Répondre à : Clé USB infectée (fichier = raccourcis) worm:VBS/Jenxcus!lnk 2016-09-08T13:17:16+00:00
Navette
Participant
Nombre d'articles : 5

Bonsoir,

Voici le rapport Shortcut:

¤¤¤¤¤¤¤¤¤¤ | Shortcut_Module 13.11.2013.2 – g3n-h@ckm@n

21:08:11 – 14/11/2013

(1296) — AsLdrSrv.exe
(1304) — wisptis.exe
(1344) — GFNEXSrv.exe
(1488) — taskeng.exe
(1504) — spoolsv.exe
(1664) — armsvc.exe
(1684) — InsOnSrv.exe
(1872) — HeciServer.exe
(1896) — IntelMeFWService.exe
(1916) — Jhi_service.exe
(1052) — WLIDSVC.EXE
(2120) — WLIDSVCM.EXE
(2736) — WUDFHost.exe
(2836) — taskhost.exe
(2852) — HControl.exe
(2864) — InsOnWMI.exe
(2964) — ATKOSD.exe
(2988) — explorer.exe
(3008) — wisptis.exe
(3016) — TabTip.exe
(2200) — taskeng.exe
(2272) — KBFiltr.exe
(2392) — WDC.exe
(348) — sensorsrv.exe
(984) — QuickGesture.exe
(1328) — GoogleUpdate.exe
(388) — BatteryLife.exe
(948) — taskeng.exe
(1152) — ATKOSD2.exe
(2312) — QuickGesture64.exe
(788) — igfxtray.exe
(1216) — hkcmd.exe
(2412) — RAVCpl64.exe
(1408) — ETDCtrl.exe
(632) — msseces.exe
(2716) — sidebar.exe
(3176) — SpotifyWebHelper.exe
(3216) — StikyNot.exe
(3356) — Dropbox.exe
(3400) — soffice.exe
(3460) — soffice.bin
(3556) — iusb3mon.exe
(3664) — SearchIndexer.exe
(3672) — DMedia.exe
(3736) — HControlUser.exe
(3792) — ACMON.exe
(3812) — wcourier.exe
(3832) — CLMLSvc.exe
(3864) — jusched.exe
(3924) — AdobeARM.exe
(4076) — ACEngSvr.exe
(3452) — ETDCtrlHelper.exe
(1020) — ETDGesture.exe
(4908) — LMS.exe
(3472) — wmpnetwk.exe
(5480) — UNS.exe
(872) — firefox.exe
(4780) — InputPersonalization.exe
(1580) — plugin-container.exe
(3692) — FlashPlayerPlugin_11_8_800_168.exe

¤¤¤¤¤¤¤¤¤¤ | Hijack Links

¤¤¤¤¤¤¤¤¤¤ | Hijack Internet Explorer

Repaired : [HKUS-1-5-21-4098225641-1325107529-816653825-1000SoftwareMicrosoftInternet ExplorerMain]|[Start Page] : http://asus.msn.com” onclick=”window.open(this.href);return false; -> http://www.google.com/” onclick=”window.open(this.href);return false;
Repaired : [HKUS-1-5-21-4098225641-1325107529-816653825-1000SoftwareMicrosoftInternet ExplorerMain]|[Local Page] : C:Windowssystem32blank.htm -> C:WindowsSysWOW64blank.htm
Repaired : [HKUS-1-5-21-4098225641-1325107529-816653825-1000SoftwareMicrosoftInternet ExplorerMain]|[Search Page] : http://go.microsoft.com/fwlink/?LinkId=54896” onclick=”window.open(this.href);return false; -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch” onclick=”window.open(this.href);return false;
Repaired : [HKLMSoftwareMicrosoftInternet ExplorerMain]|[Start Page] : http://go.microsoft.com/fwlink/p/?LinkId=255141” onclick=”window.open(this.href);return false; -> http://go.microsoft.com/fwlink/?LinkId=69157” onclick=”window.open(this.href);return false;
Repaired : [HKLMSoftwareMicrosoftInternet ExplorerMain]|[Default_Page_URL] : http://go.microsoft.com/fwlink/p/?LinkId=255141” onclick=”window.open(this.href);return false; -> http://go.microsoft.com/fwlink/?LinkId=69157” onclick=”window.open(this.href);return false;
Repaired : [HKUS-1-5-21-4098225641-1325107529-816653825-1000SoftwareMicrosoftWindowsCurrentVersionInternet settings]|[WarnonZoneCrossing] : 0 -> 1

¤¤¤¤¤¤¤¤¤¤ | Hijack Google Chrome

¤¤¤¤¤¤¤¤¤¤ | Hijack Firefox

¤¤¤¤¤¤¤¤¤¤ | Hijack StartMenuInternet

Repaired : [HKLMSoftwareClientsStartMenuInternetIExplore.exeshellopencommand] : C:Program FilesInternet Exploreriexplore.exe -> “C:Program Files (x86)Internet Exploreriexplore.exe”

¤¤¤¤¤¤¤¤¤¤ | TEMP Files

[Default User] TEMP Files deleted : 0 Ko
[All Users] TEMP Files deleted : 0 Ko
[Default] TEMP Files deleted : 0 Ko
[Public] TEMP Files deleted : 0 Ko
[Administrateur] TEMP Files deleted : 190 Ko
[Chloé Paillard] TEMP Files deleted : 6216 Ko

¤¤¤¤¤¤¤¤¤¤ |EOF| ¤¤¤¤¤¤¤¤¤¤