Un grand merci à Tornado, extrem member du forum sécurité, qui a été un docteur patient et efficace. J'en arrive à mon problème. Nous avons décidé que, SP1 guéri, il ne fallait plus l'embêter à lui faire partager une connexion. La carte résau PCI est retournée chez SP2. Tout s'est bien passé côté SP2. Connexion partagée, pont réseau activé, etc... Par contre, SP1 ne peut plus teminer l'assistant de configuration et surtout, les propriétés avancées de la connexion au réseau local ne sont plus accessibles. A la place, windows m'indique que les information WMI (infrastructures de gestion windows) sont probablement endommagées. Il conseille d'utiliser la restauration systeme, mais de multiples tentatives n'ont rien changé. Autre solution : arrêter le service en question (infrastructure... ) et supprimmer les fichiers dans C:\WINDOWS\System32\Wbem avant de redémarrer. Ne marche pas non plus. Je m'excuse d'être si long, je devine que toutes les infos ne sont pas utiles, mais il m'a semblé important de décrire le problème avec un maximum de détail car le partage de connexion est déjà beaucoup traité dans de nombreux forums mais je n'y ai pas trouvé de réponse à mon problème. J'arrive à créer des pont réseau sans l'assistant de configuration côté hôte, mais je ne sais pas, sans cet assistant, indiquer une passerelle à l'ordi qui sera client de la connexion. Pouvez-vous m'aider à rétablir mon réseau domestique ?

Hello, Tornado ! Dois-je m'inquiéter ? J'ai effacé Keyboard11.dat, puis relancé Panda. Il trouve quelques cookies et... Keyboard21.dat. (Rapport ActiveScan3.txt) Je le supprime, m'en vais travailler et, ce matin, je relance Panda : ce dernier détecte quelques cookies supplémentaires et... Newname.dat ! (Rapport ActiveScan4.txt). Tu constatera comme moi que ces fichiers exaspérants semblent provenir du même adware "dollaravenue", mais je ne sais pas ce qu'est un Adware... Enfin, je dois tout de même saluer l'efficacité de tes consignes : plus de run32.dll à fermer avant l'arrêt de windows, plus de fenêtres intempestives... Bravo, bravo ! A propos de mon histoire de WMI, c'est apparu recemment mais je ne pense pas que cela soit lié aux virus. Comme je l'expliquait au début du "topic" j'ai déplacé une carte réseau PCI d'un ordi à l'autre et changé d'ordinateur "hôte" de connexion internet. Il y en a un qui a perdu ses petits dans l'affaire, et trouvé la vérole aussi. Je pense que les deux choses sont survenues en même temps, c"est tout. La configuration réseau sous XP est très capricieuse, il suffit pour en juger de mesurer le nombre de topic dans les forums à ce sujet... Je vais suivre ton conseil et consulter un spécialiste... Au fait, voici les deux rapports Panda, j'ai failli oublier ! Rapport ActiveScan3.txt Incident Statut Analyse Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@bluestreak[1].txt Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@doubleclick[1].txt Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@xiti[1].txt Adware:adware/dollarrevenue No Désinfecté C:\WINDOWS\keyboard21.dat ______________________________________________________________________________________ Rapport ActiveScan4.txt Incident Statut Analyse Spyware:Cookie/2o7 No Désinfecté C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@2o7[2].txt Spyware:Cookie/Advertising No Désinfecté C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@advertising[1].txt Spyware:Cookie/Falkag No Désinfecté C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@as1.falkag[1].txt Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@atdmt[2].txt Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@bluestreak[1].txt Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@doubleclick[1].txt Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@weborama[2].txt Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@xiti[1].txt Adware:adware/dollarrevenue No Désinfecté C:\WINDOWS\newname.dat

J'ai appliqué les consignes quand même... voici le rapport Panda : Incident Statut Analyse Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@xiti[1].txt Adware:adware/dollarrevenue No Désinfecté C:\WINDOWS\keyboard11.dat Ca fait drôle de poster un si petit rapport. J'ai besoin d'un conseil qui n'a peut-être rien à voir avec la désinfection : les propriétés avancées de ma connexion réseau (où l'on désactive le pare-feu windows et on active le partage de connexion, notamment) sont devenues inaccessibles. Les information de "l'infrastructures de gestion windows"(WMI) pourraient être endomagées, qu'il me dit... Est-ce que ça te parle ? Y'a-t-il un forum plus adapté à ce problème ?

Salut Tornado, Il y a un point obscure au tout début de tes consignes : - A l'installation, décoche les "deux cases" dans la fenêtre "additional options" (protection en temps réel) - Fais la mise à jour à quel logiciel cela s'applique-t-il ? Je crois reconnaitre les instructions pour Ewido mais tu n'en parle pas dans ta réponse et les trois logiciels que j'ai téléchargé ne m'ont pas proposer de telles cases...

Merci pour cette bonne nouvelle, Tornado. Antivir a encore détecté du ConHook ce matin, hélas je n'ai pas noté le nom du fichier ni son chemin et je ne m'en rappelle plus, évidemment. Panda a trouvé des indésirables aussi, voici le rapport, et un grand merci pour le guidage ! Incident Statut Analyse Virus:W32/Sdbot.GSX.worm Désinfecté C:\!KillBox\wlib32.dll Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Nuage Orangé\Bureau\l2mfix\Process.exe Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Nuage Orangé\Bureau\l2mfix.exe[Process.exe] Spyware:Cookie/Adrevolver No Désinfecté C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@adrevolver[1].txt Spyware:Cookie/Adrevolver No Désinfecté C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@adrevolver[2].txt Spyware:Cookie/Adtech No Désinfecté C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@adtech[2].txt Spyware:Cookie/Advertising No Désinfecté C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@advertising[1].txt Spyware:Cookie/Apmebf No Désinfecté C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@apmebf[1].txt Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@atdmt[2].txt Spyware:Cookie/Atwola No Désinfecté C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@atwola[2].txt Spyware:Cookie/Banner No Désinfecté C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@banner[1].txt Spyware:Cookie/Belnk No Désinfecté C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@belnk[1].txt Spyware:Cookie/Beweb No Désinfecté C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@beweb[2].txt Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@bluestreak[2].txt Spyware:Cookie/Cgi-bin No Désinfecté C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@cgi-bin[4].txt Spyware:Cookie/Belnk No Désinfecté C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@dist.belnk[2].txt Spyware:Cookie/DomainSponsor No Désinfecté C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@domainsponsor[2].txt Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@doubleclick[1].txt Spyware:Cookie/fe.lea.lycos No Désinfecté C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@fe.lea.lycos[1].txt Spyware:Cookie/FortuneCity No Désinfecté C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@fortunecity[1].txt Spyware:Cookie/Humanclick No Désinfecté C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@hc2.humanclick[1].txt Spyware:Cookie/DomainSponsor No Désinfecté C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@landing.domainsponsor[2].txt Spyware:Cookie/MetriWeb No Désinfecté C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@metriweb[2].txt Spyware:Cookie/RealMedia No Désinfecté C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@realmedia[2].txt Spyware:Cookie/Reliablestats No Désinfecté C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@stats1.reliablestats[2].txt Spyware:Cookie/Toplist No Désinfecté C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@toplist[1].txt Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@weborama[2].txt Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@xiti[2].txt Adware:Adware/Sqwire No Désinfecté C:\Program Files\Fichiers communs\uwuk\uwukd\uwukc.dll Adware:adware/dollarrevenue No Désinfecté C:\WINDOWS\gimmygames.dat Adware:Adware/ISearch No Désinfecté C:\WINDOWS\Q29jb3R0ZQ\kZ63valXtk.vbs Virus:Bck/Sdbot.GVG Désinfecté C:\WINDOWS\system32\a.exe Virus:W32/Sdbot.GTJ.worm Désinfecté C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IY5L8YGP\rp5[1].exe Adware:Adware/DollarRevenue No Désinfecté C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PQ9V15SF\gimmysmileys1[1].exe Virus:Bck/Sdbot.GVG Désinfecté C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UUSFPHH5\rp5[1].exe Adware:Adware/CommAd No Désinfecté C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YXV0WBI7\installer[1].exe Virus:Trj/Qhost.gen Désinfecté C:\WINDOWS\system32\drivers\etc\hosts.20060311-140732.backup Outil indésirable:Application/Killapp.D No Désinfecté C:\WINDOWS\system32\knlps.sys Outil indésirable:Application/Killapp.D No Désinfecté C:\WINDOWS\system32\ksat.bat Outil indésirable:Application/Processor No Désinfecté C:\WINDOWS\system32\Process.exe Virus:W32/Sdbot.GRF.worm Désinfecté C:\WINDOWS\system32\sshost.exe Adware:Adware/Look2Me No Désinfecté C:\WINDOWS\system32\__delete_on_reboot__guard.tmp Adware:Adware/CommAd No Désinfecté C:\WINDOWS\Temp\cmdinst.exe Virus:Bck/Sdbot.GVG Désinfecté C:\WINDOWS\win32ssr.exe

Salut Tornado, content de te relire Au démarrage, après l'execution (c'est le terme qui convient !) de VundoFix, Antivir a détecté U.exe, dont je parlais plus haut (il était apparu sous C:\) comme étant un troyen et l'a éffacé après confirmation... Voici le rapport VundoFix : VundoFix V4.2.35 Checking Java version... Java version is 1.4.2.2 Scan started at 13:45:05 21/03/2006 Listing files found while scanning.... C:\WINDOWS\System32\awtqo.dll C:\WINDOWS\System32\ssqpq.dll C:\WINDOWS\System32\qpqss.ini C:\WINDOWS\System32\qpqss.bak1 C:\WINDOWS\System32\qpqss.bak2 C:\WINDOWS\System32\awtqo.dll C:\WINDOWS\system32\qpqss.bak1 C:\WINDOWS\system32\qpqss.bak2 C:\WINDOWS\system32\qpqss.ini C:\WINDOWS\system32\ssqpq.dll Attempting to delete C:\WINDOWS\System32\awtqo.dll C:\WINDOWS\System32\awtqo.dll Has been deleted! Attempting to delete C:\WINDOWS\System32\ssqpq.dll C:\WINDOWS\System32\ssqpq.dll Has been deleted! Attempting to delete C:\WINDOWS\System32\qpqss.ini C:\WINDOWS\System32\qpqss.ini Has been deleted! Attempting to delete C:\WINDOWS\System32\qpqss.bak1 C:\WINDOWS\System32\qpqss.bak1 Has been deleted! Attempting to delete C:\WINDOWS\System32\qpqss.bak2 C:\WINDOWS\System32\qpqss.bak2 Has been deleted! Performing Repairs to the registry. Done! ________________________________________________ ------------------------------------------------------------------- Et celui de HighjackThis! : Logfile of HijackThis v1.99.1 Scan saved at 13:47:43, on 21/03/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE C:\Program Files\Logitech\ImageStudio\LogiTray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr-be\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://camera1.mairie-brest.fr/activex/AxisCamControl.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by104fd.bay104.hotmail.msn.com/activex/HMAtchmt.ocx O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe __________________________________________________________________ -------------------------------------------------------------------------------------------- Alors, alors ?????!!!!!!

Salut did71, salut Qc001 L'est têtu l'animal, alors... Voici le résultat de Look2Me-Destoyer : (J'avais une méchante envie de le faire tourner 2, 3, 12 fois !) Look2Me-Destroyer V1.0.11 Scanning for infected files..... Scan started at 21/03/2006 12:10:10 Infected! C:\WINDOWS\system32\m2julc191f.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP236\A0025197.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP236\A0025201.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP236\A0025212.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP236\A0025213.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP236\A0025214.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP236\A0026215.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP236\A0026218.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP236\A0026225.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP236\A0026229.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0026237.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0026241.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0026246.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0026254.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0026258.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0026262.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0026266.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0027272.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0027281.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0027288.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0027297.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0027306.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0027317.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0027327.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0027335.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0027344.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0027349.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP241\A0028022.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP241\A0028027.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP243\A0028280.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP243\A0028287.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP243\A0028334.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP243\A0028344.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0029348.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0029349.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0029359.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0029365.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0029366.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0029371.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0029373.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0029378.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0029379.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0029467.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0029472.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0030465.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0031465.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0031468.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0031473.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0031478.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0031497.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0031502.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP245\A0031511.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP245\A0031516.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP245\A0031560.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP245\A0031565.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP245\A0031566.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP245\A0031574.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP245\A0031578.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP245\A0031583.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031592.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031605.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031606.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031607.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031608.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031609.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031610.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031611.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031612.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031614.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031615.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031616.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031617.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031618.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031619.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031620.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031621.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031622.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031623.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031624.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031625.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031626.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031627.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031628.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031629.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031630.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031631.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031632.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031633.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031634.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031638.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031643.dll Infected! C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031649.dll Infected! C:\WINDOWS\system32\j26m0cj1efo.dll Infected! C:\WINDOWS\system32\m2julc191f.dll Infected! C:\WINDOWS\system32\m4nq0e55eh.dll Infected! C:\WINDOWS\system32\mfglibnt.dll Infected! C:\WINDOWS\System32\guard.tmp Attempting to delete infected files... Attempting to delete: C:\WINDOWS\system32\m2julc191f.dll C:\WINDOWS\system32\m2julc191f.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP236\A0025197.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP236\A0025197.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP236\A0025201.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP236\A0025201.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP236\A0025212.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP236\A0025212.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP236\A0025213.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP236\A0025213.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP236\A0025214.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP236\A0025214.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP236\A0026215.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP236\A0026215.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP236\A0026218.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP236\A0026218.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP236\A0026225.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP236\A0026225.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP236\A0026229.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP236\A0026229.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0026237.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0026237.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0026241.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0026241.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0026246.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0026246.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0026254.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0026254.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0026258.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0026258.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0026262.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0026262.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0026266.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0026266.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0027272.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0027272.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0027281.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0027281.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0027288.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0027288.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0027297.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0027297.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0027306.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0027306.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0027317.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0027317.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0027327.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0027327.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0027335.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0027335.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0027344.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0027344.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0027349.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP237\A0027349.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP241\A0028022.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP241\A0028022.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP241\A0028027.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP241\A0028027.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP243\A0028280.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP243\A0028280.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP243\A0028287.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP243\A0028287.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP243\A0028334.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP243\A0028334.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP243\A0028344.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP243\A0028344.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0029348.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0029348.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0029349.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0029349.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0029359.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0029359.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0029365.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0029365.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0029366.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0029366.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0029371.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0029371.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0029373.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0029373.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0029378.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0029378.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0029379.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0029379.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0029467.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0029467.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0029472.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0029472.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0030465.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0030465.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0031465.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0031465.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0031468.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0031468.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0031473.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0031473.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0031478.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0031478.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0031497.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0031497.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0031502.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP244\A0031502.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP245\A0031511.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP245\A0031511.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP245\A0031516.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP245\A0031516.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP245\A0031560.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP245\A0031560.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP245\A0031565.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP245\A0031565.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP245\A0031566.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP245\A0031566.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP245\A0031574.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP245\A0031574.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP245\A0031578.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP245\A0031578.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP245\A0031583.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP245\A0031583.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031592.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031592.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031605.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031605.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031606.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031606.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031607.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031607.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031608.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031608.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031609.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031609.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031610.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031610.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031611.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031611.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031612.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031612.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031614.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031614.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031615.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031615.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031616.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031616.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031617.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031617.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031618.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031618.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031619.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031619.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031620.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031620.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031621.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031621.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031622.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031622.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031623.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031623.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031624.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031624.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031625.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031625.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031626.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031626.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031627.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031627.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031628.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031628.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031629.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031629.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031630.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031630.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031631.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031631.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031632.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031632.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031633.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031633.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031634.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031634.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031638.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031638.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031643.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031643.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031649.dll C:\System Volume Information\_restore{136C5466-F3F8-4F82-841C-9911E07DB5B7}\RP246\A0031649.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\j26m0cj1efo.dll C:\WINDOWS\system32\j26m0cj1efo.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\m2julc191f.dll C:\WINDOWS\system32\m2julc191f.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\m4nq0e55eh.dll C:\WINDOWS\system32\m4nq0e55eh.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\mfglibnt.dll C:\WINDOWS\system32\mfglibnt.dll Deleted successfully! Attempting to delete: C:\WINDOWS\System32\guard.tmp C:\WINDOWS\System32\guard.tmp Deleted successfully! Making registry repairs. Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\App Paths Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{6FB95584-FE3C-4D1C-9607-5D9869C82E3A}" HKCR\Clsid\{6FB95584-FE3C-4D1C-9607-5D9869C82E3A} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{281536A5-0465-46BA-9534-F5FCB795BEE5}" HKCR\Clsid\{281536A5-0465-46BA-9534-F5FCB795BEE5} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D41B46FB-5FEE-4F41-AF32-246B0F67AB5E}" HKCR\Clsid\{D41B46FB-5FEE-4F41-AF32-246B0F67AB5E} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{20511396-502F-4499-9109-5E8455FD6BDA}" HKCR\Clsid\{20511396-502F-4499-9109-5E8455FD6BDA} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{54323473-7319-4FC6-86D4-666DCB271230}" HKCR\Clsid\{54323473-7319-4FC6-86D4-666DCB271230} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{45408DF0-377A-4285-8CB4-454EAEB0D259}" HKCR\Clsid\{45408DF0-377A-4285-8CB4-454EAEB0D259} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{968D80D3-2DEF-4FD6-9010-3BFC704A9F53}" HKCR\Clsid\{968D80D3-2DEF-4FD6-9010-3BFC704A9F53} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{F4BE27E2-3DC6-4675-AE14-68820E51CC34}" HKCR\Clsid\{F4BE27E2-3DC6-4675-AE14-68820E51CC34} Restoring Windows certificates. Replaced hosts file with default windows hosts file ___________________________________________________ ----------------------------------------------------------------------- Et puis le HijackThis III : Logfile of HijackThis v1.99.1 Scan saved at 12:24:36, on 21/03/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE C:\Program Files\Logitech\ImageStudio\LogiTray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {20D57A66-F7DF-467d-907B-9B7F4A118AB7} - C:\WINDOWS\System32\awtqo.dll O2 - BHO: WTLHelper Object - {6D33B121-5C4C-4450-9D1F-7B67085CC199} - C:\WINDOWS\System32\ssqpq.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr-be\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://camera1.mairie-brest.fr/activex/AxisCamControl.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by104fd.bay104.hotmail.msn.com/activex/HMAtchmt.ocx O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: awtqo - C:\WINDOWS\SYSTEM32\awtqo.dll O20 - Winlogon Notify: ssqpq - C:\WINDOWS\System32\ssqpq.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe _____________________________________________________________ ------------------------------------------------------------------------------------- Merci pour votre aide... et à tout bientôt !!!

C'est du boulot, mais ça va, c'est très clair Juste une question : connaissez-vous le U.exe qui est apparu sous C:\ ? Et voici le fruit du travail : _____________ Rapport L2Mfix : _____________ L2mfix 010406 Creating Account. La commande s'est termin‚e correctement. Adding Administrative privleges. Checking for L2MFix account(0=no 1=yes): 1 Granting SeDebugPrivilege to L2MFIX ... successful Checking for L2MFix account(0=no 1=yes): 0 Zipping up files for submission: zip warning: name not matched: dlls\*.* zip error: Nothing to do! (backup.zip) adding: backregs/notibac.reg (164 bytes security) (deflated 88%) _____________ Rapport Ewido : _____________ --------------------------------------------------------- ewido anti-malware - Rapport de scan --------------------------------------------------------- + Créé le: 18:09:37, 20/03/2006 + Somme de contrôle: D50501B5 + Résultats du scan: [788] C:\WINDOWS\system32\ctfgnt.dll -> Adware.Look2Me : Erreur durant le nettoyage [1028] C:\WINDOWS\system32\guard.tmp -> Adware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@247realmedia[2].txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@2o7[1].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@ad.adocean[2].txt -> TrackingCookie.Adocean : Nettoyer et sauvegarder C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Nettoyer et sauvegarder C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@adtech[2].txt -> TrackingCookie.Adtech : Nettoyer et sauvegarder C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@advertising[1].txt -> TrackingCookie.Advertising : Nettoyer et sauvegarder C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@as-us.falkag[2].txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@as1.falkag[2].txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@bfast[2].txt -> TrackingCookie.Bfast : Nettoyer et sauvegarder C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@burstnet[2].txt -> TrackingCookie.Burstnet : Nettoyer et sauvegarder C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@casalemedia[2].txt -> TrackingCookie.Casalemedia : Nettoyer et sauvegarder C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@casinotropez[2].txt -> TrackingCookie.Casinotropez : Nettoyer et sauvegarder C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@com[1].txt -> TrackingCookie.Com : Nettoyer et sauvegarder C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Nettoyer et sauvegarder C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyer et sauvegarder C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@e-2dj6wfmiondpwdo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Nettoyer et sauvegarder C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@edge.ru4[1].txt -> TrackingCookie.Ru4 : Nettoyer et sauvegarder C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@estat[1].txt -> TrackingCookie.Estat : Nettoyer et sauvegarder C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Nettoyer et sauvegarder C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@ivwbox[1].txt -> TrackingCookie.Ivwbox : Nettoyer et sauvegarder C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@microsoftwga.112.2o7[2].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@overture[1].txt -> TrackingCookie.Overture : Nettoyer et sauvegarder C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@perf.overture[1].txt -> TrackingCookie.Overture : Nettoyer et sauvegarder C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@promo.casinotropez[1].txt -> TrackingCookie.Casinotropez : Nettoyer et sauvegarder C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@questionmarket[1].txt -> TrackingCookie.Questionmarket : Nettoyer et sauvegarder C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@revenue[1].txt -> TrackingCookie.Revenue : Nettoyer et sauvegarder C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@sel.as-eu.falkag[1].txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Nettoyer et sauvegarder C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@statcounter[2].txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Nettoyer et sauvegarder C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@weborama[1].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder C:\Documents and Settings\Nuage Orangé\Cookies\nuage orangé@zedo[1].txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder C:\Documents and Settings\Nuage Orangé\Local Settings\Temp\mryaph.dll -> Backdoor.Agent.po : Nettoyer et sauvegarder C:\Documents and Settings\Nuage Orangé\Local Settings\Temp\owjolbgc.dll -> Backdoor.Agent.po : Nettoyer et sauvegarder C:\Documents and Settings\Nuage Orangé\Local Settings\Temp\qqcmjar.dll -> Backdoor.Agent.po : Nettoyer et sauvegarder C:\Documents and Settings\Nuage Orangé\Local Settings\Temp\sgixqek.dll -> Backdoor.Agent.po : Nettoyer et sauvegarder C:\Program Files\whInstall -> Adware.Webhancer : Nettoyer et sauvegarder C:\Program Files\whInstall\license.txt -> Adware.Webhancer : Nettoyer et sauvegarder C:\Program Files\whInstall\readme.txt -> Adware.Webhancer : Nettoyer et sauvegarder C:\Program Files\whInstall\Sporder.dll -> Adware.Webhancer : Nettoyer et sauvegarder C:\Program Files\whInstall\webhdll.dll -> Adware.Webhancer : Nettoyer et sauvegarder C:\Program Files\whInstall\whAgent.exe -> Adware.Webhancer : Nettoyer et sauvegarder C:\Program Files\whInstall\whAgent.ini -> Adware.Webhancer : Nettoyer et sauvegarder C:\Program Files\whInstall\whiehlpr.dll -> Adware.Webhancer : Nettoyer et sauvegarder C:\Program Files\whInstall\whInstaller.exe -> Adware.Webhancer : Nettoyer et sauvegarder C:\Program Files\whInstall\whSurvey.exe -> Adware.Webhancer : Nettoyer et sauvegarder C:\WINDOWS\Q29jb3R0ZQ\asappsrv.dll -> Adware.CommAd : Nettoyer et sauvegarder C:\WINDOWS\Q29jb3R0ZQ\command.exe -> Adware.CommAd : Nettoyer et sauvegarder C:\WINDOWS\system32\avvvu.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\awtqo.dll -> Downloader.ConHook.y : Nettoyer et sauvegarder C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IY5L8YGP\newname2[1].exe -> Downloader.Adload.aa : Nettoyer et sauvegarder C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IY5L8YGP\rp5[2].exe -> Backdoor.Aimbot.cs : Nettoyer et sauvegarder C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IY5L8YGP\ucmoreiex[1].exe/UCMTSAIE.DLL -> Adware.Ucmore : Nettoyer et sauvegarder C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IY5L8YGP\ucmoreiex[1].exe/IUCMORE.DLL -> Adware.Ucmore : Nettoyer et sauvegarder C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PQ9V15SF\WHCC2[1].exe/whAgent.exe -> Adware.WebHancer : Nettoyer et sauvegarder C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UUSFPHH5\Installer[2].exe -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\dhser.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\dlscript.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\dnl6013se.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\fbe.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\FhsVpn.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\guard.tmp -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\Gu[5]Cci.x -> Worm.Randon.a : Nettoyer et sauvegarder C:\WINDOWS\system32\hrn2055oe.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\hrr6059se.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\ifdrv.dll -> Backdoor.Agent.po : Nettoyer et sauvegarder C:\WINDOWS\system32\imsmsnap.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\jtlq0735e.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\kfdfc.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\kfdfi.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\krdbr.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\ktjml7111.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\kyd106.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\Lcwvc12n.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\lnpsd13n.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\LRUI2RC.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\mkgsvc.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\mv4ol9h31.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\mxjet40.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\mydrv.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\nktman.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\nqwrscs.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\pynppagn.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\q4680ejueho80.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\s4pule791h.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\smc.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\ssqpq.dll -> Adware.Virtumonde : Nettoyer et sauvegarder C:\WINDOWS\system32\xysp1res.dll -> Adware.Look2Me : Nettoyer et sauvegarder ::Fin du rapport REMARQUE : Je ne sais pas si c'est indiqué dans le rapport, mais deux fichiers infectés se trouvaient dans un fichier compressés dans un dossier "internet temporary files". Les fichiers compressés ont été supprimés après que Ewido en ait demandé confirmation. _________________ Rapport HijackThis! : (tout neuf) _________________ Logfile of HijackThis v1.99.1 Scan saved at 18:20:51, on 20/03/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE C:\Program Files\Logitech\ImageStudio\LogiTray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {20D57A66-F7DF-467d-907B-9B7F4A118AB7} - C:\WINDOWS\System32\awtqo.dll O2 - BHO: WTLHelper Object - {6D33B121-5C4C-4450-9D1F-7B67085CC199} - C:\WINDOWS\System32\ssqpq.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr-be\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://camera1.mairie-brest.fr/activex/AxisCamControl.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by104fd.bay104.hotmail.msn.com/activex/HMAtchmt.ocx O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: App Paths - C:\WINDOWS\system32\m2julc191f.dll O20 - Winlogon Notify: awtqo - C:\WINDOWS\SYSTEM32\awtqo.dll O20 - Winlogon Notify: ssqpq - C:\WINDOWS\System32\ssqpq.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe J'ai l'intuition qu'il y a encore quelques amis dont on se passerait bien dans ce rapport, non ?

Bonjour à tous, merci pour vos réponses si rapides et veuillez excuser le temps que le premier concerné met à donner des nouvelles, je travaille souvent les week-end. Voici le rapport L2MFix : L2MFIX find log 010406 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtqo] "Asynchronous"=dword:00000001 "DllName"="awtqo.dll" "Impersonate"=dword:00000000 "Logon"="Logon" "Logoff"="Logoff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqpq] "Asynchronous"=dword:00000001 "DllName"="C:\\WINDOWS\\System32\\ssqpq.dll" "Impersonate"=dword:00000000 "Startup"="SysLogon" "Logoff"="SysLogoff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WebCheck] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\hp2023fmg.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{636D13BE-FBF8-53F4-38AA-2A9F10B2F2AF}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia" "{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage ?cran du Panneau de configuration" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo" "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="?tat du t‚l‚chargement" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="?num‚rateur d'applications install‚es" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class" "{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper" "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer" "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu" "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu" "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension" "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web" "{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler" "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler" "{B446400D-0030-457b-8F64-422A19605186}"="Logitech Gallery" "{6FB95584-FE3C-4D1C-9607-5D9869C82E3A}"="" "{281536A5-0465-46BA-9534-F5FCB795BEE5}"="" "{D41B46FB-5FEE-4F41-AF32-246B0F67AB5E}"="" "{20511396-502F-4499-9109-5E8455FD6BDA}"="" "{54323473-7319-4FC6-86D4-666DCB271230}"="" "{45408DF0-377A-4285-8CB4-454EAEB0D259}"="" "{968D80D3-2DEF-4FD6-9010-3BFC704A9F53}"="" "{F4BE27E2-3DC6-4675-AE14-68820E51CC34}"="" "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"="Shell Extension for Malware scanning" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{6FB95584-FE3C-4D1C-9607-5D9869C82E3A}] @="" "IDEx"="ADDR" [HKEY_CLASSES_ROOT\CLSID\{6FB95584-FE3C-4D1C-9607-5D9869C82E3A}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{6FB95584-FE3C-4D1C-9607-5D9869C82E3A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{6FB95584-FE3C-4D1C-9607-5D9869C82E3A}\InprocServer32] @="blank" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{281536A5-0465-46BA-9534-F5FCB795BEE5}] @="" "IDEx"="ADDR" [HKEY_CLASSES_ROOT\CLSID\{281536A5-0465-46BA-9534-F5FCB795BEE5}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{281536A5-0465-46BA-9534-F5FCB795BEE5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{281536A5-0465-46BA-9534-F5FCB795BEE5}\InprocServer32] @="blank" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{D41B46FB-5FEE-4F41-AF32-246B0F67AB5E}] @="" [HKEY_CLASSES_ROOT\CLSID\{D41B46FB-5FEE-4F41-AF32-246B0F67AB5E}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{D41B46FB-5FEE-4F41-AF32-246B0F67AB5E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{D41B46FB-5FEE-4F41-AF32-246B0F67AB5E}\InprocServer32] @="C:\\WINDOWS\\system32\\mkgsvc.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{20511396-502F-4499-9109-5E8455FD6BDA}] @="" [HKEY_CLASSES_ROOT\CLSID\{20511396-502F-4499-9109-5E8455FD6BDA}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{20511396-502F-4499-9109-5E8455FD6BDA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{20511396-502F-4499-9109-5E8455FD6BDA}\InprocServer32] @="blank" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{54323473-7319-4FC6-86D4-666DCB271230}] @="" [HKEY_CLASSES_ROOT\CLSID\{54323473-7319-4FC6-86D4-666DCB271230}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{54323473-7319-4FC6-86D4-666DCB271230}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{54323473-7319-4FC6-86D4-666DCB271230}\InprocServer32] @="C:\\WINDOWS\\system32\\nqwrscs.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{45408DF0-377A-4285-8CB4-454EAEB0D259}] @="" [HKEY_CLASSES_ROOT\CLSID\{45408DF0-377A-4285-8CB4-454EAEB0D259}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{45408DF0-377A-4285-8CB4-454EAEB0D259}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{45408DF0-377A-4285-8CB4-454EAEB0D259}\InprocServer32] @="C:\\WINDOWS\\system32\\Lcwvc12n.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{968D80D3-2DEF-4FD6-9010-3BFC704A9F53}] @="" [HKEY_CLASSES_ROOT\CLSID\{968D80D3-2DEF-4FD6-9010-3BFC704A9F53}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{968D80D3-2DEF-4FD6-9010-3BFC704A9F53}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{968D80D3-2DEF-4FD6-9010-3BFC704A9F53}\InprocServer32] @="C:\\WINDOWS\\system32\\xysp1res.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{F4BE27E2-3DC6-4675-AE14-68820E51CC34}] @="" [HKEY_CLASSES_ROOT\CLSID\{F4BE27E2-3DC6-4675-AE14-68820E51CC34}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{F4BE27E2-3DC6-4675-AE14-68820E51CC34}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{F4BE27E2-3DC6-4675-AE14-68820E51CC34}\InprocServer32] @="C:\\WINDOWS\\system32\\wqnipsec.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ avsda.dll Thu 23 Feb 2006 10:22:32 A.... 57 344 56,00 K avvvu.dll Wed 15 Mar 2006 14:07:40 ..S.R 234 189 228,70 K awtqo.dll Fri 10 Feb 2006 13:31:34 ..... 38 925 38,01 K dhser.dll Wed 15 Mar 2006 21:49:38 ..S.R 235 198 229,68 K dlscript.dll Fri 17 Mar 2006 16:38:24 ..S.R 234 728 229,23 K dnl601~1.dll Tue 14 Mar 2006 16:27:34 ..S.R 234 272 228,78 K fbe.dll Wed 15 Mar 2006 13:28:34 ..S.R 235 367 229,85 K hp2023~1.dll Sun 19 Mar 2006 13:57:40 ..S.R 235 937 230,41 K hrn205~1.dll Fri 17 Mar 2006 17:23:20 ..S.R 233 693 228,21 K hrr605~1.dll Tue 14 Mar 2006 15:08:16 ..S.R 235 923 230,39 K ifdrv.dll Wed 15 Mar 2006 13:29:22 ..SH. 28 920 28,24 K imsmsnap.dll Wed 15 Mar 2006 14:09:26 ..S.R 234 728 229,23 K jtlq07~1.dll Tue 14 Mar 2006 14:58:54 ..S.R 234 809 229,30 K kfdfc.dll Wed 15 Mar 2006 2:00:10 ..S.R 236 024 230,49 K kfdfi.dll Wed 15 Mar 2006 1:26:36 ..S.R 236 631 231,08 K krdbr.dll Fri 17 Mar 2006 16:46:24 ..S.R 233 438 227,96 K ktjml7~1.dll Wed 15 Mar 2006 0:46:48 ..S.R 235 306 229,79 K ktlql7~1.dll Mon 20 Mar 2006 13:10:24 ..S.R 233 914 228,43 K kyd106.dll Wed 15 Mar 2006 1:13:16 ..S.R 235 931 230,40 K lcwvc12n.dll Wed 15 Mar 2006 1:00:14 ..S.R 235 931 230,40 K lnpsd13n.dll Tue 14 Mar 2006 16:31:30 ..S.R 235 809 230,28 K lrui2rc.dll Wed 15 Mar 2006 0:46:48 ..S.R 234 189 228,70 K mfc71u.dll Thu 23 Feb 2006 10:22:32 A.... 1 047 552 1023,00 K mkgsvc.dll Tue 14 Mar 2006 16:18:38 ..S.R 234 272 228,78 K msvcr71.dll Thu 23 Feb 2006 10:22:32 A.... 348 160 340,00 K mv4ol9~1.dll Thu 16 Mar 2006 2:07:06 ..S.R 236 077 230,54 K mxjet40.dll Wed 15 Mar 2006 12:17:16 ..S.R 234 189 228,70 K mydrv.dll Fri 17 Mar 2006 17:54:02 ..S.R 233 438 227,96 K nqwrscs.dll Wed 15 Mar 2006 0:48:24 ..S.R 234 189 228,70 K pynppagn.dll Wed 15 Mar 2006 1:42:36 ..S.R 234 189 228,70 K q4680e~1.dll Fri 17 Mar 2006 17:09:10 ..S.R 234 302 228,81 K s4pule~1.dll Tue 14 Mar 2006 14:58:58 ..S.R 236 246 230,71 K sirenacm.dll Tue 24 Jan 2006 19:34:24 A.... 118 784 116,00 K ssqpq.dll Sat 11 Mar 2006 2:13:22 ..SH. 577 588 564,05 K wlib32.dll Fri 10 Mar 2006 12:46:06 ..SH. 25 824 25,22 K wqnipsec.dll Mon 20 Mar 2006 13:11:14 ..S.R 235 937 230,41 K xysp1res.dll Wed 15 Mar 2006 1:10:58 ..S.R 235 912 230,38 K 37 items found: 37 files (32 H/S), 0 directories. Total of file sizes: 9 057 865 bytes 8,64 M Locate .tmp files: C:\WINDOWS\SYSTEM32\ atmtdd~1.tmp Wed 15 Mar 2006 12:18:26 A.... 0 0,00 K 1 item found: 1 file, 0 directories. Total of file sizes: 0 bytes 0,00 K ********************************************************************************** Directory Listing of system files: Le volume dans le lecteur C s'appelle ohhhhhhhh Le num‚ro de s‚rie du volume est 0CCC-4F05 R‚pertoire de C:\WINDOWS\System32 20/03/2006 13:17 394ÿ100 qpqss.ini 20/03/2006 13:11 235ÿ937 wqnipsec.dll 20/03/2006 13:10 233ÿ914 ktlql7351.dll 19/03/2006 13:58 394ÿ658 qpqss.bak2 19/03/2006 13:57 235ÿ937 hp2023fmg.dll 17/03/2006 17:54 233ÿ438 mydrv.dll 17/03/2006 17:23 233ÿ693 hrn2055oe.dll 17/03/2006 17:09 234ÿ302 q4680ejueho80.dll 17/03/2006 16:46 233ÿ438 krdbr.dll 17/03/2006 16:38 234ÿ728 dlscript.dll 16/03/2006 02:07 236ÿ077 mv4ol9h31.dll 15/03/2006 21:49 235ÿ198 dhser.dll 15/03/2006 14:09 234ÿ728 imsmsnap.dll 15/03/2006 14:07 234ÿ189 avvvu.dll 15/03/2006 13:29 28ÿ920 ifdrv.dll 15/03/2006 13:28 235ÿ367 fbe.dll 15/03/2006 12:17 234ÿ189 mxjet40.dll 15/03/2006 02:00 236ÿ024 kfdfc.dll 15/03/2006 01:42 234ÿ189 pynppagn.dll 15/03/2006 01:26 236ÿ631 kfdfi.dll 15/03/2006 01:13 235ÿ931 kyd106.dll 15/03/2006 01:10 235ÿ912 xysp1res.dll 15/03/2006 01:00 235ÿ931 Lcwvc12n.dll 15/03/2006 00:48 234ÿ189 nqwrscs.dll 15/03/2006 00:46 234ÿ189 LRUI2RC.dll 15/03/2006 00:46 235ÿ306 ktjml7111.dll 14/03/2006 16:31 235ÿ809 lnpsd13n.dll 14/03/2006 16:27 234ÿ272 dnl6013se.dll 14/03/2006 16:18 234ÿ272 mkgsvc.dll 14/03/2006 15:08 235ÿ923 hrr6059se.dll 14/03/2006 14:58 236ÿ246 s4pule791h.dll 14/03/2006 14:58 234ÿ809 jtlq0735e.dll 11/03/2006 02:13 315ÿ074 qpqss.bak1 11/03/2006 02:13 577ÿ588 ssqpq.dll 10/03/2006 12:46 25ÿ824 wlib32.dll 09/03/2006 17:33 <REP> dllcache 06/12/2004 08:07 <REP> Microsoft 29/08/2002 10:45 83ÿ608 winsystems.exe 36 fichier(s) 8ÿ634ÿ540 octets 2 R‚p(s) 17ÿ929ÿ060ÿ352 octets libres A bientôt, et Dank U comme disent les néerlandophones.

Bonjour, Nous disposons de 2 PC sous windows XP pro (l'un SP1, l'autre SP2) qui partagent une connexion internet. Il y a peu, pour des raisons peu interessantes, la carte réseau PCI a changé d'ordi et c'est le "SP1" qui a partagé la connexion... et commencé à avoir des problèmes : Redémarrages intempestifs, messages d'alerte douteux et fenêtres internet qui s'ouvrent vers ameana.com, entre-autres. J'ai d'abord utilisé Spybot, puis j'ai appris votre existence. Un grand merci, un grand bravo! Côté protection, on se contentait jusqu'ici du firewall gratuit de Sygate. Les problèmes persistents : - Antivir, quand il est installé (sic), détecte régulièrement "ConHook" comme étant un trojan qu'il essaiera d'éradiquer au redémarrage... sans succès, apparemment. - A chaque démarrage, des programmes variés tentent une connexion (win32ssr.exe, winlogon.exe vers a-d-a-w-a-r-e.com, ftp.exe) que je bloque via le firewall - Mention spéciale pour run32.dll, qui tente une connexion à chaque démarage et ne répond pas quand on veut arrêter l'ordi. J'ai appris que cette dll est indispensable à windows, mais j'ai l'impression que celle qui tente une connexion est une "copie" de la légitime car deux processus avec ce même nom tournent en même temps. Voilà, je poste le rapport HijackThis.log 1 ci-après, merci d'avance pour vos conseils éclairés. Pour rappel, c'est l'ordi qui tournent sous windows xp pro sp1 qui rencontre des problèmes, et dont la configuration a été décrite à l'inscription... pour l'autre, je prie et on verra plus tard. Logfile of HijackThis v1.99.1 Scan saved at 17:13:05, on 17/03/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE C:\Program Files\Logitech\ImageStudio\LogiTray.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\win32ssr.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {20D57A66-F7DF-467d-907B-9B7F4A118AB7} - C:\WINDOWS\System32\awtqo.dll O2 - BHO: WTLHelper Object - {6D33B121-5C4C-4450-9D1F-7B67085CC199} - C:\WINDOWS\System32\ssqpq.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr-be\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [wlib32] rundll32.exe C:\WINDOWS\System32\wlib32.dll,start O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://camera1.mairie-brest.fr/activex/AxisCamControl.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by104fd.bay104.hotmail.msn.com/activex/HMAtchmt.ocx O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: awtqo - C:\WINDOWS\SYSTEM32\awtqo.dll O20 - Winlogon Notify: ssqpq - C:\WINDOWS\System32\ssqpq.dll O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\en0ol1d31.dll O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing) O23 - Service: sdktemp - Unknown owner - C:\WINDOWS\axdcfasb.exe (file missing) O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe