Prob Divers

[Sham-Rock]

bonjour

tu peux faire un essai en deconnectant ton pare-feu?

[angelique]

as tu executer exefix.reg ?? et rebooté derriere

[RIC42]

Bonsoir merci de me suivre (encore)
cet après midi j'ai passé 2 heures sur le prob avec la boite qui ma instal
le firewall. Apparemment il ne serait pas en cause, mais plutôt un spyware ou virus qui interdit tout ce qui pourrait le virer.
j'ai essayé de télécharger des .exe sans prob sauf les progs que vous m'indiquez.
je vous tiens au jus

[angelique]

ça va prendre du temps mais regarder le rapport , mais fait ceci:

----------------------------------

Télécharge Deckard's System Scanner

http://deckard.geekstogo.com/dss.exe sur ton bureau

Ferme toutes les applications en cours
Doublie clique sur dss.exe. Tu auras deux messages qui vont apparaitre à l'écran, clique sur OK pour les deux.

Sois patient, le scan peut être long.

A la fin tu auras de nouveau un message disant que bloc-notes va s'ouvrir clique sur OK puis fais un copier/coller de tout son contenu.

------------------------------------------------------

[RIC42]

Bonjour, je tiens à te préciser que je ne plus télécharger aucun fichier
.exe.
Donc !!!!

[Sham-Rock]

bonjour

on va feinter

Ouvre un dossier (n’importe lequel)/outil/option des dossiers:Masquer les extensions de fichiers connus décoche-cela.

télécharge DSS sur ton bureau ici:
Send big files the easy way. Files too large for email attachments? No problem!



tu vas voir, je l'ai transformé en .txt

puis clic droit dessus, tu le renommes en .exe (ce qui donne DSS.exe au lieu de DSS.txt)

ps: je ne pense pas vraiment à une infection, mais bon...
tu as fais des essais en deconnectant ton pare feu?
(téléchargement + lancement des outils proposés)
puis tu le lances, ça devrait marcher.

[RIC42]

re

Mème l'extention caché je ne peux pas le télécharger

[Sham-Rock]

re

tu n'as pas répondu à ma question:

Citation:

u as fais des essais en deconnectant ton pare feu?
(téléchargement + lancement des outils proposés)
puis tu le lances, ça devrait marcher.

je ne connais pas ton pare feu, c'est un outil pro, donc peu d'infos sur le net... donc je ne peux pas t'aider à la configuration.

[RIC42]

Deckard's System Scanner v20071014.68
Run by utilisateur on 2007-12-12 15:40:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
9: 2007-12-12 14:40:55 UTC - RP388 - Deckard's System Scanner Restore Point
8: 2007-12-12 05:31:19 UTC - RP387 - Software Distribution Service 3.0
7: 2007-12-11 13:25:05 UTC - RP386 - Software Distribution Service 3.0
6: 2007-12-11 11:20:07 UTC - RP385 - Point de vérification système
5: 2007-12-10 07:19:02 UTC - RP384 - Point de vérification système


-- First Restore Point --
1: 2007-12-05 11:23:21 UTC - RP380 - Point de vérification système


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as utilisateur.exe) -----------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 15:42:06, on 12/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\HP Web Jetadmin\hpwebjetd.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\KONICA MINOLTA\PageScope Net Care\JavaService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HP Web Jetadmin\hpwebjetd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Dell SAS RAID Storage Manager\JRE\bin\javaw.exe
C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PVSW\Bin\w3dbsmgr.exe
C:\Program Files\WinPhone eXPert\Winphone.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\EBP\Gestion12.0\Gestion.exe
C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Program Files\Adobe\Adobe Illustrator CS2\Support Files\Contents\Windows\Illustrator.exe
C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\Adobelm_Cleanup .0001
C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\Adobelm_Cleanup .0001
C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe
C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\Adobelm_Cleanup .0001
C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\Adobelm_Cleanup .0001
C:\PROGRA~1\FF\FIREFO~1\APP\FIREFOX\FIREFOX.EXE
C:\Documents and Settings\utilisateur\Bureau\dss.exe
C:\DOCUME~1\UTILIS~1\Bureau\GENERA~1\utilisateur.e xe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = Page initiale personnalisée
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Page initiale personnalisée
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\sw g.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Popup] "C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe"
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\Bin\w3dbsmgr.exe
O4 - Startup: WinPhone eXPert.lnk = C:\Program Files\WinPhone eXPert\Winphone.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: ProfileReminder.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: Testeur de bande passante
O15 - Trusted Zone: EBP Logiciels de gestion, comptabilité, paye pour PME - TPE - Particuliers
O15 - Trusted Zone: http://www.free-drm-encoder.com
O15 - Trusted IP range: Masita Sportswear Homepage
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1164622591218
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - http://www.inquiero.com/inquiero/mod...ivex118_24.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O20 - AppInit_DLLs: wxvault.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Unknown owner - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service (file missing)
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Web Jetadmin (HPWebJetadmin) - Unknown owner - C:\Program Files\HP Web Jetadmin\hpwebjetd.exe" -k runservice (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KONICA MINOLTA PageScope Net Care (KM PageScope Net Care Service) - Unknown owner - C:\Program Files\KONICA MINOLTA\PageScope Net Care\JavaService.exe
O23 - Service: MRMonitor (MegaMonitorSrv) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe
O23 - Service: SSMFramework (MSMFramework) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe


-- HijackThis Fixed Entries (C:\DOCUME~1\UTILIS~1\Bureau\GENERA~1\backups\) ----

backup-20071207-082422-188 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
backup-20071207-082422-234 O2 - BHO: Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\Adssite_sidebar.dll
backup-20071207-082422-284 O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
backup-20071207-082422-317 O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)
backup-20071207-082422-387 O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
backup-20071207-082422-494 O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
backup-20071207-082422-540 O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
backup-20071207-082422-593 O4 - Global Startup: Logo Calibration Loader.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
backup-20071207-082422-640 O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nsc213.dll
backup-20071207-082422-654 O4 - Startup: PowerReg Scheduler.exe
backup-20071207-082422-735 O4 - Startup: iTunes.lnk = ?
backup-20071207-082422-803 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20071207-082422-864 O4 - Startup: WinPhone eXPert.lnk = C:\Program Files\WinPhone eXPert\Winphone.exe
backup-20071207-082422-921 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 PBADRV - c:\windows\system32\drivers\pbadrv.sys <Not Verified; Dell Inc; PBA Driver>
R2 Sentinel - c:\windows\system32\drivers\sentinel.sys <Not Verified; Rainbow Technologies, Inc.; Sentinel System Driver>

S2 Par1284 - c:\program files\cutting master 2 1.30\program\par1284.sys (file missing)
S3 EyeOneDp - c:\windows\system32\drivers\eyeonedp.sys
S3 lmimirr - c:\windows\system32\drivers\lmimirr.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; Scheduler>
R2 Apple Mobile Device - "c:\program files\fichiers communs\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 DataSvr2 - "c:\program files\wave systems corp\common\dataserver.exe" <Not Verified; Wave Systems Corp.; Authentication Manager>
R2 EpsonBidirectionalService - c:\program files\fichiers communs\epson\ebapi\eebsvc.exe
R2 HPWebJetadmin (HP Web Jetadmin) - "c:\program files\hp web jetadmin\hpwebjetd.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
R2 KM PageScope Net Care Service (KONICA MINOLTA PageScope Net Care) - c:\program files\konica minolta\pagescope net care\javaservice.exe -ms4m -mx32m
R2 MegaMonitorSrv (MRMonitor) - "c:\program files\dell sas raid storage manager\megamonitor\mrmonitor.exe"
R2 MSMFramework (SSMFramework) - "c:\program files\dell sas raid storage manager\framework\vivaldiframework.exe"
R2 tcsd_win32.exe (NTRU Hybrid TSS v2.0.25 TCS) - "c:\program files\ntru cryptosystems\ntru hybrid tss v2.0.25\bin\tcsd_win32.exe"

S2 PDSched (PDScheduler) - "c:\program files\raxco\perfectdisk\pdsched.exe" <Not Verified; Raxco Software, Inc.; PDSched Module>
S3 AdobeVersionCue - c:\program files\adobe\adobe version cue\service\versioncue.exe <Not Verified; Adobe Sytems; Adobe Version Cue™>
S3 Clg13smtiwn -


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-12-06 07:51:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-11-12 and 2007-12-12 -----------------------------

2007-12-12 08:45:55 0 d-------- C:\Program Files\Mozilla Sunbird
2007-12-11 16:08:45 0 d-------- C:\Documents and Settings\utilisateur\Application Data\Free Download Manager
2007-12-11 16:08:42 0 d-------- C:\Program Files\Free Download Manager
2007-12-11 16:08:42 0 d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2007-12-11 15:53:55 0 d-------- C:\Documents and Settings\utilisateur\Application Data\ntr
2007-12-10 20:15:18 0 d-------- C:\Documents and Settings\utilisateur\Application Data\Mozilla
2007-12-10 20:11:27 0 d-------- C:\Program Files\FF
2007-12-07 18:54:10 0 d-------- C:\Downloads
2007-12-07 18:48:14 0 d-------- C:\Kaspersky
2007-12-03 06:13:52 0 d-------- C:\Program Files\Avira
2007-12-03 06:13:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-29 12:36:57 0 d-------- C:\Program Files\Syslogd
2007-11-28 18:16:44 0 dr------- C:\Documents and Settings\LocalService\Favoris
2007-11-28 18:16:38 0 d-------- C:\Documents and Settings\LocalService\Application Data\Talkback
2007-11-28 18:15:10 0 d-------- C:\Documents and Settings\LocalService\Application Data\Mozilla
2007-11-15 16:06:06 0 d-------- C:\Documents and Settings\utilisateur\Application Data\Opera
2007-11-15 07:31:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-11-12 17:21:16 0 d--h----- C:\Documents and Settings\All Users\Application Data\{6A6BFF56-8325-4101-A340-724548B1F63F}
2007-11-12 15:48:52 0 d-------- C:\SERIFLOCK BOSS


-- Find3M Report ---------------------------------------------------------------

2007-12-12 10:26:57 0 d-------- C:\Program Files\Mozilla Thunderbird
2007-12-12 09:54:23 0 d-------- C:\Program Files\WinPhone eXPert
2007-12-12 08:46:44 0 d-------- C:\Program Files\BARRES DES TACHES
2007-12-12 06:12:05 0 d-------- C:\Documents and Settings\utilisateur\Application Data\Wave Systems Corp
2007-12-07 19:13:11 2996 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-05 22:27:13 0 d-------- C:\Program Files\HP Web Jetadmin
2007-11-28 15:00:56 0 d-------- C:\Program Files\Google
2007-11-23 21:13:26 0 d-------- C:\Program Files\DivX
2007-11-19 07:52:11 28175 --a------ C:\Documents and Settings\utilisateur\Application Data\Valeurs séparées par une virgule (Windows).ADR
2007-11-18 14:31:37 0 d-------- C:\Documents and Settings\utilisateur\Application Data\Adobe
2007-11-15 07:33:59 0 d-------- C:\Program Files\Fichiers communs
2007-11-12 11:12:13 0 d-------- C:\Documents and Settings\utilisateur\Application Data\Google
2007-11-09 14:31:56 0 d-------- C:\Program Files\BurnInTest
2007-11-08 23:58:09 0 d-------- C:\Program Files\BitDownload
2007-11-08 23:58:09 0 d-------- C:\Documents and Settings\utilisateur\Application Data\BitDownload
2007-11-08 07:55:15 0 d-------- C:\Program Files\iTunes
2007-11-08 07:55:03 0 d-------- C:\Program Files\iPod
2007-11-08 07:54:22 0 d-------- C:\Program Files\QuickTime
2007-11-08 07:32:11 0 d-------- C:\Program Files\EBP
2007-11-07 11:59:43 0 d-------- C:\Program Files\MAP
2007-11-07 11:51:30 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-07 10:23:26 493680 --a------ C:\WINDOWS\system32\perfh00C.dat
2007-11-07 10:23:26 87796 --a------ C:\WINDOWS\system32\perfc00C.dat
2007-11-07 10:12:25 28672 --a------ C:\WINDOWS\system32\hpzjfw01.dll <Not Verified; Hewlett-Packard; Firewall>
2007-11-07 10:12:25 204800 --a------ C:\WINDOWS\system32\hptcpmui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-11-07 10:12:25 155648 --a------ C:\WINDOWS\system32\hptcpmon.dll <Not Verified; Hewlett Packard; HP(R) Standard Port Monitor>
2007-11-07 10:12:25 73728 --a------ C:\WINDOWS\system32\hptcpmib.dll <Not Verified; Hewlett Packard; HP(R) Standard Port Monitor>
2007-11-07 09:14:13 0 d-------- C:\Program Files\MINOLTA-QMS, INC
2007-11-02 14:37:46 0 d-------- C:\Program Files\Fichiers communs\EBP
2007-11-02 07:27:44 0 d-------- C:\Program Files\Java
2007-10-30 20:07:29 0 d-------- C:\Program Files\KONICA MINOLTA
2007-10-30 18:09:33 0 d-------- C:\Program Files\Microsoft Works
2007-10-30 18:09:26 0 d-------- C:\Program Files\MSBuild
2007-10-30 18:08:41 0 d-------- C:\Program Files\Microsoft.NET
2007-10-30 18:04:55 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2007-10-25 08:53:52 0 d-------- C:\Program Files\Fichiers communs\Adobe
2007-10-20 01:56:16 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-10-20 01:54:28 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-10-20 01:54:28 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-10-20 01:54:12 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-10-20 01:54:12 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-10-20 01:54:12 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-10-20 01:54:10 739840 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-10-18 10:02:34 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-10-17 08:37:11 0 d-------- C:\Documents and Settings\utilisateur\Application Data\EBP
2007-10-10 06:32:40 108 --a------ C:\Program Files\INSTALL.LOG
2007-10-05 06:20:34 40733 --a------ C:\WINDOWS\system32\rightonadz-uninst.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4}"= C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL [11/07/2007 06:31 266240]

[-HKEY_CLASSES_ROOT\CLSID\{E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/07/2006 12:19]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]
"SigmatelSysTrayApp"="stsystra.exe" [20/03/2006 16:00 C:\WINDOWS\stsystra.exe]
"Popup"="C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe" [20/04/2006 17:56]
"Document Manager"="C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [16/05/2006 13:35]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [26/04/2006 08:39]
"PMX Daemon"="ICO.EXE" [09/06/2006 13:47 C:\WINDOWS\system32\ico.exe]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [08/09/2005 06:20]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [27/07/2004 17:50]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [27/07/2004 17:50]
"nwiz"="nwiz.exe" [12/07/2006 12:19 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray. dll" [12/07/2006 12:19]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [03/12/2007 06:17]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/11/2007 18:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [19/01/2005 15:18]
"@"="" []
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [05/10/2007 12:33]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [05/08/2004 13:00]
"Free Uploader Oe Integration"="C:\Program Files\Free Download Manager\FUM\fumoei.exe" [10/06/2007 19:02]

C:\Documents and Settings\utilisateur\Menu D‚marrer\Programmes\D‚marrage\
Pervasive.SQL Workgroup Engine.lnk - C:\PVSW\Bin\w3dbsmgr.exe [22/07/2004 13:40:00]
WinPhone eXPert.lnk - C:\Program Files\WinPhone eXPert\Winphone.exe [27/11/2006 21:00:29]
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe [20/07/2007 18:57:16]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
EMBASSY Trust Suite Secure Update.lnk - C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [30/01/2006 18:11:48]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [02/04/2007 06:35:06]
ProfileReminder.lnk - C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe [28/10/2004 14:01:10]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [03/05/2005 23:07:32]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wxvault.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
"Authentication Packages"= msv1_0 wvauth

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Slim Multimedia Keyboard.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Slim Multimedia Keyboard.lnk
backup=C:\WINDOWS\pss\Slim Multimedia Keyboard.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeVersionCue]
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
"C:\Program Files\BearShare\BearShare.exe" /pause

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\funkbook]
C:\DOCUME~1\UTILIS~1\APPLIC~1\OBJMIX~1\Roam view.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AntiVirScheduler"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{11f4a185-b4e8-11db-9517-001372369606}]
AutoRun\command- H:\loader.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{3bfe3768-6d7f-11dc-9601-001372369606}]
Auto\command- H:\AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{b6085fc4-5634-11dc-95d5-001372369606}]
AutoRun\command- H:\Installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d07e1a58-304d-11dc-95b1-001372369606}]
Auto\command- H:\RavMonE.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e




-- End of Deckard's System Scanner: finished at 2007-12-12 15:42:30 ------------

[angelique]

voila ce que je constate ;o)

1/tu vas supprimer le fichier en gras:

C:\WINDOWS\system32\rightonadz-uninst.exe

2/va me faire analyser:

C:\WINDOWS\system32\wxvault.dll car cette appInit_Dlls ne me plait franchement pas malgré les dires de:

CastleCops® wxvault.dll

Un Lien avec Etrust que je vois nulle par chez toi!!

chez jotti >> Online malware scan

*poste le resultat en selectionnant puis copiant/collant l'analyse du fichier

3/le plus grave tu as été infecté par un support USB, généralement ta peripherique H:\ comme tu peux le voir.

Citation:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{11f4a185-b4e8-11db-9517-001372369606}]
AutoRun\command- H:\loader.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{3bfe3768-6d7f-11dc-9601-001372369606}]
Auto\command- H:\AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{b6085fc4-5634-11dc-95d5-001372369606}]
AutoRun\command- H:\Installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d07e1a58-304d-11dc-95b1-001372369606}]
Auto\command- H:\RavMonE.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

Donc un des tes supports USB est infecté!!

solution:

**telecharge http://www.techsupportforum.com/sect...isinfector.exe

Ton antivirus va s'exiter en le lançant |desactive le temporairement

**branche tous tes supports USB et execute Flash_Disinfector.exe

4/Peux tu me donner le rapport de fslb ?? pas sure:

Télécharge F-Secure Blacklight fsbl.exe

ftp://ftp.f-secure.com/anti-virus/tools/fsbl.exe


Lance-le en double-cliquant sur le fichier fsbl.exe
Accepte la licence, et clique enfin sur "Scan"
- Poste le rapport qui a été créé dans le fichier fsbl-bxxxx.log en l'ouvrant avec le bloc-note.
-n'utilises pas la fonction rename car certains fichiers sont legitimes