Je suis infectée

[Vie Russe]

Ok, je lance la recherche de Rookit...

Modifié le 11 octobre 2010 par Vie Russe

[Vie Russe]

Au fait...

Je fais quoi avec la quarantaine ?

je peux supprimer les lignes ?

 

[pear]

Bonjour,

Vous pouvez supprimer si ça vous rassure, mais ce qui est en quarantaine est inoffensif

 

Je viens de me rendre compte que vous n'avez pas passé Usbfix.

Il faudra le faire

Modifié le 11 octobre 2010 par pear

[Vie Russe]

Bonjour,

Vous pouvez supprimer si ça vous rassure, mais ce qui est en quarantaine est inoffensif

 

Je viens de me rendre compte que vous n'avez pas passé Usbfix.

Il faudra le faire

 

Bonjour,

 

oup's oui je vais le faire...

[Vie Russe]

Voilà :

 

 

Logfile of The Avenger Version 2.0, © by Swandog46

Swandog46's Public Anti-Malware Tools

 

Platform: Windows Vista

 

*******************

 

Script file opened successfully.

Script file read successfully.

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

Rootkit scan active.

No rootkits found!

 

 

Completed script processing.

 

*******************

 

Finished! Terminate.

[Vie Russe]

Le scan n'a rien donné...c'est bizarre non ?

[pear]

Bizarre , en effet!

 

Recherche de Rootkit

Télécharger SysProtsur le bureau

Installez le et double cliquez sur "SysProt.exe"

Cliquez sur l'onglet "log" ;

Cochez toutes les cases présentes dans la fenêtre "Write to log" ;

Cochez Hidden Objects Only (au bas, à gauche)

Les "Objets cachés (Hidden)" sont en Rouge dans tous les modules

Cliquez sur Create log (au bas, à droite)

Une nouvelle fenêtre apparaîtra : cochez Scan root drive et cliquez sur Start ;

Un rapport sera sauvegardé dans le dossier SysProt.

Signalez les lignes rouges, car votre rapport ne montrera pas la couleur

Copiez/collez en le contenu dans votre réponse.

[Vie Russe]

Voila le rapport :

 

SysProt AntiRootkit v1.0.1.0

by swatkat

 

******************************************************************************************

******************************************************************************************

 

No Hidden Processes found

 

******************************************************************************************

******************************************************************************************

Kernel Modules:

Module Name: \SystemRoot\system32\drivers\lklztg.sys

Service Name: ---

Module Base: 881B6000

Module End: 881C5000

Hidden: Yes

 

Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys

Service Name: ---

Module Base: 8DEFA000

Module End: 8DF05000

Hidden: Yes

 

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys

Service Name: ---

Module Base: 8DF05000

Module End: 8DF0D000

Hidden: Yes

 

******************************************************************************************

******************************************************************************************

SSDT:

Function Name: ZwAlpcConnectPort

Address: 8DD98570

Driver Base: 8DD6C000

Driver End: 8DDF7000

Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

 

Function Name: ZwAlpcCreatePort

Address: 8DD98E46

Driver Base: 8DD6C000

Driver End: 8DDF7000

Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

 

Function Name: ZwConnectPort

Address: 8DD97FC6

Driver Base: 8DD6C000

Driver End: 8DDF7000

Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

 

Function Name: ZwCreateFile

Address: AB3C636A

Driver Base: AB3C2000

Driver End: AB3C9000

Driver Name: \??\C:\Windows\system32\windrvNT.sys

 

Function Name: ZwCreateKey

Address: 8DDB2FA8

Driver Base: 8DD6C000

Driver End: 8DDF7000

Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

 

Function Name: ZwCreatePort

Address: 8DD98AD0

Driver Base: 8DD6C000

Driver End: 8DDF7000

Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

 

Function Name: ZwCreateProcess

Address: 8DDACE42

Driver Base: 8DD6C000

Driver End: 8DDF7000

Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

 

Function Name: ZwCreateProcessEx

Address: 8DDAD26A

Driver Base: 8DD6C000

Driver End: 8DDF7000

Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

 

Function Name: ZwCreateSection

Address: 8DDB76FE

Driver Base: 8DD6C000

Driver End: 8DDF7000

Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

 

Function Name: ZwCreateThread

Address: AC6950F4

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwCreateWaitablePort

Address: 8DD98C2E

Driver Base: 8DD6C000

Driver End: 8DDF7000

Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

 

Function Name: ZwDeleteFile

Address: 8DD925B4

Driver Base: 8DD6C000

Driver End: 8DDF7000

Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

 

Function Name: ZwDeleteKey

Address: 8DDB4A50

Driver Base: 8DD6C000

Driver End: 8DDF7000

Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

 

Function Name: ZwDeleteValueKey

Address: 8DDB4346

Driver Base: 8DD6C000

Driver End: 8DDF7000

Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

 

Function Name: ZwDuplicateObject

Address: 8DDABC26

Driver Base: 8DD6C000

Driver End: 8DDF7000

Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

 

Function Name: ZwLoadKey

Address: 8DDB541A

Driver Base: 8DD6C000

Driver End: 8DDF7000

Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

 

Function Name: ZwLoadKey2

Address: 8DDB5658

Driver Base: 8DD6C000

Driver End: 8DDF7000

Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

 

Function Name: ZwLoadKeyEx

Address: 8DDB5B0A

Driver Base: 8DD6C000

Driver End: 8DDF7000

Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

 

Function Name: ZwOpenFile

Address: AB3C6CD8

Driver Base: AB3C2000

Driver End: AB3C9000

Driver Name: \??\C:\Windows\system32\windrvNT.sys

 

Function Name: ZwOpenProcess

Address: AC6950E0

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwOpenThread

Address: AC6950E5

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwQueryDirectoryFile

Address: AB3C6842

Driver Base: AB3C2000

Driver End: AB3C9000

Driver Name: \??\C:\Windows\system32\windrvNT.sys

 

Function Name: ZwQueryInformationProcess

Address: AB3C31E0

Driver Base: AB3C2000

Driver End: AB3C9000

Driver Name: \??\C:\Windows\system32\windrvNT.sys

 

Function Name: ZwRenameKey

Address: 8DDB64E0

Driver Base: 8DD6C000

Driver End: 8DDF7000

Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

 

Function Name: ZwReplaceKey

Address: 8DDB5DD4

Driver Base: 8DD6C000

Driver End: 8DDF7000

Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

 

Function Name: ZwRequestWaitReplyPort

Address: 8DD97B5E

Driver Base: 8DD6C000

Driver End: 8DDF7000

Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

 

Function Name: ZwRestoreKey

Address: 8DDB6F40

Driver Base: 8DD6C000

Driver End: 8DDF7000

Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

 

Function Name: ZwSecureConnectPort

Address: 8DD98292

Driver Base: 8DD6C000

Driver End: 8DDF7000

Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

 

Function Name: ZwSetInformationFile

Address: AB3C7142

Driver Base: AB3C2000

Driver End: AB3C9000

Driver Name: \??\C:\Windows\system32\windrvNT.sys

 

Function Name: ZwSetSecurityObject

Address: 8DDB6A68

Driver Base: 8DD6C000

Driver End: 8DDF7000

Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

 

Function Name: ZwSetValueKey

Address: 8DDB3A6A

Driver Base: 8DD6C000

Driver End: 8DDF7000

Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

 

Function Name: ZwSystemDebugControl

Address: 8DDADF66

Driver Base: 8DD6C000

Driver End: 8DDF7000

Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

 

Function Name: ZwTerminateProcess

Address: AC6950EF

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwCreateUserProcess

Address: 8DDAD6DE

Driver Base: 8DD6C000

Driver End: 8DDF7000

Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

 

******************************************************************************************

******************************************************************************************

No Kernel Hooks found

 

******************************************************************************************

******************************************************************************************

No IRP Hooks found

 

******************************************************************************************

******************************************************************************************

Ports:

Local Address: PC-MAISON:64784

Remote Address: 208.43.202.42-STATIC.REVERSE.SOFTLAYER.COM:HTTP

Type: TCP

Process: C:\Users\Famille\AppData\Roaming\Dropbox\bin\Dropbox.exe

State: ESTABLISHED

 

Local Address: PC-MAISON:56333

Remote Address: EC2-184-73-211-238.COMPUTE-1.AMAZONAWS.COM:HTTPS

Type: TCP

Process: C:\Users\Famille\AppData\Roaming\Dropbox\bin\Dropbox.exe

State: CLOSE_WAIT

 

Local Address: PC-MAISON:56323

Remote Address: 174.36.30.65-STATIC.REVERSE.SOFTLAYER.COM:HTTPS

Type: TCP

Process: C:\Users\Famille\AppData\Roaming\Dropbox\bin\Dropbox.exe

State: CLOSE_WAIT

 

Local Address: PC-MAISON:50170

Remote Address: 8.128.17-93.REV.GAOLAND.NET:POP3

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: PC-MAISON:50169

Remote Address: POP.ORANGE.FR:POP3

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: PC-MAISON:50166

Remote Address: 188-165-55-133.OVH.NET:HTTP

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: PC-MAISON:50165

Remote Address: POP.ORANGE.FR:POP3

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: PC-MAISON:50163

Remote Address: POP.ORANGE.FR:POP3

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: PC-MAISON:50162

Remote Address: 8.128.17-93.REV.GAOLAND.NET:POP3

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: PC-MAISON:50154

Remote Address: POP.ORANGE.FR:POP3

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: PC-MAISON:50144

Remote Address: POP.ORANGE.FR:POP3

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: PC-MAISON:50143

Remote Address: POP.ORANGE.FR:POP3

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: PC-MAISON:NETBIOS-SSN

Remote Address: 0.0.0.0:0

Type: TCP

Process: System

State: LISTENING

 

Local Address: PC-MAISON:49685

Remote Address: LOCALHOST:49684

Type: TCP

Process: C:\Program Files\Mozilla Thunderbird\thunderbird.exe

State: ESTABLISHED

 

Local Address: PC-MAISON:49684

Remote Address: LOCALHOST:49685

Type: TCP

Process: C:\Program Files\Mozilla Thunderbird\thunderbird.exe

State: ESTABLISHED

 

Local Address: PC-MAISON:49682

Remote Address: LOCALHOST:49681

Type: TCP

Process: C:\Program Files\Mozilla Thunderbird\thunderbird.exe

State: ESTABLISHED

 

Local Address: PC-MAISON:49681

Remote Address: LOCALHOST:49682

Type: TCP

Process: C:\Program Files\Mozilla Thunderbird\thunderbird.exe

State: ESTABLISHED

 

Local Address: PC-MAISON:49184

Remote Address: LOCALHOST:19872

Type: TCP

Process: C:\Users\Famille\AppData\Roaming\Dropbox\bin\Dropbox.exe

State: ESTABLISHED

 

Local Address: PC-MAISON:27015

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

State: LISTENING

 

Local Address: PC-MAISON:19872

Remote Address: LOCALHOST:49184

Type: TCP

Process: C:\Users\Famille\AppData\Roaming\Dropbox\bin\Dropbox.exe

State: ESTABLISHED

 

Local Address: PC-MAISON:49157

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\Windows\System32\services.exe

State: LISTENING

 

Local Address: PC-MAISON:49156

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\Windows\System32\svchost.exe

State: LISTENING

 

Local Address: PC-MAISON:49155

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\Windows\System32\svchost.exe

State: LISTENING

 

Local Address: PC-MAISON:49154

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\Windows\System32\lsass.exe

State: LISTENING

 

Local Address: PC-MAISON:49153

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\Windows\System32\svchost.exe

State: LISTENING

 

Local Address: PC-MAISON:49152

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\Windows\System32\wininit.exe

State: LISTENING

 

Local Address: PC-MAISON:17500

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\Users\Famille\AppData\Roaming\Dropbox\bin\Dropbox.exe

State: LISTENING

 

Local Address: PC-MAISON:5357

Remote Address: 0.0.0.0:0

Type: TCP

Process: System

State: LISTENING

 

Local Address: PC-MAISON:MICROSOFT-DS

Remote Address: 0.0.0.0:0

Type: TCP

Process: System

State: LISTENING

 

Local Address: PC-MAISON:EPMAP

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\Windows\System32\svchost.exe

State: LISTENING

 

Local Address: PC-MAISON:57433

Remote Address: NA

Type: UDP

Process: C:\Windows\System32\svchost.exe

State: NA

 

Local Address: PC-MAISON:SSDP

Remote Address: NA

Type: UDP

Process: C:\Windows\System32\svchost.exe

State: NA

 

Local Address: PC-MAISON:138

Remote Address: NA

Type: UDP

Process: System

State: NA

 

Local Address: PC-MAISON:NETBIOS-NS

Remote Address: NA

Type: UDP

Process: System

State: NA

 

Local Address: PC-MAISON:61434

Remote Address: NA

Type: UDP

Process: C:\Program Files\Windows Sidebar\sidebar.exe

State: NA

 

Local Address: PC-MAISON:57434

Remote Address: NA

Type: UDP

Process: C:\Windows\System32\svchost.exe

State: NA

 

Local Address: PC-MAISON:51072

Remote Address: NA

Type: UDP

Process: C:\Windows\System32\svchost.exe

State: NA

 

Local Address: PC-MAISON:SSDP

Remote Address: NA

Type: UDP

Process: C:\Windows\System32\svchost.exe

State: NA

 

Local Address: PC-MAISON:57430

Remote Address: NA

Type: UDP

Process: C:\Windows\System32\svchost.exe

State: NA

 

Local Address: PC-MAISON:17500

Remote Address: NA

Type: UDP

Process: C:\Users\Famille\AppData\Roaming\Dropbox\bin\Dropbox.exe

State: NA

 

Local Address: PC-MAISON:LLMNR

Remote Address: NA

Type: UDP

Process: C:\Windows\System32\svchost.exe

State: NA

 

Local Address: PC-MAISON:IPSEC-MSFT

Remote Address: NA

Type: UDP

Process: C:\Windows\System32\svchost.exe

State: NA

 

Local Address: PC-MAISON:UPNP-DISCOVERY

Remote Address: NA

Type: UDP

Process: C:\Windows\System32\svchost.exe

State: NA

 

Local Address: PC-MAISON:UPNP-DISCOVERY

Remote Address: NA

Type: UDP

Process: C:\Windows\System32\svchost.exe

State: NA

 

Local Address: PC-MAISON:500

Remote Address: NA

Type: UDP

Process: C:\Windows\System32\svchost.exe

State: NA

 

Local Address: PC-MAISON:123

Remote Address: NA

Type: UDP

Process: C:\Windows\System32\svchost.exe

State: NA

 

******************************************************************************************

******************************************************************************************

Hidden files/folders:

Object: C:\sccfg.sys

Status: Hidden

 

Object: C:\System Volume Information\DFSR

Status: Access denied

 

Object: C:\System Volume Information\MountPointManagerRemoteDatabase

Status: Access denied

 

Object: C:\System Volume Information\SPP

Status: Access denied

 

Object: C:\System Volume Information\SystemRestore

Status: Access denied

 

Object: C:\System Volume Information\tracking.log

Status: Access denied

 

Object: C:\System Volume Information\Windows Backup

Status: Access denied

 

Object: C:\System Volume Information\{0c48e1a1-d244-11df-b4ea-001b381b3df7}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Access denied

 

Object: C:\System Volume Information\{2eb75517-d4f9-11df-b71b-001b381b3df7}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Access denied

 

Object: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Access denied

 

Object: C:\System Volume Information\{6b5a438c-d375-11df-bb3f-001b381b3df7}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Access denied

 

Object: C:\System Volume Information\{a256b778-d456-11df-b399-001b381b3df7}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Access denied

 

Object: C:\System Volume Information\{a256b785-d456-11df-b399-001b381b3df7}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Access denied

 

Object: C:\System Volume Information\{a256b790-d456-11df-b399-001b381b3df7}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Access denied

 

Object: C:\System Volume Information\{a51dd07a-d487-11df-b81b-001b381b3df7}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Access denied

 

Object: C:\System Volume Information\{c4a3738d-d29e-11df-8507-001b381b3df7}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Access denied

 

Object: C:\System Volume Information\{c4a373b1-d29e-11df-8507-001b381b3df7}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Access denied

 

Object: C:\Users\Famille\AppData\Local\FLVService\YouTube - LEXUS IS-F full attack!_(2).bin

Status: Hidden

 

Object: C:\Users\Famille\AppData\Local\FLVService\YouTube - LEXUS IS-F full attack!_.bin

Status: Hidden

 

Object: C:\Users\Famille\AppData\Local\Microsoft\Messenger\demo@hotmail.fr\SharingMetadata\nounou@hotmail.fr\DFSR\Staging\CS{2A3F26EF-70E7-6B46-221F-4C027EBED9B9}\01\10-{2A3F26EF-70E7-6B46-221F-4C027EBED9B9}-v1-{F9E9B0D0-8250-41E2-986E-1C72AF87C282}

Status: Hidden

 

Object: C:\Users\Famille\AppData\Local\Microsoft\Messenger\demo@hotmail.fr\SharingMetadata\christine@hotmail.fr\DFSR\Staging\CS{E419866A-53EA-CB7E-1B18-F46B63A96356}\01\11-{E419866A-53EA-CB7E-1B18-F46B63A96356}-v1-{F9E9B0D0-8250-41E2-986E-1C72AF87C

Status: Hidden

 

Object: C:\Users\Famille\AppData\Local\Microsoft\Messenger\demo@hotmail.fr\SharingMetadata\christine@hotmail.fr\DFSR\Staging\CS{E419866A-53EA-CB7E-1B18-F46B63A96356}\12\12-{F9E9B0D0-8250-41E2-986E-1C72AF87C282}-v12-{F9E9B0D0-8250-41E2-986E-1C72AF87

Status: Hidden

 

Object: C:\Users\Famille\AppData\Local\Microsoft\Messenger\demo@hotmail.fr\SharingMetadata\christine@hotmail.fr\DFSR\Staging\CS{E419866A-53EA-CB7E-1B18-F46B63A96356}\16\16-{F9E9B0D0-8250-41E2-986E-1C72AF87C282}-v16-{F9E9B0D0-8250-41E2-986E-1C72AF87

Status: Hidden

 

Object: C:\Users\Famille\AppData\Local\Microsoft\Messenger\demo@hotmail.fr\SharingMetadata\christine@hotmail.fr\DFSR\Staging\CS{E419866A-53EA-CB7E-1B18-F46B63A96356}\55\1755-{6532417D-4975-446F-A3F7-80DBC8F483F0}-v1755-{6532417D-4975-446F-A3F7-80DB

Status: Hidden

 

Object: C:\Users\Famille\AppData\Local\Microsoft\Messenger\demo@hotmail.fr\SharingMetadata\christine@hotmail.fr\DFSR\Staging\CS{E419866A-53EA-CB7E-1B18-F46B63A96356}\62\1862-{6532417D-4975-446F-A3F7-80DBC8F483F0}-v1862-{6532417D-4975-446F-A3F7-80DB

Status: Hidden

 

Object: C:\Users\Famille\AppData\Local\Microsoft\Messenger\demo@hotmail.fr\SharingMetadata\christine@hotmail.fr\DFSR\Staging\CS{E419866A-53EA-CB7E-1B18-F46B63A96356}\74\1774-{6532417D-4975-446F-A3F7-80DBC8F483F0}-v1774-{6532417D-4975-446F-A3F7-80DB

Status: Hidden

 

Object: C:\Users\Famille\Favorites\Links\Ciné\Restaurants

Status: Hidden

 

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

Status: Access denied

 

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

Status: Access denied

 

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

Status: Access denied

 

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

Status: Access denied

 

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl

Status: Access denied

Modifié le 13 octobre 2010 par Vie Russe

[pear]

Bonjour,

 

On va fouiller le fonds du fonds:

 

Tutoriel

 

Sous Vista, désactivez l'UAC

Télécharger Kaspersky Virus Removal Tool(VRT)

Le fichier fait + de 70M°, soyez patient.

 

Très simple à utiliser,Kaspersky Virus Removal Tool n'est pas un antivirus ou un outil de surveillance,

Il n'y a pas non plus de mise-à-jour automatique, il vous faudra donc télécharger la nouvelle version, qui est quotidiennement mise à jour, et l'installer à chaque fois que vous désirez l'utiliser.

Cliquer sur le fichier téléchargé pour installer VRT.

Poste de Travail->Propriétés->Restauration Système.

Cocher la case "Désactiver la Restauration sur tous les lecteurs".

Vous la décocherez par la suite et Redémarrerez après la procédure VRT.

Un nouveau point de restauration sera créé au redémarrage.

 

A On threat détection (si un malware est détecté)

Choisissez, en bas Disinfect,delete if cannot disinfected

Sélectionner les fichiers ou répertoires à analyser (disque dur, périphériques ou documents spécifiques) puis de lancer le processus Start Scan.

 

A la fin du scan:

Cliquer sur"Report" pour voir et enregistrer le rapport à poster.

Ensuite taper sur Exit pour désinstaller l'outil

[Vie Russe]

Ok, je fais ça ce soir, car je bosse sur mon pc la journée

Merci !