Sujet Précédent Sujet Suivant

Windows Xp se lance mais pas Windows 7

Fermé
Lidjohn38 Messages postés 3 Date d'inscription samedi 25 mai 2013 Statut Membre Dernière intervention 26 mai 2013 - 25 mai 2013 à 23:21
Lidjohn38 Messages postés 3 Date d'inscription samedi 25 mai 2013 Statut Membre Dernière intervention 26 mai 2013 - 26 mai 2013 à 16:23
Bonjour à tous, depuis que j'ai redémarrer mon PC j'ai un gros soucis avec mon windows 7 quand je boot dessus il n'y a aucun interface graphique, impossible de ctrl alt sup cela m'afficher un ecran noir, je ne peux strictement rien faire, en mode sans echec il se lance.

Je pense être infecter malheuresement et j'aurais besoin d'aide car je n'arrive pas à m'en sortir malgrès mes démarches :/


j'ai fais un scan AdwCleaner > suppression et j'ai lancer un scan ZHPDiag :

Rapport de ZHPDiag v2013.5.25.152 par Nicolas Coolman, Update du 25/05/2013
Run by John at 25/05/2013 23:03:04
WebSite: https://nicolascoolman.webs.com/
State : Version à jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Not Found


---\\ Web Browser
MSIE: Internet Explorer v6.0.2900.2180
GCIE: Google Chrome v27.0.1453.94 (Defaut)

---\\ Windows Product Information
~ Langage: Français
Windows XP Professional Service Pack 2 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO

---\\ System Protection
Spybot - Search & Destroy v1.6.2

---\\ System Optimizer
CCleaner v3.27 =>Piriform Ltd

---\\ Peer To Peer (P2P)

---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.3 - Français
Java 7 Update 17

---\\ System Information
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3007 MB (75% free)
System Restore: Activé (Enable)
System drive C: has 25 GB (51%) free of 49 GB

---\\ Logged in mode
~ Computer Name: JOHN-V5DQB7PJLZ
~ User Name: John
~ All Users Names: SUPPORT_388945a0, John, HelpAssistant, ASPNET, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Documents and Settings\John\Application Data\
~ %Desktop% : C:\Documents and Settings\John\Bureau\
~ %Favorites% : C:\Documents and Settings\John\Favoris\
~ %LocalAppData% : C:\Documents and Settings\John\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\John\Menu Démarrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ DOS/Devices
A:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
C:\ Hard drive, Flash drive, Thumb drive (Free 25 Go of 49 Go)
D:\ CD-ROM drive (Free 0 Go of 4 Go)
E:\ Hard drive, Flash drive, Thumb drive (Free 138 Go of 249 Go)
F:\ CD-ROM drive (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: Modified
~ Security Center: 32 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.C2E06CB7CFB5DBD8767DDD5E2E18CF71] - (.Microsoft Corporation - Explorateur Windows.) (.19/08/2004 - 16:09:54.) -- C:\WINDOWS\Explorer.exe [978432]
[MD5.723ECE72C35ED65D1758068B17B76D7C] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.16/04/2010 - 16:36:40.) -- C:\WINDOWS\system32\wininet.dll [666112]
[MD5.123EEA158F74D0F67A51DCDF065D1091] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.19/08/2004 - 16:10:06.) -- C:\WINDOWS\system32\Winlogon.exe [506368]
[MD5.55E6E1C51B6D30E54335750955453702] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/08/2008 - 10:51:43.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138368]
[MD5.CDFE4411A69C224BD1D11B2DA92DAC51] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.03/08/2004 - 22:59:44.) -- C:\WINDOWS\system32\Drivers\atapi.sys [95360]
[MD5.CD7D5152DF32B47F4E36F710B35AAE02] - (.Microsoft Corporation - CD-ROM File System Driver.) (.03/08/2004 - 23:14:12.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.AF9C19B3100FE010496B1A27181FBF72] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.03/08/2004 - 22:59:54.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [49536]
[MD5.8B121FF880683607AB2AEF0340721718] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.07/10/2003 - 01:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [35072]
[MD5.CBC3DEF409549672B915FB9403D63F74] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.27/10/2004 - 15:21:36.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [138240]
[MD5.D1EFCBD693B5BA21314D06368C471070] - (.Microsoft Corporation - Pilote de port i8042.) (.19/08/2004 - 15:56:40.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54400]
[MD5.F8AA320C6A0409C0380E5D8A99D76EC6] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.03/08/2004 - 23:00:16.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [41856]
[MD5.B5A8E215AC29D24D60B4D1250EF05ACE] - (.Microsoft Corporation - IP Network Address Translator.) (.03/08/2004 - 23:04:52.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [134912]
[MD5.64537AA5C003A6AFEEE1DF819062D0D1] - (.Microsoft Corporation - IPSec Driver.) (.03/08/2004 - 23:14:30.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [74752]
[MD5.FB6C89BB3CE282B08BDB1E3C179E1C39] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.24/02/2010 - 13:31:30.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [454016]
[MD5.0C80E410CD2F47134407EE7DD19CC86B] - (.Microsoft Corporation - MBT Transport driver.) (.03/08/2004 - 23:14:38.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.B78BE402C3F63DD55521F73876951CDD] - (.Microsoft Corporation - NT File System Driver.) (.03/08/2004 - 23:15:10.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574592]
[MD5.318696359AC7DF48D1E51974EC527DD2] - (.Microsoft Corporation - Pilote de port parallèle.) (.19/08/2004 - 15:51:44.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.98FAEB4A4DCF812BA1C6FCA4AA3E115C] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.03/08/2004 - 23:14:24.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.A2CAE2C60BC37E0751EF9DDA7CEAF4AD] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.03/08/2004 - 23:01:16.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196864]
[MD5.2CC30B68DD62B73D444A41322CD7FC4C] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.19/08/2004 - 15:54:52.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58496]
[MD5.313B1A0D5DB26DFE1C34A6C13B2CE0A7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.19/08/2004 - 15:59:14.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/17
~ Mes musiques (My Musics) : 0/0
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 1/365
~ Mon Bureau (My Desktop) : 1/45
~ Menu demarrer (Programs) : 1/58
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.B359821835CB8A00F48AEDBF40A50C19] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe [643072] [PID.944]
[MD5.3DEBBECF665DCDDE3A95D9B902010817] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55144] [PID.1740]
[MD5.4B8276E4A943D0828DAB352117D3A8AA] - (.Microsoft Corporation - Installation de Windows Genuine Advantage N.) -- C:\WINDOWS\system32\KB905474\wgasetup.exe [454024] [PID.2004]
[MD5.999DB5F88C8E145CCA9D471E33227143] - (.Oracle Corporation - Java(TM) Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [170912] [PID.408]
[MD5.E5C796B621F6FBA8616511063D7F0FFE] - (.StarWind Software - StarWind iSCSI Target (Alcohol Edition).) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688] [PID.576]
[MD5.62BB79160F86CD962F312C68C6239BFD] - (.Microsoft Corporation - Windows Update.) -- C:\WINDOWS\system32\wuauclt.exe [53472] [PID.1244]
[MD5.F3A1F9033DB76B82F1AB41002E61E6E8] - (.Analog Devices, Inc. - SMax4PNP.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe [1036288] [PID.652]
[MD5.FD440D4694E04004F83FBB5920DBB3A2] - (.Analog Devices, Inc. - Audio Control Panel.) -- C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [864256] [PID.512]
[MD5.7636713B4F0944045AB4AF7CED5245AB] - (.Pas de propriétaire - DivX Update.) -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1230704] [PID.276]
[MD5.EB38E8A5805D0D15E9545C2A471F0763] - (.Razer USA Ltd. - razerhid MFC Application.) -- C:\Program Files\Razer\Arctosa\razerhid.exe [147456] [PID.2108]
[MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [252848] [PID.2184]
[MD5.E7704CBF568815C1CAA6E513387BD3F2] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [65536] [PID.2404]
[MD5.CCE5D71F19AB70D969F9819B5C88438D] - (.ATI Technologies Inc. - Catalyst Control Center: Host application.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe [65536] [PID.2668]
[MD5.51C392EC9DA1119EC86D562FF3E7344F] - (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe [825808] [PID.3428]
[MD5.F72DD84DD69DF001CF4D1B909685A136] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7402496] [PID.2812]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [dffhljlmcohcioeilbnpmbchdcbhifdh] WiseConvert 1.5 v.2.3.16.7 (Désactivé) =>Toolbar.Conduit
G2 - GCE: Preference [User Data\Default] [dhkplhfnhceodhffomolpfigojocbpcb] Babylon Toolbar v.1.8 (Désactivé) =>Toolbar.Babylon
G2 - GCE: Preference [User Data\Default] [jmfkcklnlgedgbglfkkgedjfmejoahla] AVG Safe Search v.10.0.0.1409 (Désactivé)
G2 - GCE: Preference [User Data\Default] [ndibdjnfmopecpmkdieinmbadjfpblof] AVG Secure Search v.12.2.5.32 (Désactivé) =>Toolbar.AVGSearch
~ Google Browser: 11 Legitimates Filtered in 00mn 06s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - 1.7.0069.3.) -- C:\Program Files\Mozilla Firefox\Plugins\npLegitCheckPlugin.dll
P2 - FPN: [HKLM] [@pandonetworks.com/PandoWebPlugin] - (...) -- C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (.not file.)
P2 - FPN: [HKLM] [yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1] - (...) -- C:\Program Files\Yahoo!\Common\npyaxmpb.dll (.not file.)
P2 - FPN: [HKCU] [pandonetworks.com/PandoWebPlugin] - (...) -- C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (.not file.)
~ Firefox Browser: 29 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (...) (No version) -- (.not file.)
~ IE Browser: 9 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 03s
~ Nombre de lignes (Lines number): 15304



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: &Windows Live Toolbar - [HKLM]{21FA44EF-376D-4D53-9B0F-8A89D3229068} . (.Microsoft Corporation - Windows Live Toolbar Core.) -- C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - [HKLM]{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Clé orpheline
O3 - Toolbar: (no name) - [HKCU]{1E796980-9CC5-11D1-A83F-00C04FC99D61} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [36X Raid Configurer] . (.JMicron Technology Corp. - JMicron JMB36X RAID Configurer.) -- C:\WINDOWS\system32\xRaidSetup.exe
O4 - HKLM\..\Run: [SoundMAXPnP] . (.Analog Devices, Inc. - SMax4PNP.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] . (.Analog Devices, Inc. - Audio Control Panel.) -- C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
O4 - HKLM\..\Run: [DivXUpdate] . (.Pas de propriétaire - DivX Update.) -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
O4 - HKLM\..\Run: [Arctosa] . (.Razer USA Ltd. - razerhid MFC Application.) -- C:\Program Files\Razer\Arctosa\razerhid.exe
O4 - HKLM\..\Run: [KernelFaultCheck] Clé orpheline
O4 - HKLM\..\Run: [JMB36X IDE Setup] . (...) -- C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
O4 - HKLM\..\RunOnce: [AvgUninstallURL] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\WINDOWS\system32\cmd.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Documents and Settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe (.not file.)
O4 - HKUS\S-1-5-21-1214440339-920026266-725345543-1003\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Documents and Settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
~ Application: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: Adobe Reader 9.lnk . (...) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A95000000001}\SC_Reader.ico
O4 - GS\Programs: Apple Software Update.lnk . (...) -- C:\WINDOWS\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
O4 - GS\Programs: Conseiller de mise à niveau vers Windows 7.lnk . (.Microsoft Corporation - Windows 7 Upgrade Advisor.) -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor\WindowsUpgradeAdvisor.exe
O4 - GS\Programs: MSN Explorer.lnk . (...) -- C:\Program Files\MSN\MSNCoreFiles\msn6.exe (.not file.)
O4 - GS\Programs: Windows Live ID.lnk . (.Microsoft Corporation - Sign in Options.) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\SIGNINOPTIONS.exe
O4 - GS\Programs: Windows Messenger.lnk . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - GS\Programs: Assistance à distance.lnk . (.Microsoft Corporation - Assistance à distance Microsoft.) -- C:\WINDOWS\system32\rcimlby.exe
O4 - GS\Programs: DC Universe Online Live.lnk . (...) -- E:\Program Files\Sony Online Entertainment\Installed Games\DC Universe Online Live\LaunchPad.exe (.not file.)
O4 - GS\Programs: GameRanger.lnk . (.GameRanger Technologies - GameRanger.) -- C:\Documents and Settings\John\Application Data\GameRanger\GameRanger\GameRanger.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Programs: Lin]e[age L2Java.com.lnk . (...) -- E:\Program Files\L2Java\L2.exe (.not file.)
O4 - GS\Programs: Outlook Express.lnk . (.Microsoft Corporation - Outlook Express.) -- C:\Program Files\Outlook Express\msimn.exe
O4 - GS\Programs: Spotify.lnk . (...) -- C:\Program Files\Spotify\spotify.exe (.not file.)
O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
~ Global Startup: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} -- C:\Program Files\PokerStars.FR\main.ico (.not file.)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
O9 - Extra button: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -- Clé orpheline
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} ((no name)) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} ((no name)) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - ((no name)) - (.not file.) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{522F4607-1289-4B81-A1D4-08CE854DFBF6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{522F4607-1289-4B81-A1D4-08CE854DFBF6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{522F4607-1289-4B81-A1D4-08CE854DFBF6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{522F4607-1289-4B81-A1D4-08CE854DFBF6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\WINDOWS\system32\Ati2evxx.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Java Quick Starter (JavaQuickStarterService) . (.Oracle Corporation - Java(TM) Quick Starter Service.) - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) . (.StarWind Software - StarWind iSCSI Target (Alcohol Edition).) - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
~ Services: 6 Legitimates Filtered in 00mn 01s



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Nival Online]
[HKCU\Software\Rapl]
[HKCU\Software\fcn]
[HKLM\Software\Frogster Online Gaming]
[HKLM\Software\Realtime Worlds]
~ Key Software: 238 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 07/11/2012 - 20:29:28 - [24,288] ----D C:\Program Files\INF_allOS_9.3.0.1026_PV
O43 - CFD: 21/12/2012 - 04:14:49 - [0,004] ----D C:\Documents and Settings\John\Application Data\Bloody Trapland Demo
O43 - CFD: 31/01/2013 - 04:25:01 - [0,002] ----D C:\Documents and Settings\John\Application Data\Hamachi
O43 - CFD: 14/10/2011 - 18:58:53 - [0,001] ----D C:\Documents and Settings\John\Local Settings\Application Data\28050
O43 - CFD: 18/02/2012 - 00:08:38 - [0] ----D C:\Documents and Settings\John\Menu Démarrer\Programmes\Jeux
~ Program Folder: 182 Legitimates Filtered in 00mn 25s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.339031613DD05297279AFF652A9F413F] - 25/05/2013 - 21:59:27 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.2F1FB1C5C6DB8C0C26FBCE15C564D551] - 25/05/2013 - 21:59:26 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
~ Files: 16 Legitimates Filtered in 00mn 02s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "C:\Documents and Settings\John\Local Settings\Application Data\Akamai\netsession_win.exe" [Enabled] .(...) -- C:\Documents and Settings\John\Local Settings\Application Data\Akamai\netsession_win.exe (.not file.)
O47 - AAKE:Key Export SP - "D:\data\eSKernel.exe" [Disabled] .(...) -- D:\data\eSKernel.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Documents and Settings\John\Bureau\Survivers_Beta_3.exe" [Enabled] .(...) -- C:\Documents and Settings\John\Bureau\Survivers_Beta_3.exe (.not file.)
O47 - AAKE:Key Export SP - "E:\TERA\TERA-Launcher.exe" [Enabled] .(.Solid State Networks.) -- E:\TERA\TERA-Launcher.exe
O47 - AAKE:Key Export SP - "C:\Program Files\TERA\TERA-Launcher.exe" [Enabled] .(.Solid State Networks.) -- C:\Program Files\TERA\TERA-Launcher.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Microsoft Games\Age of Mythology\aom.exe" [Enabled] .(...) -- C:\Program Files\Microsoft Games\Age of Mythology\aom.exe (.not file.)
~ Keys Export: 16 Legitimates Filtered in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s



---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{29cd43c5-3974-11e2-a6c5-001e8c51d9fb}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{29cd43c8-3974-11e2-a6c5-001e8c51d9fb}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{29cd43c9-3974-11e2-a6c5-d98a3450aa4f}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{5c10c4c0-8c3e-11e2-be78-806d6172696f}\AutoRun\command. (...) -- F:\sources\sperr32.exe (.not file.)
O51 - MPSK:{ab34d1c3-680d-11e0-a5ca-001e8c51d9fb}\AutoRun\command. (...) -- G:\setupSNK.exe (.not file.)
O51 - MPSK:{ce2d1a06-3f10-11e2-a6c8-c674dd88e74d}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{ce2d1a0d-3f10-11e2-a6c8-001e8c51e6e7}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{ce2d1a11-3f10-11e2-a6c8-001e8c51e6e7}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{ee415814-3e96-11e2-a6c7-b30e7cd5f7b1}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.651168B452DA256FA9E1AA172EF5BAC5] - 09/10/2007 - 13:41:18 ---A- . (.Analog Devices, Inc. - High Definition Audio Function Driver.) -- C:\WINDOWS\system32\Drivers\ADIHdAud.sys [313856]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 07/10/2003 - 01:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
~ Drivers: Scanned in 00mn 00s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}
~ ADS: Scanned in 00mn 00s



---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - ??\??\???? - Pas de propriétaire (AVG Security Toolbar Service) .(...) - LEGACY_AVG_SECURITY_TOOLBAR_SERVICE
O64 - Services: CurCS - 05/01/2012 - C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (AxAutoMntSrv) .(.Alcohol Soft Development Team - Alcohol Virtual Drive Auto-mount Service.) - LEGACY_AXAUTOMNTSRV
O64 - Services: CurCS - ??\??\???? - Pas de propriétaire (NPPTNT2) .(...) - LEGACY_NPPTNT2
O64 - Services: CurCS - 29/04/2011 - Pas de propriétaire (PnkBstrA) .(...) - LEGACY_PNKBSTRA
O64 - Services: CurCS - 23/12/2009 - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWindServiceAE) .(.StarWind Software - StarWind iSCSI Target (Alcohol Edition).) - LEGACY_STARWINDSERVICEAE
O64 - Services: CurCS - ??\??\???? - Pas de propriétaire (XDva399) .(...) - LEGACY_XDVA399
~ Legacy: 153 Legitimates Filtered in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <chrome.exe> <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <Google Chrome.JNWVH2FEIOKLP2LIPWZMTNXSKY> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <MSN Explorer> <>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files\MSN\MSNCoreFiles\MSN6.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (AVG Secure Search) - https://search.avg.com/ =>Toolbar.AVGSearch
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (AVG Secure Search) - https://search.avg.com/ =>Toolbar.AVGSearch
~ Keys: Scanned in 00mn 00s



---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][05/05/2011] (...) -- C:\Documents and Settings\John\Local Settings\Application Data\prvlcl.dat [0]
[MD5.73709547A3B136DE4FCFDE3EF78C1B8F] [SPRF][29/04/2011] (...) -- C:\Documents and Settings\John\Application Data\PnkBstrK.sys [138056]
[MD5.3FEA9D2EDF23B0283C7A66C8DEA380BD] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\WINDOWS\Downloaded Program Files\dwusplay.dll [24576]
[MD5.CDBE35EA59BC9223E4F800BD1DB82D27] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\WINDOWS\Downloaded Program Files\dwusplay.exe [196608]
[MD5.DE2EB468A14E00F9A99326C6C9C07075] [SPRF][02/02/2009] (.Adobe Systems Incorporated - Adobe® Flash® Player ActiveX Installer.) -- C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe [1914440]
[MD5.7DC70A3D7F132D369017A9C44158C6D5] [SPRF][15/08/2003] (.InstallShield Software Corporation - InstallShield Update Service Web Agent.) -- C:\WINDOWS\Downloaded Program Files\isusweb.dll [282624]
[MD5.1E5CFDF9AEBDD84305A4C8154277A269] [SPRF][28/02/2007] (.Microsoft Corporation - Zone.com Checkers for MSN Messenger.) -- C:\WINDOWS\Downloaded Program Files\msgrchkr.dll [131472]
~ Files: Scanned in 00mn 00s



---\\ Scan Additionnel (O88)
Database Version : v2.12362 - (25/05/2013)
Clés trouvées (Keys found) : 8
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 0

[HKCU\Software\fcn] =>Rogue.Multiple
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ShopperReports] =>Adware.ShopperReports
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] =>Toolbar.Agent
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] =>Toolbar.Agent
[HKLM\Software\Canneverbe Limited\OpenCandy] =>Adware.OpenCandy
[HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\ShopperReports 3.1.22.0] =>Adware.ShopperReports
[HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E879047EB576555335A099] =>Adware.ShopperReports
[HKCU\Software\Microsoft\Internet Explorer\extensions\cmdmapping]:{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} =>Adware.ClickPotato
C:\Documents and Settings\John\Local Settings\Application Data\Software =>Adware.Boxore
~ Additionnel Scan: 175033 Items scanned in 00mn 09s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 25/05/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 24/10/2011 55144 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 29/11/2012 643072 | (Ati HotKey Poller) . (.ATI Technologies Inc..) - C:\WINDOWS\system32\Ati2evxx.exe
SS - | Demand 0 | (AVG Security Toolbar Service) . (...) - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
SS - | Auto 05/01/2012 75624 | (AxAutoMntSrv) . (.Alcohol Soft Development Team.) - C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
SS - | Demand 19/08/2004 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 06/02/2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 06/02/2010 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
SR - | Auto 08/03/2013 170912 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe
SS - | Demand 05/02/2013 312704 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\maconfservice.exe
SS - | Demand 04/01/2010 3404560 | (npggsvc) . (.INCA Internet Co., Ltd..) - C:\WINDOWS\system32\GameMon.des
SS - | Disabled 75136 | (PnkBstrA) . (...) - C:\WINDOWS\system32\PnkBstrA.exe
SR - | Auto 19/05/2009 240512 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
SS - | Demand 15/06/2007 300544 | (ServiceLayer) . (.Nokia..) - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
SR - | Auto 23/12/2009 370688 | (StarWindServiceAE) . (.StarWind Software.) - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
SS - | Demand 09/09/2012 529744 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files\Fichiers communs\Steam\SteamService.exe
~ Services: Scanned in 00mn 00s



~ 982 Legitimates filtered by white list
End of the scan (456 lines in 01mn 02s)(0)







Merci de votre aide
A voir également:

4 réponses

Réponse 1 / 4
SAVANA_83 Messages postés 18 Date d'inscription samedi 25 mai 2013 Statut Membre Dernière intervention 25 mai 2013
Modifié par SAVANA_83 le 25/05/2013 à 23:25
j'ai le même probléme sauf que moi je ne peut même plus le demarrer en mode sans echec sans qu'il me lance une reparation du démarrage et bien sur celle - ci ne fonctionne pas !!!
0
Réponse 2 / 4
Lidjohn38 Messages postés 3 Date d'inscription samedi 25 mai 2013 Statut Membre Dernière intervention 26 mai 2013
25 mai 2013 à 23:27
Oui la réparation ne fonctionne pas :/ ( j'ai fais les scans sous XP j'espère que ce n'est pas grave )
0
Réponse 3 / 4
SAVANA_83 Messages postés 18 Date d'inscription samedi 25 mai 2013 Statut Membre Dernière intervention 25 mai 2013
25 mai 2013 à 23:30
non mais le pire c'est que ce pc c fait a mois un bye qu je l'avais pas rallumer car justement cela faisais cet ecran noir et la tout le monde a ce pbm j'ai l'impretion lol
0
Réponse 4 / 4
Lidjohn38 Messages postés 3 Date d'inscription samedi 25 mai 2013 Statut Membre Dernière intervention 26 mai 2013
26 mai 2013 à 16:23
personne ?
0