Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Attaqué par Trojan.Win32.Obfuscated.aqn

hobbes83

Par hobbes83
dans Analyses et éradication malwares

 Partager

Messages recommandés

pear Devil Member !

pear

Posté(e)
Posté(e)

Bonjour,

 

SCANNER AVEC AntiVirus Power Tool

 

Télécharger Kasperky AVP Tool sur le Bureau

Désactivez provisoirement votre Antivirus actuel.

Connecter éventuellement les clés USB et disques externes.

Le scan va s'effectuer en Mode Sans Echec: Imprimez cette procédure auparavant.

Redémarrer en mode sans échec .

Double cliquer sur"setup_7.0xxxxx"

A la question "Do you want to continue installation?"

Répondre"Oui"

Cliquer sur "Next" pour les deux fenêtres suivantes: AVP TOOL s'installe sur le Bureau dans un dossier "Kaspersky Lab Tool"

L'outil se lance tout seul:

Cocher toutes les cases dans l'onglet "Automatic Scan".

Cliquer ensuite sur "Security Level": une fenêtre de configuration s'ouvre:

paramètrer le scanner comme sur l'image:

img-145432rkivs.jpg

Valider par "Apply" puis "OK"

L'outil est maintenant configuré:

Dans la fenêtre principale, cliquer sur "Scan".

une fenêtre indiqye la progression du balayage en pourcentage.

A la fin du scan, AVP Tool signalera les objets infectés par l'intermédiaire d'une pop-up:

cocher alors "Apply to all" et cliquer sur "Delete" ou "Disinfect" selon ce que propose la fenêtre:

kas2rd1.png

Une fois les infections traitées par l'intermédiaire des pop-ups, il se peut que des fichiers malsains n'aient pas été supprimés:

ils apparaissent en rouge dans la liste:

cliquer alors sur le bouton "Neutralize all" de la fenêtre de progression du scan: si une pop-up indique qu'il faut redémarrer, accepter en cliquant sur "OK"

[Dans l'onglet "Events" de la fenêtre de progression du scan, décocher "Show all events"

Cliquer ensuite sur "Reports" puis "Save to file" et enregistrer le rapport sur le Bureau sous le nom Rapport AVP TOOL

Fermer les fenêtres d'AVP Tool:

un message apparaît proposant de désinstaller le logiciel: accepter "YES"

img-143816dgnsq.jpg

Un message d'alerte indique que le PC doit être redémarré pour finir la désinstallation:

img-144412fll49.jpg

A la question "Would you like to restart now", répondre"OUI" et redémarrer en Mode normal.

[*] Postez le contenu du rapport dans une prochaine réponse

 

hobbes83 Junior Member

hobbes83

Posté(e)
  • Auteur
Posté(e)

Bonjour,

Voici le rapport AVP TOOL :

 

Scan

----

Scanned: 1076994

Detected: 1

Untreated: 0

Start time: 08/07/2009 21:27:55

Duration: 03:26:52

Finish time: 09/07/2009 00:54:47

 

 

Detected

--------

Status Object

------ ------

deleted: Trojan program Trojan-Dropper.Win32.Agent.ajlx File: H:\uxkl0apt.0at

 

 

Events

------

Time Name Status Reason

---- ---- ------ ------

08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConnectMFCApplication.zip/sbRecovery.reg password protected

08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConnectMFCApplication.zip/sbRecovery.ini password protected

08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb.zip/sbRecovery.reg password protected

08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb.zip/sbRecovery.ini password protected

08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb1.zip/sbRecovery.reg password protected

08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb1.zip/sbRecovery.ini password protected

08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts.zip/sbRecovery.ini password protected

08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts1.zip/sbRecovery.reg password protected

08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts1.zip/sbRecovery.ini password protected

08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts2.zip/sbRecovery.ini password protected

08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar.zip/sbRecovery.reg password protected

08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar.zip/sbRecovery.ini password protected

08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar1.zip/sbRecovery.reg password protected

08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar1.zip/sbRecovery.ini password protected

08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MailSkinnerrtk.zip/msksetup.log password protected

08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MailSkinnerrtk.zip/sbRecovery.ini password protected

08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MessengerSkinnerrtk.zip/sbRecovery.reg password protected

08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MessengerSkinnerrtk.zip/sbRecovery.ini password protected

08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MessengerSkinnerrtk1.zip/Userdata/languages.xml password protected

08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MessengerSkinnerrtk1.zip/Userdata/pack1.cab password protected

08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MessengerSkinnerrtk1.zip/sbRecovery.ini password protected

08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MessengerSkinnerrtk2.zip/sbRecovery.ini password protected

08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MessengerSkinnerrtk3.zip/nvs2.inf password protected

08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MessengerSkinnerrtk3.zip/sbRecovery.ini password protected

08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip/sbRecovery.reg password protected

08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip/sbRecovery.ini password protected

08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip/sbRecovery.reg password protected

08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip/sbRecovery.ini password protected

08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip/sbRecovery.reg password protected

08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip/sbRecovery.ini password protected

08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch2.zip/sbRecovery.reg password protected

08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch2.zip/sbRecovery.ini password protected

08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch3.zip/sbRecovery.reg password protected

08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch3.zip/sbRecovery.ini password protected

08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch4.zip/sbRecovery.reg password protected

08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch4.zip/sbRecovery.ini password protected

08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch5.zip/sbRecovery.reg password protected

08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch5.zip/sbRecovery.ini password protected

08/07/2009 21:43:12 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch6.zip/sbRecovery.reg password protected

08/07/2009 21:43:12 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch6.zip/sbRecovery.ini password protected

08/07/2009 21:43:12 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch7.zip/sbRecovery.reg password protected

08/07/2009 21:43:12 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch7.zip/sbRecovery.ini password protected

08/07/2009 21:43:12 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch8.zip/sbRecovery.reg password protected

08/07/2009 21:43:12 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch8.zip/sbRecovery.ini password protected

08/07/2009 21:43:12 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch9.zip/bar/History/search2 password protected

08/07/2009 21:43:12 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch9.zip/bar/Settings/s_pid.dat password protected

08/07/2009 21:43:12 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch9.zip/sbRecovery.ini password protected

08/07/2009 21:43:12 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch.zip/sbRecovery.reg password protected

08/07/2009 21:43:12 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch.zip/sbRecovery.ini password protected

08/07/2009 21:43:12 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch1.zip/sbRecovery.reg password protected

08/07/2009 21:43:12 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch1.zip/sbRecovery.ini password protected

08/07/2009 21:43:12 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch2.zip/sbRecovery.reg password protected

08/07/2009 21:43:12 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch2.zip/sbRecovery.ini password protected

08/07/2009 21:43:12 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip/sbRecovery.reg password protected

08/07/2009 21:43:12 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip/sbRecovery.ini password protected

08/07/2009 23:06:27 File: H:\uxkl0apt.0at detected Trojan program 'Trojan-Dropper.Win32.Agent.ajlx'

08/07/2009 23:06:27 File: H:\uxkl0apt.0at not disinfected postponed

08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConnectMFCApplication.zip/sbRecovery.reg password protected

08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConnectMFCApplication.zip/sbRecovery.ini password protected

08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb.zip/sbRecovery.reg password protected

08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb.zip/sbRecovery.ini password protected

08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb1.zip/sbRecovery.reg password protected

08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb1.zip/sbRecovery.ini password protected

08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts.zip/sbRecovery.ini password protected

08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts1.zip/sbRecovery.reg password protected

08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts1.zip/sbRecovery.ini password protected

08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts2.zip/sbRecovery.ini password protected

08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar.zip/sbRecovery.reg password protected

08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar.zip/sbRecovery.ini password protected

08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar1.zip/sbRecovery.reg password protected

08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar1.zip/sbRecovery.ini password protected

08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MailSkinnerrtk.zip/msksetup.log password protected

08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MailSkinnerrtk.zip/sbRecovery.ini password protected

08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MessengerSkinnerrtk.zip/sbRecovery.reg password protected

08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MessengerSkinnerrtk.zip/sbRecovery.ini password protected

08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MessengerSkinnerrtk1.zip/Userdata/languages.xml password protected

08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MessengerSkinnerrtk1.zip/Userdata/pack1.cab password protected

08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MessengerSkinnerrtk1.zip/sbRecovery.ini password protected

08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MessengerSkinnerrtk2.zip/sbRecovery.ini password protected

08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MessengerSkinnerrtk3.zip/nvs2.inf password protected

08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MessengerSkinnerrtk3.zip/sbRecovery.ini password protected

08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip/sbRecovery.reg password protected

08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip/sbRecovery.ini password protected

08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip/sbRecovery.reg password protected

08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip/sbRecovery.ini password protected

08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip/sbRecovery.reg password protected

08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip/sbRecovery.ini password protected

08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch2.zip/sbRecovery.reg password protected

08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch2.zip/sbRecovery.ini password protected

08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch3.zip/sbRecovery.reg password protected

08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch3.zip/sbRecovery.ini password protected

08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch4.zip/sbRecovery.reg password protected

08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch4.zip/sbRecovery.ini password protected

08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch5.zip/sbRecovery.reg password protected

08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch5.zip/sbRecovery.ini password protected

08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch6.zip/sbRecovery.reg password protected

08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch6.zip/sbRecovery.ini password protected

08/07/2009 23:14:30 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch7.zip/sbRecovery.reg password protected

08/07/2009 23:14:30 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch7.zip/sbRecovery.ini password protected

08/07/2009 23:14:30 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch8.zip/sbRecovery.reg password protected

08/07/2009 23:14:30 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch8.zip/sbRecovery.ini password protected

08/07/2009 23:14:30 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch9.zip/bar/History/search2 password protected

08/07/2009 23:14:30 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch9.zip/bar/Settings/s_pid.dat password protected

08/07/2009 23:14:30 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch9.zip/sbRecovery.ini password protected

08/07/2009 23:14:30 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch.zip/sbRecovery.reg password protected

08/07/2009 23:14:30 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch.zip/sbRecovery.ini password protected

08/07/2009 23:14:30 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch1.zip/sbRecovery.reg password protected

08/07/2009 23:14:30 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch1.zip/sbRecovery.ini password protected

08/07/2009 23:14:30 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch2.zip/sbRecovery.reg password protected

08/07/2009 23:14:30 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch2.zip/sbRecovery.ini password protected

08/07/2009 23:14:30 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip/sbRecovery.reg password protected

08/07/2009 23:14:30 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip/sbRecovery.ini password protected

09/07/2009 00:37:40 File: H:\uxkl0apt.0at detected Trojan program 'Trojan-Dropper.Win32.Agent.ajlx'

09/07/2009 00:37:40 File: H:\uxkl0apt.0at not disinfected postponed

09/07/2009 00:38:12 File: h:\uxkl0apt.0at detected Trojan program 'Trojan-Dropper.Win32.Agent.ajlx'

09/07/2009 00:54:47 File: h:\uxkl0apt.0at deleted

 

 

Statistics

----------

Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted

------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------

 

 

Settings

--------

Parameter Value

--------- -----

Security Level Recommended

Action Prompt for action when the scan is complete

Run mode Manually

File types Scan all files

Scan only new and changed files No

Scan archives All

Scan embedded OLE objects All

Skip if object is larger than No

Skip if scan takes longer than No

Parse email formats No

Scan password-protected archives No

Enable iChecker technology No

Enable iSwift technology No

Show detected threats on "Detected" tab Yes

Rootkits search Yes

Deep rootkits search No

Use heuristic analyzer Yes

 

 

Quarantine

----------

Status Object Size Added

------ ------ ---- -----

 

 

Backup

------

Status Object Size

------ ------ ----

 

 

 

Lors du redemarage en mode normal, j'ai eu de nouveau le même msg

 

"Prévention de l'Exécution des Données - Microsoft Windows

 

Pour proteger votre ordinateur, Windows a fermé ce programme :

 

Nom : Generic Host Process for Win32 services

Editeur : Microsoft Corporation"

 

J'ai recopié le Contenu du Rapport d'erreurs :

 

C:\DOCUME~1~\Phil\LOCALS~1\Temp\WER3c32.dir00\svchost.exe.mdmp

C:\DOCUME~1~\Phil\LOCALS~1\Temp\WER3c32.dir00\appcompat.txt

pear Devil Member !

pear

Posté(e)
Posté(e)

Bonjour,

C:\DOCUME~1~\Phil\LOCALS~1\Temp\WER3c32.dir00\svchost.exe.mdmp

C:\DOCUME~1~\Phil\LOCALS~1\Temp\WER3c32.dir00\appcompat.txt

 

Le premier est l'erreur recherchée, mais svchost.mdmp peut avoir de multiples causes:virus ou conflit.

le fichier texte est le rapport d'erreur parfois envoyé à microsoft.

 

Essayez de le lire, il devrait vous renseigner.

Voyez aussi l'observateur d'évènements.

hobbes83 Junior Member

hobbes83

Posté(e)
  • Auteur
Posté(e)

Bonjour,

La galère ............. :P

Pendant la matinée, le virus Trojan-Downloader.Win32.agent a été intercepté 2 fois déjà sous le compte de ma femme, alors que sous le mien, il n'y est plus ...... ça devient pénible !

 

chemin :

C:\System Volume Information\ restore{E9988053-5F0E-A6CA-2B9F............

pear Devil Member !

pear

Posté(e)
Posté(e)
C:\System Volume Information\ restore{E9988053-5F0E-A6CA-2B9F...........

 

Désinstallez la Restauration Système.

 

Poste de Travail->Propriétés->Restauration Système.

Cocher la case "Désactiver la Restauration sur tous les lecteurs".

Vous la décocherez par la suite

Un nouveau point de restauration sera créé au redémarrage.

hobbes83 Junior Member

hobbes83

Posté(e)
  • Auteur
Posté(e)

Voilà, c'est fait, mais au redémarrage, toujours le même msg

 

"Prévention de l'Exécution des Données - Microsoft Windows

 

Pour proteger votre ordinateur, Windows a fermé ce programme :

 

Nom : Generic Host Process for Win32 services

Editeur : Microsoft Corporation"

pear Devil Member !

pear

Posté(e)
Posté(e) (modifié)

oui, bien sùr.

 

Avez vous essayé de déchiffrer appcompat.txt et l'observateur d'évènement?.

Modifié par pear
hobbes83 Junior Member

hobbes83

Posté(e)
  • Auteur
Posté(e)
Avez vous essayé de déchiffrer appcompat.txt et l'observateur d'évènement?.

 

 

Quand je lance une recherche sur ce fichier, j'ai un msg qui dit qu'il n'est plus à cet emplacement.

 

Quant à l'observateur d'évènements, quelle est la marche à suivre ?

hobbes83 Junior Member

hobbes83

Posté(e)
  • Auteur
Posté(e)

Bonjour, voilà j'ai trouvé l'observateur d'évenements.

voilà le rapport de la dernière ligne d'erreur :

 

Type de l'événement : Erreur

Source de l'événement : Application Error

Catégorie de l'événement : (100)

ID de l'événement : 1004

Date : 10/07/2009

Heure : 06:52:30

Utilisateur : N/A

Ordinateur : NOM-51BDF214662

Description :

Application défaillante svchost.exe, version 0.0.0.0, module défaillant unknown, version 0.0.0.0, adresse de défaillance 0x00000000.

 

Pour plus d'informations, consultez le centre Aide et support à l'adresse http://go.microsoft.com/fwlink/events.asp.

Données :

0000: 41 70 70 6c 69 63 61 74 Applicat

0008: 69 6f 6e 20 46 61 69 6c ion Fail

0010: 75 72 65 20 20 73 76 63 ure svc

0018: 68 6f 73 74 2e 65 78 65 host.exe

0020: 20 30 2e 30 2e 30 2e 30 0.0.0.0

0028: 20 69 6e 20 75 6e 6b 6e in unkn

0030: 6f 77 6e 20 30 2e 30 2e own 0.0.

0038: 30 2e 30 20 61 74 20 6f 0.0 at o

0040: 66 66 73 65 74 20 30 30 ffset 00

0048: 30 30 30 30 30 30 000000

pear Devil Member !

pear

Posté(e)
Posté(e)

Bonjour,

 

Je ne trouve aucune réponse satisfaisante chez Microsoft.

 

Si vous disposez d'un cd Windows original ,

Démarrer->Exécuter->Sfc /scannow

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...