181 utilisateurs connectés
Your computer is infected...
Wydakers
le 17 novembre 2008 à 22h09
Bonjour à tous,
Je viens vous demander de m'aider pour un problème qui apparemment revient assez frequemment et à chaque fois vous l'avez résolu.
Il s'agit du message "pop-up" : Your computer is infected ...
Il me demande ensuite d'utiliser antivirus pro 2009 pour repérer les fichiers contaminés. Une fois ces fichiers trouvés, il me propose de les supprimer mais pour ce faire acheter une version complète de l'antivirus.
Je voudrais savoir si l'un d'entre vous pourrait me dire la marche à suivre pour me débarasser de cet intrus.
Merci d'avance pour votre aide,
Wydagkers
Je viens vous demander de m'aider pour un problème qui apparemment revient assez frequemment et à chaque fois vous l'avez résolu.
Il s'agit du message "pop-up" : Your computer is infected ...
Il me demande ensuite d'utiliser antivirus pro 2009 pour repérer les fichiers contaminés. Une fois ces fichiers trouvés, il me propose de les supprimer mais pour ce faire acheter une version complète de l'antivirus.
Je voudrais savoir si l'un d'entre vous pourrait me dire la marche à suivre pour me débarasser de cet intrus.
Merci d'avance pour votre aide,
Wydagkers
répondre
naheulbeuk
le 17 novembre 2008 à 22h14
bonsoir,
1) Télécharge SmitFraudFix
Guide d'utilisation : http://www.site-naheulbeuk.com/smitfraudfix.php
Double clic sur SmitfraudFix.exe pour le lancer
Choisis l'option 1 (Recherche)
Post moi le rapport !
2) Redémarre en mode sans échec (F8 lors du boot)
Aide : http://www.site-naheulbeuk.com/smitfraudfix.php#nettoyage
Relance SmitfraudFix et choisis cette fois l’option 2 et réponds oui à chaque question
3) Redémarre en mode normal
Post moi le 2ème rapport !
1) Télécharge SmitFraudFix
Guide d'utilisation : http://www.site-naheulbeuk.com/smitfraudfix.php
Double clic sur SmitfraudFix.exe pour le lancer
Choisis l'option 1 (Recherche)
Post moi le rapport !
2) Redémarre en mode sans échec (F8 lors du boot)
Aide : http://www.site-naheulbeuk.com/smitfraudfix.php#nettoyage
Relance SmitfraudFix et choisis cette fois l’option 2 et réponds oui à chaque question
3) Redémarre en mode normal
Post moi le 2ème rapport !
-------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/
Wydakers
le 17 novembre 2008 à 22h32
Tout d'abord un grand merci de prêter attention à mon cas 
Voici le premier rapport, je te le post déjà et pendant que tu check tout ça je suis ta procédure pour le deuxième rapport.
A tout de suite
SmitFraudFix v2.375
Rapport fait à 22:23:53,50, lun. 17/11/2008
Executé à partir de C:\Documents and Settings\HP_Propri‚taire\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HiYo\bin\HiYo.exe
C:\WINDOWS\System32\rs32net.exe
C:\WINDOWS\system32\brastk.exe
C:\Program Files\AntivirusPro2009\AntivirusPro2009.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\System32\rs32net.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\karna.dat PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\brastk.exe PRESENT !
C:\WINDOWS\system32\karna.dat PRESENT !
C:\WINDOWS\system32\_scui.cpl PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Propri‚taire
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Propri‚taire\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_PRO~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://www.rbcwat.com/images/cadcoupe06.jpg"
"SubscribedURL"="http://www.rbcwat.com/images/cadcoupe06.jpg"
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="karna.dat"
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
C:\WINDOWS\system32\drivers\beep.sys infecté !
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B00E8354-1C50-46A8-832C-F1A54435F6EF}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B00E8354-1C50-46A8-832C-F1A54435F6EF}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B00E8354-1C50-46A8-832C-F1A54435F6EF}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Voici le premier rapport, je te le post déjà et pendant que tu check tout ça je suis ta procédure pour le deuxième rapport.
A tout de suite
SmitFraudFix v2.375
Rapport fait à 22:23:53,50, lun. 17/11/2008
Executé à partir de C:\Documents and Settings\HP_Propri‚taire\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HiYo\bin\HiYo.exe
C:\WINDOWS\System32\rs32net.exe
C:\WINDOWS\system32\brastk.exe
C:\Program Files\AntivirusPro2009\AntivirusPro2009.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\System32\rs32net.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\karna.dat PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\brastk.exe PRESENT !
C:\WINDOWS\system32\karna.dat PRESENT !
C:\WINDOWS\system32\_scui.cpl PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Propri‚taire
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Propri‚taire\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_PRO~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://www.rbcwat.com/images/cadcoupe06.jpg"
"SubscribedURL"="http://www.rbcwat.com/images/cadcoupe06.jpg"
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="karna.dat"
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
C:\WINDOWS\system32\drivers\beep.sys infecté !
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B00E8354-1C50-46A8-832C-F1A54435F6EF}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B00E8354-1C50-46A8-832C-F1A54435F6EF}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B00E8354-1C50-46A8-832C-F1A54435F6EF}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Wydakers
le 17 novembre 2008 à 23h45
Et voilà avec beaucoup de retard le deuxième rapport
J'ai un peu galéré avec le mode sans échec enfin bref rien de grave. Je suis assez crevé et une longue journée m'attend donc je vais aller dormir en espérant que tu puisses toujours m'aider demain.
Merci encore
SmitFraudFix v2.375
Rapport fait à 23:22:09,84, lun. 17/11/2008
Executé à partir de C:\Documents and Settings\HP_Propri‚taire\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B00E8354-1C50-46A8-832C-F1A54435F6EF}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B00E8354-1C50-46A8-832C-F1A54435F6EF}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B00E8354-1C50-46A8-832C-F1A54435F6EF}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
J'ai un peu galéré avec le mode sans échec enfin bref rien de grave. Je suis assez crevé et une longue journée m'attend donc je vais aller dormir en espérant que tu puisses toujours m'aider demain.
Merci encore
SmitFraudFix v2.375
Rapport fait à 23:22:09,84, lun. 17/11/2008
Executé à partir de C:\Documents and Settings\HP_Propri‚taire\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B00E8354-1C50-46A8-832C-F1A54435F6EF}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B00E8354-1C50-46A8-832C-F1A54435F6EF}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B00E8354-1C50-46A8-832C-F1A54435F6EF}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
naheulbeuk
le 18 novembre 2008 à 08h31
bonjour,
tu as bien bossé
Télécharge ComboFix (créé par sUBs) sur ton Bureau
Démarre en mode sans échec : http://forum.telecharger.01net.com/telecharger/virus_et_assimiles/failles_de_(...)
Double clique combofix.exe.
Tape sur la touche 1 pour démarrer le scan puis laisse toi guider.
ComboFix redémarrera ton PC
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
tu as bien bossé
Télécharge ComboFix (créé par sUBs) sur ton Bureau
Démarre en mode sans échec : http://forum.telecharger.01net.com/telecharger/virus_et_assimiles/failles_de_(...)
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
-------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/
Wydakers
le 18 novembre 2008 à 19h10
Bonsoir,
Je viens de voir ton message et ça fait une demi-heure que j'essaye de télécharger Combofix par tous les liens possibles mais aucun ne fonctionne même le tiens. Internet Explorer ne peut pas afficher la page...
J'espère que ça vient du site et pas de mon pc
Tu pourrais vérifier si le lien fonctionne s'il te plait?
Merci
Je viens de voir ton message et ça fait une demi-heure que j'essaye de télécharger Combofix par tous les liens possibles mais aucun ne fonctionne même le tiens. Internet Explorer ne peut pas afficher la page...
J'espère que ça vient du site et pas de mon pc
Tu pourrais vérifier si le lien fonctionne s'il te plait?
Merci
naheulbeuk
le 18 novembre 2008 à 19h49
oui il marche mais peut etre que l'infection t'empèche d'y accéder
essaie ici :
http://www.site-naheulbeuk.com/cbf.exe
essaie ici :
http://www.site-naheulbeuk.com/cbf.exe
-------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/
Wydakers
le 18 novembre 2008 à 20h39
Décidemment tu as vraiment réponse à tout
Voici le rapport de Combofix.
ComboFix 08-11-12.02 - HP_Propriétaire 2008-11-18 20:09:13.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.298 [GMT 1:00]
.
ADS - svchost.exe: deleted 25088 bytes in 1 streams.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Gillou\Application Data\HbTools
c:\documents and settings\HP_Propriétaire\Application Data\gadcom
c:\documents and settings\HP_Propriétaire\Application Data\gadcom\gadcom.exe
c:\documents and settings\HP_Propriétaire\Application Data\SystemDoctor 2006 Free
c:\documents and settings\HP_Propriétaire\Application Data\SystemDoctor 2006 Free\Logs\update.log
c:\documents and settings\HP_Propriétaire\Cookies\quxamefyj.vbs
c:\documents and settings\HP_Propriétaire\Cookies\taboqi.db
c:\documents and settings\HP_Propriétaire\Local Settings\Application Data\lujfttmf.dat
c:\documents and settings\HP_Propriétaire\Local Settings\Application Data\lujfttmf_nav.dat
c:\documents and settings\HP_Propriétaire\Local Settings\Application Data\lujfttmf_navps.dat
c:\documents and settings\HP_Propriétaire\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\HP_Propriétaire\Local Settings\Temporary Internet Files\kyte.db
c:\documents and settings\HP_Propriétaire\Local Settings\Temporary Internet Files\utug.ban
c:\program files\License_Manager
c:\program files\SystemDoctor 2006 Free
c:\program files\SystemDoctor 2006 Free\lock.dat
c:\windows\brastk.exe
c:\windows\system32\cbepghmw.ini
c:\windows\system32\cixgec.dll
c:\windows\system32\DelSelf.bat
c:\windows\system32\dllcache\beep.sys
c:\windows\system32\drivers\ati4vbxx.sys
c:\windows\system32\Drivers\TDSSpqlt.sys
c:\windows\system32\iifefEvT.dll
c:\windows\system32\iiqtlhgk.dll
c:\windows\system32\karna.dat
c:\windows\system32\kghltqii.ini
c:\windows\system32\MSINET.oca
c:\windows\system32\nvs2.inf
c:\windows\system32\OYFgPqss.ini
c:\windows\system32\OYFgPqss.ini2
c:\windows\system32\rs32net.exe
c:\windows\system32\sivgawxw.dll
c:\windows\system32\ssqPgFYO.dll
c:\windows\system32\TDSShrsr.dll
c:\windows\system32\TDSSoiqh.dll
c:\windows\system32\TDSSoiqt.log
c:\windows\system32\TDSSorvd.dll
c:\windows\system32\TDSSpqlt.dat
c:\windows\system32\TDSSriqp.dll
c:\windows\system32\tufjrpes32.dll
c:\windows\system32\tuvWmJbA.dll
c:\windows\system32\ubosruhi.dll
c:\windows\system32\winjjq32.dll
c:\windows\system32\wmhgpebc.dll
c:\windows\system32\ybgepy.dll
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS
-------\Legacy_BOONTY_GAMES
-------\Legacy_fci
-------\Legacy_icf
-------\Service_ati4vbxx
-------\Service_Boonty Games
-------\Service_fci
-------\Service_icf
-------\Service_restore
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-18 au 2008-11-18 ))))))))))))))))))))))))))))))))))))
.
2014-10-21 22:43 . 2014-10-21 22:43 3,120 --a------ c:\windows\MF_C421.lfa
2014-10-21 22:43 . 2014-10-21 22:43 3,120 --a------ c:\windows\MF_C420.lfa
2008-11-17 22:24 . 2008-11-17 23:24 5,178 --a------ c:\windows\system32\tmp.reg
2008-11-17 22:23 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe
2008-11-17 22:23 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe
2008-11-17 22:23 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe
2008-11-17 22:23 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\o4Patch.exe
2008-11-17 22:23 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe
2008-11-17 22:23 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe
2008-11-17 22:23 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe
2008-11-17 22:23 . 2003-06-05 20:13 53,248 --a------ c:\windows\system32\Process.exe
2008-11-17 22:23 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe
2008-11-17 22:23 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe
2008-11-17 21:48 . 2008-11-18 20:22 5,760 --a------ c:\windows\system32\drivers\restore.sys
2008-11-17 21:26 . 2008-11-17 21:26 126,976 --a------ c:\windows\War3Unin.exe
2008-11-17 21:26 . 2008-11-17 21:29 23,688 --a------ c:\windows\War3Unin.dat
2008-11-17 21:26 . 2008-11-17 21:26 2,829 --a------ c:\windows\War3Unin.pif
2008-11-17 21:21 . 2008-11-17 21:30 <REP> d-------- c:\program files\Warcraft III
2008-11-17 18:21 . 2008-11-17 18:21 19,366 --a------ c:\windows\uzotov.reg
2008-11-17 18:21 . 2008-11-17 18:21 19,306 --a------ c:\windows\system32\cecozefire.bat
2008-11-17 18:21 . 2008-11-17 18:21 19,302 --a------ c:\documents and settings\HP_Propriétaire\Application Data\odoz.dat
2008-11-17 18:21 . 2008-11-17 18:21 18,745 --a------ c:\windows\lilyvogi.bin
2008-11-17 18:21 . 2008-11-17 18:21 18,314 --a------ c:\windows\uhyvyvi._dl
2008-11-17 18:21 . 2008-11-17 18:21 16,370 --a------ c:\windows\ijaqobajul._sy
2008-11-17 18:21 . 2008-11-17 18:21 16,161 --a------ c:\program files\Fichiers communs\ocobike.com
2008-11-17 18:21 . 2008-11-17 18:21 14,196 --a------ c:\windows\mifekafud._dl
2008-11-17 18:21 . 2008-11-17 18:21 13,703 --a------ c:\windows\system32\ezumewe.dl
2008-11-17 18:21 . 2008-11-17 18:21 13,469 --a------ c:\windows\lylewuwaju.dll
2008-11-17 18:19 . 2008-11-17 18:25 <REP> d-------- c:\program files\AntivirusPro2009
2008-11-17 16:37 . 2008-11-18 19:21 2,348 --a------ c:\windows\system32\TDSSxfum.dll
2008-11-17 16:36 . 2008-11-18 20:22 32,768 --a------ c:\windows\system32\drivers\ati2yexx.sys
2008-11-17 16:33 . 2008-11-17 16:33 104,448 --a------ C:\nriljal.exe
2008-11-17 16:33 . 2008-11-17 16:33 705 --a------ C:\psqrhqn.exe
2008-11-17 16:33 . 2008-11-17 16:33 2 --a------ C:\870640269
2008-11-17 16:33 . 2008-11-18 20:23 0 --a------ c:\windows\system32\drivers\6bdbb6f5.sys
2008-11-12 14:18 . 2008-11-12 14:18 <REP> d-------- c:\program files\Fichiers communs\Skype
2008-11-12 14:18 . 2008-11-12 14:22 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Skype
2008-11-12 11:50 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 11:49 . 2008-09-04 18:16 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 13:04 . 2008-11-11 13:04 <REP> d-------- c:\documents and settings\All Users\Application Data\IncrediMail
2008-11-09 15:37 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-11-09 15:37 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-11-09 15:36 . 2008-11-09 15:36 <REP> d-------- c:\program files\iTunes
2008-11-09 15:36 . 2008-11-09 15:36 <REP> d-------- c:\program files\iPod
2008-11-09 15:36 . 2008-11-09 15:36 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-09 15:35 . 2008-11-09 15:35 <REP> d-------- c:\program files\Bonjour
2008-11-09 15:34 . 2008-11-09 15:35 <REP> d-------- c:\program files\QuickTime
2008-11-09 15:32 . 2008-11-09 15:32 <REP> d-------- c:\program files\Apple Software Update
2008-11-09 15:32 . 2008-10-01 13:01 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys
2008-11-09 15:31 . 2008-11-09 15:31 <REP> d-------- c:\program files\Fichiers communs\Apple
2008-10-27 16:45 . 2008-10-27 16:47 3,094 --a------ c:\windows\system32\spupdsvc.inf
2008-10-27 16:40 . 2008-10-27 16:40 <REP> d-------- c:\windows\system32\bits
2008-10-27 16:40 . 2008-10-27 16:40 <REP> d-------- c:\windows\l2schemas
2008-10-27 16:37 . 2008-10-27 16:41 <REP> d-------- c:\windows\ServicePackFiles
2008-10-27 16:28 . 2008-10-27 16:28 <REP> d-------- c:\windows\EHome
2008-10-25 07:56 . 2004-08-03 23:38 701,440 --------- c:\windows\system32\drivers\ati2mtag.sys
2008-10-24 13:54 . 2008-10-15 17:35 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2008-10-18 19:27 . 2004-08-03 23:54 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-10-18 19:27 . 2001-08-23 16:47 5,632 --a------ c:\windows\system32\ptpusb.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-17 17:21 10,520 ----a-w c:\program files\Fichiers communs\xerameho.ban
2008-11-16 15:33 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\U3
2008-11-14 11:54 --------- d-----w c:\program files\Wakfu
2008-11-12 13:20 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\skypePM
2008-11-12 13:18 --------- d-----w c:\program files\Skype
2008-11-12 13:18 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-11-11 12:04 --------- d-----w c:\program files\IncrediMail
2008-11-11 12:02 --------- d-----w c:\program files\Oberon Media
2008-11-09 14:34 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 16:25 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-23 12:25 --------- d-----w c:\program files\Incredijeux
2008-10-23 12:25 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\PlayFirst
2008-10-23 12:25 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
2008-10-15 12:36 --------- d-----w c:\program files\Dofus
2008-04-14 13:37 0 ----a-w c:\program files\temp01
2008-03-17 19:19 32 ----a-r c:\documents and settings\All Users\hash.dat
2007-05-28 12:25 774,144 ----a-w c:\program files\RngInterstitial.dll
2006-08-20 15:34 576 ----a-w c:\documents and settings\HP_Propriétaire\Application Data\wklnhst.dat
2006-05-20 12:50 49,465 ----a-w c:\program files\moviepass Terms.html
2005-07-02 16:09 22 --sha-w c:\windows\SMINST\HPCD.sys
2006-05-03 10:06 163,328 --sh--r c:\windows\system32\flvDX.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-12-16 94208]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2008-10-19 243072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-24 5537792]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"Home Theater SchSvr"="c:\program files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe" [2004-11-05 106496]
"WINREMOTE"="c:\program files\InterVideo\Common\Bin\WinRemote.exe" [2004-11-05 192512]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2006-01-06 59040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-04-16 985440]
"HiYo"="c:\program files\HiYo\bin\HiYo.exe" [2008-05-21 143360]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"VirusKeeper"="c:\program files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe" [2008-08-22 3000192]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Antivirus Pro 2009"="c:\program files\AntivirusPro2009\AntivirusPro2009.exe" [2008-11-15 597323]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 c:\windows\system32\Hdaudpropshortcut.exe]
"nwiz"="nwiz.exe" [2005-02-24 c:\windows\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 c:\windows\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-02-21 c:\windows\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2005-02-18 c:\windows\ALCWZRD.EXE]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\
AutoTBar.exe [2003-09-30 57344]
c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\
AutoTBar.exe [2003-09-30 57344]
c:\documents and settings\HP_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
HotSync Manager.LNK - c:\program files\palmOne\HOTSYNC.EXE [2004-04-12 299008]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2005-01-01 286720]
Lancer l'utilitaire d'enregistrement.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2006-07-01 1073152]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-07-11 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-07-11 805392]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Fichiers communs\LogiShrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati2yexx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
"c:\\Program Files\\palmOne\\HOTSYNC.EXE"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"c:\\CaffeLatte\\CafeClient\\CafeProtocol.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 ati2yexx;ati2yexx;c:\windows\system32\Drivers\ati2yexx.sys [2008-11-18 32768]
R1 prodrv04;Star Force copy protection driver v4;c:\windows\system32\drivers\prodrv04.sys [2005-08-25 114496]
R2 vkservice;VirusKeeper antivirus/antispyware;c:\program files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe [2008-05-22 1119576]
R3 Cap7134;ASUS TV7134 WDM Video Capture;c:\windows\system32\DRIVERS\Cap7134.sys [2004-10-27 335360]
R3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\DRIVERS\PhTVTune.sys [2004-10-24 24544]
R3 PRISM_A00;Wireless PCI 802.11b/g adapter WN4201B Driver;c:\windows\system32\DRIVERS\PCTELSAP.SYS [2004-11-30 306560]
R3 USBSTOR;Pilote de stockage de masse USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Arcadyan;Arcadyan NDIS Protocol Driver;c:\progra~1\PC-DOC~1\DIAGNO~1\Arcadyan.SYS [2004-08-19 17422]
S3 krdpdre;krdpdre;c:\docume~1\HP_PRO~1\LOCALS~1\Temp\krdpdre.sys [ ]
S3 restore;restore;c:\windows\system32\drivers\restore.sys [2008-11-18 5760]
S3 usbscan;Pilote de scanneur USB;c:\windows\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91af35e8-ddb3-11db-8d2d-0012bf08f355}]
\Shell\AutoRun\command - K:\LaunchU3.exe
.
Contenu du dossier 'Tâches planifiées'
2008-11-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2008-11-17 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
BHO-{3f0250b6-d702-4256-9ae8-5409ceb00094} - c:\windows\system32\ssqPgFYO.dll
BHO-{4fd130ae-d8d2-4137-a680-c5cf233be545} - c:\windows\system32\iifefEvT.dll
HKCU-Run-247Cams - c:\program files\247Cams\Camnotifier.exe
HKCU-Run-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
HKCU-Run-Magentic - c:\progra~1\Magentic\bin\Magentic.exe
HKCU-Run-rs32net - c:\windows\System32\rs32net.exe
ShellExecuteHooks-{4FD130AE-D8D2-4137-A680-C5CF233BE545} - c:\windows\system32\iifefEvT.dll
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\k90val3p.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:f(...)
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://be.msn.com/default.aspx/?lang=fr-be
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-18 20:20:08
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\documents and settings\HP_Propriétaire\Local Settings\Application Data\Ahead\Nero Home\bl.db-journal
c:\documents and settings\HP_Propriétaire\Local Settings\Application Data\Ahead\Nero Home\indexstore.db-journal
Scan terminé avec succès
Fichiers cachés: 2
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\6bdbb6f5]
"ImagePath"="\SystemRoot\System32\drivers\6bdbb6f5.sys"
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Symantec Shared\CCSETMGR.EXE
c:\program files\Fichiers communs\Symantec Shared\CCEVTMGR.EXE
c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Windows Live\Messenger\msnmsgr.exe
c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wscntfy.exe
c:\program files\Fichiers communs\LogiShrd\KHAL2\KHALMNPR.exe
c:\program files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Heure de fin: 2008-11-18 20:36:35 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-18 19:36:27
Avant-CF: 184,895,283,200 octets libres
Après-CF: 185,927,819,264 octets libres
319 --- E O F --- 2008-11-12 14:57:41
Voici le rapport de Combofix.
ComboFix 08-11-12.02 - HP_Propriétaire 2008-11-18 20:09:13.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.298 [GMT 1:00]
.
ADS - svchost.exe: deleted 25088 bytes in 1 streams.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Gillou\Application Data\HbTools
c:\documents and settings\HP_Propriétaire\Application Data\gadcom
c:\documents and settings\HP_Propriétaire\Application Data\gadcom\gadcom.exe
c:\documents and settings\HP_Propriétaire\Application Data\SystemDoctor 2006 Free
c:\documents and settings\HP_Propriétaire\Application Data\SystemDoctor 2006 Free\Logs\update.log
c:\documents and settings\HP_Propriétaire\Cookies\quxamefyj.vbs
c:\documents and settings\HP_Propriétaire\Cookies\taboqi.db
c:\documents and settings\HP_Propriétaire\Local Settings\Application Data\lujfttmf.dat
c:\documents and settings\HP_Propriétaire\Local Settings\Application Data\lujfttmf_nav.dat
c:\documents and settings\HP_Propriétaire\Local Settings\Application Data\lujfttmf_navps.dat
c:\documents and settings\HP_Propriétaire\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\HP_Propriétaire\Local Settings\Temporary Internet Files\kyte.db
c:\documents and settings\HP_Propriétaire\Local Settings\Temporary Internet Files\utug.ban
c:\program files\License_Manager
c:\program files\SystemDoctor 2006 Free
c:\program files\SystemDoctor 2006 Free\lock.dat
c:\windows\brastk.exe
c:\windows\system32\cbepghmw.ini
c:\windows\system32\cixgec.dll
c:\windows\system32\DelSelf.bat
c:\windows\system32\dllcache\beep.sys
c:\windows\system32\drivers\ati4vbxx.sys
c:\windows\system32\Drivers\TDSSpqlt.sys
c:\windows\system32\iifefEvT.dll
c:\windows\system32\iiqtlhgk.dll
c:\windows\system32\karna.dat
c:\windows\system32\kghltqii.ini
c:\windows\system32\MSINET.oca
c:\windows\system32\nvs2.inf
c:\windows\system32\OYFgPqss.ini
c:\windows\system32\OYFgPqss.ini2
c:\windows\system32\rs32net.exe
c:\windows\system32\sivgawxw.dll
c:\windows\system32\ssqPgFYO.dll
c:\windows\system32\TDSShrsr.dll
c:\windows\system32\TDSSoiqh.dll
c:\windows\system32\TDSSoiqt.log
c:\windows\system32\TDSSorvd.dll
c:\windows\system32\TDSSpqlt.dat
c:\windows\system32\TDSSriqp.dll
c:\windows\system32\tufjrpes32.dll
c:\windows\system32\tuvWmJbA.dll
c:\windows\system32\ubosruhi.dll
c:\windows\system32\winjjq32.dll
c:\windows\system32\wmhgpebc.dll
c:\windows\system32\ybgepy.dll
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS
-------\Legacy_BOONTY_GAMES
-------\Legacy_fci
-------\Legacy_icf
-------\Service_ati4vbxx
-------\Service_Boonty Games
-------\Service_fci
-------\Service_icf
-------\Service_restore
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-18 au 2008-11-18 ))))))))))))))))))))))))))))))))))))
.
2014-10-21 22:43 . 2014-10-21 22:43 3,120 --a------ c:\windows\MF_C421.lfa
2014-10-21 22:43 . 2014-10-21 22:43 3,120 --a------ c:\windows\MF_C420.lfa
2008-11-17 22:24 . 2008-11-17 23:24 5,178 --a------ c:\windows\system32\tmp.reg
2008-11-17 22:23 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe
2008-11-17 22:23 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe
2008-11-17 22:23 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe
2008-11-17 22:23 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\o4Patch.exe
2008-11-17 22:23 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe
2008-11-17 22:23 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe
2008-11-17 22:23 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe
2008-11-17 22:23 . 2003-06-05 20:13 53,248 --a------ c:\windows\system32\Process.exe
2008-11-17 22:23 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe
2008-11-17 22:23 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe
2008-11-17 21:48 . 2008-11-18 20:22 5,760 --a------ c:\windows\system32\drivers\restore.sys
2008-11-17 21:26 . 2008-11-17 21:26 126,976 --a------ c:\windows\War3Unin.exe
2008-11-17 21:26 . 2008-11-17 21:29 23,688 --a------ c:\windows\War3Unin.dat
2008-11-17 21:26 . 2008-11-17 21:26 2,829 --a------ c:\windows\War3Unin.pif
2008-11-17 21:21 . 2008-11-17 21:30 <REP> d-------- c:\program files\Warcraft III
2008-11-17 18:21 . 2008-11-17 18:21 19,366 --a------ c:\windows\uzotov.reg
2008-11-17 18:21 . 2008-11-17 18:21 19,306 --a------ c:\windows\system32\cecozefire.bat
2008-11-17 18:21 . 2008-11-17 18:21 19,302 --a------ c:\documents and settings\HP_Propriétaire\Application Data\odoz.dat
2008-11-17 18:21 . 2008-11-17 18:21 18,745 --a------ c:\windows\lilyvogi.bin
2008-11-17 18:21 . 2008-11-17 18:21 18,314 --a------ c:\windows\uhyvyvi._dl
2008-11-17 18:21 . 2008-11-17 18:21 16,370 --a------ c:\windows\ijaqobajul._sy
2008-11-17 18:21 . 2008-11-17 18:21 16,161 --a------ c:\program files\Fichiers communs\ocobike.com
2008-11-17 18:21 . 2008-11-17 18:21 14,196 --a------ c:\windows\mifekafud._dl
2008-11-17 18:21 . 2008-11-17 18:21 13,703 --a------ c:\windows\system32\ezumewe.dl
2008-11-17 18:21 . 2008-11-17 18:21 13,469 --a------ c:\windows\lylewuwaju.dll
2008-11-17 18:19 . 2008-11-17 18:25 <REP> d-------- c:\program files\AntivirusPro2009
2008-11-17 16:37 . 2008-11-18 19:21 2,348 --a------ c:\windows\system32\TDSSxfum.dll
2008-11-17 16:36 . 2008-11-18 20:22 32,768 --a------ c:\windows\system32\drivers\ati2yexx.sys
2008-11-17 16:33 . 2008-11-17 16:33 104,448 --a------ C:\nriljal.exe
2008-11-17 16:33 . 2008-11-17 16:33 705 --a------ C:\psqrhqn.exe
2008-11-17 16:33 . 2008-11-17 16:33 2 --a------ C:\870640269
2008-11-17 16:33 . 2008-11-18 20:23 0 --a------ c:\windows\system32\drivers\6bdbb6f5.sys
2008-11-12 14:18 . 2008-11-12 14:18 <REP> d-------- c:\program files\Fichiers communs\Skype
2008-11-12 14:18 . 2008-11-12 14:22 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Skype
2008-11-12 11:50 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 11:49 . 2008-09-04 18:16 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 13:04 . 2008-11-11 13:04 <REP> d-------- c:\documents and settings\All Users\Application Data\IncrediMail
2008-11-09 15:37 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-11-09 15:37 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-11-09 15:36 . 2008-11-09 15:36 <REP> d-------- c:\program files\iTunes
2008-11-09 15:36 . 2008-11-09 15:36 <REP> d-------- c:\program files\iPod
2008-11-09 15:36 . 2008-11-09 15:36 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-09 15:35 . 2008-11-09 15:35 <REP> d-------- c:\program files\Bonjour
2008-11-09 15:34 . 2008-11-09 15:35 <REP> d-------- c:\program files\QuickTime
2008-11-09 15:32 . 2008-11-09 15:32 <REP> d-------- c:\program files\Apple Software Update
2008-11-09 15:32 . 2008-10-01 13:01 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys
2008-11-09 15:31 . 2008-11-09 15:31 <REP> d-------- c:\program files\Fichiers communs\Apple
2008-10-27 16:45 . 2008-10-27 16:47 3,094 --a------ c:\windows\system32\spupdsvc.inf
2008-10-27 16:40 . 2008-10-27 16:40 <REP> d-------- c:\windows\system32\bits
2008-10-27 16:40 . 2008-10-27 16:40 <REP> d-------- c:\windows\l2schemas
2008-10-27 16:37 . 2008-10-27 16:41 <REP> d-------- c:\windows\ServicePackFiles
2008-10-27 16:28 . 2008-10-27 16:28 <REP> d-------- c:\windows\EHome
2008-10-25 07:56 . 2004-08-03 23:38 701,440 --------- c:\windows\system32\drivers\ati2mtag.sys
2008-10-24 13:54 . 2008-10-15 17:35 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2008-10-18 19:27 . 2004-08-03 23:54 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-10-18 19:27 . 2001-08-23 16:47 5,632 --a------ c:\windows\system32\ptpusb.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-17 17:21 10,520 ----a-w c:\program files\Fichiers communs\xerameho.ban
2008-11-16 15:33 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\U3
2008-11-14 11:54 --------- d-----w c:\program files\Wakfu
2008-11-12 13:20 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\skypePM
2008-11-12 13:18 --------- d-----w c:\program files\Skype
2008-11-12 13:18 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-11-11 12:04 --------- d-----w c:\program files\IncrediMail
2008-11-11 12:02 --------- d-----w c:\program files\Oberon Media
2008-11-09 14:34 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 16:25 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-23 12:25 --------- d-----w c:\program files\Incredijeux
2008-10-23 12:25 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\PlayFirst
2008-10-23 12:25 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
2008-10-15 12:36 --------- d-----w c:\program files\Dofus
2008-04-14 13:37 0 ----a-w c:\program files\temp01
2008-03-17 19:19 32 ----a-r c:\documents and settings\All Users\hash.dat
2007-05-28 12:25 774,144 ----a-w c:\program files\RngInterstitial.dll
2006-08-20 15:34 576 ----a-w c:\documents and settings\HP_Propriétaire\Application Data\wklnhst.dat
2006-05-20 12:50 49,465 ----a-w c:\program files\moviepass Terms.html
2005-07-02 16:09 22 --sha-w c:\windows\SMINST\HPCD.sys
2006-05-03 10:06 163,328 --sh--r c:\windows\system32\flvDX.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-12-16 94208]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2008-10-19 243072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-24 5537792]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"Home Theater SchSvr"="c:\program files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe" [2004-11-05 106496]
"WINREMOTE"="c:\program files\InterVideo\Common\Bin\WinRemote.exe" [2004-11-05 192512]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2006-01-06 59040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-04-16 985440]
"HiYo"="c:\program files\HiYo\bin\HiYo.exe" [2008-05-21 143360]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"VirusKeeper"="c:\program files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe" [2008-08-22 3000192]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Antivirus Pro 2009"="c:\program files\AntivirusPro2009\AntivirusPro2009.exe" [2008-11-15 597323]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 c:\windows\system32\Hdaudpropshortcut.exe]
"nwiz"="nwiz.exe" [2005-02-24 c:\windows\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 c:\windows\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-02-21 c:\windows\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2005-02-18 c:\windows\ALCWZRD.EXE]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\
AutoTBar.exe [2003-09-30 57344]
c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\
AutoTBar.exe [2003-09-30 57344]
c:\documents and settings\HP_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
HotSync Manager.LNK - c:\program files\palmOne\HOTSYNC.EXE [2004-04-12 299008]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2005-01-01 286720]
Lancer l'utilitaire d'enregistrement.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2006-07-01 1073152]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-07-11 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-07-11 805392]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Fichiers communs\LogiShrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati2yexx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
"c:\\Program Files\\palmOne\\HOTSYNC.EXE"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"c:\\CaffeLatte\\CafeClient\\CafeProtocol.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 ati2yexx;ati2yexx;c:\windows\system32\Drivers\ati2yexx.sys [2008-11-18 32768]
R1 prodrv04;Star Force copy protection driver v4;c:\windows\system32\drivers\prodrv04.sys [2005-08-25 114496]
R2 vkservice;VirusKeeper antivirus/antispyware;c:\program files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe [2008-05-22 1119576]
R3 Cap7134;ASUS TV7134 WDM Video Capture;c:\windows\system32\DRIVERS\Cap7134.sys [2004-10-27 335360]
R3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\DRIVERS\PhTVTune.sys [2004-10-24 24544]
R3 PRISM_A00;Wireless PCI 802.11b/g adapter WN4201B Driver;c:\windows\system32\DRIVERS\PCTELSAP.SYS [2004-11-30 306560]
R3 USBSTOR;Pilote de stockage de masse USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Arcadyan;Arcadyan NDIS Protocol Driver;c:\progra~1\PC-DOC~1\DIAGNO~1\Arcadyan.SYS [2004-08-19 17422]
S3 krdpdre;krdpdre;c:\docume~1\HP_PRO~1\LOCALS~1\Temp\krdpdre.sys [ ]
S3 restore;restore;c:\windows\system32\drivers\restore.sys [2008-11-18 5760]
S3 usbscan;Pilote de scanneur USB;c:\windows\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91af35e8-ddb3-11db-8d2d-0012bf08f355}]
\Shell\AutoRun\command - K:\LaunchU3.exe
.
Contenu du dossier 'Tâches planifiées'
2008-11-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2008-11-17 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
BHO-{3f0250b6-d702-4256-9ae8-5409ceb00094} - c:\windows\system32\ssqPgFYO.dll
BHO-{4fd130ae-d8d2-4137-a680-c5cf233be545} - c:\windows\system32\iifefEvT.dll
HKCU-Run-247Cams - c:\program files\247Cams\Camnotifier.exe
HKCU-Run-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
HKCU-Run-Magentic - c:\progra~1\Magentic\bin\Magentic.exe
HKCU-Run-rs32net - c:\windows\System32\rs32net.exe
ShellExecuteHooks-{4FD130AE-D8D2-4137-A680-C5CF233BE545} - c:\windows\system32\iifefEvT.dll
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\k90val3p.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:f(...)
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://be.msn.com/default.aspx/?lang=fr-be
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-18 20:20:08
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\documents and settings\HP_Propriétaire\Local Settings\Application Data\Ahead\Nero Home\bl.db-journal
c:\documents and settings\HP_Propriétaire\Local Settings\Application Data\Ahead\Nero Home\indexstore.db-journal
Scan terminé avec succès
Fichiers cachés: 2
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\6bdbb6f5]
"ImagePath"="\SystemRoot\System32\drivers\6bdbb6f5.sys"
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Symantec Shared\CCSETMGR.EXE
c:\program files\Fichiers communs\Symantec Shared\CCEVTMGR.EXE
c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Windows Live\Messenger\msnmsgr.exe
c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wscntfy.exe
c:\program files\Fichiers communs\LogiShrd\KHAL2\KHALMNPR.exe
c:\program files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Heure de fin: 2008-11-18 20:36:35 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-18 19:36:27
Avant-CF: 184,895,283,200 octets libres
Après-CF: 185,927,819,264 octets libres
319 --- E O F --- 2008-11-12 14:57:41
naheulbeuk
le 18 novembre 2008 à 21h07
allez, on continue
Passe un coup de MalwareBytes (scan complet) et nettoie tout ce qu'il trouve
Aide : http://www.site-naheulbeuk.com/malwarebytes.php
Post moi le rapport généré à la fin dans ta prochaine réponse
Passe un coup de MalwareBytes (scan complet) et nettoie tout ce qu'il trouve
Aide : http://www.site-naheulbeuk.com/malwarebytes.php
Post moi le rapport généré à la fin dans ta prochaine réponse
-------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/
Wydakers
le 18 novembre 2008 à 22h42
Pfiou. Ce fut long mais j'espère efficace.
Voici le rapport de Malware après plus d'une heure de scan.
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1410
Windows 5.1.2600 Service Pack 3
18/11/2008 22:33:27
mbam-log-2008-11-18 (22-33-27).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 231818
Temps écoulé: 1 hour(s), 18 minute(s), 35 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 11
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 25
Processus mémoire infecté(s):
C:\Program Files\AntivirusPro2009\AntivirusPro2009.exe (Rogue.Antivirus2008) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\Program Files\AntivirusPro2009\htmlayout.dll (Rogue.AntivirusPro2009) -> Delete on reboot.
C:\Program Files\AntivirusPro2009\AVEngn.dll (Rogue.Antivirus2008) -> Delete on reboot.
C:\Program Files\AntivirusPro2009\pthreadVC2.dll (Rogue.Antivirus2008) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati2yexx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ati2yexx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ati2yexx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati2yexx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\antiviruspro2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus pro 2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\AntivirusPro2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\AntivirusPro2009\htmlayout.dll (Rogue.AntivirusPro2009) -> Quarantined and deleted successfully.
C:\nriljal.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\psqrhqn.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\naxv.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\HP_Propriétaire\Application Data\gadcom\gadcom.exe.vir () -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\rs32net.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSShrsr.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSoiqh.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSorvd.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSriqp.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tufjrpes32.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\winjjq32.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ati4vbxx.sys.vir (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\TDSSpqlt.sys.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1014\A0558304.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1014\A0558305.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1014\A0558318.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1014\A0558319.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\restore.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ati2yexx.sys (Rootkit.Agent) -> Delete on reboot.
C:\Program Files\AntivirusPro2009\AntivirusPro2009.exe (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro2009\AVEngn.dll (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro2009\pthreadVC2.dll (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro2009\Uninstall.exe (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSxfum.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
Voici le rapport de Malware après plus d'une heure de scan.
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1410
Windows 5.1.2600 Service Pack 3
18/11/2008 22:33:27
mbam-log-2008-11-18 (22-33-27).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 231818
Temps écoulé: 1 hour(s), 18 minute(s), 35 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 11
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 25
Processus mémoire infecté(s):
C:\Program Files\AntivirusPro2009\AntivirusPro2009.exe (Rogue.Antivirus2008) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\Program Files\AntivirusPro2009\htmlayout.dll (Rogue.AntivirusPro2009) -> Delete on reboot.
C:\Program Files\AntivirusPro2009\AVEngn.dll (Rogue.Antivirus2008) -> Delete on reboot.
C:\Program Files\AntivirusPro2009\pthreadVC2.dll (Rogue.Antivirus2008) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati2yexx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ati2yexx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ati2yexx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati2yexx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\antiviruspro2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus pro 2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\AntivirusPro2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\AntivirusPro2009\htmlayout.dll (Rogue.AntivirusPro2009) -> Quarantined and deleted successfully.
C:\nriljal.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\psqrhqn.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\naxv.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\HP_Propriétaire\Application Data\gadcom\gadcom.exe.vir () -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\rs32net.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSShrsr.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSoiqh.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSorvd.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSriqp.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tufjrpes32.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\winjjq32.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ati4vbxx.sys.vir (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\TDSSpqlt.sys.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1014\A0558304.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1014\A0558305.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1014\A0558318.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1014\A0558319.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\restore.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ati2yexx.sys (Rootkit.Agent) -> Delete on reboot.
C:\Program Files\AntivirusPro2009\AntivirusPro2009.exe (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro2009\AVEngn.dll (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro2009\pthreadVC2.dll (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro2009\Uninstall.exe (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSxfum.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
naheulbeuk
le 19 novembre 2008 à 09h43
bonjour,
Télécharge HijackThis
Guide d'utilisation : http://www.site-naheulbeuk.com/hijackthis.php
Clique alors sur "Do a system scan and save a logfile"
Le scan se fait très rapidement, puis un bloc-note apparaît
(le "logfile")
Dans ce bloc-note, va dans "Edition", puis "Selectionner Tout",
le texte est alors séléctionné, retourne dans "Edition" toujours
en laissant le texte séléctionné, et clique sur copier.
Colle le contenu ici dans ta prochaine réponse !
Télécharge HijackThis
Guide d'utilisation : http://www.site-naheulbeuk.com/hijackthis.php
Clique alors sur "Do a system scan and save a logfile"
Le scan se fait très rapidement, puis un bloc-note apparaît
(le "logfile")
Dans ce bloc-note, va dans "Edition", puis "Selectionner Tout",
le texte est alors séléctionné, retourne dans "Edition" toujours
en laissant le texte séléctionné, et clique sur copier.
Colle le contenu ici dans ta prochaine réponse !
-------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/
Wydakers
le 19 novembre 2008 à 12h07
Bonjour,
Effectivement pour être rapide c'est rapide
Le rapport du scan suit :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:39, on 19/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HiYo\bin\HiYo.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] "c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [HiYo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: HotSync Manager.LNK = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Startup: Pense-bête.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Registration THE SETTLERS - Heritage of Kings - Legends Expansion Disk.LNK = ?
O4 - Startup: Registration THE SETTLERS - Heritage of Kings Legends.LNK = ?
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancer l'utilitaire d'enregistrement.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://express.foto.com/ImageUploader5.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://www.incredijeux.com/online/online2/bejeweled2/Oberongamesloader.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - AxBx - C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe
O24 - Desktop Component 0: (no name) - http://www.rbcwat.com/images/cadcoupe06.jpg
--
End of file - 12506 bytes
Effectivement pour être rapide c'est rapide
Le rapport du scan suit :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:39, on 19/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HiYo\bin\HiYo.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] "c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [HiYo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: HotSync Manager.LNK = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Startup: Pense-bête.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Registration THE SETTLERS - Heritage of Kings - Legends Expansion Disk.LNK = ?
O4 - Startup: Registration THE SETTLERS - Heritage of Kings Legends.LNK = ?
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancer l'utilitaire d'enregistrement.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://express.foto.com/ImageUploader5.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://www.incredijeux.com/online/online2/bejeweled2/Oberongamesloader.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - AxBx - C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe
O24 - Desktop Component 0: (no name) - http://www.rbcwat.com/images/cadcoupe06.jpg
--
End of file - 12506 bytes
naheulbeuk
le 19 novembre 2008 à 12h40
re,
fais ceci dans l'ordre et en entier :
Note: Cette procédure a été créée spécifiquement pour cet utilisateur ! Si vous n'êtes pas cet utilisateur en question, ne suivez pas ces instructions au risque d'endommager votre PC !!!
1/ relance hijackthis et coche les cases devant ces lignes (si présentes) :
Puis ferme toutes les autres fenêtres autres que hijackthis et clic sur "fix checked"
2/ ferme hijackthis
3/ désinstalle ces programmes via ajout/suppr de programmes si présents :
- Search Settings
- HiYo
- ShopperReports
4/ supprime ces dossiers si encore présents :
C:\Program Files\HiYo\
C:\Program Files\ShopperReports\
C:\Program Files\Search Settings\
5/ vide ta corbeille
6/ Fais un scan BitDefender en ligne (avec Internet Explorer pas avec Firefox !)
(clique à gauche sur scan online).
et post moi le rapport de ce scan ici une fois terminé !
Guide d'utilisation de Bitdefender en ligne (merci Bruce Lee) : http://cybersecurite.xooit.com/t201-Scan-en-ligne-BitDefender.htm
fais ceci dans l'ordre et en entier :
Note: Cette procédure a été créée spécifiquement pour cet utilisateur ! Si vous n'êtes pas cet utilisateur en question, ne suivez pas ces instructions au risque d'endommager votre PC !!!
1/ relance hijackthis et coche les cases devant ces lignes (si présentes) :
Puis ferme toutes les autres fenêtres autres que hijackthis et clic sur "fix checked"
2/ ferme hijackthis
3/ désinstalle ces programmes via ajout/suppr de programmes si présents :
- Search Settings
- HiYo
- ShopperReports
4/ supprime ces dossiers si encore présents :
C:\Program Files\HiYo\
C:\Program Files\ShopperReports\
C:\Program Files\Search Settings\
5/ vide ta corbeille
6/ Fais un scan BitDefender en ligne (avec Internet Explorer pas avec Firefox !)
(clique à gauche sur scan online).
et post moi le rapport de ce scan ici une fois terminé !
Guide d'utilisation de Bitdefender en ligne (merci Bruce Lee) : http://cybersecurite.xooit.com/t201-Scan-en-ligne-BitDefender.htm
-------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/
Wydakers
le 19 novembre 2008 à 16h46
Waouw!
Quand je parlais de long la dernière fois je ne savais pas ce que je disais...
Un peu plus de 3 heures pour celui-ci je crois.
Voilà le rapport:
<HTML>
<HEAD>
<TITLE>BitDefender Online Scanner -Scan Report</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<meta name="generator" content="Namo WebEditor v5.0(Trial)">
</HEAD>
<BODY BGCOLOR=#FFFFFF leftmargin="10" marginwidth="0" topmargin="20" marginheight="0" >
<table align="center" border="0" cellpadding="0" cellspacing="0" width="90%">
<tr>
<td width="458">
<p><font face="Arial" color=red><span style="font-size:14pt;"><b>BitDefender
Online Scanner</b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td colspan="3" width="912">
<p><font face="Arial"><span style="font-size:11pt;"><B>Scan report generated
at: Wed, Nov 19, 2008 - 16:40:11</b></span></font></p>
</td>
</tr>
<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>Scan
path: </b></span><span style="font-size:10pt;">C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;</span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Statistics</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Time</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">03:25:50</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">1148004</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Folders</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">14543</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Boot Sectors</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">19697</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Packed Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">29032</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Results</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Identified Viruses </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">22</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Infected Files </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">88</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Suspect Files </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">1</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Warnings</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Disinfected</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Deleted Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">91</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Engines Info</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Virus Definitions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">2222416</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Engine build</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">16</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archive plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">43</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Unpack plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">7</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">E-mail plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">System plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">4</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Scan Settings</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">First Action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Disinfect</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Second Action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Delete</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Heuristics</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Enable Warnings</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scanned Extensions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">*;</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Exclude Extensions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2"> </font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Emails</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Packed</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Boot</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td colspan=2>
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="252" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Scanned File</b></font></p>
</td>
<td width="195" bgcolor="#CCCCCC" align="right">
<p align="left"><b><font size="2" face="Arial"> Status</font></b></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\HP_Propriétaire\Bureau\SmitfraudFix\IEDFix.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: IRC-Worm.Generic.3868</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\HP_Propriétaire\Bureau\SmitfraudFix\IEDFix.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\4QWDYPZ9\enter[1].htm</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Application.JS.ForcePopup.I</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\4QWDYPZ9\enter[1].htm</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\4QWDYPZ9\enter[1].htm</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\HP_Propriétaire\Mes documents\SmitfraudFix.exe=>(RAR Sfx o)=>SmitfraudFix\IEDFix.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: IRC-Worm.Generic.3868</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\HP_Propriétaire\Mes documents\SmitfraudFix.exe=>(RAR Sfx o)=>SmitfraudFix\IEDFix.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\HP_Propriétaire\Mes documents\SmitfraudFix.exe=>(RAR Sfx o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\49ON01O7\bootok[1].exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: BehavesLike:Win32.ExplorerHijack</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\49ON01O7\bootok[1].exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\49ON01O7\bootok[1].exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\49ON01O7\bootok[2].exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: BehavesLike:Win32.ExplorerHijack</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\49ON01O7\bootok[2].exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\49ON01O7\bootok[2].exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\49ON01O7\bootok[3].exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: BehavesLike:Win32.ExplorerHijack</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\49ON01O7\bootok[3].exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\49ON01O7\bootok[3].exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\49ON01O7\bootok[4].exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: BehavesLike:Win32.ExplorerHijack</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\49ON01O7\bootok[4].exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\49ON01O7\bootok[4].exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\49ON01O7\bootok[5].exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: BehavesLike:Win32.ExplorerHijack</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\49ON01O7\bootok[5].exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\49ON01O7\bootok[5].exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\49ON01O7\bootok[6].exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: BehavesLike:Win32.ExplorerHijack</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\49ON01O7\bootok[6].exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\49ON01O7\bootok[6].exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\49ON01O7\bootok[7].exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: BehavesLike:Win32.ExplorerHijack</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\49ON01O7\bootok[7].exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\49ON01O7\bootok[7].exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\hp\bin\KillWind.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Virtool.1992</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\hp\bin\KillWind.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\brastk.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Downloader.FakeAV.J</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\brastk.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\brastk.exe.2</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Downloader.FakeAV.J</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\brastk.exe.2</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\brastk.exe.3</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Downloader.FakeAV.J</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\brastk.exe.3</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\brastk.exe.4</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Downloader.FakeAV.J</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\brastk.exe.4</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\brastk.exe.5</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Downloader.FakeAV.J</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\brastk.exe.5</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\brastk.exe.6</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Downloader.FakeAV.J</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\brastk.exe.6</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\brastk.exe.7</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Downloader.FakeAV.J</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\brastk.exe.7</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\wini108023.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.FakeAV.DM</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\wini108023.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 0)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Application.Winsoftware.Errorsafe.C</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 0)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 0)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 5)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Dropper.Safeerr.A</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 5)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 6)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Adware.Winfixer.N</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 6)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 7)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Ntrootkit.47</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 7)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 8)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Adware.Errorsafe.D</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 8)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 8)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 9)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Application.Generic.8743</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 9)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 9)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 10)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Application.Generic.20767</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 10)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 10)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 12)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Application.Generic.9810</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 12)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 12)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 16)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Adware.Errorsafe.N</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 16)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 18)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Adware.Errorsafe.J</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 18)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 23)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Adware.Errorsafe.B</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 23)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04E00C99.exe=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Adware.Hotbar.AQ</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04E00C99.exe=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04E00C99.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\488541EB.exe=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Adware.Hotbar.CN</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\488541EB.exe=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\488541EB.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 0)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Application.Winsoftware.Errorsafe.C</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 0)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 0)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 5)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Dropper.Safeerr.A</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 5)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 6)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Adware.Winfixer.N</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 6)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 7)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Ntrootkit.47</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 7)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 8)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Adware.Errorsafe.D</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 8)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 8)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 9)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Application.Generic.8743</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 9)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 9)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 10)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Application.Generic.20767</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 10)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 10)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 12)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Application.Generic.9810</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 12)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 12)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 16)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Adware.Errorsafe.N</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 16)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 18)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Adware.Errorsafe.J</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 18)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 23)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Adware.Errorsafe.B</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 23)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)=>(Instyler Module 0)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Application.Winsoftware.Errorsafe.C</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)=>(Instyler Module 0)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)=>(Instyler Module 0)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)=>(Instyler Module 5)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Dropper.Safeerr.A</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)=>(Instyler Module 5)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)=>(Instyler Module 6)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Adware.Winfixer.N</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)=>(Instyler Module 6)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)=>(Instyler Module 7)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Ntrootkit.47</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)=>(Instyler Module 7)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)=>(Instyler Module 8)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Adware.Errorsafe.D</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)=>(Instyler Module 8)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)=>(Instyler Module 8)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)=>(Instyler Module 9)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Application.Generic.8743</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)=>(Instyler Module 9)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)=>(Instyler Module 9)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)=>(Instyler Module 10)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Application.Generic.20767</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)=>(Instyler Module 10)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)=>(Instyler Module 10)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)=>(Instyler Module 1
Quand je parlais de long la dernière fois je ne savais pas ce que je disais...
Un peu plus de 3 heures pour celui-ci je crois.
Voilà le rapport:
<HTML>
<HEAD>
<TITLE>BitDefender Online Scanner -Scan Report</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<meta name="generator" content="Namo WebEditor v5.0(Trial)">
</HEAD>
<BODY BGCOLOR=#FFFFFF leftmargin="10" marginwidth="0" topmargin="20" marginheight="0" >
<table align="center" border="0" cellpadding="0" cellspacing="0" width="90%">
<tr>
<td width="458">
<p><font face="Arial" color=red><span style="font-size:14pt;"><b>BitDefender
Online Scanner</b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td colspan="3" width="912">
<p><font face="Arial"><span style="font-size:11pt;"><B>Scan report generated
at: Wed, Nov 19, 2008 - 16:40:11</b></span></font></p>
</td>
</tr>
<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>Scan
path: </b></span><span style="font-size:10pt;">C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;</span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Statistics</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Time</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">03:25:50</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">1148004</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Folders</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">14543</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Boot Sectors</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">19697</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Packed Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">29032</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Results</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Identified Viruses </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">22</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Infected Files </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">88</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Suspect Files </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">1</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Warnings</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Disinfected</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Deleted Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">91</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Engines Info</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Virus Definitions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">2222416</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Engine build</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">16</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archive plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">43</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Unpack plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">7</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">E-mail plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">System plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">4</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Scan Settings</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">First Action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Disinfect</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Second Action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Delete</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Heuristics</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Enable Warnings</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scanned Extensions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">*;</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Exclude Extensions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2"> </font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Emails</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Packed</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Boot</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td colspan=2>
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="252" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Scanned File</b></font></p>
</td>
<td width="195" bgcolor="#CCCCCC" align="right">
<p align="left"><b><font size="2" face="Arial"> Status</font></b></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\HP_Propriétaire\Bureau\SmitfraudFix\IEDFix.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: IRC-Worm.Generic.3868</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\HP_Propriétaire\Bureau\SmitfraudFix\IEDFix.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\4QWDYPZ9\enter[1].htm</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Application.JS.ForcePopup.I</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\4QWDYPZ9\enter[1].htm</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\4QWDYPZ9\enter[1].htm</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\HP_Propriétaire\Mes documents\SmitfraudFix.exe=>(RAR Sfx o)=>SmitfraudFix\IEDFix.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: IRC-Worm.Generic.3868</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\HP_Propriétaire\Mes documents\SmitfraudFix.exe=>(RAR Sfx o)=>SmitfraudFix\IEDFix.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\HP_Propriétaire\Mes documents\SmitfraudFix.exe=>(RAR Sfx o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\49ON01O7\bootok[1].exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: BehavesLike:Win32.ExplorerHijack</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\49ON01O7\bootok[1].exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\49ON01O7\bootok[1].exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\49ON01O7\bootok[2].exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: BehavesLike:Win32.ExplorerHijack</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\49ON01O7\bootok[2].exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\49ON01O7\bootok[2].exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\49ON01O7\bootok[3].exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: BehavesLike:Win32.ExplorerHijack</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\49ON01O7\bootok[3].exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\49ON01O7\bootok[3].exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\49ON01O7\bootok[4].exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: BehavesLike:Win32.ExplorerHijack</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\49ON01O7\bootok[4].exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\49ON01O7\bootok[4].exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\49ON01O7\bootok[5].exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: BehavesLike:Win32.ExplorerHijack</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\49ON01O7\bootok[5].exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\49ON01O7\bootok[5].exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\49ON01O7\bootok[6].exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: BehavesLike:Win32.ExplorerHijack</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\49ON01O7\bootok[6].exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\49ON01O7\bootok[6].exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\49ON01O7\bootok[7].exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: BehavesLike:Win32.ExplorerHijack</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\49ON01O7\bootok[7].exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\49ON01O7\bootok[7].exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\hp\bin\KillWind.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Virtool.1992</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\hp\bin\KillWind.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\brastk.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Downloader.FakeAV.J</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\brastk.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\brastk.exe.2</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Downloader.FakeAV.J</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\brastk.exe.2</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\brastk.exe.3</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Downloader.FakeAV.J</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\brastk.exe.3</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\brastk.exe.4</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Downloader.FakeAV.J</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\brastk.exe.4</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\brastk.exe.5</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Downloader.FakeAV.J</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\brastk.exe.5</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\brastk.exe.6</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Downloader.FakeAV.J</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\brastk.exe.6</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\brastk.exe.7</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Downloader.FakeAV.J</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\brastk.exe.7</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\wini108023.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.FakeAV.DM</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\wini108023.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 0)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Application.Winsoftware.Errorsafe.C</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 0)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 0)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 5)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Dropper.Safeerr.A</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 5)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 6)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Adware.Winfixer.N</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 6)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 7)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Ntrootkit.47</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 7)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 8)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Adware.Errorsafe.D</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 8)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 8)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 9)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Application.Generic.8743</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 9)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 9)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 10)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Application.Generic.20767</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 10)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 10)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 12)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Application.Generic.9810</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 12)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 12)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 16)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Adware.Errorsafe.N</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 16)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 18)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Adware.Errorsafe.J</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 18)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 23)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Adware.Errorsafe.B</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 23)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04DD629C.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04E00C99.exe=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Adware.Hotbar.AQ</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04E00C99.exe=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04E00C99.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\488541EB.exe=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Adware.Hotbar.CN</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\488541EB.exe=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\488541EB.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 0)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Application.Winsoftware.Errorsafe.C</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 0)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 0)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 5)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Dropper.Safeerr.A</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 5)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 6)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Adware.Winfixer.N</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 6)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 7)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Ntrootkit.47</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 7)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 8)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Adware.Errorsafe.D</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 8)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 8)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 9)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Application.Generic.8743</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 9)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 9)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 10)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Application.Generic.20767</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 10)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 10)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 12)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Application.Generic.9810</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 12)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 12)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 16)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Adware.Errorsafe.N</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 16)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 18)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Adware.Errorsafe.J</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 18)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 23)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Adware.Errorsafe.B</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)=>(Instyler Module 23)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\584522C7.exe=>(Quarantine-2)=>(Dropped 0)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)=>(Instyler Module 0)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Application.Winsoftware.Errorsafe.C</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)=>(Instyler Module 0)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)=>(Instyler Module 0)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)=>(Instyler Module 5)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Dropper.Safeerr.A</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)=>(Instyler Module 5)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)=>(Instyler Module 6)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Adware.Winfixer.N</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)=>(Instyler Module 6)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)=>(Instyler Module 7)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Ntrootkit.47</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)=>(Instyler Module 7)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)=>(Instyler Module 8)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Adware.Errorsafe.D</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)=>(Instyler Module 8)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)=>(Instyler Module 8)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)=>(Instyler Module 9)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Application.Generic.8743</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)=>(Instyler Module 9)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)=>(Instyler Module 9)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)=>(Instyler Module 10)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Application.Generic.20767</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)=>(Instyler Module 10)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)=>(Instyler Module 10)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58484CC4.exe=>(Quarantine-2)=>(Instyler o)=>(Instyler Module 1
naheulbeuk
le 19 novembre 2008 à 17h38
re, oui ca c'est long 
tu n'as plus de souci ?
tu n'as plus de souci ?
-------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/
Wydakers
le 19 novembre 2008 à 17h50
Re,
Non plus aucun problème apparemment et j'ai même l'impression que l'ordi tourne mieux qu'avant. Une perte de virus et un gain de vitesse. Je crois que je te dois vraiment beaucoup.
Merci de m'avoir aidé dans mon grand malheur et surtout de ta patience. =)
Non plus aucun problème apparemment et j'ai même l'impression que l'ordi tourne mieux qu'avant. Une perte de virus et un gain de vitesse. Je crois que je te dois vraiment beaucoup.
Merci de m'avoir aidé dans mon grand malheur et surtout de ta patience. =)
naheulbeuk
le 19 novembre 2008 à 17h53
je t'en prie, c'était un plaisir 
Suppression des outils :
Télécharge ToolsCleaner sur ton bureau.
http://www.commentcamarche.net/telecharger/toolscleaner-34055291-avis-opinion(...)
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
Tutorial ici : http://bibou0007.com/tutos-f45/tutorial-toolscleaner-2-t375.htm
Supprime tous les rapports qui sont apparus lors des divers scans
Edite ton premier post avec 
et mets [resolu] devant le titre de ton sujet.
Voici quelques liens pour des conseils en sécurité :
Mon site Web sur la sécurité informatique !
Comment protéger son PC pour éviter d'être infecté ?
Prends le temps de les lire car elles sont très enréchissantes.
Rapporte ton infection pour faire condamner les auteurs sur Malware-Complaints. Pour faire entendre notre voix, nous devons être le plus nombreux possibles, alors rapporte ton infection :
- Voir les règles de Malware-Complaints
- Enregistre sur le forum à partir du bouton register en haut :
Si tu as plus de 13 ans, choisir : I Agree to these terms and am over or exactly 13 years of age
Si tu as moins, clic sur : I Agree to these terms and am under 13 years of age
Après t'être enregistré, tu as sous forme de liste les types d'infection (Look2Me, Smitfraud, SpywareQuake etc..) : http://malwarecomplaints.info/phpBB3/viewtopic.php?f=10&t=553
Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas quelle infection tu as eu, créé un message dans le sujet "Autres infections" conforme au règle du forum (age, ville, département etc..) : http://malwarecomplaints.info/phpBB3/viewtopic.php?f=10&t=123
au plaisir et bonne soirée
Télécharge ToolsCleaner sur ton bureau.
http://www.commentcamarche.net/telecharger/toolscleaner-34055291-avis-opinion(...)
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
Tutorial ici : http://bibou0007.com/tutos-f45/tutorial-toolscleaner-2-t375.htm
et mets [resolu] devant le titre de ton sujet. Mon site Web sur la sécurité informatique !
Comment protéger son PC pour éviter d'être infecté ?
Prends le temps de les lire car elles sont très enréchissantes.
- Voir les règles de Malware-Complaints
- Enregistre sur le forum à partir du bouton register en haut :
Si tu as plus de 13 ans, choisir : I Agree to these terms and am over or exactly 13 years of age
Si tu as moins, clic sur : I Agree to these terms and am under 13 years of age
Après t'être enregistré, tu as sous forme de liste les types d'infection (Look2Me, Smitfraud, SpywareQuake etc..) : http://malwarecomplaints.info/phpBB3/viewtopic.php?f=10&t=553
Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas quelle infection tu as eu, créé un message dans le sujet "Autres infections" conforme au règle du forum (age, ville, département etc..) : http://malwarecomplaints.info/phpBB3/viewtopic.php?f=10&t=123
au plaisir et bonne soirée
-------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/
Wydakers
le 19 novembre 2008 à 18h13
Merci beaucoup.
Je vais faire les manips restantes pour être en ordre et pouvoir dormir la conscience en paix.
Je ne savais pas comment te remercier mais en jetant un coup d'oeil sur ton site la réponse m'est apparue
J'espère que tu continueras longtemps à être le Superman du web
Je te dis bonne continuation et malheureusement pas à bientôt car ça signifierait encore des mauvaises nouvelles pour moi ^_^
Wydagkers
Je vais faire les manips restantes pour être en ordre et pouvoir dormir la conscience en paix.
Je ne savais pas comment te remercier mais en jetant un coup d'oeil sur ton site la réponse m'est apparue
J'espère que tu continueras longtemps à être le Superman du web
Je te dis bonne continuation et malheureusement pas à bientôt car ça signifierait encore des mauvaises nouvelles pour moi ^_^
Wydagkers
Wydakers
le 19 novembre 2008 à 18h22
Ultime rapport sans doute:
[ Rapport ToolsCleaner version 2.2.6 (par A.Rothstein & dj QUIOU) ]
-->- Recherche:
C:\Combofix.txt: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\HP_Propriétaire\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\HP_Propriétaire\Bureau\SmitFraudfix: trouvé !
C:\Documents and Settings\HP_Propriétaire\Mes documents\SmitFraudFix.exe: trouvé !
C:\Program Files\Microsoft Games\Age of Mythology\history\units\avenger.txt: trouvé !
C:\Program Files\Microsoft Games\Age of Mythology\history2\units\avenger.txt: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\HP_Propriétaire\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\HP_Propriétaire\Mes documents\SmitFraudFix.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\Program Files\Microsoft Games\Age of Mythology\history\units\avenger.txt: supprimé !
C:\Program Files\Microsoft Games\Age of Mythology\history2\units\avenger.txt: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\HP_Propriétaire\Bureau\SmitFraudfix: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
[ Rapport ToolsCleaner version 2.2.6 (par A.Rothstein & dj QUIOU) ]
-->- Recherche:
C:\Combofix.txt: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\HP_Propriétaire\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\HP_Propriétaire\Bureau\SmitFraudfix: trouvé !
C:\Documents and Settings\HP_Propriétaire\Mes documents\SmitFraudFix.exe: trouvé !
C:\Program Files\Microsoft Games\Age of Mythology\history\units\avenger.txt: trouvé !
C:\Program Files\Microsoft Games\Age of Mythology\history2\units\avenger.txt: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\HP_Propriétaire\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\HP_Propriétaire\Mes documents\SmitFraudFix.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\Program Files\Microsoft Games\Age of Mythology\history\units\avenger.txt: supprimé !
C:\Program Files\Microsoft Games\Age of Mythology\history2\units\avenger.txt: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\HP_Propriétaire\Bureau\SmitFraudfix: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
naheulbeuk
le 19 novembre 2008 à 18h27
merci à toi
bonne continuation
bonne continuation
-------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/
PRODUITS
- Portables |
- PC |
- Moniteurs |
- Photo / Vidéo |
- T.V. |
- Audio |
- GPS |
- Stockage |
- Téléphonie |
- autres catégories
TÉLÉCHARGER - LOGICIELS
- Windows & logiciels |
- Bureautique |
- Développement |
- Internet |
- Jeux |
- Loisirs |
- Multimédia |
- Personnaliser son pc |
- Sécurité |
- Utilitaires |
- Logiciels Linux |
- logiciels Mac
JEUX VIDÉOS
- jeux PC |
- Xbox |
- Playstation |
- Wii |
- PSP |
- DS |
- Action |
- Aventure |
- MMORPG |
- Sports |
- Simulation |
- Enfant |
- Soluces et astuces
LOISIRS
01NET PRO
- Réseaux et Internet |
- Programmation et développement |
- Logiciels d'entreprise |
- Systèmes d'exploitation en entreprise |
- Sécurité en entreprise |
- Entreprenariat |
- Emploi |
- Services PRO |
- Matériel PRO
AVIS ET COMMENTAIRES
- Les actualités de 01net. |
- Avis sur les jeux vidéos |
- Avis sur les produits |
- Avis sur les logiciels |
A PROPOS DE 01NET
publicité
Messages des modérateurs
Discussions les plus actives
- mon pc rame a mort j ai des pic de uc a 70 a 100 %
- virus ou anti-virus 360? comment s'en débarrasser, je galère
- PC extremement lent et msg d'erreur
- disque dur,amovible,interne ne s'ouvre plus en 2 clic(virus)
- Connection internet impossible causée par virus
- comment nettoyer mon ordinateur?
- [RESOLU] Avast, pare feu ... tous bloqués !!
- infecté par spyware-secure ? (résolu)
- macrovirus : W97/Thus.AD (résolu)
- virus et disfonctionnement
 |
 |
NOUVEAU :
Téléchargez-moi en moins de 2 min. sur votre PC/Mac !
|
 |
||
Nous contacter
|
Charte de confiance
|
Voir notice légale
01net. - 01men - RMC - BFM Radio - BFM TV - La Tribune - TousLesPodcasts - 01informatique.fr - Association RMC-BFM
01net. - 01men - RMC - BFM Radio - BFM TV - La Tribune - TousLesPodcasts - 01informatique.fr - Association RMC-BFM
Tous droits réservés © 1999 - 2009 Internext - 01net.