spirson
Participant
Nombre d'articles : 24

Voilà il m’a redémarré mon pc à la fin du scan et au redémarrage dans le C:/ j’ai eu ceci :

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | Saachaa | 3.1201.3 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

~ ¤¤¤¤¤ XP | Vista | 7 | 8 – 32/64 bits ¤¤¤¤¤ – Start 23:59:34

~ Update on 01/12/2013 | 22.40 by g3n-h@ckm@n
~ Evolution : http://security-helpzone.com/gen-hackman/pre_scan-2/changelog/2013-2/ » onclick= »window.open(this.href);return false;
~ Pre_Script Infos : http://security-helpzone.com/gen-hackman/pre_scan-2/les-switchs-pre_script/ » onclick= »window.open(this.href);return false;
~ Pre_scan Feedbacks : http://security-helpzone.com/gen-hackman/pre_scan-2/retours-bugs/ » onclick= »window.open(this.href);return false;

~ [Sylvie Eee PC (Administrator)] – [SYLVIEEEEPC-PC]
~ SID = S-1-5-21-3308946461-2212978058-1987145825-1000

~ System : Windows 7 Ultimate (32 bits) Ultimate Service Pack 1
~ TotalValidations : 1
~ ProcessorNameString : AMD E-350 Processor
~ Identifier : x86 Family 20 Model 1 Stepping 0

~ Memory RAM = Total (MB) : 2732 | Free (MB) : 2025
~ Pagefile = Total (MB) : 5463 | Free (MB) : 4646
~ Virtual = Total (MB) : 2097 | Free (MB) : 1954

¤¤¤¤¤¤¤¤¤¤ | Boot’s scripts

C:WindowsSetupScripts

¤¤¤¤¤¤¤¤¤¤ | Drives

c:-> [Fixed] | [] | Total : 476940 Mo | Free : 414580 Mo -> NTFS

¤¤¤¤¤¤¤¤¤¤ | Windows Updates

Last(s) détection(s) : 2013-12-01 22:11:43
Last(s) download(s) : 2013-11-30 10:58:56
Last(s) installation(s) : 2013-11-30 11:00:30
Next search : 2013-12-02 19:43:22

¤¤¤¤¤¤¤¤¤¤ | Sessions

~ C:Windowssystem32configsystemprofile
~ C:WindowsServiceProfilesLocalService
~ C:WindowsServiceProfilesNetworkService
~ C:UsersSylvie Eee PC

New restorepoint created : To restore the registry : C:Pre_ScanSaveScanERDNT.exe

Standby deleted !

¤¤¤¤¤¤¤¤¤¤ | stopped Processes

(896) — atiesrxx.exe
(1308) — atieclxx.exe
(1432) — wlanext.exe
(1780) — explorer.exe
(1908) — spoolsv.exe
(1988) — taskhost.exe
(1612) — Fuel.Service.exe
(1640) — AsusService.exe
(2116) — mbamscheduler.exe
(2268) — integratedoffice.exe
(2320) — mbamgui.exe
(2484) — RtHDVCpl.exe
(2580) — HotKeyMon.exe
(2700) — MOM.exe
(2716) — HotkeyService.exe
(2728) — CapsHook.exe
(3236) — SkyDrive.exe
(3432) — SearchIndexer.exe
(2372) — wmpnetwk.exe
(2312) — CCC.exe
(948) — Skype.exe
(5432) — CSISYNCCLIENT.EXE
(3900) — PresentationFontCache.exe
(4204) — firefox.exe
(1696) — plugin-container.exe
(5872) — FlashPlayerPlugin_11_9_900_152.exe
(5612) — FlashPlayerPlugin_11_9_900_152.exe
(4536) — SearchProtocolHost.exe
(1704) — SearchFilterHost.exe

Boot : Normal

¤¤¤¤¤¤¤¤¤¤ | Winlogon User : OK !

¤¤¤¤¤¤¤¤¤¤ | Winlogon Machine : OK !

¤¤¤¤¤¤¤¤¤¤ | Associations

Repaired : [HKCRFoldershellopencommand] : %SystemRoot%Explorer.exe -> C:WindowsExplorer.exe

¤

Repaired : [HKLMSoftwareClientsStartMenuInternetIExplore.exeshellopencommand] : C:Program FilesInternet Exploreriexplore.exe -> « C:Program FilesInternet Exploreriexplore.exe »

¤¤¤¤¤¤¤¤¤¤ | Registry

Repaired : [HKLMsoftwareMicrosoftWindowsCurrentVersionExplorerHideDesktopIconsNewStartPanel]|[{9343812e-1c37-4a49-a12e-4b2d810d956b}] : 1 -> 0
Repaired : [HKLMsoftwareMicrosoftWindowsCurrentVersionExplorerHideDesktopIconsNewStartPanel]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0
Repaired : [HKLMsoftwareMicrosoftWindowsCurrentVersionExplorerHideDesktopIconsNewStartPanel]|[{20D04FE0-3AEA-1069-A2D8-08002B30309D}] : 1 -> 0
Repaired : [HKLMsoftwareMicrosoftWindowsCurrentVersionExplorerHideDesktopIconsNewStartPanel]|[{208D2C60-3AEA-1069-A2D7-08002B30309D}] : 1 -> 0
Repaired : [HKLMsoftwareMicrosoftWindowsCurrentVersionExplorerHideDesktopIconsNewStartPanel]|[{871C5380-42A0-1069-A2EA-08002B30309D}] : 1 -> 0
Repaired : [HKLMsoftwareMicrosoftWindowsCurrentVersionExplorerHideDesktopIconsNewStartPanel]|[{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}] : 1 -> 0
Repaired : [HKLMsoftwareMicrosoftWindowsCurrentVersionExplorerHideDesktopIconsNewStartPanel]|[{59031a47-3f72-44a7-89c5-5595fe6b30ee}] : 1 -> 0
Repaired : [HKLMsoftwareMicrosoftWindowsCurrentVersionpoliciesExplorer]|[NoDriveTypeAutoRun] : 0 -> 145
Repaired : [HKUS-1-5-21-3308946461-2212978058-1987145825-1000softwareMicrosoftWindowsCurrentVersionPoliciesExplorer]|[NoDriveTypeAutoRun] : 0 -> 145

¤¤¤¤¤¤¤¤¤¤ | Taskmgr and Registry Access

¤¤¤¤¤¤¤¤¤¤ | SafeBoot | Control | Repair

Safeboot Keys are O.K

Alternate shell is OK !

¤

Safeboot Minimal Subkeys : O.K !

¤

Safeboot Network Subkeys : O.K !

¤¤¤¤¤¤¤¤¤¤ | IFEO

¤¤¤¤¤¤¤¤¤¤ | Mountpoints2

¤¤¤¤¤¤¤¤¤¤ | Windows

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIniFileMappingAutorun.inf]|[] : @SYS:DoesNotExist
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIniFileMappingsystem.iniBoot]|[Shell] : SYS:MicrosoftWindows NTCurrentVersionWinlogon
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIniFileMappingwin.ini]|[winlogon] : SYS:MicrosoftWindows NTCurrentVersionWinlogon

Winsrv : OK !

[HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows]|[AppInit_DLLS] :
[HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows]|[LoadAppInit_DLLs] : 0

[HKCUSOFTWAREMicrosoftWindows NTCurrentVersionWindows]|[Programs] : com exe bat pif cmd

¤¤¤¤¤¤¤¤¤¤ | Security Center

¤¤¤¤¤¤¤¤¤¤ | Services Corrections

Repaired : [HKLM | ServicesIKEEXT] : 3 -> 2
Repaired : [HKLM | Servicesagp440] : 3 -> 2
Repaired : [HKLM | ServicesEapHost] : 3 -> 2
Repaired : [HKLM | ServicesSharedAccess] : 4 -> 2
Repaired : [HKLM | Serviceswudfsvc] : 3 -> 2
Repaired : [HKLM | ServicesWerSvc] : 3 -> 2

¤¤¤¤¤¤¤¤¤¤ | Internet Explorer

Repaired : [HKUS-1-5-21-3308946461-2212978058-1987145825-1000SoftwareMicrosoftInternet ExplorerMain]|[Start Page] : https://www.google.be/ » onclick= »window.open(this.href);return false; -> http://www.google.com/ » onclick= »window.open(this.href);return false;
Repaired : [HKUS-1-5-21-3308946461-2212978058-1987145825-1000SoftwareMicrosoftInternet ExplorerMain]|[Search Page] : http://go.microsoft.com/fwlink/?LinkId=54896 » onclick= »window.open(this.href);return false; -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch » onclick= »window.open(this.href);return false;
Repaired : [HKLMSoftwareMicrosoftInternet ExplorerMain]|[Start Page] : http://go.microsoft.com/fwlink/p/?LinkId=255141 » onclick= »window.open(this.href);return false; -> http://go.microsoft.com/fwlink/?LinkId=69157 » onclick= »window.open(this.href);return false;
Repaired : [HKLMSoftwareMicrosoftInternet ExplorerMain]|[Default_Page_URL] : http://go.microsoft.com/fwlink/p/?LinkId=255141 » onclick= »window.open(this.href);return false; -> http://go.microsoft.com/fwlink/?LinkId=69157 » onclick= »window.open(this.href);return false;

¤

Repaired : [HKUS-1-5-21-3308946461-2212978058-1987145825-1000SoftwareMicrosoftWindowsCurrentVersionInternet settings]|[WarnonZoneCrossing] : 0 -> 1

¤¤¤¤¤¤¤¤¤¤ | Hosts

C:WindowsSystem32Driversetchosts : Cleaned

¤¤¤¤¤¤¤¤¤¤ | reparsepoint

¤¤¤¤¤¤¤¤¤¤ | Offsets detection

Possible Ramnit (bad offsets) : C:ProgramDataMicrosoftWindowsPower Efficiency Diagnosticsenergy-report.html : 5C737663686F73742E6578653C2F74643E0D0D0A3C2F74723E0D0D0A3C2F7461626C653E3C7370616E3E3C2F7370616E3E3C2F6469763E0D0D0A3C2F6469763E

¤¤¤¤¤¤¤¤¤¤ | Files | Folders | Registry

Removed : C:$Recycle.binS-1-5-21-3308946461-2212978058-1987145825-1000

Deleted : [HKCRCLSID{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}]
Moved to quarantine successfully : C:ProgramDataMicrosoftWindowsPower Efficiency Diagnosticsenergy-report.html
Deleted : HKLMSoftwareMicrosoftWindowsCurrentVersionRun : QuickTime Task

Moved to quarantine successfully : C:UsersSylvie Eee PCAppDataRoamingavg_tuht_stf_all_2014_204.exe
Moved to quarantine successfully : C:UsersSylvie Eee PCAppDataRoamingAVG PC Tuneup 2014 14.0.1001.204 Final incl Crack.exe
Moved to quarantine successfully : C:Windowsassemblytmp

Prefetch -> Emptied

Suspect : C:UsersSylvie Eee PCAppDataRoamingCmapTools.cmaptools.lock
Suspect : C:UsersSylvie Eee PCAppDataLocalMobogeniemobo.uuid
Suspect : C:UsersSylvie Eee PCAppDataLocalMobogenieSource.mu
Suspect : C:UsersSylvie Eee PCAppDataLocalAkamaiextraroot.pem
Suspect : C:UsersSylvie Eee PCAppDataLocalAkamairoot.pem
Suspect : C:WindowsMEMORY.DMP

¤¤¤¤¤¤¤¤¤¤ | Hidden files

~ [Drive C:] : Hidden : 2 | Restored : 2
~ [Program Files] : Hidden : 5 | Restored : 5
~ [Users] : Hidden : 2 | Restored : 2
~ [Documents] : Hidden : 3 | Restored : 3
~ [Desktop] : Hidden : 70 | Restored : 70
~ [Searches] : Hidden : 2 | Restored : 2
~ [Windows] : Hidden : 90 | Restored : 90
~ [Start Menu | Programs | Startup] : Hidden : 1 | Restored : 1
~ [Libraries] : Hidden : 33 | Restored : 33

¤¤¤¤¤¤¤¤¤¤ | Listing Partition(s)

Disk: 0 Size=477G
Pos MBRndx Type/Name Size Active Hide Start Sector Sectors



—-


—-



0 0 42-LDM 0M No No 63 1,985
1 1 42-LDM 477G Yes No 2,048 976,766,976
2 2 42-LDM 1M No No 976,769,024 2,096

¤¤¤¤¤¤¤¤¤¤

[HKLM | Winlogon] | AutoRestartShell : 0 -> 1

End : 00:30:28

Standby Restored !
¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ – 246