[ résolu ]problème de virus TR/DROP.AGENT.DGO.21

[tdanny6]

Bonjour,

 

d'abord bonne année 2008 a toutes et tous.

 

Voila j'ai un problème avec un virus (TR/DROP.AGENT.DGO.21) il me met carrement le souk dans le pc.

 

Il arrive même a me supprimé ou bloqué antivir me bloque m'a boîte de messagerie.

 

Quelqu'un pourrais t'il m'aidé SVP,SVP,SVP

 

Je ne sais pas si je fais bien mais je joint un rapport hijacktis

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:39:54, on 3/01/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

K:\Mes documents\avg\AVG Anti-Spyware 7.5\guard.exe

K:\Mes documents\avg\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

K:\Mes documents\nero 8\Nero 8\InCD\InCDsrv.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Microsoft IntelliPoint\ipoint .exe

K:\Mes documents\nero 8\Nero 8\Nero BackItUp\NBService.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\oodag.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

F3 - REG:win.ini: load=C:\WINDOWS\system32\ssttu.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "K:\Mes documents\avg\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://belgacom.extrafilm.be/ImageUploader4.cab

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - K:\Mes documents\avg\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: InCD Helper (InCDsrv) - Nero AG - K:\Mes documents\nero 8\Nero 8\InCD\InCDsrv.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - K:\Mes documents\nero 8\Nero 8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O24 - Desktop Component 0: (no name) - (no file)

Modifié le 5 janvier 2008 par tdanny6

[toutoune]

Salut ! C'est toujours ennuyeux les véroles qui te plantent les antivirus !!

Tu peux tenter des scans en ligne du style :

 

http://www.nanoscan.com/as/index/ (Panda)

http://www.kaspersky.com/kos/eng/partner/7...kavwebscan.html (Kaspersky)

 

Voilà pour commencer. J'espère avoir pu t'éclairer, tiens nous au courant !

[tdanny6]

Re,

 

j'ai réussi a instalé antivir mais il ne faut pas que je redémare le pc.

 

J'ai fait un scan et voici le rapport;

 

ntiVir PersonalEdition Classic

Report file date: jeudi 3 janvier 2008 22:01

 

Scanning for 1000067 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username: SYSTEM

Computer name: TDANNY6

 

Version information:

BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00

AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29

AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51

LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47

LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15

ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 20:46:49

ANTIVIR2.VDF : 7.0.1.170 311296 Bytes 28/12/2007 20:46:49

ANTIVIR3.VDF : 7.0.1.191 84480 Bytes 03/01/2008 20:46:49

AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 03/01/2008 20:46:50

AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26

AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24

AVPACK32.DLL : 7.6.0.2 360488 Bytes 03/01/2008 20:46:50

AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06

AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33

AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18

NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42

RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13

RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37

SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: off

Scan boot sector.................: on

Boot sectors.....................: K:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: jeudi 3 janvier 2008 22:01

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'iexplore.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'SMAgent.exe' - '1' Module(s) have been scanned

Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned

Scan process 'oodag.exe' - '1' Module(s) have been scanned

Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned

Scan process 'NBService.exe' - '1' Module(s) have been scanned

Scan process 'ipoint .exe' - '1' Module(s) have been scanned

Scan process 'mdm.exe' - '1' Module(s) have been scanned

Scan process 'InCDsrv.exe' - '1' Module(s) have been scanned

Scan process 'ipoint.exe' - '1' Module(s) have been scanned

Scan process 'avgas.exe' - '1' Module(s) have been scanned

Scan process 'guard.exe' - '1' Module(s) have been scanned

Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

33 processes with 33 modules were scanned

 

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

Boot sector 'K:\'

[NOTE] No virus was found!

 

Starting to scan the registry.

C:\WINDOWS\system32\ssttu.exe

[DETECTION] Is the Trojan horse TR/Drop.Agent.dgo.21

[iNFO] The file was moved to '47f14df0.qua'!

C:\WINDOWS\system32\ssttu.exe

[DETECTION] Is the Trojan horse TR/Drop.Agent.dgo.21

 

The registry was scanned ( '15' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\System Volume Information\_restore{F1DDDDFC-8078-4595-9006-309EAE95844A}\RP626\A0231926.exe

[DETECTION] Is the Trojan horse TR/Drop.Agent.dgo.21

[iNFO] The file was moved to '47af50ce.qua'!

C:\System Volume Information\_restore{F1DDDDFC-8078-4595-9006-309EAE95844A}\RP627\A0232029.exe

[DETECTION] Is the Trojan horse TR/Drop.Agent.dgo.21

[iNFO] The file was moved to '47af50d3.qua'!

C:\System Volume Information\_restore{F1DDDDFC-8078-4595-9006-309EAE95844A}\RP628\A0232038.exe

[DETECTION] Is the Trojan horse TR/Drop.Agent.dgo.21

[iNFO] The file was moved to '47af50d4.qua'!

Begin scan in 'K:\' <Sauvegarde>

 

 

End of the scan: jeudi 3 janvier 2008 22:35

Used time: 33:20 min

 

The scan has been done completely.

 

8984 Scanning directories

227574 Files were scanned

4 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

4 files were moved to quarantine

0 files were renamed

1 Files cannot be scanned

227570 Files not concerned

1984 Archives were scanned

6 Warnings

11 Notes

[toutoune]

Ah ben chui pas un pro des rapports de scans mais Antivir l'a supprimé non ?

 

Moi je t'avais conseillé des scans en ligne mais bon je pense qu'un membre de l'équipe sécurité va venir nous aider !

[tdanny6]

ben non il ne l'a pas supprimé , mais merci quand même de ton intérêt.

 

Reste plus qu'a attendre les pro du nettoyage car là sa craint .

 

Merci

Modifié le 3 janvier 2008 par tdanny6

[angelique]

Antivir te la montre bien l'infection!!

 

**lance HJT "dfo a system scan only" coche uniquement et clic fixchecked:

 

F3 - REG:win.ini: load=C:\WINDOWS\system32\ssttu.exe

 

**Télécharge la dernière version de Killbox et dezippe le sur ton bureau

 

http://www.downloads.subratam.org/KillBox.zip

 

 

 

 

* Copie le texte ci-bas (sélectionne-le en entier avec ta souris, puis fais un clic-droit dessus et choisis "Copier") :

 

C:\WINDOWS\system32\ssttu.exe

 

Ouvre Killbox:

 

Clique sur le menu "File" de KillBox (en haut à gauche) et choisis l'option => Paste from clipboard

 

Sous "Full Path Of File To Delete" les fichiers viennent de s'inscrire: il faut t'en assurer en cliquant sur la petite flèche à droite!

 

Coche les cases : "Delete on Reboot" & "end explorer shell while killing file"

 

Une fois le bouton radio "Delete on Reboot" coché, la case "Single File" va clignoter: clique sur la case "All Files"

 

Clique sur la croix blanche sur fond rouge , au message suivant qui va s'afficher:

 

« File will be Removed on Reboot, Do you want to reboot now ? » : répondre YES

Le PC va redémarrer et supprimer le fichier de la liste.Sinon redémarre manuellement.

 

**et tu refais un scan antivir en Mode sans echec

Redémarre en mode Sans Échec : au redémarrage, tapote immédiatement la touche F8 ; tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.

 

___________________

 

**vu l'absence de 02 et 020 dans ton rapport hjt , la precense d'un vundo m'etonnerait pas

 

==>Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

 

http://www.atribune.org/ccount/click.php?id=4

 

Double-clique VundoFix.exe afin de le lancer.

.

Clique sur le bouton Scan for Vundo.

Lorsque le scan est complété, clique sur le bouton Remove Vundo.

Une invite te demandera si tu veux supprimer les fichiers, clique YES

Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.

Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK

 

----------> je suis peu disponible donc si un membre secu veut prendre la suite , no soucy!! sinon tu vas etre patient.

Redémarre le pc et Copie/colle le contenu du rapport situé dans C:\vundofix.txt

[tdanny6]

Bonjour,

 

tout d'abord merci pour votre aide.

 

Antivir detecte toujour les virus au relancement du pc il indique ceci;

 

Tr/drop.agent.gmf c:/vindows/systeme32/ssqnlkk.dll

Tr/drop.agent.dgo.8 c:/windows/systeme32/jkkji.exe

Tr/drop.agent.dgo.8 c:/documents and settings/tdanny6/local setting/temp

 

voici le rapport du scan antivir en mode sans echec avant le relancement;

 

 

 

AntiVir PersonalEdition Classic

Report file date: vendredi 4 janvier 2008 11:24

 

Scanning for 835736 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username: T-danny6

Computer name: TDANNY6

 

Version information:

BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00

AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29

AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51

LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47

LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15

ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55

ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 14:27:04

ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 14:27:13

AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 17:43:56

AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26

AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24

AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00

AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06

AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33

AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18

NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42

RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13

RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37

SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: off

Scan boot sector.................: on

Boot sectors.....................: K:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: vendredi 4 janvier 2008 11:24

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'avconfig.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'guard.exe' - '1' Module(s) have been scanned

Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

14 processes with 14 modules were scanned

 

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

Boot sector 'K:\'

[NOTE] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '13' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

Begin scan in 'K:\' <Sauvegarde>

 

 

End of the scan: vendredi 4 janvier 2008 12:30

Used time: 1:06:14 min

 

The scan has been done completely.

 

8663 Scanning directories

220859 Files were scanned

0 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

1 Files cannot be scanned

220859 Files not concerned

1965 Archives were scanned

6 Warnings

11 Notes

 

Et voici celui de vundofix ;

 

 

VundoFix V6.7.7

 

Checking Java version...

 

Sun Java not detected

Scan started at 10:36:09 4/01/2008

 

Listing files found while scanning....

 

C:\WINDOWS\system32\ssqnlkk.dll

C:\WINDOWS\system32\ssttu.dll

C:\WINDOWS\system32\ssttu.exe

C:\windows\system32\uttss.ini

C:\WINDOWS\system32\uttss.ini2

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\ssqnlkk.dll

C:\WINDOWS\system32\ssqnlkk.dll Could not be deleted.

 

Attempting to delete C:\WINDOWS\system32\ssttu.dll

C:\WINDOWS\system32\ssttu.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ssttu.exe

C:\WINDOWS\system32\ssttu.exe Has been deleted!

 

Attempting to delete C:\windows\system32\uttss.ini

C:\windows\system32\uttss.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\uttss.ini2

C:\WINDOWS\system32\uttss.ini2 Has been deleted!

 

Performing Repairs to the registry.

Done!

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\ssqnlkk.dll

C:\WINDOWS\system32\ssqnlkk.dll Could not be deleted.

 

Performing Repairs to the registry.

Done!

 

 

Merci beaucoup pour votre aide.

[tdanny6]

Un petit up pour faire remonter mon problème.

 

Meci pour votre aide.

 

Toujour ces virus sur le pc ,il faut que je désinstal antivir et réinstal pour pouvoir avoir l'icone dans la barre de lancement.

De temps en temps je n'ai plus aucune icone sur l'ecran , il faut que je reboute et là au redémarage plus de antivir(l'icone du lancement ).Si je vais dans program file il est toujour la mais je n'arrive plus a le redémarré.

J'ai maintenant également la même chose avec ma messagerie !!!a chaque redémarrage avg anti-spyware me détecte drop agent malgré les scan et toutes les actions pour le supprimé.

 

A l'aide svp

[angelique]

Tu as attrapé une infection à la mode ^^; mais comment vous faites pour choper des merdes pareilles......... DL de Cracks à 2 balles....

 

*je suis pas sure de t'aider jusqu'au bout sur ce genre d'infection que j'ai deja vu.

 

*Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau. [NirCmd.exe sera detecté par antivir , autorise le ou desactive temporairement antivir]

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

* Double-clique combofix.exe afin de l'exécuter et suis les instructions.

* Lorsque l'analyse sera complétée, un rapport apparaîtra que tu posteras à la personne qui se fera un plaisir de regarder ce rapport ....... -_-

 

== ce genre de niark demande beaucoup de patience et un interet du User aussi important que son desir de DL des merdes

 

Si tu as envie de formater , vas y ; c'est pas la politique de cette section mais pourquoi monopoliser le monde quand on fait n'importe quoi avec son "Ustensile"

[tdanny6]

Pour repondre a ceci ;

 

(Tu as attrapé une infection à la mode ^^; mais comment vous faites pour choper des merdes pareilles......... DL de Cracks à 2 balles....)

 

Sache que oui , j'ai utilisé des crack ( a 2 balles ) et j'en utilise toujours.Dsl de ne pas être une petite bourgeoise orgueilleuse, vaniteuse et capitaliste pouvant ce payé tous les logiciel ,programmes et exploitation.

 

Sache egalement que si la patience pour l'entraide ( pour ce genre de niark )n'est pas ton fort , rien ne t'obligais de t'y attarder et ainsi perdre de ton précieux temps.

 

Et enfin pour finir, je ne vais pas formater , car ce n'es pas ma politique de formater sur les conseil de n'importe qui !!

mais plutôt d'essayé de monopoliser des personnes qui sont là pour vraiment aidé sans ce prendre pour le centre de la terre.Tout sa en utilisant mon '' ustensile'' en continuant de faire n'inporte quoi !!!!!

 

 

Voila tout étant dit, si une personne est prête a prendre un peux de sont temps ( sans vouloir jouer a l'arriviste)pour m'aider.

 

J'ai recommencer la desinfection en mode sans échec avec antivir ( que j'ai désinstalé aprés le scan )qui avais retrouvé les virus, j'ai passé avg anti - spyware et clean cmd.

J'ai relancé et là antivir ne m'a plus ouvert de page avec le virus détecter ni avg.

Je poste les deux scan ,comment être sûr que tout est bien nettoyer.

Merci de votre aide

 

 

VundoFix V6.7.7

 

Checking Java version...

 

Sun Java not detected

Scan started at 15:03:44 4/01/2008

 

Listing files found while scanning....

 

 

VundoFix V6.7.7

 

Checking Java version...

 

Sun Java not detected

Scan started at 15:48:52 4/01/2008

 

Listing files found while scanning....

 

C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe

C:\WINDOWS\system32\ijkkj.ini

C:\WINDOWS\system32\ijkkj.ini2

C:\WINDOWS\system32\jkkji.dll

C:\WINDOWS\system32\jkkji.exe

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe

C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ijkkj.ini

C:\WINDOWS\system32\ijkkj.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ijkkj.ini2

C:\WINDOWS\system32\ijkkj.ini2 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\jkkji.dll

C:\WINDOWS\system32\jkkji.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\jkkji.exe

C:\WINDOWS\system32\jkkji.exe Has been deleted!

 

Performing Repairs to the registry.

Done!

 

 

et

 

 

 

 

AntiVir PersonalEdition Classic

Report file date: vendredi 4 janvier 2008 19:01

 

Scanning for 835736 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username: T-danny6

Computer name: TDANNY6

 

Version information:

BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00

AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29

AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51

LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47

LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15

ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55

ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 14:27:04

ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 14:27:13

AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 17:43:56

AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26

AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24

AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00

AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06

AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33

AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18

NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42

RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13

RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37

SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: off

Scan boot sector.................: on

Boot sectors.....................: K:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

 

Start of the scan: vendredi 4 janvier 2008 19:01

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'guard.exe' - '1' Module(s) have been scanned

Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

14 processes with 14 modules were scanned

 

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

Boot sector 'K:\'

[NOTE] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '13' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

Begin scan in 'K:\' <Sauvegarde>

K:\Logiciel\xp_pro_en_xp_pro_original.rar

[0] Archive type: RAR

--> 02_Change_WinXP_Key\Change WinXP Key.exe

[DETECTION] Contains detection pattern of the SPR/RAS.A program

[1] Archive type: RAR SFX (self extracting)

--> findkey.exe

[DETECTION] Contains detection pattern of the SPR/XP.Keyfinder program

--> xpkey.exe

[DETECTION] Contains detection pattern of the SPR/PSW.RAS.A.2 program

--> officekey.exe

[DETECTION] Contains detection pattern of the SPR/PSW.RAS.A.3 program

[iNFO] The file was moved to '47dd8115.qua'!

 

 

End of the scan: vendredi 4 janvier 2008 20:09

Used time: 1:08:35 min

 

The scan has been done completely.

 

7988 Scanning directories

220163 Files were scanned

4 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

1 files were moved to quarantine

0 files were renamed

1 Files cannot be scanned

220159 Files not concerned

1948 Archives were scanned

6 Warnings

11 Notes