Publicité
Publicité
Format du document : text/plain
Prévisualisation
############################## | UsbFix V 7.165 | [Suppression]
Utilisateur: Killer_VirusFr (Administrateur) # KILLERVIRUSFR
Mis � jour le 20/02/2014 par El Desaparecido - Team SosVirus
Lanc� � 16:13:59 | 22/02/2014
Site Web : http://www.usbfix.net/
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/
PC: Oracle Corporation (VirtualBox)
CPU: AMD Phenom(tm) II X6 1075T Processor
RAM -> [Total : 3583 Mo| Free : 3311 Mo]
Bios: innotek GmbH
Boot: Normal boot
OS: Microsoft Windows XP Professionnel (5.1.2600 32-Bit) Service Pack 3
WB: Windows Internet Explorer : 6.0.2900.5512
SC: Security Center [(!) Disabled]
WU: Windows Update [Enabled]
FW: Windows FireWall [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 10 Go (6 Go libre(s) - 63%) [] # NTFS
D:\ -> CD-ROM
################## | Processus Actif |
C:\WINDOWS\System32\smss.exe (ID: 404 |ParentID: 4)
C:\WINDOWS\system32\winlogon.exe (ID: 608 |ParentID: 404)
C:\WINDOWS\system32\services.exe (ID: 652 |ParentID: 608)
C:\WINDOWS\system32\lsass.exe (ID: 664 |ParentID: 608)
C:\WINDOWS\system32\VBoxService.exe (ID: 820 |ParentID: 652)
C:\WINDOWS\system32\svchost.exe (ID: 864 |ParentID: 652)
C:\WINDOWS\System32\svchost.exe (ID: 1044 |ParentID: 652)
C:\WINDOWS\system32\spoolsv.exe (ID: 1524 |ParentID: 652)
C:\WINDOWS\explorer.exe (ID: 1532 |ParentID: 1460)
C:\WINDOWS\system32\svchost.exe (ID: 1624 |ParentID: 1612)
C:\WINDOWS\system32\svchost.exe (ID: 1636 |ParentID: 1612)
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe (ID: 828 |ParentID: 1044)
################## | Regedit Run |
04 - HKCU\..\Run : [HKCU] C:\WINDOWS\WIN 7\HACKO.exe
04 - HKCU\..\Run : [antaw4r19] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5681\atnxwa1.exe
04 - HKCU\..\Run : [MicroUpdate] C:\WINDOWS\system32\MSDCSC\msdcsc.exe
04 - HKCU\..\Run : [asaba3tsh] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-839714475\asaba3tsh.exe
04 - HKCU\..\Run : [b1e1pr00] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-11820146\b12pr100.exe
04 - HKCU\..\Run : [GVideo]
04 - HKCU\..\Run : [SkypeMS]
04 - HKCU\..\Run : [LoftWare]
04 - HKCU\..\Run : [IntelService] "C:\Documents and Settings\Killer_VirusFr\Local Settings\Application Data\IntelService\IntelService.exe"
04 - HKCU\..\Run : [Kydixirina] "C:\Documents and Settings\Killer_VirusFr\Application Data\Hoduaw\lauz.exe"
04 - HKCU\..\Run : [VanToM] C:\Documents and Settings\Killer_VirusFr\Application Data\VanToM Folder\VanToM.exe
04 - HKCU\..\Run : [b6b14442eb327de390e5ed1e983e5ab0] "C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\Svchost.exe" ..
04 - HKCU\..\Run : [Facebook Update] %APPDATA%\Microsoft\update.exe
04 - HKCU\..\Run : [f7a74ce8d62a827374f896562655303d] "C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\intrnet.exe" ..
04 - HKCU\..\Run : [5cd8f17f4086744065eb0992a09e05a2] "C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\Trojan.exe" ..
04 - HKCU\..\Run : [+obOwJbRAzd34AXM] "C:\Documents and Settings\Killer_VirusFr\Application Data\Microsoft\CryptnetUrlCache\MetaData\sysedit.exe"
04 - HKCU\..\Run : [Ipaxp] "C:\Documents and Settings\Killer_VirusFr\Application Data\Ziak\ipaxp.exe"
04 - HKCU\..\Run : [378d21732268e1971ca57e15bd4a5ad9] "C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\server.exe" ..
04 - HKCU\..\Run : [loh] C:\DOCUME~1\KILLER~1\LOCALS~1\Temp\loh.exe
04 - HKCU\..\Run : [ewewew] C:\Documents and Settings\Killer_VirusFr\Application Data\Stub.exe
04 - HKCU\..\Run : [33a02ce3a6dc322bc7e588c3c6d40f38] "C:\Documents and Settings\Killer_VirusFr\Application Data\svchost.exe" ..
04 - HKCU\..\RunOnce : [svchost] C:\WINDOWS\WIN 7\HACKO.exe
04 - HKCU\..\RunOnce : [4gr75b2k2] C:\DOCUME~1\KILLER~1\4gr75b2k2\54402.vbs
04 - HKCU\..\Policies\Explorer\run : [svchost] C:\WINDOWS\WIN 7\HACKO.exe
04 - HKCU\..\Policies\Explorer\run : [Facebook Update] %APPDATA%\Microsoft\update.exe
04 - HKLM\..\Run : [VBoxTray] C:\WINDOWS\system32\VBoxTray.exe
04 - HKLM\..\Run : [HKLM] C:\WINDOWS\WIN 7\HACKO.exe
04 - HKLM\..\Run : [5cd8f17f4086744065eb0992a09e05a2] "C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\Trojan.exe" ..
04 - HKLM\..\Run : [f7a74ce8d62a827374f896562655303d] "C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\intrnet.exe" ..
04 - HKLM\..\Run : [33a02ce3a6dc322bc7e588c3c6d40f38] "C:\Documents and Settings\Killer_VirusFr\Application Data\svchost.exe" ..
04 - HKLM\..\Run : [b6b14442eb327de390e5ed1e983e5ab0] "C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\Svchost.exe" ..
04 - HKLM\..\Run : [378d21732268e1971ca57e15bd4a5ad9] "C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\server.exe" ..
04 - HKLM\..\RunOnce : [svchost] C:\WINDOWS\WIN 7\HACKO.exe
04 - HKLM\..\Policies\Explorer\run : [svchost] C:\WINDOWS\WIN 7\HACKO.exe
04 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\..\RunOnce : []
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [HKCU] C:\WINDOWS\WIN 7\HACKO.exe
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [antaw4r19] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5681\atnxwa1.exe
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [MicroUpdate] C:\WINDOWS\system32\MSDCSC\msdcsc.exe
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [asaba3tsh] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-839714475\asaba3tsh.exe
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [b1e1pr00] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-11820146\b12pr100.exe
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [GVideo]
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [SkypeMS]
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [LoftWare]
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [IntelService] "C:\Documents and Settings\Killer_VirusFr\Local Settings\Application Data\IntelService\IntelService.exe"
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [Kydixirina] "C:\Documents and Settings\Killer_VirusFr\Application Data\Hoduaw\lauz.exe"
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [VanToM] C:\Documents and Settings\Killer_VirusFr\Application Data\VanToM Folder\VanToM.exe
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [b6b14442eb327de390e5ed1e983e5ab0] "C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\Svchost.exe" ..
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [Facebook Update] %APPDATA%\Microsoft\update.exe
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [f7a74ce8d62a827374f896562655303d] "C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\intrnet.exe" ..
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [5cd8f17f4086744065eb0992a09e05a2] "C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\Trojan.exe" ..
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [+obOwJbRAzd34AXM] "C:\Documents and Settings\Killer_VirusFr\Application Data\Microsoft\CryptnetUrlCache\MetaData\sysedit.exe"
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [Ipaxp] "C:\Documents and Settings\Killer_VirusFr\Application Data\Ziak\ipaxp.exe"
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [378d21732268e1971ca57e15bd4a5ad9] "C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\server.exe" ..
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [loh] C:\DOCUME~1\KILLER~1\LOCALS~1\Temp\loh.exe
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [ewewew] C:\Documents and Settings\Killer_VirusFr\Application Data\Stub.exe
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [33a02ce3a6dc322bc7e588c3c6d40f38] "C:\Documents and Settings\Killer_VirusFr\Application Data\svchost.exe" ..
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\RunOnce : [svchost] C:\WINDOWS\WIN 7\HACKO.exe
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\RunOnce : [4gr75b2k2] C:\DOCUME~1\KILLER~1\4gr75b2k2\54402.vbs
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Policies\Explorer\run : [svchost] C:\WINDOWS\WIN 7\HACKO.exe
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Policies\Explorer\run : [Facebook Update] %APPDATA%\Microsoft\update.exe
################## | Recherche g�n�rique |
Supprim�! C:\Documents and Settings\Killer_VirusFr\Application Data\svchost.exe
Supprim�! C:\Documents and Settings\Killer_VirusFr\Menu D�marrer\Programmes\D�marrage\1.exe
Supprim�! C:\Documents and Settings\Killer_VirusFr\Menu D�marrer\Programmes\D�marrage\33a02ce3a6dc322bc7e588c3c6d40f38.exe
Supprim�! C:\Documents and Settings\Killer_VirusFr\Menu D�marrer\Programmes\D�marrage\378d21732268e1971ca57e15bd4a5ad9.exe
Supprim�! C:\Documents and Settings\Killer_VirusFr\Menu D�marrer\Programmes\D�marrage\5cd8f17f4086744065eb0992a09e05a2.exe
Supprim�! C:\Documents and Settings\Killer_VirusFr\Menu D�marrer\Programmes\D�marrage\b6b14442eb327de390e5ed1e983e5ab0.exe
Supprim�! C:\DOCUME~1\KILLER~1\LOCALS~1\Temp\svchost.exe
Supprim�! C:\DOCUME~1\KILLER~1\LOCALS~1\Temp\Trojan.exe
Supprim�! C:\WINDOWS\svchost.com
Supprim�! C:\DOCUME~1\KILLER~1\LOCALS~1\Temp\torjan.exe
Supprim�! C:\DOCUME~1\KILLER~1\LOCALS~1\Temp\torjan.exe.tmp
Supprim�! C:\DOCUME~1\KILLER~1\LOCALS~1\Temp\Trojan.exe.tmp
Supprim�! C:\DOCUME~1\KILLER~1\LOCALS~1\Temp\fast.exe.log
Supprim�! C:\DOCUME~1\KILLER~1\LOCALS~1\Temp\VanToM.exe.log
Supprim�! C:\DOCUME~1\KILLER~1\LOCALS~1\Temp\loh.exe
Supprim�! C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-839714475\asaba3tsh.exe
Supprim�! C:\WINDOWS\WIN 7\HACKO.exe
Supprim�! C:\Documents and Settings\Killer_VirusFr\Application Data\dclogs
Supprim�! C:\Documents and Settings\Killer_VirusFr\Application Data\Microsoft\Update.exe
Supprim�! C:\Documents and Settings\Killer_VirusFr\Local Settings\Application Data\65604959882.exe
Supprim�! C:\DOCUME~1\KILLER~1\LOCALS~1\Temp\server.exe
Supprim�! C:\DOCUME~1\KILLER~1\LOCALS~1\Temp\WINDOWSFORMSAPPLICATION1.EXE
Supprim�! C:\WINDOWS\directx.sys
Supprim�! C:\Recycler\S-1-5-21-0243556031-888888379-781863308-11820146
Supprim�! C:\Recycler\S-1-5-21-0243556031-888888379-781863308-5681
Supprim�! C:\Recycler\S-1-5-21-0243556031-888888379-781863308-839714475
Supprim�! C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14\ASIS.exe
Supprim�! C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14\Dex.exe
(!) Fichiers temporaires supprim�s.
################## | Registre |
Supprim�! HKCU|di
Supprim�! HKCU\Software\5cd8f17f4086744065eb0992a09e05a2
Supprim�! HKCU\Software\33a02ce3a6dc322bc7e588c3c6d40f38
Supprim�! HKCU\Software\DC3_FEXEC
Supprim�! HKCU\Software\VB and VBA Program Settings\INSTALL
Supprim�! HKCU\Software\VB and VBA Program Settings\SrvID
R�par� ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 1
R�par� ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 5
R�par� ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoFolderOptions -> 0
R�par� ! HKLM\Software\Microsoft\Security Center|AntiVirusDisableNotify -> 0
R�par� ! HKLM\Software\Microsoft\Security Center|UpdatesDisableNotify -> 0
R�par� ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr -> 0
Supprim�! HKU\S-1-5-21-1614895754-1708537768-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run|5cd8f17f4086744065eb0992a09e05a2
Supprim�! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|5cd8f17f4086744065eb0992a09e05a2
Supprim�! HKU\S-1-5-21-1614895754-1708537768-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run|33a02ce3a6dc322bc7e588c3c6d40f38
Supprim�! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|33a02ce3a6dc322bc7e588c3c6d40f38
Supprim�! HKU\S-1-5-21-1614895754-1708537768-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run|antaw4r19
Supprim�! HKU\S-1-5-21-1614895754-1708537768-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run|HKCU
Supprim�! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|HKLM
Supprim�! HKU\S-1-5-21-1614895754-1708537768-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run|MicroUpdate
Supprim�! HKU\S-1-5-21-1614895754-1708537768-839522115-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce|svchost
Supprim�! HKU\S-1-5-21-1614895754-1708537768-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|svchost
Supprim�! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|svchost
Supprim�! HKU\S-1-5-21-1614895754-1708537768-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run|loh
Supprim�! HKU\S-1-5-21-1614895754-1708537768-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run|378d21732268e1971ca57e15bd4a5ad9
Supprim�! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|378d21732268e1971ca57e15bd4a5ad9
Supprim�! HKU\S-1-5-21-1614895754-1708537768-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run|b6b14442eb327de390e5ed1e983e5ab0
Supprim�! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|b6b14442eb327de390e5ed1e983e5ab0
Supprim�! HKU\S-1-5-21-1614895754-1708537768-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run|asaba3tsh
################## | UsbFix - Information |
UsbFix a d�tect� sur votre ordinateur, une infection qui dispose d'une fonction de Keylogger.
Apr�s d�sinfection par UsbFix, veuillez modifier tous vos mots de passe.
Si vous avez effectu� des achats sur internet,
veuillez contacter votre banque afin d'envisager une opposition sur votre carte bancaire.
Info (Fr) : http://www.sosvirus.net/infection-dinihou-vous-explique-son-fonctionnement-t4852.html
Info (Fr) : http://www.sosvirus.net/les-infections-via-usb-t4948.html
################## | Listing |
[19/12/2013 - 19:43:56 | D] - C:\00b2e9e784ad6a262a
[19/12/2013 - 19:46:19 | D] - C:\297f945e881f7dff6e9b
[22/09/2012 - 09:52:41 | A | 0 Ko] - C:\AUTOEXEC.BAT
[08/02/2014 - 11:25:24 | N | 0 Ko] - C:\Boot.bak
[08/02/2014 - 12:25:05 | RAH | 0 Ko] - C:\boot.ini
[02/03/2006 - 12:00:00 | N | 5 Ko] - C:\Bootfont.bin
[08/02/2014 - 12:07:41 | D] - C:\cmdcons
[03/08/2004 - 23:00:08 | N | 257 Ko] - C:\cmldr
[19/12/2013 - 19:49:14 | D] - C:\Config.Msi
[22/09/2012 - 09:52:41 | N | 0 Ko] - C:\CONFIG.SYS
[22/09/2012 - 10:07:32 | D] - C:\Documents and Settings
[22/09/2012 - 09:52:41 | RASH | 0 Ko] - C:\IO.SYS
[22/09/2012 - 09:52:41 | RASH | 0 Ko] - C:\MSDOS.SYS
[13/04/2008 - 07:43:04 | N | 46 Ko | B2DE3452DE03674C6CEC68B8C8CE7C78] - C:\NTDETECT.COM
[13/04/2008 - 09:31:52 | RASH | 246 Ko] - C:\ntldr
[22/02/2014 - 16:13:29 | ASH | 786432 Ko] - C:\pagefile.sys
[15/02/2014 - 15:14:34 | D] - C:\Program Files
[22/02/2014 - 16:14:21 | SHD] - C:\RECYCLER
[08/02/2014 - 12:23:34 | SHD] - C:\System Volume Information
[22/02/2014 - 16:12:52 | D] - C:\UsbFix
[22/02/2014 - 16:14:25 | A | 15 Ko | 3FA099B2832AECF7CC7072FA9B653C70] - C:\UsbFix [Clean 2] KILLERVIRUSFR.txt
[22/02/2014 - 16:14:21 | D] - C:\WINDOWS
[15/02/2014 - 15:14:10 | D] - C:\{$6975-5712-2121-7619$}
################## | Vaccin |
################## | E.O.F | http://www.usbfix.net/ - http://www.sosvirus.net |
Utilisateur: Killer_VirusFr (Administrateur) # KILLERVIRUSFR
Mis � jour le 20/02/2014 par El Desaparecido - Team SosVirus
Lanc� � 16:13:59 | 22/02/2014
Site Web : http://www.usbfix.net/
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/
PC: Oracle Corporation (VirtualBox)
CPU: AMD Phenom(tm) II X6 1075T Processor
RAM -> [Total : 3583 Mo| Free : 3311 Mo]
Bios: innotek GmbH
Boot: Normal boot
OS: Microsoft Windows XP Professionnel (5.1.2600 32-Bit) Service Pack 3
WB: Windows Internet Explorer : 6.0.2900.5512
SC: Security Center [(!) Disabled]
WU: Windows Update [Enabled]
FW: Windows FireWall [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 10 Go (6 Go libre(s) - 63%) [] # NTFS
D:\ -> CD-ROM
################## | Processus Actif |
C:\WINDOWS\System32\smss.exe (ID: 404 |ParentID: 4)
C:\WINDOWS\system32\winlogon.exe (ID: 608 |ParentID: 404)
C:\WINDOWS\system32\services.exe (ID: 652 |ParentID: 608)
C:\WINDOWS\system32\lsass.exe (ID: 664 |ParentID: 608)
C:\WINDOWS\system32\VBoxService.exe (ID: 820 |ParentID: 652)
C:\WINDOWS\system32\svchost.exe (ID: 864 |ParentID: 652)
C:\WINDOWS\System32\svchost.exe (ID: 1044 |ParentID: 652)
C:\WINDOWS\system32\spoolsv.exe (ID: 1524 |ParentID: 652)
C:\WINDOWS\explorer.exe (ID: 1532 |ParentID: 1460)
C:\WINDOWS\system32\svchost.exe (ID: 1624 |ParentID: 1612)
C:\WINDOWS\system32\svchost.exe (ID: 1636 |ParentID: 1612)
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe (ID: 828 |ParentID: 1044)
################## | Regedit Run |
04 - HKCU\..\Run : [HKCU] C:\WINDOWS\WIN 7\HACKO.exe
04 - HKCU\..\Run : [antaw4r19] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5681\atnxwa1.exe
04 - HKCU\..\Run : [MicroUpdate] C:\WINDOWS\system32\MSDCSC\msdcsc.exe
04 - HKCU\..\Run : [asaba3tsh] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-839714475\asaba3tsh.exe
04 - HKCU\..\Run : [b1e1pr00] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-11820146\b12pr100.exe
04 - HKCU\..\Run : [GVideo]
04 - HKCU\..\Run : [SkypeMS]
04 - HKCU\..\Run : [LoftWare]
04 - HKCU\..\Run : [IntelService] "C:\Documents and Settings\Killer_VirusFr\Local Settings\Application Data\IntelService\IntelService.exe"
04 - HKCU\..\Run : [Kydixirina] "C:\Documents and Settings\Killer_VirusFr\Application Data\Hoduaw\lauz.exe"
04 - HKCU\..\Run : [VanToM] C:\Documents and Settings\Killer_VirusFr\Application Data\VanToM Folder\VanToM.exe
04 - HKCU\..\Run : [b6b14442eb327de390e5ed1e983e5ab0] "C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\Svchost.exe" ..
04 - HKCU\..\Run : [Facebook Update] %APPDATA%\Microsoft\update.exe
04 - HKCU\..\Run : [f7a74ce8d62a827374f896562655303d] "C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\intrnet.exe" ..
04 - HKCU\..\Run : [5cd8f17f4086744065eb0992a09e05a2] "C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\Trojan.exe" ..
04 - HKCU\..\Run : [+obOwJbRAzd34AXM] "C:\Documents and Settings\Killer_VirusFr\Application Data\Microsoft\CryptnetUrlCache\MetaData\sysedit.exe"
04 - HKCU\..\Run : [Ipaxp] "C:\Documents and Settings\Killer_VirusFr\Application Data\Ziak\ipaxp.exe"
04 - HKCU\..\Run : [378d21732268e1971ca57e15bd4a5ad9] "C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\server.exe" ..
04 - HKCU\..\Run : [loh] C:\DOCUME~1\KILLER~1\LOCALS~1\Temp\loh.exe
04 - HKCU\..\Run : [ewewew] C:\Documents and Settings\Killer_VirusFr\Application Data\Stub.exe
04 - HKCU\..\Run : [33a02ce3a6dc322bc7e588c3c6d40f38] "C:\Documents and Settings\Killer_VirusFr\Application Data\svchost.exe" ..
04 - HKCU\..\RunOnce : [svchost] C:\WINDOWS\WIN 7\HACKO.exe
04 - HKCU\..\RunOnce : [4gr75b2k2] C:\DOCUME~1\KILLER~1\4gr75b2k2\54402.vbs
04 - HKCU\..\Policies\Explorer\run : [svchost] C:\WINDOWS\WIN 7\HACKO.exe
04 - HKCU\..\Policies\Explorer\run : [Facebook Update] %APPDATA%\Microsoft\update.exe
04 - HKLM\..\Run : [VBoxTray] C:\WINDOWS\system32\VBoxTray.exe
04 - HKLM\..\Run : [HKLM] C:\WINDOWS\WIN 7\HACKO.exe
04 - HKLM\..\Run : [5cd8f17f4086744065eb0992a09e05a2] "C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\Trojan.exe" ..
04 - HKLM\..\Run : [f7a74ce8d62a827374f896562655303d] "C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\intrnet.exe" ..
04 - HKLM\..\Run : [33a02ce3a6dc322bc7e588c3c6d40f38] "C:\Documents and Settings\Killer_VirusFr\Application Data\svchost.exe" ..
04 - HKLM\..\Run : [b6b14442eb327de390e5ed1e983e5ab0] "C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\Svchost.exe" ..
04 - HKLM\..\Run : [378d21732268e1971ca57e15bd4a5ad9] "C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\server.exe" ..
04 - HKLM\..\RunOnce : [svchost] C:\WINDOWS\WIN 7\HACKO.exe
04 - HKLM\..\Policies\Explorer\run : [svchost] C:\WINDOWS\WIN 7\HACKO.exe
04 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\..\RunOnce : []
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [HKCU] C:\WINDOWS\WIN 7\HACKO.exe
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [antaw4r19] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5681\atnxwa1.exe
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [MicroUpdate] C:\WINDOWS\system32\MSDCSC\msdcsc.exe
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [asaba3tsh] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-839714475\asaba3tsh.exe
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [b1e1pr00] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-11820146\b12pr100.exe
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [GVideo]
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [SkypeMS]
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [LoftWare]
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [IntelService] "C:\Documents and Settings\Killer_VirusFr\Local Settings\Application Data\IntelService\IntelService.exe"
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [Kydixirina] "C:\Documents and Settings\Killer_VirusFr\Application Data\Hoduaw\lauz.exe"
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [VanToM] C:\Documents and Settings\Killer_VirusFr\Application Data\VanToM Folder\VanToM.exe
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [b6b14442eb327de390e5ed1e983e5ab0] "C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\Svchost.exe" ..
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [Facebook Update] %APPDATA%\Microsoft\update.exe
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [f7a74ce8d62a827374f896562655303d] "C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\intrnet.exe" ..
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [5cd8f17f4086744065eb0992a09e05a2] "C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\Trojan.exe" ..
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [+obOwJbRAzd34AXM] "C:\Documents and Settings\Killer_VirusFr\Application Data\Microsoft\CryptnetUrlCache\MetaData\sysedit.exe"
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [Ipaxp] "C:\Documents and Settings\Killer_VirusFr\Application Data\Ziak\ipaxp.exe"
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [378d21732268e1971ca57e15bd4a5ad9] "C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\server.exe" ..
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [loh] C:\DOCUME~1\KILLER~1\LOCALS~1\Temp\loh.exe
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [ewewew] C:\Documents and Settings\Killer_VirusFr\Application Data\Stub.exe
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [33a02ce3a6dc322bc7e588c3c6d40f38] "C:\Documents and Settings\Killer_VirusFr\Application Data\svchost.exe" ..
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\RunOnce : [svchost] C:\WINDOWS\WIN 7\HACKO.exe
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\RunOnce : [4gr75b2k2] C:\DOCUME~1\KILLER~1\4gr75b2k2\54402.vbs
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Policies\Explorer\run : [svchost] C:\WINDOWS\WIN 7\HACKO.exe
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Policies\Explorer\run : [Facebook Update] %APPDATA%\Microsoft\update.exe
################## | Recherche g�n�rique |
Supprim�! C:\Documents and Settings\Killer_VirusFr\Application Data\svchost.exe
Supprim�! C:\Documents and Settings\Killer_VirusFr\Menu D�marrer\Programmes\D�marrage\1.exe
Supprim�! C:\Documents and Settings\Killer_VirusFr\Menu D�marrer\Programmes\D�marrage\33a02ce3a6dc322bc7e588c3c6d40f38.exe
Supprim�! C:\Documents and Settings\Killer_VirusFr\Menu D�marrer\Programmes\D�marrage\378d21732268e1971ca57e15bd4a5ad9.exe
Supprim�! C:\Documents and Settings\Killer_VirusFr\Menu D�marrer\Programmes\D�marrage\5cd8f17f4086744065eb0992a09e05a2.exe
Supprim�! C:\Documents and Settings\Killer_VirusFr\Menu D�marrer\Programmes\D�marrage\b6b14442eb327de390e5ed1e983e5ab0.exe
Supprim�! C:\DOCUME~1\KILLER~1\LOCALS~1\Temp\svchost.exe
Supprim�! C:\DOCUME~1\KILLER~1\LOCALS~1\Temp\Trojan.exe
Supprim�! C:\WINDOWS\svchost.com
Supprim�! C:\DOCUME~1\KILLER~1\LOCALS~1\Temp\torjan.exe
Supprim�! C:\DOCUME~1\KILLER~1\LOCALS~1\Temp\torjan.exe.tmp
Supprim�! C:\DOCUME~1\KILLER~1\LOCALS~1\Temp\Trojan.exe.tmp
Supprim�! C:\DOCUME~1\KILLER~1\LOCALS~1\Temp\fast.exe.log
Supprim�! C:\DOCUME~1\KILLER~1\LOCALS~1\Temp\VanToM.exe.log
Supprim�! C:\DOCUME~1\KILLER~1\LOCALS~1\Temp\loh.exe
Supprim�! C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-839714475\asaba3tsh.exe
Supprim�! C:\WINDOWS\WIN 7\HACKO.exe
Supprim�! C:\Documents and Settings\Killer_VirusFr\Application Data\dclogs
Supprim�! C:\Documents and Settings\Killer_VirusFr\Application Data\Microsoft\Update.exe
Supprim�! C:\Documents and Settings\Killer_VirusFr\Local Settings\Application Data\65604959882.exe
Supprim�! C:\DOCUME~1\KILLER~1\LOCALS~1\Temp\server.exe
Supprim�! C:\DOCUME~1\KILLER~1\LOCALS~1\Temp\WINDOWSFORMSAPPLICATION1.EXE
Supprim�! C:\WINDOWS\directx.sys
Supprim�! C:\Recycler\S-1-5-21-0243556031-888888379-781863308-11820146
Supprim�! C:\Recycler\S-1-5-21-0243556031-888888379-781863308-5681
Supprim�! C:\Recycler\S-1-5-21-0243556031-888888379-781863308-839714475
Supprim�! C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14\ASIS.exe
Supprim�! C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14\Dex.exe
(!) Fichiers temporaires supprim�s.
################## | Registre |
Supprim�! HKCU|di
Supprim�! HKCU\Software\5cd8f17f4086744065eb0992a09e05a2
Supprim�! HKCU\Software\33a02ce3a6dc322bc7e588c3c6d40f38
Supprim�! HKCU\Software\DC3_FEXEC
Supprim�! HKCU\Software\VB and VBA Program Settings\INSTALL
Supprim�! HKCU\Software\VB and VBA Program Settings\SrvID
R�par� ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 1
R�par� ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 5
R�par� ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoFolderOptions -> 0
R�par� ! HKLM\Software\Microsoft\Security Center|AntiVirusDisableNotify -> 0
R�par� ! HKLM\Software\Microsoft\Security Center|UpdatesDisableNotify -> 0
R�par� ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr -> 0
Supprim�! HKU\S-1-5-21-1614895754-1708537768-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run|5cd8f17f4086744065eb0992a09e05a2
Supprim�! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|5cd8f17f4086744065eb0992a09e05a2
Supprim�! HKU\S-1-5-21-1614895754-1708537768-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run|33a02ce3a6dc322bc7e588c3c6d40f38
Supprim�! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|33a02ce3a6dc322bc7e588c3c6d40f38
Supprim�! HKU\S-1-5-21-1614895754-1708537768-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run|antaw4r19
Supprim�! HKU\S-1-5-21-1614895754-1708537768-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run|HKCU
Supprim�! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|HKLM
Supprim�! HKU\S-1-5-21-1614895754-1708537768-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run|MicroUpdate
Supprim�! HKU\S-1-5-21-1614895754-1708537768-839522115-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce|svchost
Supprim�! HKU\S-1-5-21-1614895754-1708537768-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|svchost
Supprim�! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|svchost
Supprim�! HKU\S-1-5-21-1614895754-1708537768-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run|loh
Supprim�! HKU\S-1-5-21-1614895754-1708537768-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run|378d21732268e1971ca57e15bd4a5ad9
Supprim�! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|378d21732268e1971ca57e15bd4a5ad9
Supprim�! HKU\S-1-5-21-1614895754-1708537768-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run|b6b14442eb327de390e5ed1e983e5ab0
Supprim�! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|b6b14442eb327de390e5ed1e983e5ab0
Supprim�! HKU\S-1-5-21-1614895754-1708537768-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run|asaba3tsh
################## | UsbFix - Information |
UsbFix a d�tect� sur votre ordinateur, une infection qui dispose d'une fonction de Keylogger.
Apr�s d�sinfection par UsbFix, veuillez modifier tous vos mots de passe.
Si vous avez effectu� des achats sur internet,
veuillez contacter votre banque afin d'envisager une opposition sur votre carte bancaire.
Info (Fr) : http://www.sosvirus.net/infection-dinihou-vous-explique-son-fonctionnement-t4852.html
Info (Fr) : http://www.sosvirus.net/les-infections-via-usb-t4948.html
################## | Listing |
[19/12/2013 - 19:43:56 | D] - C:\00b2e9e784ad6a262a
[19/12/2013 - 19:46:19 | D] - C:\297f945e881f7dff6e9b
[22/09/2012 - 09:52:41 | A | 0 Ko] - C:\AUTOEXEC.BAT
[08/02/2014 - 11:25:24 | N | 0 Ko] - C:\Boot.bak
[08/02/2014 - 12:25:05 | RAH | 0 Ko] - C:\boot.ini
[02/03/2006 - 12:00:00 | N | 5 Ko] - C:\Bootfont.bin
[08/02/2014 - 12:07:41 | D] - C:\cmdcons
[03/08/2004 - 23:00:08 | N | 257 Ko] - C:\cmldr
[19/12/2013 - 19:49:14 | D] - C:\Config.Msi
[22/09/2012 - 09:52:41 | N | 0 Ko] - C:\CONFIG.SYS
[22/09/2012 - 10:07:32 | D] - C:\Documents and Settings
[22/09/2012 - 09:52:41 | RASH | 0 Ko] - C:\IO.SYS
[22/09/2012 - 09:52:41 | RASH | 0 Ko] - C:\MSDOS.SYS
[13/04/2008 - 07:43:04 | N | 46 Ko | B2DE3452DE03674C6CEC68B8C8CE7C78] - C:\NTDETECT.COM
[13/04/2008 - 09:31:52 | RASH | 246 Ko] - C:\ntldr
[22/02/2014 - 16:13:29 | ASH | 786432 Ko] - C:\pagefile.sys
[15/02/2014 - 15:14:34 | D] - C:\Program Files
[22/02/2014 - 16:14:21 | SHD] - C:\RECYCLER
[08/02/2014 - 12:23:34 | SHD] - C:\System Volume Information
[22/02/2014 - 16:12:52 | D] - C:\UsbFix
[22/02/2014 - 16:14:25 | A | 15 Ko | 3FA099B2832AECF7CC7072FA9B653C70] - C:\UsbFix [Clean 2] KILLERVIRUSFR.txt
[22/02/2014 - 16:14:21 | D] - C:\WINDOWS
[15/02/2014 - 15:14:10 | D] - C:\{$6975-5712-2121-7619$}
################## | Vaccin |
################## | E.O.F | http://www.usbfix.net/ - http://www.sosvirus.net |