Hi,
My Norton security expired and I kinda waited too lng to renew it so I got caught with Security Tool Malaware. I tried a lot of things since the past week and so far I was able to only move forward reading your forums. So I signed to seek for some help.
EVerytime I tried to run a prgram it would shut down, And my explorer doesnt work anymore, I downloaded firefox and it desnt work. Anyway so I was able to run ComboFix, then exehelper, then finally got capable of performing a scan with mbam.exe! I was also finally able to use hijackthis. However everything on my PC is still f**ed up. I cant donwload the mbam.exe update, I cant open explorer and firefox say's I cant connect. But strangely enough my Windows Live Messenger connects!!! like wth!!?
Anyway here are are my logs:
ComboFix Log:
ComboFix 09-11-01.04 - joe 2009-11-02 23:31.1.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.2.1036.18.1023.680 [GMT -5:00]
Lancé depuis: G:\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Outdated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\chrome.manifest
c:\program files\RelevantKnowledge\components\rlxg.dll
c:\program files\RelevantKnowledge\install.rdf
c:\program files\RelevantKnowledge\rloci.bin
c:\program files\RelevantKnowledge\rlph.dll
c:\program files\RelevantKnowledge\rlservice.exe
c:\program files\RelevantKnowledge\rlvknlg(2).exe
c:\program files\RelevantKnowledge\rlvknlg.exe
c:\program files\RelevantKnowledge\rlxf.dll
c:\windows\run.log
c:\windows\system32\xa.tmp
c:\windows\system32\yqrnld50e.dll
Une copie infectée de c:\windows\system32\DRIVERS\nvata.sys a été trouvée et désinfectée
Copie restaurée à partir de - Kitty ate it :p
Une copie infectée de c:\windows\system32\eventlog.dll a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\ServicePackFiles\i386\eventlog.dll
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
((((((((((((((((((((((((((((( Fichiers créés du 2009-10-03 au 2009-11-03 ))))))))))))))))))))))))))))))))))))
.
2009-11-03 04:26 . 2005-01-17 05:43 88576 ----a-w- c:\windows\system32\drivers\nvatabus.sys
2009-11-03 04:26 . 2008-04-13 18:40 96512 -c--a-w- c:\windows\system32\dllcache\atapi.sys
2009-11-03 04:26 . 2008-04-13 18:40 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-03 04:20 . 2009-11-03 04:20 -------- d-----w- c:\program files\Trend Micro
2009-11-03 03:53 . 2009-11-03 03:53 -------- d-----w- c:\program files\RegDefense
2009-11-03 03:48 . 2009-11-03 03:48 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2009-11-03 03:39 . 2009-11-03 03:39 -------- d-----w- c:\program files\Fichiers communs\ParetoLogic
2009-11-03 03:39 . 2009-11-03 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-11-03 03:39 . 2009-11-03 03:39 -------- d-----w- c:\program files\Fichiers communs\XoftSpySE
2009-11-03 03:39 . 2009-11-03 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\XoftSpySE
2009-11-03 03:39 . 2009-11-03 03:39 -------- d-----w- c:\program files\XoftSpySE6
2009-11-03 03:17 . 2009-11-03 03:17 -------- d-----w- c:\documents and settings\joe\Local Settings\Application Data\Mozilla
2009-11-03 02:39 . 2009-11-03 04:13 22016 ----a-w- c:\windows\system32\tdlwsp.dll
2009-11-02 23:19 . 2009-11-02 23:19 -------- d-----w- c:\documents and settings\joe\Application Data\Malwarebytes
2009-11-02 23:13 . 2008-12-11 13:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-11-02 23:13 . 2009-08-24 19:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-02 23:13 . 2009-08-19 16:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-23 07:07 . 2009-10-28 04:22 -------- d-----w- c:\documents and settings\Malwarebytes' Anti-Malware
2009-10-23 07:07 . 2009-10-23 07:10 20949 ----a-w- c:\documents and settings\Malwarebytes' Anti-Malware\unins000.dat
2009-10-23 07:07 . 2009-10-23 07:10 -------- d-----w- c:\documents and settings\Malwarebytes' Anti-Malware\Languages
2009-10-23 06:50 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-23 06:50 . 2009-10-28 04:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-23 06:50 . 2009-10-23 06:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-23 06:50 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-23 05:40 . 2009-10-28 04:31 -------- d-----w- c:\program files\Panda Security
2009-10-23 05:37 . 2009-11-03 02:38 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-23 05:14 . 2009-11-03 03:38 0 ----a-r- c:\windows\win32k.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-03 04:42 . 2009-11-02 23:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-03 04:41 . 2005-10-26 22:25 -------- d-----w- c:\program files\Steam
2009-11-03 04:39 . 2006-05-27 16:36 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000005-00000000-00000007-00001102-00000004-20021102}.dat
2009-11-03 04:39 . 2006-05-27 16:36 384 ----a-w- c:\windows\system32\DVCState-{00000005-00000000-00000007-00001102-00000004-20021102}.dat
2009-11-03 04:25 . 2004-08-05 12:00 84874 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-03 04:25 . 2004-08-05 12:00 510656 ----a-w- c:\windows\system32\perfh00C.dat
2009-11-02 23:13 . 2009-10-23 07:19 -------- d-----w- c:\program files\Fichiers communs\PC Tools
2009-11-02 23:13 . 2009-11-02 23:13 -------- d-----w- c:\documents and settings\joe\Application Data\PC Tools
2009-11-02 23:13 . 2009-11-02 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-11-02 23:11 . 2009-10-28 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\20536521
2009-10-28 05:30 . 2009-10-28 05:28 -------- d-----w- c:\program files\Windows Live Safety Center
2009-10-28 05:18 . 2005-10-26 21:34 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared
2009-10-28 05:18 . 2005-10-26 21:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-10-28 05:13 . 2008-08-05 01:27 -------- d-----w- c:\program files\Norton 360
2009-10-28 04:51 . 2009-10-28 04:51 -------- d-----w- c:\documents and settings\joe\Application Data\AVG8
2009-10-23 07:32 . 2009-10-23 07:32 -------- d-----w- c:\documents and settings\joe\Application Data\SUPERAntiSpyware.com
2009-10-23 07:31 . 2005-11-07 02:45 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2009-10-23 07:05 . 2007-12-25 22:22 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-02 18:19 . 2009-10-23 07:19 1152470 ----a-w- c:\windows\UDB.zip
2009-09-22 02:58 . 2009-09-22 02:58 -------- d-----w- c:\program files\Cool MOV To WMV Converter
2009-09-11 23:18 . 2008-06-23 02:09 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000005-00000000-00000007-00001102-00000004-10001102}.dat
2009-09-11 23:18 . 2008-06-23 02:09 384 ----a-w- c:\windows\system32\DVCState-{00000005-00000000-00000007-00001102-00000004-10001102}.dat
2009-09-11 14:18 . 2004-08-05 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 21:39 . 2009-03-21 00:01 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-07 05:39 . 2009-08-18 13:58 5 ----a-w- c:\windows\system32\SySAVI2WMV.dat
2009-09-07 05:01 . 2009-09-07 05:01 -------- d-----w- c:\program files\Windows Media Components
2009-09-05 14:49 . 2009-09-05 14:49 -------- d-----w- c:\program files\Join (Merge, Combine) Multiple Zip Files Into One Software
2009-09-04 21:04 . 2004-08-05 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:56 . 2004-08-05 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 08:34 . 2005-10-27 01:44 81504 ----a-w- c:\documents and settings\joe\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-26 08:01 . 2004-08-05 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 13:48 . 2009-08-18 13:48 34 ---ha-w- c:\windows\system32\Converter_sysquict.dat
2009-08-05 09:00 . 2004-08-05 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
1999-04-06 13:27 . 1999-04-06 13:27 99840 ----a-w- c:\program files\Fichiers communs\IRAABOUT.DLL
1998-12-09 03:53 . 1998-12-09 03:53 70144 ----a-w- c:\program files\Fichiers communs\IRAMDMTR.DLL
1998-12-09 03:53 . 1998-12-09 03:53 48640 ----a-w- c:\program files\Fichiers communs\IRALPTTR.DLL
1998-12-09 03:53 . 1998-12-09 03:53 31744 ----a-w- c:\program files\Fichiers communs\IRAWEBTR.DLL
1998-12-09 03:53 . 1998-12-09 03:53 186368 ----a-w- c:\program files\Fichiers communs\IRAREG.DLL
1998-12-09 03:53 . 1998-12-09 03:53 17920 ----a-w- c:\program files\Fichiers communs\IRASRIAL.DLL
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2009-10-28 1217808]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VX6000"="c:\windows\vVX6000.exe" [2006-10-13 994096]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 277296]
"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
"ISTray"="c:\nexon\Spyware Doctor\pctsTray.exe" [2009-07-23 1181064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016]
"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-01-26 53248]
"XoftSpySE"="c:\program files\XoftSpySE6\XoftSpySE.exe" [2009-08-28 4853016]
"RDFNSAgent"="c:\program files\RegDefense\RDFNSAgent.exe" [2009-10-23 211568]
"RDFNSListener"="c:\program files\RegDefense\RDFNSListener.exe" [2009-10-23 106608]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2003-10-06 24576]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-12-17 19968]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-11-12 1630208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
Ultra Hal Text-to-Speech Reader Startup.lnk - c:\windows\Installer\{96EF451E-A402-44D8-BAEE-D70D558A4122}\New_Shortcut_S1449_0EB7CDB78E0C4A918D2CA535D5B8160C.exe [2006-9-24 40960]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\xpand rally\\xpandrally.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\xpand rally\\ChromEd.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\il 2 sturmovik 1946\\il2fb.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58719:TCP"= 58719:TCP:Pando Media Booster
"58719:UDP"= 58719:UDP:Pando Media Booster
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-10-27 28552]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-02 206256]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-03-20 55152]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Fichiers communs\Symantec Shared\CCSVCHST.EXE [2008-02-18 149352]
R2 sdAuxService;PC Tools Auxiliary Service;c:\nexon\Spyware Doctor\pctsAuxs.exe [2009-11-02 348752]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-05-30 101936]
R3 XoftSpyService;XoftSpyService;c:\program files\Fichiers communs\XoftSpySE\6\xoftspyservice.exe [2009-08-28 582424]
S3 BS_DEF;BS_DEF;c:\program files\ASUS\AsusUpdate\BS_DEF.sys [2006-04-07 12800]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-01-12 23888]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 LwAdiHid;Périphériques numériques WingMan Logitech (détection automatique);c:\windows\system32\drivers\LwAdiHid.sys [2008-12-11 20864]
S3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [2006-05-06 13225]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2006-04-13 2383152]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - COMHOST
*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - mchInjDrv
.
Contenu du dossier 'Tâches planifiées'
2009-02-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2009-11-03 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Fichiers communs\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-28 21:15]
2009-11-03 c:\windows\Tasks\User_Feed_Synchronization-{FFAC0B8B-CE55-4AEE-BE8F-39D5A6F04342}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
2009-11-03 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE6\XoftSpySELauncher.exe [2009-08-28 21:13]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 193.110.4.168:1080
DPF: {BFD90062-6B5E-4F8F-87B1-5F022C14E32F} - hxxp://www.meetstream.com/activex/28019/activereceiver.cab
DPF: {FA30EC32-668B-4B60-B13C-4C84EB90C3C9} - hxxp://www.meetstream.com/activex/28081/activeid.cab
FF - ProfilePath - c:\documents and settings\joe\Application Data\Mozilla\Firefox\Profiles\i4sf4rhw.default\
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHELINS SUPPRIMES - - - -
Toolbar-{472734EA-242A-422B-ADF8-83D1E48CC825} - c:\nexon\Spyware Doctor\BDT\PCTBrowserDefender.dll
HKCU-Run-SUPERAntiSpyware - c:\nexon\SUPERAntiSpyware.exe
HKCU-Run-IMC - c:\program files\FriendFinder\FriendFinder Messenger 4\imc.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\nexon\SASSEH.DLL
Notify-!SASWinLogon - c:\nexon\SASWINLO.dll
AddRemove-Browser Defender_is1 - c:\nexon\Spyware Doctor\BDT\unins000.exe
AddRemove-Join (Merge, Combine) Multiple Zip Files Into On~E1ECF74F_is1 - c:\program files\Join (Merge
AddRemove-Malwarebytes' Anti-Malware_is1 - g:\malwarebytes' anti-malware\unins000.exe
AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\RelevantKnowledge\rlvknlg.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-02 23:41
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(2900)
c:\nexon\Spyware Doctor\pctgmhk.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Fichiers communs\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Logitech\MouseWare\system\em_exec.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Zabaware\HalReader\HalReader.exe
c:\nexon\Spyware Doctor\pctsSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Heure de fin: 2009-11-03 23:47 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-11-03 04:47
Avant-CF: 9 769 279 488 octets libres
Après-CF: 12 722 278 400 octets libres
- - End Of File - - 1529475B1579DE26373BEAA2C098CAFA
ExeHelper Log:
exeHelper by Raktor
Build 20091021
Run at 23:13:51 on 11/02/09
Now searching...
Checking for numerical processes...
Checking for bad processes...
Killed process msb.exe
Checking for bad files...
Deleting file C:\WINDOWS\system32\~.exe
Deleting file C:\WINDOWS\msa.exe
Deleting file C:\WINDOWS\msb.exe
Deleting file C:\Documents and Settings\joe\Bureau\Security Tool.lnk
Checking for bad registry entries...
Removing HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PopRock
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
exeHelper by Raktor
Build 20091021
Run at 23:52:34 on 11/02/09
Now searching...
Checking for numerical processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
HiJackThis Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:05:39, on 2009-11-03
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\vVX6000.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Nexon\Spyware Doctor\pctsTray.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\RegDefense\RDFNSAgent.exe
C:\Program Files\RegDefense\RDFNSListener.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Zabaware\HalReader\HalReader.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Nexon\Spyware Doctor\pctsAuxs.exe
C:\Nexon\Spyware Doctor\pctsSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Fichiers communs\XoftSpySE\6\xoftspyservice.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Nexon\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 193.110.4.168:1080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Nexon\Spyware Doctor\BDT\PCTBrowserDefender.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISTray] "C:\Nexon\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [XoftSpySE] "C:\Program Files\XoftSpySE6\XoftSpySE.exe" -NM -hidesplash
O4 - HKLM\..\Run: [RDFNSAgent] C:\Program Files\RegDefense\RDFNSAgent.exe
O4 - HKLM\..\Run: [RDFNSListener] C:\Program Files\RegDefense\RDFNSListener.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Nexon\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Ultra Hal Text-to-Speech Reader Startup.lnk = ?
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - https://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - https://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139865876750
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://toinc009.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {BFD90062-6B5E-4F8F-87B1-5F022C14E32F} (ActiveReceiver Control) - http://www.meetstream.com/activex/28019/activereceiver.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab
O16 - DPF: {FA30EC32-668B-4B60-B13C-4C84EB90C3C9} (ActiveID Control) - http://www.meetstream.com/activex/28081/activeid.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = actionradio.ca
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = actionradio.ca
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Nexon\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Nexon\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XoftSpyService - ParetoLogic Inc. - C:\Program Files\Fichiers communs\XoftSpySE\6\xoftspyservice.exe
--
End of file - 11867 bytes
MBAM Log:
Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2775
Windows 5.1.2600 Service Pack 3
2009-11-03 00:01:39
mbam-log-2009-11-03 (00-01-39).txt
Type de recherche: Examen rapide
Eléments examinés: 91365
Temps écoulé: 3 minute(s), 2 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 6
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\20536521 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\RelevantKnowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\RelevantKnowledge\Support.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\RelevantKnowledge\Uninstall Instructions(2).lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\RelevantKnowledge\Uninstall Instructions.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\WINDOWS\win32k.sys (Trojan.Dropper) -> Quarantined and deleted successfully.
_______________________________________________
It seems some trojan or malaware are still acting as theres programs I still cant use, and the fact I cant connect to the web also drives me nuts.
What should I do?
My Norton security expired and I kinda waited too lng to renew it so I got caught with Security Tool Malaware. I tried a lot of things since the past week and so far I was able to only move forward reading your forums. So I signed to seek for some help.
EVerytime I tried to run a prgram it would shut down, And my explorer doesnt work anymore, I downloaded firefox and it desnt work. Anyway so I was able to run ComboFix, then exehelper, then finally got capable of performing a scan with mbam.exe! I was also finally able to use hijackthis. However everything on my PC is still f**ed up. I cant donwload the mbam.exe update, I cant open explorer and firefox say's I cant connect. But strangely enough my Windows Live Messenger connects!!! like wth!!?
Anyway here are are my logs:
ComboFix Log:
ComboFix 09-11-01.04 - joe 2009-11-02 23:31.1.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.2.1036.18.1023.680 [GMT -5:00]
Lancé depuis: G:\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Outdated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\chrome.manifest
c:\program files\RelevantKnowledge\components\rlxg.dll
c:\program files\RelevantKnowledge\install.rdf
c:\program files\RelevantKnowledge\rloci.bin
c:\program files\RelevantKnowledge\rlph.dll
c:\program files\RelevantKnowledge\rlservice.exe
c:\program files\RelevantKnowledge\rlvknlg(2).exe
c:\program files\RelevantKnowledge\rlvknlg.exe
c:\program files\RelevantKnowledge\rlxf.dll
c:\windows\run.log
c:\windows\system32\xa.tmp
c:\windows\system32\yqrnld50e.dll
Une copie infectée de c:\windows\system32\DRIVERS\nvata.sys a été trouvée et désinfectée
Copie restaurée à partir de - Kitty ate it :p
Une copie infectée de c:\windows\system32\eventlog.dll a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\ServicePackFiles\i386\eventlog.dll
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
((((((((((((((((((((((((((((( Fichiers créés du 2009-10-03 au 2009-11-03 ))))))))))))))))))))))))))))))))))))
.
2009-11-03 04:26 . 2005-01-17 05:43 88576 ----a-w- c:\windows\system32\drivers\nvatabus.sys
2009-11-03 04:26 . 2008-04-13 18:40 96512 -c--a-w- c:\windows\system32\dllcache\atapi.sys
2009-11-03 04:26 . 2008-04-13 18:40 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-03 04:20 . 2009-11-03 04:20 -------- d-----w- c:\program files\Trend Micro
2009-11-03 03:53 . 2009-11-03 03:53 -------- d-----w- c:\program files\RegDefense
2009-11-03 03:48 . 2009-11-03 03:48 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2009-11-03 03:39 . 2009-11-03 03:39 -------- d-----w- c:\program files\Fichiers communs\ParetoLogic
2009-11-03 03:39 . 2009-11-03 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-11-03 03:39 . 2009-11-03 03:39 -------- d-----w- c:\program files\Fichiers communs\XoftSpySE
2009-11-03 03:39 . 2009-11-03 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\XoftSpySE
2009-11-03 03:39 . 2009-11-03 03:39 -------- d-----w- c:\program files\XoftSpySE6
2009-11-03 03:17 . 2009-11-03 03:17 -------- d-----w- c:\documents and settings\joe\Local Settings\Application Data\Mozilla
2009-11-03 02:39 . 2009-11-03 04:13 22016 ----a-w- c:\windows\system32\tdlwsp.dll
2009-11-02 23:19 . 2009-11-02 23:19 -------- d-----w- c:\documents and settings\joe\Application Data\Malwarebytes
2009-11-02 23:13 . 2008-12-11 13:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-11-02 23:13 . 2009-08-24 19:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-02 23:13 . 2009-08-19 16:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-23 07:07 . 2009-10-28 04:22 -------- d-----w- c:\documents and settings\Malwarebytes' Anti-Malware
2009-10-23 07:07 . 2009-10-23 07:10 20949 ----a-w- c:\documents and settings\Malwarebytes' Anti-Malware\unins000.dat
2009-10-23 07:07 . 2009-10-23 07:10 -------- d-----w- c:\documents and settings\Malwarebytes' Anti-Malware\Languages
2009-10-23 06:50 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-23 06:50 . 2009-10-28 04:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-23 06:50 . 2009-10-23 06:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-23 06:50 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-23 05:40 . 2009-10-28 04:31 -------- d-----w- c:\program files\Panda Security
2009-10-23 05:37 . 2009-11-03 02:38 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-23 05:14 . 2009-11-03 03:38 0 ----a-r- c:\windows\win32k.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-03 04:42 . 2009-11-02 23:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-03 04:41 . 2005-10-26 22:25 -------- d-----w- c:\program files\Steam
2009-11-03 04:39 . 2006-05-27 16:36 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000005-00000000-00000007-00001102-00000004-20021102}.dat
2009-11-03 04:39 . 2006-05-27 16:36 384 ----a-w- c:\windows\system32\DVCState-{00000005-00000000-00000007-00001102-00000004-20021102}.dat
2009-11-03 04:25 . 2004-08-05 12:00 84874 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-03 04:25 . 2004-08-05 12:00 510656 ----a-w- c:\windows\system32\perfh00C.dat
2009-11-02 23:13 . 2009-10-23 07:19 -------- d-----w- c:\program files\Fichiers communs\PC Tools
2009-11-02 23:13 . 2009-11-02 23:13 -------- d-----w- c:\documents and settings\joe\Application Data\PC Tools
2009-11-02 23:13 . 2009-11-02 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-11-02 23:11 . 2009-10-28 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\20536521
2009-10-28 05:30 . 2009-10-28 05:28 -------- d-----w- c:\program files\Windows Live Safety Center
2009-10-28 05:18 . 2005-10-26 21:34 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared
2009-10-28 05:18 . 2005-10-26 21:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-10-28 05:13 . 2008-08-05 01:27 -------- d-----w- c:\program files\Norton 360
2009-10-28 04:51 . 2009-10-28 04:51 -------- d-----w- c:\documents and settings\joe\Application Data\AVG8
2009-10-23 07:32 . 2009-10-23 07:32 -------- d-----w- c:\documents and settings\joe\Application Data\SUPERAntiSpyware.com
2009-10-23 07:31 . 2005-11-07 02:45 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2009-10-23 07:05 . 2007-12-25 22:22 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-02 18:19 . 2009-10-23 07:19 1152470 ----a-w- c:\windows\UDB.zip
2009-09-22 02:58 . 2009-09-22 02:58 -------- d-----w- c:\program files\Cool MOV To WMV Converter
2009-09-11 23:18 . 2008-06-23 02:09 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000005-00000000-00000007-00001102-00000004-10001102}.dat
2009-09-11 23:18 . 2008-06-23 02:09 384 ----a-w- c:\windows\system32\DVCState-{00000005-00000000-00000007-00001102-00000004-10001102}.dat
2009-09-11 14:18 . 2004-08-05 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 21:39 . 2009-03-21 00:01 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-07 05:39 . 2009-08-18 13:58 5 ----a-w- c:\windows\system32\SySAVI2WMV.dat
2009-09-07 05:01 . 2009-09-07 05:01 -------- d-----w- c:\program files\Windows Media Components
2009-09-05 14:49 . 2009-09-05 14:49 -------- d-----w- c:\program files\Join (Merge, Combine) Multiple Zip Files Into One Software
2009-09-04 21:04 . 2004-08-05 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:56 . 2004-08-05 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 08:34 . 2005-10-27 01:44 81504 ----a-w- c:\documents and settings\joe\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-26 08:01 . 2004-08-05 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 13:48 . 2009-08-18 13:48 34 ---ha-w- c:\windows\system32\Converter_sysquict.dat
2009-08-05 09:00 . 2004-08-05 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
1999-04-06 13:27 . 1999-04-06 13:27 99840 ----a-w- c:\program files\Fichiers communs\IRAABOUT.DLL
1998-12-09 03:53 . 1998-12-09 03:53 70144 ----a-w- c:\program files\Fichiers communs\IRAMDMTR.DLL
1998-12-09 03:53 . 1998-12-09 03:53 48640 ----a-w- c:\program files\Fichiers communs\IRALPTTR.DLL
1998-12-09 03:53 . 1998-12-09 03:53 31744 ----a-w- c:\program files\Fichiers communs\IRAWEBTR.DLL
1998-12-09 03:53 . 1998-12-09 03:53 186368 ----a-w- c:\program files\Fichiers communs\IRAREG.DLL
1998-12-09 03:53 . 1998-12-09 03:53 17920 ----a-w- c:\program files\Fichiers communs\IRASRIAL.DLL
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2009-10-28 1217808]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VX6000"="c:\windows\vVX6000.exe" [2006-10-13 994096]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 277296]
"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
"ISTray"="c:\nexon\Spyware Doctor\pctsTray.exe" [2009-07-23 1181064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016]
"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-01-26 53248]
"XoftSpySE"="c:\program files\XoftSpySE6\XoftSpySE.exe" [2009-08-28 4853016]
"RDFNSAgent"="c:\program files\RegDefense\RDFNSAgent.exe" [2009-10-23 211568]
"RDFNSListener"="c:\program files\RegDefense\RDFNSListener.exe" [2009-10-23 106608]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2003-10-06 24576]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-12-17 19968]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-11-12 1630208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
Ultra Hal Text-to-Speech Reader Startup.lnk - c:\windows\Installer\{96EF451E-A402-44D8-BAEE-D70D558A4122}\New_Shortcut_S1449_0EB7CDB78E0C4A918D2CA535D5B8160C.exe [2006-9-24 40960]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\xpand rally\\xpandrally.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\xpand rally\\ChromEd.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\il 2 sturmovik 1946\\il2fb.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58719:TCP"= 58719:TCP:Pando Media Booster
"58719:UDP"= 58719:UDP:Pando Media Booster
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-10-27 28552]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-02 206256]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-03-20 55152]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Fichiers communs\Symantec Shared\CCSVCHST.EXE [2008-02-18 149352]
R2 sdAuxService;PC Tools Auxiliary Service;c:\nexon\Spyware Doctor\pctsAuxs.exe [2009-11-02 348752]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-05-30 101936]
R3 XoftSpyService;XoftSpyService;c:\program files\Fichiers communs\XoftSpySE\6\xoftspyservice.exe [2009-08-28 582424]
S3 BS_DEF;BS_DEF;c:\program files\ASUS\AsusUpdate\BS_DEF.sys [2006-04-07 12800]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-01-12 23888]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 LwAdiHid;Périphériques numériques WingMan Logitech (détection automatique);c:\windows\system32\drivers\LwAdiHid.sys [2008-12-11 20864]
S3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [2006-05-06 13225]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2006-04-13 2383152]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - COMHOST
*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - mchInjDrv
.
Contenu du dossier 'Tâches planifiées'
2009-02-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2009-11-03 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Fichiers communs\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-28 21:15]
2009-11-03 c:\windows\Tasks\User_Feed_Synchronization-{FFAC0B8B-CE55-4AEE-BE8F-39D5A6F04342}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
2009-11-03 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE6\XoftSpySELauncher.exe [2009-08-28 21:13]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 193.110.4.168:1080
DPF: {BFD90062-6B5E-4F8F-87B1-5F022C14E32F} - hxxp://www.meetstream.com/activex/28019/activereceiver.cab
DPF: {FA30EC32-668B-4B60-B13C-4C84EB90C3C9} - hxxp://www.meetstream.com/activex/28081/activeid.cab
FF - ProfilePath - c:\documents and settings\joe\Application Data\Mozilla\Firefox\Profiles\i4sf4rhw.default\
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHELINS SUPPRIMES - - - -
Toolbar-{472734EA-242A-422B-ADF8-83D1E48CC825} - c:\nexon\Spyware Doctor\BDT\PCTBrowserDefender.dll
HKCU-Run-SUPERAntiSpyware - c:\nexon\SUPERAntiSpyware.exe
HKCU-Run-IMC - c:\program files\FriendFinder\FriendFinder Messenger 4\imc.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\nexon\SASSEH.DLL
Notify-!SASWinLogon - c:\nexon\SASWINLO.dll
AddRemove-Browser Defender_is1 - c:\nexon\Spyware Doctor\BDT\unins000.exe
AddRemove-Join (Merge, Combine) Multiple Zip Files Into On~E1ECF74F_is1 - c:\program files\Join (Merge
AddRemove-Malwarebytes' Anti-Malware_is1 - g:\malwarebytes' anti-malware\unins000.exe
AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\RelevantKnowledge\rlvknlg.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-02 23:41
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(2900)
c:\nexon\Spyware Doctor\pctgmhk.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Fichiers communs\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Logitech\MouseWare\system\em_exec.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Zabaware\HalReader\HalReader.exe
c:\nexon\Spyware Doctor\pctsSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Heure de fin: 2009-11-03 23:47 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-11-03 04:47
Avant-CF: 9 769 279 488 octets libres
Après-CF: 12 722 278 400 octets libres
- - End Of File - - 1529475B1579DE26373BEAA2C098CAFA
ExeHelper Log:
exeHelper by Raktor
Build 20091021
Run at 23:13:51 on 11/02/09
Now searching...
Checking for numerical processes...
Checking for bad processes...
Killed process msb.exe
Checking for bad files...
Deleting file C:\WINDOWS\system32\~.exe
Deleting file C:\WINDOWS\msa.exe
Deleting file C:\WINDOWS\msb.exe
Deleting file C:\Documents and Settings\joe\Bureau\Security Tool.lnk
Checking for bad registry entries...
Removing HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PopRock
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
exeHelper by Raktor
Build 20091021
Run at 23:52:34 on 11/02/09
Now searching...
Checking for numerical processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
HiJackThis Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:05:39, on 2009-11-03
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\vVX6000.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Nexon\Spyware Doctor\pctsTray.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\RegDefense\RDFNSAgent.exe
C:\Program Files\RegDefense\RDFNSListener.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Zabaware\HalReader\HalReader.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Nexon\Spyware Doctor\pctsAuxs.exe
C:\Nexon\Spyware Doctor\pctsSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Fichiers communs\XoftSpySE\6\xoftspyservice.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Nexon\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 193.110.4.168:1080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Nexon\Spyware Doctor\BDT\PCTBrowserDefender.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISTray] "C:\Nexon\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [XoftSpySE] "C:\Program Files\XoftSpySE6\XoftSpySE.exe" -NM -hidesplash
O4 - HKLM\..\Run: [RDFNSAgent] C:\Program Files\RegDefense\RDFNSAgent.exe
O4 - HKLM\..\Run: [RDFNSListener] C:\Program Files\RegDefense\RDFNSListener.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Nexon\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Ultra Hal Text-to-Speech Reader Startup.lnk = ?
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - https://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - https://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139865876750
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://toinc009.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {BFD90062-6B5E-4F8F-87B1-5F022C14E32F} (ActiveReceiver Control) - http://www.meetstream.com/activex/28019/activereceiver.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab
O16 - DPF: {FA30EC32-668B-4B60-B13C-4C84EB90C3C9} (ActiveID Control) - http://www.meetstream.com/activex/28081/activeid.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = actionradio.ca
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = actionradio.ca
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Nexon\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Nexon\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XoftSpyService - ParetoLogic Inc. - C:\Program Files\Fichiers communs\XoftSpySE\6\xoftspyservice.exe
--
End of file - 11867 bytes
MBAM Log:
Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2775
Windows 5.1.2600 Service Pack 3
2009-11-03 00:01:39
mbam-log-2009-11-03 (00-01-39).txt
Type de recherche: Examen rapide
Eléments examinés: 91365
Temps écoulé: 3 minute(s), 2 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 6
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\20536521 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\RelevantKnowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\RelevantKnowledge\Support.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\RelevantKnowledge\Uninstall Instructions(2).lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\RelevantKnowledge\Uninstall Instructions.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\WINDOWS\win32k.sys (Trojan.Dropper) -> Quarantined and deleted successfully.
_______________________________________________
It seems some trojan or malaware are still acting as theres programs I still cant use, and the fact I cant connect to the web also drives me nuts.
What should I do?