Forum Security-X > Désinfections

Suspection de ransomware via le NAS... ? Analyse "FRST"

<< < (2/12) > >>

sypqys:
Même problématique sans simplewall...





toujours pas d'accès au NAS ni à la box, même message d'erreur (voir captures ci-dessus)

sypqys:

Longaripa:
Telechargez Farbar Services Scanner : https://www.bleepingcomputer.com/download/farbar-service-scanner/
Lancez le, cochez toutes les cases
Un rapport va s'afficher , postez le

C'est confirmé, il n'y a pas de malware.

Mais j'ai bien peur que ce soit simplewall qui ait mis la pagaille.
et si en le désinstallant, il a laissé toutes les règles, ca risque de ne pas être simple.

sypqys:

--- Citer ---Farbar Service Scanner Version: 15-06-2022
Ran by Anthony (administrator) on 20-06-2022 at 19:05:42
Running from "C:\Users\jeann\OneDrive\Bureau"
Windows 10 Home  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============


Firewall Disabled Policy:
==================


System Restore:
============


System Restore Policy:
========================


Windows Security:
============


Windows Defender:
==============


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\Drivers\netbt.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\SecurityHealthService.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\\wbem\WMIsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
--- Fin de citation ---

sypqys:
Windows Autoupdate Disabled Policy:
============================
ATTENTION!=====> policy restriction on WindowsUpdate: HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate

Navigation

[0] Index des messages

[#] Page suivante

[*] Page précédente

Sortir du mode mobile