Crss.exe virus

[Closed]
Report
Posts
5
Registration date
Wednesday March 27, 2013
Status
Member
Last seen
March 28, 2013
-
Posts
5
Registration date
Wednesday March 27, 2013
Status
Member
Last seen
March 28, 2013
-
Hello,

Somebody help me pls. I have a crss.exe virus and it totally absorbs one Processor core. Then my PC slows down. I cannot kill it...If i run a Rogue Kill it blocking 2 processes:

* C:\Users\pupi\AppData\Roaming\WindowsDrivers\vcrss.exe (PID: 4904) [UP-HEUR]
* C:\Users\pupi\AppData\Roaming\WindowsDrivers\crss.exe (PID: 4968) [UP-HEUR]

(practically it solves my Pc slow down problem...)
Then i try to remove the viruses and my Anti-Malware find the crss and it says it's deleted, but from the next startup it shows up again. I tried Avast too...but it didn't find anything. Maybe i should use some registry cleaner? Someone can help me?

thanks,
pupi

5 replies

Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,141
To help you and prescribe the remedy, I must make a diagnostic and to do so, I require a log.

1. Open this link and download ZHPDiag2 :

https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message.)

2. Save the file on your Desktop.

3. Double click on ZHPDiag.exe and follow the installation instructions.

The tool creates three icons ZHPDiag, MRB, and ZHPFix (If necessary,we will use ZHPFix at the next step).

4. Double click on the short cut ZHPDiag on your Destktop.

5. Click on the green arrow to ensure you have the latest version. Click on the eyedropper icon and ensure all of the items are checked.

6. Click on the Magnifying glass with the + sign and run the analysis.

Wait for the tool to finished (maybe a long time)

7. Close ZHPDiag.

8. To transmit the report, click on this link :

https://authentification.site

9. Click on Parcourir and search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).

10. Select the file ZHPDiag.txt.

11. Click on "upload »

12. Copy the URL and post it here.

Best regards

Ambucias
Moderator /Security Contributor
Posts
5
Registration date
Wednesday March 27, 2013
Status
Member
Last seen
March 28, 2013

Hy!
Here's the result:
http://speedy.sh/Sbytg/ZHPDiag.txt

thank you in advance!
Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,141
Hello,

Your system is badly infected and as I must leave for 10 hours, we may not be able to finish the job tonight.

Crss is a generic type of virus which designates many viruses such as you have.

1. First follow these instructions to remove Babylon:

http://ccm.net/faq/14594-how-to-get-rid-of-babylon-search-toolbar

2. Download the following Adwcleaner created by Xplode
https://ccm.net/download/download-24088-adwcleaner

3.Launch it (for Windows 7 and 8, click right to run as administrator)

Click on delete

4.Post the log C:\Adwcleaner[Sx].txt on this thread.

5. Download, install and run Malwarebyte which you can find on this site:

https://ccm.net/download/download-105-malwarebytes es-anti-malware

Ensure you make an update.

Please request a FULL system scan, which may take from 20 minutes to hours. Do not interfere no matter how long in takes. The creators of Malwarebyte recommend that while the tool is running that you go do something else, such as watching a rerun of Gone with the Wind or read Tolstoy's War and Peace.

If Malwarebyte restarts your system, launch it again to finish the Full scan.

When the scan is completed, delete all items found.

Please post the log here.

Good luck and I will catch-up to you tomorrow.
Posts
5
Registration date
Wednesday March 27, 2013
Status
Member
Last seen
March 28, 2013

Hy!

I followed the instructions but unfortunately the crss.exe is still here:(
Here's the 2 results:
http://speedy.sh/YRnyb/mbam-log-2013-03-28-12-48-16.txt

thanks again:)
Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,141
Please stand-by for further instructions.
Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,141
Hi,

On your desktop, ZHP Diag created an icon called ZHP Fix which looks like a seringe.

1. Open ZHP Fix.

2. Copy the lines below.

3. Click on the Clipboard button, top left which will paste the lines.

4. Click on Go.

Here are the lines to copy:

O42 - Logiciel: Giant Savings - (.215 Apps.) [HKLM][64Bits] -- Giant Savings => Infection PUP (PUP.RewardsArcade)*
O42 - Logiciel: SoftwareUpdater - (...) [HKLM][64Bits] -- SoftwareUpdater => Infection PUP (PUP.Eorezo)
O42 - Logiciel: Yontoo 1.10.03 - (.Yontoo LLC.) [HKLM][64Bits] -- {889DF117-14D1-44EE-9F31-C5FB5D47F68B} => Infection PUP (Adware.Yontoo)*
[HKCU\Software\9538bddb739eb44] => Infection PUP (Toolbar.Babylon)
[HKCU\Software\AppDataLow\Software\Crossrider] => Infection PUP (PUP.CrossRider)*
[HKCU\Software\AppDataLow\Software\Giant Savings] => Infection PUP (Adware.VidSaver)*
[HKCU\Software\DataMngr] => Infection PUP (PUP.BearShare)*
[HKCU\Software\Titan Poker] => Infection Web (Adware.Casino)
[HKLM\Software\Wow6432Node\9538bddb739eb44] => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\DataMngr] => Infection PUP (PUP.BearShare)*
[HKLM\Software\Wow6432Node\Titan Poker] => Infection Web (Adware.Casino)
O43 - CFD: 2012.08.25. - 17:33:48 - [2,643] ----D C:\Program Files (x86)\Giant Savings => Infection PUP (Adware.VidSaver)*
O43 - CFD: 2013.03.27. - 17:55:14 - [0,478] ----D C:\Program Files (x86)\SoftwareUpdater => Infection PUP (PUP.Eorezo)
O43 - CFD: 2013.03.27. - 17:54:29 - [0] ----D C:\ProgramData\Babylon => Infection PUP (Toolbar.Babylon)*
O43 - CFD: 2013.03.27. - 17:54:58 - [7,114] ----D C:\ProgramData\BrowserProtect => Infection PUP (Toolbar.Babylon)*
O43 - CFD: 2013.03.27. - 17:54:54 - [1,943] ----D C:\Users\pupi\AppData\Roaming\BabSolution => Infection PUP (Hijacker.BabSolution)
O43 - CFD: 2013.01.29. - 18:45:03 - [56,272] ----D C:\Users\pupi\AppData\Roaming\OpenCandy => Infection PUP (Adware.OpenCandy)*
O43 - CFD: 2013.03.27. - 17:58:04 - [0] ----D C:\Users\pupi\AppData\Roaming\WinDir => Infection Diverse
O43 - CFD: 2012.08.25. - 17:33:44 - [0,037] ----D C:\Users\pupi\AppData\Local\Giant Savings => Infection PUP (Adware.VidSaver)*
O43 - CFD: 2013.03.27. - 17:54:59 - [0,001] ----D C:\Users\pupi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect => Infection PUP (Toolbar.Babylon)*
O87 - FAEL: "{8F3B61D7-26CA-41EC-BB29-B3B0C57553C0}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) => Infection PUP (PUP.SweetIM)*
O87 - FAEL: "{27D5DAEB-FD34-416B-81EF-3E55FB0A34F6}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) => Infection PUP (PUP.SweetIM)*
[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] => Infection PUP (Toolbar.Babylon)
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] => Infection BT (PUP.ClaroSearch)
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011441179}] => Infection PUP (PUP.CrossRider)
[HKLM\Software\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] => Infection BT (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] => Infection BT (Toolbar.Babylon)
[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] => Infection BT (Adware.IncrediBar)
[HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] => Infection BT (Adware.IncrediBar)
[HKLM\Software\Wow6432Node\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] => Infection BT (Adware.IncrediBar)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}] => Infection BT (Adware.Yontoo)
[HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] => Infection PUP (Adware.Funmoods)
[HKLM\Software\Wow6432Node\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] => Infection PUP (Adware.Funmoods)
[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] => Infection PUP (Adware.Funmoods)
[HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] => Infection PUP (Adware.Funmoods)
[HKLM\Software\Wow6432Node\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] => Infection PUP (Adware.Funmoods)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] => Infection BT (Adware.Yontoo)
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] => Infection BT (Adware.Yontoo)
[HKLM\Software\Classes\AppID\escort.dll] => Infection PUP (PUP.Funmoods)*
[HKLM\Software\Classes\AppID\escortapp.dll] => Infection PUP (PUP.Funmoods)*
[HKLM\Software\Classes\AppID\escorteng.dll] => Infection PUP (PUP.Funmoods)*
[HKLM\Software\Classes\AppID\esrv.EXE] => Infection PUP (PUP.Funmoods)
[HKLM\Software\Classes\b] => Infection BT (Toolbar.Babylon)
[HKLM\Software\Classes\escort.escortIEPane] => Infection PUP (PUP.Funmoods)*
[HKLM\Software\Classes\escort.escortIEPane.1] => Infection PUP (PUP.Funmoods)*


[HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Wow6432Node\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Wow6432Node\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B] => Infection PUP (PUP.SweetIM)
[HKCU\Software\titan poker] => Infection Web (Adware.Casino)
[HKLM\Software\Wow6432Node\titan poker] => Infection Web (Adware.Casino)
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32] => Infection PUP (Toolbar.Babylon)*
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS] => Infection PUP (Toolbar.Babylon)*
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}] => Infection BT (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Giant Savings] => Infection PUP (Adware.VidSaver)*
[HKLM\Software\Classes\Prod.cap] => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Wow6432Node\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Wow6432Node\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3] => Infection PUP (PUP.SweetIM)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings] => Infection PUP (PUP.BProtector)
[HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B2FD9C0A5B9838449838816A28001F4B] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Wow6432Node\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Wow6432Node\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193] => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Classes\AppID\ESRV.EXE] => Infection PUP (PUP.Funmoods)
[HKLM\Software\Classes\CrossriderApp0004479.BHO] => Infection PUP (PUP.CrossRider)*
[HKLM\Software\Classes\CrossriderApp0004479.BHO.1] => Infection PUP (PUP.CrossRider)*
[HKLM\Software\Classes\CrossriderApp0004479.Sandbox] => Infection PUP (PUP.CrossRider)*
[HKLM\Software\Classes\CrossriderApp0004479.Sandbox.1] => Infection PUP (PUP.CrossRider)*
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0004479.BHO] => Infection PUP (PUP.CrossRider)*
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0004479.BHO.1] => Infection PUP (PUP.CrossRider)*
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0004479.Sandbox] => Infection PUP (PUP.CrossRider)*
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0004479.Sandbox.1] => Infection PUP (PUP.CrossRider)*
[HKLM\Software\Wow6432Node\Classes\escort.escortIEPane] => Infection PUP (PUP.Funmoods)*
[HKLM\Software\Wow6432Node\Classes\escort.escortIEPane.1] => Infection PUP (PUP.Funmoods)*
[HKLM\Software\Classes\AppID\escort.DLL] => Infection PUP (PUP.Funmoods)*
[HKLM\Software\Classes\AppID\escortApp.DLL] => Infection PUP (PUP.Funmoods)*
[HKLM\Software\Classes\AppID\escortEng.DLL] => Infection PUP (PUP.Funmoods)*
[HKLM\Software\Classes\AppID\escorTlbr.DLL] => Infection PUP (PUP.Funmoods)*
[HKCU\Software\Mozilla\Firefox\Extensions]:{0F827075-B026-42F3-885D-98981EE7B1AE} => Infection PUP (Toolbar.Babylon)
C:\Program Files (x86)\Giant Savings => Infection PUP (Adware.VidSaver)*
C:\ProgramData\Babylon => Infection PUP (Toolbar.Babylon)*
C:\Users\pupi\AppData\Roaming\OpenCandy => Infection PUP (Adware.OpenCandy)*
C:\Users\pupi\AppData\Roaming\BabSolution => Infection PUP (Hijacker.BabSolution)
C:\Users\pupi\AppData\Local\Giant Savings => Infection PUP (Adware.VidSaver)*
C:\Users\pupi\AppData\LocalLow\SweetIM => Infection PUP (PUP.SweetIM)*
C:\Users\pupi\AppData\Local\Temp\Software => Infection PUP (Adware.Boxore)
C:\Users\pupi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph => Infection BT (Spyware.GamePlayLabs)
[HKCU\Software\9538bddb739eb44\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.5.986.67]:dllName="BrowserProtect.dll" => Infection PUP (Toolbar.Babylon)*
[HKCU\Software\9538bddb739eb44\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.5.986.67]:exeName="BrowserProtect.exe" => Infection PUP (Toolbar.Babylon)*
[HKCU\Software\9538bddb739eb44\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.5.986.67]:folderName="BrowserProtect" => Infection PUP (Toolbar.Babylon)*
[HKCU\Software\9538bddb739eb44\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.5.986.67]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.5.986.67]:serviceName="BrowserProtect" => Infection PUP (Toolbar.Babylon)*
[HKCU\Software\9538bddb739eb44\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.5.986.67]:version="2.5.986.67" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:HPCHREGEXP0="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:HPCHREGEXP1="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig==" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:HPCHREGEXP2="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U=" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:HPFFREGEXP0="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:HPFFREGEXP1="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig==" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:HPFFREGEXP2="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U=" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:HPIEREGEXP0="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:HPIEREGEXP1="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig==" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:HPIEREGEXP2="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U=" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:INSTALL_FOLDER_NAME="BrowserProtect" => Infection PUP (Toolbar.Babylon)*
[HKCU\Software\9538bddb739eb44]:KWFFREGEXP0="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:KWFFREGEXP1="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig==" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:KWFFREGEXP2="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U=" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:NTCHREGEXP0="FO81jovjQUF+5S6+haV7vGe3TMfw8oqWAhSaKzFS9OtdgZ1j5X+B4jW/459R" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:NTFFREGEXP0="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:NTFFREGEXP1="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig==" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:NTFFREGEXP2="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U=" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:PROTECTOR_DLL_NAME="BrowserProtect.dll" => Infection PUP (Toolbar.Babylon)*
[HKCU\Software\9538bddb739eb44]:PROTECT_EXE_NAME="BrowserProtect.exe" => Infection PUP (Toolbar.Babylon)*
[HKCU\Software\9538bddb739eb44]:SECHREGEXP0="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:SECHREGEXP1="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig==" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:SECHREGEXP2="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U=" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:SEFFREGEXP0="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:SEFFREGEXP1="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig==" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:SEFFREGEXP2="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U=" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:SEIEREGEXP0="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:SEIEREGEXP1="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig==" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:SEIEREGEXP2="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U=" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:SERVICE_NAME="BrowserProtect" => Infection PUP (Toolbar.Babylon)*
[HKCU\Software\9538bddb739eb44]:usrcheckbox="0" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:version="2.6.1125.80" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:HPCHREGEXP0="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:HPCHREGEXP1="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig==" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:HPCHREGEXP2="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U=" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:HPFFREGEXP0="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:HPFFREGEXP1="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig==" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:HPFFREGEXP2="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U=" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:HPIEREGEXP0="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:HPIEREGEXP1="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig==" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:HPIEREGEXP2="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U=" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:INSTALL_FOLDER_NAME="BrowserProtect" => Infection PUP (Toolbar.Babylon)*
[HKLM\Software\Wow6432Node\9538bddb739eb44]:KWFFREGEXP0="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:KWFFREGEXP1="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig==" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:KWFFREGEXP2="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U=" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:NTCHREGEXP0="FO81jovjQUF+5S6+haV7vGe3TMfw8oqWAhSaKzFS9OtdgZ1j5X+B4jW/459R" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:NTFFREGEXP0="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:NTFFREGEXP1="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig==" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:NTFFREGEXP2="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U=" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:PROTECTOR_DLL_NAME="BrowserProtect.dll" => Infection PUP (Toolbar.Babylon)*
[HKLM\Software\Wow6432Node\9538bddb739eb44]:PROTECT_EXE_NAME="BrowserProtect.exe" => Infection PUP (Toolbar.Babylon)*
[HKLM\Software\Wow6432Node\9538bddb739eb44]:SECHREGEXP0="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:SECHREGEXP1="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig==" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:SECHREGEXP2="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U=" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:SEFFREGEXP0="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:SEFFREGEXP1="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig==" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:SEFFREGEXP2="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U=" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:SEIEREGEXP0="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:SEIEREGEXP1="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig==" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:SEIEREGEXP2="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U=" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:SERVICE_NAME="BrowserProtect" => Infection PUP (Toolbar.Babylon)*
[HKLM\Software\Wow6432Node\9538bddb739eb44]:usrcheckbox="0" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:version="2.6.1125.80" => Infection PUP (Toolbar.Babylon)
SR - | Auto 2569168 | (BrowserProtect) . (...) - C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe => Infection PUP (Toolbar.Babylon)*
SR - | Auto 31744 | (SrvUpdater) . (...) - C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe => Infection PUP (PUP.Eorezo)

5. Restart your computer.

6. Ensure the previous ZHP Diag log is deleted.

7. Generate a new ZHP log and upload it on speedyshare.

Regards
Posts
5
Registration date
Wednesday March 27, 2013
Status
Member
Last seen
March 28, 2013

Hy!

Here's the result:
http://speedy.sh/PNsyv/ZHPDiag.txt

Oh...is it bad if the rouguekill program was running while i did the analisys? It's always running now...

thanks,
Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,141
I would very much appreciate if you did not run anything unless I see it necessary, I did not detect any rogue trojan horse. You see, some tools may compromise the system stability.

Stand-by
Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,141
Gee, I am terribly sorry but I can't help you any further.

You were looking for trouble and you got it.

Upon a deep analysis, I found that you have downloaded and installed crack software.

You must delete Spybot as it will create big conflicts with your antivirus, anyway it's useless.

All of the malware you got came from torrent downloads or leaving the torrent applications open.

First repeat the actions with ZHP Fix with this lines:

[HKLM\Software\Wow6432Node\SoftwareUpdater] => Infection PUP (PUP.Eorezo)
O4 - GS\Programs: SpeechGrid.lnk . (...) -- C:\Program Files (x86)\SpeechGrid\SpeechGrid.exe (.not file.) => Fichier absent
O4 - GS\QuickLaunch: Spybot - Search & Destroy.lnk . (.Safer Networking Limited - Spybot - Search & Destroy.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe => Safer Networking Ltd - Spybot S&D*
O4 - GS\Desktop: Spybot - Search & Destroy.lnk . (.Safer Networking Limited - Spybot - Search & Destroy.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe => Safer Networking Ltd - Spybot S&D*
O42 - Logiciel: Spybot - Search & Destroy - (.Safer Networking Limited.) [HKLM][64Bits] -- {B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 => Safer Networking Ltd - Spybot S&D*
O42 - Logiciel: µTorrent - (...) [HKLM][64Bits] -- uTorrent => P2P.µTorrent*
[HKCU\Software\BitTorrent] => P2P.BitTorrent*
[HKCU\Software\William Hill Poker] => Online Games Casino
[HKLM\Software\Wow6432Node\William Hill Poker] => Online Games Casino
O43 - CFD: 2012.10.16. - 15:33:17 - [61,763] ----D C:\Program Files (x86)\Spybot - Search & Destroy => Safer Networking Ltd - Spybot S&D*
O43 - CFD: 2012.07.14. - 13:24:08 - [0,854] ----D C:\Program Files (x86)\uTorrent => P2P.µTorrent*
O43 - CFD: 2013.03.28. - 0:31:10 - [10,785] ----D C:\ProgramData\Spybot - Search & Destroy => Safer Networking Ltd - Spybot S&D*
O43 - CFD: 2013.03.27. - 19:30:20 - [6,047] ----D C:\Users\pupi\AppData\Roaming\uTorrent => P2P.µTorrent*
O43 - CFD: 2013.01.01. - 18:38:11 - [0] ----D C:\Users\pupi\AppData\Local\ESN => Empty Folder not necessary
O44 - LFC:[MD5.8CF2B639F0324328B9902120198FF4AA] - 2013.03.28. - 12:45:26 ---A- . (...) -- C:\Windows\DeleteOnReboot.bat [97] => Xplode - AdwCleaner DeleteOnReboot
O47 - AAKE:Key Export SP - "C:\Users\pupi\AppData\Local\Temp\cvtres.exe" [Enabled] .(...) -- C:\Users\pupi\AppData\Local\Temp\cvtres.exe (.not file.) => Temporary file not necessary
O47 - AAKE:Key Export SP - "C:\Users\pupi\AppData\Roaming\bot.exe" [Enabled] .(...) -- C:\Users\pupi\AppData\Roaming\bot.exe (.not file.) => Fichier absent
O47 - AAKE:Key Export SP - "C:\Users\pupi\AppData\Local\Temp\46240.exe" [Enabled] .(...) -- C:\Users\pupi\AppData\Local\Temp\46240.exe (.not file.) => Temporary file not necessary
O47 - AAKE:Key Export SP - "C:\Users\pupi\AppData\Roaming\system32.exe" [Enabled] .(...) -- C:\Users\pupi\AppData\Roaming\system32.exe (.not file.) => Fichier absent
O47 - AAKE:Key Export SP - "C:\Users\pupi\AppData\Local\Temp\explorer.exe" [Enabled] .(...) -- C:\Users\pupi\AppData\Local\Temp\explorer.exe (.not file.) => Temporary file not necessary
O47 - AAKE:Key Export SP - "C:\Users\pupi\AppData\Roaming\explorer.exe" [Enabled] .(...) -- C:\Users\pupi\AppData\Roaming\explorer.exe (.not file.) => Fichier absent
O51 - MPSK:{23c4ff37-6cd9-11e2-a116-bc5ff43878a2}\AutoRun\command. (...) -- H:\Startme.exe (.not file.) => Fichier absent
O51 - MPSK:{54ccd619-53aa-11e2-907d-bc5ff43878a2}\AutoRun\command. (...) -- H:\OriginInstaller.exe (.not file.) => Fichier absent
O61 - LFC: 2013.03.25. - 0:11:06 ---A- C:\Users\pupi\AppData\Roaming\uTorrent\dht.dat [3884] => P2P.µTorrent*
O61 - LFC: 2013.03.25. - 0:11:06 ---A- C:\Users\pupi\AppData\Roaming\uTorrent\dht_feed.dat [2] => P2P.µTorrent*
O61 - LFC: 2013.03.25. - 0:11:06 ---A- C:\Users\pupi\AppData\Roaming\uTorrent\resume.dat [364923] => P2P.µTorrent*
O61 - LFC: 2013.03.25. - 0:11:06 ---A- C:\Users\pupi\AppData\Roaming\uTorrent\rss.dat [99] => P2P.µTorrent*
O61 - LFC: 2013.03.25. - 0:11:06 ---A- C:\Users\pupi\AppData\Roaming\uTorrent\settings.dat [13570] => P2P.µTorrent*
O61 - LFC: 2013.03.27. - 17:41:44 R-H-- C:\Users\pupi\AppData\Local\Temp\scweduler.exe [12800] => Temporary file not necessary
O61 - LFC: 2013.03.27. - 18:05:08 ---A- C:\Users\pupi\AppData\Local\Temp\dd_vcredistMSI16C5.txt [381958] => Temporary file not necessary
O61 - LFC: 2013.03.27. - 18:05:09 ---A- C:\Users\pupi\AppData\Local\Temp\dd_vcredistUI16C5.txt [11406] => Temporary file not necessary
O61 - LFC: 2013.03.27. - 18:23:55 ---A- C:\Users\pupi\AppData\Local\Temp\~DFD0D69AD396BB141A.TMP [245760] => Temporary file not necessary
O61 - LFC: 2013.03.27. - 22:23:29 ---A- C:\Users\pupi\AppData\Local\Temp\chart_data.dat [20988] => Temporary file not necessary
O61 - LFC: 2013.03.28. - 12:40:24 ---A- C:\Users\pupi\AppData\Local\Temp\CRX_75DAF8CB7768\crl-set [1549] => Temporary file not necessary
O61 - LFC: 2013.03.28. - 12:40:24 ---A- C:\Users\pupi\AppData\Local\Temp\CRX_75DAF8CB7768\manifest.json [34] => Temporary file not necessary
O61 - LFC: 2013.03.28. - 12:45:46 ---A- C:\Users\pupi\AppData\Local\Temp\~DFA3B09F45101E5B23.TMP [327680] => Temporary file not necessary
O61 - LFC: 2013.03.28. - 12:46:00 ---A- C:\Users\pupi\AppData\Local\Temp\~DFAC74C296081A4734.TMP [327680] => Temporary file not necessary
O61 - LFC: 2013.03.28. - 12:48:02 ---A- C:\Users\pupi\AppData\Local\Temp\~DF18B582ED69D75576.TMP [344064] => Temporary file not necessary
O61 - LFC: 2013.03.28. - 17:54:12 ---A- C:\Users\pupi\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-3-28-2013( 17-54-12 ).SDB [0] => SUPERAntiSpyware.com - AppLogs
O61 - LFC: 2013.03.28. - 18:00:23 ---A- C:\Users\pupi\AppData\Local\Temp\~DF2C62E4643777403D.TMP [344064] => Temporary file not necessary
O61 - LFC: 2013.03.28. - 18:01:11 ---A- C:\Users\pupi\AppData\Local\Temp\~DF88E297F220202F3D.TMP [327680] => Temporary file not necessary
O61 - LFC: 2013.03.28. - 18:01:39 ---A- C:\Users\pupi\AppData\Local\Temp\~DFA736E16640C32FCE.TMP [344064] => Temporary file not necessary
O61 - LFC: 2013.03.28. - 18:27:58 ---A- C:\Users\pupi\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\quarantine.db [262144] => SUPERAntiSpyware.com - Quarantine
O61 - LFC: 2013.03.28. - 18:28:34 ---A- C:\Users\pupi\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-3-28-2013( 18-0-49 ).SDB [919260] => SUPERAntiSpyware.com - AppLogs
O61 - LFC: 2013.03.28. - 21:37:44 ---A- C:\Users\pupi\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-3-28-2013( 21-37-44 ).SDB [0] => SUPERAntiSpyware.com - AppLogs
D:\torrentrõl\nero-8.3.2.1_europe_micro\keygen.exe => Crack, KeyGen, Keymaker - Possible Malware
G:\játék\Call of Duty 2\keygen.exe => Crack, KeyGen, Keymaker - Possible Malware
[MD5.F23663CEC54B8E8FF8784C201A95EFC0] [SPRF][2013.03.27.] (...) -- C:\Users\pupi\AppData\Local\Temp\chart_data.dat [20988] => Temporary file not necessary
[MD5.AFCD63EED7C306D3E4E9539CC54621C7] [SPRF][2013.03.27.] (.Microsoft Corporation - Microsoft Scweduler Task Performer.) -- C:\Users\pupi\AppData\Local\Temp\scweduler.exe [12800] => Temporary file not necessary
O87 - FAEL: "{F019F04D-E880-43ED-96C8-69C320D74A4F}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe => P2P.BitTorrent*
O87 - FAEL: "{41A7A36C-C9B3-4A71-8FF1-787BC4E1C5C5}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe => P2P.BitTorrent*
O87 - FAEL: "{2DED5884-CB3F-46EB-B399-E71E41E906E7}" |In - Domain - P6 - TRUE | .(...) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\WNt500x64\RpcSandraSrv
O51 - MPSK:{81266047-cdaf-11e1-80b7-bc5ff43878a2}\AutoRun\command. (...) -- H:\SETUP.exe (.not file.) => Existe aussi en malware DELF-CA.Troj
O51 - MPSK:{96c6d578-cdd9-11e1-8e3d-806e6f6e6963}\AutoRun\command. (...) -- F:\setup.exe (.not file.) => Existe aussi en malware DELF-CA.Troj
O51 - MPSK:{ca292906-479e-11e2-8c7b-bc5ff43878a2}\AutoRun\command. (...) -- H:\SETUP.exe (.not file.) => Existe aussi en malware DELF-CA.Troj
O51 - MPSK:{ca292907-479e-11e2-8c7b-bc5ff43878a2}\AutoRun\command. (...) -- H:\SETUP.exe (.not file.) => Existe aussi en malware DELF-CA.Troj
O51 - MPSK:{cde56a40-91f4-11e2-91d1-bc5ff43878a2}\AutoRun\command. (...) -- H:\autorun.exe (.not file.) => Microsoft Windows NT or Infection USB
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094] => Macromedia/Dreamweaver or PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536] => Macromedia/D

I would like to fix one thing which issues from external memory devices

Download UsbFix (created by El Desaparecido) on your desktop.

http://ccm.net/download/download-24089-usbfix

If your antivirus gives an alert, ignore it and temporarily deactivate the antivirus.
Plug in your usb devices (Flash drive, pen drive. External HD etc...) don't open them.
Double click sur UsbFix.exe.

Click on deletion
.
Let the tool work.

At the end of the scan a report will show which you can copy and paste here..

The report is save at the root ( C:\UsbFix.txt ).

Isn't this fun ?
Posts
5
Registration date
Wednesday March 27, 2013
Status
Member
Last seen
March 28, 2013

thanks again:)
I'm working on it:)