Sujet Précédent Sujet Suivant

Cheval de troie

Résolu
labellebleue Messages postés 26 Statut Membre -  
labellebleue Messages postés 26 Statut Membre -
Bonjour,
mon antivirus avira antivir vient de detecter un cheval de troie dans mon PC nomme: TR/click.agent.aig
quand je refuse l'acces une nouvelle fenetre de detection s'ouvre et ainsi de suite. je ne peux pas non plus le supprimer. quand je clique sur "virus information" pour en savoir plus avira me repond que ce virus est inconnu.
suite a un probleme avec un virus test eicar j'avais telecharge combo fix, me conseillez vous de l'utiliser? ou enventuellement un logiciel anti cheval de troie comme j'en ai vu sur ce site?
merci pour votre aide a bientot

11 réponses

Réponse 1 / 11
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt,

colle le rapport antivir pour voir

______

scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

_____________

colle un rapport hijackthis

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
0
Réponse 2 / 11
labellebleue Messages postés 26 Statut Membre
 
j'ai fait une analyse complete du systeme par avira voici le rapport.
est ce que desinstaller norton suffirait a supprimer ce cheval de troie puisqu'apparement c'est la qu'il se situe?

Avira AntiVir Personal
Report file date: jeudi 15 mai 2008 13:53

Scanning for 1266589 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: XXXXXXXXXXXXXXXXXXXXXXX
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: XXXXXXXXXXXXXXXX

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 20/04/2008 23:06:45
AVSCAN.DLL : 8.1.1.0 53505 Bytes 20/04/2008 23:06:45
LUKE.DLL : 8.1.2.9 151809 Bytes 20/04/2008 23:06:47
LUKERES.DLL : 8.1.2.1 12033 Bytes 20/04/2008 23:06:47
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 16:31:55
ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 05/05/2008 22:00:58
ANTIVIR3.VDF : 7.0.4.39 197120 Bytes 14/05/2008 22:01:24
Engineversion : 8.1.0.42
AEVDF.DLL : 8.1.0.5 102772 Bytes 20/04/2008 23:06:48
AESCRIPT.DLL : 8.1.0.31 262522 Bytes 09/05/2008 17:53:09
AESCN.DLL : 8.1.0.16 119156 Bytes 08/05/2008 10:53:25
AERDL.DLL : 8.1.0.20 418165 Bytes 25/04/2008 09:44:40
AEPACK.DLL : 8.1.1.4 364918 Bytes 02/05/2008 19:03:12
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 20/04/2008 23:06:48
AEHEUR.DLL : 8.1.0.26 1237366 Bytes 09/05/2008 17:53:05
AEHELP.DLL : 8.1.0.14 115063 Bytes 20/04/2008 23:06:47
AEGEN.DLL : 8.1.0.20 299380 Bytes 08/05/2008 10:53:24
AEEMU.DLL : 8.1.0.6 430451 Bytes 08/05/2008 10:53:23
AECORE.DLL : 8.1.0.28 168310 Bytes 08/05/2008 10:53:21
AVWINLL.DLL : 1.0.0.7 14593 Bytes 20/04/2008 23:06:45
AVPREF.DLL : 8.0.0.1 25857 Bytes 20/04/2008 23:06:45
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 20/04/2008 23:06:45
AVARKT.DLL : 1.0.0.23 307457 Bytes 20/04/2008 23:06:45
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 20/04/2008 23:06:45
SQLITE3.DLL : 3.3.17.1 339968 Bytes 20/04/2008 23:06:47
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 20/04/2008 23:06:47
NETNT.DLL : 8.0.0.1 7937 Bytes 20/04/2008 23:06:47
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 20/04/2008 23:06:31
RCTEXT.DLL : 8.0.32.0 86273 Bytes 20/04/2008 23:06:31

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: off
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: jeudi 15 mai 2008 13:53

Starting search for hidden objects.
'50310' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'NSCSRVCE.EXE' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'wcescomm.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'UnlockerAssistant.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'dslagent.exe' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'CCAPP.EXE' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'DetectorApp.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'CLSched.exe' - '1' Module(s) have been scanned
Scan process 'USBDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'AluSchedulerSvc.exe' - '1' Module(s) have been scanned
Scan process 'NAVAPSVC.EXE' - '1' Module(s) have been scanned
Scan process 'CLMLServer.exe' - '1' Module(s) have been scanned
Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
[0] Archive type: RSRC
--> Object
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Click.Agent.aig
Scan process 'symlcsvc.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe'
Scan process 'SPBBCSvc.exe' - '1' Module(s) have been scanned
Scan process 'SNDSrvc.exe' - '1' Module(s) have been scanned
Scan process 'PIFSvc.exe' - '1' Module(s) have been scanned
Scan process 'CCPROXY.EXE' - '1' Module(s) have been scanned
Scan process 'CCEVTMGR.EXE' - '1' Module(s) have been scanned
Scan process 'CCSETMGR.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Process 'symlcsvc.exe' has been terminated
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
[0] Archive type: RSRC
--> Object
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Click.Agent.aig
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]

54 processes with 53 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Starting to scan the registry.

The registry was scanned ( '32' files ).

Starting the file scan:

Begin scan in 'C:\' <HDD>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1206479985jtun_symlcsvc19274.x01.full.zip
[0] Archive type: RAR
--> symlcsvc.exe
[1] Archive type: RSRC
--> Object
[2] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Click.Agent.aig
[NOTE] The file was moved to '485c2789.qua'!
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcrst.dll
[WARNING] The file could not be opened!
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
[0] Archive type: RSRC
--> Object
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Click.Agent.aig
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlctnk.dll
[0] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Click.Agent.aig
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]

End of the scan: jeudi 15 mai 2008 14:44
Used time: 51:24 min

The scan has been done completely.

6562 Scanning directories
239455 Files were scanned
5 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
239450 Files not concerned
7130 Archives were scanned
6 Warnings
1 Notes
50310 Objects were scanned with rootkit scan
0 Hidden objects were found
0
Réponse 3 / 11
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
tu as norton antivirus en plus d'antivir?

télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :
C\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1206479985jtun_symlcsvc19274.x01.full.zip
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcrst.dll
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
0
Réponse 4 / 11
labellebleue Messages postés 26 Statut Membre
 
oui j'ai les 2 car je me sers du firewall de norton je ne voulais pas telecharger encore un truc supplementaire. on m'a deja conseille de l'enlever il va falloir que je le fasse. en fait mon abonnement est perime depuis peu et avant de tout desintaller je voulais voir si les antivirus gratuits marchaient. ce que je constate c'est que j'ai quand meme chope un truc alors que en un an sous norton je n'ai jamais eu de pbs. du coup je suis dubitative.

pour en revenir a mon soucis du cheval de troie, j'ai lance malwarebyte qui n'a rien trouve!! je vais donc essayer votre derniere suggestion. et je vous tiens au courant.
merci
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 11
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
vire norton et cela devrait etre bon:

fais ceci
https://www.pcastuces.com/newsletter/adj/1630.htm

ou
fais ceci

https://forum.zebulon.fr/topic/73027-supprimer-norton/

ou ceci:

https://forum.zebulon.fr/index.php?act=ST&f=38&t=57795

_______________

pour protéger gratos ton ordi

http://www.commentcamarche.net/telecharger/logiciel 4 securite

mettre un antivirus

AVAST en français ou ANTIVIR (en anglais mais très efficace)
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
MalwareByte's Anti-Malware + SPYBOT +/- si tea timer non active de spybot:
WINDOWS DEFENDER ou SPYWARE TERMINATOR

+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

Rq : spybot et ad-aware ont sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
--------
un pare feu :
celui de (Windows) ou mieux Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall

https://forum.pcastuces.com/sujet.asp?f=25&s=35606
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm

-----------
CCLEANER pour effacer les traces de surf
---------
naviguer avec firefox ou safari ou opera et non internet explorer plus touché par les virus
http://www.mozilla-europe.org/fr/products/firefox/
0
Réponse 6 / 11
labellebleue Messages postés 26 Statut Membre
 
File/Folder C\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1206479985jtun_symlcsvc19274.x01.full.zip not found.
LoadLibrary failed for C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcrst.dll
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcrst.dll NOT unregistered.
File move failed. C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcrst.dll scheduled to be moved on reboot.
File move failed. C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe scheduled to be moved on reboot.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05152008_162534

Files moved on Reboot...
LoadLibrary failed for C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcrst.dll
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcrst.dll NOT unregistered.
File move failed. C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcrst.dll scheduled to be moved on reboot.
File move failed. C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe scheduled to be moved on reboot.

ca n'a pas marche avec moveit. j'essaie la suite.
0
Réponse 7 / 11
labellebleue Messages postés 26 Statut Membre
 
bonsoir, me revoila.

1/ j'ai reussi a desinstaller norton. j'espere qu'il n'y en a plus trace dans mon PC.

2/suite a cela j'ai relance une analyse complete avec avira, il a trouve de nouveau le trojan dans 2 autres fichiers qu'il a mis en quarantaine. puis je les supprimer (je ne sais pas vraiment a quoi ca correspond)?

voici le rapport:

Avira AntiVir Personal
Report file date: jeudi 15 mai 2008 20:19

Scanning for 1266589 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: xxxxxxxxxx
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: xxxxxxxxx

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 20/04/2008 23:06:45
AVSCAN.DLL : 8.1.1.0 53505 Bytes 20/04/2008 23:06:45
LUKE.DLL : 8.1.2.9 151809 Bytes 20/04/2008 23:06:47
LUKERES.DLL : 8.1.2.1 12033 Bytes 20/04/2008 23:06:47
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 16:31:55
ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 05/05/2008 22:00:58
ANTIVIR3.VDF : 7.0.4.39 197120 Bytes 14/05/2008 22:01:24
Engineversion : 8.1.0.42
AEVDF.DLL : 8.1.0.5 102772 Bytes 20/04/2008 23:06:48
AESCRIPT.DLL : 8.1.0.31 262522 Bytes 09/05/2008 17:53:09
AESCN.DLL : 8.1.0.16 119156 Bytes 08/05/2008 10:53:25
AERDL.DLL : 8.1.0.20 418165 Bytes 25/04/2008 09:44:40
AEPACK.DLL : 8.1.1.4 364918 Bytes 02/05/2008 19:03:12
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 20/04/2008 23:06:48
AEHEUR.DLL : 8.1.0.26 1237366 Bytes 09/05/2008 17:53:05
AEHELP.DLL : 8.1.0.14 115063 Bytes 20/04/2008 23:06:47
AEGEN.DLL : 8.1.0.20 299380 Bytes 08/05/2008 10:53:24
AEEMU.DLL : 8.1.0.6 430451 Bytes 08/05/2008 10:53:23
AECORE.DLL : 8.1.0.28 168310 Bytes 08/05/2008 10:53:21
AVWINLL.DLL : 1.0.0.7 14593 Bytes 20/04/2008 23:06:45
AVPREF.DLL : 8.0.0.1 25857 Bytes 20/04/2008 23:06:45
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 20/04/2008 23:06:45
AVARKT.DLL : 1.0.0.23 307457 Bytes 20/04/2008 23:06:45
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 20/04/2008 23:06:45
SQLITE3.DLL : 3.3.17.1 339968 Bytes 20/04/2008 23:06:47
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 20/04/2008 23:06:47
NETNT.DLL : 8.0.0.1 7937 Bytes 20/04/2008 23:06:47
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 20/04/2008 23:06:31
RCTEXT.DLL : 8.0.32.0 86273 Bytes 20/04/2008 23:06:31

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: off
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: jeudi 15 mai 2008 20:19

Starting search for hidden objects.
'48941' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'wcescomm.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'UnlockerAssistant.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'realplay.exe' - '1' Module(s) have been scanned
Scan process 'dslagent.exe' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'DetectorApp.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'CLSched.exe' - '1' Module(s) have been scanned
Scan process 'USBDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'CLMLServer.exe' - '1' Module(s) have been scanned
Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
41 processes with 41 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '32' files ).

Starting the file scan:

Begin scan in 'C:\' <HDD>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP150\A0034533.exe
[0] Archive type: RSRC
--> Object
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Click.Agent.aig
[NOTE] The file was moved to '485c83b2.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP150\A0034534.dll
[0] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Click.Agent.aig
[NOTE] The file was moved to '485c83bb.qua'!

End of the scan: jeudi 15 mai 2008 20:53
Used time: 34:06 min

The scan has been done completely.

6487 Scanning directories
227917 Files were scanned
2 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
227915 Files not concerned
6502 Archives were scanned
2 Warnings
2 Notes
48941 Objects were scanned with rootkit scan
0 Hidden objects were found

3/ sauriez vous me dire ce que sont les fichiers qu'avira ne peut analyser?

4/ j'ai installe kerio. y'a t il des manips particulieres a faire pour le configurer correctement? ou je le laisse faire son boulot tout seul?

merci d'avance pour toutes vos reponses et votre aide,
bonne soiree
0
Réponse 8 / 11
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
1/ cela devrait etre bon!

2/suite a cela j'ai relance une analyse complete avec avira, il a trouve de nouveau le trojan dans 2 autres fichiers qu'il a mis en quarantaine. puis je les supprimer (je ne sais pas vraiment a quoi ca correspond)?

OUI TU PEUX

mais comme il sont dans la retauration fais ceci pour les virer:

si tout c'est bien passé désactive la restauration système pour purger les virus qui seraient dedans
puis redemarre ton ordi
puis réactive là :

https://www.informatruc.com

___________________

3/ sauriez vous me dire ce que sont les fichiers qu'avira ne peut analyser?
C'EST NORMAL aucun souci pour ces fichiers ils sont protégés

_____________________

4/ tu laisse faire KERIO
0
Réponse 9 / 11
labellebleue Messages postés 26 Statut Membre
 
bonjour,
j'ai fait ce que vous m'aviez conseille quant a la restauration et ai cree un nouveau point de restauration.
je laisse kerio travailler comme vous me l'avez dit cependant il bloque pas mal de choses sur mes pages web qui sont souvent incompletes, que puis je faire? merci
0
Réponse 10 / 11
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
si tu as du mal avec kerio mets zone alarm a la place
0
Réponse 11 / 11
labellebleue Messages postés 26 Statut Membre
 
merci
0

Discussions similaires

Cheval de troie comment le supprimer?
sonia -
^^Marie^^ -

28 réponses
expressions francaises
bifaka -
lanonyme -

4 réponses
virus: comment supprimer ccxprocess (virus cheval de troie)
grrlesang -
bazfile -

1 réponse
cheval dans oblivion
sernaldo53 -
sernaldo53 -

12 réponses
comment se debarasser d un cheval de troie
jennyfer1 -
MrMaDGaME -

66 réponses