BSOD 0x000000c5

[johnb35]

Since this is a laptop basically you remove a bottom cover to access the memory. Remove one stick and run memtest for a few hours then replace stick and remove the other one and run memtest again. It's not that hard. If memtest passes then it seems its an OS issue.

 

[Punk]

Since this is a laptop basically you remove a bottom cover to access the memory. Remove one stick and run memtest for a few hours then replace stick and remove the other one and run memtest again. It's not that hard. If memtest passes then it seems its an OS issue.

Alright. I will do that next time we get a BSOD. Thanks a lot for your help John, you've been very helpful

 

[Punk]

New BSOD while skiping


==================================================
Dump File : Mini092712-01.dmp
Crash Time : 27/09/2012 18:23:54
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x82f2e56f
Parameter 3 : 0x8245ab1c
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+ed56f
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+ed56f
Stack Address 1 : ntkrnlpa.exe+b323d
Stack Address 2 : ntkrnlpa.exe+34231
Stack Address 3 : ntkrnlpa.exe+234cb0
Computer Name :
Full Path : C:\Windows\Minidump\Mini092712-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 142*848
==================================================

==================================================
Dump File : Mini092012-01.dmp
Crash Time : 20/09/2012 12:00:11
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x82f01770
Parameter 3 : 0x8238cb54
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+ee770
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+ee770
Stack Address 1 : ntkrnlpa.exe+ed858
Stack Address 2 : ntkrnlpa.exe+22e5f5
Stack Address 3 : ntkrnlpa.exe+22e457
Computer Name :
Full Path : C:\Windows\Minidump\Mini092012-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 142*848
==================================================

==================================================
Dump File : Mini090812-01.dmp
Crash Time : 08/09/2012 13:32:25
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x82f37770
Parameter 3 : 0x8e8ea65c
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+ee770
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+ee770
Stack Address 1 : ntkrnlpa.exe+ed858
Stack Address 2 : fltmgr.sys+1eb09
Stack Address 3 : fltmgr.sys+1f805
Computer Name :
Full Path : C:\Windows\Minidump\Mini090812-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 138*208
==================================================

 

[Punk]

Anyone?

 

[johnb35]

Sorry about that. This bluescreen was caused by Isass.exe. Please make sure your system is free from infections. I would probably just reinstall windows.

 

[Punk]

Sorry about that. This bluescreen was caused by Isass.exe. Please make sure your system is free from infections. I would probably just reinstall windows.

Alright thanks!

I will do further scans and if I find nothing I'll the post the logs here. Thanks

 

[Punk]

Here is the combofix, I found nothing but if you can have a look it will be great. I haven't done this in a long long time, I'm doubtfull to wether I'm still capable of reading those files...

ComboFix 12-09-30.01 - Jen 30/09/2012 18:30:50.1.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3069.1592 [GMT 2:00]
Lancé depuis: c:\users\Jen\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\winrar_winrar_3.92_final_32_bits_francais_9632.exe
c:\programdata\hpeE9F1.dll
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-08-28 au 2012-09-30 ))))))))))))))))))))))))))))))))))))
.
.
2012-09-30 16:48 . 2012-09-30 16:49 -------- d-----w- c:\users\Jen\AppData\Local\temp
2012-09-30 16:48 . 2012-09-30 16:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-30 13:54 . 2012-09-30 13:54 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C26DA37-2361-41F9-B655-04A0F1856A65}\offreg.dll
2012-09-28 16:30 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C26DA37-2361-41F9-B655-04A0F1856A65}\mpengine.dll
2012-09-18 16:17 . 2012-09-18 16:17 -------- d-----w- c:\program files\TeamViewer
2012-09-08 18:39 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-09-08 18:39 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-09-06 19:44 . 2012-09-06 19:44 -------- d-----w- c:\users\Jen\AppData\Local\Evernote
2012-09-06 10:43 . 2012-09-30 16:27 -------- d-----w- c:\users\Jen\AppData\Roaming\Skype
2012-09-06 10:43 . 2012-09-06 10:43 -------- d-----w- c:\program files\Common Files\Skype
2012-09-06 10:43 . 2012-09-06 10:46 -------- d-----r- c:\program files\Skype
2012-09-06 10:42 . 2012-09-06 10:46 -------- d-----w- c:\programdata\Skype
2012-09-02 00:29 . 2012-09-02 00:29 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-09-02 00:29 . 2012-09-02 00:29 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2012-09-02 00:29 . 2012-09-02 00:29 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys
2012-09-02 00:28 . 2012-09-02 00:28 -------- d-----w- c:\programdata\Sony Ericsson
2012-09-02 00:28 . 2012-09-02 00:28 -------- d-----w- c:\program files\Sony Ericsson
2012-09-02 00:21 . 2012-09-02 00:21 -------- d-----w- c:\programdata\Sony
2012-09-02 00:21 . 2012-09-02 00:21 -------- d-----w- c:\program files\Sony
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 16:21 . 2012-04-18 17:57 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-21 16:21 . 2011-05-27 10:26 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 15:04 . 2011-12-09 13:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-28 18:24 . 2012-06-14 18:31 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-28 18:24 . 2010-05-02 10:19 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-21 09:13 . 2011-11-02 18:07 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2011-11-02 18:07 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2011-11-02 18:07 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2011-11-02 18:07 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2011-11-02 18:07 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2011-11-02 18:07 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2011-11-02 18:06 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2011-11-02 18:06 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-24 19:57 . 2012-07-24 19:57 477240 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-07-04 14:02 . 2012-08-24 14:52 2047488 ----a-w- c:\windows\system32\win32k.sys
2009-09-06 17:25 . 2009-09-06 17:23 18015723 ----a-w- c:\program files\vlc-1.0.1-win32.exe
2005-12-05 23:28 . 2010-03-16 18:15 8887767 ----a-w- c:\program files\Guitar Pro 5.0 full - no RMS.exe
2011-12-14 21:07 . 2011-05-09 14:36 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-09-06 13:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-09-06 13:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-09-06 13:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-09-06 13:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-04 1410344]
"UCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-01-08 450663]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-05 343168]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Jen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk]
path=c:\users\Jen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
backup=c:\windows\pss\EvernoteClipper.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Jen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Jen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-11 19:00 919008 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-31 11:20 38872 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 20:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ask and Record FLV Service]
2009-03-10 00:29 156672 ----a-w- c:\program files\Ask & Record Toolbar\FLVSrvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BambooCore]
2011-09-27 03:45 646232 ----a-w- c:\program files\Bamboo Dock\BambooCore.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer for HP TouchSmart]
2008-12-25 11:41 189736 ------w- c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDAgent]
2008-11-28 16:04 1148200 ------w- c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-09-26 15:34 136176 ----atw- c:\users\Jen\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 03:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-06-09 08:16 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 15:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 11:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartMenu]
2008-11-18 17:35 914224 ----a-w- c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion]
2012-05-31 13:00 445624 ----a-w- c:\program files\Sony\Sony PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TSMAgent]
2008-12-25 11:41 1316136 ------w- c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVAgent]
2009-05-08 15:32 206120 ------w- c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
2008-06-13 17:11 210216 ------w- c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2008-10-30 10:51 210216 ------w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]
2008-06-13 17:11 210216 ------w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2008-11-26 10:34 210216 ------w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\aestsrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'
.
2012-09-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 16:21]
.
2012-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-13 20:52]
.
2012-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-13 20:52]
.
2012-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3385287034-123295610-1804996350-1000Core.job
- c:\users\Jen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-04 15:34]
.
2012-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3385287034-123295610-1804996350-1000UA.job
- c:\users\Jen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-04 15:34]
.
2012-09-24 c:\windows\Tasks\HPCeeScheduleForJen.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-02-26 10:34]
.
.
------- Examen supplémentaire -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyServer = www-cache.ujf-grenoble.fr:3128
uInternet Settings,ProxyOverride = *.local
IE: &Recherche AOL Toolbar - c:\programdata\AOL\ieToolbar\resources\fr-FR\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
DPF: {50DC58D0-C870-4BE6-BC41-971ED2D5F022} - hxxp://www.super-messenger.fr/tab/HookWlmEx.cab
FF - ProfilePath - c:\users\Jen\AppData\Roaming\Mozilla\Firefox\Profiles\zzyjwuq7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={44E0A1C7-63C3-462D-C5B7-19AE3A8C1219}&q=
FF - prefs.js: network.proxy.ftp - www-cache.ujf-grenoble.fr
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - www-cache.ujf-grenoble.fr
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - www-cache.ujf-grenoble.fr
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - www-cache.ujf-grenoble.fr
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - www-cache.ujf-grenoble.fr
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHELINS SUPPRIMES - - - -
.
URLSearchHooks-{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - (no file)
Toolbar-{66886C4D-B307-4ECA-A228-52CA9B9851A4} - (no file)
WebBrowser-{00000000-E9B0-03F5-5CEB-C774E9DF18F3} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-30 18:49
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Heure de fin: 2012-09-30 18:53:24
ComboFix-quarantined-files.txt 2012-09-30 16:53
.
Avant-CF: 150*068*752*384 octets libres
Après-CF: 150*426*505*216 octets libres
.
- - End Of File - - 3F8631D9D3FA1DCC5A049161BB895A44

 

[johnb35]

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Reglock::

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

 

[Punk]

Here it is:

ComboFix 12-09-30.03 - Jen 01/10/2012 13:35:57.2.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3069.1906 [GMT 2:00]
Lancé depuis: c:\users\Jen\Documents\Desktop\Desktop\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Jen\Documents\Desktop\Desktop\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-09-01 au 2012-10-01 ))))))))))))))))))))))))))))))))))))
.
.
2012-10-01 11:51 . 2012-10-01 11:51 -------- d-----w- c:\users\Jen\AppData\Local\temp
2012-10-01 11:51 . 2012-10-01 11:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-28 16:30 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C26DA37-2361-41F9-B655-04A0F1856A65}\mpengine.dll
2012-09-18 16:17 . 2012-09-18 16:17 -------- d-----w- c:\program files\TeamViewer
2012-09-08 18:39 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-09-08 18:39 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-09-06 19:44 . 2012-09-06 19:44 -------- d-----w- c:\users\Jen\AppData\Local\Evernote
2012-09-06 10:43 . 2012-09-30 19:52 -------- d-----w- c:\users\Jen\AppData\Roaming\Skype
2012-09-06 10:43 . 2012-09-06 10:43 -------- d-----w- c:\program files\Common Files\Skype
2012-09-06 10:43 . 2012-09-06 10:46 -------- d-----r- c:\program files\Skype
2012-09-06 10:42 . 2012-09-06 10:46 -------- d-----w- c:\programdata\Skype
2012-09-02 00:29 . 2012-09-02 00:29 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-09-02 00:29 . 2012-09-02 00:29 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2012-09-02 00:29 . 2012-09-02 00:29 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys
2012-09-02 00:28 . 2012-09-02 00:28 -------- d-----w- c:\programdata\Sony Ericsson
2012-09-02 00:28 . 2012-09-02 00:28 -------- d-----w- c:\program files\Sony Ericsson
2012-09-02 00:21 . 2012-09-02 00:21 -------- d-----w- c:\programdata\Sony
2012-09-02 00:21 . 2012-09-02 00:21 -------- d-----w- c:\program files\Sony
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 16:21 . 2012-04-18 17:57 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-21 16:21 . 2011-05-27 10:26 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 15:04 . 2011-12-09 13:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-28 18:24 . 2012-06-14 18:31 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-28 18:24 . 2010-05-02 10:19 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-21 09:13 . 2011-11-02 18:07 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2011-11-02 18:07 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2011-11-02 18:07 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2011-11-02 18:07 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2011-11-02 18:07 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2011-11-02 18:07 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2011-11-02 18:06 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2011-11-02 18:06 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-24 19:57 . 2012-07-24 19:57 477240 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-07-04 14:02 . 2012-08-24 14:52 2047488 ----a-w- c:\windows\system32\win32k.sys
2009-09-06 17:25 . 2009-09-06 17:23 18015723 ----a-w- c:\program files\vlc-1.0.1-win32.exe
2005-12-05 23:28 . 2010-03-16 18:15 8887767 ----a-w- c:\program files\Guitar Pro 5.0 full - no RMS.exe
2011-12-14 21:07 . 2011-05-09 14:36 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-09-06 13:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-09-06 13:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-09-06 13:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-09-06 13:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-04 1410344]
"UCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-01-08 450663]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-05 343168]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Jen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk]
path=c:\users\Jen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
backup=c:\windows\pss\EvernoteClipper.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Jen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Jen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-11 19:00 919008 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-31 11:20 38872 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 20:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ask and Record FLV Service]
2009-03-10 00:29 156672 ----a-w- c:\program files\Ask & Record Toolbar\FLVSrvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BambooCore]
2011-09-27 03:45 646232 ----a-w- c:\program files\Bamboo Dock\BambooCore.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer for HP TouchSmart]
2008-12-25 11:41 189736 ------w- c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDAgent]
2008-11-28 16:04 1148200 ------w- c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-09-26 15:34 136176 ----atw- c:\users\Jen\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 03:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-06-09 08:16 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 15:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 11:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartMenu]
2008-11-18 17:35 914224 ----a-w- c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion]
2012-05-31 13:00 445624 ----a-w- c:\program files\Sony\Sony PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TSMAgent]
2008-12-25 11:41 1316136 ------w- c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVAgent]
2009-05-08 15:32 206120 ------w- c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
2008-06-13 17:11 210216 ------w- c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2008-10-30 10:51 210216 ------w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]
2008-06-13 17:11 210216 ------w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2008-11-26 10:34 210216 ------w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\aestsrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'
.
2012-10-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 16:21]
.
2012-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-13 20:52]
.
2012-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-13 20:52]
.
2012-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3385287034-123295610-1804996350-1000Core.job
- c:\users\Jen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-04 15:34]
.
2012-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3385287034-123295610-1804996350-1000UA.job
- c:\users\Jen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-04 15:34]
.
2012-09-24 c:\windows\Tasks\HPCeeScheduleForJen.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-02-26 10:34]
.
.
------- Examen supplémentaire -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyServer = www-cache.ujf-grenoble.fr:3128
uInternet Settings,ProxyOverride = *.local
IE: &Recherche AOL Toolbar - c:\programdata\AOL\ieToolbar\resources\fr-FR\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
DPF: {50DC58D0-C870-4BE6-BC41-971ED2D5F022} - hxxp://www.super-messenger.fr/tab/HookWlmEx.cab
FF - ProfilePath - c:\users\Jen\AppData\Roaming\Mozilla\Firefox\Profiles\zzyjwuq7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={44E0A1C7-63C3-462D-C5B7-19AE3A8C1219}&q=
FF - prefs.js: network.proxy.ftp - www-cache.ujf-grenoble.fr
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - www-cache.ujf-grenoble.fr
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - www-cache.ujf-grenoble.fr
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - www-cache.ujf-grenoble.fr
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - www-cache.ujf-grenoble.fr
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-01 13:51
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
Heure de fin: 2012-10-01 13:55:16
ComboFix-quarantined-files.txt 2012-10-01 11:55
ComboFix2.txt 2012-09-30 16:53
.
Avant-CF: 150*274*174*976 octets libres
Après-CF: 150*230*728*704 octets libres
.
- - End Of File - - 384CB1A916B25E896385AD0B02546E2C


Thanks!

 

[johnb35]

Keep using the system and see if it bluescreens again. If it does, I would reinstall the OS and see if that solves it. I don't see any other issues in the cf log.

 

[Punk]

Keep using the system and see if it bluescreens again. If it does, I would reinstall the OS and see if that solves it. I don't see any other issues in the cf log.

Alright thanks!

 

[Punk]

Hey!

The laptop got another BSOD yesterday, this time displaying a different code. I'm about to upgrade to Win8 Pro, just want to know if it will work fine...

==================================================
Dump File : Mini112512-01.dmp
Crash Time : 25/11/2012 14:41:17
Bug Check String : DRIVER_CORRUPTED_EXPOOL
Bug Check Code : 0x000000c5
Parameter 1 : 0x00700020
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0x82efe770
Caused By Driver : aswSP.SYS
Caused By Address : aswSP.SYS+2ee9f
File Description : avast! self protection module
Product Name : avast! Antivirus
Company : AVAST Software
File Version : 7.0.1474.765
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4df99
Stack Address 1 : ntkrnlpa.exe+ee770
Stack Address 2 : ntkrnlpa.exe+ed858
Stack Address 3 : aswSP.SYS+2ea85
Computer Name :
Full Path : C:\Windows\Minidump\Mini112512-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 142*848
==================================================

==================================================
Dump File : Mini102212-01.dmp
Crash Time : 22/10/2012 18:12:52
Bug Check String : NTFS_FILE_SYSTEM
Bug Check Code : 0x00000024
Parameter 1 : 0x001904aa
Parameter 2 : 0x8e0914a4
Parameter 3 : 0x8e0911a0
Parameter 4 : 0x8c2667ce
Caused By Driver : Ntfs.sys
Caused By Address : Ntfs.sys+627ce
File Description : Pilote du système de fichiers NT
Product Name : Système d'exploitation Microsoft® Windows®
Company : Microsoft Corporation
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cdabf
Stack Address 1 : Ntfs.sys+19fff
Stack Address 2 : Ntfs.sys+eb89
Stack Address 3 : ntkrnlpa.exe+4499a
Computer Name :
Full Path : C:\Windows\Minidump\Mini102212-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 142*848
==================================================

Thanks for your help!

 

[johnb35]

Was caused by Avast software. What I usually do in this situation is uninstall avast and then reinstall the latest version and it usually fixes it.

 

[Punk]

Was caused by Avast software. What I usually do in this situation is uninstall avast and then reinstall the latest version and it usually fixes it.

Alright thanks!