Infection par BDS/Delf.kwx

[Falkra]

Il l'est probablement, mais ça ne nuira pas au contenu (fichiers de travail, etc).

autorun.inf, c'est lié en effet.

 

Je te propose une procédure sans grand risque, mais plus longue.

Branche tes supports amovibles, sans aller ouvrir les fichiers. Laisse-les branchés. Notamment ce qui correspond à ton F:\

 

Je te propose un scan complet avec Antivir. Mets-le à jour d'abord (clic droit, start update sur l'icône près de l'horloge).

Une fois à jour, double-clique sur son icône près de l'horloge, cela ouvre l'interface principale, puis clique sur Local protection, dans la colonne de gauche. double clique sur Local drives dans la liste de droite, c'est la première entrée.

 

/!\ Cela peut être long ! (1-2 heures suivant la quantité de données à scanner, disques externes compris.

Tu peux sauvegarder le rapport en fin de parcours (bouton "Report").

 

Si Antivir détecte des fichiers infectés, mets en quarantaine (choisis "Move to quarantine" dans la liste des actions. Tu peux automatiser ce type d'action en cochant une case), comme ci dessous, une fois la première détection infectieuse effectuée :

 

Cela permet de ne pas rester à la surveiller.

[Camille Girard]

Bonjour Falkra... et les autres

 

J'ai fait hier soir le scan que tu m'avais conseillé... il semble avoir trouvé quelques infections.

 

///////////////:

 

 

Avira AntiVir Personal

Report file date: lundi 1 septembre 2008 00:50

 

Scanning for 1585012 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Boot mode: Normally booted

Username: Moi

Computer name: CAMILLE

 

Version information:

BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00

AVSCAN.EXE : 8.1.4.7 315649 Bytes 18/07/2008 08:29:30

AVSCAN.DLL : 8.1.4.0 40705 Bytes 18/07/2008 08:29:30

LUKE.DLL : 8.1.4.5 164097 Bytes 18/07/2008 08:29:30

LUKERES.DLL : 8.1.4.0 12033 Bytes 18/07/2008 08:29:30

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34

ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 07:06:17

ANTIVIR2.VDF : 7.0.6.94 2998784 Bytes 31/08/2008 22:30:32

ANTIVIR3.VDF : 7.0.6.95 2048 Bytes 31/08/2008 22:30:33

Engineversion : 8.1.1.23

AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21

AESCRIPT.DLL : 8.1.0.68 315770 Bytes 19/08/2008 12:06:05

AESCN.DLL : 8.1.0.23 119156 Bytes 16/07/2008 22:45:26

AERDL.DLL : 8.1.0.20 418165 Bytes 25/04/2008 09:12:54

AEPACK.DLL : 8.1.2.1 364917 Bytes 16/07/2008 22:45:25

AEOFFICE.DLL : 8.1.0.22 192890 Bytes 19/08/2008 12:06:04

AEHEUR.DLL : 8.1.0.50 1388918 Bytes 19/08/2008 12:06:03

AEHELP.DLL : 8.1.0.15 115063 Bytes 01/06/2008 10:37:04

AEGEN.DLL : 8.1.0.36 315764 Bytes 19/08/2008 12:06:00

AEEMU.DLL : 8.1.0.7 430452 Bytes 01/08/2008 08:23:02

AECORE.DLL : 8.1.1.8 172406 Bytes 01/08/2008 08:23:01

AEBB.DLL : 8.1.0.1 53617 Bytes 18/07/2008 08:29:30

AVWINLL.DLL : 1.0.0.12 15105 Bytes 18/07/2008 08:29:30

AVPREF.DLL : 8.0.2.0 38657 Bytes 18/07/2008 08:29:30

AVREP.DLL : 8.0.0.2 98344 Bytes 01/08/2008 08:23:00

AVREG.DLL : 8.0.0.1 33537 Bytes 18/07/2008 08:29:30

AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23

AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 18/07/2008 08:29:30

SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02

SMTPLIB.DLL : 1.2.0.23 28929 Bytes 18/07/2008 08:29:30

NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10

RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 18/07/2008 08:29:27

RCTEXT.DLL : 8.0.52.0 86273 Bytes 18/07/2008 08:29:27

 

Configuration settings for the scan:

Jobname..........................: Local Drives

Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\alldrives.avp

Logging..........................: low

Primary action...................: quarantine

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:, G:, D:, E:,

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: lundi 1 septembre 2008 00:50

 

The scan of running processes will be started

Scan process 'avwsc.exe' - '0' Module(s) have been scanned

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'firefox.exe' - '1' Module(s) have been scanned

Scan process 'usnsvc.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'dllhost.exe' - '1' Module(s) have been scanned

Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned

Scan process 'DLG.exe' - '1' Module(s) have been scanned

Scan process 'SuperCopier2.exe' - '1' Module(s) have been scanned

Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned

Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'apache.exe' - '1' Module(s) have been scanned

Scan process 'acrotray.exe' - '1' Module(s) have been scanned

Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'igfxpers.exe' - '1' Module(s) have been scanned

Scan process 'hkcmd.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'flashget.exe' - '1' Module(s) have been scanned

Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned

Scan process 'daemon.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'DLACTRLW.EXE' - '1' Module(s) have been scanned

Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned

Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned

Scan process 'hpzipm12.exe' - '1' Module(s) have been scanned

Scan process 'NicConfigSvc.exe' - '1' Module(s) have been scanned

Scan process 'mysqld-nt.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned

Scan process 'ehSched.exe' - '1' Module(s) have been scanned

Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned

Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned

Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned

Scan process 'apache.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'WLKEEPER.exe' - '1' Module(s) have been scanned

Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned

Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned

Scan process 'EvtEng.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

55 processes with 55 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'G:\'

[iNFO] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '75' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\hiberfil.sys

[WARNING] The file could not be opened!

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\Moi\Mes documents\Steinberg.Wavelab.4.00c.multilanguage.english.francaise.deutsch.RIP.by.ZONE

.exe

[0] Archive type: ACE SFX (self extracting)

--> Wavelab 4.0 Deutsch\WaveLabv4.00c.EXE

[WARNING] No further files can be extracted from this archive. The archive will be closed

[WARNING] No further files can be extracted from this archive. The archive will be closed

C:\WINDOWS\system32\drivers\dtscsi.sys

[WARNING] The file could not be opened!

C:\WINDOWS\system32\drivers\sptd.sys

[WARNING] The file could not be opened!

C:\WINDOWS\system32\drivers\sptd1181.sys

[WARNING] The file could not be opened!

Begin scan in 'G:\' <500GO>

G:\Musique\Bela Fleck & The Flecktones\2003 - Little Worlds\mpc.rar

[0] Archive type: RAR

--> mpc\Audioconvert v2.0.375\keygen.exe

[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan

[NOTE] The file was moved to '491e3947.qua'!

Begin scan in 'D:\' <Adobe CS3 Design Premium Content>

Begin scan in 'E:\'

Search path E:\ could not be opened!

System error [21]: Le périphérique n'est pas prêt.

 

 

End of the scan: lundi 1 septembre 2008 03:02

Used time: 2:12:22 Hour(s)

 

The scan has been done completely.

 

26835 Scanning directories

860722 Files were scanned

1 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

1 files were moved to quarantine

0 files were renamed

6 Files cannot be scanned

860715 Files not concerned

5265 Archives were scanned

7 Warnings

1 Notes

 

/////////////////////////////////////

 

Que penser de tout ces fichiers system qu'il n'a pu ouvrir??

 

J'ai également remarqué que dans mon gestionnaire de tâche (onglet Processus) j'ai huit fois svchost.exe !!!!

Je ne sais pas trop à quoi sert ce programme, je sais que souvent des virus/trojan s'y cache....

ca me parait louche...

[Falkra]

Que penser de tout ces fichiers system qu'il n'a pu ouvrir??

Rien, ici c'est normal, idem pou svchost.exe pas de souci particulier pour le moment.

 

Que penser des cracks et des Keygens infectés ? Aucune protection ne peut te protéger de ton utilisation de la machine. Tu fais entrer les virus toi-même sur la bécane en utilisant ces saletés. Pas étonnant que la machine soit infectée...

 

Une petite vidéo plus explicative que de longs discours :

Cracks, Keygens, ... es-tu sûr de ton choix ?