Hello, I have a virus called explorer.exe. What should I do to remove it? My antivirus (Avira) keeps detecting it but doesn't delete it. Please help me, it’s very urgent.

VIRUS explorer.exe : CCM

Answer 1 / 7

Anonymous user

Hello,

• Download and install UsbFix

(!) Connect your external data sources to your PC (USB flash drive, external hard drive, etc...) that may have been infected without opening them

• Double-click on the UsbFix shortcut present on your desktop.

• Choose option 1 (Scan)

• Let the tool work.

• Then post the UsbFix.txt report that will appear.

• Note: The UsbFix.txt report is saved at the root of the drive. (C:\UsbFix.txt)

( CTRL+A to select all, CTRL+C to copy, and CTRL+V to paste )

• Note: "Process.exe," a component of the tool, is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky Anti-Virus) as a RiskTool.
It is not a virus but a utility designed to terminate processes.
In the wrong hands, this utility could stop security software (Antivirus, Firewall...) hence the alert from these antivirus programs.

• Tutorial: http://pagesperso-orange.fr/NosTools/usbfix.html
--
See you later

sonia

Hello, here is the report:

############################## [ UsbFix V3.017 # Scan ]

# User : user (Administrators) # ETS-1CF03A92B9C
# Update on 06/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 21:08:54 | 06/05/2009

# Processor Intel Celeron
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : Avira AntiVir PersonalEdition Classic 8.0.1.30 [ Enabled | Updated ]

# A:\ # 3.5 inch Floppy Disk Drive
# C:\ # Local Hard Drive # 19.53 GB (10.39 GB free) # NTFS
# D:\ # Local Hard Drive # 19.53 GB (16.78 GB free) # NTFS
# E:\ # Local Hard Drive # 19.53 GB (14.28 GB free) # NTFS
# F:\ # Local Hard Drive # 18.08 GB (10.8 GB free) [New name] # NTFS
# G:\ # CD-ROM Drive
# I:\ # Removable Drive # 986.04 MB (221.43 MB free) [SONIA] # FAT32

############################## [ Active Processes ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\Internet Download Manager\IDMan.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\program files\Internet Download Manager\IEMonitor.exe
D:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
I:\memory.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
D:\software\Rav antivirus\rav.exe
E:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Registry # Startup ]

HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="https://www.google.com/?gws_rd=ssl"
HKCU_Main: "Start Page"="https://www.google.fr/?gws_rd=ssl"
HKCU_Main: "Start Page Redirect Cache"="https://www.msn.com/fr-fr?ocid=iehp"
HKCU_Main: "Start Page Redirect Cache_TIMESTAMP"=hex:10,2e,be,3e,18,b1,c9,01
HKCU_Main: "Start Page Redirect Cache AcceptLangs"="fr"
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="user"
HKLM_logon: "AltDefaultUserName"="user"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
HKLM_Run: !AVG Anti-Spyware="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
HKLM_Run: QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
HKLM_Run: WinampAgent="D:\Program Files\Winamp\winampa.exe"
HKLM_Run: TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
HKLM_Run: explorer=C:\WINDOWS\BackUp\explorer.exe
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
HKCU_Run: IDMan=C:\program files\Internet Download Manager\IDMan.exe /onboot
HKCU_Run: msnmsgr="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
HKCU_Run: swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

################## [ Information ]

################## [ Files # Infectious Folders ]

Found ! C:\explorer.exe
Found ! I:\explorer.exe

################## [ Registry # Infectious Run Keys ]

Found ! HKLM\software\microsoft\security center\\ "AntiVirusOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "Explorer"
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe

################## [ Registry # Mountpoints2 ]

HKCU\Software\Microsoft\....\MountPoints2\{18519191-2d93-11de-bbf7-00e04c78f735}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{18519191-2d93-11de-bbf7-00e04c78f735}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{18519191-2d93-11de-bbf7-00e04c78f735}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{8a811751-18af-11de-bbc0-00e04c78f735}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{8de94b42-050b-11de-bb82-00e04c78f735}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{8de94b42-050b-11de-bb82-00e04c78f735}\Shell\open\Command

################## [ ! End of report # UsbFix V3.017 ! ]

Answer 2 / 7

Anonymous user

you know this folder: C:\WINDOWS\BackUp

(!) Plug in your external data sources to your PC (USB flash drive, external hard drive, etc...) that may have been infected without opening them

• Double-click on the UsbFix shortcut on your desktop

• Choose option 2 (Deletion)

• Your desktop will disappear and the PC will restart.

• Upon restarting, UsbFix will scan your PC, let the tool work.

• Then post the UsbFix.txt report that will appear with the desktop.

• Note: The UsbFix.txt report is saved at the root of the drive. (C:\UsbFix.txt)

( CTRL+A to select all, CTRL+C to copy, and CTRL+V to paste )

--
@+

sonia

Hi
the second report is displayed.
what should I do now?????????????

sonia

The zip file that infected the microphone is still present on the flash drive.

Answer 3 / 7

Anonymous user

--> Download OTMoveIt3 (OldTimer) to your Desktop:
http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-click on OTMoveIt3.exe to launch it.

---> Copy (Ctrl+C) the text below:

:processes
explorer.exe

:files
C:\WINDOWS\BackUp\explorer.exe
C:\WINDOWS\BackUp

:commands
[emptytemp]
[start explorer]
[reboot]

---> Paste (Ctrl+V) the previously copied text into the Paste Instructions for Items to be Moved box.

---> Now click on the MoveIt! button and then close OTMoveIt3.

If a file or folder cannot be deleted immediately, the software will ask you to restart.
Accept by clicking YES.

---> Post the report found in this folder: C:\_OTMoveIt\MovedFiles\
The report name corresponds to the time of its creation: date_time.log

--
@+

sonia

Here is the report, I hope it's the last one because it's exhausting.
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\WINDOWS\BackUp\explorer.exe moved successfully.
C:\WINDOWS\BackUp moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DFA1D7.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DFB6BC.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DFD8AA.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DFD8C1.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DFDA42.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DFDA74.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DFDBA1.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DFDBB9.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DFDBF8.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DFDC10.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DFDD32.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DFDD45.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DFDD81.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DFDD94.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DFDDD7.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DFDDEA.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DFDE3A.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DFDE4D.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DFDF80.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DFDF98.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\N1PQMPAO\affich-12338013-virus-explorer-exe[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\N1PQMPAO\AHF5PTNCAJ3WZZYCA66EWL4CA6IX8PUCA1EGHXTCAOFKZZKCAND65F9CA3COKFLCAN1QQPHCAP8JOQRCAQN9PSACAMEQL7XCAD1ZSFUCA6XCWVJCAN8WRWRCA0M0YQRCA8SJSKYCAIB675QCAKEV0DDCA91YQ9P.htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\N1PQMPAO\AYI96DDCA419Z0SCAGUKOIYCACKUOKECANNMH9TCA0D07MWCAWHN9NCCAM4QI4ACAEB9GR8CAXCJ4MVCA1QX4WPCAP9KZ2UCAC5QL2CCA6L3KDCCAZ3HOXFCA5DPIRQCA344B52CARNZY03CA0G0TY7CABB214A.htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_b8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05062009_221959

Files moved on Reboot...
File C:\DOCUME~1\user\LOCALS~1\Temp\~DFA1D7.tmp not found!
File C:\DOCUME~1\user\LOCALS~1\Temp\~DFB6BC.tmp not found!
File C:\DOCUME~1\user\LOCALS~1\Temp\~DFD8AA.tmp not found!
File C:\DOCUME~1\user\LOCALS~1\Temp\~DFD8C1.tmp not found!
File C:\DOCUME~1\user\LOCALS~1\Temp\~DFDA42.tmp not found!
File C:\DOCUME~1\user\LOCALS~1\Temp\~DFDA74.tmp not found!
File C:\DOCUME~1\user\LOCALS~1\Temp\~DFDBA1.tmp not found!
File C:\DOCUME~1\user\LOCALS~1\Temp\~DFDBB9.tmp not found!
File C:\DOCUME~1\user\LOCALS~1\Temp\~DFDBF8.tmp not found!
File C:\DOCUME~1\user\LOCALS~1\Temp\~DFDC10.tmp not found!
File C:\DOCUME~1\user\LOCALS~1\Temp\~DFDD32.tmp not found!
File C:\DOCUME~1\user\LOCALS~1\Temp\~DFDD45.tmp not found!
File C:\DOCUME~1\user\LOCALS~1\Temp\~DFDD81.tmp not found!
File C:\DOCUME~1\user\LOCALS~1\Temp\~DFDD94.tmp not found!
File C:\DOCUME~1\user\LOCALS~1\Temp\~DFDDD7.tmp not found!
File C:\DOCUME~1\user\LOCALS~1\Temp\~DFDDEA.tmp not found!
File C:\DOCUME~1\user\LOCALS~1\Temp\~DFDE3A.tmp not found!
File C:\DOCUME~1\user\LOCALS~1\Temp\~DFDE4D.tmp not found!
File C:\DOCUME~1\user\LOCALS~1\Temp\~DFDF80.tmp not found!
File C:\DOCUME~1\user\LOCALS~1\Temp\~DFDF98.tmp not found!
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\N1PQMPAO\affich-12338013-virus-explorer-exe[1].htm moved successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\N1PQMPAO\AHF5PTNCAJ3WZZYCA66EWL4CA6IX8PUCA1EGHXTCAOFKZZKCAND65F9CA3COKFLCAN1QQPHCAP8JOQRCAQN9PSACAMEQL7XCAD1ZSFUCA6XCWVJCAN8WRWRCA0M0YQRCA8SJSKYCAIB675QCAKEV0DDCA91YQ9P.htm moved successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\N1PQMPAO\AYI96DDCA419Z0SCAGUKOIYCACKUOKECANNMH9TCA0D07MWCAWHN9NCCAM4QI4ACAEB9GR8CAXCJ4MVCA1QX4WPCAP9KZ2UCAC5QL2CCA6L3KDCCAZ3HOXFCA5DPIRQCA344B52CARNZY03CA0G0TY7CABB214A.htm moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_b8.dat not found!

Answer 4 / 7

Anonymous user

Download Malwarebytes
https://www.malwarebytes.com/

Install it; the program will automatically update itself.

Once updated, the program will launch; click on the settings tab, and check the box: "Disable Internet Explorer during removal."

Now click on the scan tab and check the box: "Run a quick scan."

Then click on "Scan."

Let it scan the PC...

If any items are found > click on "Remove Selected."

If asked to restart > click on "Yes."

At the end, a report will open; save it so you can find it to post on the forum.

Copy and paste the report please.

PS: Reports are also stored in the report/log tab.

--
See you later.

sonia

Here is the report:
Malwarebytes' Anti-Malware 1.36
Database version: 2085
Windows 5.1.2600 Service Pack 2

06/05/2009 22:59:06
mbam-log-2009-05-06 (22-59-06).txt

Scan type: Quick scan
Items examined: 71362
Elapsed time: 6 minute(s), 56 second(s)

Infected memory process(es): 0
Infected memory module(s): 0
Infected Registry key(s): 1
Infected Registry value(s): 0
Infected Registry data item(s): 0
Infected folder(s): 0
Infected file(s): 2

Infected memory process(es):
(No harmful items detected)

Infected memory module(s):
(No harmful items detected)

Infected Registry key(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infected Registry value(s):
(No harmful items detected)

Infected Registry data item(s):
(No harmful items detected)

Infected folder(s):
(No harmful items detected)

Infected file(s):
C:\RECYCLER\explorer.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Program Files\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

sonia

Thank you very much, that's very kind.

Answer 5 / 7

sonia

The name of this virus is INF/AutuRun.9534. Please tell me which antivirus can remove it.

Answer 6 / 7

Anonymous user

I don't have my report, so I'm not continuing...

--
See you later

sonia

############################## [ UsbFix V3.017 # Cleaning ]

# User : user (Administrators) # ETS-1CF03A92B9C
# Update on 06/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 21:43:39 | 06/05/2009

# Intel Celeron Processor
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : Avira AntiVir PersonalEdition Classic 8.0.1.30 [ Enabled | Updated ]

# A:\ # 3.5-inch Floppy Drive
# C:\ # Local Fixed Disk # 19.53 Go (10.55 Go free) # NTFS
# D:\ # Local Fixed Disk # 19.53 Go (16.78 Go free) # NTFS
# E:\ # Local Fixed Disk # 19.53 Go (14.28 Go free) # NTFS
# F:\ # Local Fixed Disk # 18.08 Go (10.8 Go free) [New Name] # NTFS
# G:\ # CD-ROM Drive
# I:\ # Removable Drive # 986.04 Mo (221.43 Mo free) [SONIA] # FAT32

############################## [ Active Processes ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Infectious Files # Folders ]

Deleted ! C:\explorer.exe
Deleted ! I:\explorer.exe

################## [ Registry # Infectious Run Keys ]

# HKLM\software\microsoft\security center\\ "AntiVirusOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset successfully !
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "Explorer"
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe

################## [ Registry # Mountpoints2 ]

Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{18519191-2d93-11de-bbf7-00e04c78f735}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{8a811751-18af-11de-bbc0-00e04c78f735}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{8de94b42-050b-11de-bb82-00e04c78f735}\Shell\AutoRun\command

################## [ Listing of Present Files ]

[25/02/2009 16:10|--a------|0] - C:\AUTOEXEC.BAT
[25/02/2009 16:03|---hs----|212] - C:\boot.ini
[07/09/2002 02:00|-rahs----|4952] - C:\Bootfont.bin
[25/02/2009 16:10|--a------|0] - C:\CONFIG.SYS
[?|?|?] - C:\hiberfil.sys
[25/02/2009 16:10|-rahs----|0] - C:\IO.SYS
[12/06/2002 01:04|--a------|1714] - C:\key.txt
[25/02/2009 16:10|-rahs----|0] - C:\MSDOS.SYS
[04/08/2004 04:38|-rahs----|47564] - C:\NTDETECT.COM
[04/08/2004 04:59|-rahs----|251712] - C:\ntldr
[?|?|?] - C:\pagefile.sys
[06/05/2009 21:49|--a------|3603] - C:\UsbFix.txt
[30/04/2009 16:45|--a------|2228534] - D:\audacity-win-1.2.6.exe
[04/09/2008 02:11|--a------|54600] - D:\npbittorrent.dll
[29/06/2008 17:53|--a------|52991472] - D:\quran_tafseer_05.exe
[28/03/2009 20:54|--a------|76] - E:\New Text Document.txt
[12/04/2009 00:42|--a------|256000] - E:\tableau.doc
[01/04/2009 19:27|---h-----|45056] - E:\~WRL2027.tmp
[26/04/2009 22:32|--a------|76895] - I:\partie conceptionIII.DOCX
[12/01/2009 22:58|---hs----|53248] - I:\Thumbs.db
[04/04/2009 19:20|--a------|136826] - I:\New Microsoft Office Word Document.docx
[03/04/2009 22:40|--a------|944783] - I:\phpcs_MOGADORSHOP___Page.zip
[07/05/2009 11:34|--a------|1044] - I:\couleur.php
[24/04/2009 19:43|--a------|61325517] - I:\7635_eval.zip
[29/03/2009 14:51|--a------|2634573] - I:\client_serveur.docx
[21/03/2009 13:27|--a------|15119] - I:\hakmat lakdar.docx
[17/04/2009 20:13|--a------|521461] - I:\documentAnalyseUml.zip
[17/04/2009 20:52|--a------|984702] - I:\phpcs_PETIT-COMMERCE___Page.zip
[17/04/2009 20:54|--a------|75727] - I:\phpcs_APPLICATION-COMMERCE___Page.zip
[26/04/2009 14:25|--a------|79711] - I:\chapitre I.DOCX
[30/04/2009 15:19|--a------|39264] - I:\Merise-SupportMCT.pdf
[26/01/2009 10:33|--a------|316607] - I:\m‚moire.exe
[03/07/2003 07:27|--a------|11516184] - I:\EDrawSetup_fr.exe

################## [ Vaccination ]

# I:\autorun.inf -> Folder created by UsbFix.

################## [ Cracks / Keygens / Serials ]

# -> Nothing found !

################## [ ! End of report # UsbFix V3.017 ! ]

sonia

You have received your report. You can continue now, chiquitine29? Please.

Answer 7 / 7

Anonymous user

http://www.commentcamarche.net/forum/affich 12338013 virus explorer exe?#9

--
@+

sonia

You know the infecting file still exists and it scares me
was that the last step or not and I'm sorry for the inconvenience

VIRUS explorer.exe

7 answers

Convert text to audio

My amazon chat is stuck

Reinstallation of w11 impossible after pc crash...

How to watch programming in the french antilles

Asus vivobook pc won’t boot anymore, need help

Canon mg6250 printer functionality on windows 11

Copy/paste scanned text jpeg format

Pc build help mao purchase guide

Cannot use my ctp18 tablet with meetingbar

Hello, i don’t know anything about it … but i’d like to find a