Window c:\windows\system32\cmd.exe at startup and irql error
Solved
vivi9031
Posted messages
12
Status
Membre
-
cabrier Posted messages 5591 Registration date Status Contributeur sécurité Last intervention -
cabrier Posted messages 5591 Registration date Status Contributeur sécurité Last intervention -
Hello, I have a problem starting my laptop. I have to unplug the keyboard and the mouse, otherwise I can't get it to work, and even then I have several windows c:\windows\system32\cmd.exe that open on my desktop, and sometimes (today it's happened 4 times) a blue screen appears with an error message "irql not less or equal" and the computer restarts by itself. I installed zhpdiag and ran a scan, I posted the report on cjoint.com but after that, I don't know what to do.
If someone could help me, thanks in advance.
If someone could help me, thanks in advance.
22 réponses
- 1
- 2
Suivant
Good evening vivi,
Wow, there are a lot of people interested in your case!!!
I agree with Fisq
https://forums.commentcamarche.net/forum/affich-30632345-fenetre-c-windows-systeme32-cmd-exe-au-demarrage-et-erreur-irql#18
The OTL report shows quite a few anomalies that are impossible to recover.
Factory reset ---> that's the right solution.
See you and sorry!
--
--------Security Contributor---------
Blessed are those who can give without remembering and take without forgetting!
Wow, there are a lot of people interested in your case!!!
I agree with Fisq
https://forums.commentcamarche.net/forum/affich-30632345-fenetre-c-windows-systeme32-cmd-exe-au-demarrage-et-erreur-irql#18
The OTL report shows quite a few anomalies that are impossible to recover.
Factory reset ---> that's the right solution.
See you and sorry!
--
--------Security Contributor---------
Blessed are those who can give without remembering and take without forgetting!
Hello,
you have instability on your PC, start by performing this test:
https://www.pcastuces.com/pratique/windows/memoire_windows7/page1.htm
you have instability on your PC, start by performing this test:
https://www.pcastuces.com/pratique/windows/memoire_windows7/page1.htm
vivi,
Use AdwCleaner (developed by Xplode), which is a specific disinfecting tool for adware:
* Once downloaded and launched (right-click: "Run as administrator"), click on [Scan], and let the tool work.
* When the scan is complete, the various tabs will display the found infections.
* Now click on "Clean" to remove all discovered infections, then:
* Click on [Report], the report will appear; you can copy/paste it into your next response.
Otherwise, host it on:
cijoint or pjoint or Up2Share and send me the obtained link.
A+
--
--------Security Contributor---------
Blessed are those who can give without remembering and take without forgetting!
Use AdwCleaner (developed by Xplode), which is a specific disinfecting tool for adware:
* Once downloaded and launched (right-click: "Run as administrator"), click on [Scan], and let the tool work.
* When the scan is complete, the various tabs will display the found infections.
* Now click on "Clean" to remove all discovered infections, then:
* Click on [Report], the report will appear; you can copy/paste it into your next response.
Otherwise, host it on:
cijoint or pjoint or Up2Share and send me the obtained link.
A+
--
--------Security Contributor---------
Blessed are those who can give without remembering and take without forgetting!
Hello,
I finally managed to take the memory test and there are no issues.
I uninstalled programs that I didn't use with Advanced Uninstaller.
I no longer have the windows c:\windows\system32\cmd.exe at startup of the computer; however, I still have the blue screen with the error IRQL NOT LESS OR EQUAL.
Here is the report from AdwCleaner:
AdwCleaner v3.304 - Report created on 10/08/2014 at 06:35:10
# Updated on 08/08/2014 by Xplode
# Operating System: Windows 8.1 (64-bit)
# Username: quiniou s - SQUINIOU
# Executed from: C:\Users\quiniou s\Documents\SFR\adwcleaner_3.304.exe
# Option: Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17126
-\\ Google Chrome v38.0.2114.2
[ File: C:\Users\quiniou s\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [15037 bytes] - [06/07/2014 06:11:05]
AdwCleaner[R1].txt - [691 bytes] - [06/07/2014 14:33:10]
AdwCleaner[R2].txt - [691 bytes] - [06/07/2014 14:45:25]
AdwCleaner[R3].txt - [1262 bytes] - [06/07/2014 18:54:52]
AdwCleaner[R4].txt - [5702 bytes] - [09/08/2014 12:28:30]
AdwCleaner[R5].txt - [1316 bytes] - [10/08/2014 06:27:59]
AdwCleaner[S0].txt - [12203 bytes] - [06/07/2014 06:11:56]
AdwCleaner[S1].txt - [1235 bytes] - [06/07/2014 18:55:58]
AdwCleaner[S2].txt - [5424 bytes] - [09/08/2014 12:30:23]
AdwCleaner[S3].txt - [1238 bytes] - [10/08/2014 06:35:10]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1298 bytes] ##########
Thank you, have a nice day.
I finally managed to take the memory test and there are no issues.
I uninstalled programs that I didn't use with Advanced Uninstaller.
I no longer have the windows c:\windows\system32\cmd.exe at startup of the computer; however, I still have the blue screen with the error IRQL NOT LESS OR EQUAL.
Here is the report from AdwCleaner:
AdwCleaner v3.304 - Report created on 10/08/2014 at 06:35:10
# Updated on 08/08/2014 by Xplode
# Operating System: Windows 8.1 (64-bit)
# Username: quiniou s - SQUINIOU
# Executed from: C:\Users\quiniou s\Documents\SFR\adwcleaner_3.304.exe
# Option: Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17126
-\\ Google Chrome v38.0.2114.2
[ File: C:\Users\quiniou s\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [15037 bytes] - [06/07/2014 06:11:05]
AdwCleaner[R1].txt - [691 bytes] - [06/07/2014 14:33:10]
AdwCleaner[R2].txt - [691 bytes] - [06/07/2014 14:45:25]
AdwCleaner[R3].txt - [1262 bytes] - [06/07/2014 18:54:52]
AdwCleaner[R4].txt - [5702 bytes] - [09/08/2014 12:28:30]
AdwCleaner[R5].txt - [1316 bytes] - [10/08/2014 06:27:59]
AdwCleaner[S0].txt - [12203 bytes] - [06/07/2014 06:11:56]
AdwCleaner[S1].txt - [1235 bytes] - [06/07/2014 18:55:58]
AdwCleaner[S2].txt - [5424 bytes] - [09/08/2014 12:30:23]
AdwCleaner[S3].txt - [1238 bytes] - [10/08/2014 06:35:10]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1298 bytes] ##########
Thank you, have a nice day.
vivi hello,
When you bought your phone, which antivirus was installed?
Norton?
Your problem with "irql not less or equal" comes from a poorly installed or uninstalled program or driver.
--------------------------------------------------
This script will target certain items to remove:
* Close all your running applications
* Select and copy all the bold and italic lines below starting from Script ZHPFIX:
Script ZHPFix
O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) . (.Fuyu LIMITED - WindowsProtectManger Service.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
[MD5.00000000000000000000000000000000] [APT] [Rocket Updater] (...) -- C:\Users\quiniou s\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.exe (.not file.) [0]
O39 - APT: Rocket Updater - (...) -- C:\Windows\Tasks\Rocket Updater.job [324]
O39 - APT: Rocket Updater - (...) -- C:\Windows\System32\Tasks\Rocket Updater [324]
O42 - Software: Browser App - (.app.) [HKLM][64Bits] -- Browser App
O42 - Software: Genesis - (...) [HKCU][64Bits] -- people_07052320
O42 - Software: WindowsMangerProtect20.0.0.502 - (.WindowsProtect LIMITED.) [HKLM][64Bits] -- WindowsMangerProtect
[HKCU\Software\AppDataLow\Software\Browser App]
[HKCU\Software\Rocket Browser]
[HKCU\Software\RocketUpdater]
[HKLM\Software\Wow6432Node\FrEeSoFtOdAy]
[HKLM\Software\Wow6432Node\supWindowsMangerProtect]
O43 - CFD: 06/07/2014 - 01:21:31 - [] ----D C:\Program Files (x86)\Browser App
O43 - CFD: 06/07/2014 - 01:20:53 - [] ----D C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu
O43 - CFD: 06/07/2014 - 06:28:18 - [] ----D C:\Users\quiniou s\AppData\Local\Rocket
SR - | Auto 06/07/2014 535936 | (WindowsMangerProtect) . (.Fuyu LIMITED.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
[HKLM\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\people_07052320]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect]
C:\ProgramData\WindowsMangerProtect
C:\Users\quiniou s\AppData\Local\Rocket
C:\Windows\Tasks\Rocket Updater.job
C:\Windows\System32\Tasks\Rocket Updater
[HKCU\Software\Rocket Browser]
[HKCU\Software\RocketUpdater]
[HKLM\Software\Wow6432Node\FrEeSoFtOdAy]
[HKLM\Software\Wow6432Node\supWindowsMangerProtect]
O42 - Software: Governor of Poker 2 Premium Edition - (.WildTangent.) [HKLM][64Bits] -- WTA-fcb478c9-213a-421a-bbf4-7ecca05a8c7c
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\CleanHlp.sys . (...) -- C:\Windows\System32\Drivers\CleanHlp.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\CleanHlp.sys . (...) -- C:\Windows\System32\Drivers\CleanHlp.sys (.not file.)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Orphaned key => Toolbar.Norton
O42 - Software: ZoneAlarm Security Toolbar - (.Check Point Software Technologies LTD.) [HKCU][64Bits] -- zonealarm
O69 - SBI: SearchScopes [HKCU] {D944BB61-2E34-4DBF-A683-47E505C587DC} - (eBay) - http://rover.ebay.com
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\zonealarm]
[HKLM\Software\Classes\ScriptHost.Tool.1]
[HKLM\Software\Classes\ScriptHost.Tool]
EmptyPrefetch
EmptyTemp
EmptyCLSID
* Run ZHPFix via the shortcut on your Desktop, (If you are using Vista or Windows 7 or Windows 8, remember to right-click ==> run as administrator")
* If you get the message "Do you want to allow the following program..." respond "Yes"
* Click on the "IMPORT" button
* The lines will be automatically pasted into ZHPFix; if not, paste the lines
* Click the «GO» button to start the cleanup
* When prompted, confirm the cleanup of data by clicking [OK]
* Wait for the processing time.
* ZHPFix will ask you if you want to empty your recycle bin; click on your choice (the process may take a long time depending on the amount of data to be deleted)
* A report named ZHPFixReport.txt will be created and saved on the desktop
* This report can also be found here C:\ZHP\ZHPFix[R1].txt
* Copy/paste the entire report into your next response
See you later
--
--------Security Contributor---------
Blessed are those who can give without remembering and take without forgetting!
When you bought your phone, which antivirus was installed?
Norton?
Your problem with "irql not less or equal" comes from a poorly installed or uninstalled program or driver.
--------------------------------------------------
This script will target certain items to remove:
* Close all your running applications
* Select and copy all the bold and italic lines below starting from Script ZHPFIX:
Script ZHPFix
O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) . (.Fuyu LIMITED - WindowsProtectManger Service.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
[MD5.00000000000000000000000000000000] [APT] [Rocket Updater] (...) -- C:\Users\quiniou s\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.exe (.not file.) [0]
O39 - APT: Rocket Updater - (...) -- C:\Windows\Tasks\Rocket Updater.job [324]
O39 - APT: Rocket Updater - (...) -- C:\Windows\System32\Tasks\Rocket Updater [324]
O42 - Software: Browser App - (.app.) [HKLM][64Bits] -- Browser App
O42 - Software: Genesis - (...) [HKCU][64Bits] -- people_07052320
O42 - Software: WindowsMangerProtect20.0.0.502 - (.WindowsProtect LIMITED.) [HKLM][64Bits] -- WindowsMangerProtect
[HKCU\Software\AppDataLow\Software\Browser App]
[HKCU\Software\Rocket Browser]
[HKCU\Software\RocketUpdater]
[HKLM\Software\Wow6432Node\FrEeSoFtOdAy]
[HKLM\Software\Wow6432Node\supWindowsMangerProtect]
O43 - CFD: 06/07/2014 - 01:21:31 - [] ----D C:\Program Files (x86)\Browser App
O43 - CFD: 06/07/2014 - 01:20:53 - [] ----D C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu
O43 - CFD: 06/07/2014 - 06:28:18 - [] ----D C:\Users\quiniou s\AppData\Local\Rocket
SR - | Auto 06/07/2014 535936 | (WindowsMangerProtect) . (.Fuyu LIMITED.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
[HKLM\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\people_07052320]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect]
C:\ProgramData\WindowsMangerProtect
C:\Users\quiniou s\AppData\Local\Rocket
C:\Windows\Tasks\Rocket Updater.job
C:\Windows\System32\Tasks\Rocket Updater
[HKCU\Software\Rocket Browser]
[HKCU\Software\RocketUpdater]
[HKLM\Software\Wow6432Node\FrEeSoFtOdAy]
[HKLM\Software\Wow6432Node\supWindowsMangerProtect]
O42 - Software: Governor of Poker 2 Premium Edition - (.WildTangent.) [HKLM][64Bits] -- WTA-fcb478c9-213a-421a-bbf4-7ecca05a8c7c
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\CleanHlp.sys . (...) -- C:\Windows\System32\Drivers\CleanHlp.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\CleanHlp.sys . (...) -- C:\Windows\System32\Drivers\CleanHlp.sys (.not file.)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Orphaned key => Toolbar.Norton
O42 - Software: ZoneAlarm Security Toolbar - (.Check Point Software Technologies LTD.) [HKCU][64Bits] -- zonealarm
O69 - SBI: SearchScopes [HKCU] {D944BB61-2E34-4DBF-A683-47E505C587DC} - (eBay) - http://rover.ebay.com
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\zonealarm]
[HKLM\Software\Classes\ScriptHost.Tool.1]
[HKLM\Software\Classes\ScriptHost.Tool]
EmptyPrefetch
EmptyTemp
EmptyCLSID
* Run ZHPFix via the shortcut on your Desktop, (If you are using Vista or Windows 7 or Windows 8, remember to right-click ==> run as administrator")
* If you get the message "Do you want to allow the following program..." respond "Yes"
* Click on the "IMPORT" button
* The lines will be automatically pasted into ZHPFix; if not, paste the lines
* Click the «GO» button to start the cleanup
* When prompted, confirm the cleanup of data by clicking [OK]
* Wait for the processing time.
* ZHPFix will ask you if you want to empty your recycle bin; click on your choice (the process may take a long time depending on the amount of data to be deleted)
* A report named ZHPFixReport.txt will be created and saved on the desktop
* This report can also be found here C:\ZHP\ZHPFix[R1].txt
* Copy/paste the entire report into your next response
See you later
--
--------Security Contributor---------
Blessed are those who can give without remembering and take without forgetting!
When I bought my PC, it had Norton, I uninstalled it and I used a Norton tool to get rid of all the files.
After the "irql not less or equal" there is nothing else.
Here is the ZHP Fix report:
ZHPFix Report 2014.8.3.6 by Nicolas Coolman, Update of 03/08/2014
Registry Export File:
Run by quiniou s at 10/08/2014 09:22:17
High Elevated Privileges: OK
Windows 8 Home Premium Edition, 64-bit Service Pack 1 (9600)
Recycle bin emptied (00mn 03s)
Prefetcher folder emptied
========== Software ==========
REMOVED: Governor of Poker 2 Premium Edition
========== Registry Keys ==========
REMOVED O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\CleanHlp.sys . (...) -- C:\Windows\System32\Drivers\CleanHlp.sys (.not file.)
REMOVED O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\CleanHlp.sys . (...) -- C:\Windows\System32\Drivers\CleanHlp.sys (.not file.)
REMOVED: SearchScopes :{D944BB61-2E34-4DBF-A683-47E505C587DC}
REMOVED: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\zonealarm
========== Registry Values ==========
REMOVED: Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
========== Folders ==========
No CLSID Local user folders empty
========== Files ==========
REMOVED Windows Temporary (12) (475801 bytes)
========== Summary ==========
4: Registry Keys
1: Registry Values
1: Folders
1: Files
1: Software
End of clean in 00mn 32s
========== File path report ==========
C:\Users\quiniou s\AppData\Roaming\ZHP\ZHPFix[R1].txt - 10/08/2014 09:22:21 [1313]
After the "irql not less or equal" there is nothing else.
Here is the ZHP Fix report:
ZHPFix Report 2014.8.3.6 by Nicolas Coolman, Update of 03/08/2014
Registry Export File:
Run by quiniou s at 10/08/2014 09:22:17
High Elevated Privileges: OK
Windows 8 Home Premium Edition, 64-bit Service Pack 1 (9600)
Recycle bin emptied (00mn 03s)
Prefetcher folder emptied
========== Software ==========
REMOVED: Governor of Poker 2 Premium Edition
========== Registry Keys ==========
REMOVED O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\CleanHlp.sys . (...) -- C:\Windows\System32\Drivers\CleanHlp.sys (.not file.)
REMOVED O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\CleanHlp.sys . (...) -- C:\Windows\System32\Drivers\CleanHlp.sys (.not file.)
REMOVED: SearchScopes :{D944BB61-2E34-4DBF-A683-47E505C587DC}
REMOVED: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\zonealarm
========== Registry Values ==========
REMOVED: Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
========== Folders ==========
No CLSID Local user folders empty
========== Files ==========
REMOVED Windows Temporary (12) (475801 bytes)
========== Summary ==========
4: Registry Keys
1: Registry Values
1: Folders
1: Files
1: Software
End of clean in 00mn 32s
========== File path report ==========
C:\Users\quiniou s\AppData\Roaming\ZHP\ZHPFix[R1].txt - 10/08/2014 09:22:21 [1313]
Seen,
Bizarre, ZHPFix didn't remove everything!
Download ZHPCleaner at this address:
https://nicolascoolman.eu
ZHPCleaner is a utility designed to fight browser hijackers. Its main goal is to restore Proxy settings and remove browser redirections.
---> Leave all boxes checked,
---> Click on "Repair"
A report will indicate what has been restored; select it, right-click to copy, and paste it into your reply.
See you!
--
--------Security Contributor---------
Blessed are those who can give without remembering and take without forgetting!
Bizarre, ZHPFix didn't remove everything!
Download ZHPCleaner at this address:
https://nicolascoolman.eu
ZHPCleaner is a utility designed to fight browser hijackers. Its main goal is to restore Proxy settings and remove browser redirections.
---> Leave all boxes checked,
---> Click on "Repair"
A report will indicate what has been restored; select it, right-click to copy, and paste it into your reply.
See you!
--
--------Security Contributor---------
Blessed are those who can give without remembering and take without forgetting!
vivi,
When you have used ZHPCleaner, you will continue:
Download Malwaresbytes anti-malware
HERE
* Install it by choosing French and leaving the default options,
* Uncheck the box Activate the free trial of Malwarebytes Anti-Malware Premium at the end of the installation,
* You will need to update the database by clicking on Update in the Dashboard.
* In the Scan tab, select Scan Threats and then click on Scan now.
* Once the scan is complete, click on Quarantine All and then on Apply actions
(If a message asks you to restart the PC to complete the removal, accept the restart)
* After a possible restart, restart Malwarebytes,
Click on [History] -> Application Logs
Select the latest Scan Log -> View
Click at the bottom on [Export] -> text file (*.txt)
* Choose the desktop as the location
* Copy/Paste the content of the report into your response, or
Host the report on this site and Copy/Paste the created link into your response.
A+
--
--------Security Contributor---------
Blessed are those who can give without remembering and take without forgetting!
When you have used ZHPCleaner, you will continue:
Download Malwaresbytes anti-malware
HERE
* Install it by choosing French and leaving the default options,
* Uncheck the box Activate the free trial of Malwarebytes Anti-Malware Premium at the end of the installation,
* You will need to update the database by clicking on Update in the Dashboard.
* In the Scan tab, select Scan Threats and then click on Scan now.
* Once the scan is complete, click on Quarantine All and then on Apply actions
(If a message asks you to restart the PC to complete the removal, accept the restart)
* After a possible restart, restart Malwarebytes,
Click on [History] -> Application Logs
Select the latest Scan Log -> View
Click at the bottom on [Export] -> text file (*.txt)
* Choose the desktop as the location
* Copy/Paste the content of the report into your response, or
Host the report on this site and Copy/Paste the created link into your response.
A+
--
--------Security Contributor---------
Blessed are those who can give without remembering and take without forgetting!
report of zhpcleaner:
~ ZHPCleaner v2014.8.10.56 by Nicolas Coolman (10/08/2014)
~ Run by quiniou s (Administrator) (10/08/2014 12:05:48)
~ WebSite : https://nicolascoolman.eu
~ Forum : https://nicolascoolman.eu
~ State version : New version available
~ Report : C:\Users\quiniou s\Desktop\ZHPCleaner.txt
~ Report : C:\Users\quiniou s\AppData\Roaming\ZHP\ZHPCleaner.txt
~ Quarantine : C:\Users\quiniou s\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ Windows 81, 64-bit (Build 9600)
---\\ Restoring default proxy settings of browsers,
REPLACED PARAMS: EnableHttp1_1 ( 1 )
---\\ Removal of browser shortcut redirections (Infection by argument)
~ No repair needed
---\\ Repair of startup and search pages of Microsoft Internet Explorer browser
REPLACED PARAMS: Default_Page_URL ( https://www.google.com/?gws_rd=ssl )
REPLACED PARAMS: Search Page ( http://go.microsoft.com/fwlink/?LinkId=54896 )
REPLACED PARAMS: Default_Page_URL ( https://www.google.com/?gws_rd=ssl )
REPLACED PARAMS: Default_Search_URL ( https://www.google.com/?gws_rd=ssl )
REPLACED PARAMS: Start Page ( https://www.google.com/?gws_rd=ssl )
REPLACED PARAMS: Search Page ( https://www.google.com/?gws_rd=ssl )
---\\ Repair of the startup page of Mozilla Firefox browser
~ This browser is absent!
---\\ Repair of the startup page of Google Chrome browser
~ No repair needed
---\\ Repair of the startup page of Opera Software Opera browser
~ No repair needed
---\\ Removal of some harmful Browser Helper Objects (BHO) from browsers
~ No repair needed
---\\ Removal of some harmful Toolbars from browsers
~ No repair needed
---\\ Repair of the default search provider (SearchScope) (Defaupt)
~ No repair needed
---\\ Repair of the default search provider (SearchScope) (Others)
~ No repair needed
---\\ Removal of startup key values changing browser settings (Run).
~ No repair needed
---\\ Removal of harmful extensions from Google Chrome (Manifest).
~ No repair needed
---\\ Removal of harmful extensions from Mozilla Firefox (Register).
~ No repair needed
End of clean at 12:05:52
~ ZHPCleaner v2014.8.10.56 by Nicolas Coolman (10/08/2014)
~ Run by quiniou s (Administrator) (10/08/2014 12:05:48)
~ WebSite : https://nicolascoolman.eu
~ Forum : https://nicolascoolman.eu
~ State version : New version available
~ Report : C:\Users\quiniou s\Desktop\ZHPCleaner.txt
~ Report : C:\Users\quiniou s\AppData\Roaming\ZHP\ZHPCleaner.txt
~ Quarantine : C:\Users\quiniou s\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ Windows 81, 64-bit (Build 9600)
---\\ Restoring default proxy settings of browsers,
REPLACED PARAMS: EnableHttp1_1 ( 1 )
---\\ Removal of browser shortcut redirections (Infection by argument)
~ No repair needed
---\\ Repair of startup and search pages of Microsoft Internet Explorer browser
REPLACED PARAMS: Default_Page_URL ( https://www.google.com/?gws_rd=ssl )
REPLACED PARAMS: Search Page ( http://go.microsoft.com/fwlink/?LinkId=54896 )
REPLACED PARAMS: Default_Page_URL ( https://www.google.com/?gws_rd=ssl )
REPLACED PARAMS: Default_Search_URL ( https://www.google.com/?gws_rd=ssl )
REPLACED PARAMS: Start Page ( https://www.google.com/?gws_rd=ssl )
REPLACED PARAMS: Search Page ( https://www.google.com/?gws_rd=ssl )
---\\ Repair of the startup page of Mozilla Firefox browser
~ This browser is absent!
---\\ Repair of the startup page of Google Chrome browser
~ No repair needed
---\\ Repair of the startup page of Opera Software Opera browser
~ No repair needed
---\\ Removal of some harmful Browser Helper Objects (BHO) from browsers
~ No repair needed
---\\ Removal of some harmful Toolbars from browsers
~ No repair needed
---\\ Repair of the default search provider (SearchScope) (Defaupt)
~ No repair needed
---\\ Repair of the default search provider (SearchScope) (Others)
~ No repair needed
---\\ Removal of startup key values changing browser settings (Run).
~ No repair needed
---\\ Removal of harmful extensions from Google Chrome (Manifest).
~ No repair needed
---\\ Removal of harmful extensions from Mozilla Firefox (Register).
~ No repair needed
End of clean at 12:05:52
malwarebytes log:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan date: 10/08/2014
Scan time: 12:15:08
Log file: malwarebytes_report.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.08.10.01
Rootkits Database: v2014.08.04.01
License: Free
Malware protection: Disabled
Web malware protection: Disabled
Self-protection: Disabled
Operating System: Windows 8.1
Processor: x64
File System: NTFS
User: quiniou s
Scan type: "Threat" scan
Results: Completed
Objects scanned: 278717
Time elapsed: 11 min, 45 sec
Memory: Enabled
Startup: Enabled
File System: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 3
PUP.Optional.InstallCore, C:\Users\quiniou s\Documents\FlashPlayer_11.3.exe, Quarantined, [f7f206bedba0c274d61e07b30ff5d42c],
PUP.Optional.InstallCore, C:\Users\quiniou s\Downloads\CCleanerSetup.exe, Quarantined, [ab3e05bf66151f17cd595f5913f1fb05],
PUP.Optional.InstallCore, C:\Users\quiniou s\Downloads\ccsetup415.exe, Quarantined, [49a0ebd99be085b1c5206f48f90bc53b],
Physical sectors: 0
(No malicious items detected)
(end)
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan date: 10/08/2014
Scan time: 12:15:08
Log file: malwarebytes_report.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.08.10.01
Rootkits Database: v2014.08.04.01
License: Free
Malware protection: Disabled
Web malware protection: Disabled
Self-protection: Disabled
Operating System: Windows 8.1
Processor: x64
File System: NTFS
User: quiniou s
Scan type: "Threat" scan
Results: Completed
Objects scanned: 278717
Time elapsed: 11 min, 45 sec
Memory: Enabled
Startup: Enabled
File System: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 3
PUP.Optional.InstallCore, C:\Users\quiniou s\Documents\FlashPlayer_11.3.exe, Quarantined, [f7f206bedba0c274d61e07b30ff5d42c],
PUP.Optional.InstallCore, C:\Users\quiniou s\Downloads\CCleanerSetup.exe, Quarantined, [ab3e05bf66151f17cd595f5913f1fb05],
PUP.Optional.InstallCore, C:\Users\quiniou s\Downloads\ccsetup415.exe, Quarantined, [49a0ebd99be085b1c5206f48f90bc53b],
Physical sectors: 0
(No malicious items detected)
(end)
Sure, here's the translation:
Bien,
¶ Download OTL to your Desktop.
OTL is a program that performs a diagnosis of your computer to detect any infections.
¶ Run it (if you're using Windows Vista or Windows 7, do it by right-clicking --> Run as administrator).
¶ Under Customization, copy-paste this script:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%temp%\*.exe /s
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\consrv.dll
%systemroot%\system32\*.dll /lockedfiles
%windir%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
/md5start
explorer.exe
winlogon.exe
services.exe
wininit.exe
/md5stop
SAVEMBR:0
¶ Check the box "all users" then click on the "Scan" button
¶ Wait during the analysis until the two reports OTL.txt and Extras.txt appear
IMPORTANT:
¶ Go to cijoint or pjoint, click on "Browse", select the OTL report and click on Send file. Wait while the file is being sent, then copy/paste the provided link in your next reply on the forum.
Do not paste the report in your reply, it is too long!
Attention: !
If your Antivirus is Avast do not run OTL in Avast’s sandbox or the result will be truncated. You will find at this address: https://www.malekal.com/tutorial-otl/ an excellent tutorial to help you.
A+
--
--------Security Contributor---------
Blessed are those who can give without remembering and take without forgetting!
¶ Download OTL to your Desktop.
OTL is a program that performs a diagnosis of your computer to detect any infections.
¶ Run it (if you're using Windows Vista or Windows 7, do it by right-clicking --> Run as administrator).
¶ Under Customization, copy-paste this script:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%temp%\*.exe /s
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\consrv.dll
%systemroot%\system32\*.dll /lockedfiles
%windir%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
/md5start
explorer.exe
winlogon.exe
services.exe
wininit.exe
/md5stop
SAVEMBR:0
¶ Check the box "all users" then click on the "Scan" button
¶ Wait during the analysis until the two reports OTL.txt and Extras.txt appear
IMPORTANT:
¶ Go to cijoint or pjoint, click on "Browse", select the OTL report and click on Send file. Wait while the file is being sent, then copy/paste the provided link in your next reply on the forum.
Do not paste the report in your reply, it is too long!
Attention: !
If your Antivirus is Avast do not run OTL in Avast’s sandbox or the result will be truncated. You will find at this address: https://www.malekal.com/tutorial-otl/ an excellent tutorial to help you.
A+
--
--------Security Contributor---------
Blessed are those who can give without remembering and take without forgetting!
The command prompt appears.
I have a laptop and yes, I have a repair key and I have a recovery partition
I have already reset my system and I still have the same issues.
I have a laptop and yes, I have a repair key and I have a recovery partition
I have already reset my system and I still have the same issues.
Do you follow the manufacturer's and Windows' recommendations well?
I mean, perfect installation of their updates.
Reset? System restore or completely return it to factory settings?
A manufacturer defect or a driver update issue?
You don't have any problems with the AMD update?
I mean, perfect installation of their updates.
Reset? System restore or completely return it to factory settings?
A manufacturer defect or a driver update issue?
You don't have any problems with the AMD update?
FISQ
Let it be, don't worry....
--
If there is a problem, there is always a solution
~~~~~~ Cs ~~~~~~
Let it be, don't worry....
--
If there is a problem, there is always a solution
~~~~~~ Cs ~~~~~~
She had Norton pre-installed, activated later online, and then uninstalled it—I would say butchered it because I know Norton is very powerful and doesn’t let go easily.
Instead, despite the presence of Windows Defender, she installed a free firewall and antivirus.
Some system programs are damaged and some drivers are missing, which create a blue screen.
She still has access to the desktop, so she can go into the advanced options to repair the system, taking advantage of it as soon as possible before losing access to the desktop. You know very well that with Windows 8, it is very reluctant to start in safe mode.
No system disk was created beforehand; that’s already one lost joker. There’s only one left, which is the last one: access to the desktop and recovery manager.
Instead, despite the presence of Windows Defender, she installed a free firewall and antivirus.
Some system programs are damaged and some drivers are missing, which create a blue screen.
She still has access to the desktop, so she can go into the advanced options to repair the system, taking advantage of it as soon as possible before losing access to the desktop. You know very well that with Windows 8, it is very reluctant to start in safe mode.
No system disk was created beforehand; that’s already one lost joker. There’s only one left, which is the last one: access to the desktop and recovery manager.
Ok for the alarm zone and its firewall, you'd rather use it; I honestly prefer to get rid of it.
A Free software is a free version of the product; do you really think it's free?
It installs spyware, its own toolbar; when you use it, you activate the spyware, which tracks all your searches and then sends you what you have at that very moment.
Advertising sites track you and send you PUPs, and in a way, without knowing it, you’ve paid part of the so-called free software. Have you ever wondered why there's a Free version and a paid version? Sure, it has fewer options compared to the paid one, but there's something else hidden behind "business marketing."
A website to survive uses banner ads; the more you click, the more €,$ for the site; it's the same system, except it's done without your knowledge.
So, can you estimate your private data, give it a value?
In their eyes, believe me, it has great value.
You have a laptop; you don't just play online or surf, do you?
Your very private data is circulating in your registry, isn't it?
Do you now understand my excessive zeal regarding system security here on CCM?
I'm going to leave your post; sorry, when a taboo subject is discussed on CCM, it bothers and disturbs, and to make it leave its seat quickly, you rate it very poorly while rating others positively—it's a communicative vase effect.
Make all your graphics card and motherboard updates, and don’t mess with the system files, which are very sensitive.
My intention was to make you a system repair from safe mode command prompt.
Bye.
A Free software is a free version of the product; do you really think it's free?
It installs spyware, its own toolbar; when you use it, you activate the spyware, which tracks all your searches and then sends you what you have at that very moment.
Advertising sites track you and send you PUPs, and in a way, without knowing it, you’ve paid part of the so-called free software. Have you ever wondered why there's a Free version and a paid version? Sure, it has fewer options compared to the paid one, but there's something else hidden behind "business marketing."
A website to survive uses banner ads; the more you click, the more €,$ for the site; it's the same system, except it's done without your knowledge.
So, can you estimate your private data, give it a value?
In their eyes, believe me, it has great value.
You have a laptop; you don't just play online or surf, do you?
Your very private data is circulating in your registry, isn't it?
Do you now understand my excessive zeal regarding system security here on CCM?
I'm going to leave your post; sorry, when a taboo subject is discussed on CCM, it bothers and disturbs, and to make it leave its seat quickly, you rate it very poorly while rating others positively—it's a communicative vase effect.
Make all your graphics card and motherboard updates, and don’t mess with the system files, which are very sensitive.
My intention was to make you a system repair from safe mode command prompt.
Bye.
I have installed all the updates with Windows Update and the HP software, but only the graphics card won't update.
Factory reset.
I have an AMD Radeon HD 7520G graphics card, driver version 8.982.10.6000.
I don't have any NVIDIA in the device manager.
I just renamed both NVIDIA driver files to .old.
If necessary, I will delete them. I will restart to see how the machine behaves.
Factory reset.
I have an AMD Radeon HD 7520G graphics card, driver version 8.982.10.6000.
I don't have any NVIDIA in the device manager.
I just renamed both NVIDIA driver files to .old.
If necessary, I will delete them. I will restart to see how the machine behaves.
A graphic driver removed in the manager will normally regain its rights upon reboot if you are still connected to the router.
An Nvidia update icon will appear as if you had connected a USB key and should install itself automatically.
An Nvidia update icon will appear as if you had connected a USB key and should install itself automatically.
Good evening,
The system is damaged; you have meddled and probably deleted a program or driver.
Get rid of that Zone Alarm thing as soon as possible and restore Windows Defender, including the Windows firewall.
The Blue Screen comes from a driver/program issue, rarely from a virus.
c:\windows\system32\cmd.exe is a command prompt window.
It appears on your desktop because one of its processes is running; your system is suffering and letting you know.
Despite the presence of little nasties in your registry, also installed thanks to you—Flash games, online games, software supposedly for protection or optimization—it is not their fault. So, it is not entirely a virus; it's the owner's fault entirely.
First, disinfect, then repair the system.
Easier said than done, why?
It's difficult to change the bad habits of an Administrator who only sees the programs installed by their own means; it's a lost cause.
Good luck, security contributors.
The system is damaged; you have meddled and probably deleted a program or driver.
Get rid of that Zone Alarm thing as soon as possible and restore Windows Defender, including the Windows firewall.
The Blue Screen comes from a driver/program issue, rarely from a virus.
c:\windows\system32\cmd.exe is a command prompt window.
It appears on your desktop because one of its processes is running; your system is suffering and letting you know.
Despite the presence of little nasties in your registry, also installed thanks to you—Flash games, online games, software supposedly for protection or optimization—it is not their fault. So, it is not entirely a virus; it's the owner's fault entirely.
First, disinfect, then repair the system.
Easier said than done, why?
It's difficult to change the bad habits of an Administrator who only sees the programs installed by their own means; it's a lost cause.
Good luck, security contributors.
PS: Display office, can you tell me if this command works very well
Press the Windows + R keys then type cmd and press the ENTER key then confirm with YES
Does the command prompt display correctly?
c:\windows\system32\cmd.exe
Thank you!
Despite the presence of the protected recovery system partition
Have you performed a system backup or created and burned "repair discs" to multiple DVDs since the purchase? Not many people do.
Press the Windows + R keys then type cmd and press the ENTER key then confirm with YES
Does the command prompt display correctly?
c:\windows\system32\cmd.exe
Thank you!
Despite the presence of the protected recovery system partition
Have you performed a system backup or created and burned "repair discs" to multiple DVDs since the purchase? Not many people do.
- 1
- 2
Suivant