ComboFix 08-05-15.3 - Gregor 2008-05-19 15:00:22.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1474 [GMT 2:00]
Endroit: C:\Documents and Settings\Gregor\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\_000003_.tmp.dll
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\_000011_.tmp.dll
C:\WINDOWS\system32\_000012_.tmp.dll
C:\WINDOWS\system32\_000013_.tmp.dll
C:\WINDOWS\system32\_000019_.tmp.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-19 to 2008-05-19 ))))))))))))))))))))))))))))))))))))
.

2008-05-19 13:59 . 2008-05-19 14:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-19 11:13 . 2008-05-19 11:59 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-05-18 15:26 . 2008-05-17 23:15 258,048 --a------ C:\WINDOWS\nldfmtappek.dll
2008-05-18 15:26 . 2008-05-17 23:15 159,744 --a------ C:\WINDOWS\esta.exe
2008-05-18 15:26 . 2008-05-17 23:15 90,112 --a------ C:\WINDOWS\mdtgkswr.exe
2008-05-16 12:10 . 2008-05-16 12:10 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-05-15 17:53 . 2008-05-15 17:53 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-15 16:58 . 2008-05-15 16:56 691,545 --a------ C:\WINDOWS\unins001.exe
2008-05-15 16:58 . 2008-05-15 16:58 2,556 --a------ C:\WINDOWS\unins001.dat
2008-05-15 13:37 . 2008-05-18 15:27 <REP> d-------- C:\Documents and Settings\Gregor\Application Data\TmpRecentIcons
2008-05-15 11:38 . 2008-05-15 03:48 94,208 --a------ C:\WINDOWS\epfg.exe
2008-05-15 11:38 . 2008-05-15 03:49 81,920 --a------ C:\WINDOWS\oadkxrts.exe
2008-05-15 11:38 . 2008-05-15 11:38 28,800 --a------ C:\WINDOWS\system32\wvUoNfcD.dll
2008-05-15 09:21 . 2008-05-15 09:21 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-15 09:21 . 2008-05-15 09:21 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-02 15:01 . 2008-05-02 15:01 <REP> d-------- C:\Documents and Settings\Gregor\Application Data\ACD Systems
2008-05-01 16:59 . 2008-05-01 16:59 <REP> d-------- C:\Documents and Settings\Odile\Application Data\ACD Systems
2008-05-01 16:53 . 2008-05-01 16:53 <REP> d-------- C:\Program Files\Fichiers communs\ACD Systems
2008-05-01 16:53 . 2008-05-01 16:53 <REP> d-------- C:\Program Files\ACD Systems
2008-05-01 16:53 . 2008-05-01 16:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-05-01 16:53 . 2008-05-01 16:53 9,856 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2008-04-30 10:03 . 2008-04-30 10:04 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-19 13:08 1,967,136 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-19 13:07 56,474,912 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-19 11:59 --------- d-----w C:\Program Files\Google
2008-05-19 11:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-19 10:17 756,644 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-19 10:17 185,084 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-15 14:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-15 14:52 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-14 12:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-30 08:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-17 19:36 --------- d-----w C:\Program Files\eMule
2008-04-17 13:02 96,645 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-04-17 13:02 87,941 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-04-16 12:32 --------- d-----w C:\Program Files\Futuroscope Experience ADF
2008-04-04 15:12 828 ----a-w C:\Documents and Settings\Gregor\Application Data\wklnhst.dat
2008-04-03 08:19 --------- d-----w C:\Program Files\Java
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 194,144 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2007-11-02 12:38 160 ----a-w C:\Documents and Settings\Charlene\Application Data\wklnhst.dat
2007-02-27 10:38 251 ----a-w C:\Program Files\wt3d.ini
2007-01-30 16:36 18,437,008 ----a-w C:\Documents and Settings\download\SPS2PIMS20_02FB1.exe
2007-01-18 22:39 0 ----a-w C:\Documents and Settings\Invité\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{831C798D-F9AD-4659-8625-63F2A439F439}]
2008-05-17 23:15 258048 --a------ C:\WINDOWS\nldfmtappek.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{755F70ED-8112-4AEA-B77B-E11296C79DA7}"= "C:\WINDOWS\pvnsmfor.dll" [ ]
"{C9A66198-D585-4160-A963-A889176926B0}"= "C:\WINDOWS\gktxaspm.dll" [ ]

[HKEY_CLASSES_ROOT\clsid\{755f70ed-8112-4aea-b77b-e11296c79da7}]
[HKEY_CLASSES_ROOT\pvnsmfor.1]
[HKEY_CLASSES_ROOT\TypeLib\{4DF01EBE-8007-450D-811C-2E1DD5923664}]
[HKEY_CLASSES_ROOT\pvnsmfor]

[HKEY_CLASSES_ROOT\clsid\{c9a66198-d585-4160-a963-a889176926b0}]
[HKEY_CLASSES_ROOT\gktxaspm.1]
[HKEY_CLASSES_ROOT\TypeLib\{4FF6AC4F-E0D8-40C3-BAE6-E1C9DEF2C03F}]
[HKEY_CLASSES_ROOT\gktxaspm]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-25 06:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-19 13:59 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59 204288]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 21:34 64512]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 22:58 458752]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-20 07:58 7581696]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-20 07:58 86016]
"nwiz"="nwiz.exe" [2006-07-20 07:58 1519616 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 17:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 07:22 794713]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-19 16:14 102400]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 12:33 163840]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 11:50 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 11:23 1187840]
"Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [2006-02-09 10:52 643072]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2006-03-25 06:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 00:50 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-28 00:50 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-03-02 12:03 282624]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2007-01-29 23:02 200768]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 11:45 63712]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-11 02:46 200069]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Device Detector"="C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe" [2005-06-27 10:21 221184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-25 06:00 15360]

C:\Documents and Settings\Gregor\Menu D‚marrer\Programmes\D‚marrage\
BoontyBox BoontyGames.lnk - C:\Program Files\Boonty\BoontyBox\BoontyBox.exe [2007-02-09 19:41:33 824928]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-21 21:42:30 45056]
D‚marrage rapide de HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 09:39:30 73728]
HP Pavilion Webcam Tray Icon.lnk - C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2007-01-11 07:29:19 102400]
Supervision de Photo Loader.lnk - C:\Program Files\CASIO\Photo Loader\Plauto.exe [2007-03-11 13:59:46 217088]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"pxgdslro"= {87287D22-7EB0-406F-87B0-7C2D7B0656DF} - C:\WINDOWS\pxgdslro.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Rai76.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 20:27]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]

*Newly Created Service* - CATCHME
*Newly Created Service* - GUSVC
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-08-10 12:24:00 C:\WINDOWS\Tasks\Connexion facile à Internet.job"
- C:\Program Files\Hewlett-Packard\SDP\HPSdpApp.exef/remind /LaunchPoint reminder /App C:\Program Files\Hewlett-Packard\Easy Internet signup\StartEIS.aml
"2008-05-19 13:02:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-19 15:08:02
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????X??????`?@?????L?@

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-05-19 15:11:06
ComboFix-quarantined-files.txt 2008-05-19 13:10:09

Pre-Run: 43,279,372,288 octets libres
Post-Run: 43,996,659,712 octets libres

198 --- E O F --- 2008-05-16 10:10:01