Répondre à : disque dur externe infecté que faire 2016-09-08T13:19:45+00:00
Photo du profil de TatiTati
Participant
Post count: 11

j ai lancé prescan aussi
etj aiobtenu ceci

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | Saachaa | 3.1118.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

~ ¤¤¤¤¤ XP | Vista | 7 | 8 – 32/64 bits ¤¤¤¤¤ – Start 01:51:11

~ Update on 18/11/2013 | 18.00 by g3n-h@ckm@n
~ Evolution : http://security-helpzone.com/gen-hackman/pre_scan-2/changelog/2013-2/” onclick=”window.open(this.href);return false;
~ Pre_Script Infos : http://security-helpzone.com/gen-hackman/pre_scan-2/les-switchs-pre_script/” onclick=”window.open(this.href);return false;
~ Pre_scan Feedbacks : http://security-helpzone.com/gen-hackman/pre_scan-2/retours-bugs/” onclick=”window.open(this.href);return false;

~ [Fathia2 (Administrator)] – [FATHIA2-PC]
~ SID = S-1-5-21-1447436994-609672689-3196038805-1000

~ System : Windows 7 Ultimate (32 bits) Ultimate
~ ProcessorNameString : Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz
~ Identifier : x86 Family 6 Model 15 Stepping 13

~ Memory RAM = Total (MB) : 3145 | Free (MB) : 2537
~ Pagefile = Total (MB) : 6288 | Free (MB) : 5720
~ Virtual = Total (MB) : 2097 | Free (MB) : 1974

¤¤¤¤¤¤¤¤¤¤ | Boot’s scripts

¤¤¤¤¤¤¤¤¤¤ | Drives

c:-> [Fixed] | [] | Total : 14900 Mo | Free : 3970 Mo -> NTFS
e:-> [Fixed] | [] | Total : 476940 Mo | Free : 235650 Mo -> NTFS

¤¤¤¤¤¤¤¤¤¤ | Windows Updates

Next search : 2008-04-21 04:05:40

~ Service Pack 1 not installed !!!

¤¤¤¤¤¤¤¤¤¤ | Sessions

~ C:Windowssystem32configsystemprofile
~ C:WindowsServiceProfilesLocalService
~ C:WindowsServiceProfilesNetworkService
~ C:UsersFathia2

New restorepoint created

Standby deleted !

¤¤¤¤¤¤¤¤¤¤ | stopped Processes

(2868) — WUDFHost.exe
(2876) — rundll32.exe
(3332) — wmpnetwk.exe
(3356) — SearchIndexer.exe
(3596) — spoolsv.exe
(3696) — sppsvc.exe
(2188) — explorer.exe
(1892) — notepad.exe
(4088) — iexplore.exe
(340) — iexplore.exe
(3792) — iexplore.exe
(3468) — iexplore.exe

Boot : Normal

¤¤¤¤¤¤¤¤¤¤ | Winlogon User : OK !

¤¤¤¤¤¤¤¤¤¤ | Winlogon Machine : OK !

¤¤¤¤¤¤¤¤¤¤ | Associations

Repaired : [HKCRFoldershellopencommand] : %SystemRoot%Explorer.exe -> C:WindowsExplorer.exe

¤

Repaired : [HKLMSoftwareClientsStartMenuInternetIExplore.exeshellopencommand] : C:Program FilesInternet Exploreriexplore.exe -> “C:Program FilesInternet Exploreriexplore.exe”

¤¤¤¤¤¤¤¤¤¤ | Registry

Repaired : [HKUS-1-5-21-1447436994-609672689-3196038805-1000 | Desktop]|[Wallpaper] : -> C:UsersFathia2AppDataRoamingMicrosoftWallpaper1.bmp
Repaired : [HKLMsoftwareMicrosoftWindowsCurrentVersionExplorerHideDesktopIconsNewStartPanel]|[{9343812e-1c37-4a49-a12e-4b2d810d956b}] : 1 -> 0
Repaired : [HKLMsoftwareMicrosoftWindowsCurrentVersionExplorerHideDesktopIconsNewStartPanel]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0
Repaired : [HKLMsoftwareMicrosoftWindowsCurrentVersionExplorerHideDesktopIconsNewStartPanel]|[{20D04FE0-3AEA-1069-A2D8-08002B30309D}] : 1 -> 0
Repaired : [HKLMsoftwareMicrosoftWindowsCurrentVersionExplorerHideDesktopIconsNewStartPanel]|[{208D2C60-3AEA-1069-A2D7-08002B30309D}] : 1 -> 0
Repaired : [HKLMsoftwareMicrosoftWindowsCurrentVersionExplorerHideDesktopIconsNewStartPanel]|[{871C5380-42A0-1069-A2EA-08002B30309D}] : 1 -> 0
Repaired : [HKLMsoftwareMicrosoftWindowsCurrentVersionExplorerHideDesktopIconsNewStartPanel]|[{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}] : 1 -> 0
Repaired : [HKLMsoftwareMicrosoftWindowsCurrentVersionExplorerHideDesktopIconsNewStartPanel]|[{59031a47-3f72-44a7-89c5-5595fe6b30ee}] : 1 -> 0
Repaired : [HKUS-1-5-21-1447436994-609672689-3196038805-1000softwareMicrosoftWindowsCurrentVersionExplorerAdvanced]|[Hidden] : 2 -> 0

¤¤¤¤¤¤¤¤¤¤ | Taskmgr and Registry Access

¤¤¤¤¤¤¤¤¤¤ | SafeBoot | Control | Repair

Safeboot Keys are O.K

Alternate shell is OK !

¤

Safeboot Minimal Subkeys : O.K !

¤

Safeboot Network Subkeys : O.K !

¤¤¤¤¤¤¤¤¤¤ | IFEO

¤¤¤¤¤¤¤¤¤¤ | Mountpoints2

Contenu de E:Autorun.inf :

;
[AutoRun]

;uaAjvVIRFj QJhDGsXnxSyXBrvgTbWabcmpUilwnQFPEwjcjndxloEfP

;NyoFE
sHelLopEnDEfaUlt=1

;vXqUyr
shellOpencommAnd= nwmhvt.exe
;eFSyp
shellExPLoReCommAnd =nwmhvt.exe
;WYvgma lrENAGgvwg AuFU VfbK
opeN =nwmhvt.exe

;fPiMORvDgf SXkJ ymNWQlTVgDatCi
ShellaUToPlAYcOMMaNd = nwmhvt.exe
;klYqH

¤¤¤¤¤¤¤¤¤¤ | Windows

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIniFileMappingsystem.iniBoot]|[Shell] : SYS:MicrosoftWindows NTCurrentVersionWinlogon
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIniFileMappingwin.ini]|[winlogon] : SYS:MicrosoftWindows NTCurrentVersionWinlogon

Winsrv : OK !

[HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows]|[AppInit_DLLS] :
[HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows]|[LoadAppInit_DLLs] : 0

[HKCUSOFTWAREMicrosoftWindows NTCurrentVersionWindows]|[Programs] : com exe bat pif cmd

¤¤¤¤¤¤¤¤¤¤ | Security Center

¤¤¤¤¤¤¤¤¤¤ | Services Corrections

Repaired : [HKLM | ServicesIKEEXT] : 3 -> 2
Repaired : [HKLM | Servicesagp440] : 3 -> 2
Repaired : [HKLM | ServicesBits] : 3 -> 2
Repaired : [HKLM | ServicesEapHost] : 3 -> 2
Repaired : [HKLM | ServicesSharedAccess] : 4 -> 2
Repaired : [HKLM | ServicesWerSvc] : 3 -> 2

¤¤¤¤¤¤¤¤¤¤ | Internet Explorer

Repaired : [HKUS-1-5-21-1447436994-609672689-3196038805-1000SoftwareMicrosoftInternet ExplorerMain]|[Start Page] : http://go.microsoft.com/fwlink/?LinkId=69157” onclick=”window.open(this.href);return false; -> http://www.google.com/” onclick=”window.open(this.href);return false;
Repaired : [HKUS-1-5-21-1447436994-609672689-3196038805-1000SoftwareMicrosoftInternet ExplorerMain]|[Search Page] : http://go.microsoft.com/fwlink/?LinkId=54896” onclick=”window.open(this.href);return false; -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch” onclick=”window.open(this.href);return false;

Browsers settings for Machine : OK

¤

Repaired : [HKUS-1-5-21-1447436994-609672689-3196038805-1000SoftwareMicrosoftWindowsCurrentVersionInternet settings]|[WarnonZoneCrossing] : 0 -> 1

¤¤¤¤¤¤¤¤¤¤ | Hosts

C:WindowsSystem32Driversetchosts : Cleaned

¤¤¤¤¤¤¤¤¤¤ | reparsepoint

¤¤¤¤¤¤¤¤¤¤ | Offsets detection

Possible Ramnit (bad offsets) : C:UsersFathia2AppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE57E9AI1RJtopic4399[1].html : 49443A20343932207C506172656E7449443A20333736293C6272202F3E433A5C57696E646F77735C73797374656D33325C737663686F73742E65786520284944
Possible Ramnit (bad offsets) : C:UsersFathia2AppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE57UOQ3ZQDvirus-cree-des-raccourcis-sur-mes-disques-amovibles-t4720[1].html : 262334313B202D20433A5C57696E646F77735C53797374656D33325C737663686F73742E6578653C6272202F3E5352202D207C204175746F2031342F30372F32

¤¤¤¤¤¤¤¤¤¤ | Files | Folders | Registry

Removed : C:$Recycle.binS-1-5-21-1447436994-609672689-3196038805-1000

Moved to quarantine successfully : C:UsersFathia2AppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE57E9AI1RJtopic4399[1].html
Moved to quarantine successfully : C:UsersFathia2AppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE57UOQ3ZQDvirus-cree-des-raccourcis-sur-mes-disques-amovibles-t4720[1].html

Moved to quarantine successfully : C:Windowsassemblytmp

Prefetch -> Emptied

¤¤¤¤¤¤¤¤¤¤ | Hidden files

~ [Drive E:] : Hidden : 689 | Restored : 689
~ [Program Files] : Hidden : 2 | Restored : 2
~ [Users] : Hidden : 2 | Restored : 2
~ [Documents] : Hidden : 3 | Restored : 3
~ [Searches] : Hidden : 2 | Restored : 2
~ [Windows] : Hidden : 94 | Restored : 94
~ [Start Menu | Programs | Startup] : Hidden : 1 | Restored : 1
~ [AppData] : Hidden : 5 | Restored : 5

¤¤¤¤¤¤¤¤¤¤ | Listing Partition(s)

Disk: 0 Size=153G
Pos MBRndx Type/Name Size Active Hide Start Sector Sectors



—-


—-



0 0 07-NTFS 100M Yes No 2,048 204,800
1 1 07-NTFS 15G No No 206,848 30,515,200

¤¤¤¤¤¤¤¤¤¤

[HKLM | Winlogon] | AutoRestartShell : 0 -> 1

End : 02:09:00

Standby Restored !
¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ – 238