Ecran bleu + redémarage
tristan07
Messages postés
899
Statut
Membre
-
benurrr Messages postés 9766 Statut Contributeur sécurité -
benurrr Messages postés 9766 Statut Contributeur sécurité -
Bonjour,
voila je vous explique le problème mon ordinateur est tout neuf et depuis hier soirn lorsque je veux démaré en mode normal sa me met un ecran bleu avec " windows a rencontrer une erreur" ou un truc du genre je peut avoir accé que au mode sans echec ou sans echec prise en charge reseaux et encore quand il redémare pas s'il vous plait faite quelque chose je vous post un hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:42:19, on 19/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Administrateur\Mes documents\Téléchargements\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [HP BTW Detect Program] C:\Program Files\HP\HPBTWD.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Syncables] C:\Program Files\syncables\syncables desktop\Syncables.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [Unprotector] C:\WINDOWS\TEMP\VRT7.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Recherche AOL Toolbar - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\fr-FR\local\search.html
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4ABEAE13-0D3D-4A7C-99E0-375525437A29}: NameServer = 156.154.70.25,156.154.71.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{7663D9DA-5F36-4288-8C50-C649B6143921}: NameServer = 156.154.70.25,156.154.71.25
O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
O23 - Service: BOTService - Sonic Solutions - C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: fastnetsrv Service (fastnetsrv) - Netopsystems A - C:\WINDOWS\system32\FastNetSrv.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\wdm\STacSV.exe
voila je vous explique le problème mon ordinateur est tout neuf et depuis hier soirn lorsque je veux démaré en mode normal sa me met un ecran bleu avec " windows a rencontrer une erreur" ou un truc du genre je peut avoir accé que au mode sans echec ou sans echec prise en charge reseaux et encore quand il redémare pas s'il vous plait faite quelque chose je vous post un hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:42:19, on 19/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Administrateur\Mes documents\Téléchargements\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [HP BTW Detect Program] C:\Program Files\HP\HPBTWD.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Syncables] C:\Program Files\syncables\syncables desktop\Syncables.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [Unprotector] C:\WINDOWS\TEMP\VRT7.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Recherche AOL Toolbar - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\fr-FR\local\search.html
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4ABEAE13-0D3D-4A7C-99E0-375525437A29}: NameServer = 156.154.70.25,156.154.71.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{7663D9DA-5F36-4288-8C50-C649B6143921}: NameServer = 156.154.70.25,156.154.71.25
O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
O23 - Service: BOTService - Sonic Solutions - C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: fastnetsrv Service (fastnetsrv) - Netopsystems A - C:\WINDOWS\system32\FastNetSrv.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\wdm\STacSV.exe
A voir également:
- Ecran bleu + redémarage
- Supprimer rond bleu whatsapp - Guide
- Double ecran - Guide
- Ecran bleu windows 10 - Guide
- Capture d'écran whatsapp - Accueil - Messagerie instantanée
- Retourner ecran pc - Guide
69 réponses
List'em by g3n-h@ckm@n 1.1.6.0
Thx to Chiquitine29.....& CCM team
User : tristan (Administrateurs) # PC169151546716
Update on 18/12/2009 by g3n-h@ckm@n ::::: 20:30
Start at: 18:57:09 | 19/12/2009
Contact : g3n-h@ckm@n sur CCM
Intel(R) Atom(TM) CPU N270 @ 1.60GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
C:\ -> Disque fixe local | 149,04 Go (135,92 Go free) | NTFS
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe 444
C:\WINDOWS\system32\csrss.exe 732
C:\WINDOWS\system32\winlogon.exe 756
C:\WINDOWS\system32\services.exe 816
C:\WINDOWS\system32\lsass.exe 832
C:\WINDOWS\system32\svchost.exe 984
C:\WINDOWS\system32\svchost.exe 1060
C:\WINDOWS\system32\svchost.exe 1200
C:\WINDOWS\system32\svchost.exe 1228
C:\WINDOWS\system32\svchost.exe 1276
C:\WINDOWS\Explorer.EXE 1860
C:\Program Files\Internet Explorer\iexplore.exe 272
C:\Program Files\Internet Explorer\iexplore.exe 392
C:\WINDOWS\system32\ctfmon.exe 1152
C:\WINDOWS\System32\svchost.exe 1632
C:\WINDOWS\System32\svchost.exe 1640
C:\WINDOWS\System32\svchost.exe 1848
C:\WINDOWS\System32\svchost.exe 1980
C:\WINDOWS\System32\svchost.exe 4696
C:\WINDOWS\system32\svchost.exe 4864
C:\WINDOWS\System32\reader_s.exe 5772
C:\WINDOWS\het7upd.exe 4504
C:\Program Files\Internet Explorer\iexplore.exe 4600
C:\Program Files\List_Kill'em\List_Kill'em.exe 5012
C:\WINDOWS\system32\cmd.exe 1360
C:\WINDOWS\system32\wbem\wmiprvse.exe 724
C:\Documents and Settings\tristan\Local Settings\Temp\1D.tmp\pv.exe 6140
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
reader_s REG_SZ C:\Documents and Settings\tristan\reader_s.exe
userini REG_SZ C:\WINDOWS\system32\userini.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
IgfxTray REG_SZ C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds REG_SZ C:\WINDOWS\system32\hkcmd.exe
Persistence REG_SZ C:\WINDOWS\system32\igfxpers.exe
SysTrayApp REG_EXPAND_SZ %ProgramFiles%\IDT\WDM\sttray.exe
AESTFltr REG_EXPAND_SZ %SystemRoot%\system32\AESTFltr.exe /NoDlg
SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Syncables REG_SZ C:\Program Files\syncables\syncables desktop\Syncables.exe
hpWirelessAssistant REG_SZ C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
KernelFaultCheck REG_EXPAND_SZ %systemroot%\system32\dumprep 0 -k
Malwarebytes Anti-Malware (reboot) REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
reader_s REG_SZ C:\WINDOWS\System32\reader_s.exe
Microsoft Driver Setup REG_SZ C:\WINDOWS\het7upd.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 145 (0x91)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 1 (0x1)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Fichiers communs\AOL\Loader\aolload.exe REG_SZ C:\Program Files\Fichiers communs\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe REG_SZ C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe:*:Disabled:Java(TM) Platform SE binary
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Shareaza\Shareaza.exe REG_SZ C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza
\??\C:\WINDOWS\system32\winlogon.exe REG_SZ \??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\AVG\AVG9\avgemc.exe REG_SZ C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
===============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0EEDB912-C5FA-486F-8334-57288578C627}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.fr/?gws_rd=ssl
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3
EapHost : 0x3
SharedAccess : 0x2
wuauserv : 0x2
=========
=======
Drive :
=======
D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
149 Go total, 136 Go libre (91%), 10% fragment‚ (fragmentation du fichier 20%)
Il ne vous est pas n‚cessaire de d‚fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
C:\WINDOWS\logfile32.txt
C:\WINDOWS\System32\5.tmp
C:\WINDOWS\System32\6.tmp
C:\WINDOWS\System32\7.tmp
C:\WINDOWS\System32\8.tmp
C:\WINDOWS\System32\9.tmp
C:\WINDOWS\System32\A.tmp
C:\WINDOWS\System32\B.tmp
C:\WINDOWS\System32\C.tmp
C:\WINDOWS\System32\D.tmp
C:\WINDOWS\System32\E.tmp
C:\WINDOWS\System32\F.tmp
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\System32\SET22.tmp
C:\WINDOWS\System32\SET26.tmp
C:\WINDOWS\System32\SET39.tmp
C:\WINDOWS\System32\SET3A.tmp
C:\WINDOWS\System32\SET3C.tmp
C:\WINDOWS\System32\SET3D.tmp
C:\WINDOWS\System32\SET3E.tmp
C:\WINDOWS\System32\SET41.tmp
C:\WINDOWS\System32\SET43.tmp
C:\WINDOWS\System32\SET69.tmp
C:\WINDOWS\System32\SET6A.tmp
C:\WINDOWS\System32\SET71.tmp
C:\WINDOWS\System32\SET72.tmp
C:\WINDOWS\System32\SETAC.tmp
C:\Documents and Settings\tristan\LOCAL Settings\Temp\BullGuard-8.7.exe
C:\Documents and Settings\tristan\LOCAL Settings\Temp\FP_PL_PFS_INSTALLER.exe
C:\Documents and Settings\tristan\LOCAL Settings\Temp\jre-6u17-windows-i586-iftw-rv.exe
C:\Documents and Settings\tristan\LOCAL Settings\Temp\Spyware-Doctor-2010-7.0.0.508.exe
C:\Documents and Settings\tristan\LOCAL Settings\Temp\tmp2A.tmp
C:\Documents and Settings\tristan\LOCAL Settings\Temp\tmpF5.tmp
C:\Documents and Settings\tristan\reader_s.exe
¤¤¤¤¤¤¤¤¤¤ Keys :
HKLM\Software\Microsoft\Windows\CurrentVersion\Run "Microsoft Driver Setup"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
HKLM\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}
================
Other infections
================
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-19 19:01:17
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x012A14C00
malicious code @ sector 0x012A14C03 !
PE file found in sector at 0x012A14C19 !
==========
Programs
==========
Adobe
Apple Software Update
AVG
Broadcom
Capturino V2
CCleaner
ComPlus Applications
Defraggler
Fichiers communs
GRISOFT
Hewlett-Packard
HP
HPQ
IDT
InstallShield Installation Information
Intel
Internet Explorer
IZArc
Java
JRE
List_Kill'em
Malwarebytes' Anti-Malware
Messenger
Messenger Plus! Live
Microsoft
microsoft frontpage
Microsoft Office
Microsoft Silverlight
Microsoft Works
Movie Maker
Mozilla Firefox
MSBuild
MSN
MSN Gaming Zone
MSXML 6.0
NetMeeting
NOS
Online Services
OpenOffice.org 3
Outlook Express
QuickTime
Realtek
Reference Assemblies
Roxio
Services en ligne
Shareaza
Styler
Synaptics
syncables
Uninstall Information
Viewpoint
VS Revo Group
WIDCOMM
Winamp
Windows Live
Windows Live SkyDrive
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
xerox
============
Lecteur C:
============
$AVG
3ae074c5ccb99dbb356a52
autorun.inf
Avenger
Boot
boot.ini
Boot.sdi
Bootfont.bin
BootFRA.wim
bootmgr
Documents and Settings
hp
I386
IO.SYS
IPH.PH
Kill'em
List'em.txt
MSDOS.SYS
ntdetect.com
ntldr
pagefile.sys
Program Files
Qoobox
RECYCLER
SWSetup
System Rollback Data
System Volume Information
SYSTEM.SAV
UsbFix
UsbFix.txt
WINDOWS
¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials
C:\Program Files\Microsoft Works\Install.exe
C:\System Rollback Data\Restore\Current\30296\80\Attrib\Program Files\Microsoft Works\Install.exe
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Thx to Chiquitine29.....& CCM team
User : tristan (Administrateurs) # PC169151546716
Update on 18/12/2009 by g3n-h@ckm@n ::::: 20:30
Start at: 18:57:09 | 19/12/2009
Contact : g3n-h@ckm@n sur CCM
Intel(R) Atom(TM) CPU N270 @ 1.60GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
C:\ -> Disque fixe local | 149,04 Go (135,92 Go free) | NTFS
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe 444
C:\WINDOWS\system32\csrss.exe 732
C:\WINDOWS\system32\winlogon.exe 756
C:\WINDOWS\system32\services.exe 816
C:\WINDOWS\system32\lsass.exe 832
C:\WINDOWS\system32\svchost.exe 984
C:\WINDOWS\system32\svchost.exe 1060
C:\WINDOWS\system32\svchost.exe 1200
C:\WINDOWS\system32\svchost.exe 1228
C:\WINDOWS\system32\svchost.exe 1276
C:\WINDOWS\Explorer.EXE 1860
C:\Program Files\Internet Explorer\iexplore.exe 272
C:\Program Files\Internet Explorer\iexplore.exe 392
C:\WINDOWS\system32\ctfmon.exe 1152
C:\WINDOWS\System32\svchost.exe 1632
C:\WINDOWS\System32\svchost.exe 1640
C:\WINDOWS\System32\svchost.exe 1848
C:\WINDOWS\System32\svchost.exe 1980
C:\WINDOWS\System32\svchost.exe 4696
C:\WINDOWS\system32\svchost.exe 4864
C:\WINDOWS\System32\reader_s.exe 5772
C:\WINDOWS\het7upd.exe 4504
C:\Program Files\Internet Explorer\iexplore.exe 4600
C:\Program Files\List_Kill'em\List_Kill'em.exe 5012
C:\WINDOWS\system32\cmd.exe 1360
C:\WINDOWS\system32\wbem\wmiprvse.exe 724
C:\Documents and Settings\tristan\Local Settings\Temp\1D.tmp\pv.exe 6140
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
reader_s REG_SZ C:\Documents and Settings\tristan\reader_s.exe
userini REG_SZ C:\WINDOWS\system32\userini.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
IgfxTray REG_SZ C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds REG_SZ C:\WINDOWS\system32\hkcmd.exe
Persistence REG_SZ C:\WINDOWS\system32\igfxpers.exe
SysTrayApp REG_EXPAND_SZ %ProgramFiles%\IDT\WDM\sttray.exe
AESTFltr REG_EXPAND_SZ %SystemRoot%\system32\AESTFltr.exe /NoDlg
SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Syncables REG_SZ C:\Program Files\syncables\syncables desktop\Syncables.exe
hpWirelessAssistant REG_SZ C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
KernelFaultCheck REG_EXPAND_SZ %systemroot%\system32\dumprep 0 -k
Malwarebytes Anti-Malware (reboot) REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
reader_s REG_SZ C:\WINDOWS\System32\reader_s.exe
Microsoft Driver Setup REG_SZ C:\WINDOWS\het7upd.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 145 (0x91)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 1 (0x1)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Fichiers communs\AOL\Loader\aolload.exe REG_SZ C:\Program Files\Fichiers communs\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe REG_SZ C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe:*:Disabled:Java(TM) Platform SE binary
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Shareaza\Shareaza.exe REG_SZ C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza
\??\C:\WINDOWS\system32\winlogon.exe REG_SZ \??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\AVG\AVG9\avgemc.exe REG_SZ C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
===============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0EEDB912-C5FA-486F-8334-57288578C627}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.fr/?gws_rd=ssl
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3
EapHost : 0x3
SharedAccess : 0x2
wuauserv : 0x2
=========
=======
Drive :
=======
D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
149 Go total, 136 Go libre (91%), 10% fragment‚ (fragmentation du fichier 20%)
Il ne vous est pas n‚cessaire de d‚fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
C:\WINDOWS\logfile32.txt
C:\WINDOWS\System32\5.tmp
C:\WINDOWS\System32\6.tmp
C:\WINDOWS\System32\7.tmp
C:\WINDOWS\System32\8.tmp
C:\WINDOWS\System32\9.tmp
C:\WINDOWS\System32\A.tmp
C:\WINDOWS\System32\B.tmp
C:\WINDOWS\System32\C.tmp
C:\WINDOWS\System32\D.tmp
C:\WINDOWS\System32\E.tmp
C:\WINDOWS\System32\F.tmp
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\System32\SET22.tmp
C:\WINDOWS\System32\SET26.tmp
C:\WINDOWS\System32\SET39.tmp
C:\WINDOWS\System32\SET3A.tmp
C:\WINDOWS\System32\SET3C.tmp
C:\WINDOWS\System32\SET3D.tmp
C:\WINDOWS\System32\SET3E.tmp
C:\WINDOWS\System32\SET41.tmp
C:\WINDOWS\System32\SET43.tmp
C:\WINDOWS\System32\SET69.tmp
C:\WINDOWS\System32\SET6A.tmp
C:\WINDOWS\System32\SET71.tmp
C:\WINDOWS\System32\SET72.tmp
C:\WINDOWS\System32\SETAC.tmp
C:\Documents and Settings\tristan\LOCAL Settings\Temp\BullGuard-8.7.exe
C:\Documents and Settings\tristan\LOCAL Settings\Temp\FP_PL_PFS_INSTALLER.exe
C:\Documents and Settings\tristan\LOCAL Settings\Temp\jre-6u17-windows-i586-iftw-rv.exe
C:\Documents and Settings\tristan\LOCAL Settings\Temp\Spyware-Doctor-2010-7.0.0.508.exe
C:\Documents and Settings\tristan\LOCAL Settings\Temp\tmp2A.tmp
C:\Documents and Settings\tristan\LOCAL Settings\Temp\tmpF5.tmp
C:\Documents and Settings\tristan\reader_s.exe
¤¤¤¤¤¤¤¤¤¤ Keys :
HKLM\Software\Microsoft\Windows\CurrentVersion\Run "Microsoft Driver Setup"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
HKLM\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}
================
Other infections
================
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-19 19:01:17
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x012A14C00
malicious code @ sector 0x012A14C03 !
PE file found in sector at 0x012A14C19 !
==========
Programs
==========
Adobe
Apple Software Update
AVG
Broadcom
Capturino V2
CCleaner
ComPlus Applications
Defraggler
Fichiers communs
GRISOFT
Hewlett-Packard
HP
HPQ
IDT
InstallShield Installation Information
Intel
Internet Explorer
IZArc
Java
JRE
List_Kill'em
Malwarebytes' Anti-Malware
Messenger
Messenger Plus! Live
Microsoft
microsoft frontpage
Microsoft Office
Microsoft Silverlight
Microsoft Works
Movie Maker
Mozilla Firefox
MSBuild
MSN
MSN Gaming Zone
MSXML 6.0
NetMeeting
NOS
Online Services
OpenOffice.org 3
Outlook Express
QuickTime
Realtek
Reference Assemblies
Roxio
Services en ligne
Shareaza
Styler
Synaptics
syncables
Uninstall Information
Viewpoint
VS Revo Group
WIDCOMM
Winamp
Windows Live
Windows Live SkyDrive
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
xerox
============
Lecteur C:
============
$AVG
3ae074c5ccb99dbb356a52
autorun.inf
Avenger
Boot
boot.ini
Boot.sdi
Bootfont.bin
BootFRA.wim
bootmgr
Documents and Settings
hp
I386
IO.SYS
IPH.PH
Kill'em
List'em.txt
MSDOS.SYS
ntdetect.com
ntldr
pagefile.sys
Program Files
Qoobox
RECYCLER
SWSetup
System Rollback Data
System Volume Information
SYSTEM.SAV
UsbFix
UsbFix.txt
WINDOWS
¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials
C:\Program Files\Microsoft Works\Install.exe
C:\System Rollback Data\Restore\Current\30296\80\Attrib\Program Files\Microsoft Works\Install.exe
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
re pour le moment il refuse catégoriquement de s'allumer donc j'atend qu'il veuille bien si non sa va etre vite vu >>>> formatage <<<<<<<
bon ben la solutuion va etre le formatage j'ai commander une clé usb sur internet je vais mettre avec un logiciel exprés les donner du cd sur la clé et formatage pas le choix par contre je vouslais vous demander les drivers de wifi il s'installe automatiquement ou faux les réinstaller ?
compaq c'est le mini 110 merci toi aussi enfin déja le début de l'année et sa commence vraiment mal ..
ouais j'ai un deuxieme pc vu que je te parle avec ^_^ j'ai esseyer l'antivirus bootable mais je savais pas trop coment on fesait :s tu peut m'aider ?
télécharge içi l'antivirus bootable d'antivir
https://www.avira.com
Il te suffit de double-cliquer sur le programme d'installation pour le graver sur un CD / DVD.
et pour le lancer boot sur lecteur cd ou dvd au démarrage
https://www.avira.com
Il te suffit de double-cliquer sur le programme d'installation pour le graver sur un CD / DVD.
et pour le lancer boot sur lecteur cd ou dvd au démarrage
meme pas un lecteur externe dommage
regarde cette astuce si sa peut t'aider
https://www.commentcamarche.net/faq/19681-restaurer-un-netbook-asus-a-son-etat-d-origine
regarde cette astuce si sa peut t'aider
https://www.commentcamarche.net/faq/19681-restaurer-un-netbook-asus-a-son-etat-d-origine
euu alors moi pour le bios j'ai f10 pas f2 et c'est pas un eeePC c un compaq mini 110 j'ai pas de boot booster moi et en fesant f9 sa me met sur quel disc dur je veux booter
