"Christophe" - 07-05-08 18:55:18 Service Pack 2 ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Christophe.CHRISTOP-JMI07X\Bureau\" ((((((((((((((((((((((((((((((( Files Created from 2007-04-08 to 2007-05-08 )))))))))))))))))))))))))))))))))) 2007-05-07 20:00 d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-05-05 19:56 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-05-04 23:23 d-------- C:\Program Files\Backupnavi 2007-05-02 20:51 d-------- C:\DOCUME~1\ALLUSE~1.WIN\ModŠles 2007-05-01 23:33 d-------- C:\VundoFix Backups 2007-05-01 23:32 d-------- C:\Program Files\backups 2007-05-01 19:31 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-05-01 19:06 682,864 --a------ C:\Program Files\fsblc.exe 2007-05-01 19:06 53,248 --a------ C:\Program Files\Process.exe 2007-05-01 19:06 481 --a------ C:\Program Files\traiteregfsbl.bat 2007-05-01 19:06 44,104 --a------ C:\Program Files\regnavi.reg 2007-05-01 19:06 363 --a------ C:\Program Files\traitementfsbl.bat 2007-05-01 19:06 216,294 --a------ C:\Program Files\navilog1.bat 2007-05-01 16:47 d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Windows Genuine Advantage 2007-05-01 15:38 d-------- C:\RkUnhooker 2007-05-01 15:31 218,112 --a------ C:\Program Files\HijackThis.exe 2007-05-01 15:19 103,424 --a------ C:\grep.exe 2007-05-01 15:05 d-------- C:\DiagHelp 2007-05-01 13:25 d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\nView_Profiles 2007-04-29 18:50 d-a------ C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\TEMP 2007-04-26 20:16 1,156 --a------ C:\WINDOWS\mozver.dat 2007-04-24 23:00 540,791 --------- C:\WINDOWS\system32\ttstv.bak2 2007-04-22 19:55 525,596 --------- C:\WINDOWS\system32\ttstv.bak1 2007-04-22 13:02 0 --a------ C:\WINDOWS\nsreg.dat 2007-04-22 13:02 d-------- C:\DOCUME~1\CHRIST~1.CHR\APPLIC~1\Talkback 2007-04-22 12:43 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-04-22 12:43 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-04-22 12:43 59,472 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-04-22 12:43 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-04-22 12:43 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys 2007-04-22 12:43 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-04-22 12:43 d-------- C:\Program Files\Spyware Doctor 2007-04-22 12:43 d-------- C:\DOCUME~1\CHRIST~1.CHR\APPLIC~1\PC Tools 2007-04-22 12:41 d-------- C:\Program Files\Norton Security Scan 2007-04-22 12:39 d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Google Updater 2007-04-22 12:19 16,128 --a------ C:\WINDOWS\system32\PCANDIS5.SYS 2007-04-22 12:19 d-------- C:\Program Files\Kit ADSL 2007-04-22 12:18 d-------- C:\WINDOWS\neufBOX_ADSL 2007-04-16 20:02 d-------- C:\Program Files\Neuf 2007-04-15 11:08 47,104 --a------ C:\WINDOWS\system32\KMVIDC32.DLL 2007-04-15 10:50 315,904 --a------ C:\WINDOWS\IsUninst.exe 2007-04-09 18:20 d-------- C:\Program Files\mp3DirectCut (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-08 18:51 -------- d-------- C:\Program Files\emule 2007-05-05 19:58 7240 --a------ C:\Program Files\hijackthis.log 2007-05-02 20:53 -------- d-------- C:\Program Files\windows media connect 2 2007-05-02 20:51 -------- d-------- C:\Program Files\google 2007-04-22 23:01 -------- d-------- C:\Program Files\limewire 2007-04-22 12:42 -------- d--h----- C:\Program Files\installshield installation information 2007-04-22 12:41 -------- d-------- C:\Program Files\picasa2 2007-04-22 12:25 71248 --a--c--- C:\WINDOWS\system32\perfc00c.dat 2007-04-22 12:25 458230 --a--c--- C:\WINDOWS\system32\perfh00c.dat 2007-04-22 12:09 -------- d-------- C:\Program Files\jeux 2007-04-17 23:13 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-04-09 17:28 -------- d-------- C:\DOCUME~1\CHRIST~1.CHR\APPLIC~1\limewire 2007-03-26 19:57 -------- d-------- C:\DOCUME~1\CHRIST~1.CHR\APPLIC~1\transrender 2007-03-19 21:48 -------- dr-h----- C:\DOCUME~1\CHRIST~1.CHR\APPLIC~1\yahoo! 2007-03-19 21:47 -------- d-------- C:\Program Files\yahoo! 2007-03-17 15:44 293376 --a------ C:\WINDOWS\system32\winsrv.dll 2007-03-09 00:03 54936 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll 2007-03-09 00:03 42648 --a------ C:\WINDOWS\zllsputility_loc040c.dll 2007-03-09 00:02 75512 --a------ C:\WINDOWS\zllsputility.exe 2007-03-09 00:02 22168 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll 2007-03-09 00:02 18072 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll 2007-03-09 00:01 1087216 --a------ C:\WINDOWS\system32\zpeng24.dll 2007-03-08 17:37 578560 --a------ C:\WINDOWS\system32\user32.dll 2007-03-08 17:37 40960 --a------ C:\WINDOWS\system32\mf3216.dll 2007-03-08 17:37 281600 --a------ C:\WINDOWS\system32\gdi32.dll 2007-03-08 17:33 1843712 --a------ C:\WINDOWS\system32\win32k.sys (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {119474D7-6715-4A29-AC7B-869974E70007} C:\WINDOWS\system32\vtstt.dll [x] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll {F1E693A3-6CD3-47A1-B525-E782471B06Cf} C:\WINDOWS\system32\kbmdmapm.dll [x] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe" "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe" "ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\"" "Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup" "Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" "InfoData"="rundll32.exe \"C:\\WINDOWS\\system32\\oqikxsbl.dll\",realset" "nwiz"="nwiz.exe /install" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "IncrediMail"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe /c" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe" "Neuf Giga Drive"="\"C:\\Program Files\\Neuf\\Neuf Giga Drive\\neufGiga.exe\" /delayed" "TVAgent WiFi"="C:\\Program Files\\Kit ADSL\\Wizard\\Agent_WiFi.exe" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{C5E02D55-E7B6-4AD1-8140-D418D409A047}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0nwprovau\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_PCANDIS5 Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1154984752.job C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1160595874.job C:\WINDOWS\tasks\Norton Security Scan.job ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-08 19:00:34 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-05-08 19:00:45 C:\ComboFix-quarantined-files.txt ... 07-05-08 19:00 C:\ComboFix2.txt ... 07-05-05 19:56