Blocked antivirus
braudelin
-
braudelin -
braudelin -
Hello,
When I run my antivirus (Norton Internet Security with a license and updated) to scan my external hard drive, it stops after a few seconds. My external hard drive is then automatically ejected. I imagine it must have a virus that detects the antivirus. I have tried other antivirus programs (Avira, AVG) but nothing works.
Do you know how to fix the problem?
Thank you
Braudelin
When I run my antivirus (Norton Internet Security with a license and updated) to scan my external hard drive, it stops after a few seconds. My external hard drive is then automatically ejected. I imagine it must have a virus that detects the antivirus. I have tried other antivirus programs (Avira, AVG) but nothing works.
Do you know how to fix the problem?
Thank you
Braudelin
Configuration: Windows XP / Firefox 3.5.8
10 answers
Hello
Download UsbFix from C_XX & Chiquitine29
http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe
(!) Connect your external data sources to your PC (USB drive, external hard drive, etc...) that may have been infected, without opening them
• Double click on "UsbFix.exe" on your desktop (right click "run as administrator" for Vista & 7)
• Choose option F for French and hit [enter].
• Select option 1 (Search) and hit [enter].
• Let the tool work.
• Then post the UsbFix.txt report that will appear.
• Note: The UsbFix.txt report is saved at the root of the drive. (C:\UsbFix.txt)
(CTRL+A to select all, CTRL+C to copy, and CTRL+V to paste)
• Note: "Process.exe", a component of the tool, is detected by some antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) as a RiskTool.
It is not a virus, but a utility meant to terminate processes.
In the wrong hands, this utility could stop security software (Antivirus, Firewall...) hence the alert issued by these antivirus programs.
--
Due to Lack of Curiosity, One Risks Dying Ignorant; You are free to think that you are C..,
But C.. to think that you are free... Thanks to australe13
Download UsbFix from C_XX & Chiquitine29
http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe
(!) Connect your external data sources to your PC (USB drive, external hard drive, etc...) that may have been infected, without opening them
• Double click on "UsbFix.exe" on your desktop (right click "run as administrator" for Vista & 7)
• Choose option F for French and hit [enter].
• Select option 1 (Search) and hit [enter].
• Let the tool work.
• Then post the UsbFix.txt report that will appear.
• Note: The UsbFix.txt report is saved at the root of the drive. (C:\UsbFix.txt)
(CTRL+A to select all, CTRL+C to copy, and CTRL+V to paste)
• Note: "Process.exe", a component of the tool, is detected by some antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) as a RiskTool.
It is not a virus, but a utility meant to terminate processes.
In the wrong hands, this utility could stop security software (Antivirus, Firewall...) hence the alert issued by these antivirus programs.
--
Due to Lack of Curiosity, One Risks Dying Ignorant; You are free to think that you are C..,
But C.. to think that you are free... Thanks to australe13
Removal
Connect your external data sources to your PC (USB stick, external hard drive, etc.) that may have been infected without opening them
(1) Double-click on the UsbFix shortcut on your desktop
(2) Choose option 2 ( Removal )
Your desktop will disappear and the PC will restart.
Upon restarting, UsbFix will scan your PC, let the tool work.
Then post the UsbFix.txt report that will appear with the desktop.
Note: The UsbFix.txt report is saved at the root of the disk. (C:\UsbFix.txt)
( CTRL+A to select all, CTRL+C to copy and CTRL+V to paste )
--
By Lack Of Curiosity We Risk Dying Ignorant; You are free to think that you are C..,
But it’s C.. to think that you are free... Thanks to australe13
Connect your external data sources to your PC (USB stick, external hard drive, etc.) that may have been infected without opening them
(1) Double-click on the UsbFix shortcut on your desktop
(2) Choose option 2 ( Removal )
Your desktop will disappear and the PC will restart.
Upon restarting, UsbFix will scan your PC, let the tool work.
Then post the UsbFix.txt report that will appear with the desktop.
Note: The UsbFix.txt report is saved at the root of the disk. (C:\UsbFix.txt)
( CTRL+A to select all, CTRL+C to copy and CTRL+V to paste )
--
By Lack Of Curiosity We Risk Dying Ignorant; You are free to think that you are C..,
But it’s C.. to think that you are free... Thanks to australe13
Here is the report!
User: SOLTHIS SOLTHIS (Administrators) # PC-RAF
Update on 20/02/2010 by El Desaparecido, C_XX & Chimay8
Start at: 11:54:04 | 21/02/2010
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com
Intel(R) Core(TM)2 Duo CPU T7100 @ 1.80GHz
Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status: Enabled
AV: Norton Internet Security 17.5.0.127 [Enabled | Updated]
FW: Norton Internet Security [Enabled] 17.5.0.127
C:\ -> Local fixed disk # 111.68 Go (88.11 Go free) # NTFS
E:\ -> CD-ROM drive
############################## | Active processes |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PGI00\APP\PGIService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## | Infectious elements |
Deleted! C:\autorun.PNF
Deleted! C:\Recycler\S-1-5-21-3619810879-640935317-2474945591-1005
Deleted! C:\Recycler\S-1-5-21-3619810879-640935317-2474945591-500
################## | Registry |
Deleted! [HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\policies\System] "DisableRegistryTools"
Deleted! [HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\policies\System] "DisableTaskMgr"
Deleted! [HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] "DisableConfig"
Deleted! [HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] "DisableSR"
Deleted! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFolderOptions"
################## | Mountpoints2 |
Deleted! HKCU\...\Explorer\MountPoints2\{0034ec5a-c860-11dc-92d1-001b7745351a}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{0ab58e4e-c44d-11dc-92c6-001b7745351a}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{0ecc1fc9-cf08-11dc-92ec-001b7745351a}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{10ee867d-a2e0-11de-95a6-890371cd61c9}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{1115575a-8eea-11dc-92b3-001b7745351a}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{2008237e-dcc0-11dd-94c6-5050506f4531}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{21c6b1a8-2fed-11de-952d-5050506f4531}\Shell\AuTOPlAy\Command
Deleted! HKCU\...\Explorer\MountPoints2\{22a64d3b-8de4-11dc-92b1-001b7745351a}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{29365e93-7dc2-11de-9574-5050506f4531}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{32ba9ba1-24dd-11de-9518-001d09c7b8d9}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{36799a1f-677f-11dc-929e-001b7745351a}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{399fff0b-2875-11dc-9280-001b7745351a}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{45d44ec6-ddfb-11dc-9317-0019b97da0dd}\Shell\Auto\Command
Deleted! HKCU\...\Explorer\MountPoints2\{54669483-5d1b-11dc-9299-001b7745351a}\Shell\Auto\Command
Deleted! HKCU\...\Explorer\MountPoints2\{67da1cf1-6842-11dc-929f-001b7745351a}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{73996d6b-5264-11dd-9434-0019b97da0dd}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{73e946cf-17e4-11de-9508-5050506f4531}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{75d0afb4-2ae1-11de-9525-001d09c7b8d9}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{7bb02b8a-7188-11dc-92a5-001b7745351a}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{7da453a0-7b28-11dd-946a-5050506f4531}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{7fe0c5aa-15c8-11dd-93d7-0019b97da0dd}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{83ac0945-0fda-11df-9623-5050506f4531}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{963f3b8e-d3bb-11dc-92fc-001b7745351a}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{963f3b8f-d3bb-11dc-92fc-0019b97da0dd}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{963f3b90-d3bb-11dc-92fc-0019b97da0dd}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{9f9a1351-6a7b-11dc-92a2-001b7745351a}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{9f9a135e-6a7b-11dc-92a2-001b7745351a}\Shell\Auto\Command
Deleted! HKCU\...\Explorer\MountPoints2\{a3fe138e-7762-11de-956b-5050506f4531}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{be15e753-7fda-11dd-9472-5050506f4531}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{c9d6e2f1-fda4-11dd-94ea-001d09c7b8d9}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{d0b1ea78-dd9e-11dd-94c7-5050506f4531}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{d6b3b23c-33b6-11dc-9288-0019b97da0dd}\Shell\Auto\Command
Deleted! HKCU\...\Explorer\MountPoints2\{d9812206-f8dd-11dd-94e4-5050506f4531}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{e29a3e7c-bf6b-11dc-92c5-001b7745351a}\Shell\Auto\Command
Deleted! HKCU\...\Explorer\MountPoints2\{f56bb08b-f29a-11dd-94dc-5050506f4531}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{fa21dc4f-a314-11dc-92be-001b7745351a}\Shell\AutoRun\Command
################## | Listing of present files |
[19/08/2004 12:18|--a------|0] C:\AUTOEXEC.BAT
[05/08/2009 17:36|--a------|63] C:\AUTORUN.del
[02/07/2007 08:38|-rahs----|212] C:\boot.ini
[05/08/2004 11:00|-rahs----|4952] C:\Bootfont.bin
[19/08/2004 12:18|--a------|0] C:\CONFIG.SYS
[27/06/2007 19:40|-rah-----|5963] C:\dell.sdr
[?|?|?] C:\hiberfil.sys
[08/07/2007 20:43|--a------|4128] C:\INFCACHE.1
[19/08/2004 12:18|--ah-----|0] C:\IO.SYS
[19/08/2004 12:18|--ah-----|0] C:\MSDOS.SYS
[05/08/2004 11:00|-rahs----|47564] C:\NTDETECT.COM
[08/08/2008 08:22|-rahs----|252240] C:\ntldr
[?|?|?] C:\pagefile.sys
[21/02/2010 12:02|--a------|7646] C:\UsbFix.txt
[20/02/2010 15:23|--a------|11802] C:\winzip.log
################## | Vaccination |
# C:\autorun.inf -> Folder created by UsbFix (El Desaparecido).
################## | Upload |
Please send the file: C:\UsbFix_Upload_Me_PC-RAF.zip : https://www.ionos.fr/?affiliate_id=77097
Thank you for your contribution.
################## | ! End of report # UsbFix V6.097 ! |
User: SOLTHIS SOLTHIS (Administrators) # PC-RAF
Update on 20/02/2010 by El Desaparecido, C_XX & Chimay8
Start at: 11:54:04 | 21/02/2010
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com
Intel(R) Core(TM)2 Duo CPU T7100 @ 1.80GHz
Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status: Enabled
AV: Norton Internet Security 17.5.0.127 [Enabled | Updated]
FW: Norton Internet Security [Enabled] 17.5.0.127
C:\ -> Local fixed disk # 111.68 Go (88.11 Go free) # NTFS
E:\ -> CD-ROM drive
############################## | Active processes |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PGI00\APP\PGIService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## | Infectious elements |
Deleted! C:\autorun.PNF
Deleted! C:\Recycler\S-1-5-21-3619810879-640935317-2474945591-1005
Deleted! C:\Recycler\S-1-5-21-3619810879-640935317-2474945591-500
################## | Registry |
Deleted! [HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\policies\System] "DisableRegistryTools"
Deleted! [HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\policies\System] "DisableTaskMgr"
Deleted! [HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] "DisableConfig"
Deleted! [HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] "DisableSR"
Deleted! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFolderOptions"
################## | Mountpoints2 |
Deleted! HKCU\...\Explorer\MountPoints2\{0034ec5a-c860-11dc-92d1-001b7745351a}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{0ab58e4e-c44d-11dc-92c6-001b7745351a}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{0ecc1fc9-cf08-11dc-92ec-001b7745351a}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{10ee867d-a2e0-11de-95a6-890371cd61c9}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{1115575a-8eea-11dc-92b3-001b7745351a}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{2008237e-dcc0-11dd-94c6-5050506f4531}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{21c6b1a8-2fed-11de-952d-5050506f4531}\Shell\AuTOPlAy\Command
Deleted! HKCU\...\Explorer\MountPoints2\{22a64d3b-8de4-11dc-92b1-001b7745351a}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{29365e93-7dc2-11de-9574-5050506f4531}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{32ba9ba1-24dd-11de-9518-001d09c7b8d9}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{36799a1f-677f-11dc-929e-001b7745351a}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{399fff0b-2875-11dc-9280-001b7745351a}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{45d44ec6-ddfb-11dc-9317-0019b97da0dd}\Shell\Auto\Command
Deleted! HKCU\...\Explorer\MountPoints2\{54669483-5d1b-11dc-9299-001b7745351a}\Shell\Auto\Command
Deleted! HKCU\...\Explorer\MountPoints2\{67da1cf1-6842-11dc-929f-001b7745351a}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{73996d6b-5264-11dd-9434-0019b97da0dd}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{73e946cf-17e4-11de-9508-5050506f4531}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{75d0afb4-2ae1-11de-9525-001d09c7b8d9}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{7bb02b8a-7188-11dc-92a5-001b7745351a}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{7da453a0-7b28-11dd-946a-5050506f4531}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{7fe0c5aa-15c8-11dd-93d7-0019b97da0dd}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{83ac0945-0fda-11df-9623-5050506f4531}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{963f3b8e-d3bb-11dc-92fc-001b7745351a}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{963f3b8f-d3bb-11dc-92fc-0019b97da0dd}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{963f3b90-d3bb-11dc-92fc-0019b97da0dd}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{9f9a1351-6a7b-11dc-92a2-001b7745351a}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{9f9a135e-6a7b-11dc-92a2-001b7745351a}\Shell\Auto\Command
Deleted! HKCU\...\Explorer\MountPoints2\{a3fe138e-7762-11de-956b-5050506f4531}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{be15e753-7fda-11dd-9472-5050506f4531}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{c9d6e2f1-fda4-11dd-94ea-001d09c7b8d9}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{d0b1ea78-dd9e-11dd-94c7-5050506f4531}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{d6b3b23c-33b6-11dc-9288-0019b97da0dd}\Shell\Auto\Command
Deleted! HKCU\...\Explorer\MountPoints2\{d9812206-f8dd-11dd-94e4-5050506f4531}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{e29a3e7c-bf6b-11dc-92c5-001b7745351a}\Shell\Auto\Command
Deleted! HKCU\...\Explorer\MountPoints2\{f56bb08b-f29a-11dd-94dc-5050506f4531}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{fa21dc4f-a314-11dc-92be-001b7745351a}\Shell\AutoRun\Command
################## | Listing of present files |
[19/08/2004 12:18|--a------|0] C:\AUTOEXEC.BAT
[05/08/2009 17:36|--a------|63] C:\AUTORUN.del
[02/07/2007 08:38|-rahs----|212] C:\boot.ini
[05/08/2004 11:00|-rahs----|4952] C:\Bootfont.bin
[19/08/2004 12:18|--a------|0] C:\CONFIG.SYS
[27/06/2007 19:40|-rah-----|5963] C:\dell.sdr
[?|?|?] C:\hiberfil.sys
[08/07/2007 20:43|--a------|4128] C:\INFCACHE.1
[19/08/2004 12:18|--ah-----|0] C:\IO.SYS
[19/08/2004 12:18|--ah-----|0] C:\MSDOS.SYS
[05/08/2004 11:00|-rahs----|47564] C:\NTDETECT.COM
[08/08/2008 08:22|-rahs----|252240] C:\ntldr
[?|?|?] C:\pagefile.sys
[21/02/2010 12:02|--a------|7646] C:\UsbFix.txt
[20/02/2010 15:23|--a------|11802] C:\winzip.log
################## | Vaccination |
# C:\autorun.inf -> Folder created by UsbFix (El Desaparecido).
################## | Upload |
Please send the file: C:\UsbFix_Upload_Me_PC-RAF.zip : https://www.ionos.fr/?affiliate_id=77097
Thank you for your contribution.
################## | ! End of report # UsbFix V6.097 ! |
download
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
during installation, make sure 'update and launch program and complete scan' are checked
Once updated, the program will launch; click on the settings tab, and check the box: "Stop Internet Explorer during removal".
At the end of the scan, click on Show results
Check if everything is checked and click Remove selected
If asked to restart >>> click "Yes"
And you post the generated report
--
Out of Curiosity, We Risk Dying Ignorant; You are free to think you are C..,
But C.. to think that you are free... Thanks to australe13
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
during installation, make sure 'update and launch program and complete scan' are checked
Once updated, the program will launch; click on the settings tab, and check the box: "Stop Internet Explorer during removal".
At the end of the scan, click on Show results
Check if everything is checked and click Remove selected
If asked to restart >>> click "Yes"
And you post the generated report
--
Out of Curiosity, We Risk Dying Ignorant; You are free to think you are C..,
But C.. to think that you are free... Thanks to australe13
Benurrr,
Here are the results from Malwarebytes. But as usual, the hard drive disconnects as soon as the scan starts on it.
Malwarebytes' Anti-Malware 1.44
Database version: 3767
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
02/21/2010 13:32:31
mbam-log-2010-02-21 (13-32-31).txt
Scan type: Full scan (C:\|D:\|)
Items scanned: 186750
Elapsed time: 53 minute(s), 29 second(s)
Infected memory processes: 0
Infected memory modules: 0
Infected registry keys: 0
Infected registry values: 0
Infected registry data items: 0
Infected folders: 0
Infected files: 0
Infected memory processes:
(No harmful items detected)
Infected memory modules:
(No harmful items detected)
Infected registry keys:
(No harmful items detected)
Infected registry values:
(No harmful items detected)
Infected registry data items:
(No harmful items detected)
Infected folders:
(No harmful items detected)
Infected files:
(No harmful items detected)
Here are the results from Malwarebytes. But as usual, the hard drive disconnects as soon as the scan starts on it.
Malwarebytes' Anti-Malware 1.44
Database version: 3767
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
02/21/2010 13:32:31
mbam-log-2010-02-21 (13-32-31).txt
Scan type: Full scan (C:\|D:\|)
Items scanned: 186750
Elapsed time: 53 minute(s), 29 second(s)
Infected memory processes: 0
Infected memory modules: 0
Infected registry keys: 0
Infected registry values: 0
Infected registry data items: 0
Infected folders: 0
Infected files: 0
Infected memory processes:
(No harmful items detected)
Infected memory modules:
(No harmful items detected)
Infected registry keys:
(No harmful items detected)
Infected registry values:
(No harmful items detected)
Infected registry data items:
(No harmful items detected)
Infected folders:
(No harmful items detected)
Infected files:
(No harmful items detected)
In the Malwarebyte report, I see that you have a drive I
that does not appear in the USBFix report. Is it your disk that is causing the problem? Was the I drive connected when you ran USBFix?
--
By Lack of Curiosity, We Risk Dying Ignorant; You are free to think that you are C..,
But C.. to think that you are free... Thanks to australe13.
that does not appear in the USBFix report. Is it your disk that is causing the problem? Was the I drive connected when you ran USBFix?
--
By Lack of Curiosity, We Risk Dying Ignorant; You are free to think that you are C..,
But C.. to think that you are free... Thanks to australe13.
* Download Rav http://ww25.evosla.com/T%C3%A9l%C3%A9charger/logiciels-evosla/1-RAV.html?chk=c633497d88798aec239ce1b4d1c02c4d&no_html=1
extract here
* Connect removable drives without opening them before launching the Fix
* Unzip the archive on the desktop
* Double-click on RAV.exe to launch the tool
* Once RAV is launched, it will automatically scan all drives that may be infected
* If there is an infection, a report will be generated; otherwise, the software will display the message: “Your Computer is healthy”
* Remove the removable drives and restart the computer.
--
Out of Curiosity One Risks Dying Ignorant; You are free to think that you are C..,
But C.. to think that you are free... Thanks to australe13
extract here
* Connect removable drives without opening them before launching the Fix
* Unzip the archive on the desktop
* Double-click on RAV.exe to launch the tool
* Once RAV is launched, it will automatically scan all drives that may be infected
* If there is an infection, a report will be generated; otherwise, the software will display the message: “Your Computer is healthy”
* Remove the removable drives and restart the computer.
--
Out of Curiosity One Risks Dying Ignorant; You are free to think that you are C..,
But C.. to think that you are free... Thanks to australe13
Open a MS-Dos window (Start > Run > cmd > OK),
Type: chkdsk D: /v /f
If the computer asks if you want to perform the check on the next restart, confirm with Y and press Enter, then restart your computer.
--
By Lacking Curiosity, We Risk Dying Ignorant; You are free to think that you are C..,
But C.. to think that you are free... Thank you to australe13
Type: chkdsk D: /v /f
If the computer asks if you want to perform the check on the next restart, confirm with Y and press Enter, then restart your computer.
--
By Lacking Curiosity, We Risk Dying Ignorant; You are free to think that you are C..,
But C.. to think that you are free... Thank you to australe13
a defragmentation of your hard drive
https://www.commentcamarche.net/telecharger/ 34055572 defraggler
install it
When launched, the software displays a window divided into three panels. The upper panel shows the list of detected partitions and drives.
Click on the disk to defragment (using the right mouse button) and select Analyze Drive from the context menu.
--
Due to Lack of Curiosity One Risks Dying Ignorant; You are free to think you are C..,
But C.. to think that you are free... Thanks to australe13
https://www.commentcamarche.net/telecharger/ 34055572 defraggler
install it
When launched, the software displays a window divided into three panels. The upper panel shows the list of detected partitions and drives.
Click on the disk to defragment (using the right mouse button) and select Analyze Drive from the context menu.
--
Due to Lack of Curiosity One Risks Dying Ignorant; You are free to think you are C..,
But C.. to think that you are free... Thanks to australe13
Here is the report that came out. What should I do now?
User: SOLTHIS SOLTHIS (Administrators) # PC-RAF
Update on 20/02/2010 by El Desaparecido, C_XX & Chimay8
Start at: 11:34:14 | 21/02/2010
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com
Intel(R) Core(TM)2 Duo CPU T7100 @ 1.80GHz
Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status: Disabled
AV: Norton Internet Security 17.5.0.127 [Enabled | Updated]
FW: Norton Internet Security [Enabled] 17.5.0.127
C:\ -> Local fixed disk # 111.68 Go (88.16 Go free) # NTFS
D:\ -> Local fixed disk # 111.79 Go (36.45 Go free) [FreeAgent Drive] # NTFS
E:\ -> CD-ROM
############################## | Active Processes |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ETI-SA\BiasyLITE\fts.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PGI00\APP\PGIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## | Infectious Elements |
C:\autorun.PNF
################## | Registry |
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\policies\System] "DisableRegistryTools"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\policies\System] "DisableTaskMgr"
[HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\policies\System] "DisableRegistryTools"
[HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\policies\System] "DisableTaskMgr"
[HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] "DisableConfig"
[HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] "DisableSR"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFolderOptions"
################## | Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{0034ec5a-c860-11dc-92d1-001b7745351a}
Shell\AutoRun\command =wscript.exe .\.vbs
Shell\open\command =wscript.exe .\.vbs
HKCU\..\..\Explorer\MountPoints2\{0ab58e4e-c44d-11dc-92c6-001b7745351a}
Shell\AutoRun\command =wscript.exe .\`.vbs
Shell\open\command =wscript.exe .\`.vbs
HKCU\..\..\Explorer\MountPoints2\{0ecc1fc9-cf08-11dc-92ec-001b7745351a}
Shell\AutoRun\command =wscript.exe .\.vbs
Shell\open\command =wscript.exe .\.vbs
HKCU\..\..\Explorer\MountPoints2\{10ee867d-a2e0-11de-95a6-890371cd61c9}
Shell\AutoRun\command =eyt.exe
Shell\open\Command =eyt.exe
HKCU\..\..\Explorer\MountPoints2\{1115575a-8eea-11dc-92b3-001b7745351a}
Shell\AutoRun\command =wscript.exe .\`.vbs
Shell\open\command =wscript.exe .\`.vbs
HKCU\..\..\Explorer\MountPoints2\{2008237e-dcc0-11dd-94c6-5050506f4531}
Shell\AutoRun\command =E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
Shell\open\command =E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
HKCU\..\..\Explorer\MountPoints2\{21c6b1a8-2fed-11de-952d-5050506f4531}
SHelL\AuTOPlAy\comMand =E:\pudmnt.cmd
SHelL\AutoRun\command =E:\pudmnt.cmd
SHelL\Explore\Command =E:\pudmnt.cmd
SHelL\oPeN\CommAnd =E:\pudmnt.cmd
HKCU\..\..\Explorer\MountPoints2\{22a64d3b-8de4-11dc-92b1-001b7745351a}
Shell\AutoRun\command =wscript.exe .\.vbs
Shell\open\command =wscript.exe .\.vbs
HKCU\..\..\Explorer\MountPoints2\{29365e93-7dc2-11de-9574-5050506f4531}
Shell\AutoRun\command =D:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sndmgr.exe
Shell\open\command =D:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sndmgr.exe
HKCU\..\..\Explorer\MountPoints2\{32ba9ba1-24dd-11de-9518-001d09c7b8d9}
Shell\AutoRun\command =D:\cv8j.exe
Shell\open\Command =D:\cv8j.exe
HKCU\..\..\Explorer\MountPoints2\{36799a1f-677f-11dc-929e-001b7745351a}
Shell\AutoRun\command =RavMon.exe
HKCU\..\..\Explorer\MountPoints2\{399fff0b-2875-11dc-9280-001b7745351a}
Shell\AutoRun\command =wscript.exe .\`.vbs
Shell\open\command =wscript.exe .\`.vbs
HKCU\..\..\Explorer\MountPoints2\{45d44ec6-ddfb-11dc-9317-0019b97da0dd}
Shell\Auto\command =setup.exe
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe
HKCU\..\..\Explorer\MountPoints2\{54669483-5d1b-11dc-9299-001b7745351a}
Shell\Auto\command =E:\AdobeR.exe e
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
HKCU\..\..\Explorer\MountPoints2\{67da1cf1-6842-11dc-929f-001b7745351a}
Shell\AutoRun\command =wscript.exe .\`.vbs
Shell\open\command =wscript.exe .\`.vbs
HKCU\..\..\Explorer\MountPoints2\{73996d6b-5264-11dd-9434-0019b97da0dd}
shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL
shell\open\command =E:\
HKCU\..\..\Explorer\MountPoints2\{73e946cf-17e4-11de-9508-5050506f4531}
Shell\AutoRun\command =s9it.bat
Shell\open\Command =s9it.bat
HKCU\..\..\Explorer\MountPoints2\{75d0afb4-2ae1-11de-9525-001d09c7b8d9}
Shell\AutoRun\command =E:\Setup.exe
HKCU\..\..\Explorer\MountPoints2\{7bb02b8a-7188-11dc-92a5-001b7745351a}
Shell\AutoRun\command =wscript.exe .\`.vbs
Shell\open\command =wscript.exe .\`.vbs
HKCU\..\..\Explorer\MountPoints2\{7da453a0-7b28-11dd-946a-5050506f4531}
shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\Recycler\svchost.exe
shell\open\command =E:\.\Recycler\svchost.exe
HKCU\..\..\Explorer\MountPoints2\{7fe0c5aa-15c8-11dd-93d7-0019b97da0dd}
Shell\AutoRun\command =xmnm2.cmd
Shell\explore\Command =xmnm2.cmd
Shell\open\Command =xmnm2.cmd
HKCU\..\..\Explorer\MountPoints2\{83ac0945-0fda-11df-9623-5050506f4531}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL DXGDIALOG.EXE
HKCU\..\..\Explorer\MountPoints2\{963f3b8e-d3bb-11dc-92fc-001b7745351a}
Shell\AutoRun\command =wscript.exe .\.vbs
Shell\open\command =wscript.exe .\.vbs
HKCU\..\..\Explorer\MountPoints2\{963f3b8f-d3bb-11dc-92fc-0019b97da0dd}
Shell\AutoRun\command =E:\LaunchU3.exe
HKCU\..\..\Explorer\MountPoints2\{963f3b90-d3bb-11dc-92fc-0019b97da0dd}
Shell\AutoRun\command =wscript.exe .\.vbs
Shell\open\command =wscript.exe .\.vbs
HKCU\..\..\Explorer\MountPoints2\{9f9a1351-6a7b-11dc-92a2-001b7745351a}
Shell\AutoRun\command =fooool.exe
Shell\explore\Command =fooool.exe
Shell\open\Command =fooool.exe
HKCU\..\..\Explorer\MountPoints2\{9f9a135e-6a7b-11dc-92a2-001b7745351a}
Shell\Auto\command =AdobeR.exe e
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
HKCU\..\..\Explorer\MountPoints2\{a3fe138e-7762-11de-956b-5050506f4531}
Shell\AutoRun\command =MALU.exe
HKCU\..\..\Explorer\MountPoints2\{be15e753-7fda-11dd-9472-5050506f4531}
Shell\AutoRun\command =22yj2fy1.exe
Shell\open\Command =22yj2fy1.exe
HKCU\..\..\Explorer\MountPoints2\{c9d6e2f1-fda4-11dd-94ea-001d09c7b8d9}
Shell\AutoRun\command =E:\ep9otvan.com
Shell\explore\Command =E:\ep9otvan.com
Shell\open\Command =E:\ep9otvan.com
HKCU\..\..\Explorer\MountPoints2\{d0b1ea78-dd9e-11dd-94c7-5050506f4531}
Shell\AutoRun\command =E:\xih9.cmd
Shell\explore\Command =E:\xih9.cmd
Shell\open\Command =E:\xih9.cmd
HKCU\..\..\Explorer\MountPoints2\{d6b3b23c-33b6-11dc-9288-0019b97da0dd}
Shell\Auto\command =AdobeR.exe e
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
HKCU\..\..\Explorer\MountPoints2\{d9812206-f8dd-11dd-94e4-5050506f4531}
Shell\AutoRun\command =RECYCLER\autorun.exe
Shell\open\command =RECYCLER\autorun.exe
HKCU\..\..\Explorer\MountPoints2\{e29a3e7c-bf6b-11dc-92c5-001b7745351a}
Shell\Auto\command =E:\AdobeR.exe e
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
HKCU\..\..\Explorer\MountPoints2\{f56bb08b-f29a-11dd-94dc-5050506f4531}
Shell\AutoRun\command =D:\rx.exe
Shell\open\Command =D:\rx.exe
HKCU\..\..\Explorer\MountPoints2\{fa21dc4f-a314-11dc-92be-001b7745351a}
Shell\AutoRun\command =wscript.exe .\`.vbs
Shell\open\command =wscript.exe .\`.vbs
################## | Vaccine |
(!) This computer is not vaccinated!
################## | ! End of report # UsbFix V6.097 ! |