Répondre à : ordinateurs en reseau infectés 2016-09-08T13:21:16+00:00
kamy
Post count: 0

Le Rapport 3

Ordinateur 3 : Banquet 3

############################## | UsbFix V 7.145 | [Suppression]

Utilisateur: BANQUET3 (Administrateur) # BANQUET3
Mis à jour le 17/10/2013 par El Desaparecido – Team SosVirus
Lancé à 16:01:50 | 26/11/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Dell Inc. (0H8367)
CPU: Intel(R) Pentium(R) 4 CPU 2.80GHz
RAM -> [Total : 1014 | Free : 482]
Bios: Dell Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 32-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16736

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Microsoft Security Essentials [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 37 Go (845 Mo libre(s) – 2%) [] # NTFS
D: -> CD-ROM

################## | Regedit Run |

HKLMSOFTWARE | Run : [SoundMan] – SOUNDMAN.EXE
HKLMSOFTWARE | Run : [MSC] – “c:Program FilesMicrosoft Security Clientmsseces.exe” -hide -runkey
HKLMSOFTWARE | Run : [HP Software Update] – C:Program FilesHpHP Software UpdateHPWuSchd2.exe
HKLMSOFTWARE | Run : [] –
HKLMSOFTWARE | Run : [dptracker] – C:Program FilesDigitalPeersCamTrackdptracker.exe
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWARE | PoliciesExplorerrun : [Updates] – “C:UsersBANQUET3Securitiesscan.vbe”
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-21-499432221-384322715-1989701013-1000SOFTWARE | Run : [IDMan] – C:Program FilesInternet Download ManagerIDMan.exe /onboot
HKUS-1-5-21-499432221-384322715-1989701013-1000SOFTWARE | Run : [Facebook Update] – “C:UsersBANQUET3AppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
HKUS-1-5-21-499432221-384322715-1989701013-1000SOFTWARE | Run : [Skype] – “C:Program FilesSkypePhoneSkype.exe” /minimized /regrun
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-21-499432221-384322715-1989701013-1000SOFTWARE | RunOnce : [Bkr] – “C:UsersBANQUET3Microsoftbkr.bat”

################## | Processus Stoppés |

Stoppé! c:Program FilesMicrosoft Security ClientMsMpEng.exe (ID 824 |ParentID 568)
Stoppé! C:WindowsSystem32spoolsv.exe (ID 1488 |ParentID 568)
Stoppé! C:Program FilesTeamViewerVersion8TeamViewer_Service.exe (ID 1836 |ParentID 568)
Stoppé! c:Program FilesMicrosoft Security ClientNisSrv.exe (ID 2252 |ParentID 568)
Stoppé! C:Windowssystem32taskhost.exe (ID 2420 |ParentID 568)
Stoppé! C:Program FilesTeamViewerVersion8TeamViewer.exe (ID 2584 |ParentID 1836)
Stoppé! C:WindowsExplorer.EXE (ID 2680 |ParentID 2632)
Stoppé! C:Program FilesTeamViewerVersion8tv_w32.exe (ID 2940 |ParentID 1836)
Stoppé! C:WindowsSOUNDMAN.EXE (ID 3072 |ParentID 2680)
Stoppé! C:Program FilesMicrosoft Security Clientmsseces.exe (ID 3080 |ParentID 2680)
Stoppé! C:Program FilesHPHP Software Updatehpwuschd2.exe (ID 3208 |ParentID 2680)
Stoppé! C:Program FilesDigitalPeersCamTrackdptracker.exe (ID 3260 |ParentID 2680)
Stoppé! C:Program FilesInternet Download ManagerIDMan.exe (ID 3408 |ParentID 2680)
Stoppé! C:UsersBANQUET3AppDataLocalFacebookUpdateFacebookUpdate.exe (ID 3428 |ParentID 2680)
Stoppé! C:Program FilesSkypePhoneSkype.exe (ID 3444 |ParentID 2680)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID 3632 |ParentID 568)
Stoppé! C:WindowsSystem32WScript.exe (ID 3824 |ParentID 3048)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID 3852 |ParentID 568)
Stoppé! C:Program FilesMozilla Firefoxfirefox.exe (ID 3040 |ParentID 2680)
Stoppé! C:Program FilesMozilla Firefoxplugin-container.exe (ID 1900 |ParentID 3040)
Stoppé! C:Windowssystem32MacromedFlashFlashPlayerPlugin_11_7_700_202.exe (ID 3616 |ParentID 1900)
Stoppé! C:Windowssystem32MacromedFlashFlashPlayerPlugin_11_7_700_202.exe (ID 3980 |ParentID 3616)
Stoppé! C:Program FilesMicrosoft OfficeOffice15EXCEL.EXE (ID 3028 |ParentID 2680)
Stoppé! C:Windowssystem32wuauclt.exe (ID 3020 |ParentID 1080)
Stoppé! C:Program FilesSkypeUpdaterUpdater.exe (ID 3284 |ParentID 568)

################## | Éléments infectieux |

Supprimé! C:Nouveau dossier.lnk
Supprimé! C:UsersBANQUET3AppDataLocalTempscan.vbe
Supprimé! C:UsersBANQUET3AppDataLocalTempCPBA.bat
Supprimé! C:UsersBANQUET3MicrosoftPC_BOOSTER.vbe
Supprimé! C:UsersBANQUET3Microsoftsys32.bin
Supprimé! C:UsersBANQUET3Securities
Supprimé! C:usbdriver.vbe
Supprimé! C:autorun.inf
Supprimé! C:UsersBANQUET3DesktopMananzaPC_BOOSTER.vbe
Supprimé! C:UsersPC_BOOSTER.vbe

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKUS-1-5-21-499432221-384322715-1989701013-1000SoftwareMicrosoftWindowsCurrentVersionPoliciesSystem|DisableRegistryTools
Supprimé! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun|Updates
Supprimé! HKCU….ExplorerMountPoints2E
Supprimé! HKCU….ExplorerMountPoints2{5c9dbda7-9777-11e2-99d5-00123f5c4b70}

################## | Listing |

[01/01/2013 – 11:06:22 | SHD ] C:$Recycle.Bin
[10/06/2009 – 21:42:20 | N | 24] C:autoexec.bat
[05/09/2013 – 07:50:45 | D ] C:b0fd16ce13f766ea48
[10/06/2009 – 21:42:20 | N | 10] C:config.sys
[14/07/2009 – 04:53:55 | SHD ] C:Documents and Settings
[26/11/2013 – 08:07:57 | ASH | 797552640] C:hiberfil.sys
[01/01/2013 – 12:27:11 | D ] C:Intel
[17/10/2013 – 20:22:54 | N | 0] C:IO.SYS
[17/10/2013 – 20:22:54 | N | 0] C:MSDOS.SYS
[01/01/2013 – 13:33:01 | RHD ] C:MSOCache
[26/11/2013 – 08:07:58 | ASH | 484610048] C:pagefile.sys
[14/07/2009 – 02:37:05 | D ] C:PerfLogs
[22/11/2013 – 08:47:14 | D ] C:Program Files
[22/11/2013 – 08:47:46 | HD ] C:ProgramData
[01/01/2013 – 11:06:00 | SHD ] C:Recovery
[25/11/2013 – 09:24:40 | SHD ] C:System Volume Information
[26/11/2013 – 16:09:09 | D ] C:UsbFix
[26/11/2013 – 16:12:11 | A | 6283] C:UsbFix [Clean 1] BANQUET3.txt
[25/11/2013 – 15:59:05 | N | 6576] C:UsbFix [Scan 1] BANQUET3.txt
[26/11/2013 – 16:08:46 | D ] C:Users
[18/11/2013 – 23:05:13 | D ] C:Windows

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |