Il y a actuellement 707 visiteurs
Vendredi 22 Novembre 2024
accueilactualitésdossierscomparer les prixtélécharger gratuitement vos logicielsoffres d'emploiforum informatique
Connexion
Créer un compte

coucou444

Ce membre n'a pas encore choisi d'avatar
Visiteur
Visiteur
Nom d'utilisateur:
coucou444
Groupes:

Contacter coucou444

Statistiques de l’utilisateur

Inscription:
13 Nov 2008 21:42
Dernière visite:
13 Nov 2008 21:46
Messages:
1 (0.00% de tous les messages / 0.00 messages par jour)
Forum le plus actif:
Forum sécurité, virus et publicité (adware)
(1 Message / 100.00% des messages de l'utilisateur)
Sujet le plus actif:
Virus Tojan insupprimable!!
(1 Message / 100.00% des messages de l'utilisateur)

Les derniers messages de coucou444

Message Virus Tojan insupprimable!!
Bonjour,
Je suis infectée d'un virus Trojan Small depuis un ou deux mois, qui est devenu un Trojan Agent et un Trojan Fraudload.
pourriez vous m'aider pour la lecture du rapport de Clamwin et trojan remover qui m'ont detectés de nombreux problemes, mais n'a pas pu renommer ou detruire certains fichiers suspects.D'autres part, certains ne sont pas ouvrables et supprimables.

Que faut il faire pour s'en debarasser?
J'ai sur mon PC Spybot Search and Destroy mais il ne detecte plus rien. Meme chose pour AVG antispyware.

Je vous fournit les rapports Clamwin, (que j'ai depuis plus longtemps que Trojan remover, car c'est mon anti virus de base) par ordre antéchronologique:


Scan Started Sun Nov 09 18:15:09 2008
-------------------------------------------------------------------------------

C:Documents and SettingsCélia UkkolaLocal SettingsApplication DataMicrosoftWindowsUsrClass.dat: Permission denied
C:Documents and SettingsCélia UkkolaNTUSER.DAT: Permission denied
C:Documents and SettingsJorma UkkolaMes documentsdesktop.ini: Permission denied
C:Documents and SettingsJorma Ukkola
tuser.ini: Permission denied
C:Documents and SettingsLocalServiceLocal SettingsApplication DataMicrosoftWindowsUsrClass.dat: Permission denied
C:Documents and SettingsLocalServiceNTUSER.DAT: Permission denied
C:Documents and SettingsNetworkServiceLocal SettingsApplication DataMicrosoftWindowsUsrClass.dat: Permission denied
C:Documents and SettingsNetworkServiceNTUSER.DAT: Permission denied
C:hiberfil.sys: Permission denied
C:pagefile.sys: Permission denied
C:WINDOWSsystem32configDEFAULT: Permission denied
C:WINDOWSsystem32configSAM: Permission denied
C:WINDOWSsystem32configSECURITY: Permission denied
C:WINDOWSsystem32configSOFTWARE: Permission denied
C:WINDOWSsystem32configSYSTEM: Permission denied
C:WINDOWSsystem32 dssmain.dll.vir: Removed
C:WINDOWSsystem32 dssserf.dll: Removed

C:WINDOWSsystem32 dssmain.dll.vir: Trojan.Agent-55447 FOUND
C:WINDOWSsystem32 dssserf.dll: Trojan.Fraudload-1386 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 456271
Engine version: 0.94
Scanned directories: 6009
Scanned files: 55119
Infected files: 2

Data scanned: 23462.77 MB
Time: 11609.005 sec (193 m 29 s)
--------------------------------------
Completed
--------------------------------------

Scan Started Wed Oct 01 20:11:10 2008

-------------------------------------------------------------------------------



C:Documents and SettingsCélia UkkolaLocal SettingsTemp~DF20AC.tmp: Permission denied

C:Documents and SettingsCélia UkkolaLocal SettingsTemp~DFDD97.tmp: Permission denied

C:Documents and SettingsCélia UkkolaLocal SettingsTemp~DFDDA7.tmp: Permission denied

C:Documents and SettingsCélia UkkolaLocal SettingsTemp~WRS0001.tmp: Permission denied

C:Documents and SettingsJorma UkkolaMes documentsdesktop.ini: Permission denied

C:Documents and SettingsJorma Ukkola
tuser.ini: Permission denied

C:hiberfil.sys: Permission denied

C:pagefile.sys: Permission denied

C:WINDOWSsystem32configDEFAULT: Permission denied

C:WINDOWSsystem32configSAM: Permission denied

C:WINDOWSsystem32configSECURITY: Permission denied

C:WINDOWSsystem32configSOFTWARE: Permission denied

C:WINDOWSsystem32configSYSTEM: Permission denied



----------- SCAN SUMMARY -----------

Known viruses: 432342

Engine version: 0.94

Scan Started Sun Sep 28 22:52:57 2008
------------------------------------------------------------------------------- C:Documents and SettingsCélia UkkolaLocal SettingsTemporary Internet FilesContent.IE5EXPV91R3pipo[1]: Trojan.Small-8579 FOUND
C:Documents and SettingsCélia UkkolaMes documentsMes imagescodecs+lecteursBsPlayer.1.32.Build.820.Incl.KeyMaker[www.ToroBT.Com.Ar]Keygen.by.Again.exe: Trojan.OnlineGames-1517 FOUND
C:WINDOWSAdobeR.exe: Worm.Rjump-1 FOUND
C:WINDOWSsystem32driverssvchost.exe: Trojan.Small-8579 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 432322
Engine version: 0.93.1
Scanned directories: 5284
Scanned files: 50309
Infected files: 4



Scan Started Mon Jul 28 10:32:55 2008

-------------------------------------------------------------------------------



WARNING: Can't open file \?C:Documents and SettingsCélia UkkolaLocal SettingsTemp~DF2DCA.tmp, Permission denied

WARNING: Can't open file \?C:Documents and SettingsCélia UkkolaLocal SettingsTemp~DF3A70.tmp, Permission denied

WARNING: Can't open file \?C:Documents and SettingsCélia UkkolaLocal SettingsTemp~DF598F.tmp, Permission denied

WARNING: Can't open file \?C:Documents and SettingsCélia UkkolaLocal SettingsTemp~DF5ECB.tmp, Permission denied

WARNING: Can't open file \?C:Documents and SettingsCélia UkkolaLocal SettingsTemp~DF6418.tmp, Permission denied

WARNING: Can't open file \?C:Documents and SettingsCélia UkkolaLocal SettingsTemp~DF642B.tmp, Permission denied

WARNING: Can't open file \?C:Documents and SettingsCélia UkkolaLocal SettingsTemp~WRS0010.tmp, Permission denied

WARNING: Can't open file \?C:Documents and SettingsCélia UkkolaLocal SettingsTemp~WRS3785.tmp, Permission denied

WARNING: Can't open file \?C:hiberfil.sys, Permission denied

WARNING: Can't open file \?C:pagefile.sys, Permission denied



----------- SCAN SUMMARY -----------

Known viruses: 346238

Engine version: 0.92

Scanned directories: 4780

Scanned files: 42647

Skipped non-executable files: 2038



VOICI UNE PARTIE DU RAPPORT DE TROJAN REMOVER, JE L'AI ABREGE PARCE QU IL NE FAISAIT PAS MOINS DE 100 PAGES SOUS WORD !!!

j'espere que quelqu'un aura le courage et la bonne ame de m'aider car je n'ai personne susceptible de m'aider dans mon entourage ;


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.3.2550. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 11:35:49 05 nov. 2008
Using Database v7178
Operating System: Windows XP SP2 [Windows XP Professional Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:Documents and SettingsCélia UkkolaApplication DataSimply Super SoftwareTrojan Remover
Database directory: C:Program FilesTrojan Remover
Logfile directory: C:Documents and SettingsCélia UkkolaMes documentsSimply Super SoftwareTrojan Remover Logfiles
Program directory: C:Program FilesTrojan Remover
Running with Administrator privileges

************************************************************

************************************************************
11:35:50: Scanning ----------WIN.INI-----------
WIN.INI found in C:WINDOWS

************************************************************
11:35:50: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:WINDOWS

************************************************************
11:35:50: ----- SCANNING FOR ROOTKIT SERVICES -----
Hidden Service Keyname: TDSSserv
C:WINDOWSsystem32driversTDSSserv.sys appears to contain: ROOTKIT.AGENT
Entry has been scheduled for deletion when the PC is restarted
C:WINDOWSsystem32driversTDSSserv.sys - no action requested on file
"SafeBootMinimal" registry entry for [TDSSserv.sys] removed
"SafeBootNetwork" registry entry for [TDSSserv.sys] removed
----------
----------

************************************************************
11:36:41: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCUSOFTWAREMicrosoftWindows NTCurrentVersionWinLogon
--------------------
Checking HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:WINDOWSExplorer.exe
1037312 bytes
Created: 01/01/1980
Modified: 13/06/2007
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:WINDOWSsystem32userinit.exe
C:WINDOWSsystem32userinit.exe
25088 bytes
11:36:44: Scanning -----HIDDEN REGISTRY ENTRIES-----
T
11:36:44: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found


J ai coupe ici un bon nombre de pages
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Checking for specific malicious files:
C:WINDOWSsystem32driversTDSSserv.sys - Backdoor.Agent
C:WINDOWSsystem32driversTDSSserv.sys - file ownership assigned to: PC_DE_CELIACélia Ukkola
[kill file error: C:WINDOWSsystem32driversTDSSserv.sys, Le processus ne peut pas accéder au fichier car un autre processus en a verrouillé une partie.
]
C:WINDOWSsystem32driversTDSSserv.sys - file backed up to C:WINDOWSsystem32driversTDSSserv.sys.vir
C:WINDOWSsystem32driversTDSSserv.sys - marked for renaming when the PC is restarted
C:WINDOWSsystem32 dssadw.dll - Rootkit.Agent
C:WINDOWSsystem32 dssadw.dll - file renamed to: C:WINDOWSsystem32 dssadw.dll.vir
C:WINDOWSsystem32 dssinit.dll - Rootkit.Agent
C:WINDOWSsystem32 dssinit.dll - file renamed to: C:WINDOWSsystem32 dssinit.dll.vir
C:WINDOWSsystem32 dssl.dll - Rootkit.Agent
C:WINDOWSsystem32 dssl.dll - file ownership assigned to: PC_DE_CELIACélia Ukkola
[kill file error: C:WINDOWSsystem32 dssl.dll, Le processus ne peut pas accéder au fichier car un autre processus en a verrouillé une partie.
]
C:WINDOWSsystem32 dssl.dll - file backed up to C:WINDOWSsystem32 dssl.dll.vir
C:WINDOWSsystem32 dssl.dll - marked for renaming when the PC is restarted
C:WINDOWSsystem32 dsslog.dll - Rootkit.Agent
C:WINDOWSsystem32 dsslog.dll - file renamed to: C:WINDOWSsystem32 dsslog.dll.vir
C:WINDOWSsystem32 dssmain.dll - Rootkit.Agent
C:WINDOWSsystem32 dssmain.dll - file renamed to: C:WINDOWSsystem32 dssmain.dll.vir
C:WINDOWSsystem32 dssserf1.dll - Trojan.FakeAlert
C:WINDOWSsystem32 dssserf1.dll - file renamed to: C:WINDOWSsystem32 dssserf1.dll.vir
----------
Desktop Wallpaper: C:Documents and SettingsCélia UkkolaLocal SettingsApplication DataMicrosoftWallpaper1.bmp
C:Documents and SettingsCélia UkkolaLocal SettingsApplication DataMicrosoftWallpaper1.bmp
1440054 bytes
Created: 07/08/2005
Modified: 19/10/2008
Company:
----------
Web Desktop Wallpaper: %USERPROFILE%Local SettingsApplication DataMicrosoftWallpaper1.bmp
C:Documents and SettingsCélia UkkolaLocal SettingsApplication DataMicrosoftWallpaper1.bmp
1440054 bytes
Created: 07/08/2005
Modified: 19/10/2008
Company:
----------
Additional checks completed

************************************************************
11:37:31: Scanning ----- RUNNING PROCESSES -----

C:WINDOWSSystem32smss.exe
[1 loaded module]
--------------------
C:WINDOWSsystem32csrss.exe
[15 loaded modules in total]
--------------------
C:WINDOWSsystem32winlogon.exe
[67 loaded modules in total]
--------------------
C:WINDOWSsystem32services.exe
[36 loaded modules in total]
--------------------
C:WINDOWSsystem32lsass.exe
[63 loaded modules in total]
--------------------
C:WINDOWSSystem32ibmpmsvc.exe - file already scanned
[21 loaded modules in total]
--------------------
C:WINDOWSsystem32svchost.exe
[54 loaded modules in total]
--------------------
C:WINDOWSsystem32svchost.exe - file already scanned
[42 loaded modules in total]
--------------------
C:WINDOWSSystem32svchost.exe - file already scanned
[156 loaded modules in total]
--------------------
C:WINDOWSsystem32S24EvMon.exe - file already scanned
[23 loaded modules in total]
--------------------
C:WINDOWSSystem32svchost.exe - file already scanned
[30 loaded modules in total]
--------------------
C:WINDOWSSystem32svchost.exe - file already scanned
[42 loaded modules in total]
--------------------
C:WINDOWSsystem32spoolsv.exe
[61 loaded modules in total]
--------------------
C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe - file already scanned
[31 loaded modules in total]
--------------------
C:WINDOWSExplorer.EXE - file already scanned
[127 loaded modules in total]
--------------------
C:Program FilesIBMIBM Rapid Restore Ultra rpcsb.exe - file already scanned
[35 loaded modules in total]
--------------------
C:Program FilesFichiers communsMicrosoft SharedVS7DEBUGMDM.EXE - file already scanned
[30 loaded modules in total]
--------------------
C:WINDOWSSystem32svchost.exe - file already scanned
[41 loaded modules in total]
--------------------
C:WINDOWSsystem32TpKmpSVC.exe - file already scanned
[21 loaded modules in total]
--------------------
C:WINDOWSsystem32igfxtray.exe - file already scanned
[33 loaded modules in total]
--------------------
C:WINDOWSsystem32hkcmd.exe - file already scanned
[33 loaded modules in total]
--------------------
C:PROGRA~1ThinkPadPkgMgrHOTKEYTPHKMGR.exe - file already scanned
[51 loaded modules in total]
--------------------
C:PROGRA~1ThinkPadUTILIT~1EzEjMnAp.Exe - file already scanned
[29 loaded modules in total]
--------------------
C:Program FilesThinkPadPkgMgrHOTKEYTPONSCR.exe
[26 loaded modules in total]
--------------------
C:Program FilesThinkPadPkgMgrHOTKEY_1TpScrex.exe
[27 loaded modules in total]
--------------------
C:Program FilesIBMMessages By IBMibmmessages.exe - file already scanned
[49 loaded modules in total]
--------------------
C:IBMTOOLSUTILSibmprc.exe - file already scanned
[23 loaded modules in total]
--------------------
C:Program FilesThinkPadConnectUtilitiesQCWLICON.EXE - file already scanned
[70 loaded modules in total]
--------------------
C:WINDOWSsystem32RunDll32.exe
[38 loaded modules in total]
--------------------
C:WINDOWSsystem32 undll32.exe
[38 loaded modules in total]
--------------------
C:Program FilesFichiers communsRealUpdate_OB ealsched.exe - file already scanned
[28 loaded modules in total]
--------------------
C:PROGRA~1ThinkPadCONNEC~1QCTray.exe - file already scanned
[79 loaded modules in total]
--------------------
C:Program FilesJavajre1.6.0_07injusched.exe - file already scanned
[23 loaded modules in total]
--------------------
C:WINDOWSsystem32ctfmon.exe - file already scanned
[32 loaded modules in total]
--------------------
C:Program FilesSpybot - Search & DestroyTeaTimer.exe - file already scanned
[37 loaded modules in total]
--------------------
C:Program FilesDigital Line DetectDLG.exe
[28 loaded modules in total]
--------------------
C:Program FilesCanonCALCALMAIN.exe - file already scanned
[35 loaded modules in total]
--------------------
C:WINDOWSSystem32alg.exe
[38 loaded modules in total]
--------------------
C:WINDOWSsystem321XConfig.exe
[39 loaded modules in total]
--------------------
C:WINDOWSsystem32wuauclt.exe
[38 loaded modules in total]
--------------------
D: rsetup.exe
[26 loaded modules in total]
--------------------
C:DOCUME~1CLIAUK~1LOCALS~1Tempis-7EFN1.tmp rsetup.tmp
[47 loaded modules in total]
--------------------
C:Program FilesTrojan Remover rupd.exe
[52 loaded modules in total]
--------------------
C:Documents and SettingsCélia UkkolaApplication DataSimply Super SoftwareTrojan Remover hr5.exe
FileSize: 2618232
[This is a Trojan Remover component]
[32 loaded modules in total]
--------------------

************************************************************
11:38:18: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:
No malicious entries were found in the AUTOEXEC.BAT file

************************************************************
11:38:18: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:WINDOWSsystem32
No malicious entries were found in the AUTOEXEC.NT file

************************************************************
11:38:18: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
11:38:18: Scanning ------ %TEMP% DIRECTORY ------
************************************************************
11:38:19: Scanning ------ C:WINDOWSTemp DIRECTORY ------
No files found to scan
************************************************************
11:38:19: Scanning ------ ROOT DIRECTORY ------

************************************************************
11:38:19: ------ Scan for other files to remove ------
C:WINDOWSsystem32 dssservers.dat has been deleted
----------
1 malware-related files deleted (or marked for deletion)

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLMSoftwareMicrosoftInternet ExplorerMain"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLMSoftwareMicrosoftInternet ExplorerMain"Local Page":
%SystemRoot%system32lank.htm
HKLMSoftwareMicrosoftInternet ExplorerMain"Search Page":
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLMSoftwareMicrosoftInternet ExplorerMain"Default_Page_URL":
http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKLMSoftwareMicrosoftInternet ExplorerMain"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLMSoftwareMicrosoftInternet ExplorerSearch"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLMSoftwareMicrosoftInternet ExplorerSearch"SearchAssistant":
http://www.google.com/ie
HKCUSoftwareMicrosoftInternet ExplorerMain"Start Page":
WWW.GOOGLE.FR
HKCUSoftwareMicrosoftInternet ExplorerMain"Local Page":
C:WINDOWSsystem32lank.htm
HKCUSoftwareMicrosoftInternet ExplorerMain"Search Page":
http://www.google.com

************************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
=== ONE OR MORE FILES WERE RENAMED OR REMOVED ===
Scan completed at: 11:38:20 05 nov. 2008
Total Scan time: 00:02:30
-------------------------------------------------------------------------
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
05/11/2008 11:38:56: restart commenced
************************************************************



.: Nous contacter :: Flux RSS :: Données personnelles :.