amvo.exe

TR/Crypt.XPACK.Gen - amvo.exe - cfdflx.com

weiter HijackThis

O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe

weiter Combofix

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))

C:\WINDOWS\system32\_000111_.tmp.dll
D:\Autorun.inf
F:\Autorun.inf
G:\Autorun.inf
H:\Autorun.inf

[HKEY_CURRENT_USER\software\microsoft\windows\ currentversion\explorer\mountpoints2\{18577db0-f4d2-11dc-b1e3-0018f34a8b64}]
\Shell\AutoRun\command - I:\cfdflx.com
\Shell\explore\Command - I:\cfdflx.com
\Shell\open\Command - I:\cfdflx.com

[HKEY_CURRENT_USER\software\microsoft\windows\ currentversion\explorer\mountpoints2\{18577db1-f4d2-11dc-b1e3-0018f34a8b64}]
\Shell\AutoRun\command - J:\cfdflx.com
\Shell\explore\Command - J:\cfdflx.com
\Shell\open\Command - J:\cfdflx.com

KILLALL::

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18577db0-f4d2-11dc-b1e3-0018f34a8b64}]

File::
C:\WINDOWS\system32\amvo1.dll
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
I:\cfdflx.com
J:\cfdflx.com

KILLALL::

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18577db1-f4d2-11dc-b1e3-0018f34a8b64}]

File::
J:\cfdflx.com






virus-protect.org
startseite Valid HTML 4.01 Ranking-Hits antispam