J'ai un malware nommé cyberlog x hlep Résolu

Question

Bonjour,

je ce malware qui me gene enormement g intsallesmitfraudfix et j'ai chhoisit l'option 1 . je vous poste le raport dites moi ce qu'il fo faire pls!!


SmitFraudFix v2.250

Rapport fait à 20:30:07,35, 06/11/2007
Executé à partir de C:\Documents and Settings
icolas\Bureau\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
TrayFw.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32undll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\NCH Swift Sound\Recordpadecordpad.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1
icolas\1TEKCO~1\F1Driver.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
SvcIp.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
SvcLog.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\STK017_V2.01\STK017M.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
SvcAppFlt.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings
icolas


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings
icolas\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1
icolas\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=dword:00000001
"AppInit_DLLs"="C:\WINDOWS\system32\__c0020400.dat"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: ATMEL USB FastVNET (AR) - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{7636EF0F-96FF-47E5-A7BE-1B10E717B0E1}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7636EF0F-96FF-47E5-A7BE-1B10E717B0E1}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7636EF0F-96FF-47E5-A7BE-1B10E717B0E1}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Regis59 · Answer

Bienvenue sur le forum d’entraide de CommentCaMarche.net 

Nous connaissons votre situation et nous vous conseillons de ne surtout pas vous inquiéter.
De plus, au vu du nombre croissant de désinfections effectuées sur le forum, nous vous demandons un peu de patience et surtout de ne pas créer plusieurs postes pour le même problème.
Merci de votre compréhension.

Télécharge HijackThis ici: 
http://telechargement.zebulon.fr/138-hijackthis-1991.html 

Dézippe le dans un dossier prévu à cet effet. 
Par exemple C:\hijackthis < Enregistre-le bien dans c : ! 
Démo : (Merci a Balltrap34 pour cette réalisation)   
http://pageperso.aol.fr/balltrap34/Hijenr.gif 
	
Lance le puis: 
Clique sur "do a system scan and save logfile" (cf démo) 
Faire un copier coller du log entier sur le forum

Démo : (Merci a Balltrap34 pour cette réalisation)   
http://pageperso.aol.fr/balltrap34/demohijack.htm
	
Bon courage

A+

wolfas13 · Answer

ok je ferai ca ce soir qd je rentre et je poste apres !!

wolfas13 · Answer

tiens voila le rapport; encore merci!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:45  nicolas, on 07/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
SvcIp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
SvcLog.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
SvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
TrayFw.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\NCH Swift Sound\Recordpadecordpad.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1
icolas\1TEKCO~1\F1Driver.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\luall.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Documents and Settings
icolas\Bureau\HiJackThis\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.avast.com/fr-fr/index
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\zctqcksc.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
TrayFw.exe
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation
Tune\nTune.exe" clear
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Recordpad] "C:\Program Files\NCH Swift Sound\Recordpadecordpad.exe" -logon
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [La_View Mouse] C:\PROGRA~1
icolas\1TEKCO~1\F1Driver.exe
O4 - HKCU\..\Run: [DeskSpace] C:\Program Files\DeskSpace\deskspace.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: STK017 PNP Monitor.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/DataServer/Pub/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0020400.dat
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qaebubos.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
SvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
SvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
SvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

Regis59 · Answer

Ok

Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport

wolfas13 · Answer

Je poste ce rapport ce soir si c'est pas long sinn ce sera demin merci de ton aide

wolfas13 · Answer

le petit triangle jaune dans la barre de notification n'apparati plus et les 2 icone sur le bureau nn plus de live safety etc... je te poste le rappport : mais il reapparati a nouveau 1 heure apres ComboFix 07-11-08.1 - nicolas 2007-11-07 20:52:42.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.933 [GMT 1:00] Running from: C:\Documents and Settings icolas\Bureau\ComboFix.exe * Created a new restore point . Incapable d'obtenir les privilèges Système (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk C:\Documents and Settings icolas\Bureau\Live Safety Center.lnk C:\Documents and Settings icolas\Bureau\Online Security Guide.lnk C:\Documents and Settings icolas\Favoris\Online Security Guide.lnk C:\Program Files ewdotnet C:\Program Files ewdotnet eadme.html C:\Program Files ewdotnet\uninstall6_38.exe C:\Program Files ewdotnet\uninstall7_48.exe C:\WINDOWS\cookies.ini C:\WINDOWS\NDNuninstall6_38.exe C:\WINDOWS\NDNuninstall7_48.exe C:\WINDOWS\system32\afomhfxc.dll C:\WINDOWS\system32\bsioxkul.dll C:\WINDOWS\system32\mipqweve.dll C:\WINDOWS\system32\pcrendjy.dll C:\WINDOWS\system32\pqtss.bak1 C:\WINDOWS\system32\pqtss.bak2 C:\WINDOWS\system32\pqtss.ini C:\WINDOWS\system32\pqtss.ini2 C:\WINDOWS\system32\pqtss.tmp C:\WINDOWS\system32 k.bin C:\WINDOWS\system32 lvknlg.exe C:\WINDOWS\system32\sstqp.dll C:\WINDOWS\system32\uthccudj.dll C:\WINDOWS\system32\ypvykumw.dll C:\WINDOWS\system32\zctqcksc.dllbox . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE -------\DomainService ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-08 to 2007-11-08 )))))))))))))))))))))))))))))))))))) . 2007-11-07 20:50 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-07 19:37 79,936 --a------ C:\WINDOWS\system32\ybmyonaa.dll 2007-11-07 19:34 86,080 --a------ C:\WINDOWS\system32\mngidhqo.dll 2007-11-07 19:31 71,232 --a------ C:\WINDOWS\system32\uxkwkxgc.exe 2007-11-07 17:43 79,936 --a------ C:\WINDOWS\system32\yfbjthiq.dll 2007-11-07 17:40 71,232 --a------ C:\WINDOWS\system32\alddnkpi.exe 2007-11-07 17:34 71,232 --a------ C:\WINDOWS\system32\iyjjfvrm.exe 2007-11-06 21:28 87,104 --a------ C:\WINDOWS\system32\ssjaxrwl.dll 2007-11-06 21:21 81,472 --a------ C:\WINDOWS\system32\juoxwcir.dll 2007-11-06 21:19 71,232 --a------ C:\WINDOWS\system32\srcgexdn.exe 2007-11-06 20:52 d-------- C:\Documents and Settings icolas\Application Data\Grisoft 2007-11-06 20:52 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-11-06 20:52 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-11-06 20:30 4,080 --a------ C:\WINDOWS\system32 mp.reg 2007-11-06 19:07 d-------- C:\Program Files\Avira 2007-11-06 19:07 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2007-11-06 18:49 d-------- C:\Program Files\Panda Security 2007-11-06 18:32 81,472 --a------ C:\WINDOWS\system32\xsvwscik.dll 2007-11-06 18:23 145,984 --a------ C:\WINDOWS\system32\zctqcksc.dll 2007-11-06 18:23 145,984 --a------ C:\WINDOWS\system32\ukairyyi.dll 2007-11-04 10:31 78,912 --a------ C:\WINDOWS\system32\odflaypu.dll 2007-11-03 10:00 81,472 --a------ C:\WINDOWS\system32\jdjrhcad.dll 2007-10-30 09:06 589 --a------ C:\WINDOWS\system32\ukiogvra.dll 2007-10-29 16:59 589 --a------ C:\WINDOWS\system32\farbggvr.dll 2007-10-29 14:31 589 --a------ C:\WINDOWS\system32 kynrwvo.dll 2007-10-29 12:38 d-------- C:\Documents and Settings icolas\Application Data\ArcSoft 2007-10-29 12:37 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys 2007-10-29 12:36 d-------- C:\Program Files\Hercules 2007-10-29 12:36 d-------- C:\Program Files\Fichiers communs\ArcSoft 2007-10-29 12:36 245,408 --a------ C:\WINDOWS\system32\unicows.dll 2007-10-29 12:36 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL 2007-10-29 12:34 d-------- C:\WINDOWS\OvtCam 2007-10-29 12:34 161,792 --------- C:\WINDOWS\system32\drivers\ov530vid.sys 2007-10-29 12:34 61,440 --------- C:\WINDOWS\ov530dib.dll 2007-10-29 12:34 40,960 --------- C:\WINDOWS\system32\ov530ext.dll 2007-10-29 12:34 25,177 --------- C:\WINDOWS\system32\drivers\ov530cmd.sys 2007-10-29 12:34 16,440 --------- C:\WINDOWS\system32\ov530usd.dll 2007-10-29 09:57 d-------- C:\Documents and Settings icolas\Application Data\Recordpad 2007-10-29 09:19 589 --a------ C:\WINDOWS\system32\ehvecyts.dll 2007-10-27 16:21 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll 2007-10-27 16:21 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll 2007-10-27 16:21 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll 2007-10-27 16:21 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll 2007-10-27 16:21 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll 2007-10-27 16:21 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll 2007-10-27 16:21 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll 2007-10-27 16:17 d-------- C:\Program Files\Electronic Arts 2007-10-24 15:08 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-10-24 12:48 d-------- C:\Program Files\MediaCoder 2007-10-24 12:42 d-------- C:\Program Files\GXTranscoder.net AWE 2007-10-24 10:28 d-------- C:\Documents and Settings icolas\Application Data\AVS4YOU 2007-10-24 10:28 d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU 2007-10-24 10:27 d-------- C:\Program Files\Fichiers communs\AVSMedia 2007-10-24 10:25 d-------- C:\Program Files\AVS4YOU 2007-10-24 10:23 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll 2007-10-24 10:23 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-10-24 10:23 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll 2007-10-24 10:23 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll 2007-10-24 10:23 139,264 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-10-24 10:10 d-------- C:\Temp 2007-10-24 10:05 d-------- C:\Program Files\QuickTime 2007-10-24 10:05 d-------- C:\Program Files\ImTOO 2007-10-21 11:00 d-------- C:\Program Files\oZone3D 2007-10-20 13:04 d-------- C:\Documents and Settings\All Users\Application Data\NCH Software 2007-10-14 13:34 d-------- C:\Program Files\NCH Software 2007-10-14 13:34 d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound 2007-10-14 13:32 d-------- C:\Program Files\NCH Swift Sound 2007-10-14 13:32 d-------- C:\Documents and Settings icolas\Application Data\NCH Swift Sound 2007-10-14 13:31 d-------- C:\Program Files\Winamp 2007-10-14 13:31 d-------- C:\Documents and Settings icolas\Application Data\Winamp 2007-10-13 17:31 d-------- C:\Program Files\GT2002 2007-10-13 11:16 d-------- C:\WINDOWS\pss 2007-10-11 20:23 d-------- C:\Program Files\WinMX 2007-10-11 19:37 d-------- C:\Program Files\WinISO 2007-10-11 18:33 d-------- C:\Program Files\Smart Projects 2007-10-11 16:32 d-------- C:\Documents and Settings\All Users\Application Data\WinZip . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-07 18:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2007-11-07 18:28 --------- d-----w C:\Documents and Settings icolas\Application Data\OpenOffice.org2 2007-11-07 17:34 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2007-11-07 16:33 --------- d-----w C:\Program Files\STK017_V2.01 2007-11-06 19:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-10-29 11:36 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-24 08:28 --------- d-----w C:\Documents and Settings icolas\Application Data\Nokia Multimedia Player 2007-10-22 19:23 --------- d-----w C:\Documents and Settings icolas\Application Data\DivX 2007-10-22 19:10 --------- d-----w C:\Program Files\Picasa2 2007-10-21 15:33 --------- d-----w C:\Program Files\Java 2007-10-20 10:31 --------- d-----w C:\Program Files\DeskSpace 2007-10-12 18:36 --------- d-----w C:\Program Files\Silkroad 2007-10-07 08:06 --------- d-----w C:\Program Files\Elaborate Bytes 2007-10-06 16:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\SlySoft 2007-10-06 16:20 --------- d-----w C:\Program Files\SlySoft 2007-10-06 16:17 --------- d-----w C:\Documents and Settings icolas\Application Data\Skype 2007-10-06 16:08 --------- d-----w C:\Program Files\DiskTrix 2007-10-06 16:03 --------- d-----w C:\Documents and Settings icolas\Application Data\OtakuSoftware 2007-10-06 15:44 --------- d-----w C:\Documents and Settings icolas\Application Data\Joost 2007-10-05 17:12 --------- d-----w C:\Program Files\AxBx 2007-10-04 16:09 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-10-04 16:09 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2007-10-04 16:09 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-10-04 16:09 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-10-04 16:09 --------- d-----w C:\Program Files\Symantec 2007-09-29 09:32 --------- d-----w C:\Documents and Settings icolas\Application Data\Nokia 2007-09-23 17:19 --------- d-----w C:\Program Files\Nokia 2007-09-23 17:19 --------- d-----w C:\Program Files\Fichiers communs\Nokia 2007-09-23 17:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nokia 2007-09-21 19:41 --------- d-----w C:\Program Files\DivX 2007-09-18 12:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat 2007-09-18 12:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat 2007-09-18 12:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat 2007-09-18 12:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf 2007-09-18 12:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf 2007-09-18 12:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf 2007-09-18 12:43 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys 2007-09-18 12:43 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys 2007-09-18 12:43 278,576 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys 2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2007-09-17 18:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2007-09-17 18:22 739,840 ----a-w C:\WINDOWS\system32\DivX.dll 2007-09-16 14:21 --------- d-----w C:\Program Files\PhotoFiltre 2007-09-15 19:12 --------- d-----w C:\Program Files\eRightSoft 2007-09-13 11:54 --------- d-----w C:\Program Files\Skype 2007-09-13 11:54 --------- d-----w C:\Program Files\Fichiers communs\Skype 2007-09-13 11:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2007-09-11 23:14 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-09-10 16:51 --------- d-----w C:\Program Files\TI Education 2007-09-10 04:58 --------- d-----w C:\Program Files\Usability Sciences 2007-09-09 14:15 --------- d-----w C:\Program Files\Fichiers communs\TI Shared 2007-09-09 14:14 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-09-09 12:13 --------- d-----w C:\Program Files\SdLL 2007-09-08 17:21 --------- d-----w C:\Program Files\Norton 360 2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-08-15 22:33 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-08-15 22:33 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-08-15 22:33 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-08-15 22:33 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2007-08-15 22:33 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2007-08-15 22:33 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2007-08-15 22:33 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-08-15 22:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-08-15 22:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-08-15 22:31 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-08-15 22:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-08-15 22:30 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-05-18 16:40 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe 2006-05-03 09:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 10:47:16 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}] C:\Program Files\NewDotNet ewdotnet7_48.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{790fd541-85b9-410d-aabf-05288a74242c}] 2007-11-07 19:37 79936 --a------ C:\WINDOWS\system32\ybmyonaa.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}] 2007-11-06 18:23 145984 --a------ C:\WINDOWS\system32\zctqcksc.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\zctqcksc.dll [2007-11-06 18:23 145984] [HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin TrayFw.exe" [2005-04-29 17:22] "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation Tune\nTune.exe" [2004-12-06 11:06] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-09 08:29] "nwiz"="nwiz.exe" [2006-03-09 08:29 C:\WINDOWS\system32 wiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-09 08:29] "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-03-14 19:10] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] "SoundMan"="SOUNDMAN.EXE" [2006-11-17 04:42 C:\WINDOWS\soundman.exe] "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 14:10] "Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22] "AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 14:53] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28] "Recordpad"="C:\Program Files\NCH Swift Sound\Recordpad ecordpad.exe" [2007-10-29 09:56] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25] "105deb37"="C:\WINDOWS\system32\mngidhqo.dll" [2007-11-07 19:34] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-18 18:07] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00] "La_View Mouse"="C:\PROGRA~1 icolas\1TEKCO~1\F1Driver.exe" [2006-01-04 17:32] "DeskSpace"="C:\Program Files\DeskSpace\deskspace.exe" [] "ares"="C:\Program Files\Ares\Ares.exe" [] [HKEY_USERS\.default\software\microsoft\windows\currentversion un] "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "AllowLegacyWebView"=1 (0x1) "AllowUnhashedWebView"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\WB] C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 22:34 24576 C:\Program Files\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\winexz32] winexz32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\zctqcksc] zctqcksc.dll 2007-11-06 18:23 145984 C:\WINDOWS\system32\zctqcksc.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\sstqp.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] "C:\Program Files\Ares\Ares.exe" -h R2 TICalc;TICalc;C:\WINDOWS\system32\drivers\TICalc.sys R3 ATMELFVNETusb(AR)(R);ATMEL FVNETusb(AR)(R) Service for ATMEL USB FastVNET (AR);C:\WINDOWS\system32\DRIVERS\vnetusbr.sys S3 ovt530;Webcam Classic;C:\WINDOWS\system32\Drivers\ov530vid.sys S3 SaiHFF0C;SaiHFF0C;C:\WINDOWS\system32\DRIVERS\SaiHFF0C.sys S3 SaiUFF0C;SaiUFF0C;C:\WINDOWS\system32\DRIVERS\SaiUFF0C.sys S3 SilverLink;Texas Instruments SilverLink (USB GraphLink) Cable;C:\WINDOWS\system32\Drivers\SilvrLnk.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{634bfe42-0566-11dc-9e73-806d6172696f}] \Shell\AutoRun\command - F:\POV.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd5ec2a8-055f-11dc-9694-0006f404143d}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e \Shell\Open\command - G:\Boot.exe e *Newly Created Service* - COMHOST . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-08 21:05:40 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-08 21:07:50 - machine was rebooted . --- E O F ---

Regis59 · Answer

ok

Fais un clic droit sur ce lien :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Fais un clic droit sur navilog1.zip et choisis "tout extraire"
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

wolfas13 · Answer

ok je fé ce qe vous me dites ce soir;la je suis aps sur mon ordi. merci

wolfas13 · Answer

tiens voila le rapport et je te donne un lien avec les fichiers qe advira antivir ma mis en quarantaine
lien:[URL=https://imageshack.com/]
Search Navipromo version 3.3.4 commencé le 09/11/2007 à 18:32:19,90

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files
avilog1
Mise à jour le 02.11.2007 à 12h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11 


*** Recherche Programmes installés ***




*** Recherche dossiers dans C:\WINDOWS ***



*** Recherche dossiers dans C:\Program Files ***



*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings
icolas\Application Data ***


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun fichier trouvé dans :

- C:\WINDOWS\system32
- C:\DOCUME~1\NICOLAS\LOCALS~1\APPLIC~1



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans C:\DOCUME~1\NICOLAS\LOCALS~1\APPLIC~1 *



*** Recherche fichiers *** 




*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:
C:\WINDOWS\system32\oqhdignm.ini2 trouvé ! infection Vundo possible non traitée par cet outil !

2)Recherche Heuristique :



3)Recherche Certificats :

Certificat Egroup absent !


*** Analyse terminée le 09/11/2007 à 18:33:43,87 ***

Regis59 · Answer

Salut

Ok.

Télécharge VundoFix.exe (par Atribune) sur ton Bureau. 
http://www.atribune.org/ccount/click.php?id=4 

Double-clique VundoFix.exe afin de le lancer. 
Clique sur le bouton Scan for Vundo. 
Lorsque le scan est complété, clique sur le bouton Remove Vundo. 
Une invite te demandera si tu veux supprimer les fichiers, clique YES 
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers. 
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK 
Démarre ton PC à nouveau. 
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

A+

wolfas13 · Answer

je v faire ce qe tu me di et je te colle les rapports tout de suite apres

wolfas13 · Answer

voila les rapports; je te mets vundofix en premier puis hijackthis.



Beginning removal...

VundoFix V6.5.11

Checking Java version...

Scan started at 10:07:03 nicolas 11/11/2007

Listing files found while scanning....

C:\WINDOWS\system32\zctqcksc.dll

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\zctqcksc.dll
C:\WINDOWS\system32\zctqcksc.dll Has been deleted!

Performing Repairs to the registry.
Done!




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:28  nicolas, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
SvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
SvcLog.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
TrayFw.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
SvcAppFlt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\NCH Swift Sound\Recordpadecordpad.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1
icolas\1TEKCO~1\F1Driver.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\System32\svchost.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.avast.com/fr-fr/index
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet
ewdotnet7_48.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: {c24247a8-8250-fbaa-d014-9b58145df097} - {790fd541-85b9-410d-aabf-05288a74242c} - C:\WINDOWS\system32\ybmyonaa.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
TrayFw.exe
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation
Tune\nTune.exe" clear
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Recordpad] "C:\Program Files\NCH Swift Sound\Recordpadecordpad.exe" -logon
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [105deb37] rundll32.exe "C:\WINDOWS\system32\mngidhqo.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [La_View Mouse] C:\PROGRA~1
icolas\1TEKCO~1\F1Driver.exe
O4 - HKCU\..\Run: [DeskSpace] C:\Program Files\DeskSpace\deskspace.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: STK017 PNP Monitor.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/DataServer/Pub/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: winexz32 - winexz32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
SvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
SvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
SvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

Regis59 · Answer

Re,

On va essayer comme cela mais je doute que cela soit suffisant. Quoi qu'il en soit il en restera a supprimer.

télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

C:\WINDOWS\system32\ybmyonaa.dll
C:\WINDOWS\system32\mngidhqo.dll
C:\WINDOWS\system32\uxkwkxgc.exe
C:\WINDOWS\system32\yfbjthiq.dll
C:\WINDOWS\system32\alddnkpi.exe
C:\WINDOWS\system32\iyjjfvrm.exe
C:\WINDOWS\system32\ssjaxrwl.dll
C:\WINDOWS\system32\juoxwcir.dll
C:\WINDOWS\system32\srcgexdn.exe
C:\WINDOWS\system32\xsvwscik.dll
C:\WINDOWS\system32\zctqcksc.dll
C:\WINDOWS\system32\ukairyyi.dll
C:\WINDOWS\system32\odflaypu.dll
C:\WINDOWS\system32\jdjrhcad.dll
C:\WINDOWS\system32\ukiogvra.dll
C:\WINDOWS\system32	kynrwvo.dll 
C:\Program Files\Fichiers communs\Symantec Shared
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Program Files\Symantec
 C:\Program Files\NewDotNet

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

Puis remet un HijackThis + un combofix.

A+

wolfas13 · Answer

ok je fé tout de suite ces actions +

wolfas13 · Answer

voila le resultat de OTmoveit


File/Folder C:\WINDOWS\system32\ybmyonaa.dll not found.
File/Folder C:\WINDOWS\system32\mngidhqo.dll not found.
File/Folder C:\WINDOWS\system32\uxkwkxgc.exe not found.
File/Folder C:\WINDOWS\system32\yfbjthiq.dll not found.
File/Folder C:\WINDOWS\system32\alddnkpi.exe not found.
File/Folder C:\WINDOWS\system32\iyjjfvrm.exe not found.
LoadLibrary failed for C:\WINDOWS\system32\ssjaxrwl.dll
C:\WINDOWS\system32\ssjaxrwl.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\ssjaxrwl.dll scheduled to be moved on reboot.
File/Folder C:\WINDOWS\system32\juoxwcir.dll not found.
File/Folder C:\WINDOWS\system32\srcgexdn.exe not found.
File/Folder C:\WINDOWS\system32\xsvwscik.dll not found.
File/Folder C:\WINDOWS\system32\zctqcksc.dll not found.
File/Folder C:\WINDOWS\system32\ukairyyi.dll not found.
LoadLibrary failed for C:\WINDOWS\system32\odflaypu.dll
C:\WINDOWS\system32\odflaypu.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\odflaypu.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\jdjrhcad.dll
C:\WINDOWS\system32\jdjrhcad.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\jdjrhcad.dll scheduled to be moved on reboot.
File/Folder C:\WINDOWS\system32\ukiogvra.dll not found.
File/Folder C:\WINDOWS\system32	kynrwvo.dll not found.
Folder cleanup  failed. C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\TextHub scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\incoming scheduled to be deleted on reboot.
Folder move failed. C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\BinHub\hh scheduled to be moved on reboot.
Folder cleanup  failed. C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\BinHub scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Program Files\Fichiers communs\Symantec Shared\VAScanner scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Program Files\Fichiers communs\Symantec Shared\SymTheme scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Program Files\Fichiers communs\Symantec Shared\SymSetup\{420F8FCF-8F5E-4518-A5B3-FBBD56B98FEC}_1_1_0_38\Support\Reporter scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Program Files\Fichiers communs\Symantec Shared\SymSetup\{420F8FCF-8F5E-4518-A5B3-FBBD56B98FEC}_1_1_0_38\Support scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Program Files\Fichiers communs\Symantec Shared\SymSetup\{420F8FCF-8F5E-4518-A5B3-FBBD56B98FEC}_1_1_0_38 scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Program Files\Fichiers communs\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_1_0_0_184\Support\Reporter scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Program Files\Fichiers communs\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_1_0_0_184\Support scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Program Files\Fichiers communs\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_1_0_0_184 scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Program Files\Fichiers communs\Symantec Shared\SymSetup scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Program Files\Fichiers communs\Symantec Shared\SymHTML scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Program Files\Fichiers communs\Symantec Shared\SymcData scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Program Files\Fichiers communs\Symantec Shared\Support Controls scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Program Files\Fichiers communs\Symantec Shared\SRTSP scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Program Files\Fichiers communs\Symantec Shared\SPManifests scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Program Files\Fichiers communs\Symantec Shared\SPBBC scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Program Files\Fichiers communs\Symantec Shared\Security Center scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Program Files\Fichiers communs\Symantec Shared\PIF scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Program Files\Fichiers communs\Symantec Shared\Options scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Program Files\Fichiers communs\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Program Files\Fichiers communs\Symantec Shared\OPC scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Program Files\Fichiers communs\Symantec Shared\NPC scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Program Files\Fichiers communs\Symantec Shared\NHelp scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Program Files\Fichiers communs\Symantec Shared\MSL scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Program Files\Fichiers communs\Symantec Shared\IDS scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Program Files\Fichiers communs\Symantec Shared\Firewall scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Program Files\Fichiers communs\Symantec Shared\EENGINE scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Program Files\Fichiers communs\Symantec Shared\coShared\WP scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Program Files\Fichiers communs\Symantec Shared\coShared\WA scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Program Files\Fichiers communs\Symantec Shared\coShared\Common scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Program Files\Fichiers communs\Symantec Shared\coShared scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Program Files\Fichiers communs\Symantec Shared\COH scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Program Files\Fichiers communs\Symantec Shared\Cleanup scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Program Files\Fichiers communs\Symantec Shared\CF\Manifests scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Program Files\Fichiers communs\Symantec Shared\CF scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Program Files\Fichiers communs\Symantec Shared\Bonus\Log scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Program Files\Fichiers communs\Symantec Shared\Bonus scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Program Files\Fichiers communs\Symantec Shared\AppCore scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Program Files\Fichiers communs\Symantec Shared\AntiVirus scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Program Files\Fichiers communs\Symantec Shared\AntiSpam\Log scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Program Files\Fichiers communs\Symantec Shared\AntiSpam scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Program Files\Fichiers communs\Symantec Shared scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\SyKnAppS\Updates scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\SyKnAppS\LiveUpdate scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\SyKnAppS\Freezer scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\SyKnAppS scheduled to be deleted on reboot.
Folder move failed. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine scheduled to be moved on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{FEFAEB87-E88A-4EDC-95C7-AF74AF5C8B41} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{FD5D99F5-A829-4077-ACDD-CAFF944EDB49} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{FCF6B885-4248-4736-AC4B-71E813F9DD44} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{FCAAC9F4-CACB-48B6-BD94-00B284654865} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{FC641E5A-D85C-4A7B-A688-3E6E4E1F6E9D} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{FC3A3EF3-2E1D-4897-B2B6-7F7336E8ADDC} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{FB23F301-3130-4D69-BF5E-5766C7B6106C} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{F8F7CC74-3E48-4AEE-9CA7-1019E2E4E279} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{F8813246-FA5E-4132-8D6A-4E6C806F8D1A} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{F875F496-7103-4650-80C9-E72DAB267887} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{F841EBD6-8B59-4C15-B327-925B92817A75} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{F82D0215-131E-458D-8E58-332E3F8F8617} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{F74D1D36-47FD-4D93-B20F-EF13F45E155D} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{F67470B9-BC49-4B2F-A6B1-EDC34D6B3293} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{F54FC706-EACA-47E2-8A1B-8A6A81185199} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{F4C31FC1-226A-4C6C-8D6E-60A099A1FEF7} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{F4B383D2-F3F5-4625-BD1A-1A562E17A000} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{F4172ADE-1570-40B1-9CD6-7C171194C9F1} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{F24C052B-1E2E-4AFC-9C86-A5AFC46AC899} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{F1DFBC59-13DC-4CA3-A7B3-3035A9DE5758} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{F033652B-B32C-4140-9177-94D73602404E} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{EE2E1E61-5804-44CF-83CA-8512257AB881} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{ED402548-68AF-4884-A7DD-E5FBDF24314E} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{EAFF75E2-2FDF-4FBC-8E81-48993EF0A1F6} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{EAC749E8-FDB7-4B91-AF49-5A107C4520E5} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{E90D809D-4588-45E6-8D42-CEE38FEE8E09} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{E8B00F15-0D41-4931-A563-EC9DC3DD041C} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{E798F5EA-CC80-4F25-8ED8-2FDEDCFDB656} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{E6C97506-E114-4B13-B5A6-277C5FD2F66A} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{E6A13564-0ABA-4C6D-90D3-C66AF4C9233D} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{E691F1E4-9EEC-45E2-8A44-D82461BF2DE7} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{E62820B0-5B27-4FDF-8DDF-C5618564BD94} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{E5BCF539-A1DE-4599-A1C3-586064F50297} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{E58D72AC-16E9-43EF-971A-0AD67A2DA3B2} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{E4DCCEB6-0B2F-4D9D-B144-A0B788C576DB} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{E39089A1-2A27-4E28-A68D-1F658486EFD9} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{E37F40C1-35BF-4713-A092-D7D6F56133E9} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{E361AFD6-EE7D-4B2A-B399-F3FC0DE7A328} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{E3618CD1-8ABA-4978-A2E2-0F172FFD907E} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{E284E515-947D-40A4-A93C-AB3F9BB7BAB2} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{E26D48D4-D740-4303-AEF3-9A596EA6F689} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{E22A5EB9-9F98-42F7-B72B-56AB6BC67427} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{E1C42F43-E735-4451-875D-6B8CFB9C6F0B} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{E1853CDD-AB3A-4993-8BB9-F6C6DDD538EB} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{E159ADF1-7682-4044-8DCA-6325C017FED9} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{E09B9BB8-C5FF-42C2-9A97-7E8DE949F659} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{E06166A3-C5DE-449D-A5A7-FC36561F2067} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{DFF9F627-3842-44E0-AEFC-9F86E01C1FA0} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{DF355A46-3B96-4B92-8D4A-0EED7322E882} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{DE89EA25-A723-4B57-BD16-BDF983B88B35} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{DE7AD178-517C-4C5E-B2BB-87AC12FAE78C} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{DD1FFBA2-80D7-4F32-9D5E-7CC0BFBD1656} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{DD1741B5-254B-4824-895C-0E9A0B5DB212} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{DCFA4896-13AC-4EB2-9424-8A3783C0167E} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{DC82EF6F-1D8C-429D-9A3D-81A1AA5792D0} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{DC509FF8-659B-472C-8B9E-352BC0E9E5CD} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{DA860860-EBB6-4B2D-85FE-7604F3740959} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{DA5DA8DD-FE0F-485E-ABB3-3BE057D7BE07} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{D9E6D6DC-D7F5-46DA-B2B1-FEEF1711A4AE} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{D99E81D4-D227-4E7D-B07D-9BAAB48D5DD9} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{D6808DD4-7348-48B1-8A3E-6CBD03A89232} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{D5FFE0B7-0630-449B-A8D8-FEEE336C94AC} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{D5AB7E81-D5A5-4471-9E70-B3692BB61343} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{D5A9FED6-B2A6-4BA4-B8F4-6588D515D14E} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{D51012D5-31C5-46D2-A9BD-8BA70527178F} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{D333AE78-E287-405C-9C9A-331BF69C3BF9} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{D306EB37-B237-4D4C-9C6D-741FC4702A99} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{D1F21A9B-3974-49F5-B7FE-C3C4EE8259D4} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{D178EDF8-CBB6-4A68-ABD8-06A318D87FEB} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{D17847EE-F97E-488C-BCBA-54FC26209645} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{D16C6B23-C48F-41FC-809A-47E7E61A1E36} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{D1572E8B-DBBB-4831-A6BD-80BE4E3BE66F} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{D0615EA6-D4B4-48A1-9A25-9CEA795130D8} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{CFB519C5-F917-4EC8-A784-318DFA0183CB} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{CF684445-7602-4DD2-8D77-455987640849} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{CE653BA0-4B8D-47AE-9BA5-00B659701830} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{CE4030F2-42F0-4022-AB46-24D2E453DB10} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{CD9DAAE6-B6D9-4BDA-AC45-6A0297340F0B} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{CD88B8E7-5FE6-44D9-8DA4-F4B968ECDF0C} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{CD2082DE-6979-45F2-9189-96A1D5270493} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{CCD1FEEC-6B5D-4E64-B1B8-6FFE2E5BB424} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{C961A21B-CDE3-4C22-9C94-5BEC7ABB40DA} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{C674409E-E04F-409D-9437-F6097B9A4A9B} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{C42212F1-F54F-47FB-B6BB-0461D234260A} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{C367B382-37CF-4236-B74C-97491BCA42A5} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{C32624F8-6DF0-4D80-8DE8-F2E8C1E55EF7} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{C01FEB0E-E84F-4BB3-9C8B-3682D92B03FE} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{C01FC847-EFC7-4087-8425-BBDD14D27242} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{BFA318EF-E7D9-4FE4-8BCA-BFB98BEA921F} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{BF347EF9-2814-4CDE-8A32-829A5C56F4DC} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{BEB2A4C8-20B6-4A0C-B812-6B5B205C81CE} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{BE80695A-1D06-417D-825E-8250F2ADB2A1} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{BE1BC757-E1E3-4E9A-885B-A7D0B0F8DE34} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{BDE722E5-79F2-44CD-9003-F33A1EB2C36C} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{BC191A35-C94A-408F-BD90-6AF9C729D47B} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{BB72126F-944C-44F1-87BA-8A0A73EBED00} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{BAFA53CE-BBFA-485C-8EA9-3FBDCE62DB71} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{BAC5E0D6-4AE8-4859-A6CF-AB0A9EA5290B} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{BA3F3757-D5DB-49CC-ACB2-1B321EBFE174} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{BA3EA398-FD88-486C-AE08-A2C85395D6E5} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{B802A1A9-CAEA-40A8-8CC9-FDC4BA72E9B2} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{B7933C64-0845-4374-BBD6-9F699B34571B} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{B78A3B09-C657-4B98-8CE2-AECE08353E87} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{B771B966-953C-4CD6-8471-72DCA83C1FFC} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{B6E56D68-3399-41F4-A0C4-5D137B5F7CEE} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{B6156982-1927-4D87-88F3-FFF2EDC17F46} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{B4895AF0-B915-42FA-ACC1-F6855C5623DB} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{B44AB1DC-CE35-49EC-8647-07A6D4E28FEC} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{B25F6B78-D768-4B4B-9315-625667512FCB} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{B0CF2FDE-C7BA-457D-AD67-7C0E524D9723} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{B025AECE-5082-412C-92A8-EF1971FD1D3F} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{AE9FD9AE-D1A0-4783-A7BE-0933D8C477ED} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{AD8A8A50-31AB-4F5C-97E6-2D0E877DC231} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{AD79C753-5D73-4175-B833-853538304CE3} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{ABEAA2C5-4AB0-4797-9F0D-D3E218414983} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{ABCFDBA1-264F-4FE4-9318-78B0C7A689FB} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{AB781ACD-380A-460C-8E0B-9FA781236606} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{AB0B44E6-E0E4-4769-91E0-D85D423DC725} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{AAC4BEF6-DCD0-4382-BD7F-4B1DBDC01686} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{AA77129B-1731-47C8-8437-03DECC19C379} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{AA280229-2710-412E-94AE-9CD70C316D01} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{A8CF94F6-4DC1-4FD3-A5F7-68593D032491} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{A78BD616-790B-4C3D-A196-ED342F4682B7} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{A51A7F47-9F68-4571-A949-CF4D4728DDE0} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{A4D77ADF-A9DD-4269-BF0A-24F84CF841F7} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{A4897AC5-BCB9-4377-A060-ED045BB8705B} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{A36A4DFB-7DCE-4CC0-89A3-083096FA0933} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{A270A4D5-C100-4AAC-92F9-561DA52B89B9} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{A195F63D-32D3-4BC9-9222-6744446B044D} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{A17C1D25-720D-44BC-8FBD-FE27B471A716} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{A0B4F6D8-2FEB-4AB9-9F2E-F3F6EF1ACFE9} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{9FE5AB1E-BFDC-4CC8-A8DA-C6FD8F54F4C8} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{9F987968-F188-414A-9DF2-203B5BFECDF4} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{9F4B5359-F145-4C77-9D36-841FE9F5DCB9} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{9F02F401-EF20-42A2-97BE-06FA6350DDCF} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{9D754642-B6D6-4BCE-A028-C862F00C9D4A} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{9B22F267-072B-494D-A7F1-F67FB7B03E4C} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{9AF7D172-82FE-4B86-AE70-75C75CC58E88} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{9AC8C180-D0A1-4668-B086-C58C7AAFE01E} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{99F66F2A-C3D7-4EBF-AA9B-8156C382BC8F} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{995BA7FC-BBC9-4460-B9A9-56BFE0CABF67} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{97E5E728-CC97-41D8-B108-C4E7EE6BD515} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{9750EFCF-6E82-4643-A18F-01BC97ADB93D} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{9740B776-AC89-4FC2-B3A4-818CCAC5FD7E} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{96BC4E7B-341C-4958-876D-BB739B3F65C0} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{965EFDD8-B05D-4572-A761-FE88179FD93D} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{96017C34-B1DA-4A1A-8494-D4A859D50109} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{95D92738-C0A5-4E67-8CC0-B17B39B590BD} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{94B22978-6EA1-4B8C-B786-AAF45CC9D6D9} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{94926D51-9BB8-4B8B-8F02-E2D6A0A1B801} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{94468D20-E85B-432B-91C3-EAF534B83B2A} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{94213D09-8347-4F41-ADCB-6F8A56E6C599} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{941E6240-72BC-457F-9F57-37212B7A191B} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{93CB7834-7B53-4E6F-B5D5-4D2DAEBF7CEA} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{92A90FEC-2232-46A5-9BE6-5A8A7CA304CE} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{919349D1-2139-4EC7-8B81-BB21E32D4751} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{9174469C-74A8-4026-8583-035C0BBF7399} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{8F5C74FD-5BD0-416F-8621-BD20B6158925} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{8E5B7862-C8C4-4AC1-B641-BE47710AB704} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{8DAAE44D-2486-4702-BA13-879430004866} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{8D497E8C-011A-4306-9525-0AD015F82BF9} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{8C78FF9A-F863-4F5F-B559-32DC79CBA91D} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{8B14D4F8-4CD6-4BDD-B9F1-689B679FEE30} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{89105D62-6D59-49DE-A16C-9315F8003A23} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{88CBB088-FFCA-4B26-AF9E-00638D1BA69D} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{878045E0-2023-4EFF-987A-285F53B1630C} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{874120F0-4F5E-422A-9D62-9D1D5B7A5B7E} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{8694D7D2-8547-4C2F-A42A-7B7D098D8795} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{85044D88-7A58-49D1-9120-3AD3F2EF1A17} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{84A41374-49ED-4CA0-AB7E-9B1CA964BDC9} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{8445C816-8799-49BF-B594-E2AEA42F04BC} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{844052D9-981B-4055-A952-9255E0559E71} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{835C21EA-8EAA-4854-B47A-459AE47EFA0C} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{8340D48C-1E11-492C-A698-13344AE05934} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{833A745F-6524-4A02-A46D-F54AEE68545A} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{8310024A-12E5-4688-B2E9-B711E2FE80D5} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{8299C161-D08C-41FC-BE0F-83D4A8F9C20E} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{822FA05D-7905-411A-A6E6-9FF8818CFA92} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{81E21D69-20E3-4980-BD76-6425F095B868} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{80B599CB-0F5D-403C-A1A8-033F82B4487E} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{807C13C6-613D-40B8-9693-A70CF72D460E} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{7FC77F0C-1ED4-49C0-8DC2-87A3B4892F88} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{7F27694D-3057-44EA-8021-AFD03A6FA96F} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{7EDE51D2-D8B5-40E5-9FCC-349B15BE6D13} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{7E3215CF-39B2-4580-8F04-23F5A52BECC9} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{7D27D13E-2471-4D40-A4A7-784845768579} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{7B98D4AC-B389-4C05-BABB-8AC40CE6EAB1} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{7B80F6E6-D8BF-4E04-8F16-77D7A04AB1BD} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{7B7F9593-1CBC-4AF7-A75A-6A4FCD142CAB} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{7A7859B4-889F-4658-ABCB-E0B95EDC7C9A} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{79DAB70B-9480-4FB7-BEC3-A29283E945DE} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{799B0D39-CFE4-4036-B507-5F2F46DC5356} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{7912A902-6F27-4E10-87C0-73F91D78E082} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{78F56CBB-BEB2-4053-83B8-A2EB9225F138} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{788B57EB-D5E5-483E-9DB6-4E6DB5B2AD65} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{77D56C05-0D5F-4998-B9A7-3C9A897CE2B5} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{77725842-00C9-40C0-98E4-AFEDE143284E} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{763FBDD1-D128-4C40-95A6-502CAEA7F417} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{75F4EC98-8152-40D2-AA1A-0222EC4511F4} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{75CA9E7A-C05C-4F4E-A0AE-9CB4BD7FD99B} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{759D4C2C-0F79-41F8-ACBA-1882D1B9F015} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{756C96B8-CF4D-4DF3-B49F-C523FDD3B975} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{744DF52E-6053-44B1-A731-9A1C0440C165} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{72E3BBC9-9C5C-4E1C-807B-8B7042EA3664} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{72B5981F-8C19-4501-A508-14C8C46EBC14} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{7059F593-C9E1-4246-BF6B-4C61AAC5BBC1} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{6F466472-5FF7-485D-8BD7-D0E2E52BB99D} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{6E757C29-9181-47B0-B54D-9A63A1548CE2} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{6DEF7973-C658-4B92-AC2F-30DCE1F42918} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{6DD1F3AF-9869-41C1-9105-38E535CE3452} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{6D8BE538-B925-455C-A1B6-CC927398B4F2} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{6A937BA2-52EF-4E66-BCB9-3B280E5F1CDE} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{692EE04D-AFD1-447C-8BBE-ADF54E51C9DD} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{68DE50E3-77E2-4E67-B8A1-D27BC9C68A4B} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{66D51EF8-78CF-45B0-BC74-B51CA14B32BB} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{66989F12-1E0F-46D4-96CA-0BDCB0649204} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{6649AF2F-DCF4-4989-AC5F-11B20C8F61C7} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{663D1DBD-DCBB-4609-B605-B3C00D571E9F} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{653EA2C7-ACAD-4EEB-8BCE-37EB8034491B} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{64141250-DA6C-4C46-B562-C210EF49ECBE} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{630349A8-CCDF-4EB3-A840-AD526568FED2} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{6013EB64-FEFF-4BA6-B764-11AF4FE91C3B} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{5FEB38C5-1593-4119-A040-914174158301} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{5FBB8628-9350-4BA4-8FC2-879572763F6A} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{5E9D361A-6398-4D7A-BC1E-1F8D86536ECC} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{5E4671B9-6990-4244-9164-B69BECFB4E2B} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{5DF93187-4C56-429C-9EDB-B9741C36363C} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{5D2CA6EF-D1B1-4FA2-88D5-4FD7284F0A3E} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{5CD9D157-5693-415E-B4EA-DA136D05F54B} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{5CC2A69A-EF01-4155-9FAF-6EBA50EDEDFE} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{5B3D12E9-1D38-445C-8945-C2E0B461887F} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{5A85AD15-3336-4935-8518-F6F48DC9A5F9} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{59DD3C9C-0C9F-4D83-9F71-7D9C418EAD39} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{55A484E4-7947-4537-851A-5603053F683F} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{5580DC33-88CA-4816-B724-8CFC9A42D4EE} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{552A80B2-410B-4F9A-B8AE-795228448BAC} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{546C750C-1288-4FFA-884C-45806C5ED5CB} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{5422E6C1-5EF0-4B7C-B337-E9CD2A4BE7EC} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{53ACF217-F45A-49AD-9CD6-6E8DCF1E9506} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{5282C2F0-05BC-474B-8E8E-9ACCF553A419} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{52168C1B-719E-4BE8-B75E-9902D4DAC62A} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{5176B191-BB12-4A2C-81CE-B9AB00087B70} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{5163207C-5B4F-4D50-B862-12F13E173197} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{507719D1-C967-4319-ABA3-FE652CFF9ED1} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{4EED51B2-63BE-4506-8B6F-5C55A43E7944} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{4ED8DFA6-A98E-4DAA-B70B-B240EF514CB2} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{4E820BE2-607F-4080-AEE8-53D7511F40AE} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{4E1FB536-8256-4C67-AE13-E11DA4B813D6} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{4C27BBE1-5407-46DA-85D4-8E3B78D0B11E} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{4BCD0AC0-A151-42AE-B188-D0FBD3DCB68E} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{4BC27D01-79D0-410A-AE3F-1DFF5508822B} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{4AB05574-29C3-434E-9DE0-1174471EB145} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{4A3BA2EA-B4DF-4A03-8491-E5F00AB39614} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{499A74E5-C2CA-4319-AD56-D8A01C3FE4DF} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{4827476F-CEBB-4B09-8442-2054B9D2D1C8} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{47A360BC-B3B8-4414-8729-2BAA496E668E} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{46632374-2752-4D5F-9ECA-48C65A8C0994} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{462931D7-A3D0-4591-BE81-1E454BED21AA} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{46180886-785C-45D4-8FDE-0D2C10B0D1AB} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{459D1D3F-4528-4104-9648-1FD8EFC288C3} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{44C31FB3-38A8-4952-9372-141BB0E83BCE} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{44B1C682-9A17-46AC-81BB-09684228FD5B} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{43371B75-0066-4E6A-96D3-306056E7C943} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{42A907BD-31B9-4952-A16C-995C480CAF41} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{425BF7FA-1B97-45F3-AC38-D01F7B8FB5D1} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{424237CA-35CD-4202-8EBD-1BEA1F857745} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{41DC96A4-36DD-4B3E-BE5F-33B85F70FC0D} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{402E86B6-9F91-49DF-871F-DCFCD49EA92D} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{40262FEB-F33F-4B68-A52E-3D57BCF60695} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{3FCFB320-7103-4A30-B51B-83F3F8E1D2B8} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{3F55A67C-80AB-42E2-AE44-D04F576DD27A} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{3DAB0606-6679-443C-8DF0-64C5582A58EA} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{3C734E75-8A13-4C75-B296-73E494D929F0} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{3B82EB1E-E824-4DE3-89C3-913772B141D8} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{3B24A0E9-C53C-4A05-A104-99CC7C7AFC4B} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{3B205BE9-9252-4F00-A9B2-6FFC2D287668} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{3A947A38-1EA4-4CE2-901A-B1CCD0F39166} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{3A7E1D2D-1EFA-4F12-BB8C-113E2D5DD4D4} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{3A458B8A-C4F1-4EBC-AC24-A46881F6FADD} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{3A2B76CC-09E4-4787-AABD-8482482B0FBE} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{3742E65F-5125-49F1-85DC-41C4124381B2} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{36848C4E-7AAD-4D27-AACB-80C180420BF6} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{363BB14A-EC6F-4967-AA0C-7ED4C67CCE80} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{362A3B8B-A26D-4319-B065-2B16667DBE6F} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{35122F23-7BD4-443E-87DE-E91588124C7A} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{340BB1A0-F42C-4604-AB61-162AFF1BA661} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{3313D7D3-FD35-4E05-9AC3-C67CF455391A} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{329F3245-604D-4023-95FF-1FDD3F322CB2} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{30BE69E4-EDE1-45F8-A9B6-D09DEEC92C42} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{307CF709-0ACB-4558-BE22-072ADF8F64D9} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{2F28FBCF-41BC-4EF3-9E3C-8C9BACB29A6B} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{2ECEBE9A-8920-4C9F-8E3D-65B0CB5E6227} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{2E5DBA61-383E-49F3-B9A8-89A139EC91EB} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{2DB4231D-9C9E-42C4-8F9D-F04FCF60F5BC} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{2BC5581A-6B19-4789-A660-5B19E50FEA8F} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{2B5548BC-025E-4F3F-8108-C593D9092562} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{2AB4C3BE-0266-4E6F-A3F7-FEA06EC8F1E1} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{2A5A26C4-10EC-4C8E-A6FE-FDB7F625646B} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{2A4B9E95-9901-4491-BC76-2201FB23CCDE} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{298D083E-F0C9-4CED-9FDF-5009D8461624} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{27256B47-523E-4166-B2CC-977F30CC3B8C} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{26C9E18D-8205-4DA0-82D5-A886F85A2EC6} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{26AAA5BF-912C-4706-91E8-2A49FE48BB3D} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{261E9C67-2D4C-4548-8580-9E0D2981F356} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{25B6B2F4-FB59-4BBF-86F8-861B95E90212} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{257E7EFC-505E-4463-90D7-47CABAE4FB01} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{2328571F-CFD8-4E83-BF24-4D17282E80EC} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{2289868E-BE38-4C7B-B276-2096916C6268} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{213BD6ED-AE12-44A9-85CD-214779D3F817} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{2105DD8A-6F0A-4E2C-8C71-2485D6DA054B} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{1F55FCDC-7F66-4EC3-89B5-1866199842C9} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{1F510984-028B-422D-8C0F-355151A88771} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{1EFC5118-05CB-43A9-96F9-FC1D8D369850} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{1E704645-6F37-48B9-A2A6-F1EC52D044D7} scheduled to be deleted on reboot.

wolfas13 · Answer

voila la suite du rapport:



Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{1E206E8E-9667-44C9-8956-A57330A93BE6} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{1DC23FFB-A458-41AF-83CF-70B3CD8A06BC} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{1C59BF5C-3E75-48DC-B24B-3C856854D497} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{1C38DC78-549F-4180-8CD2-D3300490FD15} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{1B30583C-FE13-4343-82B2-196319D82E74} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{1B1EC9FF-5051-4AD0-B7E6-E6E0E4BE6387} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{1AE0B038-14A9-4DCE-B0F6-1A7120C2859C} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{1A4049A0-4FB4-42CA-8718-419137867C90} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{19EA218D-1774-4BC4-89EF-00BE7FF06CF5} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{197ACE83-A334-4F63-A818-12818717D5AD} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{1941AB9C-EA36-401B-B938-8070A801228C} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{19419B36-8BE0-4685-B76D-3E26D3E4FD03} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{18BDED43-3A99-4503-AFDB-76950A8C2B29} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{18504AB0-1656-47DC-BE7B-A6401AD481C7} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{16D5839A-D12E-42A5-88DA-683A2EE20EC2} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{16B173F4-10FA-41E2-AAC5-9C458CF58638} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{15CE6695-9ED2-493F-AB70-4E4BDE90A2D9} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{159F9BA6-FF3A-4183-B5B7-3DED28302B10} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{14508DEE-39E6-4DA1-9792-54C8F9CC18D9} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{13FDB920-03C8-4C42-9472-4CA02C7878EB} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{13F5170D-7B6D-4B5C-97F8-A2E96EA14451} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{13BA26FE-C7E4-4DF8-8B31-FD3E2E3CED2B} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{134914BF-9FC3-4877-B0BC-F69E105EDFBD} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{12F406D9-0DDC-4EB7-8251-DFB1C2C78EF4} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{125FB6A4-4149-4A07-9660-77F27EEEE1F0} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{125B8332-85F7-4CF7-93E4-1E9B5546FDE5} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{1208C106-1B76-4059-A2AB-EC95DBF209AE} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{11B79323-29B2-43CC-9E4A-A0DD4C5FE98A} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{113BA108-3525-411A-B9ED-00FE1E395CAD} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{110DAC0A-EDFE-4B8F-B3B8-66BECC16CD9F} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{10E7D5D5-8EF3-4EB6-8F7D-EF037249D4A5} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{10BE5A6F-BB7D-495D-AF0B-68247F53F156} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{10885A90-5A8F-4FBE-A2DA-2CA3C8D31382} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{0F82108E-0F8D-4FCC-A194-229374F4AEA5} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{0E85F08C-6F21-4FDE-ABBC-1AF1AB740317} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{0DC561E1-9E48-4250-BC2C-A7C662F046B2} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{0D361B7E-D1CD-4221-9A5E-8737819DC705} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{0CEC0B6B-615E-43D7-96D5-7195400E5526} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{0B956D90-D55B-43A5-8740-5F32720512D8} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{0B5AD1EF-A39F-4D58-9382-453F46E398D7} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{0B016D4F-D627-4C1C-B5EA-094E5995D3C8} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{0A585D22-9786-43BB-92FB-E2CE0B4CB688} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{099E43D6-5E8D-40A3-88B9-AA79E49B17D3} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{0954045C-C12A-4FE1-8122-369B7C4B890A} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{085DB3A9-022D-4CF1-9FBA-E6F904E00BFC} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{07B8B922-5F2C-40FF-B7E2-3D96901FB781} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{038D82DC-59BD-4477-9527-43EB901340EA} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{037D5DAD-6CAD-4EA4-8221-7382F8D53EE1} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{0155053F-D822-4E81-9997-90A011AE420F} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{01227E41-1E2C-4780-83F2-3FB1A3699C9A} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{00E04411-30E5-4190-9F76-A2C81098E6A7} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{00C45FB1-FDA2-443A-AEE0-76F25DAB316C} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{00665EF8-F340-483C-90EC-060E21D2E8BF} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Shared scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\SVAR scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PollManager scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PEPCollectors scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\MsgQueue scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08} scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\PIF scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\IDS scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Temp scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Common Client scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec\Cleanup scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Documents and Settings\All Users\Application Data\Symantec scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Program Files\Symantec\LiveUpdate scheduled to be deleted on reboot.
Folder cleanup  failed. C:\Program Files\Symantec scheduled to be deleted on reboot.
File/Folder C:\Program Files\NewDotNet not found.
 
Created on 11/11/2007 12:58:48

wolfas13 · Answer

je temontre le rapport hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:22  nicolas, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
SvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
SvcLog.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
SvcAppFlt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
TrayFw.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\NCH Swift Sound\Recordpadecordpad.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1
icolas\1TEKCO~1\F1Driver.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe
C:\WINDOWS\system32\MsiExec.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.avast.com/fr-fr/index
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet
ewdotnet7_48.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: {c24247a8-8250-fbaa-d014-9b58145df097} - {790fd541-85b9-410d-aabf-05288a74242c} - C:\WINDOWS\system32\ybmyonaa.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
TrayFw.exe
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation
Tune\nTune.exe" clear
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Recordpad] "C:\Program Files\NCH Swift Sound\Recordpadecordpad.exe" -logon
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [105deb37] rundll32.exe "C:\WINDOWS\system32\mngidhqo.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [La_View Mouse] C:\PROGRA~1
icolas\1TEKCO~1\F1Driver.exe
O4 - HKCU\..\Run: [DeskSpace] C:\Program Files\DeskSpace\deskspace.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: STK017 PNP Monitor.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/DataServer/Pub/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: winexz32 - winexz32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
SvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
SvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
SvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

wolfas13 · Answer

et voila celui de combofix(dsl pour le flood mais les scans sont long ): j'ai un installer ccommon qui se lance à chaque démarrage de xp. je te le dis parce que ca peut peut-être t'aider dans mon problème. ça fait de puis que j'ai fait Otmoveit que ça apparaît. ComboFix 07-11-08.1 - nicolas 2007-11-11 13:25:26.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1100 [GMT 1:00] Running from: C:\Documents and Settings icolas\Bureau\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk C:\Documents and Settings icolas\Favoris\Online Security Guide.lnk C:\WINDOWS\cookies.ini C:\WINDOWS\system32\zctqcksc.dllbox . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-11 to 2007-11-11 )))))))))))))))))))))))))))))))))))) . 2007-11-11 10:27 d-------- C:\New Folder 2007-11-11 10:27 d-------- C:\hijackthis 2007-11-11 10:07 d-------- C:\VundoFix Backups 2007-11-09 18:30 d-------- C:\Program Files\Navilog1 2007-11-08 21:09 584,683 ---hs---- C:\WINDOWS\system32\oqhdignm.ini2 2007-11-07 20:50 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-06 20:52 d-------- C:\Documents and Settings icolas\Application Data\Grisoft 2007-11-06 20:52 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-11-06 20:52 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-11-06 20:30 4,080 --a------ C:\WINDOWS\system32 mp.reg 2007-11-06 19:07 d-------- C:\Program Files\Avira 2007-11-06 19:07 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2007-11-06 18:49 d-------- C:\Program Files\Panda Security 2007-10-29 16:59 589 --a------ C:\WINDOWS\system32\farbggvr.dll 2007-10-29 12:38 d-------- C:\Documents and Settings icolas\Application Data\ArcSoft 2007-10-29 12:37 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys 2007-10-29 12:36 d-------- C:\Program Files\Hercules 2007-10-29 12:36 d-------- C:\Program Files\Fichiers communs\ArcSoft 2007-10-29 12:36 245,408 --a------ C:\WINDOWS\system32\unicows.dll 2007-10-29 12:36 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL 2007-10-29 12:34 d-------- C:\WINDOWS\OvtCam 2007-10-29 12:34 161,792 --------- C:\WINDOWS\system32\drivers\ov530vid.sys 2007-10-29 12:34 61,440 --------- C:\WINDOWS\ov530dib.dll 2007-10-29 12:34 40,960 --------- C:\WINDOWS\system32\ov530ext.dll 2007-10-29 12:34 25,177 --------- C:\WINDOWS\system32\drivers\ov530cmd.sys 2007-10-29 12:34 16,440 --------- C:\WINDOWS\system32\ov530usd.dll 2007-10-29 09:57 d-------- C:\Documents and Settings icolas\Application Data\Recordpad 2007-10-29 09:19 589 --a------ C:\WINDOWS\system32\ehvecyts.dll 2007-10-27 16:21 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll 2007-10-27 16:21 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll 2007-10-27 16:21 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll 2007-10-27 16:21 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll 2007-10-27 16:21 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll 2007-10-27 16:21 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll 2007-10-27 16:21 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll 2007-10-27 16:17 d-------- C:\Program Files\Electronic Arts 2007-10-24 15:08 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-10-24 12:48 d-------- C:\Program Files\MediaCoder 2007-10-24 12:42 d-------- C:\Program Files\GXTranscoder.net AWE 2007-10-24 10:28 d-------- C:\Documents and Settings icolas\Application Data\AVS4YOU 2007-10-24 10:28 d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU 2007-10-24 10:27 d-------- C:\Program Files\Fichiers communs\AVSMedia 2007-10-24 10:25 d-------- C:\Program Files\AVS4YOU 2007-10-24 10:23 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll 2007-10-24 10:23 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-10-24 10:23 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll 2007-10-24 10:23 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll 2007-10-24 10:23 139,264 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-10-24 10:10 d-------- C:\Temp 2007-10-24 10:05 d-------- C:\Program Files\QuickTime 2007-10-24 10:05 d-------- C:\Program Files\ImTOO 2007-10-21 11:00 d-------- C:\Program Files\oZone3D 2007-10-20 13:04 d-------- C:\Documents and Settings\All Users\Application Data\NCH Software 2007-10-14 13:34 d-------- C:\Program Files\NCH Software 2007-10-14 13:34 d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound 2007-10-14 13:32 d-------- C:\Program Files\NCH Swift Sound 2007-10-14 13:32 d-------- C:\Documents and Settings icolas\Application Data\NCH Swift Sound 2007-10-14 13:31 d-------- C:\Program Files\Winamp 2007-10-14 13:31 d-------- C:\Documents and Settings icolas\Application Data\Winamp 2007-10-13 17:31 d-------- C:\Program Files\GT2002 2007-10-13 11:16 d-------- C:\WINDOWS\pss 2007-10-11 20:23 d-------- C:\Program Files\WinMX 2007-10-11 19:37 d-------- C:\Program Files\WinISO 2007-10-11 18:33 d-------- C:\Program Files\Smart Projects 2007-10-11 16:32 d-------- C:\Documents and Settings\All Users\Application Data\WinZip . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-11 12:05 --------- d-----w C:\Documents and Settings icolas\Application Data\OpenOffice.org2 2007-11-11 11:56 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2007-11-11 11:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-11-11 09:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2007-11-07 16:33 --------- d-----w C:\Program Files\STK017_V2.01 2007-10-29 11:36 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-24 08:28 --------- d-----w C:\Documents and Settings icolas\Application Data\Nokia Multimedia Player 2007-10-22 19:23 --------- d-----w C:\Documents and Settings icolas\Application Data\DivX 2007-10-22 19:10 --------- d-----w C:\Program Files\Picasa2 2007-10-21 15:33 --------- d-----w C:\Program Files\Java 2007-10-20 10:31 --------- d-----w C:\Program Files\DeskSpace 2007-10-12 18:36 --------- d-----w C:\Program Files\Silkroad 2007-10-07 08:06 --------- d-----w C:\Program Files\Elaborate Bytes 2007-10-06 16:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\SlySoft 2007-10-06 16:20 --------- d-----w C:\Program Files\SlySoft 2007-10-06 16:17 --------- d-----w C:\Documents and Settings icolas\Application Data\Skype 2007-10-06 16:08 --------- d-----w C:\Program Files\DiskTrix 2007-10-06 16:03 --------- d-----w C:\Documents and Settings icolas\Application Data\OtakuSoftware 2007-10-06 15:44 --------- d-----w C:\Documents and Settings icolas\Application Data\Joost 2007-10-05 17:12 --------- d-----w C:\Program Files\AxBx 2007-10-04 16:09 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-10-04 16:09 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2007-10-04 16:09 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-10-04 16:09 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-10-04 16:09 --------- d-----w C:\Program Files\Symantec 2007-09-29 09:32 --------- d-----w C:\Documents and Settings icolas\Application Data\Nokia 2007-09-23 17:19 --------- d-----w C:\Program Files\Nokia 2007-09-23 17:19 --------- d-----w C:\Program Files\Fichiers communs\Nokia 2007-09-23 17:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nokia 2007-09-21 19:41 --------- d-----w C:\Program Files\DivX 2007-09-18 12:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat 2007-09-18 12:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat 2007-09-18 12:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat 2007-09-18 12:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf 2007-09-18 12:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf 2007-09-18 12:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf 2007-09-18 12:43 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys 2007-09-18 12:43 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys 2007-09-18 12:43 278,576 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys 2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2007-09-17 18:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2007-09-17 18:22 739,840 ----a-w C:\WINDOWS\system32\DivX.dll 2007-09-16 14:21 --------- d-----w C:\Program Files\PhotoFiltre 2007-09-15 19:12 --------- d-----w C:\Program Files\eRightSoft 2007-09-13 11:54 --------- d-----w C:\Program Files\Skype 2007-09-13 11:54 --------- d-----w C:\Program Files\Fichiers communs\Skype 2007-09-13 11:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2007-09-11 23:14 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-08-15 22:33 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-08-15 22:33 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-08-15 22:33 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-08-15 22:33 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2007-08-15 22:33 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2007-08-15 22:33 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2007-08-15 22:33 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-08-15 22:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-08-15 22:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-08-15 22:31 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-08-15 22:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-08-15 22:30 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-05-18 16:40 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe 2006-05-03 09:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 10:47:16 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll . ((((((((((((((((((((((((((((( snapshot@2007-11-08_21.06.23.70 ))))))))))))))))))))))))))))))))))))))))) . - 2007-09-07 11:05:19 62,016 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys + 2007-11-11 09:40:15 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}] C:\Program Files\NewDotNet ewdotnet7_48.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{790fd541-85b9-410d-aabf-05288a74242c}] C:\WINDOWS\system32\ybmyonaa.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin TrayFw.exe" [2005-04-29 17:22] "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation Tune\nTune.exe" [2004-12-06 11:06] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-09 08:29] "nwiz"="nwiz.exe" [2006-03-09 08:29 C:\WINDOWS\system32 wiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-09 08:29] "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-03-14 19:10] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] "SoundMan"="SOUNDMAN.EXE" [2006-11-17 04:42 C:\WINDOWS\soundman.exe] "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 14:10] "Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22] "AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 14:53] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28] "Recordpad"="C:\Program Files\NCH Swift Sound\Recordpad ecordpad.exe" [2007-10-29 09:56] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-11 10:40] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25] "105deb37"="C:\WINDOWS\system32\mngidhqo.dll" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-18 18:07] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00] "La_View Mouse"="C:\PROGRA~1 icolas\1TEKCO~1\F1Driver.exe" [2006-01-04 17:32] "DeskSpace"="C:\Program Files\DeskSpace\deskspace.exe" [] "ares"="C:\Program Files\Ares\Ares.exe" [] [HKEY_USERS\.default\software\microsoft\windows\currentversion un] "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "AllowLegacyWebView"=1 (0x1) "AllowUnhashedWebView"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\WB] C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 22:34 24576 C:\Program Files\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\winexz32] winexz32.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] "C:\Program Files\Ares\Ares.exe" -h [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{634bfe42-0566-11dc-9e73-806d6172696f}] \Shell\AutoRun\command - F:\POV.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd5ec2a8-055f-11dc-9694-0006f404143d}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e \Shell\Open\command - G:\Boot.exe e *Newly Created Service* - COMHOST . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-11 13:31:58 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2007-11-11 13:33:46 - machine was rebooted C:\ComboFix2.txt ... 2007-11-08 21:07 . --- E O F ---

Regis59 · Answer

Re;

télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

C:\WINDOWS\system32\oqhdignm.ini2
C:\WINDOWS\system32\farbggvr.dll 
C:\WINDOWS\system32\mngidhqo.dll

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes. 

Puis, ouvre le bloc note et copie colle ceci:(Regedit4 tu le met sur la 1ere ligne du bloc note)

REGEDIT4

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{790fd541-85b9-410d-aabf-05288a74242c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"=-
"Symantec PIF AlertEng"=-
"105deb37"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\winexz32]

Fais Fichier < enregistrer sous.
Nom du fichier, met bureau.reg 
Type : sélectionne "tous les fichiers" 
clique sur enregistrer 

Double clique sur bureau.reg et accepte la fusion avec le registre.

Puis redemarre ton PC et remet un HijackThis + Combofix.

A+

wolfas13 · Answer

tiens voila le rapport de hijackthis. je te poste celui de combofix au redémarrage :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:38  nicolas, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
SvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
SvcLog.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
SvcAppFlt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
TrayFw.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1
icolas\1TEKCO~1\F1Driver.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\hijackthis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\MsiExec.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.avast.com/fr-fr/index
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: {c24247a8-8250-fbaa-d014-9b58145df097} - {790fd541-85b9-410d-aabf-05288a74242c} - C:\WINDOWS\system32\ybmyonaa.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
TrayFw.exe
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation
Tune\nTune.exe" clear
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [La_View Mouse] C:\PROGRA~1
icolas\1TEKCO~1\F1Driver.exe
O4 - HKCU\..\Run: [DeskSpace] C:\Program Files\DeskSpace\deskspace.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: STK017 PNP Monitor.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/DataServer/Pub/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
SvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
SvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
SvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

wolfas13 · Answer

voila le rapport de combofix

ComboFix 07-11-08.1 - nicolas 2007-11-12 10:29:09.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1113 [GMT 1:00]
Running from: C:\Documents and Settings\nicolas\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2007-10-12 to 2007-11-12 ))))))))))))))))))))))))))))))))))))
.

2007-11-11 17:16 <REP> d-------- C:\Program Files\Norton 360
2007-11-11 17:15 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-11-11 17:15 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-11-11 10:27 <REP> d-------- C:\New Folder
2007-11-11 10:27 <REP> d-------- C:\hijackthis
2007-11-11 10:07 <REP> d-------- C:\VundoFix Backups
2007-11-09 18:30 <REP> d-------- C:\Program Files\Navilog1
2007-11-07 20:50 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-06 20:52 <REP> d-------- C:\Documents and Settings\nicolas\Application Data\Grisoft
2007-11-06 20:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-06 20:52 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-06 20:30 4,080 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-06 19:07 <REP> d-------- C:\Program Files\Avira
2007-11-06 19:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-06 18:49 <REP> d-------- C:\Program Files\Panda Security
2007-10-29 12:38 <REP> d-------- C:\Documents and Settings\nicolas\Application Data\ArcSoft
2007-10-29 12:37 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys
2007-10-29 12:36 <REP> d-------- C:\Program Files\Hercules
2007-10-29 12:36 <REP> d-------- C:\Program Files\Fichiers communs\ArcSoft
2007-10-29 12:36 245,408 --a------ C:\WINDOWS\system32\unicows.dll
2007-10-29 12:36 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-10-29 12:34 <REP> d-------- C:\WINDOWS\OvtCam
2007-10-29 12:34 161,792 --------- C:\WINDOWS\system32\drivers\ov530vid.sys
2007-10-29 12:34 61,440 --------- C:\WINDOWS\ov530dib.dll
2007-10-29 12:34 40,960 --------- C:\WINDOWS\system32\ov530ext.dll
2007-10-29 12:34 25,177 --------- C:\WINDOWS\system32\drivers\ov530cmd.sys
2007-10-29 12:34 16,440 --------- C:\WINDOWS\system32\ov530usd.dll
2007-10-29 09:57 <REP> d-------- C:\Documents and Settings\nicolas\Application Data\Recordpad
2007-10-27 16:21 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-10-27 16:21 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-10-27 16:21 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-10-27 16:21 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-10-27 16:21 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-10-27 16:21 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-10-27 16:21 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-10-27 16:17 <REP> d-------- C:\Program Files\Electronic Arts
2007-10-24 15:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-24 12:48 <REP> d-------- C:\Program Files\MediaCoder
2007-10-24 12:42 <REP> d-------- C:\Program Files\GXTranscoder.net AWE
2007-10-24 10:28 <REP> d-------- C:\Documents and Settings\nicolas\Application Data\AVS4YOU
2007-10-24 10:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2007-10-24 10:27 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia
2007-10-24 10:25 <REP> d-------- C:\Program Files\AVS4YOU
2007-10-24 10:23 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll
2007-10-24 10:23 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-10-24 10:23 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-10-24 10:23 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2007-10-24 10:23 139,264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-10-24 10:10 <REP> d-------- C:\Temp
2007-10-24 10:05 <REP> d-------- C:\Program Files\QuickTime
2007-10-24 10:05 <REP> d-------- C:\Program Files\ImTOO
2007-10-21 11:00 <REP> d-------- C:\Program Files\oZone3D
2007-10-20 13:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NCH Software
2007-10-14 13:34 <REP> d-------- C:\Program Files\NCH Software
2007-10-14 13:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2007-10-14 13:32 <REP> d-------- C:\Program Files\NCH Swift Sound
2007-10-14 13:32 <REP> d-------- C:\Documents and Settings\nicolas\Application Data\NCH Swift Sound
2007-10-14 13:31 <REP> d-------- C:\Program Files\Winamp
2007-10-14 13:31 <REP> d-------- C:\Documents and Settings\nicolas\Application Data\Winamp
2007-10-13 17:31 <REP> d-------- C:\Program Files\GT2002
2007-10-13 11:16 <REP> d-------- C:\WINDOWS\pss

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-12 09:20 --------- d-----w C:\Documents and Settings\nicolas\Application Data\OpenOffice.org2
2007-11-11 16:35 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-11-11 16:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-11 16:19 806 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-11-11 16:19 8,014 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-11-11 16:19 --------- d-----w C:\Program Files\Symantec
2007-11-11 09:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-07 16:33 --------- d-----w C:\Program Files\STK017_V2.01
2007-10-29 11:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-24 08:28 --------- d-----w C:\Documents and Settings\nicolas\Application Data\Nokia Multimedia Player
2007-10-22 19:23 --------- d-----w C:\Documents and Settings\nicolas\Application Data\DivX
2007-10-22 19:10 --------- d-----w C:\Program Files\Picasa2
2007-10-21 15:33 --------- d-----w C:\Program Files\Java
2007-10-20 10:31 --------- d-----w C:\Program Files\DeskSpace
2007-10-12 18:36 --------- d-----w C:\Program Files\Silkroad
2007-10-11 19:25 --------- d-----w C:\Program Files\WinMX
2007-10-11 18:39 --------- d-----w C:\Program Files\WinISO
2007-10-11 17:33 --------- d-----w C:\Program Files\Smart Projects
2007-10-11 15:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-10-07 08:06 --------- d-----w C:\Program Files\Elaborate Bytes
2007-10-06 16:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\SlySoft
2007-10-06 16:20 --------- d-----w C:\Program Files\SlySoft
2007-10-06 16:17 --------- d-----w C:\Documents and Settings\nicolas\Application Data\Skype
2007-10-06 16:08 --------- d-----w C:\Program Files\DiskTrix
2007-10-06 16:03 --------- d-----w C:\Documents and Settings\nicolas\Application Data\OtakuSoftware
2007-10-06 15:44 --------- d-----w C:\Documents and Settings\nicolas\Application Data\Joost
2007-10-05 17:12 --------- d-----w C:\Program Files\AxBx
2007-09-29 09:32 --------- d-----w C:\Documents and Settings\nicolas\Application Data\Nokia
2007-09-23 17:19 --------- d-----w C:\Program Files\Nokia
2007-09-23 17:19 --------- d-----w C:\Program Files\Fichiers communs\Nokia
2007-09-23 17:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nokia
2007-09-21 19:41 --------- d-----w C:\Program Files\DivX
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-09-17 18:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-09-17 18:22 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-09-16 14:21 --------- d-----w C:\Program Files\PhotoFiltre
2007-09-15 19:12 --------- d-----w C:\Program Files\eRightSoft
2007-09-13 11:54 --------- d-----w C:\Program Files\Skype
2007-09-13 11:54 --------- d-----w C:\Program Files\Fichiers communs\Skype
2007-09-13 11:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-09-11 23:14 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-08-15 22:33 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-08-15 22:33 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-08-15 22:33 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-08-15 22:33 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-08-15 22:33 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-08-15 22:33 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-08-15 22:33 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-08-15 22:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-08-15 22:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-08-15 22:31 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-08-15 22:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-08-15 22:30 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-05-18 16:40 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2006-05-03 09:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((( snapshot@2007-11-08_21.06.23.70 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-09-07 11:05:19 62,016 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-11-11 09:40:15 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
- 2006-09-19 10:44:04 15,664 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
+ 2006-09-19 11:44:04 15,664 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
- 2007-09-18 12:43:36 278,576 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
+ 2007-01-12 02:22:14 247,608 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
- 2007-09-18 12:43:36 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
+ 2007-01-12 02:22:20 276,792 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
- 2007-09-18 12:43:36 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
+ 2007-01-12 02:22:18 25,400 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
- 2006-10-03 15:47:52 109,360 ----a-w C:\WINDOWS\system32\GEARAspi.dll
+ 2006-10-03 16:47:52 109,360 ----a-w C:\WINDOWS\system32\GEARAspi.dll
+ 2007-08-07 12:37:56 53,248 ----a-w C:\WINDOWS\system32\Macromed\Common\SwSupport.dll
+ 2007-08-07 16:20:44 182,248 ----a-w C:\WINDOWS\system32\Macromed\Director\SwDir.dll
+ 2007-08-07 12:35:56 585,728 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Control.dll
+ 2007-08-07 12:19:40 1,490,944 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\dirapi.dll
+ 2007-08-07 12:36:32 24,576 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\DynaPlayer.dll
+ 2007-08-07 15:52:32 1,113,600 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\gi.dll
+ 2007-08-07 12:08:48 52,288 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\gtapi.dll
+ 2007-08-07 12:17:24 606,208 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\iml32.dll
+ 2007-08-07 12:35:22 339,968 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Plugin.dll
+ 2007-08-07 12:35:32 483,328 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\PluginPing.dll
+ 2007-08-07 12:28:38 180,224 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Proj.dll
+ 2007-08-07 16:20:28 391,144 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwHelper_1020023.exe
+ 2007-08-07 12:37:56 77,824 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwInit.exe
+ 2007-08-07 12:35:18 86,016 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwMenu.dll
+ 2007-08-07 12:37:58 98,304 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwOnce.dll
+ 2007-08-07 12:08:46 50,808 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SYMCCHECKER.DLL
+ 1999-06-25 09:55:30 149,504 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE
- 2007-07-12 00:49:26 186,256 ----a-w C:\WINDOWS\system32\SymNPPWA.dll
+ 2007-02-19 03:23:04 185,496 ----a-r C:\WINDOWS\system32\SymNppWA.dll
+ 2007-11-12 09:22:00 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_7d4.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-04-29 17:22]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" [2004-12-06 11:06]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-09 08:29]
"nwiz"="nwiz.exe" [2006-03-09 08:29 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-09 08:29]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 04:42 C:\WINDOWS\soundman.exe]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 14:10]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 14:53]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-11 10:40]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-03-15 04:10]
"TP CfgWiz"="C:\Program Files\Fichiers communs\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymCuw.exe" [2007-02-08 15:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-18 18:07]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]
"La_View Mouse"="C:\PROGRA~1\nicolas\1TEKCO~1\F1Driver.exe" [2006-01-04 17:32]
"DeskSpace"="C:\Program Files\DeskSpace\deskspace.exe" []
"ares"="C:\Program Files\Ares\Ares.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\nicolas\Menu D‚marrer\Programmes\D‚marrage\
Alienware Dock.lnk - C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe [2007-07-01 10:24:53 nicolas]
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-01-25 18:42:22 nicolas]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-05-18 18:07:34 nicolas]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 22:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"C:\Program Files\Ares\Ares.exe" -h

R2 TICalc;TICalc;C:\WINDOWS\system32\drivers\TICalc.sys
R3 ATMELFVNETusb(AR)(R);ATMEL FVNETusb(AR)(R) Service for ATMEL USB FastVNET (AR);C:\WINDOWS\system32\DRIVERS\vnetusbr.sys
S3 ovt530;Webcam Classic;C:\WINDOWS\system32\Drivers\ov530vid.sys
S3 SaiHFF0C;SaiHFF0C;C:\WINDOWS\system32\DRIVERS\SaiHFF0C.sys
S3 SaiUFF0C;SaiUFF0C;C:\WINDOWS\system32\DRIVERS\SaiUFF0C.sys
S3 SilverLink;Texas Instruments SilverLink (USB GraphLink) Cable;C:\WINDOWS\system32\Drivers\SilvrLnk.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{634bfe42-0566-11dc-9e73-806d6172696f}]
\Shell\AutoRun\command - F:\POV.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd5ec2a8-055f-11dc-9694-0006f404143d}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
\Shell\Open\command - G:\Boot.exe e

*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-12 10:33:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-12 10:35:07
C:\ComboFix2.txt ... 2007-11-11 16:45
C:\ComboFix3.txt ... 2007-11-11 13:33
.
--- E O F ---

quand j'ai fait, combofix il m'est arrivé qu'un message de antivir me demandant de choisir ce que je voulais faire du fichier nlihtsrl.dll ( Inject jt) apparaisse. Sinon, je n'ai plus de soucis. L'ordinateur ne rame plus; pas de trianlge jaunedans la barre de notificatin, ni d'icone de one life stafety et autres du même genre sur le bureau. Ca m'a l'air ok; j'attends juste que tu vérifie mais rapports pour le confirmer. Je conclurai la discussin au prochain message si tu me dis que tout est reparti comme en l'an 40. A+

wolfas13 · Answer

j'ai reinstallé norton 360 pour enlever le probleme de li'nstall de CCC Common.msi.apparemment cette boite de message n'apparait plus. je continue quand meme a suivre tes indications. ++

Regis59 · Answer

Re

¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

O2 - BHO: {c24247a8-8250-fbaa-d014-9b58145df097} - {790fd541-85b9-410d-aabf-05288a74242c} - C:\WINDOWS\system32\ybmyonaa.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) 

Ferme HijackThis.

Supprime ceci avec Otmoveit:

C:\WINDOWS\system32\ehvecyts.dll 
C:\WINDOWS\system32\ybmyonaa.dll

Copie colle le rapport + un HijackThis + un combofix + les soucis actuels.

a+

wolfas13 · Answer

ok je m-y mets tout de suite et je te rapporte mes soucis. merci

wolfas13 · Answer

voila le rapport de OTmoveit 

LoadLibrary failed for C:\WINDOWS\system32\ehvecyts.dll
C:\WINDOWS\system32\ehvecyts.dll NOT unregistered.
C:\WINDOWS\system32\ehvecyts.dll moved successfully.
File/Folder C:\WINDOWS\system32\ybmyonaa.dll not found.
 
Created on 11/12/2007 10:25:31



RAPPORT de HIJACKTHIS



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26  nicolas, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
SvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
SvcLog.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
SvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
TrayFw.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Fichiers communs\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymCuw.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1
icolas\1TEKCO~1\F1Driver.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.avast.com/fr-fr/index
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
TrayFw.exe
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation
Tune\nTune.exe" clear
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TP CfgWiz] "C:\Program Files\Fichiers communs\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymCuw.exe" -G:{2D617065-1C52-4240-B5BC-C0AE12157777} -T:Config
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [La_View Mouse] C:\PROGRA~1
icolas\1TEKCO~1\F1Driver.exe
O4 - HKCU\..\Run: [DeskSpace] C:\Program Files\DeskSpace\deskspace.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: STK017 PNP Monitor.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/DataServer/Pub/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
SvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
SvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
SvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

wolfas13 · Answer

voila le rapport de combofix

ComboFix 07-11-08.1 - nicolas 2007-11-12 10:29:09.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1113 [GMT 1:00]
Running from: C:\Documents and Settings\nicolas\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2007-10-12 to 2007-11-12 ))))))))))))))))))))))))))))))))))))
.

2007-11-11 17:16 <REP> d-------- C:\Program Files\Norton 360
2007-11-11 17:15 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-11-11 17:15 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-11-11 10:27 <REP> d-------- C:\New Folder
2007-11-11 10:27 <REP> d-------- C:\hijackthis
2007-11-11 10:07 <REP> d-------- C:\VundoFix Backups
2007-11-09 18:30 <REP> d-------- C:\Program Files\Navilog1
2007-11-07 20:50 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-06 20:52 <REP> d-------- C:\Documents and Settings\nicolas\Application Data\Grisoft
2007-11-06 20:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-06 20:52 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-06 20:30 4,080 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-06 19:07 <REP> d-------- C:\Program Files\Avira
2007-11-06 19:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-06 18:49 <REP> d-------- C:\Program Files\Panda Security
2007-10-29 12:38 <REP> d-------- C:\Documents and Settings\nicolas\Application Data\ArcSoft
2007-10-29 12:37 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys
2007-10-29 12:36 <REP> d-------- C:\Program Files\Hercules
2007-10-29 12:36 <REP> d-------- C:\Program Files\Fichiers communs\ArcSoft
2007-10-29 12:36 245,408 --a------ C:\WINDOWS\system32\unicows.dll
2007-10-29 12:36 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-10-29 12:34 <REP> d-------- C:\WINDOWS\OvtCam
2007-10-29 12:34 161,792 --------- C:\WINDOWS\system32\drivers\ov530vid.sys
2007-10-29 12:34 61,440 --------- C:\WINDOWS\ov530dib.dll
2007-10-29 12:34 40,960 --------- C:\WINDOWS\system32\ov530ext.dll
2007-10-29 12:34 25,177 --------- C:\WINDOWS\system32\drivers\ov530cmd.sys
2007-10-29 12:34 16,440 --------- C:\WINDOWS\system32\ov530usd.dll
2007-10-29 09:57 <REP> d-------- C:\Documents and Settings\nicolas\Application Data\Recordpad
2007-10-27 16:21 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-10-27 16:21 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-10-27 16:21 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-10-27 16:21 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-10-27 16:21 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-10-27 16:21 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-10-27 16:21 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-10-27 16:17 <REP> d-------- C:\Program Files\Electronic Arts
2007-10-24 15:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-24 12:48 <REP> d-------- C:\Program Files\MediaCoder
2007-10-24 12:42 <REP> d-------- C:\Program Files\GXTranscoder.net AWE
2007-10-24 10:28 <REP> d-------- C:\Documents and Settings\nicolas\Application Data\AVS4YOU
2007-10-24 10:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2007-10-24 10:27 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia
2007-10-24 10:25 <REP> d-------- C:\Program Files\AVS4YOU
2007-10-24 10:23 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll
2007-10-24 10:23 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-10-24 10:23 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-10-24 10:23 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2007-10-24 10:23 139,264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-10-24 10:10 <REP> d-------- C:\Temp
2007-10-24 10:05 <REP> d-------- C:\Program Files\QuickTime
2007-10-24 10:05 <REP> d-------- C:\Program Files\ImTOO
2007-10-21 11:00 <REP> d-------- C:\Program Files\oZone3D
2007-10-20 13:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NCH Software
2007-10-14 13:34 <REP> d-------- C:\Program Files\NCH Software
2007-10-14 13:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2007-10-14 13:32 <REP> d-------- C:\Program Files\NCH Swift Sound
2007-10-14 13:32 <REP> d-------- C:\Documents and Settings\nicolas\Application Data\NCH Swift Sound
2007-10-14 13:31 <REP> d-------- C:\Program Files\Winamp
2007-10-14 13:31 <REP> d-------- C:\Documents and Settings\nicolas\Application Data\Winamp
2007-10-13 17:31 <REP> d-------- C:\Program Files\GT2002
2007-10-13 11:16 <REP> d-------- C:\WINDOWS\pss

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-12 09:20 --------- d-----w C:\Documents and Settings\nicolas\Application Data\OpenOffice.org2
2007-11-11 16:35 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-11-11 16:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-11 16:19 806 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-11-11 16:19 8,014 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-11-11 16:19 --------- d-----w C:\Program Files\Symantec
2007-11-11 09:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-07 16:33 --------- d-----w C:\Program Files\STK017_V2.01
2007-10-29 11:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-24 08:28 --------- d-----w C:\Documents and Settings\nicolas\Application Data\Nokia Multimedia Player
2007-10-22 19:23 --------- d-----w C:\Documents and Settings\nicolas\Application Data\DivX
2007-10-22 19:10 --------- d-----w C:\Program Files\Picasa2
2007-10-21 15:33 --------- d-----w C:\Program Files\Java
2007-10-20 10:31 --------- d-----w C:\Program Files\DeskSpace
2007-10-12 18:36 --------- d-----w C:\Program Files\Silkroad
2007-10-11 19:25 --------- d-----w C:\Program Files\WinMX
2007-10-11 18:39 --------- d-----w C:\Program Files\WinISO
2007-10-11 17:33 --------- d-----w C:\Program Files\Smart Projects
2007-10-11 15:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-10-07 08:06 --------- d-----w C:\Program Files\Elaborate Bytes
2007-10-06 16:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\SlySoft
2007-10-06 16:20 --------- d-----w C:\Program Files\SlySoft
2007-10-06 16:17 --------- d-----w C:\Documents and Settings\nicolas\Application Data\Skype
2007-10-06 16:08 --------- d-----w C:\Program Files\DiskTrix
2007-10-06 16:03 --------- d-----w C:\Documents and Settings\nicolas\Application Data\OtakuSoftware
2007-10-06 15:44 --------- d-----w C:\Documents and Settings\nicolas\Application Data\Joost
2007-10-05 17:12 --------- d-----w C:\Program Files\AxBx
2007-09-29 09:32 --------- d-----w C:\Documents and Settings\nicolas\Application Data\Nokia
2007-09-23 17:19 --------- d-----w C:\Program Files\Nokia
2007-09-23 17:19 --------- d-----w C:\Program Files\Fichiers communs\Nokia
2007-09-23 17:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nokia
2007-09-21 19:41 --------- d-----w C:\Program Files\DivX
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-09-17 18:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-09-17 18:22 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-09-16 14:21 --------- d-----w C:\Program Files\PhotoFiltre
2007-09-15 19:12 --------- d-----w C:\Program Files\eRightSoft
2007-09-13 11:54 --------- d-----w C:\Program Files\Skype
2007-09-13 11:54 --------- d-----w C:\Program Files\Fichiers communs\Skype
2007-09-13 11:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-09-11 23:14 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-08-15 22:33 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-08-15 22:33 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-08-15 22:33 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-08-15 22:33 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-08-15 22:33 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-08-15 22:33 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-08-15 22:33 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-08-15 22:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-08-15 22:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-08-15 22:31 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-08-15 22:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-08-15 22:30 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-05-18 16:40 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2006-05-03 09:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((( snapshot@2007-11-08_21.06.23.70 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-09-07 11:05:19 62,016 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-11-11 09:40:15 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
- 2006-09-19 10:44:04 15,664 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
+ 2006-09-19 11:44:04 15,664 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
- 2007-09-18 12:43:36 278,576 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
+ 2007-01-12 02:22:14 247,608 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
- 2007-09-18 12:43:36 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
+ 2007-01-12 02:22:20 276,792 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
- 2007-09-18 12:43:36 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
+ 2007-01-12 02:22:18 25,400 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
- 2006-10-03 15:47:52 109,360 ----a-w C:\WINDOWS\system32\GEARAspi.dll
+ 2006-10-03 16:47:52 109,360 ----a-w C:\WINDOWS\system32\GEARAspi.dll
+ 2007-08-07 12:37:56 53,248 ----a-w C:\WINDOWS\system32\Macromed\Common\SwSupport.dll
+ 2007-08-07 16:20:44 182,248 ----a-w C:\WINDOWS\system32\Macromed\Director\SwDir.dll
+ 2007-08-07 12:35:56 585,728 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Control.dll
+ 2007-08-07 12:19:40 1,490,944 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\dirapi.dll
+ 2007-08-07 12:36:32 24,576 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\DynaPlayer.dll
+ 2007-08-07 15:52:32 1,113,600 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\gi.dll
+ 2007-08-07 12:08:48 52,288 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\gtapi.dll
+ 2007-08-07 12:17:24 606,208 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\iml32.dll
+ 2007-08-07 12:35:22 339,968 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Plugin.dll
+ 2007-08-07 12:35:32 483,328 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\PluginPing.dll
+ 2007-08-07 12:28:38 180,224 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Proj.dll
+ 2007-08-07 16:20:28 391,144 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwHelper_1020023.exe
+ 2007-08-07 12:37:56 77,824 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwInit.exe
+ 2007-08-07 12:35:18 86,016 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwMenu.dll
+ 2007-08-07 12:37:58 98,304 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwOnce.dll
+ 2007-08-07 12:08:46 50,808 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SYMCCHECKER.DLL
+ 1999-06-25 09:55:30 149,504 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE
- 2007-07-12 00:49:26 186,256 ----a-w C:\WINDOWS\system32\SymNPPWA.dll
+ 2007-02-19 03:23:04 185,496 ----a-r C:\WINDOWS\system32\SymNppWA.dll
+ 2007-11-12 09:22:00 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_7d4.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-04-29 17:22]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" [2004-12-06 11:06]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-09 08:29]
"nwiz"="nwiz.exe" [2006-03-09 08:29 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-09 08:29]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 04:42 C:\WINDOWS\soundman.exe]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 14:10]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 14:53]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-11 10:40]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-03-15 04:10]
"TP CfgWiz"="C:\Program Files\Fichiers communs\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymCuw.exe" [2007-02-08 15:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-18 18:07]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]
"La_View Mouse"="C:\PROGRA~1\nicolas\1TEKCO~1\F1Driver.exe" [2006-01-04 17:32]
"DeskSpace"="C:\Program Files\DeskSpace\deskspace.exe" []
"ares"="C:\Program Files\Ares\Ares.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\nicolas\Menu D‚marrer\Programmes\D‚marrage\
Alienware Dock.lnk - C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe [2007-07-01 10:24:53 nicolas]
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-01-25 18:42:22 nicolas]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-05-18 18:07:34 nicolas]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 22:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"C:\Program Files\Ares\Ares.exe" -h

R2 TICalc;TICalc;C:\WINDOWS\system32\drivers\TICalc.sys
R3 ATMELFVNETusb(AR)(R);ATMEL FVNETusb(AR)(R) Service for ATMEL USB FastVNET (AR);C:\WINDOWS\system32\DRIVERS\vnetusbr.sys
S3 ovt530;Webcam Classic;C:\WINDOWS\system32\Drivers\ov530vid.sys
S3 SaiHFF0C;SaiHFF0C;C:\WINDOWS\system32\DRIVERS\SaiHFF0C.sys
S3 SaiUFF0C;SaiUFF0C;C:\WINDOWS\system32\DRIVERS\SaiUFF0C.sys
S3 SilverLink;Texas Instruments SilverLink (USB GraphLink) Cable;C:\WINDOWS\system32\Drivers\SilvrLnk.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{634bfe42-0566-11dc-9e73-806d6172696f}]
\Shell\AutoRun\command - F:\POV.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd5ec2a8-055f-11dc-9694-0006f404143d}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
\Shell\Open\command - G:\Boot.exe e

*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-12 10:33:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-12 10:35:07
C:\ComboFix2.txt ... 2007-11-11 16:45
C:\ComboFix3.txt ... 2007-11-11 13:33
.
--- E O F ---

quand j'ai fait, combofix il m'est arrivé qu'un message de antivir me demandant de choisir ce que je voulais faire du fichier nlihtsrl.dll ( Inject jt) apparaisse. Sinon, je n'ai plus de soucis. L'ordinateur ne rame plus; pas de trianlge jaunedans la barre de notificatin, ni d'icone de one life stafety et autres du même genre sur le bureau. Ca m'a l'air ok; j'attends juste que tu vérifie mais rapports pour le confirmer. Je conclurai la discussin au prochain message si tu me dis que tout est reparti comme en l'an 40. A+

Regis59 · Answer

Salut

Norton est mal desinstallé, as tu supprimé tous les fichiers ?
As tu un nettoyeur de registre?

A+

wolfas13 · Answer

j'ai ccleaner. il a dû mal se réinstaller ou mal se désintaller. j'ai supprimer le dossier norton 360 avant de réinstaller. Il m'est impossible quand j'ouvre la fen^tre principal d'aller dans mon compte maius il faut d'abord que je mette le code d'enregistrment et c'est mno père qui l'a reçu dnas son mail.J'ai antivir en attendant parce que norton me saoule trop ^^

wolfas13 · Answer

pour norton je m'en fais pas. merci pour les trojans a+++

J'ai un malware nommé cyberlog x hlep

29 réponses

Votre réponse

Discussions similaires

Newsletters