TR/Downloader.Gen ?? Résolu/Fermé

Question

Bonjour, 

J'ai Antivir qui m'a signalé une alerte sur mdm.exe dans le répertoire temp et un TR/Downloader.Gen qui serait en cause.

J'ai fait le ménage à l'aide hijackthis, anti malware et ccleaner, ça parait clean mais y'a des entrées "nasty" détectées et supprimées par hijackthis qui reviennent quand même...

J'ai des doutes sur mes différents périph usb également...

si vous avez des conseils ?

Configuration: Windows 7 / Firefox 3.6.3

Pierre · Answer

Comme je le pensais, Anti-Malware m'a trouvé du beau monde....

Je tourne en rond :(


Elément(s) analysé(s): 117172
Temps écoulé: 1 minute(s), 29 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 13
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 30

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\logman (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\spool (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\dllhst (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cisvc (Trojan.Rodecap) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cmstp (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\comrepl (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\esent utl (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ieudinit (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mqtgsvc (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mstinit (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rsvp (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sessmgr (Trojan.Agent) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Users\Pierre\AppData\Roaming\dllhst3g.exe (Trojan.Agent) -> No action taken.
C:\Users\Pierre\AppData\Roaming\logman.exe (Trojan.Agent) -> No action taken.
C:\Users\Pierre\AppData\Roaming\Microsoft\comrepl.exe (Trojan.Agent) -> No action taken.
C:\Users\Pierre\AppData\Roaming\Microsoft\mstsc.exe (Trojan.Agent) -> No action taken.
C:\Users\Pierre\AppData\Roaming\sessmgr.exe (Trojan.Zaplo) -> No action taken.
C:\Users\Pierre\AppData\Roaming\spoolsv.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\drivers\cisvc.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\drivers\cmstp.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\drivers\dllhst3g.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\drivers\esentutl.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\drivers\logman.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\drivers\mqtgsvc.exe (Trojan.Agent) -> No action taken.
C:\Users\Pierre\AppData\Local\Temp\comrepl.exe (Trojan.Agent) -> No action taken.
C:\Users\Pierre\Local Settings\Application Data\comrepl.exe (Trojan.Agent) -> No action taken.
C:\Windows\cisvc.exe (Backdoor.Agent) -> No action taken.
C:\Windows\comrepl.exe (Trojan.Agent) -> No action taken.
C:\Windows\mqtgsvc.exe (Trojan.Agent) -> No action taken.
C:\Windows\mstinit.exe (Trojan.Zaplo) -> No action taken.
C:\Windows\rsvp.exe (Trojan.Agent) -> No action taken.
C:\Users\Pierre\Local Settings\Application Data\Microsoft\cisvc.exe (Trojan.Rodecap) -> No action taken.
C:\Users\Pierre\AppData\Local\Temp\cmstp.exe (Trojan.Agent) -> No action taken.
C:\Users\Pierre\Local Settings\Application Data\Microsoft\esentutl.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\drivers\ieudinit.exe (Trojan.Agent) -> No action taken.
C:\Users\Pierre\Local Settings\Application Data\Microsoft\mqtgsvc.exe (Trojan.Agent) -> No action taken.
C:\Users\Pierre\AppData\Local\Temp\mstinit.exe (Trojan.Agent) -> No action taken.
C:\Users\Pierre\AppData\Roaming\rsvp.exe (Trojan.Agent) -> No action taken.
C:\Users\Pierre\AppData\Local\Temp\sessmgr.exe (Trojan.Agent) -> No action taken.
C:\Users\Pierre\Local Settings\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Users\Pierre\Local Settings\Application Data\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Windows\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.

Utilisateur anonyme · Answer

bonsoir,
je ne vois pas la version de MBAM !

. Si des malwares ont été détectés, cliques sur Afficher les résultats 
. Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine. 
. Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse. 
. rends toi dans l'onglet rapport/log 
. tu cliques dessus pour l'afficher une fois affiché 
. tu cliques sur edition en haut du boc notes,et puis sur sélectionner tous 
. tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse 
. Tu cliques droit dans le cadre de la réponse et coller 
. À la fin du scan, il se peut que MBAM ait besoin de redémarrer le pc pour finaliser la suppression, donc pas de panique, redémarre ton pc !!!

Si tu as besoin d'aide regarde ce tutoriel : 
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

Pierre · Answer

J'ai beau supprimer ce que me propose Malwarebytes, ça reviens constamment. 

le dernier rapport en date. 



Malwarebytes' Anti-Malware 1.46 
www.malwarebytes.org 

Version de la base de données: 4180 

Windows 6.1.7600 
Internet Explorer 8.0.7600.16385 

08/06/2010 19:52:20 
mbam-log-2010-06-08 (19-52-20).txt 

Type d'examen: Examen rapide 
Elément(s) analysé(s): 116512 
Temps écoulé: 1 minute(s), 29 seconde(s) 

Processus mémoire infecté(s): 0 
Module(s) mémoire infecté(s): 0 
Clé(s) du Registre infectée(s): 0 
Valeur(s) du Registre infectée(s): 1 
Elément(s) de données du Registre infecté(s): 0 
Dossier(s) infecté(s): 0 
Fichier(s) infecté(s): 2 

Processus mémoire infecté(s): 
(Aucun élément nuisible détecté) 

Module(s) mémoire infecté(s): 
(Aucun élément nuisible détecté) 

Clé(s) du Registre infectée(s): 
(Aucun élément nuisible détecté) 

Valeur(s) du Registre infectée(s): 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Quarantined and deleted successfully. 

Elément(s) de données du Registre infecté(s): 
(Aucun élément nuisible détecté) 

Dossier(s) infecté(s): 
(Aucun élément nuisible détecté) 

Fichier(s) infecté(s): 
C:\Users\Pierre\AppData\Roaming\Microsoft\esentutl.exe (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\Windows\System32\drivers\mstinit.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Utilisateur anonyme · Answer

* Télécharge ZHPDiag sur ton bureau :

https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html 

* Laisse toi guider lors de l'installation, il se lancera automatiquement à la fin. 

/!\Utilisateur de Vista et Seven : Clique droit sur le logo de ZHPdiag, « exécuter en tant qu'Administrateur »

* Clique sur l'icône représentant une loupe (« Lancer le diagnostic ») 
* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette 
* Héberge le rapport ZHPDiag.txt sur Cijoint, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum :
http://www.cijoint.fr/

Pierre · Answer

Voilà

http://www.cijoint.fr/cjlink.php?file=cj201006/cijTCgZ5hV.txt


Merci pour l'aide.

Utilisateur anonyme · Answer

patience !

DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection) 

? Télécharge List_Kill'em 

http://sd-1.archive-host.com/...

et enregistre le sur ton bureau 

double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation 

Laisse coché : 

? Executer Shortcut 
? Executer List_Kill'em 

une fois terminée , clic sur "terminer" et le programme se lancera seul 

choisis l'option Search 

? laisse travailler l'outil 

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué. 

? Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

Pierre · Answer

http://www.cijoint.fr/cjlink.php?file=cj201006/cijMtlX96y.txt

Merci.

Utilisateur anonyme · Answer

? Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau. 
mais cette fois-ci : 

? choisis l'Option Clean 

ton PC va redemarrer, 

laisse travailler l'outil. 

en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau , 

? colle le contenu dans ta reponse

Pierre · Answer

¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.0.0.4 ¤¤¤¤¤¤¤¤¤¤

User : Pierre (Administrateurs)
Update on 23/05/2010 by g3n-h@ckm@n ::::: 15.00
Start at: 17:30:44 | 09/06/2010

Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz
Microsoft Windows 7 Édition Intégrale (6.1.7600 32-bit) #
Internet Explorer 8.0.7600.16385
Windows Firewall Status : Enabled

C:\ -> Disque fixe local | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque fixe local [PGM] | NTFS
G:\ -> Disque CD-ROM
H:\ -> Disque fixe local | NTFS

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\runonce.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Quarantined & Deleted !! : C:\ProgramData\hpzinstall.log
Quarantined & Deleted !! : C:\Windows\dllhst3g.exe
Quarantined & Deleted !! : C:\Windows\rsvp.exe

Quarantined & Deleted !! : C:\Users\Pierre\AppData\Local\GDIPFONTCACHEV1.DAT
Quarantined & Deleted !! : C:\Users\Pierre\AppData\Local\cisvc.exe
Quarantined & Deleted !! : C:\Users\Pierre\AppData\Local\dllhst3g.exe
Quarantined & Deleted !! : C:\Users\Pierre\AppData\Local\esentutl.exe
Quarantined & Deleted !! : C:\Users\Pierre\AppData\Local\ieudinit.exe
Quarantined & Deleted !! : C:\Users\Pierre\AppData\Local\mqtgsvc.exe
Quarantined & Deleted !! : C:\Users\Pierre\AppData\Local\mstinit.exe
Quarantined & Deleted !! : C:\Users\Pierre\AppData\Local\mstsc.exe
Quarantined & Deleted !! : C:\Users\Pierre\AppData\Local\rsvp.exe
Quarantined & Deleted !! : C:\Users\Pierre\AppData\Local\sessmgr.exe
Quarantined & Deleted !! : C:\Users\Pierre\Local Settings\Temp\.bk
Quarantined & Deleted !! : C:\Users\Pierre\LOCAL Settings\Temp\dllhst3g.exe
Quarantined & Deleted !! : C:\Users\Pierre\LOCAL Settings\Temp\esentutl.exe
Quarantined & Deleted !! : C:\Users\Pierre\LOCAL Settings\Temp\ieudinit.exe
Quarantined & Deleted !! : C:\Users\Pierre\LOCAL Settings\Temp\logman.exe
Quarantined & Deleted !! : C:\Users\Pierre\LOCAL Settings\Temp\mstinit.exe
Quarantined & Deleted !! : C:\Users\Pierre\LOCAL Settings\Temp\rsvp.exe
Quarantined & Deleted !! : C:\Users\Pierre\LOCAL Settings\Temp\spoolsv.exe
Quarantined & Deleted !! : C:\Users\Pierre\LOCAL Settings\Temp\catchme.dll
Quarantined & Deleted !! : C:\Users\Pierre\LOCAL Settings\Temp\zlib1.dll

=======
Hosts :
=======

127.0.0.1 localhost

========
Registry
========

Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run : Cisvc
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run : ClipSrv
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run : cmstp
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run : ComRepl
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run : DllHst
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run : Esent Utl
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run : Logman
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run : MqtgSVC
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run : rsvp
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run : sessmgr
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run : Spool
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run : Cisvc
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run : ClipSrv
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run : DllHst
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run : MstInit
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run : mstsc
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run : rsvp
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run : sessmgr
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run : Spool
Deleted : HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run : Cisvc
Deleted : HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run : ClipSrv
Deleted : HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run : cmstp
Deleted : HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run : ComRepl
Deleted : HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run : DllHst
Deleted : HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run : Esent Utl
Deleted : HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run : IEudinit
Deleted : HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run : Logman
Deleted : HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run : MqtgSVC
Deleted : HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run : MstInit
Deleted : HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run : rsvp
Deleted : HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run : sessmgr
=================
Internet Explorer
=================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.com/?gws_rd=ssl
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

===============
Security Center
===============

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 1 (0x1)
FirewallOverride REG_DWORD 1 (0x1)

========
Services
=========

Ndisuio : Start = 3
EapHost : Start = 2
Wlansvc : Start = 2
SharedAccess : Start = 2
windefend : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2

============
Disk Cleaned
anti-ver blaster : OK
Prefetch cleaned
================

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x853431F8]<<
kernel: MBR read successfully
user & kernel MBR OK

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Utilisateur anonyme · Answer

repasse un autre zhpdiag :
https://forums.commentcamarche.net/forum/affich-18072525-tr-downloader-gen#6

Pierre · Answer

J'ai relancé malwarebytes après Kill'em mais il m'a encore trouvé des infections et Antir à detecté Downloader.Gen 

J'ai relancé un List_Kill'em avec un clean qui a enlevé un fichier. 

http://www.cijoint.fr/cjlink.php?file=cj201006/cijSwtm8Wj.txt

Utilisateur anonyme · Answer

poste le rapport de MBAM

Pierre · Answer

Il m'indique que c'est clean mais pendant l'analyse antivir m'a (encore) envoyé une popup avec Downloader.Gen et mdm.exe.


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4183

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

09/06/2010 18:31:33
mbam-log-2010-06-09 (18-31-33).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 116472
Temps écoulé: 1 minute(s), 17 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Utilisateur anonyme · Answer

colle le rapport d'avira sur ton prochain message  :-)

je m'absente @++

Pierre · Answer

Après avoir vidé la Quarantaine de MBAM, ça a l'air mieux.

Le rapport trouve un fichier mais apparemment c'est lié à List_Kill'em.



Avira AntiVir Personal
Report file date: mercredi 9 juin 2010  18:39

Scanning for 2199967 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee        : Avira AntiVir Personal - FREE Antivirus
Serial number   : 0000149996-ADJIE-0000001
Platform        : Windows 7
Windows version : (plain)  [6.1.7600]
Boot mode       : Normally booted
Username        : Pierre
Computer name   : I7

Version information:
BUILD.DAT       : 10.0.0.567     32097 Bytes  19/04/2010 15:07:00
AVSCAN.EXE      : 10.0.3.0      433832 Bytes  23/04/2010 05:07:29
AVSCAN.DLL      : 10.0.3.0       46440 Bytes  23/04/2010 05:07:29
LUKE.DLL        : 10.0.2.3      104296 Bytes  07/03/2010 16:33:04
LUKERES.DLL     : 10.0.0.1       12648 Bytes  10/02/2010 21:40:49
VBASE000.VDF    : 7.10.0.0    19875328 Bytes  06/11/2009 07:05:36
VBASE001.VDF    : 7.10.1.0     1372672 Bytes  19/11/2009 17:27:49
VBASE002.VDF    : 7.10.3.1     3143680 Bytes  20/01/2010 15:37:42
VBASE003.VDF    : 7.10.3.75     996864 Bytes  26/01/2010 14:37:42
VBASE004.VDF    : 7.10.4.203   1579008 Bytes  05/03/2010 09:29:03
VBASE005.VDF    : 7.10.6.82    2494464 Bytes  15/04/2010 13:59:38
VBASE006.VDF    : 7.10.7.218   2294784 Bytes  02/06/2010 05:26:46
VBASE007.VDF    : 7.10.7.219      2048 Bytes  02/06/2010 05:26:46
VBASE008.VDF    : 7.10.7.220      2048 Bytes  02/06/2010 05:26:46
VBASE009.VDF    : 7.10.7.221      2048 Bytes  02/06/2010 05:26:46
VBASE010.VDF    : 7.10.7.222      2048 Bytes  02/06/2010 05:26:46
VBASE011.VDF    : 7.10.7.223      2048 Bytes  02/06/2010 05:26:46
VBASE012.VDF    : 7.10.7.224      2048 Bytes  02/06/2010 05:26:46
VBASE013.VDF    : 7.10.7.225      2048 Bytes  02/06/2010 05:26:47
VBASE014.VDF    : 7.10.8.6      136704 Bytes  07/06/2010 16:36:26
VBASE015.VDF    : 7.10.8.7        2048 Bytes  07/06/2010 16:36:26
VBASE016.VDF    : 7.10.8.8        2048 Bytes  07/06/2010 16:36:27
VBASE017.VDF    : 7.10.8.9        2048 Bytes  07/06/2010 16:36:27
VBASE018.VDF    : 7.10.8.10       2048 Bytes  07/06/2010 16:36:27
VBASE019.VDF    : 7.10.8.11       2048 Bytes  07/06/2010 16:36:27
VBASE020.VDF    : 7.10.8.12       2048 Bytes  07/06/2010 16:36:27
VBASE021.VDF    : 7.10.8.13       2048 Bytes  07/06/2010 16:36:27
VBASE022.VDF    : 7.10.8.14       2048 Bytes  07/06/2010 16:36:27
VBASE023.VDF    : 7.10.8.15       2048 Bytes  07/06/2010 16:36:27
VBASE024.VDF    : 7.10.8.16       2048 Bytes  07/06/2010 16:36:27
VBASE025.VDF    : 7.10.8.17       2048 Bytes  07/06/2010 16:36:27
VBASE026.VDF    : 7.10.8.18       2048 Bytes  07/06/2010 16:36:27
VBASE027.VDF    : 7.10.8.19       2048 Bytes  07/06/2010 16:36:27
VBASE028.VDF    : 7.10.8.20       2048 Bytes  07/06/2010 16:36:27
VBASE029.VDF    : 7.10.8.21       2048 Bytes  07/06/2010 16:36:27
VBASE030.VDF    : 7.10.8.22       2048 Bytes  07/06/2010 16:36:28
VBASE031.VDF    : 7.10.8.29      99840 Bytes  09/06/2010 16:36:28
Engineversion   : 8.2.2.6   
AEVDF.DLL       : 8.1.2.0       106868 Bytes  24/04/2010 05:07:42
AESCRIPT.DLL    : 8.1.3.31     1352058 Bytes  03/06/2010 05:27:03
AESCN.DLL       : 8.1.6.1       127347 Bytes  15/05/2010 07:12:05
AESBX.DLL       : 8.1.3.1       254324 Bytes  24/04/2010 05:07:43
AERDL.DLL       : 8.1.4.6       541043 Bytes  18/04/2010 13:59:44
AEPACK.DLL      : 8.2.1.1       426358 Bytes  18/04/2010 13:59:44
AEOFFICE.DLL    : 8.1.1.0       201081 Bytes  15/05/2010 07:12:05
AEHEUR.DLL      : 8.1.1.33     2724214 Bytes  05/06/2010 05:18:41
AEHELP.DLL      : 8.1.11.5      242038 Bytes  03/06/2010 05:26:51
AEGEN.DLL       : 8.1.3.10      377205 Bytes  03/06/2010 05:26:50
AEEMU.DLL       : 8.1.2.0       393588 Bytes  24/04/2010 05:07:41
AECORE.DLL      : 8.1.15.3      192886 Bytes  15/05/2010 07:12:04
AEBB.DLL        : 8.1.1.0        53618 Bytes  24/04/2010 05:07:41
AVWINLL.DLL     : 10.0.0.0       19304 Bytes  14/01/2010 10:03:38
AVPREF.DLL      : 10.0.0.0       44904 Bytes  14/01/2010 10:03:35
AVREP.DLL       : 10.0.0.8       62209 Bytes  18/02/2010 14:47:40
AVREG.DLL       : 10.0.3.0       53096 Bytes  23/04/2010 05:07:29
AVSCPLR.DLL     : 10.0.3.0       83816 Bytes  23/04/2010 05:07:29
AVARKT.DLL      : 10.0.0.14     227176 Bytes  23/04/2010 05:07:29
AVEVTLOG.DLL    : 10.0.0.8      203112 Bytes  26/01/2010 07:53:30
SQLITE3.DLL     : 3.6.19.0      355688 Bytes  28/01/2010 10:57:58
AVSMTP.DLL      : 10.0.0.17      63848 Bytes  16/03/2010 13:38:56
NETNT.DLL       : 10.0.0.0       11624 Bytes  19/02/2010 12:41:00
RCIMAGE.DLL     : 10.0.0.26    2550120 Bytes  28/01/2010 11:10:20
RCTEXT.DLL      : 10.0.53.0      97128 Bytes  23/04/2010 05:07:29

Configuration settings for the scan:
Jobname.............................: Scan for Rootkits and active malware
Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\rootkit.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Deviating archive types.............: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, 
Macro heuristic.....................: on
File heuristic......................: high
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Start of the scan: mercredi 9 juin 2010  18:39

Starting search for hidden objects.

The scan of running processes will be started
Scan process 'avscan.exe' - '66' Module(s) have been scanned
Scan process 'avcenter.exe' - '93' Module(s) have been scanned
Scan process 'hpqgpc01.exe' - '57' Module(s) have been scanned
Scan process 'hpqbam08.exe' - '29' Module(s) have been scanned
Scan process 'hpqSTE08.exe' - '58' Module(s) have been scanned
Scan process 'CTXFISPI.EXE' - '49' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '83' Module(s) have been scanned
Scan process 'DTLite.exe' - '39' Module(s) have been scanned
Scan process 'SuperCopier2.exe' - '25' Module(s) have been scanned
Scan process 'svchost.exe' - '35' Module(s) have been scanned
Scan process 'jusched.exe' - '26' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '18' Module(s) have been scanned
Scan process 'avgnt.exe' - '68' Module(s) have been scanned
Scan process 'Ctxfihlp.exe' - '51' Module(s) have been scanned
Scan process 'Explorer.EXE' - '118' Module(s) have been scanned
Scan process 'Dwm.exe' - '28' Module(s) have been scanned
Scan process 'taskhost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'conhost.exe' - '14' Module(s) have been scanned
Scan process 'avshadow.exe' - '25' Module(s) have been scanned
Scan process 'svchost.exe' - '21' Module(s) have been scanned
Scan process 'svchost.exe' - '21' Module(s) have been scanned
Scan process 'svchost.exe' - '45' Module(s) have been scanned
Scan process 'svchost.exe' - '45' Module(s) have been scanned
Scan process 'avguard.exe' - '66' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'sched.exe' - '50' Module(s) have been scanned
Scan process 'spoolsv.exe' - '81' Module(s) have been scanned
Scan process 'svchost.exe' - '60' Module(s) have been scanned
Scan process 'atieclxx.exe' - '29' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'CTAudSvc.exe' - '29' Module(s) have been scanned
Scan process 'svchost.exe' - '119' Module(s) have been scanned
Scan process 'svchost.exe' - '95' Module(s) have been scanned
Scan process 'svchost.exe' - '57' Module(s) have been scanned
Scan process 'atiesrxx.exe' - '26' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'winlogon.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '59' Module(s) have been scanned
Scan process 'lsm.exe' - '16' Module(s) have been scanned
Scan process 'lsass.exe' - '65' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'csrss.exe' - '16' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '16' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting to scan executable files (registry).
The registry was scanned ( '355' files ).


Starting the file scan:

Begin scan in 'C:'
C:\Program Files\List_Kill'em\xwkkpyx.pif
  [DETECTION] Contains HEUR/Crypted.E suspicious code
--> Object
  [DETECTION] Contains HEUR/Crypted.E suspicious code

Beginning disinfection:
C:\Program Files\List_Kill'em\xwkkpyx.pif
    [DETECTION] Contains HEUR/Crypted.E suspicious code
    [NOTE]      The file was moved to the quarantine directory under the name '484e6100.qua'.


End of the scan: mercredi 9 juin 2010  18:45
Used time: 05:16 Minute(s)

The scan has been done completely.

  10124 Scanned directories
 236359 Files were scanned
      0 Viruses and/or unwanted programs were found
      1 Files were classified as suspicious
      0 files were deleted
      0 Viruses and unwanted programs were repaired
      1 Files were moved to quarantine
      0 Files were renamed
      0 Files cannot be scanned
 236358 Files not concerned
   1248 Archives were scanned
      0 Warnings
      1 Notes
 335980 Objects were scanned with rootkit scan
      0 Hidden objects were found

Utilisateur anonyme · Answer

il s'agit d'uin executable de list kill'em  :-) 



. télécharges Ccleaner à partir de cette adresse et enregistres le sur le bureau

https://www.commentcamarche.net/telecharger/utilitaires/5647-ccleaner/ 

.double-cliques sur le fichier pour lancer l'installation 
/!\Utilisateur de Vista et windows 7 : Clique droit sur le logo de Ccleaner, « exécuter en tant qu'Administrateur »

.sur la fenêtre de l'installation langage bien choisir français et OK 
.cliques sur suivant 
.lis la licence et j'accepte 
.cliques sur suivant 
.la tu ne gardes de coché que mettre un raccourci sur le bureau et puis contrôler automatiquement les mises à jour de Ccleaner 
.cliques sur installer 
.cliques sur fermer 
.double-cliques sur l'icône de Ccleaner pour l'ouvrir 
.une fois ouvert tu cliques sur option et puis avancé 
.tu décoches effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures 
.cliques sur nettoyeur 
.cliques sur windows et dans la colonne avancé 
.coches la première case vieilles données du perfetch que celle-la ce qui te donnes la case vielles données du perfetch et la case avancé qui c'est coché automatiquement mais que celle-la 
.cliques sur analyse une fois l'analyse terminé 
.cliques sur lancer le nettoyage et sur la demande de confirmation OK il vas falloir que tu le refasses une autre fois une fois fini vériffis en appuiant de nouveau sur analyse pour être sur qu'il n'y est plus rien 
.cliques maintenant sur registre et puis sur rechercher les erreurs 
.laisses tout cochées et cliques sur réparrer les erreurs sélectionnées 
.il te demande de sauvegarder OUI 
.tu lui donnes un nom pour pouvoir la retrouver et enregistre 
.cliques sur corriger toutes les erreurs sélectionnées et sur la demande de confirmation OK 
.il supprime et fermer tu vérifies en relançant rechercher les erreurs 
.tu retournes dans option et tu recoches la case effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures et sur nettoyeur, windows sous avancé tu décoches la première case vieilles données du perfetch 
.tu peux fermer Ccleaner




* Pour supprimer les outils de désinfection avec ZHP : 

Pour Xp : Double clique sur l'icône ZHPFix.exe sur ton Bureau. 

Pour Vista et windows 7 : Clique droit sur l'icône ZHPFix.exe sur ton Bureau, 
puis sélectionne 'Exécuter en tant qu'administrateur'. 

Clique sur le A rouge (Nettoyeur de Tools). 

Clique sur Nettoyer. 

Fais redémarrer l'ordi pour terminer le nettoyage. 

si certains outils restent après le passage de zhp, vire les manuellement. 

* Désactivation, puis Réactivation de la restauration système après désinfection : 

Il est nécessaire de désactiver puis réactiver la restauration système pour la purger car les points de restauration peuvent être infectés :  


Pour Windows 7 : 
  
http://www.jenyburn.com/home/comment-desactiver-la-restauration-du-systeme-sous-windows-7 



relance Avira et fais une mise à jour, lance un autre scan complet de ton pc, tiens moi au courant du résultat  :-)

Pierre · Answer

Merci :)

Par contre, je ne peux plus accéder à la restauration, j'ai pas l'onglet et l'icone du panneau de config ne sert à rien...

Apparemment problème connu, j'utilise pas la restauration de toutes façons.


Merci beaucoup pour l'aide.

Utilisateur anonyme · Answer

fais ce que tu peux, passe Ccleaner, .....

j'attends le résultat du scan d'antivirus  :-)

@++

Pierre · Answer

Bon, gros rapport, je poste juste la fin



The scan of running processes will be started
Scan process 'avscan.exe' - '66' Module(s) have been scanned
Scan process 'avscan.exe' - '28' Module(s) have been scanned
Scan process 'avcenter.exe' - '75' Module(s) have been scanned
Scan process 'firefox.exe' - '105' Module(s) have been scanned
Scan process 'hpswp_clipbook.exe' - '30' Module(s) have been scanned
Scan process 'emule.exe' - '65' Module(s) have been scanned
Scan process 'hpqgpc01.exe' - '57' Module(s) have been scanned
Scan process 'hpqbam08.exe' - '29' Module(s) have been scanned
Scan process 'hpqSTE08.exe' - '58' Module(s) have been scanned
Scan process 'CTXFISPI.EXE' - '49' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '83' Module(s) have been scanned
Scan process 'svchost.exe' - '35' Module(s) have been scanned
Scan process 'DTLite.exe' - '40' Module(s) have been scanned
Scan process 'SuperCopier2.exe' - '25' Module(s) have been scanned
Scan process 'jusched.exe' - '26' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '18' Module(s) have been scanned
Scan process 'avgnt.exe' - '68' Module(s) have been scanned
Scan process 'Ctxfihlp.exe' - '51' Module(s) have been scanned
Scan process 'Explorer.EXE' - '146' Module(s) have been scanned
Scan process 'Dwm.exe' - '28' Module(s) have been scanned
Scan process 'taskhost.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'conhost.exe' - '14' Module(s) have been scanned
Scan process 'avshadow.exe' - '25' Module(s) have been scanned
Scan process 'svchost.exe' - '21' Module(s) have been scanned
Scan process 'svchost.exe' - '21' Module(s) have been scanned
Scan process 'svchost.exe' - '45' Module(s) have been scanned
Scan process 'svchost.exe' - '45' Module(s) have been scanned
Scan process 'avguard.exe' - '62' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'sched.exe' - '50' Module(s) have been scanned
Scan process 'spoolsv.exe' - '78' Module(s) have been scanned
Scan process 'svchost.exe' - '63' Module(s) have been scanned
Scan process 'atieclxx.exe' - '29' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'CTAudSvc.exe' - '29' Module(s) have been scanned
Scan process 'svchost.exe' - '121' Module(s) have been scanned
Scan process 'svchost.exe' - '95' Module(s) have been scanned
Scan process 'svchost.exe' - '60' Module(s) have been scanned
Scan process 'atiesrxx.exe' - '26' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'winlogon.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '59' Module(s) have been scanned
Scan process 'lsm.exe' - '16' Module(s) have been scanned
Scan process 'lsass.exe' - '66' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'csrss.exe' - '16' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '16' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
    [INFO]      No virus was found!
Master boot sector HD1
    [INFO]      No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
    [INFO]      No virus was found!
Boot sector 'E:\'
    [INFO]      No virus was found!
Boot sector 'H:\'
    [INFO]      No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '350' files ).


Starting the file scan:

Begin scan in 'C:\'
Begin scan in 'E:\' <PGM>
E:\pagefile.sys
    [WARNING]   The file could not be opened!
Begin scan in 'H:\'
H:\System Volume Information\_restore{2863327C-8755-4CF6-9F81-AC70B703C2A4}\RP512\A0079293.exe
    [DETECTION] Contains recognition pattern of the SPR/NodFix program
H:\System Volume Information\_restore{2863327C-8755-4CF6-9F81-AC70B703C2A4}\RP512\A0080244.exe
    [DETECTION] Is the TR/Agent.69632.O Trojan
H:\System Volume Information\_restore{2863327C-8755-4CF6-9F81-AC70B703C2A4}\RP512\A0080364.exe
    [DETECTION] Contains recognition pattern of the SPR/PSW.PassView.B program

Beginning disinfection:
H:\System Volume Information\_restore{2863327C-8755-4CF6-9F81-AC70B703C2A4}\RP512\A0080364.exe
    [DETECTION] Contains recognition pattern of the SPR/PSW.PassView.B program
    [NOTE]      The file was moved to the quarantine directory under the name '49174918.qua'.
H:\System Volume Information\_restore{2863327C-8755-4CF6-9F81-AC70B703C2A4}\RP512\A0080244.exe
    [DETECTION] Is the TR/Agent.69632.O Trojan
    [NOTE]      The file was moved to the quarantine directory under the name '518066bf.qua'.
H:\System Volume Information\_restore{2863327C-8755-4CF6-9F81-AC70B703C2A4}\RP512\A0079293.exe
    [DETECTION] Contains recognition pattern of the SPR/NodFix program
    [NOTE]      The file was moved to the quarantine directory under the name '03df3c57.qua'.


End of the scan: jeudi 10 juin 2010  15:49
Used time: 24:53 Minute(s)

The scan has been done completely.

  14737 Scanned directories
 314220 Files were scanned
      3 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 files were deleted
      0 Viruses and unwanted programs were repaired
      3 Files were moved to quarantine
      0 Files were renamed
      1 Files cannot be scanned
 314216 Files not concerned
   1727 Archives were scanned
      1 Warnings
      3 Notes
 344165 Objects were scanned with rootkit scan
   8130 Hidden objects were found



Il semblerait que les points de restauration soient infectés mais je ne peux accéder à la restauration et cccleaner non plus...

Utilisateur anonyme · Answer

bonjour,
relance avira, on verras s'il trouve encore des infections dans la restauration système  :-)

je vais regarder si je trouve une solution pour les virer

envoie le rapport dés que tu peux :-)

@++

Pierre · Answer

The scan of running processes will be started
Scan process 'firefox.exe' - '105' Module(s) have been scanned
Scan process 'avscan.exe' - '66' Module(s) have been scanned
Scan process 'avscan.exe' - '28' Module(s) have been scanned
Scan process 'emule.exe' - '77' Module(s) have been scanned
Scan process 'hpqgpc01.exe' - '57' Module(s) have been scanned
Scan process 'hpqbam08.exe' - '29' Module(s) have been scanned
Scan process 'hpqSTE08.exe' - '58' Module(s) have been scanned
Scan process 'CTXFISPI.EXE' - '49' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '83' Module(s) have been scanned
Scan process 'DTLite.exe' - '40' Module(s) have been scanned
Scan process 'SuperCopier2.exe' - '25' Module(s) have been scanned
Scan process 'svchost.exe' - '35' Module(s) have been scanned
Scan process 'jusched.exe' - '26' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '18' Module(s) have been scanned
Scan process 'avgnt.exe' - '64' Module(s) have been scanned
Scan process 'Ctxfihlp.exe' - '51' Module(s) have been scanned
Scan process 'Explorer.EXE' - '135' Module(s) have been scanned
Scan process 'Dwm.exe' - '29' Module(s) have been scanned
Scan process 'taskhost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'conhost.exe' - '14' Module(s) have been scanned
Scan process 'avshadow.exe' - '25' Module(s) have been scanned
Scan process 'svchost.exe' - '21' Module(s) have been scanned
Scan process 'svchost.exe' - '21' Module(s) have been scanned
Scan process 'svchost.exe' - '45' Module(s) have been scanned
Scan process 'svchost.exe' - '45' Module(s) have been scanned
Scan process 'avguard.exe' - '62' Module(s) have been scanned
Scan process 'svchost.exe' - '57' Module(s) have been scanned
Scan process 'sched.exe' - '50' Module(s) have been scanned
Scan process 'spoolsv.exe' - '78' Module(s) have been scanned
Scan process 'atieclxx.exe' - '29' Module(s) have been scanned
Scan process 'svchost.exe' - '60' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'CTAudSvc.exe' - '29' Module(s) have been scanned
Scan process 'svchost.exe' - '119' Module(s) have been scanned
Scan process 'svchost.exe' - '95' Module(s) have been scanned
Scan process 'svchost.exe' - '57' Module(s) have been scanned
Scan process 'atiesrxx.exe' - '26' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'winlogon.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '59' Module(s) have been scanned
Scan process 'lsm.exe' - '16' Module(s) have been scanned
Scan process 'lsass.exe' - '65' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'csrss.exe' - '16' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '16' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
    [INFO]      No virus was found!
Master boot sector HD1
    [INFO]      No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
    [INFO]      No virus was found!
Boot sector 'E:\'
    [INFO]      No virus was found!
Boot sector 'H:\'
    [INFO]      No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '350' files ).


Starting the file scan:

Begin scan in 'C:\'
Begin scan in 'E:\' <PGM>
E:\pagefile.sys
    [WARNING]   The file could not be opened!
Begin scan in 'H:\'


End of the scan: jeudi 10 juin 2010  19:02
Used time: 14:01 Minute(s)

The scan has been done completely.

  14863 Scanned directories
 314316 Files were scanned
      0 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 files were deleted
      0 Viruses and unwanted programs were repaired
      0 Files were moved to quarantine
      0 Files were renamed
      1 Files cannot be scanned
 314315 Files not concerned
   1718 Archives were scanned
      1 Warnings
      0 Notes
 345500 Objects were scanned with rootkit scan
   8630 Hidden objects were found



Apparemment c'est clean ! :)

Utilisateur anonyme · Answer

arrives tu à créer un nouveau point de restauration système ?

si oui, fait le  :-)

Pierre · Answer

Non, toujours pas. 

L'icône "Récupération" dans le panneau de configuration ne réagit pas 

et dans les propriétés système, l'onglet n'existe pas (pourtant je suis sur qu'il était présent y'a quelques jours) 

Même avec le compte admin, je ne peux rien faire.

Utilisateur anonyme · Answer

est ce que à part ton restauration système, ton géstionnaire de taches et l'uac son désactivé aussi ?

TR/Downloader.Gen ??

24 réponses

Discussions similaires

Newsletters