Infection par cybersécurité Solved

Question

Hello,

I was infected by Cyber security. I looked into the posts on this subject, especially the post by sophie13 and the replies from ric025 (https://forums.commentcamarche.net/forum/affich-14971814-infecte-par-cyber-security
I downloaded MBAM and managed to install it. However, MBAM shuts down immediately after execution, making it impossible to use. Moreover, I can no longer access the Windows uninstall programs function (the Control Panel window is now empty and I can't go into any of the submenus). I also attempted to use an automatic patch for Cyber security, which did not work either. I am hesitant to use ComboFix without the help of a specialist given the warnings regarding its use and my limited skills in this area. Can anyone advise me?

Thank you.

Configuration: Windows Vista Firefox 3.0.15

Destrio5 · Answer

Hello,  --> Download Random's System Information Tool (RSIT) (by random/random) to your Desktop.  --> Double-click on RSIT.exe to launch the program. (On Vista, right-click on RSIT.exe and choose Run as administrator)  --> Click on Continue at the Disclaimer screen.  --> If the HijackThis (updated version) tool is not present or detected on the computer, RSIT will download it (allow access in your firewall, if prompted) and you will have to accept the license.  --> When the scan is complete, two text files will open. Post the content of log.txt (the one that appears on the screen) as well as info.txt (which you will see in the taskbar).  Note: reports are saved in the folder C:\rsit.

verni29 · Answer

Good evening,  Oops, caught.  Good luck, Destrio.  See you later -- No disinfection by PM.

Gronik · Answer

Thank you for your prompt response.  Here are the reports in question:  Log:  Logfile of random's system information tool 1.06 (written by random/random) Run by Anne-Laure at 2009-11-20 18:54:16 Microsoft® Windows Vista™ Home Premium Edition Service Pack 1 System drive C: has 14 GB (10%) free of 145 GB Total RAM: 2046 MB (55% free)  Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:54:55, on 20/11/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18828) Boot mode: Normal  Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32	askeng.exe C:\Windows\Explorer.EXE C:\Windows\system32	askeng.exe C:\Program Files\CSec\cs.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Windows\System32undll32.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\System32undll32.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\wuauclt.exe C:\Users\Anne-Laure\Desktop\RSIT.exe C:\Program Files	rend micro\Anne-Laure.exe  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ie.redirect.hp.com/svs/rdr?type=3&tp=iehome&locale=en_us&c=73&bd=pavilion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/en-us?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/en-us?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: &Google Toolbar Help - {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC} - C:\Windows\System32\iehelpmod.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Sign-in Assistant Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Pluginseg\VeohToolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menu item: &Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing) O9 - Extra 'Tools' menu item: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing) O13 - Gopher Prefix: O15 - Trusted Zone: *.danskebank.dk O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://ebanking.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe  -- End of file - 11212 bytes  ======Scheduled tasks folder======  C:\Windows	asks\CSec.job  ======Registry dump======  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}] &Google Toolbar Help - C:\Windows\System32\iehelpmod.dll [2009-11-20 302592]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll []  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Assistant Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-20 256112]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-11-20 761840]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-11-20 458736]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Pluginseg\VeohToolbar.dll [2007-12-19 352256] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-20 256112]  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184] "SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-10-09 729088] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-01-13 827392] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-03-09 4390912] "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2007-02-12 174872] "QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-02-13 159744] "HP Health Check Scheduler"=C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-03-12 50696] "hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-03-01 472776] "WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-10 317128] "Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-03-12 517768] "MSConfig"=C:\Windows\system32\msconfig.exe [2008-01-19 227840] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000] "NvSvc"=C:\Windows\system32
vsvc.dll [2007-05-01 86016] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-05-01 8429568] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-05-01 81920] "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936] "HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"=C:\Windows\SMINST\launcher.exe [2006-11-07 44128]  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920] ""= [] "msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService] C:\Program Files\HP\QuickPlay\QPService.exe [2007-04-23 176128]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe []  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OBealsched.exe [2007-11-30 185896]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2007-12-19 3477504]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2007-05-10 738968]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Quick Launch of Adobe Reader.lnk] C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [2008-10-15 39792]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Anne-Laure^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk] C:\PROGRA~1\OPENOF~1.3\program\QUICKS~1.EXE [2007-08-17 393216]  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0  [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]  [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] shell\AutoRun\command - G:\LaunchU3.exe -a  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17668fff-d353-11dc-abe2-001b2495af88}] shell\Auto\command - UFO.exe shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17669004-d353-11dc-abe2-001b2495af88}] shell\AutoRun\command - G:\LaunchU3.exe -a  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ae97c4e-51c9-11dd-9ea7-001b2495af88}] shell\Auto\command - UFO.exe shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ae97c6e-51c9-11dd-9ea7-001b2495af88}] shell\AutoRun\command - xp19.com shell\explore\command - xp19.com shell\open\command - xp19.com  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d12b24d-99d8-11dc-b702-001b2495af88}] shell\AutoRun\command - F:\LaunchU3.exe -a  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32e9192b-93a0-11dc-ba54-001b2495af88}] shell\AutoRun\command - F:\LaunchU3.exe -a  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8077ea10-bec0-11dc-8134-99a5fa5e2aa7}] shell\Auto\command - F:\UFO.exe shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\UFO.exe  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8077ea13-bec0-11dc-8134-99a5fa5e2aa7}] shell\AutoRun\command - G:\LaunchU3.exe -a  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e2870f0-ba36-11de-8246-001b2495af88}] shell\AutoRun\command - G:\egu2009win.exe  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1496738-0a12-11dd-b0d0-001b2495af88}] shell\Auto\command - UFO.exe shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b92dd635-c01e-11dc-87b7-001b2495af88}] shell\Auto\command - F:\UFO.exe shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\UFO.exe  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d28db6c4-cf22-11dc-ac30-001b2495af88}] shell\AutoRun\command - F:\qd.cmd shell\explore\command - F:\qd.cmd shell\open\command - F:\qd.cmd  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d28db6ea-cf22-11dc-ac30-89682af5a9ea}] shell\AutoRun\command - F:\awda2.exe shell\explore\command - F:\awda2.exe shell\open\command - F:\awda2.exe  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff66dde1-b95d-11dc-a6e6-001b2495af88}] shell\Auto\command - F:\UFO.exe shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\UFO.exe   ======File associations======

Destrio5 · Answer

---> Download OTM (OldTimer) to your Desktop.  ---> Right-click on OTM.exe and choose Run as administrator.  ---> Copy (Ctrl+C) the following text below:      :processes explorer.exe  :reg [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}]  :files C:\Program Files\Common Files\CSecUninstall C:\Windows\system32\iehelpmod.dll C:\Program Files\CSec  :commands [purity] [emptytemp] [reboot]      ---> Paste (Ctrl+V) the previously copied text into the Paste Instructions for Items to be Moved box.  ---> Now click the MoveIt! button and then close OTM.  If a file or folder cannot be deleted immediately, the software will prompt you to restart. Accept by clicking YES.  ---> Post the report located in this folder: C:\_OTM\MovedFiles\ The report name corresponds to its creation time: date_time.log

Gronik · Answer

It's done.

OTM apparently performed the removal of Cyber Security, but it crashed right after, making it impossible to close, and the computer froze, forcing me to restart it. I do have a MovedFiles directory, but the report in question is not there; it probably wasn’t created since the software crashed after the MoveIt! action. I checked the subdirectories created in MovedFiles, but the report file is in none of them. The files related to Cyber Security are located in C:\_OTM\MovedFiles\11202009_191317\C_Program Files\Common Files and in C:\_OTM\MovedFiles\11202009_191317\C_Program Files\CSec.
On another note, the computer took a very long time to restart, and I had to switch sessions once or twice before finally regaining access to the desktop as I couldn't access my session. I eventually managed to log into my admin session after several attempts.
Cyber Security, however, has disappeared from my taskbar and desktop.
Another good news: I have access to the control panel again. In the installation/uninstallation module of programs, Cyber Security is still on the list, but it now shows up with a blank page icon instead of its original icon.

Destrio5 · Answer

Ok.  --> Download UsbFix (by Chiquitine29 & C_XX) to your Desktop.  --> Connect your external data sources to your PC (USB stick, external hard drive, SD card, etc...) without opening them.  --> Double-click on the UsbFix program located on your Desktop.  --> Choose option 1 (Search).  --> Let the tool work.  --> Post the UsbFix.txt report.  Note: the UsbFix.txt report is saved at the root of the drive (C:\UsbFix.txt).  "Process.exe", a component of the tool, is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky Anti-Virus) as a RiskTool. It is not a virus, but a utility designed to terminate processes.

Gronik · Answer

It's done. I have connected all the data devices I had on hand. However, I still have a few untested ones at work. I also have a certain number of USB keys.
But I included those I have used recently.

############################## | UsbFix V6.055 |

User : Anne-Laure (Administrators) # PC-DE-ANNE-LAUR
Update on 18/11/2009 by Chiquitine29, C_XX & Chimay8
Start at: 19:44:50 | 20/11/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Pentium(R) Dual CPU T2310 @ 1.46GHz
Microsoft® Windows Vista™ Home Premium Edition (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 8.0.6001.18828
Windows Firewall Status : Enabled
AV : avast! antivirus 4.8.1351 [VPS 090830-0] 4.8.1351 [ Enabled | Updated ]
AV : Norton Internet Security 2007 [ Enabled | Updated ]
FW : Norton Internet Security[ Enabled ]2007

C:\ -> Local disk # 141.59 GB (13.89 GB free) # NTFS
D:\ -> Local disk # 7.46 GB (2.31 GB free) [HP_RECOVERY] # NTFS
E:\ -> CD-ROM
F:\ -> Removable disk # 989.22 MB (585.86 MB free) # FAT
H:\ -> Local disk # 149.05 GB (17.25 GB free) [DDIomega] # NTFS

############################## | Active Processes |

C:\Windows\System32\smss.exe 476
C:\Windows\system32\csrss.exe 612
C:\Windows\system32\wininit.exe 664
C:\Windows\system32\services.exe 712
C:\Windows\system32\lsass.exe 724
C:\Windows\system32\lsm.exe 732
C:\Windows\system32\svchost.exe 876
C:\Windows\system32\svchost.exe 952
C:\Windows\System32\svchost.exe 988
C:\Windows\System32\svchost.exe 1072
C:\Windows\System32\svchost.exe 1108
C:\Windows\system32\svchost.exe 1128
C:\Windows\system32\svchost.exe 1228
C:\Windows\system32\SLsvc.exe 1244
C:\Windows\system32\svchost.exe 1328
C:\Windows\system32\svchost.exe 1484
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1684
C:\Program Files\Alwil Software\Avast4\ashServ.exe 1696
C:\Windows\System32\spoolsv.exe 1972
C:\Windows\system32\svchost.exe 2000
C:\Windows\system32\taskeng.exe 2200
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 2292
C:\Program Files\Bonjour\mDNSResponder.exe 2304
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe 2316
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe 2436
C:\Program Files\Common Files\LightScribe\LSSrvc.exe 2536
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe 2584
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe 2636
C:\Windows\system32\svchost.exe 2704
C:\Windows\system32\svchost.exe 2740
C:\Windows\System32\svchost.exe 2772
C:\Windows\system32\SearchIndexer.exe 2816
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 2912
C:\Windows\system32\SearchProtocolHost.exe 3700
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 2144
C:\Windows\system32\csrss.exe 2192
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 2232
C:\Windows\system32\winlogon.exe 1096
C:\Windows\system32\Dwm.exe 3392
C:\Windows\Explorer.EXE 3244
C:\Windows\system32\taskeng.exe 3040
C:\Program Files\Windows Defender\MSASCui.exe 3556
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe 3344
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 3328
C:\Windows\RtHDVCpl.exe 580
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe 2176
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe 3948
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe 1504
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe 3976
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe 3964
C:\Program Files\Alwil Software\Avast4\ashDisp.exe 1716
C:\Windows\system32\wbem\wmiprvse.exe 1284
C:\Windows\System32\rundll32.exe 3868
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe 1652
C:\Program Files\Java\jre6\bin\jusched.exe 1212
C:\Program Files\iTunes\iTunesHelper.exe 1032
C:\Program Files\Windows Sidebar\sidebar.exe 4052
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 3824
C:\Program Files\Windows Media Player\wmpnscfg.exe 3180
C:\Windows\System32\rundll32.exe 3676
C:\Windows\system32\wbem\unsecapp.exe 3808
C:\Program Files\Windows Media Player\wmpnetwk.exe 1476
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe 2040
C:\Program Files\Mozilla Firefox\firefox.exe 4044
C:\Program Files\iPod\bin\iPodService.exe 2268
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe 4336
C:\Windows\system32\wuauclt.exe 5624
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe 5264
C:\Windows\system32\conime.exe 4480
C:\Windows\system32\SearchFilterHost.exe 5852
C:\Windows\system32\WUDFHost.exe 3952
\\?\C:\Windows\system32\wbem\WMIADAP.EXE 5512
C:\Windows\system32\wbem\wmiprvse.exe 4844

################## | Files # Infected Folders |

################## | Registry # Infected Keys |

################## | Registry # Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\G
shell\AutoRun\command =G:\LaunchU3.exe -a

HKCU\..\..\Explorer\MountPoints2\{17668fff-d353-11dc-abe2-001b2495af88}
shell\Auto\command =UFO.exe
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

HKCU\..\..\Explorer\MountPoints2\{17669004-d353-11dc-abe2-001b2495af88}
shell\AutoRun\command =G:\LaunchU3.exe -a

HKCU\..\..\Explorer\MountPoints2\{1ae97c4e-51c9-11dd-9ea7-001b2495af88}
shell\Auto\command =UFO.exe
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

HKCU\..\..\Explorer\MountPoints2\{1ae97c6e-51c9-11dd-9ea7-001b2495af88}
shell\AutoRun\command =xp19.com
shell\explore\Command =xp19.com
shell\open\Command =xp19.com

HKCU\..\..\Explorer\MountPoints2\{2d12b24d-99d8-11dc-b702-001b2495af88}
shell\AutoRun\command =F:\LaunchU3.exe -a

HKCU\..\..\Explorer\MountPoints2\{32e9192b-93a0-11dc-ba54-001b2495af88}
shell\AutoRun\command =F:\LaunchU3.exe -a

HKCU\..\..\Explorer\MountPoints2\{8077ea10-bec0-11dc-8134-99a5fa5e2aa7}
shell\Auto\command =F:\UFO.exe
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\UFO.exe

HKCU\..\..\Explorer\MountPoints2\{8077ea13-bec0-11dc-8134-99a5fa5e2aa7}
shell\AutoRun\command =G:\LaunchU3.exe -a

HKCU\..\..\Explorer\MountPoints2\{9e2870f0-ba36-11de-8246-001b2495af88}
shell\AutoRun\command =G:\egu2009win.exe

HKCU\..\..\Explorer\MountPoints2\{a1496738-0a12-11dd-b0d0-001b2495af88}
shell\Auto\command =UFO.exe
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

HKCU\..\..\Explorer\MountPoints2\{b92dd635-c01e-11dc-87b7-001b2495af88}
shell\Auto\command =F:\UFO.exe
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\UFO.exe

HKCU\..\..\Explorer\MountPoints2\{d28db6c4-cf22-11dc-ac30-001b2495af88}
shell\AutoRun\command =F:\qd.cmd
shell\explore\Command =F:\qd.cmd
shell\open\Command =F:\qd.cmd

HKCU\..\..\Explorer\MountPoints2\{d28db6ea-cf22-11dc-ac30-89682af5a9ea}
shell\AutoRun\command =F:\awda2.exe
shell\explore\Command =F:\awda2.exe
shell\open\Command =F:\awda2.exe

HKCU\..\..\Explorer\MountPoints2\{ff66dde1-b95d-11dc-a6e6-001b2495af88}
shell\Auto\command =F:\UFO.exe
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\UFO.exe

################## | Cracks / Keygens / Serials |

"C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe"
09/10/2006 21:43 |Size 729088 |Crc32 442f9639 |Md5 04870a30820f902aab828317c3b5e897

################## | ! End of report # UsbFix V6.055 ! |

Destrio5 · Answer

--> Connect your external data sources to your PC (USB flash drive, external hard drive, SD card, etc.) without opening them.  --> Double-click on UsbFix on your Desktop.  --> Choose option 2 (Deletion).  --> Your Desktop will disappear and the PC will restart.  --> Upon restart, UsbFix will scan your PC, let the tool do its work.  --> Then, post the UsbFix.txt report that will appear on the Desktop.  Note: the UsbFix.txt report is saved at the root of the disk (C:\UsbFix.txt).

Gronik · Answer

It's done.

############################## | UsbFix V6.055 |

User : Anne-Laure (Administrators) # PC-DE-ANNE-LAUR
Update on 11/18/2009 by Chiquitine29, C_XX & Chimay8
Start at: 20:01:20 | 11/20/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Pentium(R) Dual CPU T2310 @ 1.46GHz
Microsoft® Windows Vista™ Home Premium Edition (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 8.0.6001.18828
Windows Firewall Status : Enabled
AV : avast! antivirus 4.8.1351 [VPS 090830-0] 4.8.1351 [ Enabled | Updated ]
AV : Norton Internet Security 2007 [ Enabled | Updated ]
FW : Norton Internet Security [ Enabled ] 2007

C:\ -> Local Disk # 141.59 Go (13.9 Go free) # NTFS
D:\ -> Local Disk # 7.46 Go (2.31 Go free) [HP_RECOVERY] # NTFS
E:\ -> CD-ROM
F:\ -> Removable Disk # 989.22 Mo (585.86 Mo free) # FAT
H:\ -> Local Disk # 149.05 Go (17.25 Go free) [DDIomega] # NTFS

############################## | Active Processes |

C:\Windows\System32\smss.exe 476
C:\Windows\system32\csrss.exe 612
C:\Windows\system32\wininit.exe 664
C:\Windows\system32\csrss.exe 676
C:\Windows\system32\services.exe 712
C:\Windows\system32\lsass.exe 724
C:\Windows\system32\lsm.exe 732
C:\Windows\system32\svchost.exe 876
C:\Windows\system32\svchost.exe 956
C:\Windows\system32\winlogon.exe 996
C:\Windows\System32\svchost.exe 1028
C:\Windows\System32\svchost.exe 1088
C:\Windows\System32\svchost.exe 1124
C:\Windows\system32\svchost.exe 1140
C:\Windows\system32\LogonUI.exe 1216
C:\Windows\system32\svchost.exe 1312
C:\Windows\system32\SLsvc.exe 1336
C:\Windows\system32\svchost.exe 1376
C:\Windows\system32\svchost.exe 1560
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1732
C:\Program Files\Alwil Software\Avast4\ashServ.exe 1748
C:\Windows\System32\spoolsv.exe 1976
C:\Windows\system32\svchost.exe 2020
C:\Windows\system32\Dwm.exe 1552
C:\Windows\system32\taskeng.exe 1680
C:\Windows\Explorer.EXE 1916
C:\Windows\system32\taskeng.exe 1232
C:\Windows\system32\WerCon.exe 2204
C:\Windows\system32\taskeng.exe 2232
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 2308
C:\Program Files\Bonjour\mDNSResponder.exe 2340
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe 2352
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe 2444
C:\Program Files\Common Files\LightScribe\LSSrvc.exe 2480
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe 2580
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe 2620
C:\Windows\system32\svchost.exe 2704
C:\Windows\system32\svchost.exe 2748
C:\Windows\System32\svchost.exe 2776
C:\Windows\system32\SearchIndexer.exe 2796
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 2896
C:\Windows\system32\WUDFHost.exe 3096
C:\Windows\system32\wbem\wmiprvse.exe 3152
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe 3204
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 3244
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 3268
C:\Windows\system32\runonce.exe 3584
C:\Windows\system32\conime.exe 3728

################## | Infectious Files # Folders |

################## | Registry # Infectious Keys |

################## | Registry # Mountpoints2 |

Deleted! HKCU\...\Explorer\MountPoints2\G\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{17668fff-d353-11dc-abe2-001b2495af88}\Shell\Auto\Command
Deleted! HKCU\...\Explorer\MountPoints2\{17669004-d353-11dc-abe2-001b2495af88}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{1ae97c4e-51c9-11dd-9ea7-001b2495af88}\Shell\Auto\Command
Deleted! HKCU\...\Explorer\MountPoints2\{1ae97c6e-51c9-11dd-9ea7-001b2495af88}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{2d12b24d-99d8-11dc-b702-001b2495af88}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{32e9192b-93a0-11dc-ba54-001b2495af88}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{8077ea10-bec0-11dc-8134-99a5fa5e2aa7}\Shell\Auto\Command
Deleted! HKCU\...\Explorer\MountPoints2\{8077ea13-bec0-11dc-8134-99a5fa5e2aa7}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{9e2870f0-ba36-11de-8246-001b2495af88}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{a1496738-0a12-11dd-b0d0-001b2495af88}\Shell\Auto\Command
Deleted! HKCU\...\Explorer\MountPoints2\{b92dd635-c01e-11dc-87b7-001b2495af88}\Shell\Auto\Command
Deleted! HKCU\...\Explorer\MountPoints2\{d28db6c4-cf22-11dc-ac30-001b2495af88}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{d28db6ea-cf22-11dc-ac30-89682af5a9ea}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{ff66dde1-b95d-11dc-a6e6-001b2495af88}\Shell\Auto\Command

################## | List of Present Files |

[09/18/2006 22:43|--a------|24] C:\autoexec.bat
[01/19/2008 08:45|-rahs----|333203] C:\bootmgr
[09/18/2006 22:43|--a------|10] C:\config.sys
[01/22/2008 20:00|--a------|168686] C:\ExtractLog.txt
[?|?|?] C:\hiberfil.sys
[03/16/2008 21:04|-rahs----|0] C:\IO.SYS
[03/16/2008 21:04|-rahs----|0] C:\MSDOS.SYS
[?|?|?] C:\pagefile.sys
[11/20/2009 20:07|--a------|5285] C:\UsbFix.txt
[09/11/2005 16:18|---hs----|340] D:\AUTOMODE
[11/12/2007 22:04|---hs----|13] D:\BLOCK.RIN
[10/04/2006 00:02|---hs----|438328] D:\bootmgr
[11/03/2006 20:43|---hs----|117] D:\Desktop.ini
[09/10/2002 17:14|---hs----|8134] D:\Folder.htt
[09/14/2007 00:53|---hs----|698] D:\MASTER.LOG
[11/03/2005 16:19|---hs----|181736] D:\protect.ed
[09/14/2007 00:53|---hs----|0] D:\USER
[06/14/2009 21:07|--a------|54272] F:\TEXT PPT LECTUREdoc.doc
[09/11/2009 14:47|--ah-----|4096] F:\._.Trashes
[09/11/2009 14:44|--a------|383044] F:\691.pdf
[09/11/2009 14:43|--a------|858217] F:\842.pdf
[07/01/2009 08:48|--a------|1398] F:\BOOTEX.LOG
[08/03/2009 12:53|--a------|401408] F:\Arkhangelskiella.xls
[08/03/2009 23:34|--a------|50176] F:\Arkhangelskiella complement1.xls
[10/07/2009 10:32|--a------|85557706] F:\Cret_Pglobe.mov
[09/14/2009 08:55|--a------|78155264] F:\LectureNT-14092009.ppt
[10/20/2009 19:53|--a------|360201] F:\dinomania2.jpg
[10/20/2009 19:53|--a------|348006] F:\dinomania3.jpg
[11/20/2009 09:54|--a------|24912384] F:\Bassinanalyse Block2-Stevns.ppt
[06/10/2009 15:47|--a------|39072256] F:\Pal‘ntologisk Klub Ultimate.ppt
[06/29/2009 23:20|---------|6148] H:\.DS_Store
[06/27/2009 14:41|---------|4096] H:\._.Trashes

################## | Vaccination |

# C:\autorun.inf -> Folder created by UsbFix.
# D:\autorun.inf -> Folder created by UsbFix.
# F:\autorun.inf -> Folder created by UsbFix.
# H:\autorun.inf -> Folder created by UsbFix.

################## | Suspect | https://www.virustotal.com/gui/ |

################## | Cracks / Keygens / Serials |

"C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe"
10/09/2006 21:43 |Size 729088 |Crc32 442f9639 |Md5 04870a30820f902aab828317c3b5e897

################## | ! End of report # UsbFix V6.055 ! |

Destrio5 · Answer

---> Restart UsbFix and choose option 5 to uninstall it.

---> Download Malwarebytes' Anti-Malware (MBAM) to your Desktop.
---> Double-click the downloaded file to start the installation process.
---> In the Update tab, click on the Check for updates button: if the firewall asks for permission for MBAM to connect to the Internet, allow it.
---> Once the update is complete, go to the Scan tab.
---> Select Run a quick scan.
---> Click on Scan. The scan starts.

At the end of the scan, a message appears:

The scan completed normally. Click 'View results' to see all detected items.

---> Click OK to proceed. If MBAM found nothing, it will also inform you.
---> Close your browsers.
If any malware was detected, click on View results.
---> Select all (or leave checked) and click on Remove Selected, MBAM will delete the infected files and registry keys and quarantine a copy.
---> MBAM will open Notepad and copy the scan report there. Copy and paste this report in your next response.

Gronik · Answer

It's done. The PC took a long time to restart again and the session wouldn't start the first time. I had to choose to log out and then try again for it to work. I will try restarting the PC again to see if it still happens afterwards.

Here is the analysis report:
Malwarebytes' Anti-Malware 1.41
Database version: 3202
Windows 6.0.6001 Service Pack 1

11/20/2009 20:29:39
mbam-log-2009-11-20 (20-29-39).txt

Scan type: Quick scan
Items scanned: 92309
Elapsed time: 5 minute(s), 17 second(s)

Infected memory process(es): 0
Infected memory module(s): 0
Infected Registry key(s): 3
Infected Registry value(s): 0
Infected Registry data item(s): 0
Infected folder(s): 1
Infected file(s): 8

Infected memory process(es):
(No harmful item detected)

Infected memory module(s):
(No harmful item detected)

Infected Registry key(s):
HKEY_CLASSES_ROOT\CLSID\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services (Malware.Trace) -> Quarantined and deleted successfully.

Infected Registry value(s):
(No harmful item detected)

Infected Registry data item(s):
(No harmful item detected)

Infected folder(s):
C:\ProgramData\Microsoft\Windows\Start Menu\CSec (Rogue.CyberSecurity) -> Quarantined and deleted successfully.

Infected file(s):
C:\ProgramData\Microsoft\Windows\Start Menu\CSec\Computer Scan.lnk (Rogue.CyberSecurity) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\CSec\Cyber Security.lnk (Rogue.CyberSecurity) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\CSec\Help.lnk (Rogue.CyberSecurity) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\CSec\Registration.lnk (Rogue.CyberSecurity) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\CSec\Security Center.lnk (Rogue.CyberSecurity) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\CSec\Settings.lnk (Rogue.CyberSecurity) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\CSec\Update.lnk (Rogue.CyberSecurity) -> Quarantined and deleted successfully.
C:\Users\Anne-Laure\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\CSec.lnk (Worm.KoobFace) -> Quarantined and deleted successfully.

Destrio5 · Answer

--> Restart MBAM, go to Quarantine and delete everything.

--> Remove Norton traces with this.

--> Uninstall the following programs:
- Java 6 Update 13
- Java 6 Update 2
- Java 6 Update 3
- Java 6 Update 7
- Java SE Runtime Environment 6

--> Update Java.

--> Update Adobe Reader.

--> Run an RSIT scan again and post the log report.

Gronik · Answer

It's done.  Logfile of random's system information tool 1.06 (written by random/random) Run by Anne-Laure at 2009-11-20 21:22:46 Microsoft® Windows Vista™ Home Premium Edition Service Pack 1 System drive C: has 14 GB (10%) free of 145 GB Total RAM: 2046 MB (54% free)  Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:23:29, on 20/11/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18828) Boot mode: Normal  Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32	askeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Windows\System32undll32.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\System32undll32.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\wuauclt.exe C:\Users\Anne-Laure\Desktop\RSIT.exe C:\Program Files	rend micro\Anne-Laure.exe C:\Windows\system32\SearchFilterHost.exe  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Sign-in Assistant Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Pluginseg\VeohToolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xporter to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing) O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing) O13 - Gopher Prefix: O15 - Trusted Zone: *.danskebank.dk O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://ebanking.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe  -- End of file - 10296 bytes  ======Scheduled tasks folder======  C:\Windows	asks\CSec.job  ======Registry dump======  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll []  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Assistant Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-20 256112]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-11-20 761840]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-11-20 458736]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-20 41760]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Pluginseg\VeohToolbar.dll [2007-12-19 352256] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-20 256112]  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184] "SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-10-09 729088] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-01-13 827392] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-03-09 4390912] "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2007-02-12 174872] "QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-02-13 159744] "HP Health Check Scheduler"=C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-03-12 50696] "hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-03-01 472776] "WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-10 317128] "MSConfig"=C:\Windows\system32\msconfig.exe [2008-01-19 227840] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000] "NvSvc"=C:\Windows\system32
vsvc.dll [2007-05-01 86016] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-05-01 8429568] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-05-01 81920] "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936] "HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-20 149280] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"=C:\Windows\SMINST\launcher.exe [2006-11-07 44128]  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920] ""= [] "msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService] C:\Program Files\HP\QuickPlay\QPService.exe [2007-04-23 176128]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe []  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OBealsched.exe [2007-11-30 185896]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2007-12-19 3477504]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2009-02-27 542096]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Quick Launch of Adobe Reader.lnk] C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [2009-10-03 35696]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Anne-Laure^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk] C:\PROGRA~1\OPENOF~1.3\program\QUICKS~1.EXE [2007-08-17 393216]  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"=145 "NoDriveTypeAutoRun"=145 "HonorAutoRunSetting"=0  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "HonorAutoRunSetting"=  [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]  [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]  ======File associations======  .bat - edit - %SystemRoot%\System32\NOTEPAD.EXE %1" .ini - open - %SystemRoot%\System32\NOTEPAD.EXE %1" .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %*  ======List of files/folders created in the last 1 months======  2009-11-20 21:20:25 ----D---- C:\Program Files\Common Files\Adobe 2009-11-20 21:20:25 ----D---- C:\Program Files\Adobe 2009-11-20 21:19:34 ----SHD---- C:\Config.Msi 2009-11-20 21:14:36 ----A---- C:\Windows\system32\javaws.exe 2009-11-20 21:14:36 ----A---- C:\Windows\system32\javaw.exe 2009-11-20 21:14:36 ----A---- C:\Windows\system32\java.exe 2009-11-20 20:09:20 ----D---- C:\ProgramData\WindowsSearch 2009-11-20 20:07:16 ----RASHD---- C:\autorun.inf 2009-11-20 19:41:06 ----D---- C:\UsbFix 2009-11-20 19:13:17 ----D---- C:\_OTM 2009-11-20 18:54:17 ----D---- C:\Program Files	rend micro 2009-11-20 18:54:16 ----D---- C:sit 2009-11-20 17:36:33 ----D---- C:\Users\Anne-Laure\AppData\Roaming\Malwarebytes 2009-11-20 17:36:25 ----D---- C:\ProgramData\Malwarebytes 2009-11-20 17:36:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-11-20 16:59:30 ----D---- C:\Program Files\Enigma Software Group 2009-11-16 16:24:25 ----A---- C:\Windows\system32\mshtml.dll 2009-11-16 16:14:58 ----A---- C:\Windows\system32\wups2.dll 2009-11-16 16:14:58 ----A---- C:\Windows\system32\wucltux.dll 2009-11-16 16:14:58 ----A---- C:\Windows\system32\wuauclt.exe 2009-11-16 16:14:57 ----A---- C:\Windows\system32\wuaueng.dll 2009-11-16 16:14:15 ----A---- C:\Windows\system32\wups.dll 2009-11-16 16:14:15 ----A---- C:\Windows\system32\wudriver.dll 2009-11-16 16:14:14 ----A---- C:\Windows\system32\wuapi.dll 2009-11-16 16:13:45 ----A---- C:\Windows\system32\wuwebv.dll 2009-11-16 16:13:45 ----A---- C:\Windows\system32\wuapp.exe 2009-11-11 16:04:57 ----A---- C:\Windows\system32\WSDApi.dll 2009-11-11 15:48:46 ----D---- C:\Program Files\Microsoft 2009-11-11 15:48:33 ----D---- C:\Program Files\Windows Live SkyDrive 2009-11-11 15:46:04 ----D---- C:\Program Files\Common Files\Windows Live 2009-11-09 16:01:46 ----A---- C:\Windows\system32\msv1_0.dll 2009-11-09 16:01:38 ----A---- C:\Windows\system32
tkrnlpa.exe 2009-11-09 16:01:37 ----A---- C:\Windows\system32
toskrnl.exe 2009-11-09 16:01:05 ----A---- C:\Windows\system32\EncDec.dll 2009-11-09 16:01:03 ----A---- C:\Windows\system32\psisdecd.dll 2009-11-09 16:00:40 ----A---- C:\Windows\system32\ieframe.dll 2009-11-09 16:00:39 ----A---- C:\Windows\system32\urlmon.dll 2009-11-09 16:00:39 ----A---- C:\Windows\system32\iertutil.dll 2009-11-09 16:00:38 ----A---- C:\Windows\system32\wininet.dll 2009-11-09 16:00:37 ----A---- C:\Windows\system32\occache.dll 2009-11-09 16:00:37 ----A---- C:\Windows\system32\msfeeds.dll 2009-11-09

Destrio5 · Answer

Do you want to keep Avast?

Gronik · Answer

Not really. I have read on several forums that Antivir was more recommended than Avast. So I think I’ll get rid of it and install Antivir instead. As you might have seen, I believe I'm not very up to date on protection tools. I have Regcleaner, Spybot Search & Destroy, and CCleaner. If you have any tips for me on the most effective (and free) protection tools and cleaning tools, I’m all ears. Thanks again for your invaluable help and efficiency.

Destrio5 · Answer

--> Uninstall Avast.  --> Install AntiVir and update it.  --> Double-click on the AntiVir icon (Umbrella) in the taskbar.  --> In AntiVir, select Tools then Configuration.  --> Check Expert Mode and check Search for Rootkit at the start of the scan on the right under Other settings then confirm.  --> Perform a full scan, click on Repair All if AntiVir finds anything and post the report.  Tutorial on AntiVir.

Gronik · Answer

Ok, I've started the antivirus installation. I have to go for tonight, I'll send you the report tomorrow. Have a good evening and good night.

Destrio5 · Answer

Good night ;)

Gronik · Answer

Unable to update Antivir. The download of packages stops midway through the update. I uninstalled Antivir, restarted, reinstalled, and tried a new update and nothing works, it's always the same.

I'm sending you the updater report:

Avira AntiVir Personal - Free Antivirus Updater

Creation time: Sat Nov 21 18:11:46 2009

Operating system:
Windows Vista (Service Pack 1) [6.0.6001]

Product information:
Product version: 9.0.0.65
Updater: C:\Program Files\Avira\AntiVir Desktop\update.exe 9.0.0.46
Plug-in: C:\Program Files\Avira\AntiVir Desktop\updext.dll 9.0.0.6

Temporary directory: C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\
Backup directory: C:\ProgramData\Avira\AntiVir Desktop\BACKUP\
Installation directory: C:\Program Files\Avira\AntiVir Desktop\
Updater directory: C:\Program Files\Avira\AntiVir Desktop\
AppData directory: C:\ProgramData\Avira\AntiVir Desktop\

[UPD] [INFO] Checking for newer files available.
[UPD] [INFO] Selecting update server 'http://87.248.207.254/update'.
[UPD] [INFO] Downloading 'http://87.248.207.254/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: HTTP status code 400 was received while downloading the file 'http://87.248.207.254/update/idx/master.idx'.
[UPDLIB] [ERROR] Download manager: an error occurred in the WinINet library.
[UPD] [INFO] Downloading 'http://87.248.207.254/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: HTTP status code 400 was received while downloading the file 'http://87.248.207.254/update/idx/master.idx'.
[UPDLIB] [ERROR] Download manager: an error occurred in the WinINet library.
[UPD] [INFO] Downloading 'http://87.248.207.254/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: HTTP status code 400 was received while downloading the file 'http://87.248.207.254/update/idx/master.idx'.
[UPDLIB] [ERROR] Download manager: an error occurred in the WinINet library.
[UPD] [INFO] Selecting update server 'http://87.248.207.253/update'.
[UPD] [INFO] Downloading 'http://87.248.207.253/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: HTTP status code 400 was received while downloading the file 'http://87.248.207.253/update/idx/master.idx'.
[UPDLIB] [ERROR] Download manager: an error occurred in the WinINet library.
[UPD] [INFO] Downloading 'http://87.248.207.253/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: HTTP status code 400 was received while downloading the file 'http://87.248.207.253/update/idx/master.idx'.
[UPDLIB] [ERROR] Download manager: an error occurred in the WinINet library.
[UPD] [INFO] Downloading 'http://87.248.207.253/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: HTTP status code 400 was received while downloading the file 'http://87.248.207.253/update/idx/master.idx'.
[UPDLIB] [ERROR] Download manager: an error occurred in the WinINet library.
[UPD] [INFO] Selecting update server 'http://62.146.105.243/update'.
[UPD] [INFO] Downloading 'http://62.146.105.243/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: WinINet::InternetOpenUrl() function failed for 'http://62.146.105.243/update/idx/master.idx'. Error: Unable to establish a connection with the server.
[UPDLIB] [ERROR] Download manager: an error occurred in the WinINet library.
[UPD] [INFO] Downloading 'http://62.146.105.243/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: WinINet::InternetOpenUrl() function failed for 'http://62.146.105.243/update/idx/master.idx'. Error: Unable to establish a connection with the server.
[UPDLIB] [ERROR] Download manager: an error occurred in the WinINet library.
[UPD] [INFO] Downloading 'http://62.146.105.243/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: WinINet::InternetOpenUrl() function failed for 'http://62.146.105.243/update/idx/master.idx'. Error: Unable to establish a connection with the server.
[UPDLIB] [ERROR] Download manager: an error occurred in the WinINet library.
[UPD] [INFO] Selecting update server 'http://62.146.105.244/update'.
[UPD] [INFO] Downloading 'http://62.146.105.244/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: WinINet::InternetOpenUrl() function failed for 'http://62.146.105.244/update/idx/master.idx'. Error: Unable to establish a connection with the server.
[UPDLIB] [ERROR] Download manager: an error occurred in the WinINet library.
[UPD] [INFO] Downloading 'http://62.146.105.244/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPD] [INFO] Downloading 'http://62.146.105.244/update/idx/wks_avira-win32-fr-pecl.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\wks_avira-win32-fr-pecl.idx'.
[UPD] [INFO] Downloading 'http://62.146.105.244/update/idx/wks_avira-win32-fr-pecl.info.gz' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\wks_avira-win32-fr-pecl.info.gz'.
[UPD] [INFO] Downloading 'http://62.146.105.244/update/idx/vdf.info.gz' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\vdf.info.gz'.
[UPD] [INFO] Downloading 'http://62.146.105.244/update/idx/ave2-win32-int.info.gz' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\ave2-win32-int.info.gz'.
[UPD] [INFO] Downloading 'http://62.146.105.244/update/idx/specvir-win32-int.info.gz' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\specvir-win32-int.info.gz'.
[UPD] [INFO] Downloading 'http://62.146.105.244/update/idx/wks_avira-win32-fr-pecl-info.info.gz' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\wks_avira-win32-fr-pecl-info.info.gz'.
[UPD] [INFO] Comparing local files with the version available on the update server.
[UPD] [INFO] Checking the SELFUPDATE module:
[UPD] [INFO] File 'wks_avira/win32/fr/basic-nt/update.dll' (local, server): 0.1.0.31 < 0.1.0.39
[UPD] [INFO] File 'wks_avira/win32/fr/basic-nt/update.exe' (local, server): 9.0.0.46 < 9.0.0.52
[UPD] [INFO] File 'wks_avira/win32/fr/classic-nt/rcimage.dll' (local, server): 9.0.0.21 < 9.0.0.25
[UPD] [INFO] File 'wks_avira/win32/fr/classic-nt/rctext.dll' (local, server): 9.0.37.0 < 9.0.73.0
[UPD] [INFO] Checking the VDF module:
[UPD] [INFO] The file 'n_vdf/aevdf.dat' does not exist and is being installed.
[UPD] [INFO] The file 'n_vdf/vbase000.vdf' does not exist and is being installed.
[UPD] [INFO] The file 'n_vdf/vbase001.vdf' does not exist and is being installed.
[UPD] [INFO] The file 'n_vdf/vbase002.vdf' does not exist and is being installed.
[UPD] [INFO] The file 'n_vdf/vbase003.vdf' does not exist and is being installed.
[UPD] [INFO] The file 'n_vdf/vbase004.vdf' does not exist and is being installed.
[UPD] [INFO] The file 'n_vdf/vbase005.vdf' does not exist and is being installed.
[UPD] [INFO] The file 'n_vdf/vbase006.vdf' does not exist and is being installed.
[UPD] [INFO] The file 'n_vdf/vbase007.vdf' does not exist and is being installed.
[UPD] [INFO] The file 'n_vdf/vbase008.vdf' does not exist and is being installed.
[UPD] [INFO] The file 'n_vdf/vbase009.vdf' does not exist and is being installed.
[UPD] [INFO] The file 'n_vdf/vbase010.vdf' does not exist and is being installed.
[UPD] [INFO] The file 'n_vdf/vbase011.vdf' does not exist and is being installed.
[UPD] [INFO] The file 'n_vdf/vbase012.vdf' does not exist and is being installed.
[UPD] [INFO] The file 'n_vdf/vbase013.vdf' does not exist and is being installed.
[UPD] [INFO] The file 'n_vdf/vbase014.vdf' does not exist and is being installed.
[UPD] [INFO] The file 'n_vdf/vbase015.vdf' does not exist and is being installed.
[UPD] [INFO] The file 'n_vdf/vbase016.vdf' does not exist and is being installed.
[UPD] [INFO] The file 'n_vdf/vbase017.vdf' does not exist and is being installed.
[UPD] [INFO] The file 'n_vdf/vbase018.vdf' does not exist and is being installed.
[UPD] [INFO] The file 'n_vdf/vbase019.vdf' does not exist and is being installed.
[UPD] [INFO] The file 'n_vdf/vbase020.vdf' does not exist and is being installed.
[UPD] [INFO] The file 'n_vdf/vbase021.vdf' does not exist and is being installed.
[UPD] [INFO] The file 'n_vdf/vbase022.vdf' does not exist and is being installed.
[UPD] [INFO] The file 'n_vdf/vbase023.vdf' does not exist and is being installed.
[UPD] [INFO] The file 'n_vdf/vbase024.vdf' does not exist and is being installed.
[UPD] [INFO] The file 'n_vdf/vbase025.vdf' does not exist and is being installed.
[UPD] [INFO] The file 'n_vdf/vbase026.vdf' does not exist and is being installed.
[UPD] [INFO] The file 'n_vdf/vbase027.vdf' does not exist and is being installed.
[UPD] [INFO] The file 'n_vdf/vbase028.vdf' does not exist and is being installed.
[UPD] [INFO] The file 'n_vdf/vbase029.vdf' does not exist and is being installed.
[UPD] [INFO] The file 'n_vdf/vbase030.vdf' does not exist and is being installed.
[UPD] [INFO] The file 'n_vdf/vbase031.vdf' does not exist and is being installed.
[UPD] [INFO] Checking the AVE2 module:
[UPD] [INFO] File 'ave2/win32/int/aecore.dll' (local, server): 8.1.6.6 < 8.1.8.2
[UPD] [INFO] File 'ave2/win32/int/aeemu.dll' (local, server): 8.1.0.9 < 8.1.1.0
[UPD] [INFO] File 'ave2/win32/int/aegen.dll' (local, server): 8.1.1.24 < 8.1.1.75
[UPD] [INFO] File 'ave2/win32/int/aehelp.dll' (local, server): 8.1.2.2 < 8.1.7.4
[UPD] [INFO] File 'ave2/win32/int/aeheur.dll' (local, server): 8.1.0.100 < 8.1.0.180
[UPD] [INFO] The file 'ave2/win32/int/aelidb.dat' does not exist and is being installed.
[UPD] [INFO] File 'ave2/win32/int/aeoffice.dll' (local, server): 8.1.0.36 < 8.1.0.38
[UPD] [INFO] File 'ave2/win32/int/aepack.dll' (local, server): 8.1.3.10 < 8.2.0.3
[UPD] [INFO] File 'ave2/win32/int/aerdl.dll' (local, server): 8.1.1.3 < 8.1.3.2
[UPD] [INFO] The file 'ave2/win32/int/aesbx.dll' does not exist and is being installed.
[UPD] [INFO] File 'ave2/win32/int/aescn.dll' (local, server): 8.1.1.7 < 8.1.2.5
[UPD] [INFO] File 'ave2/win32/int/aescript.dll' (local, server): 8.1.1.56 < 8.1.2.45
[UPD] [INFO] File 'ave2/win32/int/aeset.dat' (local, server): 8.2.0.100 < 8.2.1.72
[UPD] [INFO] File 'ave2/win32/int/aevdf.dll' (local, server): 8.1.1.0 < 8.1.1.2
[UPD] [INFO] Checking the MAIN module:
[UPD] [INFO] File 'wks_avira/win32/fr/basic-nt/avcenter.exe' (local, server): 9.0.0.16 < 9.0.0.19
[UPD] [INFO] File 'wks_avira/win32/fr/basic-nt/avgio.dll' (local, server): 9.0.1.3 < 9.0.1.4
[UPD] [INFO] File 'wks_avira/win32/fr/basic-nt/avguard.exe' (local, server): 9.0.1.26 < 9.0.1.32
[UPD] [INFO] File 'wks_avira/win32/fr/basic-nt/avnotify.exe' (local, server): 9.0.9.0 < 9.0.10.0
[UPD] [INFO] File 'wks_avira/win32/fr/basic-nt/avpref.dll' (local, server): 9.0.0.1 < 9.0.3.0
[UPD] [INFO] File 'wks_avira/win32/fr/basic-nt/avscan.exe' (local, server): 9.0.3.6 < 9.0.3.10
[UPD] [INFO] The file 'wks_avira/win32/fr/basic-nt/avupgsvc.exe' has set the IGNORE flag and will therefore not be considered.
[UPD] [INFO] File 'wks_avira/win32/fr/basic-nt/ccprofil.dll' (local, server): 9.0.0.15 < 9.0.0.18
[UPD] [INFO] File 'wks_avira/win32/fr/basic-nt/prefix_msg.avr' (local, server): 8a3bc7c0470440969e6001f2ce5be09d != 4bc0f71c66ac8576e31431944c61b033
[UPD] [INFO] The file 'wks_avira/win32/fr/basic-nt/presetup.exe' has set the IGNORE flag and will therefore not be considered.
[UPD] [INFO] File 'wks_avira/win32/fr/basic-nt/sched.exe' (local, server): 9.0.0.6 < 9.0.0.9
[UPD] [INFO] File 'wks_avira/win32/fr/basic-nt/setup.dll' (local, server): 9.0.8.0 < 9.0.10.0
[UPD] [INFO] File 'wks_avira/win32/fr/basic-nt/setup.exe' (local, server): 9.0.0.23 < 9.0.0.29
[UPD] [INFO] File 'wks_avira/win32/fr/basic-nt/shlext.dll' (local, server): 9.0.0.3 < 9.0.0.4
[UPD] [INFO] The file 'wks_avira/win32/fr/basic-nt/vcredist_x86.exe' has set the IGNORE flag and will therefore not be considered.
[UPD] [INFO] File 'wks_avira/win32/fr/basic-nt/xp/avgntflt.sys' (local, server): 9.0.3.12 < 9.0.3.15
[UPD] [INFO] File 'wks_avira/win32/fr/classic-nt/build.dat' (local, server): 9.0.0.65 < 9.0.0.72
[UPD] [INFO] The file 'wks_avira/win32/fr/classic-nt/filelist.ini' has set the IGNORE flag and will therefore not be considered.
[UPD] [INFO] The file 'wks_avira/win32/fr/classic-nt/oembleft.bmp' does not exist and is being installed.
[UPD] [INFO] The file 'wks_avira/win32/fr/classic-nt/product.ini' has set the IGNORE flag and will therefore not be considered.
[UPD] [INFO] Checking the AVREP_NT module:
[UPD] [INFO] Checking the COMMAPPDATA_AV module:
[UPD] [INFO] The file 'wks_avira/win32/fr/basic-nt/addr_file.html' is already installed and will not be updated.
[UPD] [INFO] Checking the COMMAPP module:
[UPD] [INFO] The file 'wks_avira/win32/fr/classic-nt/produpd.avj' is already installed and will not be updated.
[UPD] [INFO] The file 'wks_avira/win32/fr/classic-nt/scanjob.avj' is already installed and will not be updated.
[UPD] [INFO] The file 'wks_avira/win32/fr/classic-nt/startupd.avj' is already installed and will not be updated.
[UPD] [INFO] The file 'wks_avira/win32/fr/classic-nt/updjob.avj' is already installed and will not be updated.
[UPD] [INFO] Checking the COMMAPDATA_AV_PROFILES module:
[UPD] [INFO] The file 'wks_avira/win32/fr/classic-nt/folder.avp' is already installed and will not be updated.
[UPD] [INFO] The file 'wks_avira/win32/fr/classic-nt/rootkit.avp' is already installed and will not be updated.
[UPD] [INFO] Checking the TEXT module:
[UPD] [INFO] The file 'wks_avira/win32/fr/classic-nt/eula.txt' is already installed and will not be updated.
[UPD] [INFO] Checking the DRV module:
[UPD] [INFO] File 'wks_avira/win32/fr/basic-nt/ssmdrv.sys' (local, server): 7.0.2.1 < 7.0.2.2
[UPD] [INFO] File 'wks_avira/win32/fr/basic-nt/xp/avgntflt.sys' (local, server): 9.0.3.12 < 9.0.3.15
[UPD] [INFO] Checking the PRODINFO module:

Destrio5 · Answer

Take the new version (Temporary link): http://destrio5.free.fr/Telechargement_CCM/avira_antivir_personal_fr.exe

Gronik · Answer

Thank you. I was able to install and update this new version. I ran a complete scan that has just finished. Three possible viruses have apparently been detected and "fixed." Here is the report:    Avira AntiVir Personal Report file creation date: Sunday, November 22, 2009, 10:34  The scan covers 1,382,322 virus strains.  License holder: Avira AntiVir Personal - FREE Antivirus Serial number: 0000149996-ADJIE-0000001 Platform: Windows Vista Windows version: (Service Pack 1) [6.0.6001] Boot mode: Started normally Identifier: SYSTEM Computer name: PC-DE-ANNE-LAUR  Version information: BUILD.DAT: 9.0.0.72 21606 Bytes 08/11/2009 10:58:00 AVSCAN.EXE: 9.0.3.10 466689 Bytes 13/10/2009 10:25:46 AVSCAN.DLL: 9.0.3.0 49409 Bytes 03/03/2009 09:21:02 LUKE.DLL: 9.0.3.2 209665 Bytes 20/02/2009 10:35:11 LUKERES.DLL: 9.0.2.0 13569 Bytes 03/03/2009 09:21:31 VBASE000.VDF: 7.10.0.0 19875328 Bytes 06/11/2009 06:35:52 VBASE001.VDF: 7.10.1.0 1372672 Bytes 19/11/2009 09:32:30 VBASE002.VDF: 7.10.1.1 2048 Bytes 19/11/2009 09:32:30 VBASE003.VDF: 7.10.1.2 2048 Bytes 19/11/2009 09:32:30 VBASE004.VDF: 7.10.1.3 2048 Bytes 19/11/2009 09:32:30 VBASE005.VDF: 7.10.1.4 2048 Bytes 19/11/2009 09:32:30 VBASE006.VDF: 7.10.1.5 2048 Bytes 19/11/2009 09:32:30 VBASE007.VDF: 7.10.1.6 2048 Bytes 19/11/2009 09:32:30 VBASE008.VDF: 7.10.1.7 2048 Bytes 19/11/2009 09:32:30 VBASE009.VDF: 7.10.1.8 2048 Bytes 19/11/2009 09:32:30 VBASE010.VDF: 7.10.1.9 2048 Bytes 19/11/2009 09:32:30 VBASE011.VDF: 7.10.1.10 2048 Bytes 19/11/2009 09:32:31 VBASE012.VDF: 7.10.1.11 2048 Bytes 19/11/2009 09:32:31 VBASE013.VDF: 7.10.1.12 2048 Bytes 19/11/2009 09:32:31 VBASE014.VDF: 7.10.1.13 2048 Bytes 19/11/2009 09:32:31 VBASE015.VDF: 7.10.1.14 2048 Bytes 19/11/2009 09:32:31 VBASE016.VDF: 7.10.1.15 2048 Bytes 19/11/2009 09:32:31 VBASE017.VDF: 7.10.1.16 2048 Bytes 19/11/2009 09:32:31 VBASE018.VDF: 7.10.1.17 2048 Bytes 19/11/2009 09:32:31 VBASE019.VDF: 7.10.1.18 2048 Bytes 19/11/2009 09:32:31 VBASE020.VDF: 7.10.1.19 2048 Bytes 19/11/2009 09:32:31 VBASE021.VDF: 7.10.1.20 2048 Bytes 19/11/2009 09:32:31 VBASE022.VDF: 7.10.1.21 2048 Bytes 19/11/2009 09:32:31 VBASE023.VDF: 7.10.1.22 2048 Bytes 19/11/2009 09:32:31 VBASE024.VDF: 7.10.1.23 2048 Bytes 19/11/2009 09:32:31 VBASE025.VDF: 7.10.1.24 2048 Bytes 19/11/2009 09:32:31 VBASE026.VDF: 7.10.1.25 2048 Bytes 19/11/2009 09:32:32 VBASE027.VDF: 7.10.1.26 2048 Bytes 19/11/2009 09:32:32 VBASE028.VDF: 7.10.1.27 2048 Bytes 19/11/2009 09:32:32 VBASE029.VDF: 7.10.1.28 2048 Bytes 19/11/2009 09:32:32 VBASE030.VDF: 7.10.1.29 2048 Bytes 19/11/2009 09:32:32 VBASE031.VDF: 7.10.1.43 70144 Bytes 20/11/2009 09:32:32 Engine version: 8.2.1.72 AEVDF.DLL: 8.1.1.2 106867 Bytes 08/11/2009 06:38:52 AESCRIPT.DLL: 8.1.2.45 586108 Bytes 22/11/2009 09:32:34 AESCN.DLL: 8.1.2.5 127346 Bytes 08/11/2009 06:38:46 AESBX.DLL: 8.1.1.1 246132 Bytes 08/11/2009 06:38:44 AERDL.DLL: 8.1.3.2 479604 Bytes 08/11/2009 06:38:42 AEPACK.DLL: 8.2.0.3 422261 Bytes 08/11/2009 06:38:40 AEOFFICE.DLL: 8.1.0.38 196987 Bytes 08/11/2009 06:38:38 AEHEUR.DLL: 8.1.0.180 2093432 Bytes 22/11/2009 09:32:34 AEHELP.DLL: 8.1.7.4 237943 Bytes 22/11/2009 09:32:32 AEGEN.DLL: 8.1.1.75 364918 Bytes 22/11/2009 09:32:32 AEEMU.DLL: 8.1.1.0 393587 Bytes 08/11/2009 06:38:26 AECORE.DLL: 8.1.8.2 184694 Bytes 08/11/2009 06:38:24 AEBB.DLL: 8.1.0.3 53618 Bytes 08/11/2009 06:38:20 AVWINLL.DLL: 9.0.0.3 18177 Bytes 12/12/2008 07:47:30 AVPREF.DLL: 9.0.3.0 44289 Bytes 26/08/2009 14:13:31 AVREP.DLL: 8.0.0.3 155905 Bytes 20/01/2009 13:34:28 AVREG.DLL: 9.0.0.0 36609 Bytes 07/11/2008 14:24:42 AVARKT.DLL: 9.0.0.3 292609 Bytes 24/03/2009 14:05:22 AVEVTLOG.DLL: 9.0.0.7 167169 Bytes 30/01/2009 09:36:37 SQLITE3.DLL: 3.6.1.0 326401 Bytes 28/01/2009 14:03:49 SMTPLIB.DLL: 9.2.0.25 28417 Bytes 02/02/2009 07:20:57 NETNT.DLL: 9.0.0.0 11521 Bytes 07/11/2008 14:40:59 RCIMAGE.DLL: 9.0.0.25 2438913 Bytes 17/06/2009 12:44:26 RCTEXT.DLL: 9.0.73.0 88321 Bytes 02/11/2009 15:58:32  Configuration for the current scan: Task name...............................: Full system check Configuration file........................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp Documentation.................................: base Main action.............................: interactive Secondary action.............................: ignore Search for master boot sectors..........: on Search for boot sectors...................: on Boot sectors...............................: C:, D:, Search in active programs.................: on Search ongoing in registry.................: on Rootkit search.............................: on System file integrity check...............: off File search mode.........................: All files Search in archives.......................: on Limit recursive depth.....................: 20 Archive Smart Extensions..................: on Macrovirus heuristic......................: on File heuristic............................: medium Divergent danger categories.................: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,  Scan start: Sunday, November 22, 2009, 10:34  The search for hidden objects begins. '127392' objects have been checked, '0' hidden objects have been found.  The search for started processes begins: Process search 'avscan.exe' - '1' module(s) checked Process search 'avscan.exe' - '1' module(s) checked Process search 'avcenter.exe' - '1' module(s) checked Process search 'avcenter.exe' - '1' module(s) checked Process search 'avgnt.exe' - '1' module(s) checked Process search 'sched.exe' - '1' module(s) checked Process search 'avguard.exe' - '1' module(s) checked Process search 'svchost.exe' - '1' module(s) checked Process search 'VSSVC.exe' - '1' module(s) checked Process search 'wuauclt.exe' - '1' module(s) checked Process search 'HPHC_Service.exe' - '1' module(s) checked Process search 'iPodService.exe' - '1' module(s) checked Process search 'HpqToaster.exe' - '1' module(s) checked Process search 'firefox.exe' - '1' module(s) checked Process search 'rundll32.exe' - '1' module(s) checked Process search 'wmpnetwk.exe' - '1' module(s) checked Process search 'WmiPrvSE.exe' - '1' module(s) checked Process search 'unsecapp.exe' - '1' module(s) checked Process search 'wmpnscfg.exe' - '1' module(s) checked Process search 'msnmsgr.exe' - '1' module(s) checked Process search 'sidebar.exe' - '1' module(s) checked Process search 'jusched.exe' - '1' module(s) checked Process search 'iTunesHelper.exe' - '1' module(s) checked Process search 'hpwuSchd2.exe' - '1' module(s) checked Process search 'rundll32.exe' - '1' module(s) checked Process search 'WiFiMsg.exe' - '1' module(s) checked Process search 'HPWAMain.exe' - '1' module(s) checked Process search 'QLBCTRL.exe' - '1' module(s) checked Process search 'IAAnotif.exe' - '1' module(s) checked Process search 'RtHDVCpl.exe' - '1' module(s) checked Process search 'SynTPEnh.exe' - '1' module(s) checked Process search 'sm56hlpr.exe' - '1' module(s) checked Process search 'MSASCui.exe' - '1' module(s) checked Process search 'explorer.exe' - '1' module(s) checked Process search 'taskeng.exe' - '1' module(s) checked Process search 'dwm.exe' - '1' module(s) checked Process search 'CLSched.exe' - '1' module(s) checked Process search 'hpqwmiex.exe' - '1' module(s) checked Process search 'SearchIndexer.exe' - '1' module(s) checked Process search 'svchost.exe' - '1' module(s) checked Process search 'svchost.exe' - '1' module(s) checked Process search 'svchost.exe' - '1' module(s) checked Process search 'LSSrvc.exe' - '1' module(s) checked Process search 'IAANTmon.exe' - '1' module(s) checked Process search 'taskeng.exe' - '1' module(s) checked Process search 'CLCapSvc.exe' - '1' module(s) checked Process search 'mDNSResponder.exe' - '1' module(s) checked Process search 'AppleMobileDeviceService.exe' - '1' module(s) checked Process search 'svchost.exe' - '1' module(s) checked Process search 'spoolsv.exe' - '1' module(s) checked Process search 'svchost.exe' - '1' module(s) checked Process search 'svchost.exe' - '1' module(s) checked Process search 'SLsvc.exe' - '1' module(s) checked Process search 'svchost.exe' - '1' module(s) checked Process search 'audiodg.exe' - '0' module(s) checked Process search 'svchost.exe' - '1' module(s) checked Process search 'svchost.exe' - '1' module(s) checked Process search 'svchost.exe' - '1' module(s) checked Process search 'winlogon.exe' - '1' module(s) checked Process search 'svchost.exe' - '1' module(s) checked Process search 'svchost.exe' - '1' module(s) checked Process search 'svchost.exe' - '1' module(s) checked Process search 'lsm.exe' - '1' module(s) checked Process search 'lsass.exe' - '1' module(s) checked Process search 'services.exe' - '1' module(s) checked Process search 'csrss.exe' - '1' module(s) checked Process search 'wininit.exe' - '1' module(s) checked Process search 'csrss.exe' - '1' module(s) checked Process search 'smss.exe' - '1' module(s) checked '68' processes have been checked with '68' modules  The search for master boot sectors begins: Master boot sector HD0  [INFO] No virus found!  The search for boot sectors begins: Boot sector 'C:\'  [INFO] No virus found! Boot sector 'D:\'  [INFO] No virus found!  The search for references to executable files (registry) begins: The registry has been checked ('48' files).   The search for selected files begins:  Search starting in 'C:\' C:\hiberfil.sys  [WARNING] Unable to open file!  [NOTE] This file is a Windows system file.  [NOTE] It is correct that this file cannot be opened for searching. C:\pagefile.sys  [WARNING] Unable to open file!  [NOTE] This file is a Windows system file.  [NOTE] It is correct that this file cannot be opened for searching. C:\HP\BIN\EndProcess.exe  [RESULT] Contains detection pattern of application APPL/KillApp.A C:\HP\HPQWare\EasySetup\SetACL.exe  [RESULT] Contains detection pattern of application APPL/ACLSet C:\Program Files\sina\SAP\update\setup.exe  [0] Archive type: NSIS  --> ProgramFilesDir/SAPlatform.exe  [RESULT] Contains the Trojan TR/Spy.854016 Search starting in 'D:\' <HP_RECOVERY>  Start of disinfecting: C:\HP\BIN\EndProcess.exe  [RESULT] Contains detection pattern of application APPL/KillApp.A  [NOTE] The file has been moved to the quarantine directory under the name '4b6d1baa.qua'! C:\HP\HPQWare\EasySetup\SetACL.exe  [RESULT] Contains detection pattern of application APPL/ACLSet  [NOTE] The file has been moved to the quarantine directory under the name '4b7d1ba1.qua'! C:\Program Files\sina\SAP\update\setup.exe  [NOTE] The file has been moved to the quarantine directory under the name '4cda52ca.qua'!   End of search: Sunday, November 22, 2009, 12:06 Time taken: 1:31:41 Hour(s)  The search was completed in full   24914 directories were checked  433498 files were checked  3 viruses or unwanted programs were found  0 files were classified as suspicious

Destrio5 · Answer

No more worries?

Gronik · Answer

No. Everything seems fine apparently. I'm marking the issue as resolved. Thank you for your help.

Destrio5 · Answer

1/  ---> Uninstall HijackThis.  ---> Download ToolsCleaner2 to your Desktop. * Right-click on ToolsCleaner2.exe and choose Run as administrator. * Click on Search and let the scan run. * Click on Delete to complete the process. * You can, if you wish, use the Optional Options. * Click on Exit to get the report. * Post the report (TCleaner.txt) found at the root of your hard drive (C:\).   2/  ---> Download and install CCleaner (Do not install the Yahoo Toolbar): * Launch it. Go to Options then Advanced and uncheck the box Delete only files etc.... * Go to Cleaner, select Analyze. Once finished, start the cleaning process.   3/  ---> It is necessary to disable and then re-enable system restore to purge it.   ==Prevention==  Re-enable UAC if it is not already done.  To remove AntiVir popups: Link  Keep MBAM. It will help you scan suspicious files in addition to the antivirus and scan the hard drive regularly.  Regarding P2P: Link  Here is a complete file (To be read with Adobe Reader or Foxit Reader): Link   Be more vigilant on the Internet ;)

Gronik · Answer

Toolscleaner2 does not respond every time I launch it, even though I run it as an admin. I just checked the forum. Apparently, I'm not the only one experiencing this: https://forums.commentcamarche.net/forum/affich-15212261-probleme-toolscleaner2  Moreover, I'm not sure I remember how to activate/deactivate the UAC settings you mentioned. Everything we've done has also led to the appearance of hidden files like desktop.ini (I have two on my desktop, is that normal?).  Thanks for your links to advice and misconceptions about P2P and viruses.

Infection par cybersécurité

25 réponses

Texture issues in enshrouded

Driver his

Peritel to hdmi conversion

How to access the bios on a compaq notebook

Dsi won't turn on anymore

Search for a song with the lyrics

Left mouse click, touchpad click inactive

Codes stronghold crusader

Stuck computer system repair

Disable write protection mp3 player