Author Topic: help with WIN32.P2P-WORM.ALCAN.A (Read 5244 times)

Daevild · « **on:** December 11, 2005, 03:34:39 PM »

ok i got infected with this worm : WIN32.P2P-WORM.ALCAN.A.. can someone help me to remove it from the very very beginning of what to do.. can we simplify please.. cuz i dont really unerstand complex english words.. thanks!

guestolo · « **Reply #1 on:** December 11, 2005, 03:42:39 PM »

I'll try and be clear on what to do

Can you try the following please
download and save too a permanent folder on your harddrive
Hijackthis 1.99.1
The link is in my signature below

Open Hijackthis.exe
Do a "SCAN and Save a Log file"
A text file should open
Save the log----copy and paste the WHOLE contents of the log here... Don't try and fix anything yet----It is all important

Daevild · « **Reply #2 on:** December 11, 2005, 04:48:16 PM »

here is my hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 16:40:53, on 11/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\winupdates\winupdates.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\David\Bureau\Games\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB002" /M "Stylus CX4800"
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - Startup: Enregistrement de all-in-one Epson.lnk = E:\Titles\Ereg\EPSONREG.EXE
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?8df5847ad2f248dab4ddb08ff5c3764
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?8df5847ad2f248dab4ddb08ff5c3764
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...MetaStream3.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\Documents and Settings\David\Local Settings\Temp\EI40_\msxml4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

oh and btw.. when i was looking on the internet.. i found this site

http://www.download.com/3642-2086-2607171.html

if you read at the xoftspy description.. it says that it can remove the worm.. i was hesitating about using it.. afraid that it doesnt remove everything .. and it cost 30 bucks.. :S

guestolo · « **Reply #3 on:** December 11, 2005, 05:00:16 PM »

Don't worry about XoftSpy, it's not needed
I like the free tools

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

When I ask you too download a zip file, make sure you choose SAVE TO DISK rather than Open

Can you open "MyComputer"
Double click to open Local Disk C: drive
Right click an empty spot and left click NEW>>Folder
A new folder will be placed in the C: folder , name it BFU
So you now have C:\BFU

Download and save p2pnetwork.zip
Then UNZIP it to the BFU Folder
So you now have p2pnetwork.bfu extracted to the BFU folder

Download and save and then UNZIP to the BFU folder
BFU.zip
So you now have BFU.exe extracted

==Download and Install this small program
to help clean your temp folders,cookies, etc...
Windows Cleanup! 4.0
Don't run it yet

==Download and then Install
Ewido Security Suite

When installing, under "Additional Options" Uncheck "Install background guard" and "Install scan via context menu".

From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/

If you don't have Ad-Aware SE personal 1.06
Download and Install the free version of Ad-Aware SE Personal 1.06
Open Ad-Aware, ensure to click the check for updates now link and Connect to download the latest updates
Don't run a scan yet

Instead
Please save these instructions to a Notepad file and save it to your Desktop for reference
or Print them out!

RESTART your Computer into SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu and hit Enter

Once in safe mode
Open the BFU folder
Double click to run BFU.exe
Use the "Open Script file" button (the folder icon next to Scriptfile to execute)
Navigate to p2pnetwork.bfu in the BFU folder
Right click p2pnetwork.bfu and choose Select
In Brute Force Uninstaller select Execute
Let it finish then Exit

==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files
* Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.
When it's done, decline to log off or restart the computer

==Open Ewido Security Suite
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
*1. Perform Action = Remove
*2. Create Encrypted Backup in Quarantine (Recommended)
*3. Perform action with all infections

Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido
NOTE: When Ewido is running, don't open any other Windows

Open Ad-Aware
Click START
Click the radio button to Perform a Full system scan then click NEXT
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button

RESTART your computer back to Normal mode

Back in Windows

Can I see the following
Run another scan and save logfile with Hijackthis and post a fresh log
Also post the report you saved earlier from Ewido's

Try and do what you can from above, if you have any troubles, let me know afterwards

Daevild · « **Reply #4 on:** December 11, 2005, 05:02:00 PM »

can i know how much time it will take me to do all this.. cuz i have homework to do for tomorrow..

guestolo · « **Reply #5 on:** December 11, 2005, 05:06:15 PM »

These are all free tools for you to hang onto
Depending on how you follow all instructions

Let's see
Running BFU the way I gave you instructions
About 10 to 15 seconds

Running CleanUp!
I would guess anywhere from 30 seconds to 5 minutes, depending on how much to clean

Running Ewido
Anywhere from 25 minutes to 1 hour
Depending on how much files you have on computer

Running Ad-Aware
A guess
About 5 minutes

Daevild · « **Reply #6 on:** December 11, 2005, 07:36:26 PM »

hey guestolo!

seems it worked .. becuz limewire stopped to keep opening when i start windows.. and i can now access to my task manager ^^ i will post the 2 log files that you wanted me to do further

therefore .. i have a question.. it is normal that.. on the last step.. with the last scan of adaware.. they spotted again the WIN32.P2P-WORM.ALCAN.A.. i deleted it though.. was that normal?

a few more questions.. the programs u told me to download.. which one is still useful for a regular use and which one is now good to be uninstalled

and can you recommend me some good antivirus, firewall, anti-spyware, and some good programs to keep the computer optimized.. doesnt matter if it cost something.. ill deal with it

also.. can i coninue to use limewire now?

and now the logs.. first the hijack.. and then the ewido ( i dont why its in french.. but if there is something that u dont understand.. you can ask me)

=====HIJACKTHIS LOG=======

Logfile of HijackThis v1.99.1
Scan saved at 19:34:21, on 11/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\David\Bureau\Games\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB002" /M "Stylus CX4800"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - Startup: Enregistrement de all-in-one Epson.lnk = E:\Titles\Ereg\EPSONREG.EXE
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?8df5847ad2f248dab4ddb08ff5c3764
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?8df5847ad2f248dab4ddb08ff5c3764
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...MetaStream3.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\Documents and Settings\David\Local Settings\Temp\EI40_\msxml4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

=========================================================
EWIDO LOG
=========================================================
---------------------------------------------------------
ewido security suite - Rapport de scan
---------------------------------------------------------

+ Créé le:      19:08:32, 11/12/2005
+ Somme de contrôle:   FA12256C

+ Résultats du scan:

   HKLM\SOFTWARE\Classes\Interface\{A36A5936-CFD9-4B41-86BD-319A1931887F} -> Spyware.SideFind : Nettoyer et sauvegarder
   HKLM\SOFTWARE\PowerScan -> Spyware.PowerScan : Nettoyer et sauvegarder
   HKLM\SOFTWARE\VGroup -> Spyware.SAHA : Nettoyer et sauvegarder
   HKLM\SOFTWARE\VGroup\SAHPopup -> Spyware.SAHA : Nettoyer et sauvegarder
   HKU\S-1-5-21-1229272821-854245398-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Nettoyer et sauvegarder
   HKU\S-1-5-21-1229272821-854245398-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07E9CDF4-20D2-46B1-B681-663968F527CE} -> Spyware.Begin2Search : Nettoyer et sauvegarder
   HKU\S-1-5-21-1229272821-854245398-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Nettoyer et sauvegarder
   HKU\S-1-5-21-1229272821-854245398-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Nettoyer et sauvegarder
   HKU\S-1-5-21-1229272821-854245398-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} -> Spyware.YourSiteBar : Nettoyer et sauvegarder
   HKU\S-1-5-21-1229272821-854245398-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Nettoyer et sauvegarder
   HKU\S-1-5-21-1229272821-854245398-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} -> Spyware.YourSiteBar : Nettoyer et sauvegarder
   HKU\S-1-5-21-1229272821-854245398-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87067F04-DE4C-4688-BC3C-4FCF39D609E7} -> Spyware.WebSearch : Nettoyer et sauvegarder
   HKU\S-1-5-21-1229272821-854245398-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DDFFA75A-E81D-4454-89FC-B9FD0631E726} -> Spyware.VX2 : Nettoyer et sauvegarder
   HKU\S-1-5-21-1229272821-854245398-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E0CE16CB-741C-4B24-8D04-A817856E07F4} -> Spyware.Roimoi : Nettoyer et sauvegarder
   HKU\S-1-5-21-1229272821-854245398-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBBD88E5-C372-469D-B4C5-1FE00352AB9B} -> Spyware.FavoriteMan : Nettoyer et sauvegarder
   HKU\S-1-5-21-1229272821-854245398-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Nettoyer et sauvegarder
   HKU\S-1-5-21-1229272821-854245398-1417001333-1004\Software\PowerScan -> Spyware.PowerScan : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\Norton AntiVirus 2006 Full with , Norton AntiVirus 200.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\Ahead Nero Burning Rom 7.0 (news LinkS).zip/Setup.exe -> Worm.VB.an : Erreur durant le nettoyage
   C:\Documents and Settings\David\Complete\WebcamXP Pro 2.19.125.zip/Setup.exe -> Worm.VB.an : Erreur durant le nettoyage
   C:\Documents and Settings\David\Complete\McAfee Personal Firewall Plus 7.1.113.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\Ultra Video Splitter 3.4.8.zip/Setup.exe -> Worm.VB.an : Erreur durant le nettoyage
   C:\Documents and Settings\David\Complete\AoA DVD Ripper 3.85.zip/Setup.exe -> Worm.VB.an : Erreur durant le nettoyage
   C:\Documents and Settings\David\Complete\Super Proxy Helper 1.05.zip/Setup.exe -> Worm.VB.an : Erreur durant le nettoyage
   C:\Documents and Settings\David\Complete\Ocean FTP Server 1.1.6.1.zip/Setup.exe -> Worm.VB.an : Erreur durant le nettoyage
   C:\Documents and Settings\David\Complete\Copy To DVD 3.1.2.zip/Setup.exe -> Worm.VB.an : Erreur durant le nettoyage
   C:\Documents and Settings\David\Complete\Evidence Destructor 2.1.zip/Setup.exe -> Worm.VB.an : Erreur durant le nettoyage
   C:\Documents and Settings\David\Complete\Mobile Ringtone Converter 2.3.9.zip/Setup.exe -> Worm.VB.an : Erreur durant le nettoyage
   C:\Documents and Settings\David\Complete\AnyDVD 5.5.4.1.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\Amazing Slow Downer 2.79.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\Digital Audio Editor 4.3.2.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\Treasure Vault 3D Screensaver.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\VSO Blindwrite 5.2.21.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\WinAVI DVD Copy 4.5.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\AVG Anti-Virus 7.0.344.618.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\Alcohol 120% 1.9.5.3105.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\Universal Vista Inspirat Brico Pack 1.1.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\Sonic PDF Creator 1.0.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\Agnitum Outpost Firewall Pro 3.0.543.431.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\WinZip 10.0.6667.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\Nero Premium 7.0.1.2 Ultimate.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\GData AntiVirusKit 2006.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\Selteco Flash Designer 5.0.22.4.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\Batch Watermark Creator 3.2.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\PDF to Word 1.6.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\Videocharge Pro 3.33.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\IconPackager Enhanced 3.00a.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\Audio Edit Magic 7.5.9.675.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\WinBackup Pro 2.1.1.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\HTTPWatch 3.2.0.65.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\SpamWasher 2.0.1000.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\Bitdefender Internet Security 9.0.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\Registry Clean Expert 3.65.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\Dr.Web 4.33.1.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\Instant Backup 1.3.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\Spyware Doctor 3.2.2.417.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Documents and Settings\David\Complete\WinGuard Pro 2006 6.0.3.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Norton AntiVirus 2006 Full with , Norton AntiVirus 200.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Ahead Nero Burning Rom 7.0 (news LinkS).zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\WebcamXP Pro 2.19.125.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\McAfee Personal Firewall Plus 7.1.113.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Ultra Video Splitter 3.4.8.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\AoA DVD Ripper 3.85.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Super Proxy Helper 1.05.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Ocean FTP Server 1.1.6.1.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Copy To DVD 3.1.2.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Evidence Destructor 2.1.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Mobile Ringtone Converter 2.3.9.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\AnyDVD 5.5.4.1.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Amazing Slow Downer 2.79.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Digital Audio Editor 4.3.2.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Treasure Vault 3D Screensaver.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\VSO Blindwrite 5.2.21.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\WinAVI DVD Copy 4.5.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\AVG Anti-Virus 7.0.344.618.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Alcohol 120% 1.9.5.3105.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Universal Vista Inspirat Brico Pack 1.1.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Sonic PDF Creator 1.0.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Agnitum Outpost Firewall Pro 3.0.543.431.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\WinZip 10.0.6667.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Nero Premium 7.0.1.2 Ultimate.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\GData AntiVirusKit 2006.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Selteco Flash Designer 5.0.22.4.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Batch Watermark Creator 3.2.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\PDF to Word 1.6.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Videocharge Pro 3.33.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\IconPackager Enhanced 3.00a.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Audio Edit Magic 7.5.9.675.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\WinBackup Pro 2.1.1.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\HTTPWatch 3.2.0.65.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\SpamWasher 2.0.1000.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Bitdefender Internet Security 9.0.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Registry Clean Expert 3.65.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Dr.Web 4.33.1.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Instant Backup 1.3.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\Spyware Doctor 3.2.2.417.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\Program Files\Ares\My Shared Folder\WinGuard Pro 2006 6.0.3.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
   C:\System Volume Information\_restore{5E537E98-71A1-4DDE-90BF-2F534B0B2D4E}\RP323\A0092682.exe -> Spyware.180Solutions : Nettoyer et sauvegarder
   C:\System Volume Information\_restore{5E537E98-71A1-4DDE-90BF-2F534B0B2D4E}\RP323\A0092683.dll -> Spyware.SideFind : Nettoyer et sauvegarder
   C:\System Volume Information\_restore{5E537E98-71A1-4DDE-90BF-2F534B0B2D4E}\RP323\A0092733.exe -> Worm.VB.an : Nettoyer et sauvegarder

::Fin du rapport

guestolo · « **Reply #7 on:** December 11, 2005, 10:53:16 PM »

Do another scan with Hijackthis and put a check next to these entries:

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\Documents and Settings\David\Local Settings\Temp\EI40_\msxml4.cab

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot your computer

Is Kapersky's running properly, I have to admit I've never had it installed
I see it in your services
But I don't see it in your Run entries

Daevild · « **Reply #8 on:** December 12, 2005, 04:56:29 PM »

hey guestolo.. ive made another scan and fixed the thing to told me to do.. and rebooted the comp.. and ive made a another scan.. here is the log

Logfile of HijackThis v1.99.1
Scan saved at 16:54:32, on 12/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\David\Bureau\Games\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB002" /M "Stylus CX4800"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - Startup: Enregistrement de all-in-one Epson.lnk = E:\Titles\Ereg\EPSONREG.EXE
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?8df5847ad2f248dab4ddb08ff5c3764
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?8df5847ad2f248dab4ddb08ff5c3764
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...MetaStream3.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

guestolo · « **Reply #9 on:** December 12, 2005, 08:31:29 PM »

Looks good

If everything is running better, please do the following
You should disable system restore>>Reboot your computer>>and then reenable it
This will clear all your restore points and ensure you don't restore any nasties
How to Disable and Re-enable System Restore feature
Make sure you reenable system restore feature

Afterwards, For added protections
You should install this free tool
SpywareBlaster 3.4 by JavaCool
*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates and then click the "Enable all protection"

Check for updates every couple of weeks
after every update just simply click the "enable protection...."

Daevild · « **Reply #10 on:** December 12, 2005, 09:56:34 PM »

ok thanks for the help.. but i wud like to know.. which programs that i downloaded and installed can be removed?.. and it is normal that after i did these steps.. my comp became a bit.. slow..

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' />

guestolo · « **Reply #11 on:** December 12, 2005, 10:25:13 PM »

The programs I had you run have been used by many, including myself
Without showing slowdowns
Actually, the reverse, helps to clean malware from the computers to help improve performance

I would hold onto these
SpywareBlaster and Ad-Aware
additionally I would also keep CleanUp! and Ewido

You can delete this folder
C:\BFU <-this folder

When was the last time you ran a Disk Defragment on your computer?

Daevild · « **Reply #12 on:** December 12, 2005, 10:47:49 PM »

oh defragment lol.. forgot about that.. hmm.. its been a very long time.. becuz i tried to defragment it like 2 months ago.. and it took me more than a day and it havent finish tho..

guestolo · « **Reply #13 on:** December 12, 2005, 11:02:47 PM »

Defragging is part of regular maintenance on the computer
I like to run it once a month
Others wait longer, some sooner

You seem to know how to start in Safe mode
Why don't you start in safe mode and run Disk Defragment from there

Let it finish, It will take awhile if it hasn't been done in some time
EDIT>>Not a day, maybe hours
It may be best to run it in safe mode to make sure nothing else interferes with the process

To refresh yourself where it is
START>>All programs>>Accessories>>System Tools>>Disk Defragmenter
Click on the Defragment button
Let me know how it goes

Daevild · « **Reply #14 on:** December 14, 2005, 06:15:11 PM »

ok ill try to defragment my hd this weekend cuz i need to backup some big files in my hd to data dvds... and give you some news..

Daevild · « **Reply #15 on:** December 19, 2005, 06:49:38 PM »

ok.. im defragmenting my hd right now..im using my old comp to post now.. its been like 10 hours im defragmenting it.. and im only at 73%.. is that normal? im doing it on safe mode, and i used like 114gb from the 149gb. I wonder if i stop the process now.. and when i restart it later.. will it restart at the same point or restart at beginning and make me waste 10 hours?

guestolo · « **Reply #16 on:** December 19, 2005, 07:06:19 PM »

Let it finish if it's still running, when was the last time you did a complete defrag?

I do it once a month, takes about 40 minutes at tops

"114gb from the 149gb"

That could be a reason for it taking awhile, it may have lots to sort through

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />
Give it time
If done regularly it won't take that long

Daevild · « **Reply #17 on:** December 19, 2005, 07:28:59 PM »

did i say 10 hours.. lol i wanted to say near 20 hours.. hmmm last complete defrag.. almost 1 year lol

changsta · « **Reply #18 on:** December 20, 2005, 01:11:01 AM »

hey... i have the same worm and am pretty bad with computers...

would you mind helping me to remove the worm as well? i did the hijackthis scan, and here is my log file:

LOG REMOVED

Hi changsta
If you still need a hand with your Hijackthis log
Please don't post it in anothers thread
Start your own post please and include a fresh hijackthis log
~guestolo~

Slaker · « **Reply #19 on:** December 24, 2005, 03:57:24 AM »

LOG REMOVED

Should I do the same thing as the first dude?

Can you please start your own topic and include a fresh hijackthis log please
~guestolo~

News:

Author Topic: help with WIN32.P2P-WORM.ALCAN.A (Read 5244 times)