Pb avec sshnas.dll

bjr
merci de me répondre
en fait j'ai fait ce que j'ai lu sur le post précédent avec hijathis
il faut que je refasse tout avec combofix ?

ok c'est parti

Voilà...
Au démarrage j'ai tjrs la fenêtre impossible de charger bla bla sshnas.dll
Le module spécifé est introuvable.
Comme combofix préparait le rapport je l'ai laissée en tache de fond je peux la fermer maintenant ?

ComboFix 10-01-03.05 - AIXTRIM 04/01/2010 16:43:29.1.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.2037.1170 [GMT 1:00]
Lancé depuis: c:\users\AIXTRIM\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100104-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1368 [VPS 100104-0] *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2247208711-3032279261-3129784817-500
c:\$recycle.bin\S-1-5-21-3111625233-94054582-2409997865-500
c:\windows\msa.exe
c:\windows\system\_sv_CMD_
c:\windows\system32\404Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\dxbuqoov.dll
c:\windows\system32\gueinbvh.dll
c:\windows\system32\hvbnieug.ini
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\IjQpAcdd.ini
c:\windows\System32\IjQpAcdd.ini2
c:\windows\system32\inxknjym.ini
c:\windows\system32\itnlrdls.ini
c:\windows\system32\KBL.LOG
c:\windows\system32\mcrh.tmp
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\vooqubxd.ini
c:\windows\system32\WS2Fix.exe
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-12-04 au 2010-01-04 ))))))))))))))))))))))))))))))))))))
.

2010-01-04 15:53 . 2010-01-04 15:56 -------- d-----w- c:\users\AIXTRIM\AppData\Local\temp
2010-01-04 15:53 . 2010-01-04 15:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-20 16:59 . 2009-12-20 16:59 -------- d---a-w- c:\programdata\rkfree
2009-12-20 16:59 . 2009-12-20 16:59 -------- d-----w- c:\program files\rkfree
2009-12-11 15:51 . 2009-12-11 15:52 -------- d-----w- c:\programdata\Microsoft Help
2009-12-05 16:55 . 2009-12-05 16:55 -------- d-----w- c:\program files\Sweet Home 3D

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-04 15:54 . 2008-12-11 12:47 12 ----a-w- c:\windows\bthservsdp.dat
2010-01-04 12:15 . 2008-12-16 18:28 -------- d-----w- c:\users\AIXTRIM\AppData\Roaming\FileZilla
2010-01-02 21:39 . 2008-12-11 06:36 -------- d-----w- c:\program files\Alwil Software
2009-12-28 15:24 . 2007-11-21 05:49 -------- d-----w- c:\program files\CyberLink
2009-12-28 15:23 . 2009-12-28 15:22 36864 ----a-w- c:\programdata\Temp\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe
2009-12-27 12:32 . 2007-11-21 12:30 693588 ----a-w- c:\windows\system32\perfh00C.dat
2009-12-27 12:32 . 2007-11-21 12:30 118450 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-26 12:47 . 2007-11-21 06:15 -------- d-----w- c:\program files\Java
2009-12-25 16:30 . 2008-12-26 09:28 -------- d-----w- c:\users\AIXTRIM\AppData\Roaming\Apple Computer
2009-12-24 13:18 . 2009-12-24 13:18 653560 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-20 18:37 . 2009-06-22 11:59 -------- d-----w- c:\users\AIXTRIM\AppData\Roaming\uTorrent
2009-12-16 09:19 . 2009-06-25 14:16 -------- d-----w- c:\program files\PdaNet for iPhone
2009-12-06 11:01 . 2009-11-30 18:10 -------- d-----w- c:\users\AIXTRIM\AppData\Roaming\ArchiFacile
2009-12-01 11:02 . 2009-01-11 21:39 -------- d-----w- c:\program files\Microsoft
2009-11-24 23:54 . 2008-12-11 13:15 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:50 . 2008-12-11 06:36 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-12-11 06:36 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2008-12-11 13:15 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-11-24 23:49 . 2008-12-11 14:39 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-12-11 14:39 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-12-11 14:39 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-12 16:44 . 2008-12-16 18:28 -------- d-----w- c:\program files\FileZilla FTP Client
2009-11-06 12:09 . 2009-11-06 12:08 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-06 12:09 . 2009-11-06 12:08 -------- d-----w- c:\program files\iTunes
2009-11-06 12:08 . 2009-11-06 12:08 -------- d-----w- c:\program files\iPod
2009-11-06 12:08 . 2008-12-26 09:26 -------- d-----w- c:\program files\Common Files\Apple
2009-11-06 12:06 . 2009-11-06 12:06 -------- d-----w- c:\program files\QuickTime
2009-11-06 11:54 . 2009-11-06 11:54 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-02 19:42 . 2009-10-02 23:09 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-21 11:10 . 2009-10-21 11:10 5972 ----a-w- c:\users\AIXTRIM\AppData\Local\d3d9caps.dat
2009-10-11 03:17 . 2008-12-15 11:40 411368 ----a-w- c:\windows\system32\deploytk.dll
2008-12-10 19:18 . 2008-12-10 19:18 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 203720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-21 217088]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2007-07-06 159744]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-11 524288]
"3170 Scan2PC"="c:\windows\twain_32\Samsung\CLX3170\Scan2Pc.exe" [2008-08-07 495616]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"rkfree"="c:\program files\rkfree\rkfree.exe" [2009-12-20 71168]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]

c:\users\AIXTRIM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
AVAST.lnk - c:\program files\Alwil Software\Avast4.8\ashDisp.exe [2009-11-26 81000]
PdaNet Desktop.lnk - c:\program files\PdaNet for iPhone\PdaNetPC.exe [2009-12-16 173520]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-27 715568]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^AIXTRIM^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WinMySQLadmin.lnk]
path=c:\users\AIXTRIM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WinMySQLadmin.lnk
backup=c:\windows\pss\WinMySQLadmin.lnk.Startup
backupExtension=.Startup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"FileZilla Server Interface"="c:\program files\FileZilla Server\FileZilla Server Interface.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe"
"908253cf"=rundll32.exe "c:\windows\system32\sldrlnti.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2247208711-3032279261-3129784817-1000]
"EnableNotificationsRef"=dword:00000001

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [11/12/2008 07:36 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [11/12/2008 07:36 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [11/12/2008 14:15 53328]
R2 SSPORT;SSPORT;c:\windows\System32\drivers\SSPORT.SYS [29/03/2009 13:09 5120]
R3 pnetmdm;PdaNet Modem;c:\windows\System32\drivers\pnetmdm.sys [25/06/2009 15:16 9472]
S2 Apache2.2;Apache2.2;"c:\xampp\apache\bin\apache.exe" -k runservice --> c:\xampp\apache\bin\apache.exe [?]
S2 SeekappSrch Service;SeekappSrch Service;"c:\programdata\SeekappSrch\seekapp159.exe" "c:\program files\SeekappSrch\seekapp.dll" Service --> c:\programdata\SeekappSrch\seekapp159.exe [?]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\System32\drivers\libusb0.sys [26/12/2008 17:06 16896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'

2010-01-04 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-27 13:17]
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = http=169.254.129.23:3128;https=169.254.129.23:3128;socks=169.254.129.23:1080
uInternet Settings,ProxyOverride = <local>
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Enregistrer au format HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Enregistrer le texte sélectionné - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Sélection par capture - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
FF - ProfilePath - c:\users\AIXTRIM\AppData\Roaming\Mozilla\Firefox\Profiles\5y8ae8s8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\users\AIXTRIM\AppData\Roaming\Mozilla\Firefox\Profiles\5y8ae8s8.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{894E6428-B4EA-47FD-A11A-A123B2685597} - (no file)
BHO-{B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
Toolbar-{B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
HKCU-Run-LosAlamos - c:\windows\system32\sshnas.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-04 16:57
Windows 6.0.6000 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys spms.sys >>UNKNOWN [0x84FBE938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8838ed1f
\Driver\ACPI -> acpi.sys @ 0x804439d6
\Driver\atapi -> 0x850071f8
\Driver\iaStor -> iaStor.sys @ 0x80d7d580
IoDeviceObjectType -> SecurityProcedure -> ntkrnlpa.exe @ 0x82995467
\Device\Harddisk0\DR0 -> SecurityProcedure -> ntkrnlpa.exe @ 0x82995467
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(1136)
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4.8\aswUpdSv.exe
c:\program files\Alwil Software\Avast4.8\ashServ.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\System32\rundll32.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\Apntex.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\program files\FileZilla Server\FileZilla Server.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Alwil Software\Avast4.8\ashMaiSv.exe
c:\program files\Alwil Software\Avast4.8\ashWebSv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Heure de fin: 2010-01-04 17:03:03 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-01-04 16:03

Avant-CF: 37 126 701 056 octets libres
Après-CF: 36 858 826 752 octets libres

- - End Of File - - CDB9585A932184785EE77DD95F6F1817

OK

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:10:20, on 04/01/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16916)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\rkfree\rkfree.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alwil Software\Avast4.8\ashDisp.exe
C:\Program Files\PdaNet for iPhone\PdaNetPC.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=169.254.129.23:3128;https=169.254.129.23:3128;socks=169.254.129.23:1080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [3170 Scan2PC] "C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [rkfree] "C:\Program Files\rkfree\rkfree.exe" /b
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - Startup: AVAST.lnk = C:\Program Files\Alwil Software\Avast4.8\ashDisp.exe
O4 - Startup: PdaNet Desktop.lnk = C:\Program Files\PdaNet for iPhone\PdaNetPC.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WebCapture.dll2.htm
O8 - Extra context menu item: SmarThru4 Enregistrer au format HTML - C:\Program Files\SmarThru 4\WebCapture.dll1.htm
O8 - Extra context menu item: SmarThru4 Enregistrer le texte sélectionné - C:\Program Files\SmarThru 4\WebCapture.dll.htm
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WebCapture.dll1.htm
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WebCapture.dll.htm
O8 - Extra context menu item: SmarThru4 Sélection par capture - C:\Program Files\SmarThru 4\WebCapture.dll2.htm
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Sélection par capture - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Sélection par capture - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Enregistrer au format HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Enregistrer au format HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Enregistrer le texte sélectionné - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Enregistrer le texte sélectionné - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O23 - Service: Apache2.2 - Unknown owner - c:\xampp\apache\bin\apache.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4.8\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4.8\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4.8\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4.8\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld-nt.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SeekappSrch Service - Unknown owner - C:\ProgramData\SeekappSrch\seekapp159.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.30\bin\mysqld.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Ok j'ai bien noté mais la fenêtre au démarrage ?

c'est quoi rkfree stp ?

c'est quoi le pb !!!???
ok je suis le lien je viens de lire que c'est un spy aussi ???? combo le voit pas lui ?
pour regedit c'est fait mais cles, valeur, et données : rien (case mot entier cochée)

Ok !
Tout est fait !
Un grand merci
Bonne année !