idriss
Nombre d'articles : 0
Spoiler for 285z02jx

############################## | UsbFix V 7.144 | [Research]

User: BAMBABADRA (Administrator) # IDRISS
Updated 08/10/2013 by El Desaparecido – Team SosVirus
Started at 13:06:51 | 13/10/2013

Website: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Hewlett-Packard (17F6)
CPU: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
RAM -> [Total : 3976 | Free : 1338]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft Windows 8 Professionnel (6.2.9200 64-Bit) #
WB: Windows Internet Explorer 10.0.9200.16688

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | (!) Outdated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Fixed drive # 449 Gb (272 Mb free – 60%) [OS] # NTFS
D: -> Fixed drive # 2 Gb (2 Mb free – 100%) [HP_TOOLS] # FAT32
E: -> CD-ROM
F: -> Fixed drive # 13 Gb (13 Mb free – 99%) [HP_RECOVERY] # NTFS
H: -> Removable drive # 7 Gb (7 Mb free – 100%) [IDRISS] # FAT32

################## | Active Processes |

C:Windowssystem32csrss.exe (ID 528 |ParentID 452)
C:Windowssystem32wininit.exe (ID 580 |ParentID 452)
C:Windowssystem32csrss.exe (ID 588 |ParentID 572)
C:Windowssystem32winlogon.exe (ID 616 |ParentID 572)
C:Windowssystem32services.exe (ID 672 |ParentID 580)
C:Windowssystem32lsass.exe (ID 680 |ParentID 580)
C:Windowssystem32svchost.exe (ID 788 |ParentID 672)
C:Windowssystem32svchost.exe (ID 864 |ParentID 672)
c:Program FilesHewlett-PackardHP ProtectTools Security ManagerBinDpHostW.exe (ID 916 |ParentID 672)
C:Windowssystem32dwm.exe (ID 944 |ParentID 616)
C:WindowsSystem32svchost.exe (ID 980 |ParentID 672)
C:Windowssystem32svchost.exe (ID 364 |ParentID 672)
C:Windowssystem32svchost.exe (ID 536 |ParentID 672)
C:WindowsSystem32svchost.exe (ID 1016 |ParentID 672)
C:Program FilesIDTWDMSTacSV64.exe (ID 1084 |ParentID 672)
C:Windowssystem32Hpservice.exe (ID 1248 |ParentID 672)
C:Windowssystem32vcsFPService.exe (ID 1296 |ParentID 672)
C:Windowssystem32svchost.exe (ID 1368 |ParentID 672)
C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID 1468 |ParentID 672)
C:WindowsSystem32spoolsv.exe (ID 1796 |ParentID 672)
C:Windowssystem32svchost.exe (ID 1848 |ParentID 672)
C:Program Files (x86)Bluetooth Suiteadminservice.exe (ID 1980 |ParentID 672)
C:Program FilesBonjourmDNSResponder.exe (ID 2008 |ParentID 672)
C:Program Files (x86)Hewlett-PackardHP Hotkey SupportHPHotkeyMonitor.exe (ID 1208 |ParentID 672)
C:ProgramDataDatacardServiceHWDeviceService64.exe (ID 1096 |ParentID 672)
c:Program FilesInteliCLS ClientHeciServer.exe (ID 1500 |ParentID 672)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe (ID 1648 |ParentID 672)
C:Windowssystem32taskhostex.exe (ID 2276 |ParentID 672)
C:Program FilesSynapticsSynTPSynTPEnh.exe (ID 2392 |ParentID 672)
c:Program Files (x86)Hewlett-PackardHP ProtectTools Security ManagerBinDPAgent.exe (ID 2456 |ParentID 616)
C:ProgramDataDatacardServiceDCSHelper.exe (ID 2476 |ParentID 1096)
C:ProgramDataMobile PartnerOnlineUpdateouc.exe (ID 2596 |ParentID 1040)
C:Program Files (x86)PDF Completepdfsvc.exe (ID 2656 |ParentID 672)
C:Windowssystem32svchost.exe (ID 2844 |ParentID 672)
C:Program Files (x86)TeamViewerVersion8TeamViewer_Service.exe (ID 2908 |ParentID 672)
C:Program Files (x86)Bluetooth SuiteAth_CoexAgent.exe (ID 1580 |ParentID 672)
C:Windowssystem32SearchIndexer.exe (ID 3144 |ParentID 672)
C:Windowssystem32svchost.exe (ID 3192 |ParentID 672)
C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe (ID 3272 |ParentID 672)
C:Windowssystem32wbemunsecapp.exe (ID 3356 |ParentID 788)
C:WindowsSystem32WUDFHost.exe (ID 3696 |ParentID 1016)
C:Windowssystem32wbemwmiprvse.exe (ID 3792 |ParentID 788)
C:PROGRAM FILESSYNAPTICSSYNTPSYNTPHELPER.EXE (ID 3884 |ParentID 2684)
C:WindowsSystem32igfxtray.exe (ID 4028 |ParentID 2444)
C:WindowsSystem32hkcmd.exe (ID 2468 |ParentID 2444)
C:WindowsSystem32igfxpers.exe (ID 3552 |ParentID 2444)
C:Program FilesIDTWDMsttray64.exe (ID 1584 |ParentID 2444)
C:Program Files (x86)SkypePhoneSkype.exe (ID 3568 |ParentID 2444)
C:WindowsSystem32WUDFHost.exe (ID 3292 |ParentID 1016)
C:WindowsSystem32wscript.exe (ID 4120 |ParentID 2444)
C:Program Files (x86)uTorrentuTorrent.exe (ID 4180 |ParentID 2444)
C:Program Files (x86)Microsoft OfficeOffice14ONENOTEM.EXE (ID 4212 |ParentID 2444)
C:UsersBAMBABADRAAppDataLocalGoogleUpdate1.3.21.165GoogleCrashHandler.exe (ID 4364 |ParentID 3572)
C:Program Files (x86)Hewlett-PackardHP Hotkey SupportQLBController.exe (ID 4532 |ParentID 4196)
C:Program Files (x86)HP HD Webcam DriverMonitor.exe (ID 4544 |ParentID 4196)
C:Program Files (x86)CyberLinkPower2Go8CLMLSvc_P2G8.exe (ID 4572 |ParentID 4196)
C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe (ID 4708 |ParentID 4196)
c:Program FilesHewlett-PackardHP ProtectTools Security ManagerBinDPAgent.exe (ID 4716 |ParentID 2456)
C:Program Files (x86)Ask.comUpdaterUpdater.exe (ID 4816 |ParentID 4196)
C:UsersBAMBABADRAAppDataLocalGoogleUpdate1.3.21.165GoogleCrashHandler64.exe (ID 4856 |ParentID 3572)
C:Program Files (x86)iTunesiTunesHelper.exe (ID 4900 |ParentID 4196)
C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID 4980 |ParentID 4196)
C:Program Files (x86)iPodbiniPodService.exe (ID 3760 |ParentID 672)
C:Program Files (x86)Bluetooth SuiteBtTray.exe (ID 4936 |ParentID 4000)
C:Program Files (x86)Bluetooth SuiteBtvStack.exe (ID 4784 |ParentID 4000)
C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe (ID 5388 |ParentID 672)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsFWServiceIntelMeFWService.exe (ID 5448 |ParentID 672)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID 5468 |ParentID 672)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID 5540 |ParentID 672)
C:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe (ID 5088 |ParentID 672)
C:Windowssystem32dashost.exe (ID 2244 |ParentID 1016)
C:Program Files (x86)ISPCEISPCE-2.2.exe (ID 6120 |ParentID 2444)
C:Windowssystem32wbemwmiprvse.exe (ID 1808 |ParentID 788)
C:Program Files (x86)Hewlett-PackardHP Support FrameworkHPSF.exe (ID 6596 |ParentID 2444)
C:Program Files (x86)Le Grand RobertgrwinHyper.exe (ID 5244 |ParentID 5308)
C:WindowsSystem32WUDFHost.exe (ID 1860 |ParentID 1016)
C:Windowsexplorer.exe (ID 6556 |ParentID 616)
C:Windowssystem32taskhost.exe (ID 2236 |ParentID 672)
C:Program Files (x86)Mobile PartnerMobile Partner.exe (ID 5828 |ParentID 6556)
C:UsersBAMBABADRAAppDataLocalGoogleChromeApplicationchrome.exe (ID 5432 |ParentID 2764)
C:UsersBAMBABADRAAppDataLocalGoogleChromeApplicationchrome.exe (ID 1392 |ParentID 5432)
C:UsersBAMBABADRAAppDataLocalGoogleChromeApplicationchrome.exe (ID 6728 |ParentID 5432)
C:UsersBAMBABADRAAppDataLocalGoogleChromeApplicationchrome.exe (ID 6068 |ParentID 5432)
C:UsersBAMBABADRAAppDataLocalGoogleChromeApplicationchrome.exe (ID 3572 |ParentID 5432)
C:UsersBAMBABADRADesktopUltra Surf 1301 Mega-Games1.exe (ID 6624 |ParentID 6556)
C:Windowssystem32SearchProtocolHost.exe (ID 5224 |ParentID 3144)
C:UsersBAMBABADRAAppDataLocalGoogleChromeApplicationchrome.exe (ID 7144 |ParentID 5432)
C:UsersBAMBABADRAAppDataLocalGoogleChromeApplicationchrome.exe (ID 6532 |ParentID 5432)
C:UsersBAMBABADRAAppDataLocalGoogleChromeApplicationchrome.exe (ID 5352 |ParentID 5432)
C:Program Files (x86)Cheat Engine 6.3cheatengine-x86_64.exe (ID 6204 |ParentID 1136)
C:UsersBAMBABADRAAppDataLocalGoogleChromeApplicationchrome.exe (ID 4956 |ParentID 5432)
C:Program Files (x86)Windows Media Playerwmplayer.exe (ID 6512 |ParentID 788)
C:Windowssystem32SearchFilterHost.exe (ID 8688 |ParentID 3144)
C:UsbFixGo.exe (ID 9244 |ParentID 8708)
C:Windowssystem32svchost.exe (ID 9644 |ParentID 672)
C:Windowssystem32DllHost.exe (ID 9776 |ParentID 788)

################## | Regedit Run |

HKLMSOFTWARE | Run : [PDF Complete] – C:Program Files (x86)PDF Completepdfsty.exe
HKLMSOFTWARE | Run : [QLBController] – C:Program Files (x86)Hewlett-PackardHP Hotkey SupportQLBController.exe /start
HKLMSOFTWARE | Run : [] –
HKLMSOFTWARE | Run : [HP HD Webcam Driver_Monitor] – C:Program Files (x86)HP HD Webcam Drivermonitor.exe
HKLMSOFTWARE | Run : [CLMLServer_For_P2G8] – “c:Program Files (x86)CyberLinkPower2Go8CLMLSvc_P2G8.exe”
HKLMSOFTWARE | Run : [CLVirtualDrive] – “c:Program Files (x86)CyberLinkPower2Go8VirtualDrive.exe” /R
HKLMSOFTWARE | Run : [RemoteControl10] – “c:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe”
HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe”
HKLMSOFTWARE | Run : [ApnUpdater] – “C:Program Files (x86)Ask.comUpdaterUpdater.exe”
HKLMSOFTWARE | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
HKLMSOFTWARE | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
HKLMSOFTWAREwow6432Node | Run : [PDF Complete] – C:Program Files (x86)PDF Completepdfsty.exe
HKLMSOFTWAREwow6432Node | Run : [QLBController] – C:Program Files (x86)Hewlett-PackardHP Hotkey SupportQLBController.exe /start
HKLMSOFTWAREwow6432Node | Run : [] –
HKLMSOFTWAREwow6432Node | Run : [HP HD Webcam Driver_Monitor] – C:Program Files (x86)HP HD Webcam Drivermonitor.exe
HKLMSOFTWAREwow6432Node | Run : [CLMLServer_For_P2G8] – “c:Program Files (x86)CyberLinkPower2Go8CLMLSvc_P2G8.exe”
HKLMSOFTWAREwow6432Node | Run : [CLVirtualDrive] – “c:Program Files (x86)CyberLinkPower2Go8VirtualDrive.exe” /R
HKLMSOFTWAREwow6432Node | Run : [RemoteControl10] – “c:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe”
HKLMSOFTWAREwow6432Node | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe”
HKLMSOFTWAREwow6432Node | Run : [ApnUpdater] – “C:Program Files (x86)Ask.comUpdaterUpdater.exe”
HKLMSOFTWAREwow6432Node | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
HKLMSOFTWAREwow6432Node | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
HKLMSOFTWAREwow6432Node | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKUS-1-5-21-1993135528-1120135855-3366920663-1002SOFTWARE | Run : [Skype] – “C:Program Files (x86)SkypePhoneSkype.exe” /nosplash /minimized
HKUS-1-5-21-1993135528-1120135855-3366920663-1002SOFTWARE | Run : [Google Update] – “C:UsersBAMBABADRAAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
HKUS-1-5-21-1993135528-1120135855-3366920663-1002SOFTWARE | Run : [xGyreppr] – wscript.exe //B “C:UsersBAMBAB~1AppDataLocalTempxGyreppr.vbs”
HKUS-1-5-21-1993135528-1120135855-3366920663-1002SOFTWARE | Run : [Facebook Update] – “C:UsersBAMBABADRAAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
HKUS-1-5-21-1993135528-1120135855-3366920663-1002SOFTWARE | Run : [uTorrent] – “C:Program Files (x86)uTorrentuTorrent.exe”

################## | Files # Infected Folders |

Found ! H:xGyreppr.vbs
Found ! C:UsersBAMBAB~1AppDataLocalTempxGyreppr.vbs
Found ! C:UsersBAMBABADRAAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupxGyreppr.vbs
Found ! H:482.lnk
Found ! C:UsersBAMBABADRAAppDataRoamingTemp
Found ! C:UsersBAMBABADRAAppDataLocalTempxGyreppr.vbs

################## | Registry |

Found ! HKUS-1-5-21-1993135528-1120135855-3366920663-1002SoftwareMicrosoftWindowsCurrentVersionRun|xGyreppr
Found ! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|xGyreppr
Found ! HKUS-1-5-21-1993135528-1120135855-3366920663-1002SoftwareMicrosoftWindowsCurrentVersionRun|xGyreppr
Found ! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|xGyreppr
Found ! HKUS-1-5-21-1993135528-1120135855-3366920663-1002SoftwareMicrosoftWindowsCurrentVersionRun|xGyreppr
Found ! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|xGyreppr
HKCU….ExplorerMountPoints2{253f94a4-26f7-11e3-be7b-74e543ebb7ea}
ShellAutoRunCommand = “G:.Setup.exe” AUTORUN=1

################## | Vaccin |

(!) This computer is not vaccinated!

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:285z02jx]