Répondre à : virus 2016-09-08T13:09:02+00:00
idriss
Nombre d'articles : 0

[spoiler:2yy1yo2k]############################## | UsbFix V 7.144 | [Deletion]

User: BAMBABADRA (Administrator) # IDRISS
Updated 08/10/2013 by El Desaparecido – Team SosVirus
Started at 14:19:49 | 13/10/2013

Website: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Hewlett-Packard (17F6)
CPU: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
RAM -> [Total : 3976 | Free : 1070]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft Windows 8 Professionnel (6.2.9200 64-Bit) #
WB: Windows Internet Explorer 10.0.9200.16688

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | (!) Outdated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Fixed drive # 449 Gb (271 Mb free – 60%) [OS] # NTFS
D: -> Fixed drive # 2 Gb (2 Mb free – 100%) [HP_TOOLS] # FAT32
E: -> CD-ROM
F: -> Fixed drive # 13 Gb (13 Mb free – 99%) [HP_RECOVERY] # NTFS
H: -> Removable drive # 7 Gb (7 Mb free – 100%) [IDRISS] # FAT32

################## | Regedit Run |

HKLMSOFTWARE | Run : [PDF Complete] – C:Program Files (x86)PDF Completepdfsty.exe
HKLMSOFTWARE | Run : [QLBController] – C:Program Files (x86)Hewlett-PackardHP Hotkey SupportQLBController.exe /start
HKLMSOFTWARE | Run : [] –
HKLMSOFTWARE | Run : [HP HD Webcam Driver_Monitor] – C:Program Files (x86)HP HD Webcam Drivermonitor.exe
HKLMSOFTWARE | Run : [CLMLServer_For_P2G8] – “c:Program Files (x86)CyberLinkPower2Go8CLMLSvc_P2G8.exe”
HKLMSOFTWARE | Run : [CLVirtualDrive] – “c:Program Files (x86)CyberLinkPower2Go8VirtualDrive.exe” /R
HKLMSOFTWARE | Run : [RemoteControl10] – “c:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe”
HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe”
HKLMSOFTWARE | Run : [ApnUpdater] – “C:Program Files (x86)Ask.comUpdaterUpdater.exe”
HKLMSOFTWARE | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
HKLMSOFTWARE | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
HKLMSOFTWAREwow6432Node | Run : [PDF Complete] – C:Program Files (x86)PDF Completepdfsty.exe
HKLMSOFTWAREwow6432Node | Run : [QLBController] – C:Program Files (x86)Hewlett-PackardHP Hotkey SupportQLBController.exe /start
HKLMSOFTWAREwow6432Node | Run : [] –
HKLMSOFTWAREwow6432Node | Run : [HP HD Webcam Driver_Monitor] – C:Program Files (x86)HP HD Webcam Drivermonitor.exe
HKLMSOFTWAREwow6432Node | Run : [CLMLServer_For_P2G8] – “c:Program Files (x86)CyberLinkPower2Go8CLMLSvc_P2G8.exe”
HKLMSOFTWAREwow6432Node | Run : [CLVirtualDrive] – “c:Program Files (x86)CyberLinkPower2Go8VirtualDrive.exe” /R
HKLMSOFTWAREwow6432Node | Run : [RemoteControl10] – “c:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe”
HKLMSOFTWAREwow6432Node | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe”
HKLMSOFTWAREwow6432Node | Run : [ApnUpdater] – “C:Program Files (x86)Ask.comUpdaterUpdater.exe”
HKLMSOFTWAREwow6432Node | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
HKLMSOFTWAREwow6432Node | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
HKLMSOFTWAREwow6432Node | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKUS-1-5-21-1993135528-1120135855-3366920663-1002SOFTWARE | Run : [Skype] – “C:Program Files (x86)SkypePhoneSkype.exe” /nosplash /minimized
HKUS-1-5-21-1993135528-1120135855-3366920663-1002SOFTWARE | Run : [Google Update] – “C:UsersBAMBABADRAAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
HKUS-1-5-21-1993135528-1120135855-3366920663-1002SOFTWARE | Run : [xGyreppr] – wscript.exe //B “C:UsersBAMBAB~1AppDataLocalTempxGyreppr.vbs”
HKUS-1-5-21-1993135528-1120135855-3366920663-1002SOFTWARE | Run : [Facebook Update] – “C:UsersBAMBABADRAAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
HKUS-1-5-21-1993135528-1120135855-3366920663-1002SOFTWARE | Run : [uTorrent] – “C:Program Files (x86)uTorrentuTorrent.exe”

################## | Stopped processes |

Stopped! c:Program FilesHewlett-PackardHP ProtectTools Security ManagerBinDpHostW.exe (ID 916 |ParentID 672)
Stopped! C:Program FilesIDTWDMSTacSV64.exe (ID 1084 |ParentID 672)
Stopped! C:Windowssystem32Hpservice.exe (ID 1248 |ParentID 672)
Stopped! C:Windowssystem32vcsFPService.exe (ID 1296 |ParentID 672)
Stopped! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID 1468 |ParentID 672)
Stopped! C:WindowsSystem32spoolsv.exe (ID 1796 |ParentID 672)
Stopped! C:Program Files (x86)Bluetooth Suiteadminservice.exe (ID 1980 |ParentID 672)
Stopped! C:Program FilesBonjourmDNSResponder.exe (ID 2008 |ParentID 672)
Stopped! C:Program Files (x86)Hewlett-PackardHP Hotkey SupportHPHotkeyMonitor.exe (ID 1208 |ParentID 672)
Stopped! C:ProgramDataDatacardServiceHWDeviceService64.exe (ID 1096 |ParentID 672)
Stopped! c:Program FilesInteliCLS ClientHeciServer.exe (ID 1500 |ParentID 672)
Stopped! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe (ID 1648 |ParentID 672)
Stopped! C:Windowssystem32taskhostex.exe (ID 2276 |ParentID 672)
Stopped! C:Program FilesSynapticsSynTPSynTPEnh.exe (ID 2392 |ParentID 672)
Stopped! c:Program Files (x86)Hewlett-PackardHP ProtectTools Security ManagerBinDPAgent.exe (ID 2456 |ParentID 616)
Stopped! C:ProgramDataDatacardServiceDCSHelper.exe (ID 2476 |ParentID 1096)
Stopped! C:ProgramDataMobile PartnerOnlineUpdateouc.exe (ID 2596 |ParentID 1040)
Stopped! C:Program Files (x86)PDF Completepdfsvc.exe (ID 2656 |ParentID 672)
Stopped! C:Program Files (x86)TeamViewerVersion8TeamViewer_Service.exe (ID 2908 |ParentID 672)
Stopped! C:Program Files (x86)Bluetooth SuiteAth_CoexAgent.exe (ID 1580 |ParentID 672)
Stopped! C:Windowssystem32SearchIndexer.exe (ID 3144 |ParentID 672)
Stopped! C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe (ID 3272 |ParentID 672)
Stopped! C:WindowsSystem32WUDFHost.exe (ID 3696 |ParentID 1016)
Stopped! C:PROGRAM FILESSYNAPTICSSYNTPSYNTPHELPER.EXE (ID 3884 |ParentID 2684)
Stopped! C:WindowsSystem32igfxtray.exe (ID 4028 |ParentID 2444)
Stopped! C:WindowsSystem32hkcmd.exe (ID 2468 |ParentID 2444)
Stopped! C:WindowsSystem32igfxpers.exe (ID 3552 |ParentID 2444)
Stopped! C:Program FilesIDTWDMsttray64.exe (ID 1584 |ParentID 2444)
Stopped! C:Program Files (x86)SkypePhoneSkype.exe (ID 3568 |ParentID 2444)
Stopped! C:WindowsSystem32WUDFHost.exe (ID 3292 |ParentID 1016)
Stopped! C:WindowsSystem32wscript.exe (ID 4120 |ParentID 2444)
Stopped! C:Program Files (x86)uTorrentuTorrent.exe (ID 4180 |ParentID 2444)
Stopped! C:Program Files (x86)Microsoft OfficeOffice14ONENOTEM.EXE (ID 4212 |ParentID 2444)
Stopped! C:UsersBAMBABADRAAppDataLocalGoogleUpdate1.3.21.165GoogleCrashHandler.exe (ID 4364 |ParentID 3572)
Stopped! C:Program Files (x86)Hewlett-PackardHP Hotkey SupportQLBController.exe (ID 4532 |ParentID 4196)
Stopped! C:Program Files (x86)HP HD Webcam DriverMonitor.exe (ID 4544 |ParentID 4196)
Stopped! C:Program Files (x86)CyberLinkPower2Go8CLMLSvc_P2G8.exe (ID 4572 |ParentID 4196)
Stopped! C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe (ID 4708 |ParentID 4196)
Stopped! c:Program FilesHewlett-PackardHP ProtectTools Security ManagerBinDPAgent.exe (ID 4716 |ParentID 2456)
Stopped! C:Program Files (x86)Ask.comUpdaterUpdater.exe (ID 4816 |ParentID 4196)
Stopped! C:UsersBAMBABADRAAppDataLocalGoogleUpdate1.3.21.165GoogleCrashHandler64.exe (ID 4856 |ParentID 3572)
Stopped! C:Program Files (x86)iTunesiTunesHelper.exe (ID 4900 |ParentID 4196)
Stopped! C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID 4980 |ParentID 4196)
Stopped! C:Program Files (x86)iPodbiniPodService.exe (ID 3760 |ParentID 672)
Stopped! C:Program Files (x86)Bluetooth SuiteBtTray.exe (ID 4936 |ParentID 4000)
Stopped! C:Program Files (x86)Bluetooth SuiteBtvStack.exe (ID 4784 |ParentID 4000)
Stopped! C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe (ID 5388 |ParentID 672)
Stopped! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsFWServiceIntelMeFWService.exe (ID 5448 |ParentID 672)
Stopped! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID 5468 |ParentID 672)
Stopped! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID 5540 |ParentID 672)
Stopped! C:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe (ID 5088 |ParentID 672)
Stopped! C:Windowssystem32dashost.exe (ID 2244 |ParentID 1016)
Stopped! C:Program Files (x86)ISPCEISPCE-2.2.exe (ID 6120 |ParentID 2444)
Stopped! C:Program Files (x86)Hewlett-PackardHP Support FrameworkHPSF.exe (ID 6596 |ParentID 2444)
Stopped! C:Program Files (x86)Le Grand RobertgrwinHyper.exe (ID 5244 |ParentID 5308)
Stopped! C:WindowsSystem32WUDFHost.exe (ID 1860 |ParentID 1016)
Stopped! C:Windowssystem32taskhost.exe (ID 2236 |ParentID 672)
Stopped! C:Program Files (x86)Mobile PartnerMobile Partner.exe (ID 5828 |ParentID 6556)
Stopped! C:UsersBAMBABADRAAppDataLocalGoogleChromeApplicationchrome.exe (ID 5432 |ParentID 2764)
Stopped! C:UsersBAMBABADRAAppDataLocalGoogleChromeApplicationchrome.exe (ID 1392 |ParentID 5432)
Stopped! C:UsersBAMBABADRAAppDataLocalGoogleChromeApplicationchrome.exe (ID 6728 |ParentID 5432)
Stopped! C:UsersBAMBABADRAAppDataLocalGoogleChromeApplicationchrome.exe (ID 6068 |ParentID 5432)
Stopped! C:UsersBAMBABADRAAppDataLocalGoogleChromeApplicationchrome.exe (ID 3572 |ParentID 5432)
Stopped! C:UsersBAMBABADRADesktopUltra Surf 1301 Mega-Games1.exe (ID 6624 |ParentID 6556)
Stopped! C:Windowssystem32SearchProtocolHost.exe (ID 5224 |ParentID 3144)
Stopped! C:UsersBAMBABADRAAppDataLocalGoogleChromeApplicationchrome.exe (ID 7144 |ParentID 5432)
Stopped! C:UsersBAMBABADRAAppDataLocalGoogleChromeApplicationchrome.exe (ID 6532 |ParentID 5432)
Stopped! C:UsersBAMBABADRAAppDataLocalGoogleChromeApplicationchrome.exe (ID 5352 |ParentID 5432)
Stopped! C:Program Files (x86)Cheat Engine 6.3cheatengine-x86_64.exe (ID 6204 |ParentID 1136)
Stopped! C:UsersBAMBABADRAAppDataLocalGoogleChromeApplicationchrome.exe (ID 4956 |ParentID 5432)
Stopped! C:Program Files (x86)Windows Media Playerwmplayer.exe (ID 6512 |ParentID 788)
Stopped! C:WindowsSysWOW64NOTEPAD.EXE (ID 8208 |ParentID 9244)
Stopped! C:UsersBAMBABADRAAppDataLocalGoogleChromeApplicationchrome.exe (ID 9212 |ParentID 5432)
Stopped! C:Program FilesInternet ExplorerIEXPLORE.EXE (ID 4200 |ParentID 9568)
Stopped! C:Program Files (x86)Internet ExplorerIEXPLORE.EXE (ID 2800 |ParentID 4200)
Stopped! C:WindowsSystem32MacromedFlashFlashUtil_ActiveX.exe (ID 9772 |ParentID 788)
Stopped! C:UsersBAMBABADRAAppDataLocalGoogleChromeApplicationchrome.exe (ID 9864 |ParentID 5432)
Stopped! C:UsersBAMBABADRAAppDataLocalGoogleChromeApplicationchrome.exe (ID 10808 |ParentID 5432)
Stopped! C:UsersBAMBABADRAAppDataLocalGoogleChromeApplicationchrome.exe (ID 8104 |ParentID 5432)

################## | Files # Infected Folders |

Deleted ! H:xGyreppr.vbs
Deleted ! C:UsersBAMBAB~1AppDataLocalTempxGyreppr.vbs
Deleted ! C:UsersBAMBABADRAAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupxGyreppr.vbs
Deleted ! C:UsersBAMBABADRAAppDataRoamingTemp

(!) Temporary files deleted.

################## | Registry |

Deleted ! HKUS-1-5-21-1993135528-1120135855-3366920663-1002SoftwareMicrosoftWindowsCurrentVersionRun|xGyreppr
Deleted ! HKCU….ExplorerMountPoints2{253f94a4-26f7-11e3-be7b-74e543ebb7ea}

################## | Listing |

[28/09/2013 – 00:19:45 | SHD ] C:$RECYCLE.BIN
[28/09/2013 – 11:17:29 | D ] C:$SysReset
[01/08/2012 – 15:22:38 | SHD ] C:Boot
[25/07/2012 – 20:44:30 | RASH | 398156] C:bootmgr
[02/06/2012 – 07:30:55 | N | 1] C:BOOTNXT
[01/08/2012 – 15:22:40 | RASH | 8192] C:BOOTSECT.BAK
[26/07/2012 – 00:22:08 | SHD ] C:Documents and Settings
[26/09/2013 – 14:53:30 | D ] C:Firefox
[12/10/2013 – 23:00:19 | ASH | 4169371648] C:hiberfil.sys
[08/09/2012 – 02:27:17 | D ] C:hp
[25/09/2013 – 10:47:15 | RHD ] C:MSOCache
[12/10/2013 – 23:00:24 | ASH | 1207959552] C:pagefile.sys
[26/07/2012 – 00:33:46 | D ] C:PerfLogs
[03/10/2013 – 15:33:37 | D ] C:Program Files
[10/10/2013 – 19:36:15 | D ] C:Program Files (x86)
[05/10/2013 – 13:50:30 | HD ] C:ProgramData
[01/08/2012 – 14:59:50 | SHD ] C:Recovery
[12/10/2013 – 23:00:24 | ASH | 268435456] C:swapfile.sys
[04/10/2012 – 13:07:13 | D ] C:swsetup
[13/10/2013 – 09:20:36 | SHD ] C:System Volume Information
[27/09/2013 – 23:24:02 | D ] C:SYSTEM.SAV
[13/10/2013 – 14:21:21 | D ] C:UsbFix
[13/10/2013 – 14:22:25 | A | 13363] C:UsbFix [Clean 1] IDRISS.txt
[13/10/2013 – 13:12:36 | N | 12940] C:UsbFix [Scan 1] IDRISS.txt
[27/09/2013 – 23:20:16 | RD ] C:Users
[13/10/2013 – 09:50:25 | D ] C:Windows
[28/09/2013 – 12:04:02 | D ] C:Windows.old
[03/10/2013 – 13:11:33 | D ] C:[Smad-Cage]
[04/10/2012 – 11:45:10 | N | 33] D:HP_Tools
[04/10/2012 – 12:17:46 | D ] D:Hewlett-Packard
[04/10/2012 – 13:08:46 | SHD ] D:$RECYCLE.BIN
[13/10/2013 – 09:02:46 | SHD ] F:$RECYCLE.BIN
[13/10/2013 – 08:57:09 | SHD ] F:System Volume Information

################## | Vaccin |

C:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
H:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:2yy1yo2k]