Le PC de mon boulot est infecté de Trojan, du coup, problème de connexion, d'affichage, et Antivir passe son temps à les détecter, mais sans résoudre les problèmes.
[mythes] PC infecté dans les 5 premières minutes d'Internet VoirMythe
Un PC relié à internet sera infecté dans les 5 premières minutes de connexion
Réalité
VRAI
Explications
Tous les systèmes d'exploitation possèdent des bugs (des erreurs de programmation). Windows n'y échappe pas.
Il se trouve que la...
PC infecté par des rogues VoirQue faire si votre pc est infecté par un ou plusieurs rogues ??
Définition d'un rogue
Procédure préliminaire à exécuter si vous êtes sous Vista
1. SmitfraudFix
Option 1 - Recherche
Option 2 - Nettoyage
2. MalwareByte's Anti...
Utilitaires de désinfection des principaux virus et vers VoirQu'est-ce qu'un kit de désinfection ?
Un kit de désinfection est un petit exécutable dont le but est de nettoyer une machine infectée par un virus particulier. Chaque kit de désinfection est donc uniquement capable d'éradiquer un type de virus...
J'ai fait un scan avec Antivir, dont voici le rapport :
Avira AntiVir Personal
Report file date: mardi 10 juin 2008 12:11
Scanning for 1320652 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: CLASSE12-1
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: mardi 10 juin 2008 12:11
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'DSAgnt.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'yiuemii.exe' - '1' Module(s) have been scanned
Scan process 'HPWNTBX.exe' - '1' Module(s) have been scanned
Scan process 'pmxmiced.exe' - '1' Module(s) have been scanned
Scan process 'PDVDDXSrv.exe' - '1' Module(s) have been scanned
Scan process 'ico.exe' - '1' Module(s) have been scanned
Scan process 'stsystra.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'winvnc4.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'AsfIpMon.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'a2service.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
37 processes with 37 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
C:\WINDOWS\system32\vtUnnnoN.dll
[DETECTION] Is the Trojan horse TR/Monder.30208.2
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
The registry was scanned ( '30' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP147\A0012081.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[NOTE] The file was moved to '487e584b.qua'!
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP172\A0014773.exe
[DETECTION] Contains suspicious code HEUR/Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '487e586f.qua'!
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP173\A0014789.exe
[DETECTION] Contains suspicious code HEUR/Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '487e5875.qua'!
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP173\A0014790.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.iwh
[NOTE] The file was moved to '487e5879.qua'!
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP173\A0014799.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[NOTE] The file was moved to '487e587c.qua'!
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP173\A0014882.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was moved to '487e5882.qua'!
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP173\A0014883.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was moved to '487e588b.qua'!
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP174\A0014920.dll
[DETECTION] Is the Trojan horse TR/Downloader.Gen
[NOTE] The file was moved to '487e5890.qua'!
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP174\A0014922.exe
[DETECTION] Is the Trojan horse TR/Agent.DYH
[NOTE] The file was moved to '487e5893.qua'!
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP174\A0014924.exe
[DETECTION] Contains suspicious code HEUR/Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '487e5895.qua'!
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP175\A0015094.exe
[DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
[NOTE] The file was moved to '487e58a0.qua'!
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP175\A0015096.dll
[DETECTION] Is the Trojan horse TR/Monder.82944
[NOTE] The file was moved to '487e58a6.qua'!
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP175\A0015104.dll
[DETECTION] Is the Trojan horse TR/Monder.82944
[NOTE] The file was moved to '487e58a8.qua'!
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP175\A0015105.dll
[DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
[NOTE] The file was moved to '487e58aa.qua'!
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP175\A0015120.exe
[DETECTION] Is the Trojan horse TR/MailSkinner.C.1
[NOTE] The file was moved to '487e58ac.qua'!
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP175\A0015124.exe
[DETECTION] Contains detection pattern of the rootkit RKIT/Agent.aqa
[NOTE] The file was moved to '487e58ae.qua'!
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP175\A0015125.exe
[DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
[NOTE] The file was moved to '487e58b0.qua'!
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP175\A0015126.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was moved to '487e58b2.qua'!
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP175\A0015135.dll
[DETECTION] Is the Trojan horse TR/Click.Agen.32256
[NOTE] The file was moved to '487e58b4.qua'!
C:\WINDOWS\mrofinu1535.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '48bd5915.qua'!
C:\WINDOWS\system32\svchost.exe:ext.exe
[DETECTION] Is the Trojan horse TR/Hijack.Explor.4860
[NOTE] The file was moved to '48b15a56.qua'!
C:\WINDOWS\system32\vtUnnnoN.dll
[DETECTION] Is the Trojan horse TR/Monder.30208.2
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IJ2L4N67\update[1].upd
[DETECTION] Contains detection pattern of the rootkit RKIT/Clbd.BJ
[NOTE] The file was moved to '48b25a74.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IJ2L4N67\update[2].upd
[DETECTION] Contains detection pattern of the rootkit RKIT/Clbd.BJ
[NOTE] The file was moved to '48b25a76.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IJ2L4N67\update[3].upd
[DETECTION] Contains detection pattern of the rootkit RKIT/Clbd.BJ
[NOTE] The file was moved to '48b25a78.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IJ2L4N67\update[4].upd
[DETECTION] Contains detection pattern of the rootkit RKIT/Clbd.BJ
[NOTE] The file was moved to '48b25a7e.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IJ2L4N67\update[5].upd
[DETECTION] Contains detection pattern of the rootkit RKIT/Clbd.BJ
[NOTE] The file was moved to '48b25a82.qua'!
C:\WINDOWS\Temp\NSIS_Install_WMP.exe
[DETECTION] Contains detection pattern of the dropper DR/NaviPromo.BU.35
[NOTE] The file was moved to '48975abc.qua'!
End of the scan: mardi 10 juin 2008 12:41
Used time: 30:43 min
The scan has been done completely.
5518 Scanning directories
257318 Files were scanned
26 viruses and/or unwanted programs were found
3 Files were classified as suspicious:
0 files were deleted
0 files were repaired
27 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
257292 Files not concerned
3484 Archives were scanned
4 Warnings
27 Notes
Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/Hijenr.gif
Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Le PC ayant complètement planté, un technicien est venu me le chercher pour essayer de résoudre le problème. Merci beaucoup à ceux qui ont essayé de m'aider !
