Enlever un cheval de troie, PLEASE, HELP, SVP
Résolu/Fermé
A voir également:
- Enlever un cheval de troie, PLEASE, HELP, SVP
- Enlever bing - Guide
- Comment enlever une page sur word - Guide
- Enlever mot de passe windows 10 - Guide
- Enlever logo tiktok - Guide
- Enlever mot de passe windows 11 - Guide
16 réponses
sherred
Messages postés
8346
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
25 mars 2024
350
9 juil. 2009 à 10:21
9 juil. 2009 à 10:21
en mode sans echec
télécharge Malwarebyte's ici http://www.malwarebytes.org/mbam/program/mbam-setup.exe
le programme va se mettre automatiquement a jour.
S'il manque le fichier COMCTL32.OCX, vous pourrez le télécharger ici
https://www.malekal.com/tutorial-aboutbuster/
Une fois a jour, le programme va se lancer; click sur l´onglet paramètre, et coche la case : "Arrêter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des éléments on été trouvés > click sur supprimer la sélection.
si il t´es demandé de redémarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de manière a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
PS : les rapport sont aussi rangé dans l onglet rapport/log
télécharge Malwarebyte's ici http://www.malwarebytes.org/mbam/program/mbam-setup.exe
le programme va se mettre automatiquement a jour.
S'il manque le fichier COMCTL32.OCX, vous pourrez le télécharger ici
https://www.malekal.com/tutorial-aboutbuster/
Une fois a jour, le programme va se lancer; click sur l´onglet paramètre, et coche la case : "Arrêter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des éléments on été trouvés > click sur supprimer la sélection.
si il t´es demandé de redémarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de manière a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
PS : les rapport sont aussi rangé dans l onglet rapport/log
Alors voila les resultats.
Malwarebytes' Anti-Malware 1.38
Version de la base de données: 2297
Windows 6.0.6001 Service Pack 1
10/07/2009 13:31:37
mbam-log-2009-07-10 (13-31-37).txt
Type de recherche: Examen rapide
Eléments examinés: 77614
Temps écoulé: 3 minute(s), 12 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 13
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 8
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\tbsb09835.ietoolbar (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb09835.ietoolbar.1 (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb09835.tbsb09835 (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb09835.tbsb09835.3 (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar3.tbsb09835 (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar3.tbsb09835.1 (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d97fc677-694d-4a75-ac89-a5b85c2bcfed} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6226ba26-c017-4007-928c-de9715c6fa67} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d97fc677-694d-4a75-ac89-a5b85c2bcfed} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6226ba26-c017-4007-928c-de9715c6fa67} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d97fc677-694d-4a75-ac89-a5b85c2bcfed} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Trojan.BHO) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{6226ba26-c017-4007-928c-de9715c6fa67} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\runit (Trojan.Agent) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
c:\Windows\bkit6768.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\gggi8058.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\hihj8168.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\ifapt78545.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\nmwi87014.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\utgqd1346.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\runit\config.txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\kdiue732.txt (Malware.Trace) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.38
Version de la base de données: 2297
Windows 6.0.6001 Service Pack 1
10/07/2009 13:31:37
mbam-log-2009-07-10 (13-31-37).txt
Type de recherche: Examen rapide
Eléments examinés: 77614
Temps écoulé: 3 minute(s), 12 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 13
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 8
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\tbsb09835.ietoolbar (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb09835.ietoolbar.1 (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb09835.tbsb09835 (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb09835.tbsb09835.3 (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar3.tbsb09835 (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar3.tbsb09835.1 (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d97fc677-694d-4a75-ac89-a5b85c2bcfed} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6226ba26-c017-4007-928c-de9715c6fa67} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d97fc677-694d-4a75-ac89-a5b85c2bcfed} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6226ba26-c017-4007-928c-de9715c6fa67} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d97fc677-694d-4a75-ac89-a5b85c2bcfed} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Trojan.BHO) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{6226ba26-c017-4007-928c-de9715c6fa67} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\runit (Trojan.Agent) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
c:\Windows\bkit6768.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\gggi8058.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\hihj8168.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\ifapt78545.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\nmwi87014.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\utgqd1346.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\runit\config.txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\kdiue732.txt (Malware.Trace) -> Quarantined and deleted successfully.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
sherred
Messages postés
8346
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
25 mars 2024
350
9 juil. 2009 à 12:43
9 juil. 2009 à 12:43
juste pour verifier
Télécharge SmitfraudFix : http://siri.urz.free.fr/Fix/SmitfraudFix.exe
http://siri.urz.free.fr/Fix/SmitfraudFix.php
- Enregistre-le sur le bureau
- Double-clique sur SmitfraudFix.exe et choisis l'option 1 puis Entrée
- Un rapport sera généré, poste-le dans ta prochaine réponse stp.
Tutoriel ici pour t'aider : http://www.malekal.com//tutorial_SmitFraudfix.php
.....................................
télécharge hijackthis http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
-> enregistre la cible sous .... "le bureau" renomme HJTInstall.exe en par exemple HJT.exe
-> Fais un double-clic sur "HJT.exe" afin de lancer l'installation
-> Clique sur Install ensuite sur "I Accept"
-> Clique sur" Do a scan system and save log file"
-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
Télécharge SmitfraudFix : http://siri.urz.free.fr/Fix/SmitfraudFix.exe
http://siri.urz.free.fr/Fix/SmitfraudFix.php
- Enregistre-le sur le bureau
- Double-clique sur SmitfraudFix.exe et choisis l'option 1 puis Entrée
- Un rapport sera généré, poste-le dans ta prochaine réponse stp.
Tutoriel ici pour t'aider : http://www.malekal.com//tutorial_SmitFraudfix.php
.....................................
télécharge hijackthis http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
-> enregistre la cible sous .... "le bureau" renomme HJTInstall.exe en par exemple HJT.exe
-> Fais un double-clic sur "HJT.exe" afin de lancer l'installation
-> Clique sur Install ensuite sur "I Accept"
-> Clique sur" Do a scan system and save log file"
-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
ALORS VOILA, Ca c'est le rapport de SmitFraudfix.
SmitFraudFix v2.423
Scan done at 14:59:13,02, 10/07/2009
Run from C:\Users\Douarfy\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\notepad.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Douarfy
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Douarfy\AppData\Local\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Douarfy\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Douarfy\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000000
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"
»»»»»»»»»»»»»»»»»»»»»»»» RK
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{ACAF47D5-6601-4DAA-A149-F11C91065B8F}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{ACAF47D5-6601-4DAA-A149-F11C91065B8F}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{ACAF47D5-6601-4DAA-A149-F11C91065B8F}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
SmitFraudFix v2.423
Scan done at 14:59:13,02, 10/07/2009
Run from C:\Users\Douarfy\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\notepad.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Douarfy
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Douarfy\AppData\Local\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Douarfy\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Douarfy\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000000
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"
»»»»»»»»»»»»»»»»»»»»»»»» RK
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{ACAF47D5-6601-4DAA-A149-F11C91065B8F}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{ACAF47D5-6601-4DAA-A149-F11C91065B8F}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{ACAF47D5-6601-4DAA-A149-F11C91065B8F}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Et voila le rapport de HijackThis.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:07:51, on 10/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Safe mode
Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (file missing)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\Douarfy\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: x-sdch - (no CLSID) - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Update Service (gupdate1c98d11ce00e5bc) (gupdate1c98d11ce00e5bc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:07:51, on 10/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Safe mode
Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (file missing)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\Douarfy\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: x-sdch - (no CLSID) - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Update Service (gupdate1c98d11ce00e5bc) (gupdate1c98d11ce00e5bc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
sherred
Messages postés
8346
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
25 mars 2024
350
9 juil. 2009 à 15:44
9 juil. 2009 à 15:44
desole pour l'attente , mais faut pas faire n'importe quoi
donc
redémarre le pc sans échec
Pour démarrer en mode sans échec
>>1--démarre ou redémarre l’ordinateur. L'affichage affichent la progression du BIOS,
>>2--A la fin du chargement du BIOS, tapote sur la touche F8 de ton clavier. jusqu'à ce que le menu des options avancées de Windows apparaisse. Si tu appuie sur la touche F8 trop tôt, il est possible que certains ordinateurs affichent le message "erreur clavier". Dans ce cas redémarre l'ordinateur et essaye de nouveau.
>>4--En utilisant les flèches de ton clavier, sélectionne « Mode sans échec » dans le menu puis appuie sur Entrée.
Aide ici:
http://www.commentcamarche.net/faq/sujet 5004 windows demarrage en mode sans echec#demarrer en mode sans echec avec windows xp
une fois dans le bureau
redémarre Smitfraud " et fait l'option nettoyage "2"
Réponds O aux deux questions suivantes: si il les pose
Voulez-vous nettoyer le registre ?
Corriger le fichier infecté ?
Un rapport.txt sera généré et tu le sauve sous ton bureau pour le retrouver plus tard
et tu redémarre le pc
enfin tu le postes le rapport
donc
redémarre le pc sans échec
Pour démarrer en mode sans échec
>>1--démarre ou redémarre l’ordinateur. L'affichage affichent la progression du BIOS,
>>2--A la fin du chargement du BIOS, tapote sur la touche F8 de ton clavier. jusqu'à ce que le menu des options avancées de Windows apparaisse. Si tu appuie sur la touche F8 trop tôt, il est possible que certains ordinateurs affichent le message "erreur clavier". Dans ce cas redémarre l'ordinateur et essaye de nouveau.
>>4--En utilisant les flèches de ton clavier, sélectionne « Mode sans échec » dans le menu puis appuie sur Entrée.
Aide ici:
http://www.commentcamarche.net/faq/sujet 5004 windows demarrage en mode sans echec#demarrer en mode sans echec avec windows xp
une fois dans le bureau
redémarre Smitfraud " et fait l'option nettoyage "2"
Réponds O aux deux questions suivantes: si il les pose
Voulez-vous nettoyer le registre ?
Corriger le fichier infecté ?
Un rapport.txt sera généré et tu le sauve sous ton bureau pour le retrouver plus tard
et tu redémarre le pc
enfin tu le postes le rapport
Douarfy
Messages postés
7
Date d'inscription
jeudi 9 juillet 2009
Statut
Membre
Dernière intervention
9 juillet 2009
9 juil. 2009 à 16:09
9 juil. 2009 à 16:09
Bon voila le rapport
SmitFraudFix v2.423
Scan done at 17:52:44,29, 10/07/2009
Run from C:\Users\Douarfy\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
::1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{ACAF47D5-6601-4DAA-A149-F11C91065B8F}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{ACAF47D5-6601-4DAA-A149-F11C91065B8F}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{ACAF47D5-6601-4DAA-A149-F11C91065B8F}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
»»»»»»»»»»»»»»»»»»»»»»»» RK.2
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
SmitFraudFix v2.423
Scan done at 17:52:44,29, 10/07/2009
Run from C:\Users\Douarfy\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
::1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{ACAF47D5-6601-4DAA-A149-F11C91065B8F}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{ACAF47D5-6601-4DAA-A149-F11C91065B8F}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{ACAF47D5-6601-4DAA-A149-F11C91065B8F}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
»»»»»»»»»»»»»»»»»»»»»»»» RK.2
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Douarfy
Messages postés
7
Date d'inscription
jeudi 9 juillet 2009
Statut
Membre
Dernière intervention
9 juillet 2009
9 juil. 2009 à 16:10
9 juil. 2009 à 16:10
Voila le rapport
SmitFraudFix v2.423
Scan done at 17:52:44,29, 10/07/2009
Run from C:\Users\Douarfy\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
::1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{ACAF47D5-6601-4DAA-A149-F11C91065B8F}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{ACAF47D5-6601-4DAA-A149-F11C91065B8F}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{ACAF47D5-6601-4DAA-A149-F11C91065B8F}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
»»»»»»»»»»»»»»»»»»»»»»»» RK.2
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
SmitFraudFix v2.423
Scan done at 17:52:44,29, 10/07/2009
Run from C:\Users\Douarfy\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
::1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{ACAF47D5-6601-4DAA-A149-F11C91065B8F}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{ACAF47D5-6601-4DAA-A149-F11C91065B8F}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{ACAF47D5-6601-4DAA-A149-F11C91065B8F}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
»»»»»»»»»»»»»»»»»»»»»»»» RK.2
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
sherred
Messages postés
8346
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
25 mars 2024
350
9 juil. 2009 à 16:12
9 juil. 2009 à 16:12
derniere petite chose
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
Douarfy
Messages postés
7
Date d'inscription
jeudi 9 juillet 2009
Statut
Membre
Dernière intervention
9 juillet 2009
9 juil. 2009 à 16:17
9 juil. 2009 à 16:17
Voila le deuxieme rapport
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz )
BIOS : Ver 1.00PARTTBL
USER : Douarfy ( Administrator )
BOOT : Fail-safe with network boot
C:\ (Local Disk) - NTFS - Total:69 Go (Free:45 Go)
D:\ (Local Disk) - NTFS - Total:69 Go (Free:69 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 10/07/2009|18:16 )
[ UAC => 1 ]
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\windows\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Url"="https://www.msn.com/fr-fr/actualite/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\windows\\system32\\blank.htm"
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\Users\Douarfy\AppData\Roaming\Microsoft\Windows\Recent\Guitar Pro 5 0 full +crack rar.lnk
C:\Users\Douarfy\AppData\Roaming\Microsoft\Windows\Recent\Guitar Pro 5 2 + CD keys (with complete RSE packs) crack keygen (2).lnk
C:\Users\Douarfy\AppData\Roaming\Microsoft\Windows\Recent\Guitar Pro 5 2 + CD keys (with complete RSE packs) crack keygen (3).lnk
C:\Users\Douarfy\AppData\Roaming\Microsoft\Windows\Recent\Guitar Pro 5 2 + CD keys (with complete RSE packs) crack keygen.lnk
C:\Users\Douarfy\AppData\Roaming\Microsoft\Windows\Recent\Guitar Pro 5 2 +Keygen (2).lnk
C:\Users\Douarfy\AppData\Roaming\Microsoft\Windows\Recent\Guitar Pro 5 2 +Keygen (3).lnk
C:\Users\Douarfy\AppData\Roaming\Microsoft\Windows\Recent\Guitar Pro 5 2 +Keygen.lnk
C:\Users\Douarfy\AppData\Roaming\Microsoft\Windows\Recent\Guitar Pro 5.2 + Keygen.lnk
C:\Users\Douarfy\AppData\Roaming\Microsoft\Windows\Recent\Preview-T-3113343-Guitar Pro 5.2 + Keygen.lnk
[ UAC => 1 ]
1 - "C:\ToolBar SD\TB_1.txt" - 10/07/2009|18:16 - Option : [1]
-----------\\ Fin du rapport a 18:16:29,05
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz )
BIOS : Ver 1.00PARTTBL
USER : Douarfy ( Administrator )
BOOT : Fail-safe with network boot
C:\ (Local Disk) - NTFS - Total:69 Go (Free:45 Go)
D:\ (Local Disk) - NTFS - Total:69 Go (Free:69 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 10/07/2009|18:16 )
[ UAC => 1 ]
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\windows\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Url"="https://www.msn.com/fr-fr/actualite/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\windows\\system32\\blank.htm"
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\Users\Douarfy\AppData\Roaming\Microsoft\Windows\Recent\Guitar Pro 5 0 full +crack rar.lnk
C:\Users\Douarfy\AppData\Roaming\Microsoft\Windows\Recent\Guitar Pro 5 2 + CD keys (with complete RSE packs) crack keygen (2).lnk
C:\Users\Douarfy\AppData\Roaming\Microsoft\Windows\Recent\Guitar Pro 5 2 + CD keys (with complete RSE packs) crack keygen (3).lnk
C:\Users\Douarfy\AppData\Roaming\Microsoft\Windows\Recent\Guitar Pro 5 2 + CD keys (with complete RSE packs) crack keygen.lnk
C:\Users\Douarfy\AppData\Roaming\Microsoft\Windows\Recent\Guitar Pro 5 2 +Keygen (2).lnk
C:\Users\Douarfy\AppData\Roaming\Microsoft\Windows\Recent\Guitar Pro 5 2 +Keygen (3).lnk
C:\Users\Douarfy\AppData\Roaming\Microsoft\Windows\Recent\Guitar Pro 5 2 +Keygen.lnk
C:\Users\Douarfy\AppData\Roaming\Microsoft\Windows\Recent\Guitar Pro 5.2 + Keygen.lnk
C:\Users\Douarfy\AppData\Roaming\Microsoft\Windows\Recent\Preview-T-3113343-Guitar Pro 5.2 + Keygen.lnk
[ UAC => 1 ]
1 - "C:\ToolBar SD\TB_1.txt" - 10/07/2009|18:16 - Option : [1]
-----------\\ Fin du rapport a 18:16:29,05
sherred
Messages postés
8346
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
25 mars 2024
350
9 juil. 2009 à 16:23
9 juil. 2009 à 16:23
ok c'est bon
tu peu mettre ToolBar a la poubelle et desinstalle SmitfraudFix
pour ce qui est de la Guitar , c'est bien d'en jouer , mais fait gaffe, les cracks ca amene des virus
tu peu mettre ToolBar a la poubelle et desinstalle SmitfraudFix
pour ce qui est de la Guitar , c'est bien d'en jouer , mais fait gaffe, les cracks ca amene des virus
Douarfy
Messages postés
7
Date d'inscription
jeudi 9 juillet 2009
Statut
Membre
Dernière intervention
9 juillet 2009
9 juil. 2009 à 16:25
9 juil. 2009 à 16:25
Waou, ca marche maintenant? ben comment tu as su pour savoir que j'en fais? c'est pske j'avais telechargé Guitar Pro?
Douarfy
Messages postés
7
Date d'inscription
jeudi 9 juillet 2009
Statut
Membre
Dernière intervention
9 juillet 2009
9 juil. 2009 à 16:27
9 juil. 2009 à 16:27
Ben merci vraiment beaucoup
Douarfy
Messages postés
7
Date d'inscription
jeudi 9 juillet 2009
Statut
Membre
Dernière intervention
9 juillet 2009
9 juil. 2009 à 16:38
9 juil. 2009 à 16:38
Ben en fait ils ne me laissent toujours pas entrer dans le bureau, et avast me dit toujours qu'il y a un virus, repond moi vite stp!! PLEASE
sherred
Messages postés
8346
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
25 mars 2024
350
9 juil. 2009 à 16:44
9 juil. 2009 à 16:44
là je comprend pas , essaye ca pour voir si tu a quelque virus plus serieux
Télécharge AVP Tool. le plus recent: http://downloads5.kaspersky-labs.com/devbuilds/AVPTool/
Redémarre en mode Sans Échec de toute facon t'a pas le choix
Connecte clés USB et disques externes. si tu en a
Lance "setup_7.0xxxxx" en double-cliquant dessus
Réponds "Oui" à la question "Do you want to continue installation?"
Clique sur "Next" pour les deux fenêtres suivantes: AVP TOOL s'installe sur ton Bureau dans un dossier nommé "Kaspersky Lab Tool"
L'outil se lance tout seul: coche toutes les cases dans l'onglet "Automatic Scan".
Clique maintenant sur "Security Level": une fenêtre de configuration s'ouvre: paramètre le scanner comme sur l'image :
http://img381.imageshack.us/img381/2184/kas1lt6rk1gw5.png
Valide avec "Apply" puis "OK"
L'outil est maintenant configuré : dans la fenêtre principale, clique sur "Scan". Le scan commence, une nouvelle fenêtre s'ouvre indiquant la progression du balayage en pourcentage.
A la fin du scan, AVP Tool signale les objets infectés par l'intermédiaire d'une pop-up: coche alors "Apply to all" et clique sur "Delete" ou "Disinfect" selon ce que propose la fenêtre :
http://img179.imageshack.us/img179/9879/kas2rd1gr4iy3.png
Une fois les infections traitées par l'intermédiaire des pop-ups, il se peut que des fichiers malsains n'aient pas été supprimés: ils apparaissent en rouge dans la liste: clique alors sur le bouton "Neutralize all" de la fenêtre de progression du scan: si une pop-up indique qu'il faut redémarrer, accepte en cliquant sur "OK"
Rends-toi maintenant dans l'onglet "Events" de la fenêtre de progression du scan, et décoche "Show all events"
Clique enfin sur "Reports" puis "Save to file" et enregistre le rapport sur ton Bureau sous le nom Rapport AVP TOOL
Redémarre en mode "normal"
Poste le contenu du rapport dans ta prochaine réponse.
--
Télécharge AVP Tool. le plus recent: http://downloads5.kaspersky-labs.com/devbuilds/AVPTool/
Redémarre en mode Sans Échec de toute facon t'a pas le choix
Connecte clés USB et disques externes. si tu en a
Lance "setup_7.0xxxxx" en double-cliquant dessus
Réponds "Oui" à la question "Do you want to continue installation?"
Clique sur "Next" pour les deux fenêtres suivantes: AVP TOOL s'installe sur ton Bureau dans un dossier nommé "Kaspersky Lab Tool"
L'outil se lance tout seul: coche toutes les cases dans l'onglet "Automatic Scan".
Clique maintenant sur "Security Level": une fenêtre de configuration s'ouvre: paramètre le scanner comme sur l'image :
http://img381.imageshack.us/img381/2184/kas1lt6rk1gw5.png
Valide avec "Apply" puis "OK"
L'outil est maintenant configuré : dans la fenêtre principale, clique sur "Scan". Le scan commence, une nouvelle fenêtre s'ouvre indiquant la progression du balayage en pourcentage.
A la fin du scan, AVP Tool signale les objets infectés par l'intermédiaire d'une pop-up: coche alors "Apply to all" et clique sur "Delete" ou "Disinfect" selon ce que propose la fenêtre :
http://img179.imageshack.us/img179/9879/kas2rd1gr4iy3.png
Une fois les infections traitées par l'intermédiaire des pop-ups, il se peut que des fichiers malsains n'aient pas été supprimés: ils apparaissent en rouge dans la liste: clique alors sur le bouton "Neutralize all" de la fenêtre de progression du scan: si une pop-up indique qu'il faut redémarrer, accepte en cliquant sur "OK"
Rends-toi maintenant dans l'onglet "Events" de la fenêtre de progression du scan, et décoche "Show all events"
Clique enfin sur "Reports" puis "Save to file" et enregistre le rapport sur ton Bureau sous le nom Rapport AVP TOOL
Redémarre en mode "normal"
Poste le contenu du rapport dans ta prochaine réponse.
--
Douarfy
Messages postés
7
Date d'inscription
jeudi 9 juillet 2009
Statut
Membre
Dernière intervention
9 juillet 2009
9 juil. 2009 à 17:00
9 juil. 2009 à 17:00
Ok merci, ca telecharge le fichier la. Mais pourquoi faut-il un disque externe ou une clé?
sherred
Messages postés
8346
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
25 mars 2024
350
>
Douarfy
Messages postés
7
Date d'inscription
jeudi 9 juillet 2009
Statut
Membre
Dernière intervention
9 juillet 2009
10 juil. 2009 à 07:02
10 juil. 2009 à 07:02
c'est juste que si tu a des clés ou des dd ext ils sont contaminé aussi
Alors voila, j'ai fais tout ce que tu m'as demandé, mais quand tu me dis qu'il peut encore rester des logiciels malveillant, c'est en rouge il faut faire neutralize all... Moi il en reste un pas supprimer, mais il n'est pas en rouge mais avec un point d'exclamation jaune(NOT Found) et je n'arrive toujours pas aller dans le bureau. Que Faire Please
et au fait voila le rapport demandé:
Scan
----
Scanned: 274076
Detected: 25
Untreated: 0
Start time: 10/07/2009 19:13:02
Duration: 01:01:34
Finish time: 10/07/2009 20:14:36
Detected
--------
Status Object
------ ------
not found: Trojan program Trojan.Win32.Monder.cqbi File: globalroot\systemroot\system32\hjgruitkmbapjf.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.chqe File: C:\Users\Douarfy\SmitfraudFix.exe/SmitfraudFix\WS2Fix.exe
deleted: Trojan program Trojan-Downloader.Win32.VB.oth File: C:\Users\Douarfy\AppData\Local\Temp\Temp1_Guitar Pro 5 RSE.zip\setup.exe/btt1.exe
deleted: Trojan program Trojan-Downloader.Win32.VB.oth File: C:\Users\Douarfy\AppData\Local\Temp\Temp2_Guitar Pro 5 RSE.zip\setup.exe/btt1.exe
deleted: Trojan program Trojan-Downloader.Win32.Agent.chqe File: C:\Users\Douarfy\SmitfraudFix\WS2Fix.exe
deleted: Trojan program Trojan-Downloader.Win32.Agent.chqe File: C:\Windows\System32\WS2Fix.exe
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp101712993.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp104504958.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp185736025.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp188274106.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp206507561.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp212887286.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp224649731.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp25487579.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp259198276.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp30743004.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp3093438.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp33160070.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp39663401.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp48784428.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp70761992.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp76503300.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp91812690.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp92422810.tmp
deleted: Trojan program Trojan-Downloader.Win32.VB.oth File: c:\users\douarfy\appdata\local\temp\temp2_guitar pro 5 rse.zip\setup.exe
Events
------
Time Name Status Reason
---- ---- ------ ------
10/07/2009 19:13:10 File: globalroot\systemroot\system32\hjgruitkmbapjf.dll detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:13:10 File: globalroot\systemroot\system32\hjgruitkmbapjf.dll not disinfected object is locked
10/07/2009 19:14:12 Logical disk sector: C processing error
10/07/2009 19:14:13 Logical disk sector: D processing error
10/07/2009 19:26:01 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/agntcons.vbs password protected
10/07/2009 19:26:01 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/agntlang.vbs password protected
10/07/2009 19:26:01 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/comctl.lpk password protected
10/07/2009 19:26:01 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/config.ini password protected
10/07/2009 19:26:01 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/pbar.vbs password protected
10/07/2009 19:26:01 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/UnInsStr.vbs password protected
10/07/2009 19:26:01 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/uninst.vbs password protected
10/07/2009 19:26:01 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/uninstall.htm password protected
10/07/2009 19:29:57 File: C:\Users\Douarfy\SmitfraudFix.exe/SmitfraudFix\WS2Fix.exe detected Trojan program 'Trojan-Downloader.Win32.Agent.chqe'
10/07/2009 19:29:57 File: C:\Users\Douarfy\SmitfraudFix.exe/SmitfraudFix\WS2Fix.exe not disinfected postponed
10/07/2009 19:33:26 File: C:\Users\Douarfy\AppData\Local\Temp\Temp1_Guitar Pro 5 RSE.zip\setup.exe/btt1.exe detected Trojan program 'Trojan-Downloader.Win32.VB.oth'
10/07/2009 19:33:26 File: C:\Users\Douarfy\AppData\Local\Temp\Temp1_Guitar Pro 5 RSE.zip\setup.exe/btt1.exe not disinfected postponed
10/07/2009 19:33:26 File: C:\Users\Douarfy\AppData\Local\Temp\Temp2_Guitar Pro 5 RSE.zip\setup.exe/btt1.exe detected Trojan program 'Trojan-Downloader.Win32.VB.oth'
10/07/2009 19:33:26 File: C:\Users\Douarfy\AppData\Local\Temp\Temp2_Guitar Pro 5 RSE.zip\setup.exe/btt1.exe not disinfected postponed
10/07/2009 19:34:16 File: C:\Users\Douarfy\SmitfraudFix\WS2Fix.exe detected Trojan program 'Trojan-Downloader.Win32.Agent.chqe'
10/07/2009 19:34:16 File: C:\Users\Douarfy\SmitfraudFix\WS2Fix.exe not disinfected postponed
10/07/2009 19:39:10 File: C:\Windows\System32\WS2Fix.exe detected Trojan program 'Trojan-Downloader.Win32.Agent.chqe'
10/07/2009 19:39:10 File: C:\Windows\System32\WS2Fix.exe not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp101712993.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp101712993.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp104504958.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp104504958.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp185736025.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp185736025.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp188274106.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp188274106.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp206507561.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp206507561.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp212887286.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp212887286.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp224649731.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp224649731.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp25487579.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp25487579.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp259198276.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp259198276.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp30743004.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp30743004.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp3093438.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp3093438.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp33160070.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp33160070.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp39663401.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp39663401.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp48784428.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp48784428.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp70761992.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp70761992.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp76503300.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp76503300.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp91812690.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp91812690.tmp not disinfected postponed
10/07/2009 19:43:42 File: C:\Windows\Temp\_avast4_\unp92422810.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:42 File: C:\Windows\Temp\_avast4_\unp92422810.tmp not disinfected postponed
10/07/2009 19:55:35 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/agntcons.vbs password protected
10/07/2009 19:55:35 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/agntlang.vbs password protected
10/07/2009 19:55:35 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/comctl.lpk password protected
10/07/2009 19:55:35 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/config.ini password protected
10/07/2009 19:55:35 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/pbar.vbs password protected
10/07/2009 19:55:35 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/UnInsStr.vbs password protected
10/07/2009 19:55:35 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/uninst.vbs password protected
10/07/2009 19:55:35 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/uninstall.htm password protected
10/07/2009 19:58:00 File: C:\Users\Douarfy\SmitfraudFix.exe/SmitfraudFix\WS2Fix.exe detected Trojan program 'Trojan-Downloader.Win32.Agent.chqe'
10/07/2009 19:58:00 File: C:\Users\Douarfy\SmitfraudFix.exe/SmitfraudFix\WS2Fix.exe not disinfected postponed
10/07/2009 20:00:57 File: C:\Users\Douarfy\AppData\Local\Temp\Temp1_Guitar Pro 5 RSE.zip\setup.exe/btt1.exe detected Trojan program 'Trojan-Downloader.Win32.VB.oth'
10/07/2009 20:00:57 File: C:\Users\Douarfy\AppData\Local\Temp\Temp1_Guitar Pro 5 RSE.zip\setup.exe/btt1.exe not disinfected postponed
10/07/2009 20:00:58 File: C:\Users\Douarfy\AppData\Local\Temp\Temp2_Guitar Pro 5 RSE.zip\setup.exe/btt1.exe detected Trojan program 'Trojan-Downloader.Win32.VB.oth'
10/07/2009 20:00:58 File: C:\Users\Douarfy\AppData\Local\Temp\Temp2_Guitar Pro 5 RSE.zip\setup.exe/btt1.exe not disinfected postponed
10/07/2009 20:01:24 File: C:\Users\Douarfy\SmitfraudFix\WS2Fix.exe detected Trojan program 'Trojan-Downloader.Win32.Agent.chqe'
10/07/2009 20:01:24 File: C:\Users\Douarfy\SmitfraudFix\WS2Fix.exe not disinfected postponed
10/07/2009 20:03:49 File: C:\Windows\System32\WS2Fix.exe detected Trojan program 'Trojan-Downloader.Win32.Agent.chqe'
10/07/2009 20:03:49 File: C:\Windows\System32\WS2Fix.exe not disinfected postponed
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp101712993.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp101712993.tmp not disinfected postponed
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp104504958.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp104504958.tmp not disinfected postponed
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp185736025.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp185736025.tmp not disinfected postponed
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp188274106.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp188274106.tmp not disinfected postponed
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp206507561.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp206507561.tmp not disinfected postponed
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp212887286.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp212887286.tmp not disinfected postponed
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp224649731.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp224649731.tmp not disinfected postponed
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp25487579.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp25487579.tmp not disinfected postponed
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp259198276.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp259198276.tmp not disinfected postponed
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp30743004.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp30743004.tmp not disinfected postponed
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp3093438.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp3093438.tmp not disinfected postponed
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp33160070.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp33160070.tmp not disinfected postponed
10/07/2009 20:06:50 File: C:\Windows\Temp\_avast4_\unp39663401.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:50 File: C:\Windows\Temp\_avast4_\unp39663401.tmp not disinfected postponed
10/07/2009 20:06:50 File: C:\Windows\Temp\_avast4_\unp48784428.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:50 File: C:\Windows\Temp\_avast4_\unp48784428.tmp not disinfected postponed
10/07/2009 20:06:50 File: C:\Windows\Temp\_avast4_\unp70761992.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:50 File: C:\Windows\Temp\_avast4_\unp70761992.tmp not disinfected postponed
10/07/2009 20:06:50 File: C:\Windows\Temp\_avast4_\unp76503300.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:50 File: C:\Windows\Temp\_avast4_\unp76503300.tmp not disinfected postponed
10/07/2009 20:06:50 File: C:\Windows\Temp\_avast4_\unp91812690.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:50 File: C:\Windows\Temp\_avast4_\unp91812690.tmp not disinfected postponed
10/07/2009 20:06:50 File: C:\Windows\Temp\_avast4_\unp92422810.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:50 File: C:\Windows\Temp\_avast4_\unp92422810.tmp not disinfected postponed
10/07/2009 20:14:01 File: globalroot\systemroot\system32\hjgruitkmbapjf.dll processing error
10/07/2009 20:14:07 File: c:\users\douarfy\smitfraudfix.exe/SmitfraudFix\WS2Fix.exe detected Trojan program 'Trojan-Downloader.Win32.Agent.chqe'
10/07/2009 20:14:32 File: c:\users\douarfy\smitfraudfix.exe deleted
10/07/2009 20:14:33 File: c:\users\douarfy\appdata\local\temp\temp1_guitar pro 5 rse.zip\setup.exe/btt1.exe detected Trojan program 'Trojan-Downloader.Win32.VB.oth'
10/07/2009 20:14:34 File: c:\users\douarfy\appdata\local\temp\temp1_guitar pro 5 rse.zip\setup.exe deleted
10/07/2009 20:14:34 File: c:\users\douarfy\appdata\local\temp\temp2_guitar pro 5 rse.zip\setup.exe detected Trojan program 'Trojan-Downloader.Win32.VB.oth' by hash
10/07/2009 20:14:35 File: c:\users\douarfy\appdata\local\temp\temp2_guitar pro 5 rse.zip\setup.exe deleted
10/07/2009 20:14:35 File: c:\users\douarfy\smitfraudfix\ws2fix.exe detected Trojan program 'Trojan-Downloader.Win32.Agent.chqe'
10/07/2009 20:14:35 File: c:\users\douarfy\smitfraudfix\ws2fix.exe deleted
10/07/2009 20:14:35 File: c:\windows\system32\ws2fix.exe detected Trojan program 'Trojan-Downloader.Win32.Agent.chqe'
10/07/2009 20:14:35 File: c:\windows\system32\ws2fix.exe deleted
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp101712993.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp101712993.tmp deleted
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp104504958.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp104504958.tmp deleted
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp185736025.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp185736025.tmp deleted
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp188274106.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp188274106.tmp deleted
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp206507561.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp206507561.tmp deleted
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp212887286.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp212887286.tmp deleted
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp224649731.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp224649731.tmp deleted
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp25487579.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp25487579.tmp deleted
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp259198276.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp259198276.tmp deleted
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp30743004.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp30743004.tmp deleted
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp3093438.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp3093438.tmp deleted
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp33160070.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp33160070.tmp deleted
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp39663401.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp39663401.tmp deleted
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp48784428.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp48784428.tmp deleted
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp70761992.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp70761992.tmp deleted
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp76503300.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp76503300.tmp deleted
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp91812690.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp91812690.tmp deleted
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp92422810.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp92422810.tmp deleted
Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------
All objects 274076 24 24 0 0 1110 538 16 9
System memory 1963 1 1 0 0 0 0 0 0
Startup objects 750 0 0 0 0 0 32 0 0
Disk boot sectors 3 0 0 0 0 0 0 0 0
Documents 10 0 0 0 0 0 1 0 0
Mail databases 0 0 0 0 0 0 0 0 0
Poste de travail 175198 23 23 0 0 1033 348 8 5
ACER (C:) 92908 0 0 0 0 74 157 8 4
DATA (D:) 3 0 0 0 0 0 0 0 0
Lecteur CD (E:) 0 0 0 0 0 0 0 0 0
Lecteur CD (F:) 0 0 0 0 0 0 0 0 0
COMPAQ (G:) 3241 0 0 0 0 3 0 0 0
Settings
--------
Parameter Value
--------- -----
Security Level High
Action Prompt for action when the scan is complete
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives All
Scan embedded OLE objects All
Skip if object is larger than No
Skip if scan takes longer than No
Parse email formats Yes
Scan password-protected archives No
Enable iChecker technology Yes
Enable iSwift technology Yes
Show detected threats on "Detected" tab Yes
Rootkits search Yes
Deep rootkits search No
Use heuristic analyzer Yes
Quarantine
----------
Status Object Size Added
------ ------ ---- -----
Backup
------
Status Object Size
------ ------ ----
et au fait voila le rapport demandé:
Scan
----
Scanned: 274076
Detected: 25
Untreated: 0
Start time: 10/07/2009 19:13:02
Duration: 01:01:34
Finish time: 10/07/2009 20:14:36
Detected
--------
Status Object
------ ------
not found: Trojan program Trojan.Win32.Monder.cqbi File: globalroot\systemroot\system32\hjgruitkmbapjf.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.chqe File: C:\Users\Douarfy\SmitfraudFix.exe/SmitfraudFix\WS2Fix.exe
deleted: Trojan program Trojan-Downloader.Win32.VB.oth File: C:\Users\Douarfy\AppData\Local\Temp\Temp1_Guitar Pro 5 RSE.zip\setup.exe/btt1.exe
deleted: Trojan program Trojan-Downloader.Win32.VB.oth File: C:\Users\Douarfy\AppData\Local\Temp\Temp2_Guitar Pro 5 RSE.zip\setup.exe/btt1.exe
deleted: Trojan program Trojan-Downloader.Win32.Agent.chqe File: C:\Users\Douarfy\SmitfraudFix\WS2Fix.exe
deleted: Trojan program Trojan-Downloader.Win32.Agent.chqe File: C:\Windows\System32\WS2Fix.exe
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp101712993.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp104504958.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp185736025.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp188274106.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp206507561.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp212887286.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp224649731.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp25487579.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp259198276.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp30743004.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp3093438.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp33160070.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp39663401.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp48784428.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp70761992.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp76503300.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp91812690.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp92422810.tmp
deleted: Trojan program Trojan-Downloader.Win32.VB.oth File: c:\users\douarfy\appdata\local\temp\temp2_guitar pro 5 rse.zip\setup.exe
Events
------
Time Name Status Reason
---- ---- ------ ------
10/07/2009 19:13:10 File: globalroot\systemroot\system32\hjgruitkmbapjf.dll detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:13:10 File: globalroot\systemroot\system32\hjgruitkmbapjf.dll not disinfected object is locked
10/07/2009 19:14:12 Logical disk sector: C processing error
10/07/2009 19:14:13 Logical disk sector: D processing error
10/07/2009 19:26:01 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/agntcons.vbs password protected
10/07/2009 19:26:01 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/agntlang.vbs password protected
10/07/2009 19:26:01 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/comctl.lpk password protected
10/07/2009 19:26:01 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/config.ini password protected
10/07/2009 19:26:01 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/pbar.vbs password protected
10/07/2009 19:26:01 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/UnInsStr.vbs password protected
10/07/2009 19:26:01 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/uninst.vbs password protected
10/07/2009 19:26:01 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/uninstall.htm password protected
10/07/2009 19:29:57 File: C:\Users\Douarfy\SmitfraudFix.exe/SmitfraudFix\WS2Fix.exe detected Trojan program 'Trojan-Downloader.Win32.Agent.chqe'
10/07/2009 19:29:57 File: C:\Users\Douarfy\SmitfraudFix.exe/SmitfraudFix\WS2Fix.exe not disinfected postponed
10/07/2009 19:33:26 File: C:\Users\Douarfy\AppData\Local\Temp\Temp1_Guitar Pro 5 RSE.zip\setup.exe/btt1.exe detected Trojan program 'Trojan-Downloader.Win32.VB.oth'
10/07/2009 19:33:26 File: C:\Users\Douarfy\AppData\Local\Temp\Temp1_Guitar Pro 5 RSE.zip\setup.exe/btt1.exe not disinfected postponed
10/07/2009 19:33:26 File: C:\Users\Douarfy\AppData\Local\Temp\Temp2_Guitar Pro 5 RSE.zip\setup.exe/btt1.exe detected Trojan program 'Trojan-Downloader.Win32.VB.oth'
10/07/2009 19:33:26 File: C:\Users\Douarfy\AppData\Local\Temp\Temp2_Guitar Pro 5 RSE.zip\setup.exe/btt1.exe not disinfected postponed
10/07/2009 19:34:16 File: C:\Users\Douarfy\SmitfraudFix\WS2Fix.exe detected Trojan program 'Trojan-Downloader.Win32.Agent.chqe'
10/07/2009 19:34:16 File: C:\Users\Douarfy\SmitfraudFix\WS2Fix.exe not disinfected postponed
10/07/2009 19:39:10 File: C:\Windows\System32\WS2Fix.exe detected Trojan program 'Trojan-Downloader.Win32.Agent.chqe'
10/07/2009 19:39:10 File: C:\Windows\System32\WS2Fix.exe not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp101712993.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp101712993.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp104504958.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp104504958.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp185736025.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp185736025.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp188274106.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp188274106.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp206507561.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp206507561.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp212887286.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp212887286.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp224649731.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp224649731.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp25487579.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp25487579.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp259198276.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp259198276.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp30743004.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp30743004.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp3093438.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp3093438.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp33160070.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp33160070.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp39663401.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp39663401.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp48784428.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp48784428.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp70761992.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp70761992.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp76503300.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp76503300.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp91812690.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp91812690.tmp not disinfected postponed
10/07/2009 19:43:42 File: C:\Windows\Temp\_avast4_\unp92422810.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:42 File: C:\Windows\Temp\_avast4_\unp92422810.tmp not disinfected postponed
10/07/2009 19:55:35 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/agntcons.vbs password protected
10/07/2009 19:55:35 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/agntlang.vbs password protected
10/07/2009 19:55:35 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/comctl.lpk password protected
10/07/2009 19:55:35 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/config.ini password protected
10/07/2009 19:55:35 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/pbar.vbs password protected
10/07/2009 19:55:35 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/UnInsStr.vbs password protected
10/07/2009 19:55:35 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/uninst.vbs password protected
10/07/2009 19:55:35 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/uninstall.htm password protected
10/07/2009 19:58:00 File: C:\Users\Douarfy\SmitfraudFix.exe/SmitfraudFix\WS2Fix.exe detected Trojan program 'Trojan-Downloader.Win32.Agent.chqe'
10/07/2009 19:58:00 File: C:\Users\Douarfy\SmitfraudFix.exe/SmitfraudFix\WS2Fix.exe not disinfected postponed
10/07/2009 20:00:57 File: C:\Users\Douarfy\AppData\Local\Temp\Temp1_Guitar Pro 5 RSE.zip\setup.exe/btt1.exe detected Trojan program 'Trojan-Downloader.Win32.VB.oth'
10/07/2009 20:00:57 File: C:\Users\Douarfy\AppData\Local\Temp\Temp1_Guitar Pro 5 RSE.zip\setup.exe/btt1.exe not disinfected postponed
10/07/2009 20:00:58 File: C:\Users\Douarfy\AppData\Local\Temp\Temp2_Guitar Pro 5 RSE.zip\setup.exe/btt1.exe detected Trojan program 'Trojan-Downloader.Win32.VB.oth'
10/07/2009 20:00:58 File: C:\Users\Douarfy\AppData\Local\Temp\Temp2_Guitar Pro 5 RSE.zip\setup.exe/btt1.exe not disinfected postponed
10/07/2009 20:01:24 File: C:\Users\Douarfy\SmitfraudFix\WS2Fix.exe detected Trojan program 'Trojan-Downloader.Win32.Agent.chqe'
10/07/2009 20:01:24 File: C:\Users\Douarfy\SmitfraudFix\WS2Fix.exe not disinfected postponed
10/07/2009 20:03:49 File: C:\Windows\System32\WS2Fix.exe detected Trojan program 'Trojan-Downloader.Win32.Agent.chqe'
10/07/2009 20:03:49 File: C:\Windows\System32\WS2Fix.exe not disinfected postponed
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp101712993.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp101712993.tmp not disinfected postponed
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp104504958.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp104504958.tmp not disinfected postponed
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp185736025.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp185736025.tmp not disinfected postponed
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp188274106.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp188274106.tmp not disinfected postponed
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp206507561.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp206507561.tmp not disinfected postponed
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp212887286.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp212887286.tmp not disinfected postponed
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp224649731.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp224649731.tmp not disinfected postponed
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp25487579.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp25487579.tmp not disinfected postponed
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp259198276.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp259198276.tmp not disinfected postponed
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp30743004.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp30743004.tmp not disinfected postponed
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp3093438.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp3093438.tmp not disinfected postponed
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp33160070.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp33160070.tmp not disinfected postponed
10/07/2009 20:06:50 File: C:\Windows\Temp\_avast4_\unp39663401.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:50 File: C:\Windows\Temp\_avast4_\unp39663401.tmp not disinfected postponed
10/07/2009 20:06:50 File: C:\Windows\Temp\_avast4_\unp48784428.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:50 File: C:\Windows\Temp\_avast4_\unp48784428.tmp not disinfected postponed
10/07/2009 20:06:50 File: C:\Windows\Temp\_avast4_\unp70761992.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:50 File: C:\Windows\Temp\_avast4_\unp70761992.tmp not disinfected postponed
10/07/2009 20:06:50 File: C:\Windows\Temp\_avast4_\unp76503300.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:50 File: C:\Windows\Temp\_avast4_\unp76503300.tmp not disinfected postponed
10/07/2009 20:06:50 File: C:\Windows\Temp\_avast4_\unp91812690.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:50 File: C:\Windows\Temp\_avast4_\unp91812690.tmp not disinfected postponed
10/07/2009 20:06:50 File: C:\Windows\Temp\_avast4_\unp92422810.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:50 File: C:\Windows\Temp\_avast4_\unp92422810.tmp not disinfected postponed
10/07/2009 20:14:01 File: globalroot\systemroot\system32\hjgruitkmbapjf.dll processing error
10/07/2009 20:14:07 File: c:\users\douarfy\smitfraudfix.exe/SmitfraudFix\WS2Fix.exe detected Trojan program 'Trojan-Downloader.Win32.Agent.chqe'
10/07/2009 20:14:32 File: c:\users\douarfy\smitfraudfix.exe deleted
10/07/2009 20:14:33 File: c:\users\douarfy\appdata\local\temp\temp1_guitar pro 5 rse.zip\setup.exe/btt1.exe detected Trojan program 'Trojan-Downloader.Win32.VB.oth'
10/07/2009 20:14:34 File: c:\users\douarfy\appdata\local\temp\temp1_guitar pro 5 rse.zip\setup.exe deleted
10/07/2009 20:14:34 File: c:\users\douarfy\appdata\local\temp\temp2_guitar pro 5 rse.zip\setup.exe detected Trojan program 'Trojan-Downloader.Win32.VB.oth' by hash
10/07/2009 20:14:35 File: c:\users\douarfy\appdata\local\temp\temp2_guitar pro 5 rse.zip\setup.exe deleted
10/07/2009 20:14:35 File: c:\users\douarfy\smitfraudfix\ws2fix.exe detected Trojan program 'Trojan-Downloader.Win32.Agent.chqe'
10/07/2009 20:14:35 File: c:\users\douarfy\smitfraudfix\ws2fix.exe deleted
10/07/2009 20:14:35 File: c:\windows\system32\ws2fix.exe detected Trojan program 'Trojan-Downloader.Win32.Agent.chqe'
10/07/2009 20:14:35 File: c:\windows\system32\ws2fix.exe deleted
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp101712993.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp101712993.tmp deleted
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp104504958.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp104504958.tmp deleted
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp185736025.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp185736025.tmp deleted
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp188274106.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp188274106.tmp deleted
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp206507561.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp206507561.tmp deleted
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp212887286.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp212887286.tmp deleted
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp224649731.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp224649731.tmp deleted
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp25487579.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp25487579.tmp deleted
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp259198276.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp259198276.tmp deleted
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp30743004.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp30743004.tmp deleted
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp3093438.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp3093438.tmp deleted
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp33160070.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp33160070.tmp deleted
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp39663401.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp39663401.tmp deleted
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp48784428.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp48784428.tmp deleted
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp70761992.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp70761992.tmp deleted
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp76503300.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp76503300.tmp deleted
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp91812690.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp91812690.tmp deleted
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp92422810.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp92422810.tmp deleted
Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------
All objects 274076 24 24 0 0 1110 538 16 9
System memory 1963 1 1 0 0 0 0 0 0
Startup objects 750 0 0 0 0 0 32 0 0
Disk boot sectors 3 0 0 0 0 0 0 0 0
Documents 10 0 0 0 0 0 1 0 0
Mail databases 0 0 0 0 0 0 0 0 0
Poste de travail 175198 23 23 0 0 1033 348 8 5
ACER (C:) 92908 0 0 0 0 74 157 8 4
DATA (D:) 3 0 0 0 0 0 0 0 0
Lecteur CD (E:) 0 0 0 0 0 0 0 0 0
Lecteur CD (F:) 0 0 0 0 0 0 0 0 0
COMPAQ (G:) 3241 0 0 0 0 3 0 0 0
Settings
--------
Parameter Value
--------- -----
Security Level High
Action Prompt for action when the scan is complete
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives All
Scan embedded OLE objects All
Skip if object is larger than No
Skip if scan takes longer than No
Parse email formats Yes
Scan password-protected archives No
Enable iChecker technology Yes
Enable iSwift technology Yes
Show detected threats on "Detected" tab Yes
Rootkits search Yes
Deep rootkits search No
Use heuristic analyzer Yes
Quarantine
----------
Status Object Size Added
------ ------ ---- -----
Backup
------
Status Object Size
------ ------ ----
Alors voila, j'ai fais tout ce que tu m'as demandé, mais quand tu me dis qu'il peut encore rester des logiciels malveillant, c'est en rouge il faut faire neutralize all... Moi il en reste un pas supprimer, mais il n'est pas en rouge mais avec un point d'exclamation jaune(NOT Found) et je n'arrive toujours pas aller dans le bureau. Que Faire Please
et au fait voila le rapport demandé:
Scan
----
Scanned: 274076
Detected: 25
Untreated: 0
Start time: 10/07/2009 19:13:02
Duration: 01:01:34
Finish time: 10/07/2009 20:14:36
Detected
--------
Status Object
------ ------
not found: Trojan program Trojan.Win32.Monder.cqbi File: globalroot\systemroot\system32\hjgruitkmbapjf.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.chqe File: C:\Users\Douarfy\SmitfraudFix.exe/SmitfraudFix\WS2Fix.exe
deleted: Trojan program Trojan-Downloader.Win32.VB.oth File: C:\Users\Douarfy\AppData\Local\Temp\Temp1_Guitar Pro 5 RSE.zip\setup.exe/btt1.exe
deleted: Trojan program Trojan-Downloader.Win32.VB.oth File: C:\Users\Douarfy\AppData\Local\Temp\Temp2_Guitar Pro 5 RSE.zip\setup.exe/btt1.exe
deleted: Trojan program Trojan-Downloader.Win32.Agent.chqe File: C:\Users\Douarfy\SmitfraudFix\WS2Fix.exe
deleted: Trojan program Trojan-Downloader.Win32.Agent.chqe File: C:\Windows\System32\WS2Fix.exe
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp101712993.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp104504958.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp185736025.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp188274106.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp206507561.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp212887286.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp224649731.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp25487579.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp259198276.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp30743004.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp3093438.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp33160070.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp39663401.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp48784428.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp70761992.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp76503300.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp91812690.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp92422810.tmp
deleted: Trojan program Trojan-Downloader.Win32.VB.oth File: c:\users\douarfy\appdata\local\temp\temp2_guitar pro 5 rse.zip\setup.exe
Events
------
Time Name Status Reason
---- ---- ------ ------
10/07/2009 19:13:10 File: globalroot\systemroot\system32\hjgruitkmbapjf.dll detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:13:10 File: globalroot\systemroot\system32\hjgruitkmbapjf.dll not disinfected object is locked
10/07/2009 19:14:12 Logical disk sector: C processing error
10/07/2009 19:14:13 Logical disk sector: D processing error
10/07/2009 19:26:01 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/agntcons.vbs password protected
10/07/2009 19:26:01 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/agntlang.vbs password protected
10/07/2009 19:26:01 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/comctl.lpk password protected
10/07/2009 19:26:01 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/config.ini password protected
10/07/2009 19:26:01 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/pbar.vbs password protected
10/07/2009 19:26:01 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/UnInsStr.vbs password protected
10/07/2009 19:26:01 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/uninst.vbs password protected
10/07/2009 19:26:01 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/uninstall.htm password protected
10/07/2009 19:29:57 File: C:\Users\Douarfy\SmitfraudFix.exe/SmitfraudFix\WS2Fix.exe detected Trojan program 'Trojan-Downloader.Win32.Agent.chqe'
10/07/2009 19:29:57 File: C:\Users\Douarfy\SmitfraudFix.exe/SmitfraudFix\WS2Fix.exe not disinfected postponed
10/07/2009 19:33:26 File: C:\Users\Douarfy\AppData\Local\Temp\Temp1_Guitar Pro 5 RSE.zip\setup.exe/btt1.exe detected Trojan program 'Trojan-Downloader.Win32.VB.oth'
10/07/2009 19:33:26 File: C:\Users\Douarfy\AppData\Local\Temp\Temp1_Guitar Pro 5 RSE.zip\setup.exe/btt1.exe not disinfected postponed
10/07/2009 19:33:26 File: C:\Users\Douarfy\AppData\Local\Temp\Temp2_Guitar Pro 5 RSE.zip\setup.exe/btt1.exe detected Trojan program 'Trojan-Downloader.Win32.VB.oth'
10/07/2009 19:33:26 File: C:\Users\Douarfy\AppData\Local\Temp\Temp2_Guitar Pro 5 RSE.zip\setup.exe/btt1.exe not disinfected postponed
10/07/2009 19:34:16 File: C:\Users\Douarfy\SmitfraudFix\WS2Fix.exe detected Trojan program 'Trojan-Downloader.Win32.Agent.chqe'
10/07/2009 19:34:16 File: C:\Users\Douarfy\SmitfraudFix\WS2Fix.exe not disinfected postponed
10/07/2009 19:39:10 File: C:\Windows\System32\WS2Fix.exe detected Trojan program 'Trojan-Downloader.Win32.Agent.chqe'
10/07/2009 19:39:10 File: C:\Windows\System32\WS2Fix.exe not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp101712993.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp101712993.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp104504958.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp104504958.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp185736025.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp185736025.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp188274106.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp188274106.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp206507561.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp206507561.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp212887286.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp212887286.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp224649731.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp224649731.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp25487579.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp25487579.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp259198276.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp259198276.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp30743004.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp30743004.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp3093438.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp3093438.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp33160070.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp33160070.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp39663401.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp39663401.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp48784428.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp48784428.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp70761992.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp70761992.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp76503300.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp76503300.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp91812690.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp91812690.tmp not disinfected postponed
10/07/2009 19:43:42 File: C:\Windows\Temp\_avast4_\unp92422810.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:42 File: C:\Windows\Temp\_avast4_\unp92422810.tmp not disinfected postponed
10/07/2009 19:55:35 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/agntcons.vbs password protected
10/07/2009 19:55:35 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/agntlang.vbs password protected
10/07/2009 19:55:35 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/comctl.lpk password protected
10/07/2009 19:55:35 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/config.ini password protected
10/07/2009 19:55:35 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/pbar.vbs password protected
10/07/2009 19:55:35 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/UnInsStr.vbs password protected
10/07/2009 19:55:35 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/uninst.vbs password protected
10/07/2009 19:55:35 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/uninstall.htm password protected
10/07/2009 19:58:00 File: C:\Users\Douarfy\SmitfraudFix.exe/SmitfraudFix\WS2Fix.exe detected Trojan program 'Trojan-Downloader.Win32.Agent.chqe'
10/07/2009 19:58:00 File: C:\Users\Douarfy\SmitfraudFix.exe/SmitfraudFix\WS2Fix.exe not disinfected postponed
10/07/2009 20:00:57 File: C:\Users\Douarfy\AppData\Local\Temp\Temp1_Guitar Pro 5 RSE.zip\setup.exe/btt1.exe detected Trojan program 'Trojan-Downloader.Win32.VB.oth'
10/07/2009 20:00:57 File: C:\Users\Douarfy\AppData\Local\Temp\Temp1_Guitar Pro 5 RSE.zip\setup.exe/btt1.exe not disinfected postponed
10/07/2009 20:00:58 File: C:\Users\Douarfy\AppData\Local\Temp\Temp2_Guitar Pro 5 RSE.zip\setup.exe/btt1.exe detected Trojan program 'Trojan-Downloader.Win32.VB.oth'
10/07/2009 20:00:58 File: C:\Users\Douarfy\AppData\Local\Temp\Temp2_Guitar Pro 5 RSE.zip\setup.exe/btt1.exe not disinfected postponed
10/07/2009 20:01:24 File: C:\Users\Douarfy\SmitfraudFix\WS2Fix.exe detected Trojan program 'Trojan-Downloader.Win32.Agent.chqe'
10/07/2009 20:01:24 File: C:\Users\Douarfy\SmitfraudFix\WS2Fix.exe not disinfected postponed
10/07/2009 20:03:49 File: C:\Windows\System32\WS2Fix.exe detected Trojan program 'Trojan-Downloader.Win32.Agent.chqe'
10/07/2009 20:03:49 File: C:\Windows\System32\WS2Fix.exe not disinfected postponed
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp101712993.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp101712993.tmp not disinfected postponed
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp104504958.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp104504958.tmp not disinfected postponed
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp185736025.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp185736025.tmp not disinfected postponed
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp188274106.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp188274106.tmp not disinfected postponed
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp206507561.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp206507561.tmp not disinfected postponed
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp212887286.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp212887286.tmp not disinfected postponed
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp224649731.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp224649731.tmp not disinfected postponed
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp25487579.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp25487579.tmp not disinfected postponed
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp259198276.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp259198276.tmp not disinfected postponed
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp30743004.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp30743004.tmp not disinfected postponed
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp3093438.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp3093438.tmp not disinfected postponed
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp33160070.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp33160070.tmp not disinfected postponed
10/07/2009 20:06:50 File: C:\Windows\Temp\_avast4_\unp39663401.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:50 File: C:\Windows\Temp\_avast4_\unp39663401.tmp not disinfected postponed
10/07/2009 20:06:50 File: C:\Windows\Temp\_avast4_\unp48784428.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:50 File: C:\Windows\Temp\_avast4_\unp48784428.tmp not disinfected postponed
10/07/2009 20:06:50 File: C:\Windows\Temp\_avast4_\unp70761992.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:50 File: C:\Windows\Temp\_avast4_\unp70761992.tmp not disinfected postponed
10/07/2009 20:06:50 File: C:\Windows\Temp\_avast4_\unp76503300.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:50 File: C:\Windows\Temp\_avast4_\unp76503300.tmp not disinfected postponed
10/07/2009 20:06:50 File: C:\Windows\Temp\_avast4_\unp91812690.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:50 File: C:\Windows\Temp\_avast4_\unp91812690.tmp not disinfected postponed
10/07/2009 20:06:50 File: C:\Windows\Temp\_avast4_\unp92422810.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:50 File: C:\Windows\Temp\_avast4_\unp92422810.tmp not disinfected postponed
10/07/2009 20:14:01 File: globalroot\systemroot\system32\hjgruitkmbapjf.dll processing error
10/07/2009 20:14:07 File: c:\users\douarfy\smitfraudfix.exe/SmitfraudFix\WS2Fix.exe detected Trojan program 'Trojan-Downloader.Win32.Agent.chqe'
10/07/2009 20:14:32 File: c:\users\douarfy\smitfraudfix.exe deleted
10/07/2009 20:14:33 File: c:\users\douarfy\appdata\local\temp\temp1_guitar pro 5 rse.zip\setup.exe/btt1.exe detected Trojan program 'Trojan-Downloader.Win32.VB.oth'
10/07/2009 20:14:34 File: c:\users\douarfy\appdata\local\temp\temp1_guitar pro 5 rse.zip\setup.exe deleted
10/07/2009 20:14:34 File: c:\users\douarfy\appdata\local\temp\temp2_guitar pro 5 rse.zip\setup.exe detected Trojan program 'Trojan-Downloader.Win32.VB.oth' by hash
10/07/2009 20:14:35 File: c:\users\douarfy\appdata\local\temp\temp2_guitar pro 5 rse.zip\setup.exe deleted
10/07/2009 20:14:35 File: c:\users\douarfy\smitfraudfix\ws2fix.exe detected Trojan program 'Trojan-Downloader.Win32.Agent.chqe'
10/07/2009 20:14:35 File: c:\users\douarfy\smitfraudfix\ws2fix.exe deleted
10/07/2009 20:14:35 File: c:\windows\system32\ws2fix.exe detected Trojan program 'Trojan-Downloader.Win32.Agent.chqe'
10/07/2009 20:14:35 File: c:\windows\system32\ws2fix.exe deleted
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp101712993.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp101712993.tmp deleted
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp104504958.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp104504958.tmp deleted
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp185736025.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp185736025.tmp deleted
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp188274106.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp188274106.tmp deleted
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp206507561.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp206507561.tmp deleted
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp212887286.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp212887286.tmp deleted
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp224649731.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp224649731.tmp deleted
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp25487579.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp25487579.tmp deleted
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp259198276.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp259198276.tmp deleted
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp30743004.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp30743004.tmp deleted
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp3093438.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp3093438.tmp deleted
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp33160070.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp33160070.tmp deleted
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp39663401.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp39663401.tmp deleted
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp48784428.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp48784428.tmp deleted
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp70761992.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp70761992.tmp deleted
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp76503300.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp76503300.tmp deleted
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp91812690.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp91812690.tmp deleted
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp92422810.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp92422810.tmp deleted
Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------
All objects 274076 24 24 0 0 1110 538 16 9
System memory 1963 1 1 0 0 0 0 0 0
Startup objects 750 0 0 0 0 0 32 0 0
Disk boot sectors 3 0 0 0 0 0 0 0 0
Documents 10 0 0 0 0 0 1 0 0
Mail databases 0 0 0 0 0 0 0 0 0
Poste de travail 175198 23 23 0 0 1033 348 8 5
ACER (C:) 92908 0 0 0 0 74 157 8 4
DATA (D:) 3 0 0 0 0 0 0 0 0
Lecteur CD (E:) 0 0 0 0 0 0 0 0 0
Lecteur CD (F:) 0 0 0 0 0 0 0 0 0
COMPAQ (G:) 3241 0 0 0 0 3 0 0 0
Settings
--------
Parameter Value
--------- -----
Security Level High
Action Prompt for action when the scan is complete
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives All
Scan embedded OLE objects All
Skip if object is larger than No
Skip if scan takes longer than No
Parse email formats Yes
Scan password-protected archives No
Enable iChecker technology Yes
Enable iSwift technology Yes
Show detected threats on "Detected" tab Yes
Rootkits search Yes
Deep rootkits search No
Use heuristic analyzer Yes
Quarantine
----------
Status Object Size Added
------ ------ ---- -----
Backup
------
Status Object Size
------ ------ ----
et au fait voila le rapport demandé:
Scan
----
Scanned: 274076
Detected: 25
Untreated: 0
Start time: 10/07/2009 19:13:02
Duration: 01:01:34
Finish time: 10/07/2009 20:14:36
Detected
--------
Status Object
------ ------
not found: Trojan program Trojan.Win32.Monder.cqbi File: globalroot\systemroot\system32\hjgruitkmbapjf.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.chqe File: C:\Users\Douarfy\SmitfraudFix.exe/SmitfraudFix\WS2Fix.exe
deleted: Trojan program Trojan-Downloader.Win32.VB.oth File: C:\Users\Douarfy\AppData\Local\Temp\Temp1_Guitar Pro 5 RSE.zip\setup.exe/btt1.exe
deleted: Trojan program Trojan-Downloader.Win32.VB.oth File: C:\Users\Douarfy\AppData\Local\Temp\Temp2_Guitar Pro 5 RSE.zip\setup.exe/btt1.exe
deleted: Trojan program Trojan-Downloader.Win32.Agent.chqe File: C:\Users\Douarfy\SmitfraudFix\WS2Fix.exe
deleted: Trojan program Trojan-Downloader.Win32.Agent.chqe File: C:\Windows\System32\WS2Fix.exe
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp101712993.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp104504958.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp185736025.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp188274106.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp206507561.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp212887286.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp224649731.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp25487579.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp259198276.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp30743004.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp3093438.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp33160070.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp39663401.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp48784428.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp70761992.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp76503300.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp91812690.tmp
deleted: Trojan program Trojan.Win32.Monder.cqbi File: C:\Windows\Temp\_avast4_\unp92422810.tmp
deleted: Trojan program Trojan-Downloader.Win32.VB.oth File: c:\users\douarfy\appdata\local\temp\temp2_guitar pro 5 rse.zip\setup.exe
Events
------
Time Name Status Reason
---- ---- ------ ------
10/07/2009 19:13:10 File: globalroot\systemroot\system32\hjgruitkmbapjf.dll detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:13:10 File: globalroot\systemroot\system32\hjgruitkmbapjf.dll not disinfected object is locked
10/07/2009 19:14:12 Logical disk sector: C processing error
10/07/2009 19:14:13 Logical disk sector: D processing error
10/07/2009 19:26:01 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/agntcons.vbs password protected
10/07/2009 19:26:01 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/agntlang.vbs password protected
10/07/2009 19:26:01 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/comctl.lpk password protected
10/07/2009 19:26:01 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/config.ini password protected
10/07/2009 19:26:01 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/pbar.vbs password protected
10/07/2009 19:26:01 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/UnInsStr.vbs password protected
10/07/2009 19:26:01 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/uninst.vbs password protected
10/07/2009 19:26:01 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/uninstall.htm password protected
10/07/2009 19:29:57 File: C:\Users\Douarfy\SmitfraudFix.exe/SmitfraudFix\WS2Fix.exe detected Trojan program 'Trojan-Downloader.Win32.Agent.chqe'
10/07/2009 19:29:57 File: C:\Users\Douarfy\SmitfraudFix.exe/SmitfraudFix\WS2Fix.exe not disinfected postponed
10/07/2009 19:33:26 File: C:\Users\Douarfy\AppData\Local\Temp\Temp1_Guitar Pro 5 RSE.zip\setup.exe/btt1.exe detected Trojan program 'Trojan-Downloader.Win32.VB.oth'
10/07/2009 19:33:26 File: C:\Users\Douarfy\AppData\Local\Temp\Temp1_Guitar Pro 5 RSE.zip\setup.exe/btt1.exe not disinfected postponed
10/07/2009 19:33:26 File: C:\Users\Douarfy\AppData\Local\Temp\Temp2_Guitar Pro 5 RSE.zip\setup.exe/btt1.exe detected Trojan program 'Trojan-Downloader.Win32.VB.oth'
10/07/2009 19:33:26 File: C:\Users\Douarfy\AppData\Local\Temp\Temp2_Guitar Pro 5 RSE.zip\setup.exe/btt1.exe not disinfected postponed
10/07/2009 19:34:16 File: C:\Users\Douarfy\SmitfraudFix\WS2Fix.exe detected Trojan program 'Trojan-Downloader.Win32.Agent.chqe'
10/07/2009 19:34:16 File: C:\Users\Douarfy\SmitfraudFix\WS2Fix.exe not disinfected postponed
10/07/2009 19:39:10 File: C:\Windows\System32\WS2Fix.exe detected Trojan program 'Trojan-Downloader.Win32.Agent.chqe'
10/07/2009 19:39:10 File: C:\Windows\System32\WS2Fix.exe not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp101712993.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp101712993.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp104504958.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp104504958.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp185736025.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp185736025.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp188274106.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp188274106.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp206507561.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp206507561.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp212887286.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp212887286.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp224649731.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp224649731.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp25487579.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp25487579.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp259198276.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp259198276.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp30743004.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp30743004.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp3093438.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp3093438.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp33160070.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp33160070.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp39663401.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp39663401.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp48784428.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp48784428.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp70761992.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp70761992.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp76503300.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp76503300.tmp not disinfected postponed
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp91812690.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:41 File: C:\Windows\Temp\_avast4_\unp91812690.tmp not disinfected postponed
10/07/2009 19:43:42 File: C:\Windows\Temp\_avast4_\unp92422810.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 19:43:42 File: C:\Windows\Temp\_avast4_\unp92422810.tmp not disinfected postponed
10/07/2009 19:55:35 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/agntcons.vbs password protected
10/07/2009 19:55:35 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/agntlang.vbs password protected
10/07/2009 19:55:35 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/comctl.lpk password protected
10/07/2009 19:55:35 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/config.ini password protected
10/07/2009 19:55:35 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/pbar.vbs password protected
10/07/2009 19:55:35 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/UnInsStr.vbs password protected
10/07/2009 19:55:35 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/uninst.vbs password protected
10/07/2009 19:55:35 File: C:\Program Files\McAfee.com\Agent\uninst\screm.ui/uninstall.htm password protected
10/07/2009 19:58:00 File: C:\Users\Douarfy\SmitfraudFix.exe/SmitfraudFix\WS2Fix.exe detected Trojan program 'Trojan-Downloader.Win32.Agent.chqe'
10/07/2009 19:58:00 File: C:\Users\Douarfy\SmitfraudFix.exe/SmitfraudFix\WS2Fix.exe not disinfected postponed
10/07/2009 20:00:57 File: C:\Users\Douarfy\AppData\Local\Temp\Temp1_Guitar Pro 5 RSE.zip\setup.exe/btt1.exe detected Trojan program 'Trojan-Downloader.Win32.VB.oth'
10/07/2009 20:00:57 File: C:\Users\Douarfy\AppData\Local\Temp\Temp1_Guitar Pro 5 RSE.zip\setup.exe/btt1.exe not disinfected postponed
10/07/2009 20:00:58 File: C:\Users\Douarfy\AppData\Local\Temp\Temp2_Guitar Pro 5 RSE.zip\setup.exe/btt1.exe detected Trojan program 'Trojan-Downloader.Win32.VB.oth'
10/07/2009 20:00:58 File: C:\Users\Douarfy\AppData\Local\Temp\Temp2_Guitar Pro 5 RSE.zip\setup.exe/btt1.exe not disinfected postponed
10/07/2009 20:01:24 File: C:\Users\Douarfy\SmitfraudFix\WS2Fix.exe detected Trojan program 'Trojan-Downloader.Win32.Agent.chqe'
10/07/2009 20:01:24 File: C:\Users\Douarfy\SmitfraudFix\WS2Fix.exe not disinfected postponed
10/07/2009 20:03:49 File: C:\Windows\System32\WS2Fix.exe detected Trojan program 'Trojan-Downloader.Win32.Agent.chqe'
10/07/2009 20:03:49 File: C:\Windows\System32\WS2Fix.exe not disinfected postponed
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp101712993.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp101712993.tmp not disinfected postponed
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp104504958.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp104504958.tmp not disinfected postponed
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp185736025.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp185736025.tmp not disinfected postponed
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp188274106.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp188274106.tmp not disinfected postponed
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp206507561.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp206507561.tmp not disinfected postponed
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp212887286.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp212887286.tmp not disinfected postponed
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp224649731.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp224649731.tmp not disinfected postponed
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp25487579.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp25487579.tmp not disinfected postponed
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp259198276.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp259198276.tmp not disinfected postponed
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp30743004.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp30743004.tmp not disinfected postponed
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp3093438.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp3093438.tmp not disinfected postponed
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp33160070.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:49 File: C:\Windows\Temp\_avast4_\unp33160070.tmp not disinfected postponed
10/07/2009 20:06:50 File: C:\Windows\Temp\_avast4_\unp39663401.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:50 File: C:\Windows\Temp\_avast4_\unp39663401.tmp not disinfected postponed
10/07/2009 20:06:50 File: C:\Windows\Temp\_avast4_\unp48784428.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:50 File: C:\Windows\Temp\_avast4_\unp48784428.tmp not disinfected postponed
10/07/2009 20:06:50 File: C:\Windows\Temp\_avast4_\unp70761992.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:50 File: C:\Windows\Temp\_avast4_\unp70761992.tmp not disinfected postponed
10/07/2009 20:06:50 File: C:\Windows\Temp\_avast4_\unp76503300.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:50 File: C:\Windows\Temp\_avast4_\unp76503300.tmp not disinfected postponed
10/07/2009 20:06:50 File: C:\Windows\Temp\_avast4_\unp91812690.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:50 File: C:\Windows\Temp\_avast4_\unp91812690.tmp not disinfected postponed
10/07/2009 20:06:50 File: C:\Windows\Temp\_avast4_\unp92422810.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:06:50 File: C:\Windows\Temp\_avast4_\unp92422810.tmp not disinfected postponed
10/07/2009 20:14:01 File: globalroot\systemroot\system32\hjgruitkmbapjf.dll processing error
10/07/2009 20:14:07 File: c:\users\douarfy\smitfraudfix.exe/SmitfraudFix\WS2Fix.exe detected Trojan program 'Trojan-Downloader.Win32.Agent.chqe'
10/07/2009 20:14:32 File: c:\users\douarfy\smitfraudfix.exe deleted
10/07/2009 20:14:33 File: c:\users\douarfy\appdata\local\temp\temp1_guitar pro 5 rse.zip\setup.exe/btt1.exe detected Trojan program 'Trojan-Downloader.Win32.VB.oth'
10/07/2009 20:14:34 File: c:\users\douarfy\appdata\local\temp\temp1_guitar pro 5 rse.zip\setup.exe deleted
10/07/2009 20:14:34 File: c:\users\douarfy\appdata\local\temp\temp2_guitar pro 5 rse.zip\setup.exe detected Trojan program 'Trojan-Downloader.Win32.VB.oth' by hash
10/07/2009 20:14:35 File: c:\users\douarfy\appdata\local\temp\temp2_guitar pro 5 rse.zip\setup.exe deleted
10/07/2009 20:14:35 File: c:\users\douarfy\smitfraudfix\ws2fix.exe detected Trojan program 'Trojan-Downloader.Win32.Agent.chqe'
10/07/2009 20:14:35 File: c:\users\douarfy\smitfraudfix\ws2fix.exe deleted
10/07/2009 20:14:35 File: c:\windows\system32\ws2fix.exe detected Trojan program 'Trojan-Downloader.Win32.Agent.chqe'
10/07/2009 20:14:35 File: c:\windows\system32\ws2fix.exe deleted
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp101712993.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp101712993.tmp deleted
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp104504958.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp104504958.tmp deleted
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp185736025.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp185736025.tmp deleted
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp188274106.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp188274106.tmp deleted
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp206507561.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp206507561.tmp deleted
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp212887286.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp212887286.tmp deleted
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp224649731.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp224649731.tmp deleted
10/07/2009 20:14:35 File: c:\windows\temp\_avast4_\unp25487579.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp25487579.tmp deleted
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp259198276.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp259198276.tmp deleted
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp30743004.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp30743004.tmp deleted
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp3093438.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp3093438.tmp deleted
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp33160070.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp33160070.tmp deleted
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp39663401.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp39663401.tmp deleted
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp48784428.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp48784428.tmp deleted
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp70761992.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp70761992.tmp deleted
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp76503300.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp76503300.tmp deleted
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp91812690.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp91812690.tmp deleted
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp92422810.tmp detected Trojan program 'Trojan.Win32.Monder.cqbi'
10/07/2009 20:14:36 File: c:\windows\temp\_avast4_\unp92422810.tmp deleted
Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------
All objects 274076 24 24 0 0 1110 538 16 9
System memory 1963 1 1 0 0 0 0 0 0
Startup objects 750 0 0 0 0 0 32 0 0
Disk boot sectors 3 0 0 0 0 0 0 0 0
Documents 10 0 0 0 0 0 1 0 0
Mail databases 0 0 0 0 0 0 0 0 0
Poste de travail 175198 23 23 0 0 1033 348 8 5
ACER (C:) 92908 0 0 0 0 74 157 8 4
DATA (D:) 3 0 0 0 0 0 0 0 0
Lecteur CD (E:) 0 0 0 0 0 0 0 0 0
Lecteur CD (F:) 0 0 0 0 0 0 0 0 0
COMPAQ (G:) 3241 0 0 0 0 3 0 0 0
Settings
--------
Parameter Value
--------- -----
Security Level High
Action Prompt for action when the scan is complete
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives All
Scan embedded OLE objects All
Skip if object is larger than No
Skip if scan takes longer than No
Parse email formats Yes
Scan password-protected archives No
Enable iChecker technology Yes
Enable iSwift technology Yes
Show detected threats on "Detected" tab Yes
Rootkits search Yes
Deep rootkits search No
Use heuristic analyzer Yes
Quarantine
----------
Status Object Size Added
------ ------ ---- -----
Backup
------
Status Object Size
------ ------ ----
Bon ben dernierement, j'ai reussi a aller dans le bureau en mode "normal" mais c'est tres tres lent, et au bout d'un moment, y'a une sorte de fenetre bleu d'erreur en anglais. mais on ne peut pas la fermer, et la ça redemarre l'ordinateur mais ca recommence et ca recommence encore!
Merci de bien vouloir me repondre, HELP!!
Merci de bien vouloir me repondre, HELP!!
sherred
Messages postés
8346
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
25 mars 2024
350
10 juil. 2009 à 07:22
10 juil. 2009 à 07:22
donc on c'est debarrassé de pas mal de saloperie , mais tu doit avoir des fichier corrompu
a tu le DVD de vista ?
si oui on peu tenter une reparation
comme ceci
1
Le bios
Pour que tu puisse démarrer avec le dvd, il faut « l'écrire »dans le BIOS
entre dans le BIOS au démarrage de ton PC en tapotant sur la touche suppr de ton clavier (cela peut changer suivant votre machine, mais c’est toujours indiqué sur l’écran au démarrage)
Une fois dans le bios tu cherche « first boot device » et tu met le cdrom en 1er
(pour t'aider ->regarde en bas de l'écran tu doit avoir les touches et leurs correspondances)
Met ton dvd de Windows vista dans le lecteur.
Sauvegarde les changements.
Redémarre.
2 Au lancement de la séquence de démarrage, laisser passer le premier écran "Windows is loading files", puis "Installer Windows" et cliquer à l'écran suivant sur "Réparer l'ordinateur"
3 La recherche du ou des systèmes d'exploitation installés est lancée automatiquement
4Les options de récupération s'affichent avec différents choix
Sélectionner "Réparation du démarrage"... l'exécution de cette procédure lance une suite de tests
5- recherche de mises à jour
- test du disque système
- diagnostic des défaillances de disque
- test des métadonnées de disque
dont le log est affichable en cliquant sur le lien d'information:
Si la procédure de réparation s'est déroulée correctement, il ne reste plus qu'à redémarrer l'ordi
attention ...il se peut aussi qu'un simple clic sur "Réparer l'ordinateur" qui a pour effet premier de lancer la recherche des installations de Windows, conduise à une réparation automatique immédiate sans autre intervention de l'utilisateur... notamment dans le cas d'un BOOTMGR détruit ou d'une entrée manquante dans le menu de démarrage
a tu le DVD de vista ?
si oui on peu tenter une reparation
comme ceci
1
Le bios
Pour que tu puisse démarrer avec le dvd, il faut « l'écrire »dans le BIOS
entre dans le BIOS au démarrage de ton PC en tapotant sur la touche suppr de ton clavier (cela peut changer suivant votre machine, mais c’est toujours indiqué sur l’écran au démarrage)
Une fois dans le bios tu cherche « first boot device » et tu met le cdrom en 1er
(pour t'aider ->regarde en bas de l'écran tu doit avoir les touches et leurs correspondances)
Met ton dvd de Windows vista dans le lecteur.
Sauvegarde les changements.
Redémarre.
2 Au lancement de la séquence de démarrage, laisser passer le premier écran "Windows is loading files", puis "Installer Windows" et cliquer à l'écran suivant sur "Réparer l'ordinateur"
3 La recherche du ou des systèmes d'exploitation installés est lancée automatiquement
4Les options de récupération s'affichent avec différents choix
Sélectionner "Réparation du démarrage"... l'exécution de cette procédure lance une suite de tests
5- recherche de mises à jour
- test du disque système
- diagnostic des défaillances de disque
- test des métadonnées de disque
dont le log est affichable en cliquant sur le lien d'information:
Si la procédure de réparation s'est déroulée correctement, il ne reste plus qu'à redémarrer l'ordi
attention ...il se peut aussi qu'un simple clic sur "Réparer l'ordinateur" qui a pour effet premier de lancer la recherche des installations de Windows, conduise à une réparation automatique immédiate sans autre intervention de l'utilisateur... notamment dans le cas d'un BOOTMGR détruit ou d'une entrée manquante dans le menu de démarrage
Bonjour,
Alors je n'ai pas de CD vista, mais pour l'instant il n'y a plus de beug, l'ordinateur n'est plus lent, et ca reinstaller un peu tous mes logiciels. Donc pour l'instant j'attends pour voir si il n'y a plus vraime,t aucun virus, mais merci beaucoup de m'avoir supprimé tous ca, sincerement j'ai jamais connu un aussi bon informaticien, ingenieur...
MERCI SINCEREMENT!!
Alors je n'ai pas de CD vista, mais pour l'instant il n'y a plus de beug, l'ordinateur n'est plus lent, et ca reinstaller un peu tous mes logiciels. Donc pour l'instant j'attends pour voir si il n'y a plus vraime,t aucun virus, mais merci beaucoup de m'avoir supprimé tous ca, sincerement j'ai jamais connu un aussi bon informaticien, ingenieur...
MERCI SINCEREMENT!!
sherred
Messages postés
8346
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
25 mars 2024
350
10 juil. 2009 à 10:29
10 juil. 2009 à 10:29
tiens pendant que ca marche
ca peu te servir
http://www.vista-xp.fr/forum/topic1474.html
ca peu te servir
http://www.vista-xp.fr/forum/topic1474.html
Re bonjour,
Alors maintenant mon ordinateur en mode "normale" il me laissent aller sur le bureau mais au bout d'un moment ils se ferment, et y'a une page bleu indiquant des problemes et ca redemarre l'ordinateur. Et puis en mode sans echec il y a une petite fenetre qui dit "wdows a recuperé une erreur non planifié",(qu'est ce que c'est?) et le nom de l'erreur est Blue Screen. Peux tu m'aider STP merci
Alors maintenant mon ordinateur en mode "normale" il me laissent aller sur le bureau mais au bout d'un moment ils se ferment, et y'a une page bleu indiquant des problemes et ca redemarre l'ordinateur. Et puis en mode sans echec il y a une petite fenetre qui dit "wdows a recuperé une erreur non planifié",(qu'est ce que c'est?) et le nom de l'erreur est Blue Screen. Peux tu m'aider STP merci
sherred
Messages postés
8346
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
25 mars 2024
350
10 juil. 2009 à 13:52
10 juil. 2009 à 13:52
soit tu essaie http://www.commentcamarche.net/forum/affich 13273716 enlever un cheval de troie please help svp?#31 ce que je t'ai montré
soit tu essaie 1 une reparation clic droit sur le disque proprieté outil verfier
ou encore démarrer, exécuter et tapez command. ou cmd
puis
sfc/scanonce
ou encore Ccleaner http://www.commentcamarche.net/telecharger/telechargement 168 ccleaner
tu fait le nettoyage
Fichiers temporaires de Windows
Cookies, cache, historique d'Internet Explorer, Opera et Firefox
Documents récents de Windows
et ensuite réparation de la base de registre.
bien entendu tu peu fair ca en mode sans echec
soit tu essaie 1 une reparation clic droit sur le disque proprieté outil verfier
ou encore démarrer, exécuter et tapez command. ou cmd
puis
sfc/scanonce
ou encore Ccleaner http://www.commentcamarche.net/telecharger/telechargement 168 ccleaner
tu fait le nettoyage
Fichiers temporaires de Windows
Cookies, cache, historique d'Internet Explorer, Opera et Firefox
Documents récents de Windows
et ensuite réparation de la base de registre.
bien entendu tu peu fair ca en mode sans echec
sherred
Messages postés
8346
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
25 mars 2024
350
>
Douarfy
10 juil. 2009 à 14:20
10 juil. 2009 à 14:20
non ...recuperé une erreur non planifié
c'est pas pareil
Tu va dans aide et support
ecrit : windows ne s'arrête pas correctement
clique sur 1 pourquoi mon ordinnateur ne s'allume pas ou ne s étient pas rapidement
clique sur 1 cliquez ici pour ouvir le volet relatif aux informations et outils de performance
Une fenêtre va s'ouvrir
clique en bas a gauche sur : rapports et solutions aux problèmes
une autre fenêtre va s'ouvrir
clique en haut a gauche : sur voir les problèmes rechercher
là il est écrit attention blue........ un de ces dossiers peut contenir un virus... ne pas ouvrir
tu les met a la poubelle et tu vide
......
Quand les bornes sont franchies, il n'y a plus de limite
Ce que j'ai écrit, je l'ai écrit
c'est pas pareil
Tu va dans aide et support
ecrit : windows ne s'arrête pas correctement
clique sur 1 pourquoi mon ordinnateur ne s'allume pas ou ne s étient pas rapidement
clique sur 1 cliquez ici pour ouvir le volet relatif aux informations et outils de performance
Une fenêtre va s'ouvrir
clique en bas a gauche sur : rapports et solutions aux problèmes
une autre fenêtre va s'ouvrir
clique en haut a gauche : sur voir les problèmes rechercher
là il est écrit attention blue........ un de ces dossiers peut contenir un virus... ne pas ouvrir
tu les met a la poubelle et tu vide
......
Quand les bornes sont franchies, il n'y a plus de limite
Ce que j'ai écrit, je l'ai écrit
Douarfy
>
sherred
Messages postés
8346
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
25 mars 2024
10 juil. 2009 à 14:42
10 juil. 2009 à 14:42
Ok merci, j'espere qu'il n'y aura plus de probleme maintenant, MERCI BEAUCOUP pour tout ca,
9 juil. 2009 à 12:04
Malwarebytes' Anti-Malware 1.38
Version de la base de données: 2297
Windows 6.0.6001 Service Pack 1
10/07/2009 13:31:37
mbam-log-2009-07-10 (13-31-37).txt
Type de recherche: Examen rapide
Eléments examinés: 77614
Temps écoulé: 3 minute(s), 12 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 13
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 8
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\tbsb09835.ietoolbar (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb09835.ietoolbar.1 (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb09835.tbsb09835 (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb09835.tbsb09835.3 (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar3.tbsb09835 (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar3.tbsb09835.1 (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d97fc677-694d-4a75-ac89-a5b85c2bcfed} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6226ba26-c017-4007-928c-de9715c6fa67} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d97fc677-694d-4a75-ac89-a5b85c2bcfed} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6226ba26-c017-4007-928c-de9715c6fa67} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d97fc677-694d-4a75-ac89-a5b85c2bcfed} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Trojan.BHO) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{6226ba26-c017-4007-928c-de9715c6fa67} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\runit (Trojan.Agent) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
c:\Windows\bkit6768.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\gggi8058.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\hihj8168.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\ifapt78545.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\nmwi87014.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\utgqd1346.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\runit\config.txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\kdiue732.txt (Malware.Trace) -> Quarantined and deleted successfully.