############################## | UsbFix V 7.164 | [Deletion]
Hlavička logu - info o verzi USBFixu, info o PC (typ systému, zabezpečení, typ připojených disků)
User: SosVirus (Administrator) # VMWARE
Updated 05/02/2014 by El Desaparecido – Team SosVirus
Started at 11:17:00 | 14/02/2014
Website :
http://www.en.usbfix.net/
Changelog :
http://www.en.usbfix.net/changelog/
Support :
http://www.sosvirus.net/
Upload Malware :
http://www.sosvirus.net/upload_malware.php
Contact :
http://www.en.usbfix.net/contact/
PC: Intel Corporation (440BX Desktop Reference Platform)
CPU: AMD FX(tm)-8150 Eight-Core Processor
RAM -> [Total : 2047 Mo| Free : 1510 Mo]
Bios: Phoenix Technologies LTD
Boot: Normal boot
OS: Microsoft Windows 8.1 Professionnel (6.3.9600 64-Bit)
WB: Windows Internet Explorer : 11.0.9600.16384
SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: Windows Defender [(!) Disabled | Updated]
AS: Windows Defender [(!) Disabled | Updated]
FW: Windows FireWall [(!) Disabled]
C:\ (%systemdrive%) -> Fixed drive # 60 Gb (46 Mb free – 77%) [] # NTFS
D:\ -> CD-ROM
E:\ -> Removable drive # 15 Gb (15 Mb free – 99%) [UsbFix] # NTFS
################## | Active Processes |
Seznam bežících procesů
C:\Windows\system32\wininit.exe (ID: 492 |ParentID: 432)
C:\Windows\system32\winlogon.exe (ID: 532 |ParentID: 484)
C:\Windows\system32\lsass.exe (ID: 604 |ParentID: 492)
C:\Windows\system32\svchost.exe (ID: 680 |ParentID: 588)
C:\Windows\system32\svchost.exe (ID: 720 |ParentID: 588)
C:\Windows\system32\dwm.exe (ID: 804 |ParentID: 532)
C:\Windows\System32\svchost.exe (ID: 880 |ParentID: 588)
C:\Windows\system32\svchost.exe (ID: 924 |ParentID: 588)
C:\Windows\servicing\TrustedInstaller.exe (ID: 964 |ParentID: 588)
C:\Windows\system32\svchost.exe (ID: 980 |ParentID: 588)
C:\Windows\System32\svchost.exe (ID: 328 |ParentID: 588)
C:\Windows\system32\svchost.exe (ID: 792 |ParentID: 588)
C:\Windows\System32\spoolsv.exe (ID: 1100 |ParentID: 588)
C:\Windows\system32\svchost.exe (ID: 1124 |ParentID: 588)
C:\Windows\system32\dashost.exe (ID: 1316 |ParentID: 328)
C:\Windows\system32\svchost.exe (ID: 1608 |ParentID: 588)
C:\Windows\System32\WUDFHost.exe (ID: 1764 |ParentID: 328)
C:\Windows\System32\WUDFHost.exe (ID: 1848 |ParentID: 328)
C:\Windows\System32\svchost.exe (ID: 2060 |ParentID: 588)
C:\Windows\System32\svchost.exe (ID: 2476 |ParentID: 588)
C:\Windows\system32\taskhostex.exe (ID: 2580 |ParentID: 924)
C:\Windows\Explorer.EXE (ID: 2668 |ParentID: 2644)
C:\Windows\system32\runonce.exe (ID: 2732 |ParentID: 2668)
C:\Windows\BrowserChoice\browserchoice.exe (ID: 2848 |ParentID: 924)
C:\Windows\system32\DllHost.exe (ID: 2952 |ParentID: 680)
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (ID: 1040 |ParentID: 328)
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe (ID: 224 |ParentID: 1040)
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_fa1dc1539b4180d8\TiWorker.exe (ID: 2016 |ParentID: 680)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 484 |ParentID: 680)
################## | Regedit Run |
Výpis podezřelých položek z klíče [HKLM(HKCU)\Software\Microsoft\Windows\CurrentVersion\Run]
04 – HKCU\..\Run : [bc417da8242d899d911d46b52a2aa2c2] “C:\Users\SosVirus\AppData\Local\Temp\svchots.exe” ..
04 – HKCU\..\Run : [0ed9b0dd4f968cc32d4e7c0293ea9e57] “C:\Users\SosVirus\AppData\Roaming\Systwm.exe” ..
04 – HKCU\..\Run : [b463fa29ba63b297b9177c677944ff44] “C:\Users\SosVirus\AppData\Roaming\trsa.exe” ..
04 – HKLM\..\RunOnce : []
04 – HKU\S-1-5-21-3326037888-2103832623-3606209763-1001\..\Run : [bc417da8242d899d911d46b52a2aa2c2] “C:\Users\SosVirus\AppData\Local\Temp\svchots.exe” ..
04 – HKU\S-1-5-21-3326037888-2103832623-3606209763-1001\..\Run : [0ed9b0dd4f968cc32d4e7c0293ea9e57] “C:\Users\SosVirus\AppData\Roaming\Systwm.exe” ..
04 – HKU\S-1-5-21-3326037888-2103832623-3606209763-1001\..\Run : [b463fa29ba63b297b9177c677944ff44] “C:\Users\SosVirus\AppData\Roaming\trsa.exe” ..
################## | Generic Research |
Seznam smazaných položek USBFixem
Deleted ! C:\Users\SosVirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0ed9b0dd4f968cc32d4e7c0293ea9e57.exe
Deleted ! C:\Users\SosVirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b463fa29ba63b297b9177c677944ff44.exe
Deleted ! C:\Users\SosVirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bc417da8242d899d911d46b52a2aa2c2.exe
Deleted ! E:\My Picture.SCR
Deleted ! E:\set.vbs
Deleted ! C:\Users\SosVirus\AppData\Roaming\trsa.exe
Deleted ! C:\Users\SosVirus\AppData\Roaming\trsa.exe.tmp
Deleted ! E:\0ed9b0dd4f968cc32d4e7c0293ea9e57.exe
Deleted ! E:\29d6ad028fa7e9945b60c9f480764362.zip.lnk
Deleted ! E:\3dcedd76b1f542ec14094a9afe39a1b2.zip.lnk
Deleted ! E:\8bf5931005ec23184864abaa42a2cd18.zip.lnk
Deleted ! E:\b114764aa3567a0bb3a22a8374b3d46b.zip.lnk
Deleted ! E:\set.vbs.lnk
Deleted ! C:\Users\SosVirus\AppData\Local\Temp\svchots.exe
Deleted ! C:\Users\SosVirus\AppData\Roaming\Systwm.exe
Deleted ! C:\Users\SosVirus\Desktop\29d6ad028fa7e9945b60c9f480764362\set.vbs
Deleted ! C:\Users\SosVirus\Desktop\3dcedd76b1f542ec14094a9afe39a1b2\bc417da8242d899d911d46b52a2aa2c2.exe
Deleted ! C:\Users\SosVirus\Desktop\8bf5931005ec23184864abaa42a2cd18\b463fa29ba63b297b9177c677944ff44.exe
Deleted ! C:\Users\SosVirus\Desktop\b114764aa3567a0bb3a22a8374b3d46b\0ed9b0dd4f968cc32d4e7c0293ea9e57.exe
(!) Temporary files deleted.
################## | Registry |
Seznam smazaných zápisů registru
Deleted ! HKCU\Software\0ed9b0dd4f968cc32d4e7c0293ea9e57
Deleted ! HKCU\Software\b463fa29ba63b297b9177c677944ff44
Deleted ! HKCU\Software\bc417da8242d899d911d46b52a2aa2c2
Repaired ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 1
Repaired ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 5
Deleted ! HKU\S-1-5-21-3326037888-2103832623-3606209763-1001\Software\Microsoft\Windows\CurrentVersion\Run|0ed9b0dd4f968cc32d4e7c0293ea9e57
Deleted ! HKU\S-1-5-21-3326037888-2103832623-3606209763-1001\Software\Microsoft\Windows\CurrentVersion\Run|b463fa29ba63b297b9177c677944ff44
Deleted ! HKU\S-1-5-21-3326037888-2103832623-3606209763-1001\Software\Microsoft\Windows\CurrentVersion\Run|bc417da8242d899d911d46b52a2aa2c2
################## | UsbFix – Information |
Doplňující informace USBFixu - zde varování o nákaze keyloggerem
UsbFix has detected on your computer, an infection which a Keylogger function.
After cleaning with UsbFix, please modify all your passwords.
If you made purchases on Internet,
please contact your bank to enviseager an opposition on your bank card.
Info (Fr) :
http://www.sosvirus.net/infection-dinih ... t4852.html
Info (Fr) :
http://www.sosvirus.net/les-infections- ... t4948.html
################## | Listing |
Výpis souborů a složek na kořenové úrovni
[07/02/2014 - 21:28:28 | SHD] – C:\$Recycle.Bin
[30/09/2013 - 05:24:45 | RASH | 389 Ko] – C:\bootmgr
[18/06/2013 - 13:18:29 | N | 0 Ko] – C:\BOOTNXT
[22/08/2013 - 15:45:52 | SHD] – C:\Documents and Settings
[14/02/2014 - 11:15:18 | ASH | 1677300 Ko] – C:\hiberfil.sys
[14/02/2014 - 11:15:19 | ASH | 1179648 Ko] – C:\pagefile.sys
[22/08/2013 - 16:22:35 | D] – C:\PerfLogs
[14/02/2014 - 10:48:16 | D] – C:\Program Files
[14/02/2014 - 10:48:23 | D] – C:\Program Files (x86)
[08/02/2014 - 14:57:44 | HD] – C:\ProgramData
[14/02/2014 - 11:15:20 | ASH | 262144 Ko] – C:\swapfile.sys
[14/02/2014 - 10:59:51 | SHD] – C:\System Volume Information
[14/02/2014 - 11:01:43 | D] – C:\UsbFix
[08/02/2014 - 14:58:05 | N | 7 Ko | 1BBCDA94C8E4F1F4338CC9C92F4AEED2] – C:\UsbFix [Clean 2] VMWARE.txt
[14/02/2014 - 11:19:09 | A | 7 Ko | 5568C1C29DC7608599E48ABEA2BD0572] – C:\UsbFix [Clean 4] VMWARE.txt
[08/02/2014 - 17:38:10 | N | 2 Ko | 8BBC825E8BD88E8ED481F9A5A9B70930] – C:\UsbFix [Listing 1] VMWARE.txt
[08/02/2014 - 17:38:28 | N | 2 Ko | 443500AE377FD42FA365A14C830A1597] – C:\UsbFix [Listing 2] VMWARE.txt
[08/02/2014 - 14:20:41 | N | 6 Ko | 89B16C2D48414085E6AC534665A0C2E0] – C:\UsbFix [Scan 1] VMWARE.txt
[14/02/2014 - 11:06:42 | N | 8 Ko | C6D99C733C0937DA30EA50DDDBE67A88] – C:\UsbFix [Scan 2] VMWARE.txt
[07/02/2014 - 21:25:08 | D] – C:\Users
[14/02/2014 - 10:51:16 | D] – C:\Windows
[14/02/2014 - 09:53:55 | N | 7 Ko] – E:\29d6ad028fa7e9945b60c9f480764362.zip
[14/02/2014 - 09:53:29 | N | 226 Ko] – E:\3dcedd76b1f542ec14094a9afe39a1b2.zip
[14/02/2014 - 09:52:48 | N | 100 Ko] – E:\8bf5931005ec23184864abaa42a2cd18.zip
[14/02/2014 - 09:53:05 | N | 36 Ko] – E:\b114764aa3567a0bb3a22a8374b3d46b.zip
[17/01/2014 - 09:46:38 | SHD] – E:\System Volume Information
################## | Vaccin |
Info o vytvoření ochranných autorun.inf
E:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
################## | E.O.F |
http://www.en.usbfix.net/ –
http://www.sosvirus.net