Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Daevild

Pages: [1]
1
Tech Clinic / help with WIN32.P2P-WORM.ALCAN.A
« on: December 27, 2005, 08:57:41 AM »
yep doen that already forgot to mention it
but another question.. is it normal to all computers that sometime.. when i try to open a folder or a program.. there is delay between the doubleclicking and the program opening .Its because it was instantly when i bought the comp

and i just wanted to know : how you read hijack's logs ???

2
Tech Clinic / help with WIN32.P2P-WORM.ALCAN.A
« on: December 26, 2005, 10:31:02 PM »
everything is going fine! since i deleted like more than 30gb, defragmented, and switched to nod32 AV, my comp use less RAM so its like very performent now.. and the antispywares i installed doesnt seem to affect a lot the performance.. feel so great now.. with all these protections

i just bought an external HD.. so im gonna free a lot more of space in my current HD.. think i gotta defragment again lol

3
Tech Clinic / Spyware Guard
« on: December 25, 2005, 11:11:28 PM »
hey guestolo!

I installed
-firefox (ppl says its better than internet explorer) ,
-nod32 AV ( i uninstalled kaspersky AV for it),
-Ad-aware pro so it provide a real-time protection unlike the personnal version )
-and the program you suggested me : Spyware Blaster, i did everything you told me to do, updates, enable protection, etc..

but i have a question.. does the program (Spyware Blaster) provide a real-time protection? or i need Spyware Guard to enable it?

4
Software / avi to dvd
« on: December 25, 2005, 05:00:34 PM »
yeah nero 7 ultra version right? can you send me the key plz? just pm me or my email is daevild"gmail.com  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />  thanks

5
Tech Clinic / help with WIN32.P2P-WORM.ALCAN.A
« on: December 25, 2005, 03:00:03 PM »
hey i would to know something about spyware blaster

is it always protecting my comp if i close the program window? i mean does it provide a realtime protection or do i need Spyware Guard, the addon to Spyware Blaster?

I use now Mozilla Firefox.. i think its better than Internet Explorer right?

6
Tech Clinic / Virtual Drives wont go away...
« on: December 22, 2005, 02:13:30 PM »
bump??

7
Software / avi to dvd
« on: December 20, 2005, 11:11:33 PM »
Can someone suggest me a good program ( free plz  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> ) to convert avi to dvd and refer me a website where it has a tutorial for how to convert and everything that relies to it.. ( sorry for my english.. i live in quebec --> french http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' /> )

8
Tech Clinic / Virtual Drives wont go away...
« on: December 20, 2005, 11:03:51 PM »
i had an old version of alcohol 120% so i decided to update it.. well.. i uninstalled it and installed the new one.. the problem is that the 2 virtual drives that i set up for the old one didnt go away.. and the new version considered them as physical drives.. so i need to make 2 more virtual drives.. and now.. i ended up with 4 virtual drives.... dont like it tho..  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/unsure.gif\' class=\'bbc_emoticon\' alt=\':unsure:\' />  i tried to CONTROL PANEL --> SYSTEM --> HARDWARE --> DEVICE MANAGER --> CD/DVD DRIVE and right click of the 2 drives and click uninstall.. but everytime i boot my comp.. it comes back.. can anyone help me to remove them?

9
Tech Clinic / help with WIN32.P2P-WORM.ALCAN.A
« on: December 19, 2005, 07:28:59 PM »
did i say 10 hours.. lol i wanted to say near 20 hours.. hmmm last complete defrag.. almost 1 year lol

10
Tech Clinic / help with WIN32.P2P-WORM.ALCAN.A
« on: December 19, 2005, 06:49:38 PM »
ok.. im defragmenting my hd right now..im using my old comp to post now.. its been like 10 hours im defragmenting it.. and im only at 73%.. is that normal? im doing it on safe mode, and i used like 114gb from the 149gb. I wonder if i stop the process now.. and when i restart it later.. will it restart at the same point or restart at beginning and make me waste 10 hours?

11
Tech Clinic / help with WIN32.P2P-WORM.ALCAN.A
« on: December 14, 2005, 06:15:11 PM »
ok ill try to defragment my hd this weekend cuz i need to backup some big files in my hd to data dvds... and give you some news..

12
Tech Clinic / help with WIN32.P2P-WORM.ALCAN.A
« on: December 12, 2005, 10:47:49 PM »
oh defragment lol.. forgot about that.. hmm.. its been a very long time.. becuz i tried to defragment it like 2 months ago.. and it took me more than a day and it havent finish tho..

13
Tech Clinic / help with WIN32.P2P-WORM.ALCAN.A
« on: December 12, 2005, 09:56:34 PM »
ok thanks for the help.. but i wud like to know.. which programs that i downloaded and installed can be removed?.. and it is normal that after i did these steps.. my comp became a bit.. slow..  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' />

14
Tech Clinic / help with WIN32.P2P-WORM.ALCAN.A
« on: December 12, 2005, 04:56:29 PM »
hey guestolo.. ive made another scan and fixed the thing to told me to do.. and rebooted the comp.. and ive made a another scan.. here is the log

Logfile of HijackThis v1.99.1
Scan saved at 16:54:32, on 12/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\David\Bureau\Games\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB002" /M "Stylus CX4800"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - Startup: Enregistrement de all-in-one Epson.lnk = E:\Titles\Ereg\EPSONREG.EXE
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?8df5847ad2f248dab4ddb08ff5c3764
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?8df5847ad2f248dab4ddb08ff5c3764
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...MetaStream3.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

15
Tech Clinic / help with WIN32.P2P-WORM.ALCAN.A
« on: December 11, 2005, 07:36:26 PM »
hey guestolo!

seems it worked .. becuz limewire stopped to keep opening when i start windows.. and i can now access to my task manager ^^ i will post the 2 log files that you wanted me to do further

therefore .. i have a question.. it is normal that.. on the last step.. with the last scan of adaware.. they spotted again the WIN32.P2P-WORM.ALCAN.A.. i deleted it though.. was that normal?

a few more questions.. the programs u told me to download.. which one is still useful for a regular use and which one is now good to be uninstalled

and can you recommend me some good antivirus, firewall, anti-spyware, and some good programs to keep the computer optimized.. doesnt matter if it cost something.. ill deal with it

also.. can i coninue to use limewire now?

and now the logs.. first the hijack.. and then the ewido ( i dont why its in french.. but if there is something that u dont understand.. you can ask me)

=====HIJACKTHIS LOG=======

Logfile of HijackThis v1.99.1
Scan saved at 19:34:21, on 11/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\David\Bureau\Games\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB002" /M "Stylus CX4800"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - Startup: Enregistrement de all-in-one Epson.lnk = E:\Titles\Ereg\EPSONREG.EXE
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?8df5847ad2f248dab4ddb08ff5c3764
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?8df5847ad2f248dab4ddb08ff5c3764
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...MetaStream3.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\Documents and Settings\David\Local Settings\Temp\EI40_\msxml4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

=========================================================
EWIDO LOG
=========================================================
---------------------------------------------------------
 ewido security suite - Rapport de scan
---------------------------------------------------------

 + Créé le:      19:08:32, 11/12/2005
 + Somme de contrôle:   FA12256C

 + Résultats du scan:

   HKLM\SOFTWARE\Classes\Interface\{A36A5936-CFD9-4B41-86BD-319A1931887F} -> Spyware.SideFind : Nettoyer et sauvegarder
   HKLM\SOFTWARE\PowerScan -> Spyware.PowerScan : Nettoyer et sauvegarder
   HKLM\SOFTWARE\VGroup -> Spyware.SAHA : Nettoyer et sauvegarder
   HKLM\SOFTWARE\VGroup\SAHPopup -> Spyware.SAHA : Nettoyer et sauvegarder
   HKU\S-1-5-21-1229272821-854245398-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Nettoyer et sauvegarder
   HKU\S-1-5-21-1229272821-854245398-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07E9CDF4-20D2-46B1-B681-663968F527CE} -> Spyware.Begin2Search : Nettoyer et sauvegarder
   HKU\S-1-5-21-1229272821-854245398-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Nettoyer et sauvegarder
   HKU\S-1-5-21-1229272821-854245398-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Nettoyer et sauvegarder
   HKU\S-1-5-21-1229272821-854245398-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} -> Spyware.YourSiteBar : Nettoyer et sauvegarder
   HKU\S-1-5-21-1229272821-854245398-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Nettoyer et sauvegarder
   HKU\S-1-5-21-1229272821-854245398-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} -> Spyware.YourSiteBar : Nettoyer et sauvegarder
   HKU\S-1-5-21-1229272821-854245398-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87067F04-DE4C-4688-BC3C-4FCF39D609E7} -> Spyware.WebSearch : Nettoyer et sauvegarder
   HKU\S-1-5-21-1229272821-854245398-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DDFFA75A-E81D-4454-89FC-B9FD0631E726} -> Spyware.VX2 : Nettoyer et sauvegarder
   HKU\S-1-5-21-1229272821-854245398-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E0CE16CB-741C-4B24-8D04-A817856E07F4} -> Spyware.Roimoi : Nettoyer et sauvegarder
   HKU\S-1-5-21-1229272821-854245398-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBBD88E5-C372-469D-B4C5-1FE00352AB9B} -> Spyware.FavoriteMan : Nettoyer et sauvegarder
   HKU\S-1-5-21-1229272821-854245398-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Nettoyer et sauvegarder
   HKU\S-1-5-21-1229272821-854245398-1417001333-1004\Software\PowerScan -> Spyware.PowerScan : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\Norton AntiVirus 2006 Full with , Norton AntiVirus 200.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\Ahead Nero Burning Rom 7.0 (news LinkS).zip/Setup.exe -> Worm.VB.an : Erreur durant le nettoyage
   C:\Documents and Settings\David\Complete\WebcamXP Pro 2.19.125.zip/Setup.exe -> Worm.VB.an : Erreur durant le nettoyage
   C:\Documents and Settings\David\Complete\McAfee Personal Firewall Plus 7.1.113.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\Ultra Video Splitter 3.4.8.zip/Setup.exe -> Worm.VB.an : Erreur durant le nettoyage
   C:\Documents and Settings\David\Complete\AoA DVD Ripper 3.85.zip/Setup.exe -> Worm.VB.an : Erreur durant le nettoyage
   C:\Documents and Settings\David\Complete\Super Proxy Helper 1.05.zip/Setup.exe -> Worm.VB.an : Erreur durant le nettoyage
   C:\Documents and Settings\David\Complete\Ocean FTP Server 1.1.6.1.zip/Setup.exe -> Worm.VB.an : Erreur durant le nettoyage
   C:\Documents and Settings\David\Complete\Copy To DVD 3.1.2.zip/Setup.exe -> Worm.VB.an : Erreur durant le nettoyage
   C:\Documents and Settings\David\Complete\Evidence Destructor 2.1.zip/Setup.exe -> Worm.VB.an : Erreur durant le nettoyage
   C:\Documents and Settings\David\Complete\Mobile Ringtone Converter 2.3.9.zip/Setup.exe -> Worm.VB.an : Erreur durant le nettoyage
   C:\Documents and Settings\David\Complete\AnyDVD 5.5.4.1.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\Amazing Slow Downer 2.79.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\Digital Audio Editor 4.3.2.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\Treasure Vault 3D Screensaver.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\VSO Blindwrite 5.2.21.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\WinAVI DVD Copy 4.5.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\AVG Anti-Virus 7.0.344.618.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\Alcohol 120% 1.9.5.3105.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\Universal Vista Inspirat Brico Pack 1.1.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\Sonic PDF Creator 1.0.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\Agnitum Outpost Firewall Pro 3.0.543.431.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\WinZip 10.0.6667.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\Nero Premium 7.0.1.2 Ultimate.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\GData AntiVirusKit 2006.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\Selteco Flash Designer 5.0.22.4.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\Batch Watermark Creator 3.2.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\PDF to Word 1.6.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\Videocharge Pro 3.33.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\IconPackager Enhanced 3.00a.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\Audio Edit Magic 7.5.9.675.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\WinBackup Pro 2.1.1.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\HTTPWatch 3.2.0.65.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\SpamWasher 2.0.1000.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\Bitdefender Internet Security 9.0.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\Registry Clean Expert 3.65.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\Dr.Web 4.33.1.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\Instant Backup 1.3.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\Spyware Doctor 3.2.2.417.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\WinGuard Pro 2006 6.0.3.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Norton AntiVirus 2006 Full with , Norton AntiVirus 200.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Ahead Nero Burning Rom 7.0 (news LinkS).zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\WebcamXP Pro 2.19.125.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\McAfee Personal Firewall Plus 7.1.113.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Ultra Video Splitter 3.4.8.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\AoA DVD Ripper 3.85.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Super Proxy Helper 1.05.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Ocean FTP Server 1.1.6.1.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Copy To DVD 3.1.2.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Evidence Destructor 2.1.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Mobile Ringtone Converter 2.3.9.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\AnyDVD 5.5.4.1.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Amazing Slow Downer 2.79.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Digital Audio Editor 4.3.2.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Treasure Vault 3D Screensaver.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\VSO Blindwrite 5.2.21.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\WinAVI DVD Copy 4.5.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\AVG Anti-Virus 7.0.344.618.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Alcohol 120% 1.9.5.3105.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Universal Vista Inspirat Brico Pack 1.1.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Sonic PDF Creator 1.0.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Agnitum Outpost Firewall Pro 3.0.543.431.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\WinZip 10.0.6667.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Nero Premium 7.0.1.2 Ultimate.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\GData AntiVirusKit 2006.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Selteco Flash Designer 5.0.22.4.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Batch Watermark Creator 3.2.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\PDF to Word 1.6.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Videocharge Pro 3.33.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\IconPackager Enhanced 3.00a.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Audio Edit Magic 7.5.9.675.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\WinBackup Pro 2.1.1.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\HTTPWatch 3.2.0.65.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\SpamWasher 2.0.1000.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Bitdefender Internet Security 9.0.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Registry Clean Expert 3.65.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Dr.Web 4.33.1.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Instant Backup 1.3.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Spyware Doctor 3.2.2.417.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\WinGuard Pro 2006 6.0.3.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\System Volume Information\_restore{5E537E98-71A1-4DDE-90BF-2F534B0B2D4E}\RP323\A0092682.exe -> Spyware.180Solutions : Nettoyer et sauvegarder
   C:\System Volume Information\_restore{5E537E98-71A1-4DDE-90BF-2F534B0B2D4E}\RP323\A0092683.dll -> Spyware.SideFind : Nettoyer et sauvegarder
   C:\System Volume Information\_restore{5E537E98-71A1-4DDE-90BF-2F534B0B2D4E}\RP323\A0092733.exe -> Worm.VB.an : Nettoyer et sauvegarder


::Fin du rapport

16
Tech Clinic / help with WIN32.P2P-WORM.ALCAN.A
« on: December 11, 2005, 05:02:00 PM »
can i know how much time it will take me to do all this.. cuz i have homework to do for tomorrow..

17
Tech Clinic / help with WIN32.P2P-WORM.ALCAN.A
« on: December 11, 2005, 04:48:16 PM »
here is my hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 16:40:53, on 11/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\winupdates\winupdates.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\David\Bureau\Games\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB002" /M "Stylus CX4800"
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - Startup: Enregistrement de all-in-one Epson.lnk = E:\Titles\Ereg\EPSONREG.EXE
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?8df5847ad2f248dab4ddb08ff5c3764
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?8df5847ad2f248dab4ddb08ff5c3764
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...MetaStream3.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\Documents and Settings\David\Local Settings\Temp\EI40_\msxml4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe


oh and btw.. when i was looking on the internet.. i found this site

http://www.download.com/3642-2086-2607171.html

if you read at the xoftspy description.. it says that it can remove the worm.. i was hesitating about using it.. afraid that it doesnt remove everything .. and it cost 30 bucks.. :S

18
Tech Clinic / help with WIN32.P2P-WORM.ALCAN.A
« on: December 11, 2005, 03:34:39 PM »
ok i got infected with this worm : WIN32.P2P-WORM.ALCAN.A.. can someone help me to remove it from the very very beginning of what to do.. can we simplify please.. cuz i dont really unerstand complex english words.. thanks!

Pages: [1]