« previous next »
Pages: [1]

Author Topic: Please help me to remove Win32.P2P-Worm.Alcan.a  (Read 878 times)

Offline BuGzY

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Please help me to remove Win32.P2P-Worm.Alcan.a
« on: October 29, 2005, 03:34:27 AM »
When I tried to start cmd.exe there was complaint about running that program in compatibility mode or so. I clicked on IGNORE button, but still I'm unable to go in Command Prompt. I have BitDefender Pro 8 Plus and AdAware Pro installed on my computer. When I run scan with AdAware it found Win32.P2P-Worm.Alcan.a worm on my PC. Among other files infected by this worm I recognized cmd, tracert, ping and so on.
Please help me to remove this nasty guy.

Here is my HijackThis log file:

Logfile of HijackThis v1.99.1
Scan saved at 10:24:16, on 29.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\RemotelyAnywhere\RaMaint.exe
D:\Program Files\RemotelyAnywhere\RemotelyAnywhere.exe
D:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
D:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
D:\Program Files\VMware\VMware Workstation\vmware-authd.exe
D:\Program Files\Kerio\WinRoute Firewall\winroute.exe
D:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
D:\WINDOWS\system32\vmnetdhcp.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
D:\WINDOWS\system32\RunDLL32.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\RemotelyAnywhere\RAGui.exe
D:\Program Files\Softwin\BitDefender8\bdoesrv.exe
D:\Program Files\Softwin\BitDefender8\bdswitch.exe
D:\Program Files\D-Tools\daemon.exe
D:\WINDOWS\TBPanel.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
D:\Program Files\Kerio\WinRoute Firewall\wrctrl.exe
D:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe
D:\Program Files\GetRight\getright.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\GetRight\getright.exe
D:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
D:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
D:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
D:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
D:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
D:\Program Files\Softwin\BitDefender8\vsserv.exe
d:\progra~1\softwin\bitdef~1\bdmcon.exe
D:\Documents and Settings\Vlado Velkovski\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCTVRemote] D:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [RemotelyAnywhere GUI] "D:\Program Files\RemotelyAnywhere\RAGui.exe"
O4 - HKLM\..\Run: [BDMCon] D:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] D:\Program Files\Softwin\BitDefender8\\bdoesrv.exe
O4 - HKLM\..\Run: [BDNewsAgent] d:\program files\softwin\bitdefender8\bdnagent.exe
O4 - HKLM\..\Run: [BDSwitchAgent] D:\Program Files\Softwin\BitDefender8\\bdswitch.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Gainward] D:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Desktop Search] "D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [WrCtrl] "D:\Program Files\Kerio\WinRoute Firewall\wrctrl.exe"
O4 - HKCU\..\Run: [AWMON] "D:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = D:\Program Files\GetRight\getright.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://d:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1128689559046
O16 - DPF: {CAFECAFE-0013-0001-0009-ABCDEFABCDEF} (JInitiator 1.3.1.9) - http://vladocomp:8888/forms90/jinitiator/jinit.exe
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://vladocomp:2109/activex/RACtrl.cab
O18 - Protocol: qrev - {9DE24BAC-FC3C-42C4-9FC4-76B3FAFDBD90} - D:\PROGRA~1\QUESTS~1\SQLNAV~1\RNetPin.dll
O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll
O20 - Winlogon Notify: ckpNotify - D:\WINDOWS\SYSTEM32\ckpNotify.dll
O20 - Winlogon Notify: RAinit - D:\WINDOWS\SYSTEM32\RAinit.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - D:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - D:\Orc9Serv\bin\omtsreco.exe
O23 - Service: OracleOrc9DevlAgent - Oracle Corporation - D:\Orc9Devl\bin\agntsrvc.exe
O23 - Service: OracleOrc9DevlClientCache - Unknown owner - D:\Orc9Devl\BIN\ONRSD.EXE
O23 - Service: OracleOrc9ServAgent - Oracle Corporation - D:\Orc9Serv\bin\agntsrvc.exe
O23 - Service: OracleOrc9ServClientCache - Unknown owner - D:\Orc9Serv\BIN\ONRSD.EXE
O23 - Service: OracleOrc9ServCMAdmin - Unknown owner - D:\Orc9Serv\BIN\CMADMIN.EXE
O23 - Service: OracleOrc9ServCMan - Unknown owner - D:\Orc9Serv\BIN\CMGW.EXE
O23 - Service: OracleOrc9ServHTTPServer - Unknown owner - D:\Orc9Serv\Apache\Apache\apache.exe" --ntservice (file missing)
O23 - Service: OracleOrc9ServPagingServer - Unknown owner - D:\Orc9Serv/bin/pagntsrv.exe
O23 - Service: OracleOrc9ServSNMPPeerEncapsulator - Unknown owner - D:\Orc9Serv\BIN\ENCSVC.EXE
O23 - Service: OracleOrc9ServSNMPPeerMasterAgent - Unknown owner - D:\Orc9Serv\BIN\AGNTSVC.EXE
O23 - Service: OracleOrc9ServTNSListenerVLADODB_LSNR - Unknown owner - D:\Orc9Serv\BIN\TNSLSNR.exe
O23 - Service: OracleServiceVLADODB - Oracle Corporation - d:\orc9serv\bin\ORACLE.EXE
O23 - Service: RemotelyAnywhere Maintenance Service (RAMaint) - 3am Labs, Inc. - D:\Program Files\RemotelyAnywhere\RaMaint.exe
O23 - Service: RemotelyAnywhere - 3am Labs, Inc. - D:\Program Files\RemotelyAnywhere\RemotelyAnywhere.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - D:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - D:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - D:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - D:\Program Files\Softwin\BitDefender8\vsserv.exe" /service (file missing)
O23 - Service: Kerio WinRoute Firewall (WinRoute) - Kerio Technologies - D:\Program Files\Kerio\WinRoute Firewall\winroute.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - D:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Many thanks in advance.

-- BuGzY.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Please help me to remove Win32.P2P-Worm.Alcan.a
« Reply #1 on: October 29, 2005, 11:14:53 PM »
Hi BuGzY

Can you do the following please

Right click an empty spot on the desktop and left click NEW>>Folder
A new folder will be placed on the desktop, name it BFU

Download and Unzip P2pnetwork.zip to the BFU folder
So you now have  Metallica's script file p2pnetwork.bfu extracted to the BFU folder

Download and UNZIP to the BFU folder
BFU.zip
So you now have BFU.exe extracted

==Open Ad-Aware and check for updates
Don't run a scan yet
Can you also disable Ad-Watch, we don't need it interfering with any fixes we are about to try, keep it disabled until we have you clean
At which time you can reenable it again
Open AdAware SE.
Go to AdWatch User Interface.
Go to Tools and Preferences.
At the bottom of the screen you will see 2 options Active and Automatic.
Active: This will turn Ad-Watch On\Off without closing it.
Automatic: Suspicious activity will be blocked automatically.
Uncheck both options.

==Download and Install this small program
to help clean your temp folders,cookies, etc...
Windows Cleanup! 4.0

==Download and then Install
Ewido Security Suite

When installing, under "Additional Options" Uncheck "Install background guard" and "Install scan via context menu".
When you run ewido for the first time, IF you get a warning "Database could not be found!". Click OK. We'll fix that next
From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/

Please Print this out or save these instructions to a Notepad file and save it to your Desktop
RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads, or use the link I supplied for a more detailed explanation

In safe mode
Open the BFU folder
Double click to run BFU.exe
Use the "Open Script file" button (the folder icon next to Scriptfile to execute)
Navigate to p2pnetwork.bfu in the BFU folder
Right click p2pnetwork.bfu and choose Select
In Brute Force Uninstaller select Execute
Let it finish then Exit

==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

    * Empty Recycle Bins
    * Delete Cookies
    * Delete Prefetch files
    * Cleanup! All Users

Click OK
Close down your browser window
Press the CleanUp! button to start the program.
When it's done, decline to log off or restart the computer

==Open Ewido Security Suite
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
  *1. Perform Action = Remove
  *2. Create Encrypted Backup in Quarantine (Recommended)
  *3. Perform action with all infections
  Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido

Open Ad-Aware and run a scan

Restart back to Normal mode

Back in Windows
Post a fresh hijackthis log and the report from Ewidos
What version of Ad-Aware are you running?
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline BuGzY

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Please help me to remove Win32.P2P-Worm.Alcan.a
« Reply #2 on: October 31, 2005, 03:00:31 AM »
Hi questolo,

thank you very much for your quick help!
I did everythink exactly as you said and here are the newest HijackThis and Ewido log files, as you requested:

Logfile of HijackThis v1.99.1
Scan saved at 08:50:50, on 31.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\Program Files\RemotelyAnywhere\RAGui.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Softwin\BitDefender8\bdoesrv.exe
D:\Program Files\Softwin\BitDefender8\bdswitch.exe
D:\Program Files\D-Tools\daemon.exe
D:\WINDOWS\TBPanel.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\WINDOWS\system32\RunDLL32.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
D:\Program Files\Kerio\WinRoute Firewall\wrctrl.exe
D:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe
D:\Program Files\GetRight\getright.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
D:\Program Files\GetRight\getright.exe
D:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\RemotelyAnywhere\RaMaint.exe
D:\Program Files\RemotelyAnywhere\RemotelyAnywhere.exe
D:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
D:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
D:\Program Files\VMware\VMware Workstation\vmware-authd.exe
D:\Program Files\Kerio\WinRoute Firewall\winroute.exe
D:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
D:\WINDOWS\system32\vmnetdhcp.exe
D:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
D:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
D:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
D:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
D:\Program Files\Softwin\BitDefender8\vsserv.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\rdpclip.exe
D:\Program Files\Softwin\BitDefender8\bdmcon.exe
D:\WINDOWS\system32\logon.scr
D:\Documents and Settings\Vlado Velkovski\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCTVRemote] D:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [RemotelyAnywhere GUI] "D:\Program Files\RemotelyAnywhere\RAGui.exe"
O4 - HKLM\..\Run: [BDMCon] D:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] D:\Program Files\Softwin\BitDefender8\\bdoesrv.exe
O4 - HKLM\..\Run: [BDNewsAgent] d:\program files\softwin\bitdefender8\bdnagent.exe
O4 - HKLM\..\Run: [BDSwitchAgent] D:\Program Files\Softwin\BitDefender8\\bdswitch.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Gainward] D:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Desktop Search] "D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [WrCtrl] "D:\Program Files\Kerio\WinRoute Firewall\wrctrl.exe"
O4 - HKCU\..\Run: [AWMON] "D:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = D:\Program Files\GetRight\getright.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://d:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1128689559046
O16 - DPF: {CAFECAFE-0013-0001-0009-ABCDEFABCDEF} (JInitiator 1.3.1.9) - http://vladocomp:8888/forms90/jinitiator/jinit.exe
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://vladocomp:2109/activex/RACtrl.cab
O18 - Protocol: qrev - {9DE24BAC-FC3C-42C4-9FC4-76B3FAFDBD90} - D:\PROGRA~1\QUESTS~1\SQLNAV~1\RNetPin.dll
O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll
O20 - Winlogon Notify: ckpNotify - D:\WINDOWS\SYSTEM32\ckpNotify.dll
O20 - Winlogon Notify: RAinit - D:\WINDOWS\SYSTEM32\RAinit.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - D:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - D:\Orc9Serv\bin\omtsreco.exe
O23 - Service: OracleOrc9DevlAgent - Oracle Corporation - D:\Orc9Devl\bin\agntsrvc.exe
O23 - Service: OracleOrc9DevlClientCache - Unknown owner - D:\Orc9Devl\BIN\ONRSD.EXE
O23 - Service: OracleOrc9ServAgent - Oracle Corporation - D:\Orc9Serv\bin\agntsrvc.exe
O23 - Service: OracleOrc9ServClientCache - Unknown owner - D:\Orc9Serv\BIN\ONRSD.EXE
O23 - Service: OracleOrc9ServCMAdmin - Unknown owner - D:\Orc9Serv\BIN\CMADMIN.EXE
O23 - Service: OracleOrc9ServCMan - Unknown owner - D:\Orc9Serv\BIN\CMGW.EXE
O23 - Service: OracleOrc9ServHTTPServer - Unknown owner - D:\Orc9Serv\Apache\Apache\apache.exe" --ntservice (file missing)
O23 - Service: OracleOrc9ServPagingServer - Unknown owner - D:\Orc9Serv/bin/pagntsrv.exe
O23 - Service: OracleOrc9ServSNMPPeerEncapsulator - Unknown owner - D:\Orc9Serv\BIN\ENCSVC.EXE
O23 - Service: OracleOrc9ServSNMPPeerMasterAgent - Unknown owner - D:\Orc9Serv\BIN\AGNTSVC.EXE
O23 - Service: OracleOrc9ServTNSListenerVLADODB_LSNR - Unknown owner - D:\Orc9Serv\BIN\TNSLSNR.exe
O23 - Service: OracleServiceVLADODB - Oracle Corporation - d:\orc9serv\bin\ORACLE.EXE
O23 - Service: RemotelyAnywhere Maintenance Service (RAMaint) - 3am Labs, Inc. - D:\Program Files\RemotelyAnywhere\RaMaint.exe
O23 - Service: RemotelyAnywhere - 3am Labs, Inc. - D:\Program Files\RemotelyAnywhere\RemotelyAnywhere.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - D:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - D:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - D:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - D:\Program Files\Softwin\BitDefender8\vsserv.exe" /service (file missing)
O23 - Service: Kerio WinRoute Firewall (WinRoute) - Kerio Technologies - D:\Program Files\Kerio\WinRoute Firewall\winroute.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - D:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

----


---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:         02:44:27, 31.10.2005
 + Report-Checksum:      B872DE9D

 + Scan result:

   HKU\S-1-5-21-329068152-1682526488-725345543-1003\Software\IST -> Spyware.ISTBar : Cleaned with backup
   D:\Program Files\eMule\Incoming\CALL OF DUTY 2 CRACK NOCD+SERIAL+KEYGEN(1).rar/CALL OF DUTY 2 CRACK NOCD+SERIAL+KEYGEN\La 1Šre astuce pour tricher avec eurobarre\Eurofake.exe -> Worm.Kelvir.bp : Cleaned with backup
   D:\Program Files\Kerio\WinRoute Firewall\kwr6_patch.exe -> Trojan.Agent.jh : Cleaned with backup
   E:\EMULE Downloads\100 best .sis themes - Nokia 3650 6600 7610 7650 n-gage sis symbian mobile s60.zip/100 Themes/More Mobile Files.exe -> Dialer.Generic : Cleaned with backup
   E:\EMULE Downloads\50 best .sis themes - Nokia 3650 6600 7610 7650 n-gage sis symbian mobile s60.zip/50 best .sis themes - Nokia 3650 6600 7610 7650 n-gage sis symbian mobile s60 .zip/More Mobile Files.exe -> Dialer.Generic : Cleaned with backup
   E:\EMULE Downloads\Mobile - PC Suite Online Downloader - Nokia 3650 6600 7610 7650 n-gage symbian bluetooth.zip/Mobile - PC Suite Online Downloader - Nokia 3650 6600 7610 7650 n-gage symbian bluetooth.exe -> Dialer.Generic : Cleaned with backup
   E:\EMULE Downloads\Theme Downloader Sis Themes - Nokia 3650 6600 7610 7650 N-Gage Sis Symbian Mobile s60.zip/THEME DOWNLOADER .sis themes - Nokia 3650 6600 7610 7650 n-gage sis symbian mobile s60.exe -> Dialer.Generic : Cleaned with backup
   E:\Install SW\KWF 6.0.6\kwr6_patch.exe -> Trojan.Agent.jh : Cleaned with backup
   E:\Install SW\UltraISO_v7[1].2_ME.zip/fff-ui72_reg.exe -> Trojan.Small.cr : Cleaned with backup
   E:\SHAREAZA Downloads\kerio_winroute_firewall_6.0.1`2`3`4_uniPatch_and_license.zip/kwr6_patch.exe -> Trojan.Agent.jh : Cleaned with backup
   E:\SHAREAZA Downloads\kerio_winroute_firewall_6.0.4+Crack&License.rar/kerio_winroute_firewall_6.0.4+Crack&License\kwr6_patch.exe -> Trojan.Agent.jh : Cleaned with backup
   E:\Vesnacomp BACKUP\Vlado\Kopiraj 111\Program Files\FirstLook\FirstLook.exe -> Spyware.NewDotNet : Cleaned with backup
   E:\Vesnacomp BACKUP\Vlado\Kopiraj 111\Program Files\NewDotNet\uninstall4_50.exe -> Spyware.NewDotNet : Cleaned with backup
   E:\Vesnacomp BACKUP\Vlado\Kopiraj 333\Old HDD\Documents and Settings\Vlado Velkovski\Cookies\vlado velkovski@oxcash[2].txt -> Spyware.Cookie.Oxcash : Cleaned with backup
   E:\Vesnacomp BACKUP\Vlado ©\Kopiraj 111\Program Files\FirstLook\FirstLook.exe -> Spyware.NewDotNet : Cleaned with backup
   E:\Vesnacomp BACKUP\Vlado ©\Kopiraj 111\Program Files\NewDotNet\uninstall4_50.exe -> Spyware.NewDotNet : Cleaned with backup
   E:\Vesnacomp BACKUP\Vlado ©\Kopiraj 333\Old HDD\Documents and Settings\Vlado Velkovski\Cookies\vlado velkovski@oxcash[2].txt -> Spyware.Cookie.Oxcash : Cleaned with backup


::Report End

------

I'm not an expert, but the last scan with AdAware did not show that Alcan.a is present. Since you are the expert can you confirm taht everything is OK now?

I'm running Ad-Aware  SE Professional build 1.06r1

The Ad-Watch monitoring is still off...

Thank you again!!
Logged
Pages: [1]
« previous next »