Souci sur le PC de mon fils

[marmotte38]

Rapport Combofix

 

ComboFix 08-03-30.1 - Gaet 2008-03-30 18:54:49.3 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.565 [GMT 2:00]

Endroit: C:\Documents and Settings\Gaet\Bureau\ComboFix.exe

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\Documents and Settings\All Users\Application Data\afitsvsz

C:\Documents and Settings\Gaet\Mes documents\SMANTE~1

C:\Documents and Settings\Gaet\Mes documents\SMANTE~1\S?mantec\

C:\Documents and Settings\Gaet\Mes documents\SSTEM~1

C:\spyware.JPG

C:\spyware2.JPG

C:\sqmdata15.sqm

C:\sqmdata16.sqm

C:\sqmnoopt15.sqm

C:\sqmnoopt16.sqm

C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe

C:\WINDOWS\dwnrpofk.dll

C:\WINDOWS\fnts~1

C:\WINDOWS\qvdntlmw.dll

C:\WINDOWS\sembly~1

C:\WINDOWS\sstem3~1

C:\WINDOWS\system32\gdnmimbc.ini

C:\WINDOWS\system32\SAKUBcfe.ini

C:\WINDOWS\system32\SAKUBcfe.ini2

C:\WINDOWS\system32\tmp.reg

C:\WINDOWS\system32\wintsvtr.exe

C:\WINDOWS\system32\WwvDKRqr.ini

C:\WINDOWS\system32\WwvDKRqr.ini2

C:\WINDOWS\system32\ybizynml.exe

C:\WINDOWS\vbgtorfd.dll

 

.

((((((((((((((((((((((((((((( Fichiers créés 2008-02-28 to 2008-03-30 ))))))))))))))))))))))))))))))))))))

.

 

2008-03-30 18:43 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-03-30 18:42 . 2008-03-30 18:42 <REP> d-------- C:\Program Files\Java

2008-03-30 18:38 . 2008-03-30 18:38 <REP> d-------- C:\Program Files\Fichiers communs\Java

2008-03-30 18:37 . 2008-03-30 18:37 268 --ah----- C:\sqmdata19.sqm

2008-03-30 18:37 . 2008-03-30 18:37 244 --ah----- C:\sqmnoopt19.sqm

2008-03-30 18:34 . 2008-03-30 18:34 172 --ah----- C:\sqmnoopt18.sqm

2008-03-30 18:34 . 2008-03-30 18:34 172 --ah----- C:\sqmdata18.sqm

2008-03-30 18:32 . 2008-03-30 18:32 268 --ah----- C:\sqmdata16.sqm

2008-03-30 18:32 . 2008-03-30 18:32 244 --ah----- C:\sqmnoopt16.sqm

2008-03-30 15:08 . 2008-03-30 15:08 268 --ah----- C:\sqmdata15.sqm

2008-03-30 15:08 . 2008-03-30 15:08 244 --ah----- C:\sqmnoopt15.sqm

2008-03-30 13:37 . 2008-03-30 13:37 268 --ah----- C:\sqmdata17.sqm

2008-03-30 13:37 . 2008-03-30 13:37 244 --ah----- C:\sqmnoopt17.sqm

2008-03-30 12:13 . 2008-03-30 12:23 <REP> d-------- C:\Program Files\Navilog1

2008-03-30 11:45 . 2008-03-30 15:13 <REP> d-------- C:\smitfraudfix

2008-03-30 10:17 . 2008-03-30 18:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-03-30 07:57 . 2008-03-30 07:57 <REP> d-------- C:\Documents and Settings\Gaet\Application Data\Template

2008-03-29 13:49 . 2008-03-29 13:49 <REP> d-------- C:\Documents and Settings\Gaet\Application Data\PC-Cleaner

2008-03-29 13:47 . 2008-03-29 13:50 <REP> d-------- C:\Program Files\PC-Cleaner

2008-03-29 12:50 . 2008-03-30 15:18 <REP> d-------- C:\Program Files\Spyware Doctor

2008-03-29 12:50 . 2008-03-29 12:50 <REP> d-------- C:\Documents and Settings\Gaet\Application Data\PC Tools

2008-03-29 12:50 . 2007-12-10 15:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2008-03-29 12:50 . 2007-12-10 15:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2008-03-29 12:50 . 2008-02-01 13:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2008-03-29 12:50 . 2007-12-10 15:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2008-03-28 20:42 . 2008-03-28 20:42 2 --a------ C:\WINDOWS\msoffice.ini

2008-03-28 17:00 . 2008-03-29 12:41 327 --a------ C:\WINDOWS\wininit.ini

2008-03-28 16:29 . 2008-03-30 18:34 <REP> d-------- C:\Program Files\Spybot - Search & Destroy

2008-03-28 16:29 . 2008-03-30 18:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-02-22 13:17 . 2008-02-22 13:17 <REP> d-------- C:\Program Files\DivX

2008-02-21 04:05 . 2008-02-21 04:05 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll

2008-02-21 04:05 . 2008-02-21 04:05 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-30 16:53 --------- d-----w C:\Documents and Settings\Gaet\Application Data\Skype

2008-03-30 16:52 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-03-30 16:52 --------- d-----w C:\Program Files\Steam

2008-03-30 16:52 --------- d-----w C:\Documents and Settings\Gaet\Application Data\OpenOffice.org2

2008-03-30 13:05 --------- d-----w C:\Program Files\Moon Secure Antivirus

2008-03-28 18:43 --------- d-----w C:\Program Files\Fichiers communs\aolshare

2008-03-28 18:43 --------- d-----w C:\Program Files\Fichiers communs\AOL

2008-03-28 18:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL

2008-03-28 18:33 --------- d-----w C:\Program Files\Yahoo!

2008-03-28 14:42 --------- d-----w C:\Program Files\Warcraft III

2008-03-28 14:27 --------- d-----w C:\Program Files\Messenger Plus! Live

2008-02-23 21:28 --------- d-----w C:\Program Files\GUILD WARS

2008-02-06 12:16 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-02-06 12:15 28,256 ----a-w C:\WINDOWS\system32\drivers\MxlW2k.sys

2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys

2007-12-07 14:37 3,080,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll

2007-12-06 13:07 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe

2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll

2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll

.

 

((((((((((((((((((((((((((((( snapshot@2008-03-30_13.40.31.60 )))))))))))))))))))))))))))))))))))))))))

.

- 2003-11-19 16:36:26 24,681 ----a-w C:\WINDOWS\system32\java.exe

+ 2008-02-21 23:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe

- 2003-11-19 16:36:30 28,779 ----a-w C:\WINDOWS\system32\javaw.exe

+ 2008-02-21 23:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe

+ 2008-02-22 00:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 18:20 20058152]

"Steam"="c:\program files\steam\steam.exe" [2008-03-28 11:54 1271032]

"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-05-16 12:21 190024]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-20 01:09 94208]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-20 01:06 77824]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-20 01:10 114688]

"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 02:20 339968 C:\WINDOWS\stsystra.exe]

"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 22:12 221184]

"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 18:19 53248]

"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 03:01 86016]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 03:05 127035]

"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 18:50 221184]

"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 18:50 81920]

"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-11-04 20:41 26112]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-10-05 23:11 866584]

"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41 45056]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 00:00 128920]

"Moon Secure Antivirus"="C:\Program Files\Moon Secure Antivirus\moontray.exe" [2007-01-24 20:49 1153536]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-10-21 14:28 29696 C:\WINDOWS\KHALMNPR.Exe]

"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 13:55 1103240]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]

"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 14:45 36040]

 

C:\Documents and Settings\Gaet\Menu D‚marrer\Programmes\D‚marrage\

OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 14:36:42 61440]

 

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2007-12-25 00:41:26 581632]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\WINDOWS\\system32\\rtcshare.exe"=

"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"C:\\Programmes\\Activision\\Rome - Total War\\RomeTW-BI.exe"=

"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=

"C:\\Program Files\\Sierra\\FEAR MP Demo\\FEARMPDemo.exe"=

"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=

"C:\\Program Files\\Sierra\\FEAR MP Demo\\FEARServer.exe"=

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"C:\\Program Files\\Third Wave Games\\War World - Tactical Combat DEMO 1.09\\War World.exe"=

"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"C:\\Program Files\\Steam\\SteamApps\\dsfge83\\counter-strike source\\hl2.exe"=

"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=

"C:\\Program Files\\THQ\\Titan Quest\\Titan Quest.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=

"C:\\Team17\\Worms World Party\\wwp.exe"=

"C:\\Program Files\\Steam\\steam.exe"=

"C:\\Program Files\\THQ\\Titan Quest Immortal Throne\\Tqit.exe"=

"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=

"C:\\WINDOWS\\system32\\dplaysvr.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\WINDOWS\\system32\\rundll32.exe"=

"C:\\Documents and Settings\\Gaet\\Bureau\\Counter-Strike Source\\hl2.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6112:TCP"= 6112:TCP:6112

"6112:UDP"= 6112:UDP:6112bis

 

R2 msav;Moon Secure Antivirus Core;C:\Program Files\Moon Secure Antivirus\msavcore.exe [2007-01-24 20:49]

S3 Am772;SMC2602W 11 Mbps Wireless 802.11 Adapter;C:\WINDOWS\system32\DRIVERS\Am772.sys [2004-01-26 14:40]

S3 P1130VID;Creative WebCam NX Pro;C:\WINDOWS\system32\DRIVERS\P1130Vid.sys [2003-06-11 03:00]

 

.

Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

"2008-03-30 16:54:18 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Program Files\Windows Defender\MpCmdRun.exe

"2008-03-30 16:19:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-30 18:58:03

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

Scan terminé avec succès

Les fichiers cachés: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AntiVirScheduler]

"ImagePath"="\"C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe\""

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AntiVirService]

"ImagePath"="\"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe\""

--

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\avgio]

"ImagePath"="\??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\avgntflt]

"ImagePath"="\??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\avipbb]

"ImagePath"="system32\DRIVERS\avipbb.sys"

--

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]

"ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"

--

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ssmdrv]

"ImagePath"="system32\DRIVERS\ssmdrv.sys"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]

"ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"

.

--------------------- DLLs a chargé sous des processus courants ---------------------

 

PROCESS: C:\WINDOWS\explorer.exe

-> C:\Program Files\Logitech\SetPoint\lgscroll.dll

.

Temps d'accomplissement: 2008-03-30 18:59:12

ComboFix-quarantined-files.txt 2008-03-30 16:59:09

Pre-Run: 24,241,332,224 octets libres

Post-Run: 24,229,031,936 octets libres

.

2008-03-28 09:57:43 --- E O F ---

[pear]

Eh bien, combofix et vous avez bien travaillé.

 

Je suppose que vous lancé tools cleaner pour nettoyer les outils.

 

Tout va bien ?

[marmotte38]

Rapport ToolsCleaner

 

-->- Recherche:

 

C:\SmitFraudfix: trouvé !

C:\Qoobox: trouvé !

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: trouvé !

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé !

C:\Documents and Settings\Gaet\Bureau\ComboFix.exe: trouvé !

C:\Documents and Settings\Gaet\Bureau\HijackThis.exe: trouvé !

C:\Documents and Settings\Gaet\Bureau\sécurité\Navilog1.exe: trouvé !

C:\Documents and Settings\Gaet\Bureau\sécurité\Navilog1.lnk: trouvé !

C:\Program Files\Navilog1: trouvé !

C:\Program Files\Navilog1\Navilog1.bat: trouvé !

C:\smitfraudfix\SmitFraudfix: trouvé !

 

---------------------------------

-->- Suppression:

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: supprimé !

C:\Documents and Settings\Gaet\Bureau\ComboFix.exe: supprimé !

C:\Documents and Settings\Gaet\Bureau\HijackThis.exe: supprimé !

C:\Documents and Settings\Gaet\Bureau\sécurité\Navilog1.exe: supprimé !

C:\Documents and Settings\Gaet\Bureau\sécurité\Navilog1.lnk: supprimé !

C:\Program Files\Navilog1\Navilog1.bat: supprimé !

C:\SmitFraudfix: supprimé !

C:\Qoobox: supprimé !

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: supprimé !

C:\Program Files\Navilog1: supprimé !

 

 

 

Le PC est en pleine forme