Se connecter / S'enregistrer
Votre question

TR/crypt.xpack.gen + TR/vundo.gen= SOS trojan

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
9 Juillet 2008 14:31:15

Bonjour,

Je me permets de réitérer une question déjà posée sur ce forum, en l'occurence comment se débarrasser des trojan cités ci-dessus.

J'ai suivi les instructions vu sur les autres topics, mais je n'arrvie qu'à nettoyer partiellement mon PC, des morceaux subsistent ici et là, enfin surtout dans les dossiers "system volume information" de mes disques durs.

Bref si une âme charitable peut m'aider à faire le ménage ce serait sympa.

Merci d'avance.

Autres pages sur : crypt xpack gen vundo gen sos trojan

9 Juillet 2008 14:32:13

Bonjour,

Télécharge Hijackthis (de Trend Micro) sur ton Bureau.

  • Double clique sur HJTInstall.exe pour lancer l'installation.
  • Clique sur Install.
  • Double clique sur le raccourci d'HijackThis qui vient d'être créé pour le lancer. (Clique droit -> lancer en tant qu'admin si sous Vista)
  • Accepte la licence en cliquant sur Yes.
  • Clique sur Do a system scan and save a logfile.
  • Poste ici le rapport généré.

    Note : Le rapport se trouve également ici : C:\Program Files\Trend Micro\Hijackthis\Hijackthis.log

    Aide : Comment utiliser HijackThis.
    9 Juillet 2008 14:43:37

    Merci pour l'aide, Hijackthis a été mon premier réflexe après avoir compris que j'avais choppé des virus, il m'a permis de nettoyer quelques virus mais c'était des anciens 8/

    Bref le dernier log donne ça:

    Logfile of HijackThis v1.99.1
    Scan saved at 14:45:24, on 09/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\HHVcdV5Sys\VC5SecS.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\HHVcdV5Sys\VC5Play.exe
    C:\Program Files\Orange\Systray\SystrayApp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Virtual CD v5\System\VC5Tray.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Orange\Deskboard\deskboard.exe
    C:\Program Files\Orange\connectivity\connectivitymanager.exe
    C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
    C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\MSN Messenger\livecall.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\bellerophon\Bureau\photo\le sauveur du pc\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [VC5Player] C:\Program Files\HHVcdV5Sys\VC5Play.exe
    O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
    O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
    O4 - Startup: TribalWeb.net.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O15 - Trusted Zone: http://www.orange.fr
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9C373394-F081-4546-8C54-FFBCE13D6DCB}: NameServer = 80.10.246.2,80.10.246.129
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: DiRT Drivers Auto Removal (pr2ah4nb) (pr2ah4nb) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nb.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
    O23 - Service: Virtual CD v5 Security service (VC5SecS) - H+H Software GmbH - C:\Program Files\HHVcdV5Sys\VC5SecS.exe
    O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Unknown owner - C:\Program Files\Inventel\Gateway\wlancfg.exe (file missing)
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    Contenus similaires
    9 Juillet 2008 15:15:56

    Re,

    Le rapport est propre (pas d'infection visible).
    9 Juillet 2008 15:22:44

    Ouais c'est ce qui me semblait, pourtant quand je lance un scan Antivir, il retrouve dans mes dossiers "System volume information" de mes DD c: d: e: o: les fameux TR/crypt.xpack.gen + TR/vundo.gen.

    Voici d'ailleurs le log d'antivir:

    Avira AntiVir Personal
    Report file date: mardi 8 juillet 2008 14:11

    Scanning for 1381683 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: BELLEROPHON

    Version information:
    BUILD.DAT : 8.1.0.308 16478 Bytes 28/05/2008 17:03:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 26/04/2008 18:15:31
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 26/04/2008 18:15:31
    LUKE.DLL : 8.1.2.9 151809 Bytes 26/04/2008 18:15:31
    LUKERES.DLL : 8.1.2.1 12033 Bytes 26/04/2008 18:15:31
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 12:51:55
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:58:44
    ANTIVIR2.VDF : 7.0.5.51 273408 Bytes 04/07/2008 13:14:03
    ANTIVIR3.VDF : 7.0.5.56 37376 Bytes 07/07/2008 13:14:04
    Engineversion : 8.1.0.64
    AEVDF.DLL : 8.1.0.5 102772 Bytes 26/04/2008 18:15:32
    AESCRIPT.DLL : 8.1.0.46 283002 Bytes 02/07/2008 16:09:18
    AESCN.DLL : 8.1.0.22 119157 Bytes 30/06/2008 13:59:05
    AERDL.DLL : 8.1.0.20 418165 Bytes 26/04/2008 18:15:32
    AEPACK.DLL : 8.1.1.6 364918 Bytes 30/06/2008 13:59:03
    AEOFFICE.DLL : 8.1.0.20 192891 Bytes 30/06/2008 13:59:00
    AEHEUR.DLL : 8.1.0.35 1298806 Bytes 02/07/2008 16:09:16
    AEHELP.DLL : 8.1.0.15 115063 Bytes 30/05/2008 12:47:42
    AEGEN.DLL : 8.1.0.29 307573 Bytes 30/06/2008 13:58:49
    AEEMU.DLL : 8.1.0.6 430451 Bytes 08/05/2008 18:06:39
    AECORE.DLL : 8.1.0.32 168311 Bytes 02/07/2008 16:09:07
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 26/04/2008 18:15:31
    AVPREF.DLL : 8.0.0.1 25857 Bytes 26/04/2008 18:15:31
    AVREP.DLL : 7.0.0.1 155688 Bytes 23/04/2007 22:15:17
    AVREG.DLL : 8.0.0.0 30977 Bytes 26/04/2008 18:15:31
    AVARKT.DLL : 1.0.0.23 307457 Bytes 26/04/2008 18:15:31
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 26/04/2008 18:15:31
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 26/04/2008 18:15:31
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 26/04/2008 18:15:31
    NETNT.DLL : 8.0.0.1 7937 Bytes 26/04/2008 18:15:31
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 26/04/2008 18:15:29
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 26/04/2008 18:15:29

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, D:, E:, O:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: mardi 8 juillet 2008 14:11

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'utplqtui.exe' - '1' Module(s) have been scanned
    Scan process 'avirarkd.exe' - '1' Module(s) have been scanned
    Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
    Scan process 'FTCOMModule.exe' - '1' Module(s) have been scanned
    Scan process 'OraConfigRecover.exe' - '1' Module(s) have been scanned
    Scan process 'CoreCom.exe' - '1' Module(s) have been scanned
    Scan process 'ConnectivityManager.exe' - '1' Module(s) have been scanned
    Scan process 'Deskboard.exe' - '1' Module(s) have been scanned
    Scan process 'CCC.exe' - '1' Module(s) have been scanned
    Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
    Scan process 'VC5Tray.exe' - '1' Module(s) have been scanned
    Scan process 'AlertModule.exe' - '1' Module(s) have been scanned
    Scan process 'MOM.exe' - '1' Module(s) have been scanned
    Scan process 'SystrayApp.exe' - '1' Module(s) have been scanned
    Scan process 'VC5Play.exe' - '1' Module(s) have been scanned
    Scan process 'dragdiag.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'CLSched.exe' - '1' Module(s) have been scanned
    Scan process 'VC5SecS.exe' - '1' Module(s) have been scanned
    Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
    Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
    Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'nSvcLog.exe' - '1' Module(s) have been scanned
    Scan process 'nSvcIp.exe' - '1' Module(s) have been scanned
    Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
    Scan process 'CLMLServer.exe' - '1' Module(s) have been scanned
    Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    48 processes with 48 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    Master boot sector HD2
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.
    Master boot sector HD3
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.
    Master boot sector HD4
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.
    Master boot sector HD5
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!
    Boot sector 'E:\'
    [INFO] No virus was found!
    Boot sector 'O:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '29' files ).


    Starting the file scan:

    Begin scan in 'C:\' <BOOT>
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\System Volume Information\_restore{1C714A9C-992B-43ED-8366-D7FDDF1AF384}\RP734\A0160154.dll
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was moved to '48a49460.qua'!
    C:\System Volume Information\_restore{1C714A9C-992B-43ED-8366-D7FDDF1AF384}\RP735\A0160246.exe
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '48a49467.qua'!
    C:\System Volume Information\_restore{1C714A9C-992B-43ED-8366-D7FDDF1AF384}\RP735\A0160247.dll
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was moved to '48a4946a.qua'!
    C:\System Volume Information\_restore{1C714A9C-992B-43ED-8366-D7FDDF1AF384}\RP735\A0160300.com
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '48a4946c.qua'!
    Begin scan in 'D:\' <BACKUP>
    D:\qxbx9blb.com
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '48d59c84.qua'!
    D:\System Volume Information\_restore{1C714A9C-992B-43ED-8366-D7FDDF1AF384}\RP736\A0160467.com
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '48a4a13f.qua'!
    Begin scan in 'E:\' <RECOVER>
    E:\qxbx9blb.com
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '48d5b59d.qua'!
    E:\System Volume Information\_restore{1C714A9C-992B-43ED-8366-D7FDDF1AF384}\RP736\A0160468.com
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '48a4b558.qua'!
    Begin scan in 'O:\' <DATA>
    O:\qxbx9blb.com
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '48d5b5a4.qua'!
    O:\System Volume Information\_restore{1C714A9C-992B-43ED-8366-D7FDDF1AF384}\RP736\A0160469.com
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '48a4b5c0.qua'!


    End of the scan: mardi 8 juillet 2008 19:47
    Used time: 5:36:10 min

    The scan has been done completely.

    15971 Scanning directories
    529068 Files were scanned
    10 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    10 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    529058 Files not concerned
    9412 Archives were scanned
    6 Warnings
    10 Notes


    Bref je ne sais sur quel pied danser...
    9 Juillet 2008 15:59:26

    C'est la restauration système, rien de grave.

    Télécharge Flash Disinfector (de sUBs) sur ton Bureau.

  • Connecte tous les périphériques externes. ( DD , USB , ..... )
  • Double clique sur Flash Disinfector et laisse toi guider.

    *********

    On va vérifier s'il en reste mais je ne pense pas :

    Télécharge ComboFix (de sUBs) sur ton Bureau.

  • Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
  • Double clique sur ComboFix.exe.
  • Accepte la licence en cliquant sur Oui.
  • Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

    Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

    Aide : Comment utiliser ComboFix.
    9 Juillet 2008 16:09:47

    Hmmm j'ai déjà passer plusieurs coups de ComboFix, je vais en refaire un, je retrouve plus le dernier log.

    Flash Disinfector je l'ai déjà passé.

    Merci pour les conseils.
    9 Juillet 2008 17:55:56

    Voila le rapport ComboFix, tout chaud:


    ComboFix 08-07-05.1 - bellerophon 2008-07-09 17:24:43.4 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1378 [GMT 1:00]
    Endroit: C:\Documents and Settings\bellerophon\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\bellerophon\Local Settings\Temporary Internet Files\Vaccin_USB-Lisez_moi.html

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-06-09 to 2008-07-09 ))))))))))))))))))))))))))))))))))))
    .

    2008-07-09 15:25 . 2008-07-09 15:25 <REP> d-------- C:\WINDOWS\LastGood
    2008-07-09 15:25 . 2008-07-09 15:25 <REP> d-------- C:\Program Files\Panda Security
    2008-07-09 15:25 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
    2008-07-09 12:35 . 2008-07-09 12:35 <REP> drahs---- C:\winfile.exe
    2008-07-09 12:35 . 2008-07-09 12:35 <REP> drahs---- C:\temp2.exe
    2008-07-09 12:35 . 2008-07-09 12:35 <REP> drahs---- C:\temp1.exe
    2008-07-09 12:35 . 2008-07-09 12:35 <REP> drahs---- C:\temp.exe
    2008-07-09 12:35 . 2008-07-09 12:35 <REP> drahs---- C:\ravmon.exe
    2008-07-09 12:35 . 2008-07-09 12:35 <REP> drahs---- C:\msvcr71.dll
    2008-07-09 12:35 . 2008-07-09 12:35 <REP> drahs---- C:\host.exe
    2008-07-09 12:35 . 2008-07-09 12:35 <REP> drahs---- C:\copy.exe
    2008-07-09 12:35 . 2008-07-09 12:35 <REP> drahs---- C:\comment.htt
    2008-07-09 12:35 . 2008-07-09 12:35 <REP> drahs---- C:\adober.exe
    2008-07-09 12:34 . 2008-07-09 12:33 167,936 --a------ C:\VaccinUSB.exe
    2008-07-08 14:05 . 2008-07-08 14:05 <REP> d-------- C:\Program Files\Avira GmbH
    2008-07-08 13:39 . 2008-07-08 13:39 <REP> d-------- C:\WINDOWS\ERUNT
    2008-07-08 13:34 . 2008-07-08 13:59 <REP> d-------- C:\SDFix
    2008-07-08 01:40 . 2008-07-08 01:40 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-07-08 01:40 . 2008-07-08 01:40 <REP> d-------- C:\Documents and Settings\bellerophon\Application Data\Malwarebytes
    2008-07-08 01:40 . 2008-07-08 01:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-07-08 01:40 . 2008-07-07 17:42 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-07-08 01:40 . 2008-07-07 17:42 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-07-07 22:21 . 2008-07-07 22:21 <REP> d-------- C:\VundoFix Backups

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-09 16:11 --------- d-----w C:\Program Files\Sonique
    2008-07-08 13:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-07-07 12:37 --------- d-----w C:\Program Files\eMule
    2008-07-07 12:37 --------- d-----w C:\Documents and Settings\bellerophon\Application Data\uTorrent
    2008-07-03 22:36 --------- d-----w C:\Program Files\Steam
    2008-05-26 00:48 --------- d-----w C:\Program Files\Microsoft Games
    2008-05-25 14:42 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
    2008-05-25 14:42 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll
    2008-05-21 23:20 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-05-21 23:20 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
    2007-01-02 14:29 74,864 ----a-w C:\Documents and Settings\bellerophon\Application Data\GDIPFONTCACHEV1.DAT
    2006-05-29 12:57 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-07-08_ 1.32.57,23 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-07-08 00:26:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-07-09 11:20:39 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-06-30 09:39:58 128,256 ----a-w C:\WINDOWS\Downloaded Program Files\as2stubie.dll
    + 2008-07-08 00:59:22 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
    + 2008-07-08 12:39:26 10,887,168 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
    + 2008-07-08 12:39:26 163,840 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
    + 2008-07-08 00:59:22 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
    + 2008-07-08 12:39:25 10,887,168 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
    + 2008-07-08 12:39:25 163,840 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 22:48 68856]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-26 19:15 262401]
    "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2003-09-05 07:59 878080]
    "amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 17:49 77824]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
    "VC5Player"="C:\Program Files\HHVcdV5Sys\VC5Play.exe" [2003-03-11 16:08 176128]
    "SystrayORAHSS"="C:\Program Files\Orange\Systray\SystrayApp.exe" [2007-09-25 21:08 94208]
    "ORAHSSSessionManager"="C:\Program Files\Orange\SessionManager\SessionManager.exe" [2007-09-25 20:10 102400]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

    C:\Documents and Settings\bellerophon\Menu D‚marrer\Programmes\D‚marrage\
    TribalWeb.lnk - C:\Program Files\TribalWeb.net\tribalweb.exe [2006-06-10 14:36:00 1060864]
    TribalWeb.net.lnk - C:\Program Files\TribalWeb.net\tribalweb.exe [2006-06-10 14:36:00 1060864]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-23 15:52:40 113664]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 258048]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.I420"= i420vfw.dll
    "vidc.VP40"= vp4vfw.dll
    "vidc.yv12"= yv12vfw.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Activer le Poste de Travail Sans Fil Labtec.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Activer le Poste de Travail Sans Fil Labtec.lnk
    backup=C:\WINDOWS\pss\Activer le Poste de Travail Sans Fil Labtec.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^bellerophon^Menu Démarrer^Programmes^Démarrage^TribalWeb.net.lnk]
    path=C:\Documents and Settings\bellerophon\Menu Démarrer\Programmes\Démarrage\TribalWeb.net.lnk
    backup=C:\WINDOWS\pss\TribalWeb.net.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
    --a------ 2004-08-22 18:05 81920 C:\Program Files\D-Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    --a------ 2004-06-16 06:03 221184 C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    --a------ 2004-06-16 06:03 81920 C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    --a------ 2005-11-05 05:36 139264 C:\Program Files\Home Cinema\PowerCinema\PCMService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoniqueQuickStart]
    --a------ 2005-12-30 15:49 44832 C:\Program Files\Sonique\SQStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
    --a------ 2003-09-05 07:59 878080 C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
    --a------ 2004-05-17 18:30 543232 C:\WINDOWS\zHotkey.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\NetMeeting\\Conf.exe"=
    "C:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"=
    "C:\\Program Files\\Home Cinema\\PowerCinema\\PowerCinema.exe"=
    "C:\\Program Files\\Home Cinema\\PowerCinema\\PCMService.exe"=
    "C:\\Program Files\\army\\System\\ArmyOps.exe"=
    "C:\\Program Files\\TribalWeb.net\\tribalweb.exe"=
    "C:\\Program Files\\utclassic\\System\\UnrealTournament.exe"=
    "C:\\Program Files\\PPLive\\PPLive.exe"=
    "C:\\Program Files\\QQLive\\QQLive.exe"=
    "C:\\Program Files\\Tencent\\QQLive\\QQLive.exe"=
    "C:\\Documents and Settings\\bellerophon\\Bureau\\photo\\Nouveau dossier\\sopcast\\SopCast_062\\SopCast\\SopCast.exe"=
    "C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
    "C:\\Documents and Settings\\bellerophon\\Bureau\\imaj daemon\\viviplay.exe"=
    "C:\\UT2004\\System\\UT2004.exe"=
    "C:\\Program Files\\EA GAMES\\Need for Speed Most Wanted\\speed.exe"=
    "C:\\Program Files\\EA GAMES\\Need for Speed Most Wanted\\nfsMW.exe"=
    "C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "C:\\WINDOWS\\system32\\dplaysvr.exe"=
    "C:\\StubInstaller.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\SopCast\\SopCast.exe"=
    "C:\\WINDOWS\\system32\\dpnsvr.exe"=
    "D:\\MotoGP2\\motogp2.exe"=
    "C:\\Program Files\\war3\\war3.exe"=
    "C:\\Program Files\\bf\\BF1942.exe"=
    "C:\\Program Files\\counter\\hl.exe"=
    "C:\\Program Files\\Empire Interactive\\FlatOut2\\FlatOut2.exe"=
    "C:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"=
    "D:\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
    "D:\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
    "D:\\Unreal Tournament 3\\Binaries\\UT3.exe"=
    "D:\\Sierra Entertainment\\World in Conflict\\wic.exe"=
    "D:\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
    "D:\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
    "C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
    "C:\\Program Files\\PPMate\\ppmate.exe"=
    "C:\\Program Files\\PPMate\\ppamnet.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Sierra\\FEARCombat\\FEARMP.exe"=
    "C:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "13427:TCP"= 13427:TCP:NortonAV

    R0 pe3ah4nb;DiRT Environment Driver (pe3ah4nb);C:\WINDOWS\system32\drivers\pe3ah4nb.sys [2007-07-19 15:45]
    R0 ps6ah4nb;DiRT Synchronization Driver (ps6ah4nb);C:\WINDOWS\system32\drivers\ps6ah4nb.sys [2007-07-19 15:43]
    R0 xmasbus;xmasbus;C:\WINDOWS\system32\DRIVERS\xmasbus.sys [2003-12-21 18:24]
    R0 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys [2003-12-20 21:03]
    R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2002-10-15 15:48]
    R1 vbev5mp;vbev5mp;C:\WINDOWS\system32\DRIVERS\vbev5mp.sys [2003-05-07 10:46]
    R3 3xHybrid;Pinnacle PCTV 300i Stereo DVB-T;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-09-02 15:43]
    S2 pr2ah4nb;DiRT Drivers Auto Removal (pr2ah4nb);C:\WINDOWS\system32\pr2ah4nb.exe svc []
    S3 adiusbae;USB ADSL LAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbae.sys []
    S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-07-07 17:42]
    S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys []
    S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 10:12]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\O]
    \Shell\AutoRun\command - O:\qxbx9blb.com
    \Shell\explore\Command - O:\qxbx9blb.com
    \Shell\open\Command - O:\qxbx9blb.com

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-07-09 15:00:00 C:\WINDOWS\Tasks\HPpromotions psc 1600 series.job"
    - C:\Program Files\HP\Digital Imaging\bin\HP Promotions\AiOMVC\HPpromo.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-09 17:28:33
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...


    **************************************************************************
    .
    Temps d'accomplissement: 2008-07-09 17:31:47
    ComboFix-quarantined-files.txt 2008-07-09 16:30:45
    ComboFix2.txt 2008-07-08 00:33:10
    ComboFix3.txt 2008-07-07 17:17:31

    Pre-Run: 17,937,682,432 octets libres
    Post-Run: 18,026,242,048 octets libres

    200



    Encore merci pour l'aide.
    9 Juillet 2008 20:55:25

    Ahh,

    Repasse Flash-Disinfector stp.

    Sélectionne l'intégralité du cadre ci-dessous :

    Collect::
    O:\qxbx9blb.com
    C:\winfile.exe
    C:\temp2.exe
    C:\temp1.exe
    C:\temp.exe
    C:\ravmon.exe
    C:\msvcr71.dll
    C:\host.exe
    C:\copy.exe
    C:\comment.htt
    C:\adober.exe
    C:\VaccinUSB.exe

    Suspect::
    C:\WINDOWS\system32\drivers\pavboot.sys

    Driver::
    RTL8187B
    adiusbae
    pr2ah4nb

    Folder::
    C:\VundoFix Backups

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="-
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\O]


  • Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
  • Enregistre le sous sur ton bureau sous le nom de CFScript.txt
  • Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :

  • Cela va relancer Combofix.
  • ComboFix créera ces fichiers sur ton Bureau :
    - Un fichier zippé nommé Submit [Date Time].zip
    - Un second fichier nommé - CF-Submit.htm
  • ComboFix peut exiger un redémarrage pour compléter son travail. Accepte.
  • Lorsque l'outil aura terminé, un rapport ComboFix.log apparaîtra à l'écran.
  • Une nouvelle fenêtre avec invite "Submit Files for further analysis" s'ouvrira. Clique "OK"
  • Ton navigateur se lancera automatiquement avec le fichier CF-Submit.htm et une fenêtre s'ouvrira :
    - Clique sur le bouton "Browse"("Parcourir") et navigue vers le fichier
    Submit [Date Time].zip qui est sur ton Bureau.
    - Clique sur le fichier afin de le sélectionner.
  • Soumets le fichier en cliquant "OK"
  • Lorsque cette opération sera complétée, tu peux supprimer ces deux fichiers qui se trouvent sur ton Bureau.
    Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.

    **********

    - Poste de travail/outils/option des dossiers/affichage/cocher afficher les fichiers et dossiers cachés/Appliquer - - > OK
    - Poste de travail/outils/option des dossiers/affichage/décocher masquer les fichiers protégés du système d’exploitation./Appliquer - - > OK
    - Poste de travail/outils/option des dossiers/affichage/décocher masquer les extensions dont le type est connu/Appliquer - - > OK

    N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important

    Fais analyser ce(s) fichier(s) sur ce site >> Virustotal <<

  • Clique sur Parcourir en haut, choisis Poste de travail et cherche ce fichier : C:\WINDOWS\system32\drivers\pavboot.sys
  • Clique maintenant sur Envoyer le fichier.
  • Poste le rapport (De Fichier *** reçu le *** jusqu’à SHA1 : ***)
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS