Personal Security

Luxia29 Messages postés 14 Statut Membre -  
flo-91 Messages postés 5973 Statut Contributeur sécurité -
Bonjour,

J'ai un gros pb avec le faux Personal Security, je ne sais pas comment j'ai choppé ça mais ça me bloque mes fenêtres internet...
Quelqu'un peut-il m'aider s'il vous plait ?
Merci d'avance
Configuration: Windows XP Internet Explorer 7.0

22 réponses

  • 1
  • 2
  1. flo-91 Messages postés 5973 Statut Contributeur sécurité 1 120
     
    Bonjour,

    1-> Télécharge Rkill ( de Grinler ) sur ton bureau :

    https://download.bleepingcomputer.com/grinler/rkill.exe

    /!\ Désactive toutes tes protections résidentes ( Antivirus, Antispyware, Pare-Feu ) /!\

    > Double clique sur rkill ( présent sur ton bureau ) ou clique droit -> Executer en tant qu'administrateur ( utilisateurs de vista/7 )

    > Une fenêtre sur fond noir s'ouvrira rapidement puis disparaîtra, c'est normal.

    2-> SuperAntiSpyware <

    > Télécharge SuperAntiSpyware ici :

    http://cdn.superantispyware.com/SUPERAntiSpyware.exe

    > Installe le avec les paramètres par défaut.

    > A la fin de l'installation, il se lancera et te demandera de choisir la langue du programme, choisis français.

    > Le programme te proposera ensuite de le mettre à jour, fait le.

    > Un assistant de configuration s'ouvrira, fais suivant en laissant les paramètres par défaut

    > SuperAntiSpyware s'ouvrira. Clique sur " Scanner votre ordinateur ".

    > Coche " Executer scan complet " et clique sur " Suivant ".

    > Laisse le scan s'opérer.

    > A la fin du scan, vérifie que tout est coché puis clique sur " Suivant "

    > Clique ensuite sur terminer, puis clique sur " Préférences ".

    > Va à l'onglet " Statistiques/Journaux de bord " , séléctionne celui en date d'aujourd'hui puis clique sur " Voir le journal de bord "

    > Copie/Colle son contenu dans ton prochain message.

    > Note : tu peux vider la quarantaine ( " La gestion de la quarantaine " au menu principal )
    1
  2. FoxRivers
     
    tu n'arrive pas à le désinstaller ?!
    0
  3. Luxia29 Messages postés 14 Statut Membre
     
    Non impossible... J'ai essayé mais quand je veux le désinstaller, on me demande de payer l'anti-virus (qui n'en est pas un...)
    0
  4. Luxia29 Messages postés 14 Statut Membre
     
    Merci beaucoup !
    Voilà le contenu...

    SUPERAntiSpyware Scan Log
    https://www.superantispyware.com/

    Generated 12/16/2009 at 02:40 PM

    Application Version : 4.31.1000

    Core Rules Database Version : 4378
    Trace Rules Database Version: 2217

    Scan type : Complete Scan
    Total Scan Time : 00:28:17

    Memory items scanned : 457
    Memory threats detected : 2
    Registry items scanned : 4480
    Registry threats detected : 27
    File items scanned : 28376
    File threats detected : 309

    Trojan.Dropper/Win-NV
    C:\WINDOWS\SYSTEM32\XXOP81.DLL
    C:\WINDOWS\SYSTEM32\XXOP81.DLL
    C:\WINDOWS\SYSTEM32\SSHNAS.DLL
    C:\WINDOWS\SYSTEM32\SSHNAS.DLL
    Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\xxop81
    HKLM\SYSTEM\CurrentControlSet\Services\SSHNAS
    HKLM\SYSTEM\CurrentControlSet\Services\SSHNAS#Type
    HKLM\SYSTEM\CurrentControlSet\Services\SSHNAS#Start
    HKLM\SYSTEM\CurrentControlSet\Services\SSHNAS#ErrorControl
    HKLM\SYSTEM\CurrentControlSet\Services\SSHNAS#ImagePath
    HKLM\SYSTEM\CurrentControlSet\Services\SSHNAS#DisplayName
    HKLM\SYSTEM\CurrentControlSet\Services\SSHNAS#ObjectName
    HKLM\SYSTEM\CurrentControlSet\Services\SSHNAS\Parameters
    HKLM\SYSTEM\CurrentControlSet\Services\SSHNAS\Parameters#ServiceDll
    HKLM\SYSTEM\CurrentControlSet\Services\SSHNAS\Security
    HKLM\SYSTEM\CurrentControlSet\Services\SSHNAS\Security#Security
    HKLM\SYSTEM\CurrentControlSet\Services\SSHNAS\Enum
    HKLM\SYSTEM\CurrentControlSet\Services\SSHNAS\Enum#0
    HKLM\SYSTEM\CurrentControlSet\Services\SSHNAS\Enum#Count
    HKLM\SYSTEM\CurrentControlSet\Services\SSHNAS\Enum#NextInstance
    C:\WINDOWS\MSA.EXE
    C:\WINDOWS\TEMP\A.EXE

    Trojan.Dropper/Gen-C
    [ZagrebLand] C:\WINDOWS\TEMP\C.EXE
    C:\WINDOWS\TEMP\C.EXE
    [ZagrebLand] C:\DOCUME~1\CRAULT~1.ALV\LOCALS~1\TEMP\C.EXE
    C:\DOCUME~1\CRAULT~1.ALV\LOCALS~1\TEMP\C.EXE
    [ZagrebLand] C:\WINDOWS\TEMP\C.EXE
    C:\DOCUMENTS AND SETTINGS\C.RAULT.ALVAC\LOCAL SETTINGS\TEMP\A.EXE
    C:\DOCUMENTS AND SETTINGS\C.RAULT.ALVAC\LOCAL SETTINGS\TEMP\B.EXE
    C:\DOCUMENTS AND SETTINGS\C.RAULT.ALVAC\LOCAL SETTINGS\TEMP\C.EXE
    C:\WINDOWS\TEMP\B.EXE
    C:\WINDOWS\Prefetch\C.EXE-0AC304BC.pf
    C:\WINDOWS\Prefetch\C.EXE-1B8D5E2D.pf

    Trojan.Agent/Gen-FakeAlert[TS]
    HKLM\Software\Classes\CLSID\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
    HKCR\CLSID\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
    HKCR\CLSID\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
    HKCR\CLSID\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}\InprocServer32
    HKCR\CLSID\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}\InprocServer32#ThreadingModel
    C:\WINDOWS\SYSTEM32\WIN32EXTENSION.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
    HKU\S-1-5-21-1757981266-854245398-682003330-1118\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}

    Adware.Tracking Cookie
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c[35].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@cdiscount[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@mediaplex[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@m1.webstats.motigo[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@doubleclick[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c[22].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@interflora2.solution.weborama[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@content.yieldmanager[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@ad.zanox[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@weborama[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@2o7[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@adviva[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@microsoftinternetexplorer.112.2o7[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@microsoftsto.112.2o7[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@adfarm1.adition[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@cetelem.solution.weborama[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@chitika[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@track.effiliation[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@serving-sys[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@euroclick[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@ie8audience.solution.weborama[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@ad.yieldmanager[3].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@adserver.aol[3].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@richmedia.yahoo[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@cdn5.specificclick[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@revenue[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@eas.apm.emediate[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@yourmedia[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@adrevolver[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@ads.clickadserver[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@adbrite[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@ad.ieurop[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c[28].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@tradedoubler[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@clickintext[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@bluestreak[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@adserver.cherchons[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@premiere.solution.weborama[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@advertising[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@tacoda[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@dynamic.media.adrevolver[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@smartadserver[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@partypoker[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@lagarderefrance.solution.weborama[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@bouyguestelecom.solution.weborama[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@fnacmagasin.solution.weborama[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@ad.proxad[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@beacons.hottraffic[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@bizrate[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@statcounter[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@clicks.pangora[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@overture[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@netgear.122.2o7[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@elle.solution.weborama[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@fr.at.atwola[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@247realmedia[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@estat[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@opodo.122.2o7[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@daimlerag.122.2o7[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@tracking.lsfinteractive[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@boursoramabanque.solution.weborama[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@specificclick[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@fastclick[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@casalemedia[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@t.bbtrack[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@media.adrevolver[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@postclicktracking[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@www.smartadserver[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@xiti[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c[5].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@adv.surinter[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@interhome.solution.weborama[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@weba.cdiscount[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@bubblestat[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@msnportal.112.2o7[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c[3].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@adopt.euroclick[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@bs.serving-sys[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@cnam.solution.weborama[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@advertstream[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@consolidationwindowsfrie8.solution.weborama[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@intermarche2009.solution.weborama[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@atdmt[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@fl01.ct2.comclick[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@adtech[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@at.atwola[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@partyaccount[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@zedo[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@statse.webtrendslive[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@content.yieldmanager[3].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@wysistat[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@mediateurdelenergie.solution.weborama[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@questionmarket[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@revsci[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@himedia.individuad[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@track.webgains[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@virginmobile.solution.weborama[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@footeogroupe.solution.weborama[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@stats.vinc[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@afidol.solution.weborama[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@banquepopulaire.solution.weborama[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@zanox[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@femina.solution.weborama[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c[38].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@ads.118000[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@garnier2009.solution.weborama[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@admarketplace[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@spacefoot.solution.weborama[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@ads.shopreflex[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@lorealpariselseve.solution.weborama[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@mmedia.t134[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@nestlecereals.solution.weborama[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@apmebf[3].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@clubatcost.solution.weborama[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c[31].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@samsung.solution.weborama[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@wysistat[4].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@wsclick.infospace[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@exoclick[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@media6degrees[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@sfr.122.2o7[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@ads.illicotravel[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@tracking.publicidees[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@fr.partypoker[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@ttbeuropcar.solution.weborama[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@aimfar.solution.weborama[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@tracking.veille-referencement[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@argusauto2.solution.weborama[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@wysistat[3].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@bridge1.admarketplace[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@cosmetiqueactive2009.solution.weborama[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@ads.audxch[3].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@secure.partyaccount[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@kelpromo.solution.weborama[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@adserver.aol[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@ad.yieldmanager[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@ad.zanox[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@ads.audxch[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@aimfar.solution.weborama[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@apmebf[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@clickintext[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@content.yieldmanager[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@fastclick[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@fr.classic.clickintext[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@tribalfusion[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@nestlemaggi.solution.weborama[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@serving-sys[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@server.cpmstar[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@serving-sys[3].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@stats.servicepubliclocal[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@track.effiliation[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@tradedoubler[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@adrevolver[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@247realmedia[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@2o7[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@4.adbrite[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@ad.yieldmanager[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@ad.zanox[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@adbrite[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@adopt.euroclick[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@aimfar.solution.weborama[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@ads.addclic[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@ads.afrik[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@ads.canalblog[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@ads.multimania.lycos[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@ads.pointroll[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@ads.umahe[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@ads.widgetbucks[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@adserver.aol[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@adtech[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@adv.surinter[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@advertising[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@advertstream[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@adviva[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@aolfr.122.2o7[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@apmebf[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@atdmt[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@audi.solution.weborama[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@bluestreak[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@bnpparibasnet.solution.weborama[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@boursoramabanque.solution.weborama[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@bs.serving-sys[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@conforamalancementsite.solution.weborama[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@casalemedia[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@cetelem.solution.weborama[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@commission-junction[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@creditcooperatif.solution.weborama[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@date.ventivmedia[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@dolcegusto16avril11juin.solution.weborama[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@doubleclick[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@ehg-telecomitalia.hitbox[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@fastclick[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@fl01.ct2.comclick[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@fnac.112.2o7[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@himedia.individuad[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@hitbox[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@karavel.112.2o7[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@hotlog[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@laredoute.solution.weborama[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@media.adrevolver[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@media.livefun[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@mediaplex[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@msnaccountservices.112.2o7[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@msnportal.112.2o7[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@overture[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@questionmarket[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@richmedia.yahoo[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@smartadserver[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@samsung.solution.weborama[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@servedby.onlinemediadiva[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@serving-sys[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@specificclick[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@stat.one-clic[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@stats.canalblog[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@statse.webtrendslive[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@statsweb.bnpparibas[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@track.effiliation[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@tracker.affistats[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@tradedoubler[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@tribalfusion[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@videoegg.adbureau[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@vitteladidasavril08.solution.weborama[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@weborama[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@www.cibleclick[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@www.smartadserver[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@xiti[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@yoplait.solution.weborama[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@yourmedia[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@zbox.zanox[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\Documents and Settings\c.rault\Cookies\c.rault@zedo[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@ads.tetesacl.streamtheworld[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@247realmedia[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@2o7[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@ad.cibleclick[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@ad.ifrance[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@adopt.hbmediapro[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@ads.multimania.lycos[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@ads.pointroll[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@ads.wanadooregie[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@adserver.aol[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@adtech[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@adv.surinter[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@advertising[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@advertstream[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@apmebf[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@as1.falkag[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@atdmt[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@dealtime.co[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@audit.median[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@bluestreak[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@bs.serving-sys[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@casalemedia[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@cdiscount[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@data.coremetrics[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@dictionnaire.mediadico[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@directtrack[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@doubleclick[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@ehg-kodak.hitbox[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@ehg-neuftelecom.hitbox[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@fastclick[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@fl01.ct2.comclick[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@hitbox[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@media-zvip.carpediem[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@macromedia.112.2o7[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@mediadico[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@mediaplex[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@mediastay.directtrack[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@mediastay[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@msnportal.112.2o7[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@overture[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@paypal.112.2o7[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@sfr.122.2o7[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@serving-sys[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@serving-sys[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@test.coremetrics[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@tracker.roitesting[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@tracking.publicidees[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@tradedoubler[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@weborama[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@www.cdiscount[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@www.cibleclick[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@www.smartadserver[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@xiti[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@yourmedia[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault\Cookies\c.rault@zedo[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault.PC16419\Cookies\c.rault@2o7[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault.PC16419\Cookies\c.rault@atdmt[2].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault.PC16419\Cookies\c.rault@bluestreak[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault.PC16419\Cookies\c.rault@msnportal.112.2o7[1].txt
    C:\RECUP DONNEES\16419_ALVAC\C\My old Disk Structure -- 22-05-07 1720\Documents and Settings\c.rault.PC16419\Cookies\c.rault@weborama[2].txt

    Trojan.Agent/Gen
    HKU\S-1-5-21-1757981266-854245398-682003330-1118\Software\Videohost

    Trojan.Agent/Gen-Nullo[Short]
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{73B805CC-2830-47BE-AA94-B6532C5C9198}\RP227\A0031325.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{73B805CC-2830-47BE-AA94-B6532C5C9198}\RP227\A0031327.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{73B805CC-2830-47BE-AA94-B6532C5C9198}\RP227\A0031329.DLL

    Trojan.Dropper/SVCHost-Fake
    C:\WINDOWS\TEMP\OFVN.TMP\SVCHOST.EXE

    Trojan.Downloader-Gen/SVCHost-Fake
    C:\WINDOWS\TEMP\VPOI.TMP\SVCHOST.EXE
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. flo-91 Messages postés 5973 Statut Contributeur sécurité 1 120
     
    >Telecharge malwarebytes ici :

    https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/

    . sur la page cliques sur Télécharger Malwarebyte's Anti-Malware
    . enregistres le sur le bureau
    /!\Utilisateur de Vista : Clique droit sur le logo de Malwarebytes' Anti-Malware, « exécuter en tant qu’Administrateur »

    . Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
    . Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
    . si le pare-feu demande l'autorisation de se connecter pour malwarebytes, acceptes
    . Une fois la mise à jour terminé
    . rend-toi dans l'onglet, Recherche
    . Sélectionnes Exécuter un examen complet
    . Cliques sur Rechercher
    . Le scan démarre.
    . A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    . Cliques sur Ok pour poursuivre.
    . Si des malwares ont été détectés, cliques sur Afficher les résultats
    . Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
    . Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
    . rends toi dans l'onglet rapport/log
    . tu cliques dessus pour l'afficher une fois affiché
    . tu cliques sur edition en haut du boc notes,et puis sur sélectionner tous
    . tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
    . tu cliques droit dans le cadre de la reponse et coller

    Si tu as besoin d'aide regarde ce tutoriel :
    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
    0
  7. Luxia29 Messages postés 14 Statut Membre
     
    Je l'ai téléchargé, mais il ne s'ouvre pas..
    Enfin il s'ouvre puis la fenetre disparait sans que j'ai le temps de faire quoi que se soit ! :/
    0
  8. flo-91 Messages postés 5973 Statut Contributeur sécurité 1 120
     
    >Telecharge RSIT ici et enregistre-le sur ton bureau :

    http://images.malwareremoval.com/random/RSIT.exe

    >Double-clique sur RSIT.exe qui se trouve sur le bureau

    >Le programme se lance, choisi "1month" et clique sur "continue"

    >Laisse faire l'outil et poste le rapport qui s'affiche.
    0
  9. Luxia29 Messages postés 14 Statut Membre
     
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by c.rault at 2009-12-16 15:04:20
    Microsoft Windows XP Professionnel Service Pack 3
    System drive C: has 58 GB (80%) free of 72 GB
    Total RAM: 1023 MB (51% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:19:04, on 16/12/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\UltraVNC\WinVNC.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\CA\ETRUST~1\realmon.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\PersonalSec\psecurity.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\sistray.exe
    C:\Documents and Settings\C.RAULT.ALVAC\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
    C:\Program Files\UltraVNC\WinVNC.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\TEMP\b.exe
    C:\Documents and Settings\C.RAULT.ALVAC\Bureau\RSIT.exe
    C:\Program Files\trend micro\c.rault.exe
    C:\WINDOWS\TEMP\c.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware (registration)] regsvr32.exe /s "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll"
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-ME5MT.exe" /REG
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [c.rault] C:\Documents and Settings\C.RAULT.ALVAC\c.rault.exe
    O4 - HKCU\..\Run: [PersonalSec] C:\Program Files\PersonalSec\psecurity.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\C.RAULT.ALVAC\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = alvac.local
    O17 - HKLM\Software\..\Telephony: DomainName = alvac.local
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = alvac.local
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = alvac.local
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = alvac.local
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
    O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: uvnc_service - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe
    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/CRAULT~1.ALV/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
    0
  10. flo-91 Messages postés 5973 Statut Contributeur sécurité 1 120
     
    /!\ Utilisateur de vista et windows 7 : ne pas oublier de désactiver Le contrôle des comptes utilisateurs
    https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac

    >Usbfix<

    >Télécharge USBFIX de Chiquitine29, C_xx ici :

    http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe

    >/!\ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

    > Double clic sur le raccourci UsbFix présent sur le bureau .

    >Choisir l'option 1 (Recherche) et laisser travailler l'outil

    Ensuite poste le rapport UsbFix.txt qui apparaîtra.

    • Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

    • Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

    • Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html
    0
  11. Luxia29 Messages postés 14 Statut Membre
     
    ############################## | UsbFix V6.064 |

    User : c.rault (Administrateurs) # CIG16419
    Update on 16/12/2009 by Chiquitine29, C_XX & Chimay8
    Start at: 15:50:16 | 16/12/2009
    Website : http://pagesperso-orange.fr/NosTools/index.html
    Contact : FindyKill.Contact@gmail.com

    Intel(R) Pentium(R) 4 CPU 3.00GHz
    Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
    Internet Explorer 8.0.6001.18702
    Windows Firewall Status : Enabled

    A:\ -> Lecteur de disquettes 3 ½ pouces
    C:\ -> Disque fixe local # 70,61 Go (56,32 Go free) # NTFS
    D:\ -> Disque CD-ROM
    E:\ -> Disque amovible # 7,45 Go (7,38 Go free) [HP v125w] # FAT32
    G:\ -> Connexion réseau # 26,1 Go (6,28 Go free) [data] # NTFS
    H:\ -> Connexion réseau # 26,1 Go (6,28 Go free) [data] # NTFS
    I:\ -> Connexion réseau # 26,1 Go (6,28 Go free) [data] # NTFS
    J:\ -> Connexion réseau # 26,1 Go (6,28 Go free) [data] # NTFS
    P:\ -> Connexion réseau # 26,1 Go (6,28 Go free) [data] # NTFS

    ############################## | Processus actifs |

    C:\WINDOWS\System32\smss.exe 444
    C:\WINDOWS\system32\csrss.exe 500
    C:\WINDOWS\system32\winlogon.exe 528
    C:\WINDOWS\system32\services.exe 576
    C:\WINDOWS\system32\lsass.exe 588
    C:\WINDOWS\system32\svchost.exe 772
    C:\WINDOWS\system32\svchost.exe 852
    C:\WINDOWS\System32\svchost.exe 924
    C:\WINDOWS\System32\svchost.exe 1012
    C:\WINDOWS\System32\svchost.exe 1076
    C:\WINDOWS\system32\spoolsv.exe 1236
    C:\WINDOWS\system32\brss01a.exe 1244
    C:\WINDOWS\System32\svchost.exe 1584
    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe 1656
    C:\Program Files\CA\eTrust Antivirus\InoRT.exe 1724
    C:\Program Files\CA\eTrust Antivirus\InoTask.exe 1888
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe 176
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe 740
    C:\WINDOWS\System32\svchost.exe 1036
    C:\Program Files\UltraVNC\WinVNC.exe 1088
    C:\WINDOWS\SOUNDMAN.EXE 1636
    C:\PROGRA~1\CA\ETRUST~1\realmon.exe 1708
    C:\WINDOWS\system32\ctfmon.exe 1836
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe 1940
    C:\WINDOWS\system32\sistray.exe 2160
    C:\Documents and Settings\C.RAULT.ALVAC\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe 2200
    C:\Program Files\UltraVNC\WinVNC.exe 2624
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe 2656
    C:\WINDOWS\System32\alg.exe 2756
    C:\Program Files\Internet Explorer\iexplore.exe 3384
    C:\Program Files\Internet Explorer\iexplore.exe 3476
    C:\Program Files\Internet Explorer\iexplore.exe 2324
    C:\WINDOWS\explorer.exe 252
    C:\WINDOWS\system32\wbem\wmiprvse.exe 124

    ################## | Fichiers # Dossiers infectieux |

    C:\WINDOWS\Temp\a.dat
    C:\WINDOWS\Temp\a.exe
    C:\WINDOWS\Temp\b.exe
    C:\WINDOWS\Temp\c.exe
    C:\WINDOWS\System32\sshnas.dll
    C:\DOCUME~1\CRAULT~1.ALV\LOCALS~1\Temp\a.dat
    I:\Install\install.exe
    I:\server.exe

    ################## | Registre # Clés infectieuses |

    [HKCU\SOFTWARE\XML]
    [HKCU\SOFTWARE\ZagrebLand]
    [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "c.rault"

    ################## | Registre # Mountpoints2 |

    HKCU\..\..\Explorer\MountPoints2\{28b68cfa-df1a-11de-8f31-0015f25b9260}
    Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL mLecorRe.exE

    HKCU\..\..\Explorer\MountPoints2\{58773645-b300-11dd-80c8-806d6172696f}
    Shell\AutoRun\command =D:\Launch.exe

    HKCU\..\..\Explorer\MountPoints2\{58773646-b300-11dd-80c8-806d6172696f}
    Shell\AutoRun\command =E:\install.EXE /AUTORUN
    Shell\configure\command =E:\install.EXE
    Shell\install\command =E:\install.EXE

    HKCU\..\..\Explorer\MountPoints2\{8f5cbeb8-3aee-11de-8ea2-0015f25b9260}
    Shell\AutoRun\command =E:\LaunchU3.exe -a

    ################## | Cracks / Keygens / Serials |

    ################## | ! Fin du rapport # UsbFix V6.064 ! |
    0
  12. flo-91 Messages postés 5973 Statut Contributeur sécurité 1 120
     
    Ok, :

    >Relance Usbfix :

    /!\ Utilisateur de vista et windows 7 : ne pas oublier de désactiver Le contrôle des comptes utilisateurs
    https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac

    >Usbfix<

    >Télécharge USBFIX de Chiquitine29, C_xx ici :

    http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe

    >/!\ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

    > Double clic sur le raccourci UsbFix présent sur le bureau .

    >Choisir l'option 2 (Suppression) et laisser travailler l'outil

    Ensuite poste le rapport UsbFix.txt qui apparaîtra.

    • Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

    • Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

    • Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html
    0
  13. Luxia29 Messages postés 14 Statut Membre
     
    ############################## | UsbFix V6.064 |

    User : c.rault (Administrateurs) # CIG16419
    Update on 16/12/2009 by Chiquitine29, C_XX & Chimay8
    Start at: 16:18:43 | 16/12/2009
    Website : http://pagesperso-orange.fr/NosTools/index.html
    Contact : FindyKill.Contact@gmail.com

    Intel(R) Pentium(R) 4 CPU 3.00GHz
    Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
    Internet Explorer 8.0.6001.18702
    Windows Firewall Status : Enabled

    A:\ -> Lecteur de disquettes 3 ½ pouces
    C:\ -> Disque fixe local # 70,61 Go (56,3 Go free) # NTFS
    D:\ -> Disque CD-ROM
    E:\ -> Disque amovible # 7,45 Go (7,38 Go free) [HP v125w] # FAT32
    G:\ -> Connexion réseau # 26,1 Go (6,28 Go free) [data] # NTFS
    H:\ -> Connexion réseau # 26,1 Go (6,28 Go free) [data] # NTFS
    I:\ -> Connexion réseau # 26,1 Go (6,28 Go free) [data] # NTFS
    J:\ -> Connexion réseau # 26,1 Go (6,28 Go free) [data] # NTFS
    P:\ -> Connexion réseau # 26,1 Go (6,28 Go free) [data] # NTFS

    ############################## | Processus actifs |

    C:\WINDOWS\System32\smss.exe 452
    C:\WINDOWS\system32\csrss.exe 500
    C:\WINDOWS\system32\winlogon.exe 528
    C:\WINDOWS\system32\services.exe 576
    C:\WINDOWS\system32\lsass.exe 588
    C:\WINDOWS\system32\svchost.exe 780
    C:\WINDOWS\system32\svchost.exe 856
    C:\WINDOWS\System32\svchost.exe 928
    C:\WINDOWS\System32\svchost.exe 1024
    C:\WINDOWS\System32\svchost.exe 1080
    C:\WINDOWS\system32\brsvc01a.exe 1176
    C:\WINDOWS\system32\spoolsv.exe 1204
    C:\WINDOWS\system32\brss01a.exe 1248
    C:\WINDOWS\System32\svchost.exe 1504
    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe 1588
    C:\Program Files\CA\eTrust Antivirus\InoRT.exe 1616
    C:\Program Files\CA\eTrust Antivirus\InoTask.exe 1684
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe 1744
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe 1980
    C:\WINDOWS\system32\nvsvc32.exe 2024
    C:\WINDOWS\System32\svchost.exe 168
    C:\Program Files\UltraVNC\WinVNC.exe 264
    C:\WINDOWS\system32\wuauclt.exe 416
    C:\WINDOWS\system32\userinit.exe 484
    C:\WINDOWS\Explorer.EXE 812
    C:\WINDOWS\system32\wbem\wmiprvse.exe 1320
    C:\WINDOWS\System32\alg.exe 1552
    C:\Program Files\UltraVNC\WinVNC.exe 2352
    C:\WINDOWS\system32\userinit.exe 2392

    ################## | Fichiers # Dossiers infectieux |

    Supprimé ! C:\WINDOWS\Temp\a.dat
    Supprimé ! C:\DOCUME~1\CRAULT~1.ALV\LOCALS~1\Temp\a.dat
    Supprimé ! C:\Recycler\S-1-5-21-1715567821-2077806209-725345543-1003
    Supprimé ! C:\Recycler\S-1-5-21-1757981266-854245398-682003330-1118
    Supprimé ! I:\Install\install.exe
    Non supprimé ! I:\server.exe

    ################## | Registre # Clés infectieuses |

    Supprimé ! [HKCU\SOFTWARE\XML]
    Supprimé ! [HKCU\SOFTWARE\ZagrebLand]
    Supprimé ! [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "c.rault"

    ################## | Registre # Mountpoints2 |

    Supprimé ! HKCU\...\Explorer\MountPoints2\{28b68cfa-df1a-11de-8f31-0015f25b9260}\Shell\AutoRun\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{58773645-b300-11dd-80c8-806d6172696f}\Shell\AutoRun\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{58773646-b300-11dd-80c8-806d6172696f}\Shell\AutoRun\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{8f5cbeb8-3aee-11de-8ea2-0015f25b9260}\Shell\AutoRun\Command

    ################## | Listing des fichiers présent |

    [13/11/2008 13:59|--a------|0] C:\AUTOEXEC.BAT
    [14/11/2008 09:11|-rahs----|212] C:\boot.ini
    [28/09/2001 13:00|-rahs----|4952] C:\Bootfont.bin
    [13/11/2008 13:59|--a------|0] C:\CONFIG.SYS
    [13/11/2008 13:59|-rahs----|0] C:\IO.SYS
    [13/11/2008 13:59|-rahs----|0] C:\MSDOS.SYS
    [14/11/2008 09:08|-rahs----|47564] C:\NTDETECT.COM
    [14/11/2008 09:25|-rahs----|252240] C:\ntldr
    [?|?|?] C:\pagefile.sys
    [16/12/2009 16:26|--a------|3753] C:\UsbFix.txt
    [08/12/2009 15:05|--a------|398848] E:\partenairefinistre09.xls
    [15/12/2009 10:36|--a------|20992] E:\ACTION PROFESSIONNELLE.doc
    [16/12/2009 12:43|--a------|23552] E:\Document 2.doc
    [16/12/2009 15:47|--a------|49664] E:\Rapport de stage.doc
    [15/12/2009 11:55|--a------|26112] E:\FICHE DESCRIPTIVE.doc
    [15/12/2009 12:48|--a------|26112] E:\REUNION SUR LE CESU.doc
    [15/12/2009 13:54|--a------|4499] E:\attestation_de_stage[1].pdf
    [04/03/2008 14:23|--a------|17625600] E:\DIAPORAMA ALVAC.ppt
    [23/05/2007 12:14|--a------|262656] G:\afficherencontre.doc
    [22/06/2006 17:29|--a------|27648] G:\Bilan des Rencontres des ‚lus de CE.doc
    [13/02/2009 15:29|--a------|588288] G:\cin‚ma08.xls
    [12/06/2009 09:00|--a------|200704] G:\cin‚ma09.xls
    [27/07/2007 17:49|--a------|480] G:\ISO2.nri
    [21/08/2006 15:10|--a------|77824] G:\Reinitialisation_Vues_C_Huit.Fep
    [17/07/2009 18:04|--a------|6424] G:\Sauvegarde 17juillet09.nri
    [10/07/1995 16:25|--a------|4363] G:\SeqTexte.ini
    [18/01/2007 17:20|--a------|4687] G:\SeqTexte.ini.TXT
    [24/01/2008 18:19|--a------|177707] G:\visuel08.pdf
    [25/11/2008 16:33|--a------|2419511] G:\visuel09.pdf
    [21/07/2000 10:06|--a------|36864] I:\Aboutn.dll
    [09/04/2003 11:22|---------|354] I:\Aboutn.ini
    [18/10/2000 13:47|--a------|32768] I:\AcmConv.dll
    [11/04/2003 15:14|---------|270776] I:\Admin.bmp
    [21/08/2000 13:34|--a------|1856] I:\ADMIN.CNV
    [29/04/2003 15:25|--a------|978944] I:\admin.exe
    [10/02/2000 15:40|--a------|305] I:\Admin.reg
    [05/05/1998 01:10|--a------|470] I:\alphapg1.wph
    [05/05/1998 01:10|--a------|470] I:\alphapg4.wph
    [04/05/1998 01:10|--a------|470] I:\Alphapg8.wph
    [27/06/2006 11:33|--a------|462605] I:\ANNUAIREWS.dbf
    [03/04/2006 13:46|--a------|480] I:\ANNUAIREWS.pkg
    [25/07/2006 08:30|--a------|122848] I:\ANNUAIREWS.pkx
    [14/12/2000 15:17|--a------|73728] I:\Answer.dll
    [28/02/2002 15:14|--a------|221184] I:\AppLic.dll
    [14/12/2001 10:51|--a------|188416] I:\AppLic2.dll
    [20/04/2005 13:42|--a------|0] I:\AUTORUN.728
    [10/11/1999 02:11|--a------|539] I:\BouygMin.wph
    [15/02/2000 10:51|--a------|325070] I:\BROOK.PAC
    [16/06/1999 16:52|--a------|227840] I:\BTDLLD.DLL
    [10/02/2000 12:12|--a------|20480] I:\BVRP98.dll
    [18/03/2002 15:02|--a------|262144] I:\BVRPArc.dll
    [06/02/2002 17:49|--a------|196608] I:\BVRPCTLn.dll
    [06/07/1999 17:07|--a------|167936] I:\BVRPfc.dll
    [19/10/2001 08:58|--a------|57405] I:\BVRPNac.dll
    [24/01/2001 16:35|--a------|36864] I:\BVRPNet.dll
    [02/01/2002 13:48|--a------|81920] I:\BvrpWd.wll
    [04/07/2000 12:19|--a------|71936] I:\BVRPWF.DRV
    [25/09/2002 10:16|---------|36864] I:\CaptureAuto.exe
    [16/10/2002 09:57|---------|2274581] I:\CaptureFax.exe
    [30/01/2006 17:15|--a------|1091] I:\CE 2006.dbf
    [01/02/2006 15:48|--a------|288] I:\CE 2006.pkg
    [27/03/2006 16:05|--a------|288] I:\CE 2006.pkx
    [24/12/1998 10:34|--a------|256] I:\ChaERMES.inf
    [05/06/1998 15:58|--a------|256] I:\CharSMF3.inf
    [17/03/1998 01:10|--a------|256] I:\CHARTAP0.INF
    [12/01/2000 19:23|--a------|40960] I:\CnfRep.dll
    [02/01/2002 14:55|--a------|77824] I:\CoBvrpWd.dll
    [17/01/1997 04:00|--a------|76288] I:\COLOR32.DLL
    [15/09/2005 14:11|--a------|896] I:\COMLINES.DAT
    [18/10/2000 13:49|--a------|28672] I:\ComLines.dll
    [16/11/2009 09:46|--a------|640] I:\ConfIP.bin
    [01/02/2000 12:11|--a------|3476] I:\country.ini
    [20/07/2000 18:52|--a------|45056] I:\Cvs2pgfn.dll
    [30/05/2000 10:16|--a------|40960] I:\Cvsedit.dll
    [10/12/2001 17:47|--a------|225539] I:\Cvsedit.exe
    [20/04/2005 13:42|--a------|22755] I:\DeIsL1.isu
    [02/03/1998 04:00|--a------|31232] I:\Dfansin.dll
    [20/06/1996 04:00|--a------|31232] I:\Dfasciin.dll
    [20/06/1996 04:00|--a------|31232] I:\Dfasctyn.dll
    [03/03/1998 04:00|--a------|48640] I:\dfpgf2n.dll
    [20/10/1999 15:36|--a------|24576] I:\Dgcatn.dll
    [04/04/2000 10:27|--a------|49152] I:\Dgccittn.dll
    [18/06/1996 04:00|--a------|20480] I:\Dgmrgn.dll
    [18/06/1996 04:00|--a------|18944] I:\Dgred8.dll
    [07/03/2000 15:43|--a------|36864] I:\Dgubmpn.dll
    [07/03/2000 15:43|--a------|40960] I:\Dguconvn.dll
    [07/03/2000 15:43|--a------|36864] I:\Dgugifn.dll
    [07/03/2000 15:43|--a------|65536] I:\Dgujpegn.dll
    [07/03/2000 15:43|--a------|36864] I:\Dgupcxn.dll
    [29/04/2003 16:47|--a------|65536] I:\dgutiffn.dll
    [09/11/2000 19:06|--a------|45056] I:\DocBase.dll
    [18/10/2000 13:50|--a------|32768] I:\DocLib.dll
    [13/12/2000 15:21|--a------|53248] I:\DrawBt.dll
    [04/02/1999 17:29|--a------|295] I:\EasyScAl.wph
    [04/02/1999 17:29|--a------|295] I:\EasyScNu.wph
    [12/03/2002 14:58|--a------|196608] I:\editscn.exe
    [14/04/1998 04:00|--a------|51712] I:\erareg.dll
    [13/07/1995 04:00|--a------|26112] I:\Erbfaxbv.dll
    [13/07/1995 04:00|--a------|25600] I:\Erifile.dll
    [14/11/1997 04:00|--a------|64512] I:\Erlexic.dll
    [14/11/1997 04:00|--a------|57344] I:\Erneye.dll
    [04/07/1995 04:00|--a------|861246] I:\ERNPCR.EZN
    [14/11/1997 04:00|--a------|294400] I:\Erpcr.dll
    [21/12/1998 18:16|--a------|379] I:\EsAERMES.wph
    [09/10/2000 17:56|--a------|32768] I:\exchange.dll
    [14/10/1998 01:10|--a------|489] I:\Expresso.wph
    [14/05/1996 04:00|--a------|512] I:\ezrcls.rco
    [20/03/2002 17:48|--a------|4878] I:\FAX0010.CMD
    [15/09/2005 14:11|--a------|512] I:\FAX0010.CNF
    [16/11/2009 09:46|--a------|640] I:\fax0mid.mid
    [27/03/2006 14:54|--a------|1091] I:\FICHIER 2006.dbf
    [27/03/2006 14:54|--a------|288] I:\FICHIER 2006.pkg
    [27/03/2006 14:57|--a------|288] I:\FICHIER 2006.pkx
    [13/01/2000 16:51|--a------|73677] I:\Garantie.cvs
    [14/06/1997 04:00|--a------|67072] I:\graphcnv.dll
    [04/02/2002 13:32|--a------|120] I:\ifax.inf
    [19/02/2007 15:44|--a------|143360] I:\INFOFAX 07.doc
    [08/03/2007 18:32|--a------|115712] I:\infofax10.doc
    [10/12/2001 17:47|--a------|41219] I:\inssuitecmd.exe
    [11/10/2002 14:39|---------|53248] I:\InstalForm.exe
    [13/06/2006 09:19|---------|9336520] I:\Install_MSN_Messenger.EXE
    [11/02/2002 11:13|--a------|204800] I:\internet.dll
    [20/02/1997 04:00|--a------|128000] I:\Jpeg32.dll
    [03/12/1998 01:10|--a------|392] I:\kobbyt.wph
    [29/10/1996 00:21|--a------|10752] I:\libd42mt.dll
    [27/03/1997 00:21|--a------|147456] I:\libdtimt.dll
    [28/05/1997 00:21|--a------|135680] I:\libdxxmt.dll
    [28/05/1997 00:21|--a------|62976] I:\libfaxmt.dll
    [14/04/1997 00:21|--a------|43520] I:\libsrlmt.dll
    [15/04/2003 08:57|---------|3921431] I:\Lisezmoi.rtf
    [15/04/2003 09:22|---------|18855] I:\Lisezmoi702.rtf
    [31/01/2002 14:11|--a------|69632] I:\mailcomm.dll
    [19/03/2002 13:33|--a------|266240] I:\MailKrnl.dll
    [27/10/2000 16:37|--a------|118784] I:\Messages.dll
    [03/11/1999 16:51|--a------|2477] I:\Messages.inf
    [01/12/1999 11:53|--a------|53248] I:\Mincomm1.dll
    [01/12/1999 11:54|--a------|73728] I:\mincomm2.dll
    [05/05/1998 01:10|--a------|422] I:\MinitFT1.wph
    [30/04/1998 01:10|--a------|589] I:\minitFT2.wph
    [05/07/1999 01:10|--a------|590] I:\MinitFT3.wph
    [10/06/1998 01:10|--a------|581] I:\minitSFR.wph
    [21/03/2002 10:52|--a------|944709] I:\Modems.pac
    [18/10/2000 13:52|--a------|32768] I:\MsgVocal.dll
    [15/05/1998 04:00|--a------|119384] I:\NOTIFY.WAV
    [13/11/1996 04:00|--a------|2795] I:\NTPRINT.INF
    [04/06/1998 16:21|--a------|257] I:\NumSMF3.inf
    [14/02/2002 18:19|--a------|36923] I:\OLRegist.dll
    [30/01/2002 09:55|--a------|15207] I:\olregist.mht
    [27/02/2006 09:49|--a------|536] I:\onreg.ini
    [07/06/2000 09:44|--a------|31153] I:\ope.inf
    [14/04/2000 15:45|--a------|362] I:\Orange.wph
    [07/04/2000 22:31|--a------|32768] I:\Pager.dll
    [16/11/2009 09:45|--a------|482] I:\PARAMS.INI
    [01/02/2000 16:52|--a------|98304] I:\PbkFile.dll
    [13/12/2001 23:19|--a------|61699] I:\PbkUtil.exe
    [18/10/2000 13:53|--a------|45056] I:\Pcmes.dll
    [02/03/2000 10:38|--a------|28672] I:\PcmFmt.dll
    [08/09/1999 13:48|--a------|3595] I:\PcmFmt.inf
    [18/10/2000 14:00|--a------|86016] I:\PcmWav.dll
    [01/02/2006 15:53|--a------|2548] I:\PHONEBK.ECH
    [13/12/2001 23:19|--a------|618755] I:\Phonebk.exe
    [09/12/1999 14:25|--a------|3840] I:\PrivScvEmVoc.scv
    [08/09/1999 10:58|--a------|49152] I:\Prpgf2n.dll
    [18/06/1996 04:00|--a------|23552] I:\Redfaxn.dll
    [04/06/1996 04:00|--a------|18944] I:\REGISTER.DLL
    [07/02/1997 04:00|--a------|121344] I:\ROUTDLL.DLL
    [25/07/2006 08:33|--a------|8] I:\RTNUMEMI.DAT
    [25/07/2006 08:33|--a------|5] I:\RTREFREQ.DAT
    [17/11/1994 04:00|--a------|2084] I:\SCANSET.INF
    [09/12/1999 14:26|--a------|3840] I:\ScvEmVoc.scv
    [18/10/2000 13:56|--a------|28672] I:\ScvLib.dll
    [02/11/2000 11:30|--a------|167936] I:\ScvRes.dll
    [16/11/2009 09:46|--a------|90] I:\SelfMode.ini
    [14/02/2002 14:06|--a------|45315] I:\SendComm.exe
    [09/04/2003 10:34|---------|45056] I:\SendFax.exe
    [23/04/2003 16:14|---------|290816] I:\Server.exe
    [16/11/2009 09:45|--a------|431] I:\server.log
    [16/11/2009 09:45|--a------|0] I:\SERVER.LX
    [15/05/1998 04:00|--a------|80856] I:\ServerOut.wav
    [17/09/1998 04:00|--a------|40960] I:\Sff.dll
    [02/12/1997 04:00|--a------|16] I:\SgWph.dat
    [13/03/2002 09:37|--a------|94208] I:\SmtpPop3.exe
    [11/05/2000 14:25|--a------|20480] I:\specialcom.dll
    [13/12/2001 23:18|--a------|176387] I:\StatProg.exe
    [07/12/1998 01:10|--a------|84] I:\tabexpresso.inf
    [01/09/1998 01:10|--a------|93] I:\tabgsm.inf
    [08/09/1998 01:10|--a------|89] I:\tabgsmbouyg.inf
    [04/12/1998 01:10|--a------|82] I:\tabkobby.inf
    [07/12/1998 01:10|--a------|87] I:\tabtatoo.inf
    [13/03/1998 01:10|--a------|103] I:\Tap.wph
    [07/12/1998 01:10|--a------|494] I:\tatoomin.wph
    [13/11/1994 04:00|--a------|9472] I:\TGRED1_8.DLL
    [16/11/2009 09:46|--a------|87] I:\ThreadId.ini
    [05/11/2009 17:39|--ahs----|9216] I:\Thumbs.db
    [04/08/1997 04:00|--a------|52224] I:\Tiff_t31.dll
    [07/10/1999 14:53|--a------|49152] I:\Twscn.dll
    [23/09/1999 11:35|--a------|81920] I:\TxtToPgf.dll
    [06/10/1999 04:00|--a------|127] I:\Txttopgf.ini
    [10/09/1999 01:10|--a------|399] I:\UCP.wph
    [21/08/2000 13:34|--a------|1856] I:\Uniconv.cnv
    [01/12/1999 15:38|--a------|126976] I:\Uniconv.dll
    [18/01/2002 10:02|--a------|61440] I:\uninst2.dll
    [20/04/2005 13:49|--a------|896] I:\USERS.DAT
    [27/09/2001 18:57|--a------|73728] I:\UsRecall.dll
    [13/12/2001 23:19|--a------|35587] I:\Visubin.exe
    [10/06/1999 01:10|--a------|346] I:\VODAFONE.wph
    [18/10/2000 13:57|--a------|28672] I:\VoiceCfg.dll
    [11/08/1999 12:01|--a------|81] I:\VOICECFG.INI
    [27/10/2000 16:40|--a------|221184] I:\VoiceRes.dll
    [18/10/2000 13:58|--a------|49152] I:\VoiceUpd.dll
    [29/11/2000 15:00|--a------|53248] I:\VoicPlay.dll
    [11/08/1999 10:59|--a------|35] I:\VOICPLAY.INI
    [18/10/2000 13:59|--a------|32768] I:\Waves.dll
    [05/02/1997 04:00|--a------|79872] I:\Wdpacn.dll
    [15/09/2005 14:11|--a------|132] I:\WFCOM.DAT
    [11/12/2001 19:35|--a------|102659] I:\Wfcom.exe
    [11/12/2009 10:16|--a------|856] I:\wfcom.ini
    [15/09/2005 14:11|--a------|4] I:\WFCOM.TEL
    [10/12/2001 14:54|--a------|69632] I:\wfcomrc.dll
    [12/11/1998 02:11|--a------|82944] I:\wfgsm.dll
    [14/12/2001 10:49|--a------|65795] I:\Wfmacro.exe
    [12/10/2001 13:21|--a------|428] I:\wfmacros.ini
    [11/12/2001 15:08|--a------|110592] I:\WFP1N.dll
    [07/12/2001 17:08|--a------|786432] I:\wfp2n.dll
    [13/12/2001 23:19|--a------|69891] I:\WFXREGISTER.exe
    [11/02/2000 11:46|--a------|136] I:\wfxregister.ini
    [06/12/1999 14:38|--a------|322] I:\Wfxregister.txt
    [30/05/2000 09:35|--a------|40960] I:\Wgedit.dll
    [10/12/2001 17:47|--a------|270595] I:\Wgedit.exe
    [19/09/2000 14:18|--a------|114688] I:\WhConfig.dll
    [02/03/2006 09:25|--a------|4723] I:\WHCONFIG.INI
    [04/10/2001 10:08|--a------|57344] I:\Wincaps.dll
    [21/03/2002 11:06|--a------|100480] I:\WMODEMS.DAT
    [15/09/2005 14:11|--a------|130672] I:\WMODEMS.NEW
    [01/12/1999 19:15|--a------|28672] I:\WPhServices.exe
    [20/04/2005 13:41|--a------|99] I:\WPhSrv.pdf
    [22/04/2003 15:39|--a------|1920] I:\WPSCMDEX.CNV
    [22/04/2003 15:39|--a------|1920] I:\WSMAILER.CNV
    [28/11/2000 16:41|--a------|69632] I:\WSMAILER.dll
    [22/04/2003 15:39|--a------|1920] I:\WSMAILERCFG.CNV
    [13/12/2001 23:19|--a------|217347] I:\WSMAILERCFG.exe
    [11/04/2003 15:14|---------|270776] I:\Wstation.bmp
    [22/04/2003 15:39|--a------|1920] I:\WSTATION.CNV
    [29/04/2003 15:05|--a------|1155072] I:\WSTATION.exe
    [05/02/1997 04:00|--a------|96768] I:\WunPacLn.dll
    [09/05/1996 04:00|--a------|74752] I:\Wunpacn.dll
    [13/12/2001 23:19|--a------|65795] I:\XView.exe
    [16/07/2009 09:34|--ahs----|39936] J:\Thumbs.db
    [16/12/2009 13:38|--a------|20992] J:\YELLOWJOURNAL.doc
    [09/10/2001 14:39|--a------|4608] P:\CHRISTINE.jwl
    [14/09/2004 11:12|--a------|871936] P:\CINE2002.XLS
    [14/09/2004 11:12|--a------|879104] P:\CINE20021.XLS
    [31/01/2002 10:05|--a------|704512] P:\Proc‚dure de copie sur CDROM.doc
    [14/06/2007 10:07|--a------|297] P:\Raccourci vers wfxreseau sur 'Serveur' (I).lnk
    [14/09/2004 11:03|--a------|38400] P:\SAISON CULTURELLE 2004.doc

    ################## | Vaccination |

    # C:\autorun.inf -> Dossier créé par UsbFix.
    # E:\autorun.inf -> Dossier créé par UsbFix.
    # G:\autorun.inf -> Dossier créé par UsbFix.
    # H:\autorun.inf -> Dossier créé par UsbFix.
    # I:\autorun.inf -> Dossier créé par UsbFix.
    # J:\autorun.inf -> Dossier créé par UsbFix.
    # P:\autorun.inf -> Dossier créé par UsbFix.

    ################## | Cracks / Keygens / Serials |

    ################## | Upload |

    Veuillez envoyer le fichier : C:\DOCUME~1\CRAULT~1.ALV\Bureau\UsbFix_Upload_Me_ALVAC.zip : https://www.ionos.fr/?affiliate_id=77097
    Merci pour votre contribution .
    0
  14. Luxia29 Messages postés 14 Statut Membre
     
    ############################## | UsbFix V6.064 |

    User : c.rault (Administrateurs) # CIG16419
    Update on 16/12/2009 by Chiquitine29, C_XX & Chimay8
    Start at: 16:18:43 | 16/12/2009
    Website : http://pagesperso-orange.fr/NosTools/index.html
    Contact : FindyKill.Contact@gmail.com

    Intel(R) Pentium(R) 4 CPU 3.00GHz
    Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
    Internet Explorer 8.0.6001.18702
    Windows Firewall Status : Enabled

    A:\ -> Lecteur de disquettes 3 ½ pouces
    C:\ -> Disque fixe local # 70,61 Go (56,3 Go free) # NTFS
    D:\ -> Disque CD-ROM
    E:\ -> Disque amovible # 7,45 Go (7,38 Go free) [HP v125w] # FAT32
    G:\ -> Connexion réseau # 26,1 Go (6,28 Go free) [data] # NTFS
    H:\ -> Connexion réseau # 26,1 Go (6,28 Go free) [data] # NTFS
    I:\ -> Connexion réseau # 26,1 Go (6,28 Go free) [data] # NTFS
    J:\ -> Connexion réseau # 26,1 Go (6,28 Go free) [data] # NTFS
    P:\ -> Connexion réseau # 26,1 Go (6,28 Go free) [data] # NTFS

    ############################## | Processus actifs |

    C:\WINDOWS\System32\smss.exe 452
    C:\WINDOWS\system32\csrss.exe 500
    C:\WINDOWS\system32\winlogon.exe 528
    C:\WINDOWS\system32\services.exe 576
    C:\WINDOWS\system32\lsass.exe 588
    C:\WINDOWS\system32\svchost.exe 780
    C:\WINDOWS\system32\svchost.exe 856
    C:\WINDOWS\System32\svchost.exe 928
    C:\WINDOWS\System32\svchost.exe 1024
    C:\WINDOWS\System32\svchost.exe 1080
    C:\WINDOWS\system32\brsvc01a.exe 1176
    C:\WINDOWS\system32\spoolsv.exe 1204
    C:\WINDOWS\system32\brss01a.exe 1248
    C:\WINDOWS\System32\svchost.exe 1504
    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe 1588
    C:\Program Files\CA\eTrust Antivirus\InoRT.exe 1616
    C:\Program Files\CA\eTrust Antivirus\InoTask.exe 1684
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe 1744
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe 1980
    C:\WINDOWS\system32\nvsvc32.exe 2024
    C:\WINDOWS\System32\svchost.exe 168
    C:\Program Files\UltraVNC\WinVNC.exe 264
    C:\WINDOWS\system32\wuauclt.exe 416
    C:\WINDOWS\system32\userinit.exe 484
    C:\WINDOWS\Explorer.EXE 812
    C:\WINDOWS\system32\wbem\wmiprvse.exe 1320
    C:\WINDOWS\System32\alg.exe 1552
    C:\Program Files\UltraVNC\WinVNC.exe 2352
    C:\WINDOWS\system32\userinit.exe 2392

    ################## | Fichiers # Dossiers infectieux |

    Supprimé ! C:\WINDOWS\Temp\a.dat
    Supprimé ! C:\DOCUME~1\CRAULT~1.ALV\LOCALS~1\Temp\a.dat
    Supprimé ! C:\Recycler\S-1-5-21-1715567821-2077806209-725345543-1003
    Supprimé ! C:\Recycler\S-1-5-21-1757981266-854245398-682003330-1118
    Supprimé ! I:\Install\install.exe
    Non supprimé ! I:\server.exe

    ################## | Registre # Clés infectieuses |

    Supprimé ! [HKCU\SOFTWARE\XML]
    Supprimé ! [HKCU\SOFTWARE\ZagrebLand]
    Supprimé ! [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "c.rault"

    ################## | Registre # Mountpoints2 |

    Supprimé ! HKCU\...\Explorer\MountPoints2\{28b68cfa-df1a-11de-8f31-0015f25b9260}\Shell\AutoRun\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{58773645-b300-11dd-80c8-806d6172696f}\Shell\AutoRun\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{58773646-b300-11dd-80c8-806d6172696f}\Shell\AutoRun\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{8f5cbeb8-3aee-11de-8ea2-0015f25b9260}\Shell\AutoRun\Command

    ################## | Listing des fichiers présent |

    [13/11/2008 13:59|--a------|0] C:\AUTOEXEC.BAT
    [14/11/2008 09:11|-rahs----|212] C:\boot.ini
    [28/09/2001 13:00|-rahs----|4952] C:\Bootfont.bin
    [13/11/2008 13:59|--a------|0] C:\CONFIG.SYS
    [13/11/2008 13:59|-rahs----|0] C:\IO.SYS
    [13/11/2008 13:59|-rahs----|0] C:\MSDOS.SYS
    [14/11/2008 09:08|-rahs----|47564] C:\NTDETECT.COM
    [14/11/2008 09:25|-rahs----|252240] C:\ntldr
    [?|?|?] C:\pagefile.sys
    [16/12/2009 16:26|--a------|3753] C:\UsbFix.txt
    [08/12/2009 15:05|--a------|398848] E:\partenairefinistre09.xls
    [15/12/2009 10:36|--a------|20992] E:\ACTION PROFESSIONNELLE.doc
    [16/12/2009 12:43|--a------|23552] E:\Document 2.doc
    [16/12/2009 15:47|--a------|49664] E:\Rapport de stage.doc
    [15/12/2009 11:55|--a------|26112] E:\FICHE DESCRIPTIVE.doc
    [15/12/2009 12:48|--a------|26112] E:\REUNION SUR LE CESU.doc
    [15/12/2009 13:54|--a------|4499] E:\attestation_de_stage[1].pdf
    [04/03/2008 14:23|--a------|17625600] E:\DIAPORAMA ALVAC.ppt
    [23/05/2007 12:14|--a------|262656] G:\afficherencontre.doc
    [22/06/2006 17:29|--a------|27648] G:\Bilan des Rencontres des ‚lus de CE.doc
    [13/02/2009 15:29|--a------|588288] G:\cin‚ma08.xls
    [12/06/2009 09:00|--a------|200704] G:\cin‚ma09.xls
    [27/07/2007 17:49|--a------|480] G:\ISO2.nri
    [21/08/2006 15:10|--a------|77824] G:\Reinitialisation_Vues_C_Huit.Fep
    [17/07/2009 18:04|--a------|6424] G:\Sauvegarde 17juillet09.nri
    [10/07/1995 16:25|--a------|4363] G:\SeqTexte.ini
    [18/01/2007 17:20|--a------|4687] G:\SeqTexte.ini.TXT
    [24/01/2008 18:19|--a------|177707] G:\visuel08.pdf
    [25/11/2008 16:33|--a------|2419511] G:\visuel09.pdf
    [21/07/2000 10:06|--a------|36864] I:\Aboutn.dll
    [09/04/2003 11:22|---------|354] I:\Aboutn.ini
    [18/10/2000 13:47|--a------|32768] I:\AcmConv.dll
    [11/04/2003 15:14|---------|270776] I:\Admin.bmp
    [21/08/2000 13:34|--a------|1856] I:\ADMIN.CNV
    [29/04/2003 15:25|--a------|978944] I:\admin.exe
    [10/02/2000 15:40|--a------|305] I:\Admin.reg
    [05/05/1998 01:10|--a------|470] I:\alphapg1.wph
    [05/05/1998 01:10|--a------|470] I:\alphapg4.wph
    [04/05/1998 01:10|--a------|470] I:\Alphapg8.wph
    [27/06/2006 11:33|--a------|462605] I:\ANNUAIREWS.dbf
    [03/04/2006 13:46|--a------|480] I:\ANNUAIREWS.pkg
    [25/07/2006 08:30|--a------|122848] I:\ANNUAIREWS.pkx
    [14/12/2000 15:17|--a------|73728] I:\Answer.dll
    [28/02/2002 15:14|--a------|221184] I:\AppLic.dll
    [14/12/2001 10:51|--a------|188416] I:\AppLic2.dll
    [20/04/2005 13:42|--a------|0] I:\AUTORUN.728
    [10/11/1999 02:11|--a------|539] I:\BouygMin.wph
    [15/02/2000 10:51|--a------|325070] I:\BROOK.PAC
    [16/06/1999 16:52|--a------|227840] I:\BTDLLD.DLL
    [10/02/2000 12:12|--a------|20480] I:\BVRP98.dll
    [18/03/2002 15:02|--a------|262144] I:\BVRPArc.dll
    [06/02/2002 17:49|--a------|196608] I:\BVRPCTLn.dll
    [06/07/1999 17:07|--a------|167936] I:\BVRPfc.dll
    [19/10/2001 08:58|--a------|57405] I:\BVRPNac.dll
    [24/01/2001 16:35|--a------|36864] I:\BVRPNet.dll
    [02/01/2002 13:48|--a------|81920] I:\BvrpWd.wll
    [04/07/2000 12:19|--a------|71936] I:\BVRPWF.DRV
    [25/09/2002 10:16|---------|36864] I:\CaptureAuto.exe
    [16/10/2002 09:57|---------|2274581] I:\CaptureFax.exe
    [30/01/2006 17:15|--a------|1091] I:\CE 2006.dbf
    [01/02/2006 15:48|--a------|288] I:\CE 2006.pkg
    [27/03/2006 16:05|--a------|288] I:\CE 2006.pkx
    [24/12/1998 10:34|--a------|256] I:\ChaERMES.inf
    [05/06/1998 15:58|--a------|256] I:\CharSMF3.inf
    [17/03/1998 01:10|--a------|256] I:\CHARTAP0.INF
    [12/01/2000 19:23|--a------|40960] I:\CnfRep.dll
    [02/01/2002 14:55|--a------|77824] I:\CoBvrpWd.dll
    [17/01/1997 04:00|--a------|76288] I:\COLOR32.DLL
    [15/09/2005 14:11|--a------|896] I:\COMLINES.DAT
    [18/10/2000 13:49|--a------|28672] I:\ComLines.dll
    [16/11/2009 09:46|--a------|640] I:\ConfIP.bin
    [01/02/2000 12:11|--a------|3476] I:\country.ini
    [20/07/2000 18:52|--a------|45056] I:\Cvs2pgfn.dll
    [30/05/2000 10:16|--a------|40960] I:\Cvsedit.dll
    [10/12/2001 17:47|--a------|225539] I:\Cvsedit.exe
    [20/04/2005 13:42|--a------|22755] I:\DeIsL1.isu
    [02/03/1998 04:00|--a------|31232] I:\Dfansin.dll
    [20/06/1996 04:00|--a------|31232] I:\Dfasciin.dll
    [20/06/1996 04:00|--a------|31232] I:\Dfasctyn.dll
    [03/03/1998 04:00|--a------|48640] I:\dfpgf2n.dll
    [20/10/1999 15:36|--a------|24576] I:\Dgcatn.dll
    [04/04/2000 10:27|--a------|49152] I:\Dgccittn.dll
    [18/06/1996 04:00|--a------|20480] I:\Dgmrgn.dll
    [18/06/1996 04:00|--a------|18944] I:\Dgred8.dll
    [07/03/2000 15:43|--a------|36864] I:\Dgubmpn.dll
    [07/03/2000 15:43|--a------|40960] I:\Dguconvn.dll
    [07/03/2000 15:43|--a------|36864] I:\Dgugifn.dll
    [07/03/2000 15:43|--a------|65536] I:\Dgujpegn.dll
    [07/03/2000 15:43|--a------|36864] I:\Dgupcxn.dll
    [29/04/2003 16:47|--a------|65536] I:\dgutiffn.dll
    [09/11/2000 19:06|--a------|45056] I:\DocBase.dll
    [18/10/2000 13:50|--a------|32768] I:\DocLib.dll
    [13/12/2000 15:21|--a------|53248] I:\DrawBt.dll
    [04/02/1999 17:29|--a------|295] I:\EasyScAl.wph
    [04/02/1999 17:29|--a------|295] I:\EasyScNu.wph
    [12/03/2002 14:58|--a------|196608] I:\editscn.exe
    [14/04/1998 04:00|--a------|51712] I:\erareg.dll
    [13/07/1995 04:00|--a------|26112] I:\Erbfaxbv.dll
    [13/07/1995 04:00|--a------|25600] I:\Erifile.dll
    [14/11/1997 04:00|--a------|64512] I:\Erlexic.dll
    [14/11/1997 04:00|--a------|57344] I:\Erneye.dll
    [04/07/1995 04:00|--a------|861246] I:\ERNPCR.EZN
    [14/11/1997 04:00|--a------|294400] I:\Erpcr.dll
    [21/12/1998 18:16|--a------|379] I:\EsAERMES.wph
    [09/10/2000 17:56|--a------|32768] I:\exchange.dll
    [14/10/1998 01:10|--a------|489] I:\Expresso.wph
    [14/05/1996 04:00|--a------|512] I:\ezrcls.rco
    [20/03/2002 17:48|--a------|4878] I:\FAX0010.CMD
    [15/09/2005 14:11|--a------|512] I:\FAX0010.CNF
    [16/11/2009 09:46|--a------|640] I:\fax0mid.mid
    [27/03/2006 14:54|--a------|1091] I:\FICHIER 2006.dbf
    [27/03/2006 14:54|--a------|288] I:\FICHIER 2006.pkg
    [27/03/2006 14:57|--a------|288] I:\FICHIER 2006.pkx
    [13/01/2000 16:51|--a------|73677] I:\Garantie.cvs
    [14/06/1997 04:00|--a------|67072] I:\graphcnv.dll
    [04/02/2002 13:32|--a------|120] I:\ifax.inf
    [19/02/2007 15:44|--a------|143360] I:\INFOFAX 07.doc
    [08/03/2007 18:32|--a------|115712] I:\infofax10.doc
    [10/12/2001 17:47|--a------|41219] I:\inssuitecmd.exe
    [11/10/2002 14:39|---------|53248] I:\InstalForm.exe
    [13/06/2006 09:19|---------|9336520] I:\Install_MSN_Messenger.EXE
    [11/02/2002 11:13|--a------|204800] I:\internet.dll
    [20/02/1997 04:00|--a------|128000] I:\Jpeg32.dll
    [03/12/1998 01:10|--a------|392] I:\kobbyt.wph
    [29/10/1996 00:21|--a------|10752] I:\libd42mt.dll
    [27/03/1997 00:21|--a------|147456] I:\libdtimt.dll
    [28/05/1997 00:21|--a------|135680] I:\libdxxmt.dll
    [28/05/1997 00:21|--a------|62976] I:\libfaxmt.dll
    [14/04/1997 00:21|--a------|43520] I:\libsrlmt.dll
    [15/04/2003 08:57|---------|3921431] I:\Lisezmoi.rtf
    [15/04/2003 09:22|---------|18855] I:\Lisezmoi702.rtf
    [31/01/2002 14:11|--a------|69632] I:\mailcomm.dll
    [19/03/2002 13:33|--a------|266240] I:\MailKrnl.dll
    [27/10/2000 16:37|--a------|118784] I:\Messages.dll
    [03/11/1999 16:51|--a------|2477] I:\Messages.inf
    [01/12/1999 11:53|--a------|53248] I:\Mincomm1.dll
    [01/12/1999 11:54|--a------|73728] I:\mincomm2.dll
    [05/05/1998 01:10|--a------|422] I:\MinitFT1.wph
    [30/04/1998 01:10|--a------|589] I:\minitFT2.wph
    [05/07/1999 01:10|--a------|590] I:\MinitFT3.wph
    [10/06/1998 01:10|--a------|581] I:\minitSFR.wph
    [21/03/2002 10:52|--a------|944709] I:\Modems.pac
    [18/10/2000 13:52|--a------|32768] I:\MsgVocal.dll
    [15/05/1998 04:00|--a------|119384] I:\NOTIFY.WAV
    [13/11/1996 04:00|--a------|2795] I:\NTPRINT.INF
    [04/06/1998 16:21|--a------|257] I:\NumSMF3.inf
    [14/02/2002 18:19|--a------|36923] I:\OLRegist.dll
    [30/01/2002 09:55|--a------|15207] I:\olregist.mht
    [27/02/2006 09:49|--a------|536] I:\onreg.ini
    [07/06/2000 09:44|--a------|31153] I:\ope.inf
    [14/04/2000 15:45|--a------|362] I:\Orange.wph
    [07/04/2000 22:31|--a------|32768] I:\Pager.dll
    [16/11/2009 09:45|--a------|482] I:\PARAMS.INI
    [01/02/2000 16:52|--a------|98304] I:\PbkFile.dll
    [13/12/2001 23:19|--a------|61699] I:\PbkUtil.exe
    [18/10/2000 13:53|--a------|45056] I:\Pcmes.dll
    [02/03/2000 10:38|--a------|28672] I:\PcmFmt.dll
    [08/09/1999 13:48|--a------|3595] I:\PcmFmt.inf
    [18/10/2000 14:00|--a------|86016] I:\PcmWav.dll
    [01/02/2006 15:53|--a------|2548] I:\PHONEBK.ECH
    [13/12/2001 23:19|--a------|618755] I:\Phonebk.exe
    [09/12/1999 14:25|--a------|3840] I:\PrivScvEmVoc.scv
    [08/09/1999 10:58|--a------|49152] I:\Prpgf2n.dll
    [18/06/1996 04:00|--a------|23552] I:\Redfaxn.dll
    [04/06/1996 04:00|--a------|18944] I:\REGISTER.DLL
    [07/02/1997 04:00|--a------|121344] I:\ROUTDLL.DLL
    [25/07/2006 08:33|--a------|8] I:\RTNUMEMI.DAT
    [25/07/2006 08:33|--a------|5] I:\RTREFREQ.DAT
    [17/11/1994 04:00|--a------|2084] I:\SCANSET.INF
    [09/12/1999 14:26|--a------|3840] I:\ScvEmVoc.scv
    [18/10/2000 13:56|--a------|28672] I:\ScvLib.dll
    [02/11/2000 11:30|--a------|167936] I:\ScvRes.dll
    [16/11/2009 09:46|--a------|90] I:\SelfMode.ini
    [14/02/2002 14:06|--a------|45315] I:\SendComm.exe
    [09/04/2003 10:34|---------|45056] I:\SendFax.exe
    [23/04/2003 16:14|---------|290816] I:\Server.exe
    [16/11/2009 09:45|--a------|431] I:\server.log
    [16/11/2009 09:45|--a------|0] I:\SERVER.LX
    [15/05/1998 04:00|--a------|80856] I:\ServerOut.wav
    [17/09/1998 04:00|--a------|40960] I:\Sff.dll
    [02/12/1997 04:00|--a------|16] I:\SgWph.dat
    [13/03/2002 09:37|--a------|94208] I:\SmtpPop3.exe
    [11/05/2000 14:25|--a------|20480] I:\specialcom.dll
    [13/12/2001 23:18|--a------|176387] I:\StatProg.exe
    [07/12/1998 01:10|--a------|84] I:\tabexpresso.inf
    [01/09/1998 01:10|--a------|93] I:\tabgsm.inf
    [08/09/1998 01:10|--a------|89] I:\tabgsmbouyg.inf
    [04/12/1998 01:10|--a------|82] I:\tabkobby.inf
    [07/12/1998 01:10|--a------|87] I:\tabtatoo.inf
    [13/03/1998 01:10|--a------|103] I:\Tap.wph
    [07/12/1998 01:10|--a------|494] I:\tatoomin.wph
    [13/11/1994 04:00|--a------|9472] I:\TGRED1_8.DLL
    [16/11/2009 09:46|--a------|87] I:\ThreadId.ini
    [05/11/2009 17:39|--ahs----|9216] I:\Thumbs.db
    [04/08/1997 04:00|--a------|52224] I:\Tiff_t31.dll
    [07/10/1999 14:53|--a------|49152] I:\Twscn.dll
    [23/09/1999 11:35|--a------|81920] I:\TxtToPgf.dll
    [06/10/1999 04:00|--a------|127] I:\Txttopgf.ini
    [10/09/1999 01:10|--a------|399] I:\UCP.wph
    [21/08/2000 13:34|--a------|1856] I:\Uniconv.cnv
    [01/12/1999 15:38|--a------|126976] I:\Uniconv.dll
    [18/01/2002 10:02|--a------|61440] I:\uninst2.dll
    [20/04/2005 13:49|--a------|896] I:\USERS.DAT
    [27/09/2001 18:57|--a------|73728] I:\UsRecall.dll
    [13/12/2001 23:19|--a------|35587] I:\Visubin.exe
    [10/06/1999 01:10|--a------|346] I:\VODAFONE.wph
    [18/10/2000 13:57|--a------|28672] I:\VoiceCfg.dll
    [11/08/1999 12:01|--a------|81] I:\VOICECFG.INI
    [27/10/2000 16:40|--a------|221184] I:\VoiceRes.dll
    [18/10/2000 13:58|--a------|49152] I:\VoiceUpd.dll
    [29/11/2000 15:00|--a------|53248] I:\VoicPlay.dll
    [11/08/1999 10:59|--a------|35] I:\VOICPLAY.INI
    [18/10/2000 13:59|--a------|32768] I:\Waves.dll
    [05/02/1997 04:00|--a------|79872] I:\Wdpacn.dll
    [15/09/2005 14:11|--a------|132] I:\WFCOM.DAT
    [11/12/2001 19:35|--a------|102659] I:\Wfcom.exe
    [11/12/2009 10:16|--a------|856] I:\wfcom.ini
    [15/09/2005 14:11|--a------|4] I:\WFCOM.TEL
    [10/12/2001 14:54|--a------|69632] I:\wfcomrc.dll
    [12/11/1998 02:11|--a------|82944] I:\wfgsm.dll
    [14/12/2001 10:49|--a------|65795] I:\Wfmacro.exe
    [12/10/2001 13:21|--a------|428] I:\wfmacros.ini
    [11/12/2001 15:08|--a------|110592] I:\WFP1N.dll
    [07/12/2001 17:08|--a------|786432] I:\wfp2n.dll
    [13/12/2001 23:19|--a------|69891] I:\WFXREGISTER.exe
    [11/02/2000 11:46|--a------|136] I:\wfxregister.ini
    [06/12/1999 14:38|--a------|322] I:\Wfxregister.txt
    [30/05/2000 09:35|--a------|40960] I:\Wgedit.dll
    [10/12/2001 17:47|--a------|270595] I:\Wgedit.exe
    [19/09/2000 14:18|--a------|114688] I:\WhConfig.dll
    [02/03/2006 09:25|--a------|4723] I:\WHCONFIG.INI
    [04/10/2001 10:08|--a------|57344] I:\Wincaps.dll
    [21/03/2002 11:06|--a------|100480] I:\WMODEMS.DAT
    [15/09/2005 14:11|--a------|130672] I:\WMODEMS.NEW
    [01/12/1999 19:15|--a------|28672] I:\WPhServices.exe
    [20/04/2005 13:41|--a------|99] I:\WPhSrv.pdf
    [22/04/2003 15:39|--a------|1920] I:\WPSCMDEX.CNV
    [22/04/2003 15:39|--a------|1920] I:\WSMAILER.CNV
    [28/11/2000 16:41|--a------|69632] I:\WSMAILER.dll
    [22/04/2003 15:39|--a------|1920] I:\WSMAILERCFG.CNV
    [13/12/2001 23:19|--a------|217347] I:\WSMAILERCFG.exe
    [11/04/2003 15:14|---------|270776] I:\Wstation.bmp
    [22/04/2003 15:39|--a------|1920] I:\WSTATION.CNV
    [29/04/2003 15:05|--a------|1155072] I:\WSTATION.exe
    [05/02/1997 04:00|--a------|96768] I:\WunPacLn.dll
    [09/05/1996 04:00|--a------|74752] I:\Wunpacn.dll
    [13/12/2001 23:19|--a------|65795] I:\XView.exe
    [16/07/2009 09:34|--ahs----|39936] J:\Thumbs.db
    [16/12/2009 13:38|--a------|20992] J:\YELLOWJOURNAL.doc
    [09/10/2001 14:39|--a------|4608] P:\CHRISTINE.jwl
    [14/09/2004 11:12|--a------|871936] P:\CINE2002.XLS
    [14/09/2004 11:12|--a------|879104] P:\CINE20021.XLS
    [31/01/2002 10:05|--a------|704512] P:\Proc‚dure de copie sur CDROM.doc
    [14/06/2007 10:07|--a------|297] P:\Raccourci vers wfxreseau sur 'Serveur' (I).lnk
    [14/09/2004 11:03|--a------|38400] P:\SAISON CULTURELLE 2004.doc

    ################## | Vaccination |

    # C:\autorun.inf -> Dossier créé par UsbFix.
    # E:\autorun.inf -> Dossier créé par UsbFix.
    # G:\autorun.inf -> Dossier créé par UsbFix.
    # H:\autorun.inf -> Dossier créé par UsbFix.
    # I:\autorun.inf -> Dossier créé par UsbFix.
    # J:\autorun.inf -> Dossier créé par UsbFix.
    # P:\autorun.inf -> Dossier créé par UsbFix.

    ################## | Cracks / Keygens / Serials |

    ################## | Upload |
    0
  15. flo-91 Messages postés 5973 Statut Contributeur sécurité 1 120
     
    Peux-tu maintenant faire malwarebytes comme post 5 maintenant ?
    0
  16. Luxia29 Messages postés 14 Statut Membre
     
    Oui ! Ca marche maintenant, je le fais tout de suite ! :)
    Merci
    0
  17. Luxia29 Messages postés 14 Statut Membre
     
    J'aurai pas le temps de finir l'analyse aujourd'hui, je dois libérer le poste informatique !
    Je continuerai demain !
    Encore merci beaucoup !
    0
  18. Luxia29 Messages postés 14 Statut Membre
     
    Malwarebytes' Anti-Malware 1.42
    Version de la base de données: 3379
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    17/12/2009 10:27:15
    mbam-log-2009-12-17 (10-27-12).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 212018
    Temps écoulé: 44 minute(s), 43 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 2
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 6

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Videocan (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Documents and Settings\C.RAULT.ALVAC\huces.exe (Trojan.Downloader) -> No action taken.
    C:\System Volume Information\_restore{73B805CC-2830-47BE-AA94-B6532C5C9198}\RP236\A0032135.exe (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\C.RAULT.ALVAC\Bureau\Personal Security.lnk (Rogue.PSecurity) -> No action taken.
    C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> No action taken.
    C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\C.RAULT.ALVAC\Local Settings\Temp\sshnas.dll (Trojan.FakeAlert) -> No action taken.
    0
  19. Luxia29 Messages postés 14 Statut Membre
     
    Je crois qu'il a été supprimé, il ne figure plus dans les programmes !
    Merci beaucoup pour ton aide !
    0
  20. Luxia29 Messages postés 14 Statut Membre
     
    J'ai refait un scan avec SUPERantispyware, voilà le rapport :
    SUPERAntiSpyware Scan Log
    https://www.superantispyware.com/

    Generated 12/17/2009 at 11:00 AM

    Application Version : 4.31.1000

    Core Rules Database Version : 4378
    Trace Rules Database Version: 2217

    Scan type : Complete Scan
    Total Scan Time : 00:25:36

    Memory items scanned : 453
    Memory threats detected : 1
    Registry items scanned : 4472
    Registry threats detected : 0
    File items scanned : 27371
    File threats detected : 20

    Rogue.XP AntiVirus/Resident
    C:\PROGRAM FILES\PERSONALSEC\PSECURITY.EXE
    C:\PROGRAM FILES\PERSONALSEC\PSECURITY.EXE
    C:\WINDOWS\Prefetch\PSECURITY.EXE-24F79E0B.pf

    Adware.Tracking Cookie
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@doubleclick[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@weborama[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@serving-sys[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@ad.yieldmanager[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@virginmobile.solution.weborama[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@tradedoubler[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@bluestreak[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@smartadserver[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@bouyguestelecom.solution.weborama[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@boursoramabanque.solution.weborama[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@t.bbtrack[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@xiti[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@msnportal.112.2o7[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@atdmt[1].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@adtech[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@ttbmanutan.solution.weborama[2].txt
    C:\Documents and Settings\C.RAULT.ALVAC\Cookies\c.rault@aimfar.solution.weborama[1].txt

    Trojan.Agent/Gen-Nullo[Short]
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{73B805CC-2830-47BE-AA94-B6532C5C9198}\RP236\A0034281.EXE
    0
  21. flo-91 Messages postés 5973 Statut Contributeur sécurité 1 120
     
    Ok, :


    /!\ Desactive ton antivirus le temps de la manip ainsi que ton parefeu et antispyware si présent /!\


    > Télécharge List&Kill'em et enregistre le sur ton bureau ici :

    http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem.zip

    > dezippe-le , (clic droit/ extraire.....)

    Il ne necessite pas d'installation

    >double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan

    choisis la langue puis choisis l'option 1 = Mode Recherche

    >laisse travailler l'outil

    >Poste le contenu du rapport qui s'ouvre
    0
  • 1
  • 2