Windows BBS The Place for Microsoft Windows Support! Windows, Support, Help Site

Go Back   Windows BBS > Security > Malware and Virus Removal
Reload this Page

[Resolved] system32\drivers\services.exe

Register FAQ Mark Forums Read

Malware and Virus Removal Problems removing malware/viruses? Get help from our Malware removal experts.

Register your FREE account to unlock additional features at WindowsBBS.com
Register
Welcome to WindowsBBS.com
Microsoft Windows Support

Mission Statement

WindowsBBS is an online community dedicated to easily accessible technical support for those using Microsoft operating systems and other Windows software.

Our goal is to become the leading resource for computer users that require assistance with their day-to-day computer usage, including full support for networking PC's, virus & malware removal, system upgrades and general support questions.

Discussion Forums
Operating Systems
Windows 7 Windows 7
Windows Vista Windows Vista
Windows XP Windows XP
Windows Server System Windows Server System
Windows 2000 Windows 2000
Windows 95/98/Me/NT Windows 95/98/Me/NT
Internet & Networking
Networking
Internet Explorer
Microsoft Mail
Firefox, Thunderbird
      & SeaMonkey
General Internet
Security
General Security
Malware and Virus
     Removal
Other
Other Software
Hardware
Test Posts
Community
Introductions
General Discussions
Comments
      & Suggestions
News @ WindowsBBS

Forum Sponsor
Image

Reply
 
LinkBack Thread Tools
Old 2nd January 2009   #1
Member
 
Profile:
Join Date: Jan 2009
Posts: 5
Computer Experience:
Intermediate
Mateo Reputation Level
[Resolved] system32\drivers\services.exe
Each time I switch on my laptop I have the message:

system32\drivers\services.exe is missing

I know that it is caused by a virus but I don't know how to correct it

Please find my info and log files ahead

Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrateur at 2009-01-02 22:07:51
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 41 GB (60%) free of 69 GB
Total RAM: 511 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:08:43, on 02/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\srvany.exe
C:\WINDOWS\PCard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Acer\Notebook Manager\almxptray.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\documents and settings\administrateur\local settings\application data\awame.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Siemens\Gigaset USB Stick 108\GUI.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\Program Files\trend micro\Administrateur.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\drivers\services.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [services.exe] C:\WINDOWS\system32\services.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AcerNotebookManager] C:\Program Files\Acer\Notebook Manager\almxptray.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /F "C:\WINDOWS\TEMP\E_S40D.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [awame] "c:\documents and settings\administrateur\local settings\application data\awame.exe" awame
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O4 - Global Startup: Moniteur Gigaset WLAN Adapter.lnk = C:\Program Files\Siemens\Gigaset USB Stick 108\GUI.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1219858767735
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1222088618751
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PSecret - Unknown owner - C:\WINDOWS\srvany.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 12540 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Schedule Task Weekly.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-08-12 1437696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll [2008-06-30 349552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll [2008-12-27 116088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-08-27 2436160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-20 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-08-27 2436160]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Show Norton Toolbar - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [2008-06-30 349552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"UniKey"= []
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2002-11-15 126976]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2002-11-18 561152]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2003-03-27 53248]
"services.exe"=C:\WINDOWS\system32\services.exe [2008-04-14 109056]
"LManager"=C:\Program Files\Launch Manager\QtZgAcer.EXE [2003-04-14 303104]
"LaunchApp"=Alaunch []
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-01-24 315392]
"ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.exe [2001-09-04 28672]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2002-10-18 87751]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"AcerNotebookManager"=C:\Program Files\Acer\Notebook Manager\almxptray.exe [2003-02-16 504832]
"LogitechCommunicationsManager"=C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe [2008-08-14 565008]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-08-14 2407184]
"PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe [2003-12-04 406016]
"EPSON Stylus Photo R240 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE [2005-04-25 98304]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
"ccApp"=C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe [2008-10-17 51048]
"osCheck"=C:\Program Files\Norton 360\osCheck.exe [2008-02-26 988512]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe [2007-03-16 63712]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-09-20 68856]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DriverMax"= []
"awame"=c:\documents and settings\administrateur\local settings\application data\awame.exe [2008-12-19 266240]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
Norton GoBack.lnk - C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
Moniteur Gigaset WLAN Adapter.lnk - C:\Program Files\Siemens\Gigaset USB Stick 108\GUI.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceOb jectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell ExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Upload Mgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Syste m]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explor er]
"NoDriveTypeAutoRun"=145
"NoActiveDesktop"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\System32\updatees.exe"="C:\WINDOWS\system32\updatees.exe:*:Enab led:Windows Firewall Updater"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@x psp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@x psp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{3a92a360-8556-11dd-a51f-00042379b178}]
shell\AutoRun\command - I:\setupSNK.exe


======File associations======

.scr - open - "%1" /S "%3"

======List of files/folders created in the last 3 months======

2009-01-02 22:08:14 ----D---- C:\Program Files\trend micro
2009-01-02 22:07:51 ----D---- C:\rsit
2008-12-29 03:01:00 ----SHD---- C:\Config.Msi
2008-12-27 04:39:22 ----D---- C:\Program Files\Windows Sidebar
2008-12-27 04:39:12 ----D---- C:\Program Files\Norton 360
2008-12-20 08:33:50 ----N---- C:\WINDOWS\system32\spmsg2.dll
2008-12-20 08:33:46 ----HD---- C:\WINDOWS\$NtUninstallXPSEPSCLP$
2008-12-20 08:32:42 ----D---- C:\Documents and Settings\Administrateur\Application Data\Canneverbe_Limited
2008-12-20 08:32:24 ----D---- C:\Program Files\CDBurnerXP
2008-12-20 08:31:13 ----D---- C:\WINDOWS\system32\XPSViewer
2008-12-20 08:31:10 ----D---- C:\Program Files\MSBuild
2008-12-20 08:31:08 ----D---- C:\WINDOWS\system32\en-US
2008-12-20 08:31:03 ----D---- C:\Program Files\Reference Assemblies
2008-12-20 08:30:12 ----N---- C:\WINDOWS\system32\prntvpt.dll
2008-12-20 08:30:11 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2008-12-20 08:30:11 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2008-12-20 08:30:11 ----D---- C:\8a9341d40acc7d18a45223
2008-12-17 23:07:58 ----D---- C:\Program Files\Microsoft Office Outlook Connector
2008-12-13 15:18:06 ----D---- C:\WINDOWS\Minidump
2008-12-11 03:22:42 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-11 03:22:42 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-11 03:22:42 ----A---- C:\WINDOWS\system32\java.exe
2008-12-11 03:05:15 ----HD---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 03:01:52 ----HD---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 03:01:03 ----HD---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 03:00:47 ----HD---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-09 04:00:14 ----A---- C:\WINDOWS\system32\wgapi.dll
2008-12-09 04:00:14 ----A---- C:\WINDOWS\system32\wcapi.dll
2008-12-09 04:00:14 ----A---- C:\WINDOWS\system32\oemres.dll
2008-12-09 04:00:14 ----A---- C:\WINDOWS\system32\athgina.dll
2008-12-09 04:00:13 ----A---- C:\WINDOWS\system32\athcfg11res.dll
2008-12-09 04:00:13 ----A---- C:\WINDOWS\system32\athcfg11.dll
2008-12-09 04:00:13 ----A---- C:\WINDOWS\system32\AegisI5.exe
2008-12-09 04:00:13 ----A---- C:\WINDOWS\system32\acs.exe
2008-12-09 04:00:12 ----A---- C:\WINDOWS\system32\AegisE5.dll
2008-12-09 03:58:23 ----D---- C:\Program Files\Digital Photo Navigator 1.0
2008-12-07 03:24:34 ----HD---- C:\WINDOWS\$NtUninstallKB943729$
2008-12-07 03:24:19 ----D---- C:\Program Files\Microsoft Silverlight
2008-12-05 15:40:32 ----D---- C:\Documents and Settings\Administrateur\Application Data\Snapfish
2008-12-03 04:26:22 ----A---- C:\WINDOWS\system32\ptpusb.dll
2008-12-03 04:26:19 ----A---- C:\WINDOWS\system32\ptpusd.dll
2008-12-02 18:43:40 ----D---- C:\Program Files\iPod
2008-12-02 18:43:32 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-02 18:40:55 ----D---- C:\Program Files\QuickTime
2008-11-26 16:04:04 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-26 04:51:50 ----D---- C:\Downloads
2008-11-21 00:41:08 ----D---- C:\Program Files\eMule
2008-11-18 03:06:44 ----HD---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-18 03:03:38 ----HD---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-18 03:01:46 ----HD---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-09 08:18:02 ----A---- C:\WINDOWS\quark.ini
2008-11-08 11:14:36 ----N---- C:\WINDOWS\system32\SNTI386.DLL
2008-11-08 11:14:36 ----A---- C:\WINDOWS\system32\RNBOVDD.DLL
2008-11-08 11:14:30 ----A---- C:\WINDOWS\system32\haspvdd.dll
2008-11-08 11:11:20 ----D---- C:\Program Files\QuarkXPress Passport
2008-11-07 22:12:37 ----D---- C:\Program Files\Norton SystemWorks
2008-11-07 16:11:12 ----SHD---- C:\FOUND.000
2008-11-07 11:32:12 ----D---- C:\Program Files\CheckIt
2008-11-07 11:25:38 ----D---- C:\Program Files\PerformanceTest
2008-11-07 11:19:05 ----D---- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-11-05 15:22:48 ----D---- C:\Program Files\iTunes
2008-11-05 15:21:28 ----D---- C:\Program Files\Bonjour
2008-11-02 16:56:38 ----D---- C:\Program Files\Commence
2008-10-26 16:03:46 ----D---- C:\Program Files\Larousse
2008-10-25 03:00:23 ----HD---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-23 16:52:08 ----D---- C:\Program Files\DECATHLON
2008-10-22 13:56:40 ----D---- C:\Program Files\Innovative Solutions
2008-10-22 13:41:35 ----D---- C:\WINDOWS\system32\appmgmt
2008-10-20 23:21:37 ----N---- C:\WINDOWS\system32\E_DCINST.DLL
2008-10-20 23:21:34 ----N---- C:\WINDOWS\system32\E_FLMAHE.DLL
2008-10-20 23:21:34 ----A---- C:\WINDOWS\system32\E_FBCHAHE.DLL
2008-10-20 23:21:34 ----A---- C:\WINDOWS\system32\E_FBCBAHE.DLL
2008-10-20 23:18:38 ----D---- C:\Program Files\EPSON
2008-10-20 10:34:06 ----D---- C:\Program Files\eBay
2008-10-16 03:07:43 ----HD---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 03:07:34 ----HD---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 03:07:28 ----HD---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 03:04:21 ----HD---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 03:04:00 ----HD---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-14 23:59:44 ----A---- C:\WINDOWS\system32\hidserv.dll
2008-10-10 19:23:30 ----D---- C:\Program Files\MSXML 4.0
2008-10-10 18:49:17 ----D---- C:\Program Files\MSECache
2008-10-10 12:41:52 ----D---- C:\Documents and Settings\All Users\Application Data\EPSON
2008-10-10 12:41:37 ----D---- C:\Program Files\EPSON CopyFactory
2008-10-10 12:40:55 ----D---- C:\Documents and Settings\Administrateur\Application Data\InstallShield
2008-10-10 12:39:48 ----N---- C:\WINDOWS\system32\escwiad.dll
2008-10-10 12:39:47 ----N---- C:\WINDOWS\system32\escwiab.dll
2008-10-10 12:39:47 ----N---- C:\WINDOWS\system32\escimgd.dll
2008-10-10 12:39:47 ----N---- C:\WINDOWS\system32\esccmd.dll
2008-10-10 12:39:47 ----A---- C:\WINDOWS\system32\esicm.dll
2008-10-10 12:39:47 ----A---- C:\WINDOWS\system32\escimg.dll
2008-10-10 12:39:47 ----A---- C:\WINDOWS\system32\esccm.dll
2008-10-10 12:39:47 ----A---- C:\WINDOWS\system32\Epfb5cpl.dll
2008-10-10 12:39:45 ----D---- C:\EPSON
2008-10-10 12:39:45 ----A---- C:\WINDOWS\system32\esdtr.dll
2008-10-10 12:39:45 ----A---- C:\WINDOWS\system32\epcomdd.dll
2008-10-10 00:38:27 ----N---- C:\WINDOWS\system32\vdrmux.dll
2008-10-10 00:38:27 ----N---- C:\WINDOWS\system32\vdrcodec.dll
2008-10-10 00:38:27 ----N---- C:\WINDOWS\system32\RALMain.dll
2008-10-10 00:38:27 ----N---- C:\WINDOWS\system32\pvmjpg21.dll
2008-10-10 00:38:27 ----N---- C:\WINDOWS\system32\msxml4r.dll
2008-10-10 00:38:27 ----N---- C:\WINDOWS\system32\msxml4a.dll
2008-10-10 00:38:27 ----N---- C:\WINDOWS\system32\MMAviAx.dll
2008-10-10 00:38:27 ----N---- C:\WINDOWS\system32\MLPagAx.dll
2008-10-10 00:38:27 ----N---- C:\WINDOWS\system32\ltkrn13n.dll
2008-10-10 00:38:27 ----N---- C:\WINDOWS\system32\ltfil13n.DLL
2008-10-10 00:38:27 ----N---- C:\WINDOWS\system32\LTCLR13n.dll
2008-10-10 00:38:27 ----N---- C:\WINDOWS\system32\Lfwmf13n.dll
2008-10-10 00:38:27 ----N---- C:\WINDOWS\system32\lftif13n.dll
2008-10-10 00:38:27 ----N---- C:\WINDOWS\system32\lftga13n.dll
2008-10-10 00:38:27 ----N---- C:\WINDOWS\system32\langserv.dll
2008-10-10 00:38:27 ----N---- C:\WINDOWS\system32\DiskIO.dll
2008-10-10 00:38:27 ----N---- C:\WINDOWS\system32\Cachex.dll
2008-10-10 00:38:27 ----N---- C:\WINDOWS\system32\Aviprax.dll
2008-10-10 00:38:26 ----N---- C:\WINDOWS\system32\Lfpct13n.dll
2008-10-10 00:38:26 ----N---- C:\WINDOWS\system32\LFJ2K13n.dll
2008-10-10 00:38:26 ----N---- C:\WINDOWS\system32\lffax13n.dll
2008-10-10 00:38:26 ----N---- C:\WINDOWS\system32\LFCMP13n.DLL
2008-10-10 00:38:26 ----N---- C:\WINDOWS\system32\lfbmp13n.dll
2008-10-10 00:37:42 ----A---- C:\WINDOWS\unvise32.exe
2008-10-10 00:36:32 ----A---- C:\WINDOWS\system32\PSDrvCheck.exe
2008-10-10 00:36:31 ----A---- C:\WINDOWS\system32\asapi.dll
2008-10-10 00:36:16 ----A---- C:\WINDOWS\system32\pclepim1.dll
2008-10-10 00:36:16 ----A---- C:\WINDOWS\system32\msvcr70.dll
2008-10-10 00:36:15 ----A---- C:\WINDOWS\system32\MSVCP70.DLL
2008-10-10 00:36:15 ----A---- C:\WINDOWS\system32\MSVCI70.DLL
2008-10-10 00:36:15 ----A---- C:\WINDOWS\system32\MFC71u.dll
2008-10-10 00:36:15 ----A---- C:\WINDOWS\system32\MFC71KOR.DLL
2008-10-10 00:36:15 ----A---- C:\WINDOWS\system32\MFC71JPN.DLL
2008-10-10 00:36:15 ----A---- C:\WINDOWS\system32\MFC71ITA.DLL
2008-10-10 00:36:15 ----A---- C:\WINDOWS\system32\MFC71FRA.DLL
2008-10-10 00:36:15 ----A---- C:\WINDOWS\system32\MFC71ESP.DLL
2008-10-10 00:36:15 ----A---- C:\WINDOWS\system32\MFC71ENU.DLL
2008-10-10 00:36:15 ----A---- C:\WINDOWS\system32\MFC71DEU.DLL
2008-10-10 00:36:15 ----A---- C:\WINDOWS\system32\MFC71CHT.DLL
2008-10-10 00:36:15 ----A---- C:\WINDOWS\system32\MFC71CHS.DLL
2008-10-10 00:36:15 ----A---- C:\WINDOWS\system32\MFC71.dll
2008-10-10 00:36:14 ----A---- C:\WINDOWS\system32\PCLEGetGuid.dll
2008-10-10 00:36:14 ----A---- C:\WINDOWS\system32\MFC70U.DLL
2008-10-10 00:36:14 ----A---- C:\WINDOWS\system32\MFC70.DLL
2008-10-10 00:36:14 ----A---- C:\WINDOWS\system32\atl71.dll
2008-10-10 00:36:14 ----A---- C:\WINDOWS\system32\ATL70.DLL
2008-10-10 00:30:47 ----D---- C:\Documents and Settings\All Users\Application Data\Pinnacle
2008-10-10 00:30:45 ----D---- C:\Program Files\Pinnacle
2008-10-03 23:54:08 ----D---- C:\WINDOWS\Sun
2008-10-03 23:54:08 ----D---- C:\Documents and Settings\Administrateur\Application Data\Sun
2008-10-03 23:53:18 ----D---- C:\Program Files\Java
2008-10-03 23:51:43 ----D---- C:\Program Files\Fichiers communs\Java

======List of files/folders modified in the last 3 months======

2009-01-02 21:33:30 ----A---- C:\WINDOWS\ModemLog_Bluetooth Modem.txt
2009-01-02 21:33:28 ----A---- C:\WINDOWS\ModemLog_Bluetooth Fax Modem.txt
2009-01-02 21:33:26 ----A---- C:\WINDOWS\ModemLog_Agere Systems AC'97 Modem.txt
2009-01-02 21:31:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-29 03:02:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-27 19:39:30 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2008-12-19 03:00:40 ----A---- C:\WINDOWS\imsins.BAK
2008-12-13 07:37:56 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-11 03:04:52 ----A---- C:\WINDOWS\win.ini
2008-12-10 00:24:38 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-09 04:01:26 ----A---- C:\WINDOWS\system32\results.txt
2008-11-28 02:26:12 ----A---- C:\WINDOWS\ODBC.INI
2008-10-23 13:36:52 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 11:07:00 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-10-16 21:18:44 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-16 21:18:42 ----N---- C:\WINDOWS\system32\occache.dll
2008-10-16 21:18:42 ----N---- C:\WINDOWS\system32\mstime.dll
2008-10-16 21:18:42 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-10-16 21:18:42 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-16 21:18:42 ----A---- C:\WINDOWS\system32\url.dll
2008-10-16 21:18:42 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-10-16 21:18:40 ----N---- C:\WINDOWS\system32\msrating.dll
2008-10-16 21:18:40 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-10-16 21:18:38 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-10-16 21:18:38 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-10-16 21:18:36 ----N---- C:\WINDOWS\system32\jsproxy.dll
2008-10-16 21:18:36 ----N---- C:\WINDOWS\system32\iernonce.dll
2008-10-16 21:18:36 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-10-16 21:18:36 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-16 21:18:32 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2008-10-16 21:18:32 ----N---- C:\WINDOWS\system32\ieaksie.dll
2008-10-16 21:18:32 ----N---- C:\WINDOWS\system32\ieakeng.dll
2008-10-16 21:18:32 ----N---- C:\WINDOWS\system32\extmgr.dll
2008-10-16 21:18:32 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-10-16 21:18:32 ----A---- C:\WINDOWS\system32\icardie.dll
2008-10-16 21:18:32 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-10-16 21:18:32 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-10-16 21:18:32 ----A---- C:\WINDOWS\system32\advpack.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:11:10 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:08:06 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:32 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-16 14:06:40 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-15 18:35:44 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 08:04:54 ----N---- C:\WINDOWS\system32\ieakui.dll
2008-10-03 11:03:54 ----A---- C:\WINDOWS\system32\strmdll.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys []
R1 GEARAspiWDM;GearAspiWDM; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2008-02-01 43696]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2008-06-13 184240]
R2 acernbm;acernbm; C:\WINDOWS\system32\drivers\acernbm.sys [2003-01-13 6538]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-12-09 21275]
R2 BCMNTIO;BCMNTIO; \??\C:\PROGRA~1\CHECKIT\DIAGNO~1\BCMNTIO.sys []
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\System32\drivers\btserial.sys []
R2 BTSLBCSP;Bluetooth Port Client Driver; \??\C:\WINDOWS\System32\drivers\btslbcsp.sys []
R2 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\drivers\CO_Mon.sys []
R2 GBFSHook;GBFSHook; C:\WINDOWS\system32\drivers\GBFSHook.sys [2005-01-05 16196]
R2 Haspnt;Haspnt; C:\WINDOWS\system32\drivers\Haspnt.sys [2008-11-08 33280]
R2 ipasintf;ipasintf; \??\C:\WINDOWS\System32\drivers\pas2k.sys []
R2 irda;Protocole IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
R2 MAPMEM;MAPMEM; \??\C:\PROGRA~1\CHECKIT\DIAGNO~1\MAPMEM.sys []
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [1997-06-27 64512]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2002-10-18 1156672]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-04-01 719052]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ASAPIW2k;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2003-12-04 11264]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2003-01-20 569984]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\System32\DRIVERS\btport.sys [2003-03-12 30171]
R3 CmBatt;Pilote d'adaptateur secteur Microsoft; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 CONAN;CONAN; C:\WINDOWS\system32\drivers\o2mmb.sys [2002-12-13 227887]
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver; C:\WINDOWS\System32\Drivers\DKbFltr.sys [2002-11-20 17983]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2008-07-26 25624]
R3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-07-26 627864]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2008-07-26 41752]
R3 LVUVC;QuickCam Pro for Notebooks(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2008-07-26 4658584]
R3 mbxfilt;mbxfilt; C:\WINDOWS\system32\drivers\MbxFilt.sys [2002-12-09 5441]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20090102.006\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20090102.006\NAVEX15.SYS []
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys [2002-03-26 6016]
R3 O2SCBUS;O2Micro SmartCardBus Reader; C:\WINDOWS\System32\DRIVERS\ozscr.sys [2002-11-08 20579]
R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-08-30 5888]
R3 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2008-02-01 279088]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2008-06-13 13616]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2008-06-13 96432]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2008-06-13 38576]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\ipsdefs\20081220.001\SymIDSCo.sy s []
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2008-06-13 37424]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2008-06-13 22320]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2002-11-18 263536]
R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w70n51;Pilote des cartes réseau Intel(R) PRO/Wireless 7100 pour Windows XP; C:\WINDOWS\System32\DRIVERS\w70n51.sys [2006-08-02 674560]
S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S3 61883;Pilote d'unité 61883; C:\WINDOWS\System32\DRIVERS\61883.sys [2008-04-13 48128]
S3 AR5523;Gigaset USB Stick 108; C:\WINDOWS\system32\DRIVERS\ar5523.sys [2006-02-25 343904]
S3 Avc;Périphérique AVC; C:\WINDOWS\System32\DRIVERS\avc.sys [2008-04-13 38912]
S3 AVCSTRM;AVC Streaming Filter Driver; C:\WINDOWS\system32\DRIVERS\avcstrm.sys [2008-04-13 13696]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2002-09-11 41728]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [2003-02-21 144480]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2003-04-08 51208]
S3 CBPMp50;CBPMp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\CBPMp50.sys []
S3 CBPSp50;CBPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\CBPSp50.sys [2006-11-28 27072]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2008-07-26 23832]
S3 LEX_AS_NIC_SERVICE;LAN-Express IEEE 802.11a/b Wireless Network Adapter Service; C:\WINDOWS\System32\DRIVERS\Expsab2.sys [2002-12-10 218240]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTAPE;Microsoft AV/C Tape Subunit Device; C:\WINDOWS\system32\DRIVERS\mstape.sys [2008-04-13 49024]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NSCIRDA;Pilote de périphérique infrarouge NSC; C:\WINDOWS\System32\DRIVERS\nscirda.sys [2008-04-13 28672]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2008-02-01 317616]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
S3 usb_rndisx;Carte ISDN USB; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2007-01-21 36864]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2003-01-20 151552]
R2 Automatic LiveUpdate Scheduler;Planificateur LiveUpdate automatique; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-02-21 238968]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 GBPoll;GoBack Polling Service; C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe [2005-01-05 763496]
R2 Irmon;Moniteur infrarouge; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 LiveUpdate Notice;LiveUpdate Notice; C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe [2008-07-26 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-07-26 150040]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-08-31 68096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 comHost;COM Host; C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe [2007-08-22 55640]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-27 138168]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-09-05 3220856]
S3 LPDSVC;Serveur d'impression TCP/IP; C:\WINDOWS\System32\tcpsvcs.exe [2002-08-30 19456]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-12-27 1245064]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Mateo is offline   Reply With Quote
Didn't find the information you thought to find?
Check out these Similar Threads
Old 4th January 2009   #2
Staff
 
noahdfear's Avatar
 
Profile:
Join Date: Apr 2003
Location: New Bremen, Ohio U.S.A.
Posts: 12,521
Computer Experience:
~@<*+
noahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Level

My System

Welcome to WindowsBBS Mateo

Please scan with HijackThis and place a check next to the following entries.

F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\drivers\services.exe
O4 - HKLM\..\Run: [services.exe] C:\WINDOWS\system32\services.exe
O4 - HKCU\..\Run: [awame] "c:\documents and settings\administrateur\local settings\application data\awame.exe" awame


Click Fix Checked then close HijackThis when it completes.

Delete the following file if present.

c:\documents and settings\administrateur\local settings\application data\awame.exe

The local settings folder is a hidden folder, so the easiest method of getting to the application data folder is to copy the bolded line below, click Start>Run and paste the line into the Run dialog and hit Enter.

"c:\documents and settings\administrateur\local settings\application data"


Access to your Task Manager is blocked too, so lets take care of that. Highlight and copy the contents of the code box below.
Code:
reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /f
exit
cls
Click Start>Run and type cmd then hit enter to open a command window. Right click in the command window and select paste. The command window will close on it's own.


Now, lets get an online viris scan. Please do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


Post the Kaspersky log here.
noahdfear is offline   Reply With Quote
Old 5th January 2009   #3
Member
 
Profile:
Join Date: Jan 2009
Posts: 5
Computer Experience:
Intermediate
Mateo Reputation Level
Thanks a lot noahdfear.

Please find enclosed the Kaspersky report
I have not found the first line you talk about:

F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\drivers\services.exe

So I have'nt fix it - How can I remove these threats?

Sorry for my english, I am french

KASPERSKY ONLINE SCANNER 7 REPORT
Monday, January 5, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, January 04, 2009 21:25:33
Records in database: 1559986
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
G:\

Scan statistics:
Files scanned: 91909
Threat name: 3
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 01:56:00


File name / Threat name / Threats count
C:\System Volume Information\_restore{1C86BA18-1FFD-42CE-99FB-DC25C3D6DB0E}\RP88\A0029220.exe Infected: not-a-virus:AdWare.Win32.Agent.hlh 1
C:\System Volume Information\_restore{1C86BA18-1FFD-42CE-99FB-DC25C3D6DB0E}\RP128\A0051635.exe Infected: Backdoor.Win32.Agent.ree 1
C:\System Volume Information\_restore{1C86BA18-1FFD-42CE-99FB-DC25C3D6DB0E}\RP136\A0056124.exe Infected: Trojan-Downloader.Win32.Small.adsk 1

The selected area was scanned.
Mateo is offline   Reply With Quote
Old 5th January 2009   #4
Staff
 
noahdfear's Avatar
 
Profile:
Join Date: Apr 2003
Location: New Bremen, Ohio U.S.A.
Posts: 12,521
Computer Experience:
~@<*+
noahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Level

My System

Those infections are in System Restore points. We'll take care of those once we finish fixing.

Please do a scan with HijackThis and save the log, then post it here.
noahdfear is offline   Reply With Quote
Old 5th January 2009   #5
Member
 
Profile:
Join Date: Jan 2009
Posts: 5
Computer Experience:
Intermediate
Mateo Reputation Level
Quote:
Originally Posted by noahdfear View Post
Those infections are in System Restore points. We'll take care of those once we finish fixing.

Please do a scan with HijackThis and save the log, then post it here.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:54:37, on 05/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\srvany.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\PCard.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Acer\Notebook Manager\almxptray.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\trend micro\hijackthis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AcerNotebookManager] C:\Program Files\Acer\Notebook Manager\almxptray.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /F "C:\WINDOWS\TEMP\E_S40D.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O4 - Global Startup: Moniteur Gigaset WLAN Adapter.lnk = C:\Program Files\Siemens\Gigaset USB Stick 108\GUI.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1219858767735
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1222088618751
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PSecret - Unknown owner - C:\WINDOWS\srvany.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 12430 bytes
Mateo is offline   Reply With Quote
Old 5th January 2009   #6
Staff
 
noahdfear's Avatar
 
Profile:
Join Date: Apr 2003
Location: New Bremen, Ohio U.S.A.
Posts: 12,521
Computer Experience:
~@<*+
noahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Level

My System

That log looks good Mateo. Are you still getting the error message on startup?
noahdfear is offline   Reply With Quote
Old 5th January 2009   #7
Member
 
Profile:
Join Date: Jan 2009
Posts: 5
Computer Experience:
Intermediate
Mateo Reputation Level
Hi
No error message at startup now! great... but:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, January 5, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, January 05, 2009 06:13:40
Records in database: 1562036
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
G:\

Scan statistics:
Files scanned: 93943
Threat name: 3
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 02:05:53


File name / Threat name / Threats count
C:\System Volume Information\_restore{1C86BA18-1FFD-42CE-99FB-DC25C3D6DB0E}\RP88\A0029220.exe Infected: not-a-virus:AdWare.Win32.Agent.hlh 1
C:\System Volume Information\_restore{1C86BA18-1FFD-42CE-99FB-DC25C3D6DB0E}\RP128\A0051635.exe Infected: Backdoor.Win32.Agent.ree 1
C:\System Volume Information\_restore{1C86BA18-1FFD-42CE-99FB-DC25C3D6DB0E}\RP136\A0056124.exe Infected: Trojan-Downloader.Win32.Small.adsk 1

The selected area was scanned.
Mateo is offline   Reply With Quote
Old 6th January 2009   #8
Staff
 
noahdfear's Avatar
 
Profile:
Join Date: Apr 2003
Location: New Bremen, Ohio U.S.A.
Posts: 12,521
Computer Experience:
~@<*+
noahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Level

My System

Great!

Delete RSIT.exe and the C:\rsit folder.

Download ATF Cleaner by Atribune and save it to your Desktop.
  • Double click ATF-Cleaner.exe to run the program.
  • Check the boxes to the left of:

    • Windows Temp
    • Current User Temp
    • All Users Temp
    • Temporary Internet Files
    • Prefetch
    • Java Cache
    • Recycle bin

  • The rest are optional - if you want it to remove everything check "Select All".
  • Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.
Reboot


If you're satisfied that the computer is working properly, clear the System Restore points. They are infected.

Clear past system restore points and create a new one.
Right click My Computer and select Properties. On the System Restore tab, check the box to turn System Restore off. Click Apply. Now, uncheck the box and click Apply to turn System Restore back on. Click OK, then OK to close the System Properties dialog.

Verify a new restore point was created.
Click Start>All Programs>Accessories>System Tools>System Restore
Select 'Restore my computer to an earlier time', then click next.
You should have a newly created System Checkpoint available. If so, click Cancel. If not, click Back and select 'Create a restore point' then click Next. Give the restore point a name and click next.


Your computer is now clean! Geri has posted some very helpful information and recommendations regarding future protection in the following link.

An ounce of prevention is worth a pound of cure

Surf safe!
noahdfear is offline   Reply With Quote
Old 7th January 2009   #9
Member
 
Profile:
Join Date: Jan 2009
Posts: 5
Computer Experience:
Intermediate
Mateo Reputation Level
Thanks a lot Dave
Now Kaspersky doesn't find any problem
I really appreciate your help and how clear was your explanations
I will follow strictly Geri's post

Mateo
Mateo is offline   Reply With Quote
Old 7th January 2009   #10
Staff
 
noahdfear's Avatar
 
Profile:
Join Date: Apr 2003
Location: New Bremen, Ohio U.S.A.
Posts: 12,521
Computer Experience:
~@<*+
noahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Level

My System

You're very welcome. Glad I could help.
noahdfear is offline   Reply With Quote
Reply

« [Active] internet search redirect? | [Active] I cannot access anti-virus websites or update »
Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
[Resolved] Caught the Trojan.Starter.384 and can't remove it Chilly Malware and Virus Removal 49 28th September 2008 14:36
[Resolved] Please Analyze Scans for viruses deester Malware and Virus Removal 17 12th September 2008 02:15
[Resolved] Another Virtumonde victim who needs help Nokanda Malware and Virus Removal 83 6th September 2008 04:27
[Resolved] Hijackthis log + Virus info. GFitz Malware and Virus Removal 45 2nd September 2008 12:38
[Resolved] Bloodhound.SONAR.1 & Trojan Horses - [HJT Log included] ginsta Malware and Virus Removal 17 27th August 2008 03:28


All times are GMT +1. The time now is 03:16.




Advertise - Contact Us - Windows BBS - Archive - Privacy Statement - Top

Advertisements do not imply our endorsement of the product or service advertised.
Powered by vBulletin® Version 3.8.3
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.2.0
Copyright © 2002 - 2009 WindowsBBS.com. All rights reserved.
Terms of Use, Legal Information & Privacy Policy
[]

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33