Sshnas21.dll virus
Résolu
dsaxl
-
jlpjlp Messages postés 51580 Date d'inscription Statut Contributeur sécurité Dernière intervention -
jlpjlp Messages postés 51580 Date d'inscription Statut Contributeur sécurité Dernière intervention -
Bonjour,
je rencontre le même problème que d'autres internautes avec le virus Sshnas21.dll. Svp pourriez-vous m'aider à m'en débarrasser complétement ?
Au vu des précédents postes sur le sujet, j'ai dl ZHPDiag et remis à jour MBAM qui a du coup détecté et supprimé des fichiers ou autres infestés. Que faire ensuite ?
Merci.
je rencontre le même problème que d'autres internautes avec le virus Sshnas21.dll. Svp pourriez-vous m'aider à m'en débarrasser complétement ?
Au vu des précédents postes sur le sujet, j'ai dl ZHPDiag et remis à jour MBAM qui a du coup détecté et supprimé des fichiers ou autres infestés. Que faire ensuite ?
Merci.
A voir également:
- Sshnas21.dll virus
- Virus mcafee - Accueil - Piratage
- Advapi32.dll ccleaner - Forum Windows 7
- Softonic virus ✓ - Forum Virus
- Faux message virus iphone ✓ - Forum Virus
- Xinput1_3.dll - Forum Windows
26 réponses
Voici ce qu'a donné ComboFix :
ComboFix 10-11-05.01 - Axelle 05/11/2010 22:26:16.4.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1014.499 [GMT 1:00]
Lancé depuis: c:\documents and settings\Axelle\Mes documents\Téléchargements\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SSHNAS
-------\Legacy_USNJSVC
-------\Legacy_XPROTECTOR
-------\Service_usnjsvc
((((((((((((((((((((((((((((( Fichiers créés du 2010-10-05 au 2010-11-05 ))))))))))))))))))))))))))))))))))))
.
2010-11-05 18:00 . 2010-11-05 18:00 -------- d-----w- c:\program files\Trend Micro
2010-11-05 17:08 . 2010-11-05 17:07 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-11-05 17:08 . 2010-11-05 17:07 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-05 14:22 . 2010-11-05 15:42 -------- d-----w- C:\UsbFix
2010-11-04 21:02 . 2010-11-05 17:12 -------- d-----w- c:\program files\ZHPDiag
2010-10-27 23:45 . 2010-10-27 23:45 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-10-27 08:14 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-10-27 08:14 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-10-26 19:14 . 2010-10-26 19:14 -------- d-----w- c:\program files\Microsoft Silverlight
2010-10-14 18:36 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-14 18:36 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-14 18:36 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-14 18:35 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-05 17:07 . 2007-06-02 17:08 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-05 15:38 . 2010-11-05 15:38 486424 ----a-w- C:\UsbFix_Upload_Me_AXELLE_CORP.zip
2010-09-18 10:23 . 2004-08-20 10:23 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-20 10:23 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-20 10:23 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-20 10:23 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:50 . 2004-08-20 10:24 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:50 . 2004-08-20 10:23 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:50 . 2004-08-20 10:23 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2004-08-20 10:23 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:55 . 2004-08-20 10:24 1852928 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-20 10:24 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:58 . 2004-08-20 10:24 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2004-08-20 10:24 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2004-08-20 10:23 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-20 10:24 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:44 . 2004-08-20 10:24 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2009-05-04 10:45 . 2010-10-01 11:11 3007800 ----a-w- c:\program files\PlantsVsZombies.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]
2009-10-15 08:53 165184 ----a-w- c:\program files\Neuf\Kit\SFRNavErrorHelper.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Connexion SFR 9props.exe"="c:\program files\Neuf\Kit\9props.exe" [2009-10-15 959808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2006-08-03 1032192]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-09-29 185872]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk]
backup=c:\windows\pss\BTTray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSVolFE.exe]
2005-02-23 15:57 57344 ------w- c:\program files\Creative\Mixer\CTSVolFE.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2008-08-13 17:32 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 05:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 08:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2006-06-26 08:46 497200 ----a-w- c:\program files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2006-06-26 09:34 614960 ----a-w- c:\program files\Logitech\QuickCam10\QuickCam10.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2006-06-26 09:33 243248 ----a-w- c:\program files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 02:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2005-07-12 19:05 1117184 ----a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-05-02 16:16 184320 ------w- c:\program files\Dell\MediaDirect\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 14:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-03-08 18:48 761947 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-09-29 12:40 185872 ----a-w- c:\program files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
"ISUSPM Startup"=c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
"LogitechSetup"=d:\setup\Setup.exe /restart /l:fra
"hpqSRMon"=c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\program files\SFR\Media Center\httpd\httpd.exe"= c:\program files\SFR\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13504:TCP"= 13504:TCP:NortonAV
"17550:TCP"= 17550:TCP:NortonAV
"14067:TCP"= 14067:TCP:NortonAV
"18047:TCP"= 18047:TCP:NortonAV
"15831:TCP"= 15831:TCP:NortonAV
"15797:TCP"= 15797:TCP:NortonAV
"14051:TCP"= 14051:TCP:NortonAV
"14754:TCP"= 14754:TCP:NortonAV
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/04/2008 07:38 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/04/2008 07:38 19024]
S3 fbxusb;FreeBox USB Network Adapter;c:\windows\system32\drivers\fbxusb.sys [31/12/2003 10:35 18848]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [16/11/2009 11:30 13224]
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;c:\windows\system32\drivers\usbiad.sys [14/01/2007 15:59 31547]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'
2010-11-05 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-04-13 11:03]
.
.
------- Examen supplémentaire -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: mappy.com
Trusted Zone: orange.fr
Trusted Zone: voila.fr\rw.search.ke
Trusted Zone: weborama.fr\orange
TCP: {B089A0CD-E3C7-4CE8-8D4C-5D99E67137FD} = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Axelle\Application Data\Mozilla\Firefox\Profiles\w18iws7b.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
FF - user.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
.
- - - - ORPHELINS SUPPRIMES - - - -
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
MSConfigStartUp-CookiePatrol - d:\logic~21\PESTPA~5\CookiePatrol.exe
MSConfigStartUp-PPMemCheck - d:\logic~21\PESTPA~5\PPMemCheck.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_07\bin\jusched.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-05 22:35
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(3196)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Heure de fin: 2010-11-05 22:38:53
ComboFix-quarantined-files.txt 2010-11-05 21:38
Avant-CF: 8 490 172 416 octets libres
Après-CF: 8 440 762 368 octets libres
- - End Of File - - D5E78DF0196C7A8521F07D5F6B7601EC
ComboFix 10-11-05.01 - Axelle 05/11/2010 22:26:16.4.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1014.499 [GMT 1:00]
Lancé depuis: c:\documents and settings\Axelle\Mes documents\Téléchargements\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SSHNAS
-------\Legacy_USNJSVC
-------\Legacy_XPROTECTOR
-------\Service_usnjsvc
((((((((((((((((((((((((((((( Fichiers créés du 2010-10-05 au 2010-11-05 ))))))))))))))))))))))))))))))))))))
.
2010-11-05 18:00 . 2010-11-05 18:00 -------- d-----w- c:\program files\Trend Micro
2010-11-05 17:08 . 2010-11-05 17:07 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-11-05 17:08 . 2010-11-05 17:07 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-05 14:22 . 2010-11-05 15:42 -------- d-----w- C:\UsbFix
2010-11-04 21:02 . 2010-11-05 17:12 -------- d-----w- c:\program files\ZHPDiag
2010-10-27 23:45 . 2010-10-27 23:45 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-10-27 08:14 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-10-27 08:14 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-10-26 19:14 . 2010-10-26 19:14 -------- d-----w- c:\program files\Microsoft Silverlight
2010-10-14 18:36 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-14 18:36 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-14 18:36 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-14 18:35 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-05 17:07 . 2007-06-02 17:08 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-05 15:38 . 2010-11-05 15:38 486424 ----a-w- C:\UsbFix_Upload_Me_AXELLE_CORP.zip
2010-09-18 10:23 . 2004-08-20 10:23 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-20 10:23 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-20 10:23 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-20 10:23 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:50 . 2004-08-20 10:24 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:50 . 2004-08-20 10:23 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:50 . 2004-08-20 10:23 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2004-08-20 10:23 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:55 . 2004-08-20 10:24 1852928 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-20 10:24 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:58 . 2004-08-20 10:24 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2004-08-20 10:24 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2004-08-20 10:23 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-20 10:24 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:44 . 2004-08-20 10:24 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2009-05-04 10:45 . 2010-10-01 11:11 3007800 ----a-w- c:\program files\PlantsVsZombies.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]
2009-10-15 08:53 165184 ----a-w- c:\program files\Neuf\Kit\SFRNavErrorHelper.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Connexion SFR 9props.exe"="c:\program files\Neuf\Kit\9props.exe" [2009-10-15 959808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2006-08-03 1032192]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-09-29 185872]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk]
backup=c:\windows\pss\BTTray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSVolFE.exe]
2005-02-23 15:57 57344 ------w- c:\program files\Creative\Mixer\CTSVolFE.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2008-08-13 17:32 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 05:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 08:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2006-06-26 08:46 497200 ----a-w- c:\program files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2006-06-26 09:34 614960 ----a-w- c:\program files\Logitech\QuickCam10\QuickCam10.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2006-06-26 09:33 243248 ----a-w- c:\program files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 02:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2005-07-12 19:05 1117184 ----a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-05-02 16:16 184320 ------w- c:\program files\Dell\MediaDirect\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 14:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-03-08 18:48 761947 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-09-29 12:40 185872 ----a-w- c:\program files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
"ISUSPM Startup"=c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
"LogitechSetup"=d:\setup\Setup.exe /restart /l:fra
"hpqSRMon"=c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\program files\SFR\Media Center\httpd\httpd.exe"= c:\program files\SFR\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13504:TCP"= 13504:TCP:NortonAV
"17550:TCP"= 17550:TCP:NortonAV
"14067:TCP"= 14067:TCP:NortonAV
"18047:TCP"= 18047:TCP:NortonAV
"15831:TCP"= 15831:TCP:NortonAV
"15797:TCP"= 15797:TCP:NortonAV
"14051:TCP"= 14051:TCP:NortonAV
"14754:TCP"= 14754:TCP:NortonAV
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/04/2008 07:38 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/04/2008 07:38 19024]
S3 fbxusb;FreeBox USB Network Adapter;c:\windows\system32\drivers\fbxusb.sys [31/12/2003 10:35 18848]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [16/11/2009 11:30 13224]
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;c:\windows\system32\drivers\usbiad.sys [14/01/2007 15:59 31547]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'
2010-11-05 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-04-13 11:03]
.
.
------- Examen supplémentaire -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: mappy.com
Trusted Zone: orange.fr
Trusted Zone: voila.fr\rw.search.ke
Trusted Zone: weborama.fr\orange
TCP: {B089A0CD-E3C7-4CE8-8D4C-5D99E67137FD} = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Axelle\Application Data\Mozilla\Firefox\Profiles\w18iws7b.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
FF - user.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
.
- - - - ORPHELINS SUPPRIMES - - - -
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
MSConfigStartUp-CookiePatrol - d:\logic~21\PESTPA~5\CookiePatrol.exe
MSConfigStartUp-PPMemCheck - d:\logic~21\PESTPA~5\PPMemCheck.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_07\bin\jusched.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-05 22:35
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(3196)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Heure de fin: 2010-11-05 22:38:53
ComboFix-quarantined-files.txt 2010-11-05 21:38
Avant-CF: 8 490 172 416 octets libres
Après-CF: 8 440 762 368 octets libres
- - End Of File - - D5E78DF0196C7A8521F07D5F6B7601EC
comment va le pc?
colle un rapport d'analyse avec un antivirus en ligne (<= ici) parmi les 4 premiers donnés
colle un rapport d'analyse avec un antivirus en ligne (<= ici) parmi les 4 premiers donnés
BitDefender n'a trouvé aucun problème et mon ordi semble aller mieux (plus de fenêtres intempestives notamment) donc j'espère que c'est bon :). A voir à mon retour dans qq jours où je ne manquerai pas de mettre sujet en résolu si tout va bien.
Merci beaucoup en tout cas pour ton aide !
Merci beaucoup en tout cas pour ton aide !
ok pour supprimer ce qui a été utilisé et non utile
regarde ce lien:
http://www.commentcamarche.net/faq/24877-supprimer-les-logiciels-de-desinfection
pour te proteger:
https://www.commentcamarche.net/faq/24687-les-logiciels-de-securite-gratuits-indispensables
regarde ce lien:
http://www.commentcamarche.net/faq/24877-supprimer-les-logiciels-de-desinfection
pour te proteger:
https://www.commentcamarche.net/faq/24687-les-logiciels-de-securite-gratuits-indispensables
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question