Votre question

Modif de l'autorun.inf

Tags :
  • Autorun
  • Sécurité
Dernière réponse : dans Sécurité et virus
29 Mars 2009 12:59:11

bonjour, depuis ce matin j'ai une joli bêbêtte sur mno disque, je ne sais pas d'où elle sort, mais enfin bon, elle est là.
J'ai bitdefender 2009.
J'ai déjà fait un scan hijackthis, et grace au site d'analyse des rapports, fixé les mauvaises lignes (apparemment, j'avais des trucs pas bien gentil.

Mais bon Bitdefender continue de me faire des alertes et des mises en quarantaines de ce type :
Citation :

Virus Name : Win32.Worm.Autorun.QR
Location : C: ou D: (ma partoch de donnée) \autorun.inf


Voilà, donc c'est pas très drôle tout ça, surtout quand ça commence à toucher ma partition avec mes données, alors que je m'emmerde justement à bien les séparer de windows.
C'est ce genre de truc qui me pousserais à rester sous linux en permanence :/ 

Je vous poste quand même un rapport hijackthis en fin de post.

J'espère que vous serez à même de m'aider à me débarasser de cet bêbête.

PS : Est-ce que quelqu'un sait si Bitdefender peut lancer des scan en sans echec ?

Citation :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:30, on 29/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\oodtray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\OCZ Technology\Mouse\Amoumain.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\vbexpress.exe
C:\Documents and Settings\Anthony\Local Settings\Application Data\Temporary Projects\TableauRandomTriDesMax\bin\Debug\TableauRandomTriDesMax.vshost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\BitDefender\BitDefender 2009\uiscan.exe
C:\Documents and Settings\Anthony\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [DumpTeam] D:\Anthony\Documents\Windev10TA\DumpTeam_Pack_v4.5a4.exe /S
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\OCZ Technology\Mouse\Amoumain.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 7878 bytes

Autres pages sur : modif autorun inf

29 Mars 2009 14:42:22

nobody's here ?
29 Mars 2009 20:03:11

Jsuis à 1000 autorun.inf en quarantaine là, et cela ne s'arrête pas, le virus les créer, bitdefender les met en quarantaine.

Vraiment personne dans le coin ?

Désolé pour le triple post, mais bon, je craque légèrement.

J'ai réalisé un scan complet avec bitdefender, rien de trouvé.
En cours : Scan avec a²
Puis durant la nuit, ce sera un scan avec ad-aware.
Et si le temps demain matin, un coup de spybot.

quelqu'un pourrais t'il me filer l'adresse de l'antivirus en ligne kaspersky, et ce que e voudrais savoir surtout, c'est si la mise à jour de la base de donnée est longue ou si ça vient de moi... (compatible firefox ?)

combofix a supprimé des trucs :
voici le rapport (Je m'auto désinfectionne vu que personne veut m'aider, je tente :cry:  ) :
Citation :

ComboFix 09-03-28.06 - Anthony 2009-03-29 21:57:19.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.3070.2337 [GMT 2:00]
Lancé depuis: c:\documents and settings\Anthony\Bureau\ComboFix.exe
AV: a-squared Anti-Malware *On-access scanning disabled* (Updated)
AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
FW: BitDefender Firewall *enabled*
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-2-2-98-100016543-100019549-100000430-4932.com
c:\windows\system32\AVSredirect.dll
d:\recycler\S-2-2-98-100016543-100019549-100000430-4932.com

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-28 au 2009-03-29 ))))))))))))))))))))))))))))))))))))
.

2009-03-29 21:45 . 2009-03-29 21:46 <REP> d-------- C:\!KillBox
2009-03-29 18:57 . 2009-03-29 18:57 <REP> d-------- c:\program files\Lavasoft
2009-03-29 18:57 . 2009-03-29 18:57 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-29 18:57 . 2009-03-29 18:57 <REP> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-29 18:55 . 2009-03-29 21:43 <REP> d-------- c:\program files\a-squared Anti-Malware
2009-03-29 15:24 . 2009-03-29 15:24 <REP> d-------- c:\program files\CCleaner
2009-03-29 12:24 . 2009-03-29 12:24 <REP> d-------- c:\program files\PixiePack Codec Pack
2009-03-29 12:23 . 2009-03-29 12:23 <REP> d-------- c:\program files\RapidSolution
2009-03-29 12:23 . 2009-03-29 12:28 <REP> d-------- c:\documents and settings\All Users\Application Data\RapidSolution
2009-03-29 12:10 . 2009-03-29 12:27 <REP> d--hs---- c:\documents and settings\All Users\DRM
2009-03-29 11:38 . 2009-03-29 12:10 23,392 --a------ c:\windows\system32\nscompat.tlb
2009-03-29 11:38 . 2009-03-29 12:10 16,832 --a------ c:\windows\system32\amcompat.tlb
2009-03-28 17:20 . 2009-03-28 17:20 <REP> d-------- c:\program files\Hamachi
2009-03-28 17:20 . 2009-03-28 19:12 <REP> d-------- c:\documents and settings\Anthony\Application Data\Hamachi
2009-03-28 17:20 . 2009-03-28 17:20 25,280 --a------ c:\windows\system32\drivers\hamachi.sys
2009-03-28 03:36 . 2009-03-28 03:36 <REP> d-------- c:\documents and settings\Anthony\Application Data\dvdcss
2009-03-28 00:22 . 2009-03-28 00:22 <REP> d-------- c:\program files\Microsoft GIF Animator
2009-03-27 17:13 . 2009-03-27 17:13 <REP> d-------- c:\program files\Fichiers communs\Macrovision Shared
2009-03-27 17:12 . 2009-03-27 17:22 <REP> d-------- c:\program files\Fichiers communs\Adobe
2009-03-27 11:09 . 2009-03-27 11:09 <REP> d-------- c:\documents and settings\Anthony\Application Data\Search Settings
2009-03-27 11:09 . 2009-03-27 11:09 <REP> d-------- c:\documents and settings\Anthony\Application Data\pdfforge
2009-03-27 10:45 . 2009-03-29 12:43 <REP> d-------- c:\program files\pdfforge Toolbar
2009-03-27 10:44 . 2009-03-27 10:45 <REP> d-------- c:\program files\PDFCreator
2009-03-27 10:44 . 2004-03-09 01:00 662,288 --a------ c:\windows\system32\MSCOMCT2.OCX
2009-03-27 10:44 . 1998-07-13 02:08 141,312 --a------ c:\windows\system32\MSCMCFR.DLL
2009-03-27 10:44 . 1998-06-24 01:00 137,000 --a------ c:\windows\system32\MSMAPI32.OCX
2009-03-27 10:44 . 1998-07-13 02:08 119,568 --a------ c:\windows\system32\VB6FR.DLL
2009-03-27 10:44 . 2001-10-28 17:42 116,224 --a------ c:\windows\system32\pdfcmnnt.dll
2009-03-27 10:44 . 1998-07-13 02:08 59,904 --a------ c:\windows\system32\MSCC2FR.DLL
2009-03-27 10:44 . 1998-07-06 01:00 23,552 --a------ c:\windows\system32\MSMPIDE.DLL
2009-03-26 21:14 . 2009-03-26 21:14 <REP> d--hs---- c:\documents and settings\LocalService\IETldCache
2009-03-26 21:13 . 2009-03-26 21:13 <REP> d-------- c:\documents and settings\Anthony\Application Data\Canneverbe_Limited
2009-03-25 11:35 . 2009-03-25 11:35 <REP> d-------- c:\program files\OCZ Technology
2009-03-24 22:10 . 2009-03-24 22:10 <REP> d-------- c:\documents and settings\Anthony\Application Data\DivX
2009-03-24 21:41 . 2009-03-24 21:41 <REP> d-------- c:\program files\Fichiers communs\DivX Shared
2009-03-24 21:41 . 2009-03-24 21:41 <REP> d-------- c:\program files\DivX
2009-03-24 16:38 . 2007-07-22 05:49 2,388,304 --a------ c:\windows\system32\alld42.dll
2009-03-24 16:38 . 2007-07-22 05:50 1,043,258 --a------ c:\windows\system32\allp42.dll
2009-03-24 16:38 . 2007-07-22 05:51 1,032,582 --a------ c:\windows\system32\alleg42.dll
2009-03-24 16:35 . 2009-03-29 19:15 <REP> d-------- c:\documents and settings\Anthony\Application Data\codeblocks
2009-03-24 16:34 . 2009-03-24 16:37 <REP> d-------- c:\program files\CodeBlocks
2009-03-24 11:35 . 2009-03-29 03:26 69 --a------ c:\windows\NeroDigital.ini
2009-03-24 11:05 . 2006-09-12 13:46 227,328 -r-hs---- c:\windows\system32\ac3DX.ax
2009-03-24 11:05 . 2008-03-16 15:30 216,064 -r-hs---- c:\windows\system32\nbDX.dll
2009-03-24 11:05 . 2006-03-10 23:48 169,472 -r-hs---- c:\windows\system32\MatroskaDX.ax
2009-03-24 11:05 . 2006-05-03 12:06 163,328 -r-hs---- c:\windows\system32\flvDX.dll
2009-03-24 11:05 . 2005-11-25 22:46 161,792 -r-hs---- c:\windows\system32\RealMediaDX.ax
2009-03-24 11:05 . 2006-01-13 01:23 123,904 -r-hs---- c:\windows\system32\AVCDX.ax
2009-03-24 11:05 . 2003-11-21 01:00 54,784 -r-hs---- c:\windows\system32\RLAPEDec.ax
2009-03-24 11:05 . 2004-04-27 01:00 37,888 -r-hs---- c:\windows\system32\RLMPCDec.ax
2009-03-24 11:05 . 2007-02-21 13:47 31,232 -r-hs---- c:\windows\system32\msfDX.dll
2009-03-24 11:04 . 2009-03-24 11:04 <REP> d-------- c:\program files\eRightSoft
2009-03-23 22:50 . 2009-03-23 22:50 <REP> d-------- c:\program files\Teamspeak2_RC2
2009-03-23 22:50 . 2009-03-28 17:23 <REP> d-------- c:\documents and settings\Anthony\Application Data\teamspeak2
2009-03-23 22:50 . 2009-03-23 22:50 34,064 --a------ c:\windows\system32\lhacm.acm
2009-03-23 22:18 . 1997-05-29 17:26 316,416 --a------ c:\windows\IsUn040c.exe
2009-03-23 22:17 . 2009-03-23 22:17 <REP> d-------- c:\documents and settings\Anthony\WINDOWS
2009-03-23 21:04 . 2009-03-24 09:41 47,616 --a------ c:\windows\system32\drivers\Haspnt.sys
2009-03-23 21:04 . 2009-03-24 09:41 6,656 --a------ c:\windows\system32\haspvdd.dll
2009-03-23 21:04 . 2009-03-24 09:41 383 --a------ c:\windows\system32\haspdos.sys
2009-03-23 21:03 . 2009-03-23 21:03 <REP> d-------- c:\program files\Fichiers communs\Ahead
2009-03-23 21:03 . 2009-03-23 21:03 <REP> d-------- c:\program files\Ahead
2009-03-23 21:03 . 2004-07-26 18:16 1,568,768 --------- c:\windows\system32\ImagX7.dll
2009-03-23 21:03 . 2004-07-26 18:16 476,320 --------- c:\windows\system32\ImagXpr7.dll
2009-03-23 21:03 . 2004-07-26 18:16 471,040 --------- c:\windows\system32\ImagXRA7.dll
2009-03-23 21:03 . 2004-07-26 18:16 262,144 --------- c:\windows\system32\ImagXR7.dll
2009-03-23 21:03 . 2001-07-09 12:50 155,648 --a------ c:\windows\system32\NeroCheck.exe
2009-03-23 21:03 . 2004-03-02 18:37 125,184 --------- c:\windows\system32\drivers\imagesrv.sys
2009-03-23 21:03 . 2000-06-26 12:45 106,496 --a------ c:\windows\system32\TwnLib20.dll
2009-03-23 21:03 . 2004-03-02 18:37 5,504 --------- c:\windows\system32\drivers\imagedrv.sys
2009-03-23 20:04 . 2009-03-24 22:32 <REP> d-------- C:\Fraps
2009-03-23 20:04 . 2009-03-24 19:58 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-03-23 01:59 . 2009-03-23 01:59 <REP> d-------- c:\documents and settings\All Users\Application Data\VideoMach
2009-03-23 01:17 . 2009-03-23 01:18 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-03-23 01:17 . 2009-03-23 01:23 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-23 00:33 . 2009-03-29 11:34 <REP> d-------- c:\program files\ViStart
2009-03-22 15:26 . 2009-03-24 09:33 304,640 --a------ c:\windows\system32\hlvdd.dll
2009-03-20 14:47 . 2009-03-20 14:47 <REP> d--hs---- c:\documents and settings\NetworkService\IETldCache
2009-03-20 14:39 . 2009-03-20 14:39 <REP> d--hs---- c:\documents and settings\Anthony\PrivacIE
2009-03-20 14:39 . 2009-03-20 14:39 <REP> d--hs---- c:\documents and settings\Anthony\IETldCache
2009-03-20 14:27 . 2009-03-20 14:27 <REP> d-------- c:\windows\ie8updates
2009-03-20 14:25 . 2009-03-20 14:26 <REP> d--h-c--- c:\windows\ie8
2009-03-20 14:24 . 2009-02-28 06:55 105,984 -----c--- c:\windows\system32\dllcache\iecompat.dll
2009-03-19 14:51 . 2009-03-28 00:35 <REP> d-------- c:\documents and settings\Anthony\Application Data\FileZilla
2009-03-19 14:50 . 2009-03-28 00:35 <REP> d-------- c:\program files\FileZilla FTP Client
2009-03-19 12:57 . 2007-03-20 12:33 43,520 --a------ c:\windows\system32\libusb0.dll
2009-03-19 12:57 . 2007-03-20 12:33 28,672 --a------ c:\windows\system32\drivers\libusb0.sys
2009-03-19 12:54 . 2009-03-23 01:22 <REP> d-------- c:\program files\QuickFreedom
2009-03-19 12:54 . 2009-02-15 22:54 933,888 --a------ c:\windows\system32\SENXPCTL.OCX
2009-03-19 12:54 . 2004-03-09 02:00 212,240 --a------ c:\windows\system32\RICHTX32.OCX
2009-03-19 12:54 . 2009-02-21 04:18 140,096 --a------ c:\windows\system32\COMDLG32.OCX
2009-03-19 12:54 . 2009-02-26 00:43 65,536 --a------ c:\windows\system32\device.OCX
2009-03-19 12:54 . 2009-02-17 05:23 32,768 --a------ c:\windows\system32\Bar.OCX
2009-03-18 21:07 . 2009-03-18 21:11 139,264 --a------ c:\windows\War3Unin.exe
2009-03-18 21:07 . 2009-03-20 18:36 107,990 --a------ c:\windows\War3Unin.dat
2009-03-18 21:07 . 2009-03-18 21:11 2,829 --a------ c:\windows\War3Unin.pif
2009-03-18 21:05 . 2009-03-28 18:39 <REP> d-------- c:\program files\Warcraft III
2009-03-18 19:52 . 2009-03-18 19:52 <REP> d-------- c:\program files\Microsoft Works
2009-03-18 19:50 . 2009-03-18 19:52 <REP> d-------- c:\windows\SHELLNEW
2009-03-18 19:49 . 2009-03-18 19:49 <REP> dr-h----- C:\MSOCache
2009-03-18 19:48 . 2009-03-18 19:48 <REP> d-------- c:\documents and settings\Anthony\Application Data\DAEMON Tools Pro
2009-03-18 19:48 . 2009-03-18 19:48 <REP> d-------- c:\documents and settings\Anthony\Application Data\DAEMON Tools
2009-03-18 19:47 . 2009-03-18 19:47 <REP> d-------- c:\program files\DAEMON Tools Lite
2009-03-18 19:47 . 2009-03-18 19:47 <REP> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-03-18 19:44 . 2009-03-18 19:48 <REP> d-------- c:\documents and settings\Anthony\Application Data\DAEMON Tools Lite
2009-03-18 19:44 . 2009-03-18 19:44 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2009-03-18 11:19 . 2009-03-18 11:19 <REP> d-------- c:\program files\MSXML 4.0
2009-03-18 09:41 . 2009-03-18 09:41 40 --a------ c:\documents and settings\Anthony\language.dat
2009-03-17 23:04 . 2009-03-17 23:04 <REP> d-------- c:\program files\Paint.NET
2009-03-17 20:14 . 2007-10-15 15:38 1,171,456 --a------ c:\windows\system32\TPwrSave.cpl
2009-03-17 20:14 . 2007-10-15 15:37 266,240 --a------ c:\windows\system32\TPSMain.exe
2009-03-17 20:14 . 2007-10-15 15:37 86,016 --a------ c:\windows\system32\CpuPerf.dll
2009-03-17 20:14 . 2007-10-15 15:36 77,824 --a------ c:\windows\system32\TPwrReg.dll
2009-03-17 20:14 . 2007-10-15 15:36 49,152 --a------ c:\windows\system32\TPSTrace.dll
2009-03-17 20:14 . 2007-10-15 15:37 49,152 --a------ c:\windows\system32\TPSDel.dll
2009-03-17 20:14 . 2007-10-15 15:37 45,056 --a------ c:\windows\system32\TPwrCfg.dll
2009-03-17 20:14 . 2007-10-15 15:37 40,960 --a------ c:\windows\system32\TPSMainCtl.dll
2009-03-17 20:14 . 2007-10-15 15:37 40,960 --a------ c:\windows\system32\TPSBattM.exe
2009-03-17 20:14 . 2007-10-15 15:37 40,960 --a------ c:\windows\system32\TPSAddin.dll
2009-03-17 18:42 . 2009-03-29 21:51 31,016 --a------ c:\windows\system32\oodbs.lor
2009-03-17 11:21 . 2008-04-14 04:33 21,504 --a------ c:\windows\system32\hidserv.dll
2009-03-17 11:21 . 2008-04-14 04:33 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll
2009-03-17 11:19 . 2009-03-17 11:19 0 --a------ c:\windows\oodcnt.INI
2009-03-17 10:24 . 2009-03-17 10:30 <REP> d-------- c:\windows\system32\oodag
2009-03-17 10:23 . 2009-03-17 10:23 <REP> d-------- c:\program files\OO Software

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-17 18:14 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-16 20:48 82,696 ----a-w c:\windows\system32\drivers\BDVEDISK.sys
2009-03-16 20:48 242,184 ----a-w c:\windows\system32\drivers\bdfsfltr.sys
2009-03-16 20:48 192,512 ----a-w c:\windows\system32\txmlutil.dll
2009-03-16 20:48 111,112 ----a-w c:\windows\system32\drivers\bdfm.sys
2009-03-16 20:48 104,328 ----a-w c:\windows\system32\drivers\bdfndisf.sys
2009-03-16 15:19 219,648 ----a-w c:\windows\system32\uxtheme.dll
2009-03-16 09:33 --------- d-----w c:\program files\Realtek
2009-03-16 08:49 --------- d-----w c:\program files\Messenger Plus! Live
2009-03-16 08:47 --------- d-----w c:\program files\Camera Assistant Software for Toshiba
2009-03-16 08:47 --------- d-----w c:\documents and settings\Anthony\Application Data\InstallShield
2009-03-16 08:37 --------- d-----w c:\program files\Windows Live SkyDrive
2009-03-16 08:37 --------- d-----w c:\program files\Windows Live
2009-03-16 08:37 --------- d-----w c:\program files\Microsoft
2009-03-16 08:30 --------- d-----w c:\program files\Fichiers communs\Windows Live
2009-03-16 08:20 315,392 ----a-w c:\windows\HideWin.exe
2009-03-16 08:14 --------- d-----w c:\documents and settings\Anthony\Application Data\ATI
2009-03-16 08:14 --------- d-----w c:\documents and settings\All Users\Application Data\ATI
2009-03-16 08:12 --------- d-----w c:\program files\Fichiers communs\InstallShield
2009-03-16 08:12 --------- d-----w c:\program files\ATI Technologies
2009-03-16 08:03 --------- d-----w c:\program files\microsoft frontpage
2009-03-16 08:02 --------- d-----w c:\program files\Services en ligne
2009-03-08 03:34 914,944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 03:34 43,008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 03:33 420,352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 03:33 18,944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 03:32 72,704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 03:32 71,680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 03:31 48,128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 03:31 45,568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 03:31 34,816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 03:22 156,160 ----a-w c:\windows\system32\msls31.dll
2009-02-09 14:05 1,846,912 ----a-w c:\windows\system32\win32k.sys
2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
2009-01-27 01:35 129,784 ------w c:\windows\system32\pxafs.dll
2009-01-27 01:35 120,056 ------w c:\windows\system32\pxcpyi64.exe
2009-01-27 01:35 118,520 ------w c:\windows\system32\pxinsi64.exe
2009-01-27 01:34 90,112 ----a-w c:\windows\system32\dpl100.dll
2009-01-27 01:34 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-01-27 01:34 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2009-01-27 01:34 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2009-01-27 01:34 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2009-01-27 01:34 684,032 ----a-w c:\windows\system32\DivX.dll
2009-01-07 17:21 26,144 ----a-w c:\windows\system32\spupdsvc.exe
2009-01-07 17:20 265,720 ----a-w c:\windows\system32\msdbg2.dll
2009-01-07 17:20 26,112 ----a-w c:\windows\system32\idndl.dll
2009-01-07 17:20 24,576 ----a-w c:\windows\system32\nlsdl.dll
2009-01-07 17:20 23,552 ----a-w c:\windows\system32\normaliz.dll
2009-01-03 08:07 81,920 ----a-w c:\windows\system32\frapsvid.dll
2007-02-12 17:10 2,682,880 ------w c:\documents and settings\All Users\VCREDI~3.EXE
2009-01-27 01:34 1,044,480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 200,704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-03-16 20:47 61,440 ----a-w c:\program files\mozilla firefox\components\FFComm.dll
2006-05-03 10:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 13:30 216,064 --sh--r c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2009-01-30 16:12 650752 --a------ c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll" [2009-01-30 650752]

[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Steam"="c:\program files\steam\steam.exe" [2009-03-16 1410296]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-03-16 321344]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-11 342312]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-03-16 741376]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-03-16 69632]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2008-05-27 360448]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-06-29 2512128]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"WheelMouse"="c:\program files\OCZ Technology\Mouse\Amoumain.exe" [2006-12-28 196608]
"a-squared"="c:\program files\a-squared Anti-Malware\a2guard.exe" [2009-02-25 2799760]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 c:\windows\RTHDCPL.exe]
"TPSMain"="TPSMain.exe" [2007-10-15 c:\windows\system32\TPSMain.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\azerty111\\counter-strike\\hl.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-07-02 82696]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-08-12 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2008-08-14 104328]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2009-03-17 5888]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2009-03-19 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cfa0102a-1312-11de-ae4e-0016eae7b3b2}]
\Shell\AutoRun\command - F:\WDSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contenu du dossier 'Tâches planifiées'

2009-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]
.
- - - - ORPHELINS SUPPRIMES - - - -

ShellExecuteHooks-{5ECD31F0-F91A-11d4-B3CA-00D0B70A09D2} - WDShell


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\qze6yma6.default\
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-29 21:58:41
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="47F3B9BAE3C4B179F92D75AFD6F7DD7698C44A1FA8F76CB156B7685E0D115CA9D9BEABDEB22523FBB2663EAEC23EA793DE7DD4C9EE57BA9CE3CE7EB91006B2D072B1F585D672FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98089DB7CE019D40AA5C8EDD5E5BE2F6E667F21479F98CFCBB6C76929C860CDEF3A4C8F0CC37597D960667CAF21578EA9550E8876AEF6BCBF29F8B209DE80F4C6E68D8BB4850816142BA5A95B3529DD475D6DA37117409A6390F37FEE1DDC9C0520142F96A7874F69E16378A3EDA6554A1D83E654F0509BB211C79541971BA5E546A2DD35667ABF42251EE77C732DF5571EDEA240995B5CE86D933197A22845DEED724493149C22A075CD5FE8751C25B016320DAA70BFDB48312AC1ABE636E07E2AB972AA63FF7F3CED8A398B8A566F92F37FEC7183EF2D7FCC08EF6A41C633C2E04D99DE5DB3148B91E760F9A1148DA229C0BF7C97ECA3715976826EBA7F1709AA9231D2029F5AFD0364C0171E788BB417C30D1320E5F64B579AC6F5CD34DAA30A18FF40CA0F1C45F600B6085F3ECEDB871BA0BC8A22E860D7FB0EF3EE54D06BC9F1CC9E4B3743AF38E7AF521EFDD56F8CADB300CE5D9D68BF6AF98DF12EAB0548D2E0F6AC572D1E166C85A158FE86D358C29207CF5A7A4E5DF47AD130646F04C890D8F5D3083653F4483FD34F6BDC1666E1C901D64025116EDFAC7ACDEA29A3E64E2E806BDE2616836A1A2D6BDB274485B910776B8F5D3580A31548730651B09A3410D2E2FF044FCFC7ADFD873BEBADB74CBE0186BB7B5AE5233147F811B71CD811AC023373125DE11491F1918015DE40BEFCD8F6B1A96DE15309B78CD722FF36BC39FBA7FCC2AB51CB0207B1FB9B96AA70751731B1927EF583AD3D5033CFDA4027B95C8A30E10ECFDB3F66773CB41BA850042DA4F51AE305448F803057298CE9A60E5A9B2662733473B874971C2796315A9CE6452060732F4B31D6D2BADCD25C075243BB168D3FB3F130F8FEACA7B3BF8BAF32F631B1EC7DBBBA385BF2E7F1C30223D6019CC0F7EE16B9B2F24B4F4D788CD075FB31DF70EDB83C5428356A7EEDBB16C7F536F63365ADA8E9E55F42797D0DE301F68B8A8DDFE0F909C27ACCF1B68D3C583C1CFF2610F57A0DAAC24E5998FCEE81B9D3F5BDC82CBE392D2DC9863AE9BAC5AB712F004933EDBE24B809B42B86484035F26CE6DD306F5252135B34DBC015CF7FDFC2664B4CF1F3AC5E9C539F4C8A30C300954381AF04FDA22A86924555F61D2CF7EEE8EEEB01DE8A566F5EA1F08BF6E8625D3AC2DA1CB3CD74E14F4EB751F645DA5BAD075E95C79E71DCF08C51524674CDB457A1A141C59B962A4922B664AABCA270E3F30E5B77D7C5B0F83AC45F0B7DF35B817A0A646"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1484)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-03-29 22:00:24
ComboFix-quarantined-files.txt 2009-03-29 20:00:20

Avant-CF: 50 710 757 376 octets libres
Après-CF: 50,730,504,192 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

312 --- E O F --- 2009-03-18 16:58:04
Anonyme
6 Avril 2009 17:46:11

j'ai EXACTEMENT le même souci...
Je sais t'es pas plus avancé mais t'es plus tout seul.
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS