Post by: Daevild on December 11, 2005, 03:34:39 PM
Post by: guestolo on December 11, 2005, 03:42:39 PM
Can you try the following please
download and save too a permanent folder on your harddrive
Hijackthis 1.99.1
The link is in my signature below
Open Hijackthis.exe
Do a "SCAN and Save a Log file"
A text file should open
Save the log----copy and paste the WHOLE contents of the log here... Don't try and fix anything yet----It is all important
Post by: Daevild on December 11, 2005, 04:48:16 PM
Logfile of HijackThis v1.99.1
Scan saved at 16:40:53, on 11/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\winupdates\winupdates.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\David\Bureau\Games\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/ (http://\"http://sympatico.msn.ca/\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB002" /M "Stylus CX4800"
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - Startup: Enregistrement de all-in-one Epson.lnk = E:\Titles\Ereg\EPSONREG.EXE
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?8df5847ad2f248dab4ddb08ff5c3764
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?8df5847ad2f248dab4ddb08ff5c3764
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...MetaStream3.cab (http://\"https://components.viewpoint.com/MTSInstallers/MetaStream3.cab\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab\")
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab (http://\"https://www.e-games.com.my/com/EGamesPlugin.cab\")
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab (http://\"http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab\")
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab (http://\"http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab\")
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\Documents and Settings\David\Local Settings\Temp\EI40_\msxml4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab (http://\"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab\")
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab (http://\"http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab\")
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
oh and btw.. when i was looking on the internet.. i found this site
http://www.download.com/3642-2086-2607171.html (http://\"http://www.download.com/3642-2086-2607171.html\")
if you read at the xoftspy description.. it says that it can remove the worm.. i was hesitating about using it.. afraid that it doesnt remove everything .. and it cost 30 bucks.. :S
Post by: guestolo on December 11, 2005, 05:00:16 PM
I like the free tools
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> When I ask you too download a zip file, make sure you choose SAVE TO DISK rather than Open
Can you open "MyComputer"
Double click to open Local Disk C: drive
Right click an empty spot and left click NEW>>Folder
A new folder will be placed in the C: folder , name it BFU
So you now have C:\BFU
Download and save p2pnetwork.zip (http://\"http://www.thetechguide.com/forum/index.php?act=Attach&type=post&id=426\")
Then UNZIP it to the BFU Folder
So you now have p2pnetwork.bfu extracted to the BFU folder
Download and save and then UNZIP to the BFU folder
BFU.zip (http://\"http://www.merijn.org/files/bfu.zip\")
So you now have BFU.exe extracted
==Download and Install this small program
to help clean your temp folders,cookies, etc...
Windows Cleanup! 4.0 (http://\"http://downloads.stevengould.org/cleanup/CleanUp40.exe\")
Don't run it yet
==Download and then Install
Ewido Security Suite (http://\"http://download.ewido.net/ewido-setup.exe\")
When installing, under "Additional Options" Uncheck "Install background guard" and "Install scan via context menu".
From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/ (http://\"http://www.ewido.net/en/download/updates/\")
If you don't have Ad-Aware SE personal 1.06
Download and Install the free version of Ad-Aware SE Personal 1.06 (http://\"ftp://ftp.download.com/pub/win95/utilities/aawsepersonal.exe\")
Open Ad-Aware, ensure to click the check for updates now link and Connect to download the latest updates
Don't run a scan yet
Instead
Please save these instructions to a Notepad file and save it to your Desktop for reference
or Print them out!
RESTART your Computer into SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu and hit Enter
Once in safe mode
Open the BFU folder
Double click to run BFU.exe
Use the "Open Script file" button (the folder icon next to Scriptfile to execute)
Navigate to p2pnetwork.bfu in the BFU folder
Right click p2pnetwork.bfu and choose Select
In Brute Force Uninstaller select Execute
Let it finish then Exit
==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files
* Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.
When it's done, decline to log off or restart the computer
==Open Ewido Security Suite
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
*1. Perform Action = Remove
*2. Create Encrypted Backup in Quarantine (Recommended)
*3. Perform action with all infections
Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido
NOTE: When Ewido is running, don't open any other Windows
Open Ad-Aware
Click START
Click the radio button to Perform a Full system scan then click NEXT
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button
RESTART your computer back to Normal mode
Back in Windows
Can I see the following
Run another scan and save logfile with Hijackthis and post a fresh log
Also post the report you saved earlier from Ewido's
Try and do what you can from above, if you have any troubles, let me know afterwards
Post by: Daevild on December 11, 2005, 05:02:00 PM
Post by: guestolo on December 11, 2005, 05:06:15 PM
Depending on how you follow all instructions
Let's see
Running BFU the way I gave you instructions
About 10 to 15 seconds
Running CleanUp!
I would guess anywhere from 30 seconds to 5 minutes, depending on how much to clean
Running Ewido
Anywhere from 25 minutes to 1 hour
Depending on how much files you have on computer
Running Ad-Aware
A guess
About 5 minutes
Post by: Daevild on December 11, 2005, 07:36:26 PM
seems it worked .. becuz limewire stopped to keep opening when i start windows.. and i can now access to my task manager ^^ i will post the 2 log files that you wanted me to do further
therefore .. i have a question.. it is normal that.. on the last step.. with the last scan of adaware.. they spotted again the WIN32.P2P-WORM.ALCAN.A.. i deleted it though.. was that normal?
a few more questions.. the programs u told me to download.. which one is still useful for a regular use and which one is now good to be uninstalled
and can you recommend me some good antivirus, firewall, anti-spyware, and some good programs to keep the computer optimized.. doesnt matter if it cost something.. ill deal with it
also.. can i coninue to use limewire now?
and now the logs.. first the hijack.. and then the ewido ( i dont why its in french.. but if there is something that u dont understand.. you can ask me)
=====HIJACKTHIS LOG=======
Logfile of HijackThis v1.99.1
Scan saved at 19:34:21, on 11/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\David\Bureau\Games\HJT\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/ (http://\"http://sympatico.msn.ca/\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB002" /M "Stylus CX4800"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - Startup: Enregistrement de all-in-one Epson.lnk = E:\Titles\Ereg\EPSONREG.EXE
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?8df5847ad2f248dab4ddb08ff5c3764
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?8df5847ad2f248dab4ddb08ff5c3764
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...MetaStream3.cab (http://\"https://components.viewpoint.com/MTSInstallers/MetaStream3.cab\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab\")
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab (http://\"https://www.e-games.com.my/com/EGamesPlugin.cab\")
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab (http://\"http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab\")
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab (http://\"http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab\")
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\Documents and Settings\David\Local Settings\Temp\EI40_\msxml4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab (http://\"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab\")
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab (http://\"http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab\")
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
=========================================================
EWIDO LOG
=========================================================
---------------------------------------------------------
ewido security suite - Rapport de scan
---------------------------------------------------------
+ Créé le: 19:08:32, 11/12/2005
+ Somme de contrôle: FA12256C
+ Résultats du scan:
HKLM\SOFTWARE\Classes\Interface\{A36A5936-CFD9-4B41-86BD-319A1931887F} -> Spyware.SideFind : Nettoyer et sauvegarder
HKLM\SOFTWARE\PowerScan -> Spyware.PowerScan : Nettoyer et sauvegarder
HKLM\SOFTWARE\VGroup -> Spyware.SAHA : Nettoyer et sauvegarder
HKLM\SOFTWARE\VGroup\SAHPopup -> Spyware.SAHA : Nettoyer et sauvegarder
HKU\S-1-5-21-1229272821-854245398-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Nettoyer et sauvegarder
HKU\S-1-5-21-1229272821-854245398-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07E9CDF4-20D2-46B1-B681-663968F527CE} -> Spyware.Begin2Search : Nettoyer et sauvegarder
HKU\S-1-5-21-1229272821-854245398-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Nettoyer et sauvegarder
HKU\S-1-5-21-1229272821-854245398-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Nettoyer et sauvegarder
HKU\S-1-5-21-1229272821-854245398-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} -> Spyware.YourSiteBar : Nettoyer et sauvegarder
HKU\S-1-5-21-1229272821-854245398-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Nettoyer et sauvegarder
HKU\S-1-5-21-1229272821-854245398-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} -> Spyware.YourSiteBar : Nettoyer et sauvegarder
HKU\S-1-5-21-1229272821-854245398-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87067F04-DE4C-4688-BC3C-4FCF39D609E7} -> Spyware.WebSearch : Nettoyer et sauvegarder
HKU\S-1-5-21-1229272821-854245398-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DDFFA75A-E81D-4454-89FC-B9FD0631E726} -> Spyware.VX2 : Nettoyer et sauvegarder
HKU\S-1-5-21-1229272821-854245398-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E0CE16CB-741C-4B24-8D04-A817856E07F4} -> Spyware.Roimoi : Nettoyer et sauvegarder
HKU\S-1-5-21-1229272821-854245398-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBBD88E5-C372-469D-B4C5-1FE00352AB9B} -> Spyware.FavoriteMan : Nettoyer et sauvegarder
HKU\S-1-5-21-1229272821-854245398-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Nettoyer et sauvegarder
HKU\S-1-5-21-1229272821-854245398-1417001333-1004\Software\PowerScan -> Spyware.PowerScan : Nettoyer et sauvegarder
C:\Documents and Settings\David\Complete\Norton AntiVirus 2006 Full with , Norton AntiVirus 200.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Documents and Settings\David\Complete\Ahead Nero Burning Rom 7.0 (news LinkS).zip/Setup.exe -> Worm.VB.an : Erreur durant le nettoyage
C:\Documents and Settings\David\Complete\WebcamXP Pro 2.19.125.zip/Setup.exe -> Worm.VB.an : Erreur durant le nettoyage
C:\Documents and Settings\David\Complete\McAfee Personal Firewall Plus 7.1.113.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Documents and Settings\David\Complete\Ultra Video Splitter 3.4.8.zip/Setup.exe -> Worm.VB.an : Erreur durant le nettoyage
C:\Documents and Settings\David\Complete\AoA DVD Ripper 3.85.zip/Setup.exe -> Worm.VB.an : Erreur durant le nettoyage
C:\Documents and Settings\David\Complete\Super Proxy Helper 1.05.zip/Setup.exe -> Worm.VB.an : Erreur durant le nettoyage
C:\Documents and Settings\David\Complete\Ocean FTP Server 1.1.6.1.zip/Setup.exe -> Worm.VB.an : Erreur durant le nettoyage
C:\Documents and Settings\David\Complete\Copy To DVD 3.1.2.zip/Setup.exe -> Worm.VB.an : Erreur durant le nettoyage
C:\Documents and Settings\David\Complete\Evidence Destructor 2.1.zip/Setup.exe -> Worm.VB.an : Erreur durant le nettoyage
C:\Documents and Settings\David\Complete\Mobile Ringtone Converter 2.3.9.zip/Setup.exe -> Worm.VB.an : Erreur durant le nettoyage
C:\Documents and Settings\David\Complete\AnyDVD 5.5.4.1.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Documents and Settings\David\Complete\Amazing Slow Downer 2.79.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Documents and Settings\David\Complete\Digital Audio Editor 4.3.2.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Documents and Settings\David\Complete\Treasure Vault 3D Screensaver.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Documents and Settings\David\Complete\VSO Blindwrite 5.2.21.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Documents and Settings\David\Complete\WinAVI DVD Copy 4.5.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Documents and Settings\David\Complete\AVG Anti-Virus 7.0.344.618.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Documents and Settings\David\Complete\Alcohol 120% 1.9.5.3105.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Documents and Settings\David\Complete\Universal Vista Inspirat Brico Pack 1.1.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Documents and Settings\David\Complete\Sonic PDF Creator 1.0.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Documents and Settings\David\Complete\Agnitum Outpost Firewall Pro 3.0.543.431.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Documents and Settings\David\Complete\WinZip 10.0.6667.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Documents and Settings\David\Complete\Nero Premium 7.0.1.2 Ultimate.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Documents and Settings\David\Complete\GData AntiVirusKit 2006.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Documents and Settings\David\Complete\Selteco Flash Designer 5.0.22.4.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Documents and Settings\David\Complete\Batch Watermark Creator 3.2.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Documents and Settings\David\Complete\PDF to Word 1.6.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Documents and Settings\David\Complete\Videocharge Pro 3.33.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Documents and Settings\David\Complete\IconPackager Enhanced 3.00a.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Documents and Settings\David\Complete\Audio Edit Magic 7.5.9.675.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Documents and Settings\David\Complete\WinBackup Pro 2.1.1.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Documents and Settings\David\Complete\HTTPWatch 3.2.0.65.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Documents and Settings\David\Complete\SpamWasher 2.0.1000.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Documents and Settings\David\Complete\Bitdefender Internet Security 9.0.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Documents and Settings\David\Complete\Registry Clean Expert 3.65.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Documents and Settings\David\Complete\Dr.Web 4.33.1.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Documents and Settings\David\Complete\Instant Backup 1.3.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Documents and Settings\David\Complete\Spyware Doctor 3.2.2.417.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Documents and Settings\David\Complete\WinGuard Pro 2006 6.0.3.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Program Files\Ares\My Shared Folder\Norton AntiVirus 2006 Full with , Norton AntiVirus 200.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Program Files\Ares\My Shared Folder\Ahead Nero Burning Rom 7.0 (news LinkS).zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Program Files\Ares\My Shared Folder\WebcamXP Pro 2.19.125.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Program Files\Ares\My Shared Folder\McAfee Personal Firewall Plus 7.1.113.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Program Files\Ares\My Shared Folder\Ultra Video Splitter 3.4.8.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Program Files\Ares\My Shared Folder\AoA DVD Ripper 3.85.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Program Files\Ares\My Shared Folder\Super Proxy Helper 1.05.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Program Files\Ares\My Shared Folder\Ocean FTP Server 1.1.6.1.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Program Files\Ares\My Shared Folder\Copy To DVD 3.1.2.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Program Files\Ares\My Shared Folder\Evidence Destructor 2.1.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Program Files\Ares\My Shared Folder\Mobile Ringtone Converter 2.3.9.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Program Files\Ares\My Shared Folder\AnyDVD 5.5.4.1.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Program Files\Ares\My Shared Folder\Amazing Slow Downer 2.79.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Program Files\Ares\My Shared Folder\Digital Audio Editor 4.3.2.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Program Files\Ares\My Shared Folder\Treasure Vault 3D Screensaver.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Program Files\Ares\My Shared Folder\VSO Blindwrite 5.2.21.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Program Files\Ares\My Shared Folder\WinAVI DVD Copy 4.5.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Program Files\Ares\My Shared Folder\AVG Anti-Virus 7.0.344.618.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Program Files\Ares\My Shared Folder\Alcohol 120% 1.9.5.3105.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Program Files\Ares\My Shared Folder\Universal Vista Inspirat Brico Pack 1.1.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Program Files\Ares\My Shared Folder\Sonic PDF Creator 1.0.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Program Files\Ares\My Shared Folder\Agnitum Outpost Firewall Pro 3.0.543.431.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Program Files\Ares\My Shared Folder\WinZip 10.0.6667.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Program Files\Ares\My Shared Folder\Nero Premium 7.0.1.2 Ultimate.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Program Files\Ares\My Shared Folder\GData AntiVirusKit 2006.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Program Files\Ares\My Shared Folder\Selteco Flash Designer 5.0.22.4.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Program Files\Ares\My Shared Folder\Batch Watermark Creator 3.2.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Program Files\Ares\My Shared Folder\PDF to Word 1.6.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Program Files\Ares\My Shared Folder\Videocharge Pro 3.33.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Program Files\Ares\My Shared Folder\IconPackager Enhanced 3.00a.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Program Files\Ares\My Shared Folder\Audio Edit Magic 7.5.9.675.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Program Files\Ares\My Shared Folder\WinBackup Pro 2.1.1.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Program Files\Ares\My Shared Folder\HTTPWatch 3.2.0.65.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Program Files\Ares\My Shared Folder\SpamWasher 2.0.1000.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Program Files\Ares\My Shared Folder\Bitdefender Internet Security 9.0.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Program Files\Ares\My Shared Folder\Registry Clean Expert 3.65.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Program Files\Ares\My Shared Folder\Dr.Web 4.33.1.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Program Files\Ares\My Shared Folder\Instant Backup 1.3.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Program Files\Ares\My Shared Folder\Spyware Doctor 3.2.2.417.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Program Files\Ares\My Shared Folder\WinGuard Pro 2006 6.0.3.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\System Volume Information\_restore{5E537E98-71A1-4DDE-90BF-2F534B0B2D4E}\RP323\A0092682.exe -> Spyware.180Solutions : Nettoyer et sauvegarder
C:\System Volume Information\_restore{5E537E98-71A1-4DDE-90BF-2F534B0B2D4E}\RP323\A0092683.dll -> Spyware.SideFind : Nettoyer et sauvegarder
C:\System Volume Information\_restore{5E537E98-71A1-4DDE-90BF-2F534B0B2D4E}\RP323\A0092733.exe -> Worm.VB.an : Nettoyer et sauvegarder
::Fin du rapport
Post by: guestolo on December 11, 2005, 10:53:16 PM
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\Documents and Settings\David\Local Settings\Temp\EI40_\msxml4.cab
After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot your computer
Is Kapersky's running properly, I have to admit I've never had it installed
I see it in your services
But I don't see it in your Run entries
Post by: Daevild on December 12, 2005, 04:56:29 PM
Logfile of HijackThis v1.99.1
Scan saved at 16:54:32, on 12/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\David\Bureau\Games\HJT\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/ (http://\"http://sympatico.msn.ca/\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB002" /M "Stylus CX4800"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - Startup: Enregistrement de all-in-one Epson.lnk = E:\Titles\Ereg\EPSONREG.EXE
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?8df5847ad2f248dab4ddb08ff5c3764
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?8df5847ad2f248dab4ddb08ff5c3764
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...MetaStream3.cab (http://\"https://components.viewpoint.com/MTSInstallers/MetaStream3.cab\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab\")
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab (http://\"https://www.e-games.com.my/com/EGamesPlugin.cab\")
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab (http://\"http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab\")
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab (http://\"http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab\")
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab (http://\"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab\")
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab (http://\"http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab\")
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
Post by: guestolo on December 12, 2005, 08:31:29 PM
If everything is running better, please do the following
You should disable system restore>>Reboot your computer>>and then reenable it
This will clear all your restore points and ensure you don't restore any nasties
How to Disable and Re-enable System Restore feature (http://\"http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm\")
Make sure you reenable system restore feature
Afterwards, For added protections
You should install this free tool
SpywareBlaster 3.4 by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates and then click the "Enable all protection"
Check for updates every couple of weeks
after every update just simply click the "enable protection...."
Post by: Daevild on December 12, 2005, 09:56:34 PM
/blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' />
Post by: guestolo on December 12, 2005, 10:25:13 PM
Without showing slowdowns
Actually, the reverse, helps to clean malware from the computers to help improve performance
I would hold onto these
SpywareBlaster and Ad-Aware
additionally I would also keep CleanUp! and Ewido
You can delete this folder
C:\BFU <-this folder
When was the last time you ran a Disk Defragment on your computer?
Post by: Daevild on December 12, 2005, 10:47:49 PM
Post by: guestolo on December 12, 2005, 11:02:47 PM
I like to run it once a month
Others wait longer, some sooner
You seem to know how to start in Safe mode
Why don't you start in safe mode and run Disk Defragment from there
Let it finish, It will take awhile if it hasn't been done in some time
EDIT>>Not a day, maybe hours
It may be best to run it in safe mode to make sure nothing else interferes with the process
To refresh yourself where it is
START>>All programs>>Accessories>>System Tools>>Disk Defragmenter
Click on the Defragment button
Let me know how it goes
Post by: Daevild on December 14, 2005, 06:15:11 PM
Post by: Daevild on December 19, 2005, 06:49:38 PM
Post by: guestolo on December 19, 2005, 07:06:19 PM
I do it once a month, takes about 40 minutes at tops
"114gb from the 149gb"
That could be a reason for it taking awhile, it may have lots to sort through
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />Give it time
If done regularly it won't take that long
Post by: Daevild on December 19, 2005, 07:28:59 PM
Post by: changsta on December 20, 2005, 01:11:01 AM
would you mind helping me to remove the worm as well? i did the hijackthis scan, and here is my log file:
LOG REMOVED
Hi changsta
If you still need a hand with your Hijackthis log
Please don't post it in anothers thread
Start your own post please and include a fresh hijackthis log
~guestolo~
Post by: Slaker on December 24, 2005, 03:57:24 AM
Should I do the same thing as the first dude?
Can you please start your own topic and include a fresh hijackthis log please
~guestolo~
Post by: Daevild on December 25, 2005, 03:00:03 PM
is it always protecting my comp if i close the program window? i mean does it provide a realtime protection or do i need Spyware Guard, the addon to Spyware Blaster?
I use now Mozilla Firefox.. i think its better than Internet Explorer right?
Post by: guestolo on December 26, 2005, 04:13:00 PM
How's everthing running on your end now?
Quote
I use now Mozilla Firefox.. i think its better than Internet Explorer right
I always use Firefox, wouldn't be without it
Post by: Daevild on December 26, 2005, 10:31:02 PM
i just bought an external HD.. so im gonna free a lot more of space in my current HD.. think i gotta defragment again lol
Post by: guestolo on December 26, 2005, 10:42:04 PM
If you find that everything is running well
You should disable system restore>>Reboot your computer>>and then reenable it
This will clear all your restore points and ensure you don't restore any nasties
How to Disable and Re-enable System Restore feature (http://\"http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm\")
Make sure you reenable system restore feature
Now you will start with a fresh clean Restore point
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Post by: Daevild on December 27, 2005, 08:57:41 AM
but another question.. is it normal to all computers that sometime.. when i try to open a folder or a program.. there is delay between the doubleclicking and the program opening .Its because it was instantly when i bought the comp
and i just wanted to know : how you read hijack's logs ???
Post by: guestolo on December 27, 2005, 12:00:43 PM
You may have just ran CleanUp! on your machine
CleanUp!, with the instructions I gave you also clears the Prefetch folder
This is good to do about once a month
But you can run CleanUp! regularly if you want>>Every week
The prefetch folder is used to help speed up the loading of programs; XP will load programs it thinks you need before you ask for them yourself.
Of course, it will also load orphaned malware entries, so we cleaned that area also
As programs open they will be added to prefetch
Of course what you have running on startup will be added after you run CleanUp!
So bootup is a bit slower at first, but that increases on next bootup
Any programs that haven't been added to Prefetch yet make take a couple more seconds to open
Until the next time you open them
See if things speed up a bit on next bootup
Post by: reno on May 20, 2006, 12:39:22 PM
Then UNZIP it to the BFU Folder
So you now have p2pnetwork.bfu extracted to the BFU folder[/quote]
I'm trying to get rid of this annoying worm (allong with some stupid spyware: CoolWebSearch or smth) as well but could it be that that file is no longer there?
Post by: guestolo on May 20, 2006, 01:43:32 PM
I'm locking this topic
To reno and all others, if you need a hand
Please start your own topic
Read this please (http://\"http://www.thetechguide.com/forum/index.php?showtopic=22942\")