ComboFix 14-02-16.01 - Killer_VirusFr 16/02/2014  21:26:39.1.1 - x86 NETWORK
Microsoft Windows XP Professionnel  5.1.2600.3.1252.33.1036.18.3583.3348 [GMT 1:00]
Lancé depuis: c:\documents and settings\Killer_VirusFr\Bureau\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\explorer.exe
c:\documents and settings\Killer_VirusFr\Application Data\dclogs
c:\documents and settings\Killer_VirusFr\Application Data\dclogs\2014-02-16-1.dc
c:\documents and settings\Killer_VirusFr\Application Data\Hoduaw
c:\documents and settings\Killer_VirusFr\Application Data\Hoduaw\lauz.exe
c:\documents and settings\Killer_VirusFr\Application Data\Iqwox
c:\documents and settings\Killer_VirusFr\Application Data\Iqwox\ahzi.exz
c:\documents and settings\Killer_VirusFr\Application Data\Iqwox\ahzi.tmp
c:\documents and settings\Killer_VirusFr\Application Data\Microsoft\update.exe
c:\documents and settings\Killer_VirusFr\Application Data\Microsoft\Windows\4AkoMg2Ep.cfg
c:\documents and settings\Killer_VirusFr\Application Data\Microsoft\Windows\4AkoMg2Ep.dat
c:\documents and settings\Killer_VirusFr\Application Data\Microsoft\Windows\4AkoMg2Ep.xtr
c:\documents and settings\Killer_VirusFr\Application Data\Microsoft\Windows\59FQuy4ai.cfg
c:\documents and settings\Killer_VirusFr\Application Data\Microsoft\Windows\59FQuy4ai.dat
c:\documents and settings\Killer_VirusFr\Application Data\Microsoft\Windows\B9sbo1pBw.cfg
c:\documents and settings\Killer_VirusFr\Application Data\Microsoft\Windows\B9sbo1pBw.dat
c:\documents and settings\Killer_VirusFr\Application Data\Microsoft\Windows\FDMbNjpw.cfg
c:\documents and settings\Killer_VirusFr\Application Data\Microsoft\Windows\FDMbNjpw.dat
c:\documents and settings\Killer_VirusFr\Application Data\Microsoft\Windows\U09Pnd5CE.cfg
c:\documents and settings\Killer_VirusFr\Application Data\Microsoft\Windows\U09Pnd5CE.dat
c:\documents and settings\Killer_VirusFr\Application Data\Microsoft\Windows\zTV3oybsZ
c:\documents and settings\Killer_VirusFr\Application Data\Microsoft\Windows\zTV3oybsZ\zTV3oybsZ.dat
c:\documents and settings\Killer_VirusFr\Application Data\Microsoft\Windows\zTV3oybsZ\zTV3oybsZ.nfo
c:\documents and settings\Killer_VirusFr\Application Data\Microsoft\Windows\zTV3oybsZ\zTV3oybsZ.svr
c:\documents and settings\Killer_VirusFr\Application Data\msconfig.ini
c:\documents and settings\Killer_VirusFr\Application Data\Oxam
c:\documents and settings\Killer_VirusFr\Application Data\Oxam\anxoi.atn
c:\documents and settings\Killer_VirusFr\Application Data\Oxam\anxoi.tmp
c:\documents and settings\Killer_VirusFr\Application Data\stub.exe
c:\documents and settings\Killer_VirusFr\Application Data\svchost.exe
c:\documents and settings\Killer_VirusFr\Application Data\Vybi
c:\documents and settings\Killer_VirusFr\Application Data\Vybi\imdi.awa
c:\documents and settings\Killer_VirusFr\Application Data\Ziak
c:\documents and settings\Killer_VirusFr\Application Data\Ziak\ipaxp.exe
c:\documents and settings\Killer_VirusFr\Local Settings\Application Data\65604959882.exe
c:\documents and settings\Killer_VirusFr\Local Settings\Application Data\UpdateFlash.exe
c:\documents and settings\Killer_VirusFr\Local Settings\Application DataDSWixtEyfn.exe
c:\documents and settings\Killer_VirusFr\Local Settings\Application DataKNkwtDUbRc.exe
c:\documents and settings\Killer_VirusFr\Local Settings\Application DataSJTJsWYQNt.PNG
c:\documents and settings\Killer_VirusFr\Local Settings\Application DataxAGuyctg_I.jpg
c:\documents and settings\Killer_VirusFr\Local Settings\Temp\intrnet.exe
c:\documents and settings\Killer_VirusFr\Local Settings\Temp\server.exe
c:\documents and settings\Killer_VirusFr\Local Settings\Temp\Svchost.exe
c:\documents and settings\Killer_VirusFr\Local Settings\Temp\Trojan.exe
c:\documents and settings\Killer_VirusFr\Menu Démarrer\Programmes\Démarrage\1.exe
c:\documents and settings\Killer_VirusFr\Menu Démarrer\Programmes\Démarrage\33a02ce3a6dc322bc7e588c3c6d40f38.exe
c:\documents and settings\Killer_VirusFr\Menu Démarrer\Programmes\Démarrage\378d21732268e1971ca57e15bd4a5ad9.exe
c:\documents and settings\Killer_VirusFr\Menu Démarrer\Programmes\Démarrage\5cd8f17f4086744065eb0992a09e05a2.exe
c:\documents and settings\Killer_VirusFr\Menu Démarrer\Programmes\Démarrage\b6b14442eb327de390e5ed1e983e5ab0.exe
c:\program files\Accessories\Common
c:\program files\Accessories\Common\desktop.ini
c:\program files\VbNet\windns.exe
c:\windows\directx.sys
c:\windows\refsdm.dll
c:\windows\svchost.com
c:\windows\system32\MSDCSC
c:\windows\system32\MSDCSC\msdcsc.exe
c:\windows\WIN 7\HACKO.exe
c:\windows\wincs
.
c:\windows\system32\drivers\usbehci.sys . . . manque!!
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2014-01-16 au 2014-02-16  ))))))))))))))))))))))))))))))))))))
.
.
2014-02-15 14:14 . 2014-02-16 20:27	--------	d-----w-	c:\program files\Accessories
2014-02-15 14:14 . 2008-04-13 16:33	1384479	----a-w-	c:\windows\system32\inobject.dll
2014-02-15 14:14 . 2002-08-25 10:17	109248	----a-w-	c:\windows\system32\MSWINSCK.OCX
2014-02-15 14:14 . 1999-08-18 08:54	180224	---h--w-	c:\windows\ntfsv.dll
2014-02-07 22:28 . 2014-02-07 22:28	--------	d-----w-	c:\documents and settings\Killer_VirusFr\Application Data\Malwarebytes
2014-02-07 21:42 . 2014-02-07 21:42	--------	d-----w-	c:\documents and settings\Killer_VirusFr\Local Settings\Application Data\Identities
2014-02-07 20:55 . 2014-02-07 20:55	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2014-02-07 20:46 . 2014-02-07 20:47	--------	d-----w-	c:\documents and settings\All Users\Application Data\HitmanPro
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-15 14:16 . 2006-03-02 11:00	463360	----a-w-	c:\documents and settings\Killer_VirusFr\Application Data\Microsoft\CryptnetUrlCache\MetaData\sysedit.exe
.
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelService"="c:\documents and settings\Killer_VirusFr\Local Settings\Application Data\IntelService\IntelService.exe" [2014-02-15 1726976]
"VanToM"="c:\documents and settings\Killer_VirusFr\Application Data\VanToM Folder\VanToM.exe" [2014-02-13 199265]
"+obOwJbRAzd34AXM"="c:\documents and settings\Killer_VirusFr\Application Data\Microsoft\CryptnetUrlCache\MetaData\sysedit.exe" [2014-02-15 463360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VBoxTray"="c:\windows\system32\VBoxTray.exe" [2012-09-07 954712]
.
c:\documents and settings\Killer_VirusFr\Menu Démarrer\Programmes\Démarrage\
start.lnk - c:\documents and settings\Killer_VirusFr\4gr75b2k2\54402.vbs [2014-2-15 194]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Documents and Settings^Killer_VirusFr^Menu Démarrer^Programmes^Démarrage^Update.Microsoft.com.url]
path=c:\documents and settings\Killer_VirusFr\Menu Démarrer\Programmes\Démarrage\Update.Microsoft.com.url
backup=c:\windows\pss\Update.Microsoft.com.urlStartup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8832:UDP"= 8832:UDP:UDP 8832
"3265:TCP"= 3265:TCP:TCP 3265
.
R0 VBoxGuest;VirtualBox Guest Driver;c:\windows\system32\drivers\VBoxGuest.sys [22/09/2012 10:10 108376]
R1 VBoxSF;VirtualBox Shared Folders;c:\windows\system32\drivers\VBoxSF.sys [07/09/2012 17:02 225112]
R3 VBoxMouse;VirtualBox Guest Mouse Service;c:\windows\system32\drivers\VBoxMouse.sys [07/09/2012 17:02 85848]
S2 VBoxService;VirtualBox Guest Additions Service;system32\VBoxService.exe --> system32\VBoxService.exe [?]
S3 VBoxVideo;VBoxVideo;c:\windows\system32\drivers\VBoxVideo.sys [22/09/2012 10:10 104280]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKCU-Run-GVideo - (no file)
HKCU-Run-SkypeMS - (no file)
HKCU-Run-LoftWare - (no file)
HKCU-Run-Kydixirina - c:\documents and settings\Killer_VirusFr\Application Data\Hoduaw\lauz.exe
HKCU-Run-Ipaxp - c:\documents and settings\Killer_VirusFr\Application Data\Ziak\ipaxp.exe
HKCU-Run-ewewew - c:\documents and settings\Killer_VirusFr\Application Data\Stub.exe
HKCU-Run-33a02ce3a6dc322bc7e588c3c6d40f38 - c:\documents and settings\Killer_VirusFr\Application Data\svchost.exe
HKLM-Run-33a02ce3a6dc322bc7e588c3c6d40f38 - c:\documents and settings\Killer_VirusFr\Application Data\svchost.exe
HKLM-RunOnce-svchost - c:\windows\WIN 7\HACKO.exe
c:\documents and settings\Killer_VirusFr\Menu Démarrer\Programmes\Démarrage\Facebook.lnk - c:\documents and settings\Killer_VirusFr\Application Data\Microsoft\update.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-16 21:28
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ... 
.
Recherche d'éléments en démarrage automatique cachés ... 
.
Recherche de fichiers cachés ... 
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
Heure de fin: 2014-02-16  21:28:27
ComboFix-quarantined-files.txt  2014-02-16 20:28
.
Avant-CF: 6 705 864 704 octets libres
Après-CF: 6 699 282 432 octets libres
.
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
.
- - End Of File - - 5B8C3CF4FFB3820473357DDAEDF7DF8F
C99C3199CFAA4CBDCD91493F6D113A50