Removed: C:\WINDOWS\system32\devon.exe (trojan Injector)

I will tell you in this post how to fix the issue manually and how to clean it automatically using a special powerful removal tool. You can download the removal program for free here:

Malware: out.exe

Removed: C:\WINDOWS\system32\devon.exe

—————————————————————————————————————————-
Detected by UnHackMe:

Item Name: Developer Operations Network
Author: T0aCL9R4vaOZXX
Related File: C:\WINDOWS\SYSTEM32\DEVON.EXE
Type: Registry Run

Removal Results: Success
Number of reboot: 1


Will you remove it?
0 0

Download Removal Tool for Free

People say

Visitor post

—————————————————————————————————————————-
How to quickly detect malware presence?

Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Developer Operations Network
Value: “C:\WINDOWS\system32\devon.exe”

Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Developer Operations Network
Value: “C:\WINDOWS\system32\devon.exe”

Files: C:\WINDOWS\system32\devon.exe
—————————————————————————————————————————-
Classification:

Antivirus Version Last Update Result
F-Secure 9.0.15370.0 2010.06.18 -
Kaspersky 7.0.0.125 2010.06.18 -
Microsoft 1.5902 2010.06.18 -
NOD32 5208 2010.06.18 a variant of Win32/Injector.CAG

—————————————————————————————————————————-
Additional information
File size: 184320 bytes
MD5 : 3d76fe301d3502bace155425664d6dd0
SHA1 : bdc3d404714fbd2335ee8213e17181f060aa6601
SHA256: 209d49e1a327919329bd8e737a133a33826668d4678df56330cc7af58a80b3d0
—————————————————————————————————————————-
Installation
When the program is executed, it creates the following registry subkeys and values:

———————————-
Keys deleted:125
———————————-
HKLM\System\CurrentControlSet\Control\SafeBoot
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Base
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\dmserver
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\EventLog
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\File system
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Filter
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\SRService
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
HKLM\System\CurrentControlSet\Control\SafeBoot\Network
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\AFD
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\AppMgmt
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Base
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Boot file system
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Browser
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\CryptSvc
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Dhcp
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\dmadmin
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\dmio.sys
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\dmload.sys
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\dmserver
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\DnsCache
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\EventLog
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\File system
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Filter
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\HelpSvc
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\LanmanServer
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\LmHosts
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Messenger
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NDIS
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Ndisuio
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NetBIOS
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NetBT
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Netlogon
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NetMan
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Network
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PlugPlay
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PNP Filter
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Primary disk
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\RpcSs
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\SCSI Class
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\SharedAccess
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\sr.sys
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\SRService
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Tcpip
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TDI
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\termservice
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\vga.sys
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\WinMgmt
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\WZCSVC
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

———————————-
Keys added:3
———————————-
HKCU\Software\Microsoft\Windows\CurrentVersion\App
HKCU\Software\Microsoft\Visual Basic
HKCU\Software\Microsoft\Visual Basic\6.0

———————————-
Values deleted:123
———————————-
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}\: “Human Interface Devices”
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}\: “Volume”
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}\: “Floppy disk drive”
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}\: “System”
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}\: “SCSIAdapter”
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}\: “PCMCIA Adapters”
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}\: “Mouse”
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}\: “Keyboard”
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}\: “Hdc”
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}\: “Standard floppy disk controller”
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}\: “DiskDrive”
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}\: “CD-ROM Drive”
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}\: “Universal Serial Bus controllers”
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt\: “Service”
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys\: “Driver”
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys\: “Driver”
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender\: “Driver Group”
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\SRService\: “Service”
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys\: “FSFilter System Recovery”
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys\: “Driver”
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class\: “Driver Group”
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs\: “Service”
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk\: “Driver Group”
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter\: “Driver Group”
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay\: “Service”
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration\: “Driver Group”
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon\: “Service”
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc\: “Service”
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Filter\: “Driver Group”
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\File system\: “Driver Group”
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\EventLog\: “Service”
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\dmserver\: “Service”
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys\: “Driver”
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys\: “Driver”
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys\: “Driver”
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin\: “Service”
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch\: “Service”
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc\: “Service”
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system\: “Driver Group”
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender\: “Driver Group”
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Base\: “Driver Group”
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt\: “Service”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}\: “Human Interface Devices”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}\: “Volume”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}\: “Floppy disk drive”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}\: “System”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}\: “SCSIAdapter”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}\: “PCMCIA Adapters”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\: “NetTrans”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\: “NetService”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}\: “NetClient”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\: “Net”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}\: “Mouse”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}\: “Keyboard”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}\: “Hdc”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}\: “Standard floppy disk controller”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}\: “DiskDrive”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}\: “CD-ROM Drive”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}\: “Universal Serial Bus controllers”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\WZCSVC\: “Service”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\WinMgmt\: “Service”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys\: “Driver”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\vga.sys\: “Driver”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\termservice\: “Service”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys\: “Driver”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys\: “Driver”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TDI\: “Driver Group”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Tcpip\: “Service”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender\: “Driver Group”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers\: “Driver Group”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\SRService\: “Service”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\sr.sys\: “FSFilter System Recovery”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\SharedAccess\: “Service”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys\: “Driver”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\SCSI Class\: “Driver Group”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\RpcSs\: “Service”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr\: “Service”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys\: “Driver”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys\: “Driver”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys\: “Driver”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Primary disk\: “Driver Group”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI\: “Driver Group”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PNP Filter\: “Driver Group”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PlugPlay\: “Service”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration\: “Driver Group”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp\: “Service”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider\: “Driver Group”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Network\: “Driver Group”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NetMan\: “Service”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Netlogon\: “Service”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup\: “Driver Group”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NetBT\: “Service”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup\: “Driver Group”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NetBIOS\: “Service”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Ndisuio\: “Service”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper\: “Driver Group”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NDIS\: “Driver Group”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Messenger\: “Service”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\LmHosts\: “Service”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation\: “Service”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\LanmanServer\: “Service”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys\: “Driver”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys\: “Driver”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\HelpSvc\: “Service”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Filter\: “Driver Group”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\File system\: “Driver Group”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\EventLog\: “Service”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\DnsCache\: “Service”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\dmserver\: “Service”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\dmload.sys\: “Driver”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\dmio.sys\: “Driver”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys\: “Driver”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\dmadmin\: “Service”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Dhcp\: “Service”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch\: “Service”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\CryptSvc\: “Service”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Browser\: “Service”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Boot file system\: “Driver Group”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender\: “Driver Group”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Base\: “Driver Group”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\AppMgmt\: “Service”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\AFD\: “Service”
HKLM\System\CurrentControlSet\Control\SafeBoot\AlternateShell: “cmd.exe”

———————————-
Values added:3
———————————-
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Developer Operations Network: “C:\WINDOWS\system32\devon.exe”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Developer Operations Network: “C:\WINDOWS\system32\devon.exe”
HKCU\Software\Microsoft\Windows\CurrentVersion\App\new: “yes”

———————————-
Files added:1
———————————-
C:\WINDOWS\system32\devon.exe

———————————-
Total changes:255
———————————-

—————————————————————————————————————————-
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
http://www.regrun.com


I use UnHackMe for cleaning ads and viruses from my friend's computers, because it is extremely fast and effective.




STEP 1: Download UnHackMe for free

UnHackMe removes Adware/Spyware/Unwanted Programs/Browser Hijackers/Search Redirectors from your PC easily.

Free Download

UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10 32 or 64-bit. UnHackMe uses minimum of computer resources.

STEP 2: Double click on UnHackMe_setup.exe

You will see a confirmation screen with verified publisher: Greatis Software. Verified Publisher Greatis Software

Once UnHackMe has installed the first Scan will start automatically

Review the detected threats

STEP 3: Carefully review the detected threats!

Click Remove button or False Positive.

Enjoy!

3 votes, average: 5.00 out of 53 votes, average: 5.00 out of 53 votes, average: 5.00 out of 53 votes, average: 5.00 out of 53 votes, average: 5.00 out of 5 (3 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.
Loading...