rebo25

Bonjour, il faut que tu essaies de charger un point de restauration en bootant sur le disque de réparation que tu as du créer au départ. sinon tu le trouveras sur le web (windows 7 repair disk)

Encore merci pour ton aide et tes précieux conseils.

je te poste l'image:

Bonjour, Nécessaire fait sauf que le fichier winstart.bat (2 octets)est vierge. je l'efface?

voila: Logfile of random's system information tool 1.06 (written by random/random) Run by zorglub at 2009-10-19 13:36:59 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 8 GB (31%) free of 25 GB Total RAM: 1023 MB (64% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:41:16, on 19/10/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe C:\Program Files\Prevx\prevx.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Prevx\prevx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe C:\Program Files\Calendrier\Cld2000.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Documents And Settings\zorglub\Bureau\OUTILS\procexp.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Documents and Settings\zorglub\Bureau\RSIT.exe C:\Documents And Settings\zorglub\Bureau\zorglub.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [RegRun WinBait] C:\WINDOWS\winbait.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [@RegRunOnSecure] C:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\RunOnce: [NvExportOEMDefaults] RUNDLL32.EXE C:\WINDOWS\system32\NVCPL.DLL,ExportOEMDefaults O4 - HKLM\..\RunOnce: [NvRegisterMCTray] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvMCRegisterApp C:\WINDOWS\system32\NvCpl.dll O4 - HKLM\..\RunOnce: [NvRegisterMCTrayNview] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvMCRegisterApp C:\WINDOWS\system32\nView.dll O4 - HKCU\..\Run: [Regrun2] C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe O4 - HKCU\..\Run: [Cld2000.exe] C:\Program Files\Calendrier\Cld2000.exe O4 - HKCU\..\RunOnce: [unHackMe] C:\PROGRA~1\Greatis\REGRUN~1\UnHackMe.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Startup: procexp.lnk = ? O4 - Startup: Unhackme.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing) O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: MBAMService - Malwarebytes Corporation - D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 6844 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\GlaryInitialize.job C:\WINDOWS\tasks\1-Click Maintenance.job C:\WINDOWS\tasks\EasyShare Registration Task.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-09-24 2403392] {724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2009-08-05 5960520] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RegRun WinBait"=C:\WINDOWS\winbait.exe [2008-12-22 20192] "Malwarebytes Anti-Malware (reboot)"=D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080] "@RegRunOnSecure"=C:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe [2008-12-22 61664] "egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe /hide /waitservice [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-11-11 86016] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-11-11 7311360] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "NvExportOEMDefaults"=C:\WINDOWS\system32\NVCPL.DLL [2005-11-11 7311360] "NvRegisterMCTray"=C:\WINDOWS\system32\NVMCTRAY.DLL [2005-11-11 86016] "NvRegisterMCTrayNview"=C:\WINDOWS\system32\NVMCTRAY.DLL [2005-11-11 86016] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Regrun2"=C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe [2008-12-22 384224] "Cld2000.exe"=C:\Program Files\Calendrier\Cld2000.exe [2009-09-14 2993664] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "UnHackMe"=C:\PROGRA~1\Greatis\REGRUN~1\UnHackMe.exe [2009-02-19 2151424] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2008-09-24 171448] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "NVSvc"=2 C:\Documents and Settings\zorglub\Menu Démarrer\Programmes\Démarrage SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe procexp.lnk - C:\Documents And Settings\zorglub\Bureau\OUTILS\procexp.exe Unhackme.lnk - F:\Program Files\Greatis\RegRunSuite\Unhackme.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{81559C35-8464-49F7-BB0E-07A383BEF910}"=C:\Program Files\SpywareGuard\spywareguard.dll [2003-08-02 126976] "{F552DDE6-2090-4bf4-B924-6141E87789A5}"=C:\PROGRA~1\Greatis\REGRUN~1\RRShell.dll [2008-10-20 335943] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoSMBalloonTip"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoResolveSearch"= "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Spotify\spotify.exe"="C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify" "D:\Program Files\Spotify\spotify.exe"="D:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{984db290-ad13-11de-9ba9-00038a000015}] shell\AutoRun\command - K:\InstallTomTomHOME.exe ======File associations====== .bat - edit - C:\Program Files\EditXper\EditXper.exe %1 .ini - open - notepad.exe %1 .js - open - c:\windows\system32\wscript.exe "%1" %* .txt - open - notepad.exe %1 .vbs - open - c:\windows\system32\wscript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2009-10-19 13:28:52 ----D---- C:\WINDOWS\LastGood 2009-10-19 12:41:49 ----D---- C:\Qoobox 2009-10-19 12:41:44 ----A---- C:\Bug.txt 2009-10-19 12:40:39 ----D---- C:\32788R22FWJFW 2009-10-18 11:16:43 ----D---- C:\Program Files\ESET 2009-10-18 10:55:48 ----A---- C:\WINDOWS\system32\nvudisp.exe 2009-10-18 10:55:34 ----A---- C:\WINDOWS\system32\NVUNINST.EXE 2009-10-18 10:55:20 ----D---- C:\NVIDIA 2009-10-18 09:00:25 ----A---- C:\WINDOWS\ntbtlog.txt 2009-10-18 08:54:31 ----A---- C:\WINDOWS\IE4 Error Log.txt 2009-10-18 08:34:34 ----A---- C:\WINDOWS\EurekaLog.ini 2009-10-17 18:53:56 ----A---- C:\WINDOWS\system32\SET1A.tmp 2009-10-17 14:16:39 ----D---- C:\Program Files\Mythicsoft 2009-10-16 11:41:43 ----HD---- C:\WINDOWS\$NtUninstallKB958869$ 2009-10-16 11:34:37 ----HD---- C:\WINDOWS\$NtUninstallKB969059$ 2009-10-16 11:34:16 ----HD---- C:\WINDOWS\$NtUninstallKB954155_WM9$ 2009-10-16 11:34:00 ----HD---- C:\WINDOWS\$NtUninstallKB974112$ 2009-10-16 11:33:39 ----HD---- C:\WINDOWS\$NtUninstallKB975025$ 2009-10-16 11:33:19 ----HD---- C:\WINDOWS\$NtUninstallKB974571$ 2009-10-16 11:26:35 ----HD---- C:\WINDOWS\$NtUninstallKB971486$ 2009-10-16 11:21:34 ----HD---- C:\WINDOWS\$NtUninstallKB973525$ 2009-10-16 11:16:31 ----HD---- C:\WINDOWS\$NtUninstallKB975467$ 2009-10-13 13:35:16 ----D---- C:\courrier 2009-10-11 18:23:25 ----A---- C:\WINDOWS\system32\PARTIZAN.TXT 2009-10-11 12:53:22 ----D---- C:\Documents and Settings\zorglub\Application Data\Regrun 2009-10-11 12:52:50 ----A---- C:\WINDOWS\system32\Partizan.exe 2009-10-11 12:49:45 ----A---- C:\WINDOWS\RunGuard.exe 2009-10-11 12:49:44 ----A---- C:\WINDOWS\WinBait.exe 2009-10-10 17:29:19 ----D---- C:\Program Files\Winsonar 2009-10-10 11:10:43 ----D---- C:\Documents and Settings\zorglub\Application Data\ESET 2009-10-10 11:08:49 ----D---- C:\Documents and Settings\All Users\Application Data\ESET 2009-10-08 18:31:47 ----AH---- C:\Documents and Settings\zorglub\Application Data\dach100.dll 2009-10-07 12:19:08 ----D---- C:\rsit 2009-10-07 09:50:25 ----D---- C:\Program Files\CPUID 2009-10-05 18:24:12 ----HD---- C:\WINDOWS\$NtUninstallKB968389$ 2009-09-29 19:08:27 ----D---- C:\Documents and Settings\All Users\Application Data\TomTom 2009-09-29 18:36:49 ----D---- C:\SymbolPath 2009-09-29 18:27:29 ----D---- C:\Program Files\Debugging Tools for Windows (x86) 2009-09-29 09:24:02 ----D---- C:\WINDOWS\Minidump 2009-09-28 09:57:36 ----D---- C:\Program Files\SuperF4 2009-09-26 19:09:36 ----D---- C:\Program Files\Belarc 2009-09-26 11:01:46 ----D---- C:\Documents and Settings\zorglub\Application Data\BankPerfect 2009-09-26 10:19:50 ----A---- C:\WINDOWS\Sqirlz Morph Uninstaller.exe 2009-09-26 10:19:49 ----D---- C:\Program Files\Sqirlz Morph 2009-09-26 10:10:52 ----D---- C:\Program Files\Cartoonist 2009-09-26 10:03:30 ----D---- C:\Program Files\STOIK 2009-09-26 08:57:25 ----D---- C:\Program Files\Ctr 2009-09-24 18:41:47 ----D---- C:\Program Files\Calendrier ======List of files/folders modified in the last 1 months====== 2009-10-19 13:29:02 ----A---- C:\WINDOWS\EditXper.ini 2009-10-19 13:08:50 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-10-19 12:49:30 ----SH---- C:\boot.ini 2009-10-19 12:49:30 ----A---- C:\WINDOWS\win.ini 2009-10-19 12:49:30 ----A---- C:\WINDOWS\system.ini 2009-10-17 12:11:18 ----A---- C:\WINDOWS\OEWABLog.txt 2009-10-16 11:34:48 ----A---- C:\WINDOWS\imsins.BAK 2009-10-14 19:22:50 ----A---- C:\aitorg.txt 2009-10-11 13:00:24 ----RASH---- C:\WINDOWS\winstart.bat 2009-10-11 08:47:38 ----A---- C:\WINDOWS\DUMP6244.tmp 2009-10-10 16:20:18 ----A---- C:\WINDOWS\wininit.ini 2009-10-02 20:01:58 ----A---- C:\WINDOWS\system32\MRT.exe 2009-09-24 08:25:58 ----A---- C:\rsqXPdir.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 41856] R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-03-06 3840] R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-07-01 54280] R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2005-09-26 286720] R1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys [2005-09-26 81920] R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-07-01 71688] R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2006-05-25 3712] R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2009-03-05 44704] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-08-23 821760] R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-07-01 30728] R3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-01-19 15664] R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2006-05-10 13568] R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2006-05-10 27264] R3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2006-05-10 36736] R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2006-05-10 71680] R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [] R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2005-11-11 3532928] R3 RegGuard;RegGuard; \??\C:\WINDOWS\system32\Drivers\regguard.sys [] R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-04-23 33588] R4 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [] R4 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [] S3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 netrcacm;RCA USB Digital Cable Modem Driver; C:\WINDOWS\System32\DRIVERS\netrcacm.sys [2005-03-08 20648] S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320] S3 se58bus;Sony Ericsson Device 088 driver (WDM); C:\WINDOWS\system32\DRIVERS\se58bus.sys [2006-09-05 61536] S3 se58mdfl;Sony Ericsson Device 088 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se58mdfl.sys [2006-09-05 9360] S3 se58mdm;Sony Ericsson Device 088 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se58mdm.sys [2006-09-05 97088] S3 se58mgmt;Sony Ericsson Device 088 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se58mgmt.sys [2006-09-05 88624] S3 se58nd5;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (NDIS); C:\WINDOWS\system32\DRIVERS\se58nd5.sys [2006-09-05 18704] S3 se58obex;Sony Ericsson Device 088 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se58obex.sys [2006-09-05 86432] S3 se58unic;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (WDM); C:\WINDOWS\system32\DRIVERS\se58unic.sys [2006-09-05 90800] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WimFltr;WimFltr; C:\WINDOWS\system32\DRIVERS\wimfltr.sys [2008-01-19 128104] S4 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe [2008-10-13 554264] R2 CSIScanner;CSIScanner; C:\Program Files\Prevx\prevx.exe [2009-10-10 4368952] R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224] R2 KPF4;Kerio Personal Firewall 4; C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe [2005-10-10 1617920] R2 MBAMService;MBAMService; D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-09-10 269648] R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-24 138168] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-08-27 92008] S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] S4 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-11-11 131139] -----------------EOF-----------------

Bonjour, VICTOIRE....RESOLU. apres avoir vérifié que symsnap était effacé, désinstallé partition magic et passé un coup de norton removal, l'erreur se reproduisait. j'ai essayé pas mal de trucs et finalement mis à jour les drivers de ma carte graphique. et la, miracle , plus d'erreur explorer. Tout baigne. je te remercie encore de tes conseils et de ton aide.

Salut, malheureusement ce n'est pas ça. en désactivant kerio et nod 32, le problème au démarrage est le même.explorer plante puis drwatson. il doit y avoir un conflit de driver ce que semble confirmer les minidumps. je joins le rapport : * Bugcheck Analysis * * * ******************************************************************************* IRQL_NOT_LESS_OR_EQUAL (a) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If a kernel debugger is available get the stack backtrace. Arguments: Arg1: 00000077, memory referenced Arg2: 00000002, IRQL Arg3: 00000000, bitfield : bit 0 : value 0 = read operation, 1 = write operation bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status) Arg4: 804dc0f9, address which referenced memory Debugging Details: ------------------ READ_ADDRESS: 00000077 CURRENT_IRQL: 2 FAULTING_IP: nt!KiSwapThread+48 804dc0f9 8a4f58 mov cl,byte ptr [edi+58h] CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: DRIVER_FAULT BUGCHECK_STR: 0xA PROCESS_NAME: System LAST_CONTROL_TRANSFER: from 804dc143 to 804dc0f9 STACK_TEXT: f7209d4c 804dc143 f74aeac4 83b0eda8 00000000 nt!KiSwapThread+0x48 f7209d74 f74a899b 00000000 00000000 00000000 nt!KeWaitForSingleObject+0x1c2 WARNING: Stack unwind information not available. Following frames may be wrong. f7209dac 8057aeff 00000000 00000000 00000000 symsnap+0x1599b f7209ddc 804f88ea f74a896c 00000000 00000000 nt!PspSystemThreadStartup+0x34 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16 STACK_COMMAND: kb FOLLOWUP_IP: symsnap+1599b f74a899b ?? ??? SYMBOL_STACK_INDEX: 2 SYMBOL_NAME: symsnap+1599b FOLLOWUP_NAME: MachineOwner MODULE_NAME: symsnap IMAGE_NAME: symsnap.sys DEBUG_FLR_IMAGE_TIMESTAMP: 47603725 FAILURE_BUCKET_ID: 0xA_symsnap+1599b BUCKET_ID: 0xA_symsnap+1599b Followup: MachineOwner --------- kd> lmvm symsnap start end module name f7493000 f74b2f80 symsnap T (no symbols) Loaded symbol image file: symsnap.sys Image path: symsnap.sys Image name: symsnap.sys Timestamp: Wed Dec 12 20:31:49 2007 (47603725) CheckSum: 00023B94 ImageSize: 0001FF80 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 J'ai viré le servic symsnap sans succes. Je pense également à un conflit d'IRQ

je n'ai plus le chevron dans le systray et toujours les erreurs explorer suivie de drwatson : ID de l'événement : 1002 Date : 14/10/2009 Heure : 09:32:49 Utilisateur : N/A Ordinateur : X-X69FB0WY08STW Description : L'environnement s'est arrêté de façon inattendue et Explorer.exe a redémarré .ID de l'événement : 1000 Date : 14/10/2009 Heure : 09:32:43 Utilisateur : N/A Ordinateur : X-X69FB0WY08STW Description : Application défaillante drwtsn32.exe, version 5.1.2600.0, module défaillant dbghelp.dll, version 5.1.2600.5512, adresse de défaillance 0x0001295d. je pense plutot à un conflit entre le firewall de nod 32 et kerio, mais bizarrement ça ne le faisait pas avant et ce problème ne se produit que sur ce pc. mon autre pc a la même configuration! aprés débogage le pc fonctionne sans problème.

Je t'ai envoyé le premier rapport RSIT avant désinfection par prevx. voici le rapport actualisé: Logfile of random's system information tool 1.06 (written by random/random) Run by zorglub at 2009-10-13 13:25:40 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 12 GB (46%) free of 25 GB Total RAM: 1023 MB (29% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:26:27, on 13/10/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe C:\Program Files\Prevx\prevx.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\Prevx\prevx.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Calendrier\Cld2000.exe C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\zorglub\Bureau\OUTILS\procexp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\zorglub\Bureau\RSIT.exe C:\Program Files\Trend Micro\HijackThis\zorglub.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [RegRun WinBait] C:\WINDOWS\winbait.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Cld2000.exe] C:\Program Files\Calendrier\Cld2000.exe O4 - HKCU\..\Run: [Regrun2] C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: MBAMService - Malwarebytes Corporation - D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 6311 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\GlaryInitialize.job C:\WINDOWS\tasks\1-Click Maintenance.job C:\WINDOWS\tasks\EasyShare Registration Task.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-09-24 2403392] {724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2009-08-05 5960520] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-07-01 1447168] "RegRun WinBait"=C:\WINDOWS\winbait.exe [2008-12-22 20192] "Malwarebytes Anti-Malware (reboot)"=D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "Cld2000.exe"=C:\Program Files\Calendrier\Cld2000.exe [2009-09-14 2993664] "Regrun2"=C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe [2008-12-22 384224] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2008-09-24 171448] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "NVSvc"=3 C:\Documents and Settings\zorglub\Menu Démarrer\Programmes\Démarrage SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{81559C35-8464-49F7-BB0E-07A383BEF910}"=C:\Program Files\SpywareGuard\spywareguard.dll [2003-08-02 126976] "{F552DDE6-2090-4bf4-B924-6141E87789A5}"=C:\PROGRA~1\Greatis\REGRUN~1\RRShell.dll [2008-10-20 335943] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"= :\WINDOW [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoSMBalloonTip"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoResolveSearch"= "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Spotify\spotify.exe"="C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify" "D:\Program Files\Spotify\spotify.exe"="D:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{984db290-ad13-11de-9ba9-00038a000015}] shell\AutoRun\command - K:\InstallTomTomHOME.exe ======File associations====== .bat - edit - C:\Program Files\EditXper\EditXper.exe %1 .ini - open - notepad.exe %1 .js - open - c:\windows\system32\wscript.exe "%1" %* .txt - open - notepad.exe %1 .vbs - open - c:\windows\system32\wscript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2009-10-11 18:23:25 ----A---- C:\WINDOWS\system32\PARTIZAN.TXT 2009-10-11 12:53:22 ----D---- C:\Documents and Settings\zorglub\Application Data\Regrun 2009-10-11 12:52:50 ----A---- C:\WINDOWS\system32\Partizan.exe 2009-10-11 12:49:45 ----A---- C:\WINDOWS\RunGuard.exe 2009-10-11 12:49:44 ----A---- C:\WINDOWS\WinBait.exe 2009-10-10 17:29:19 ----D---- C:\Program Files\Winsonar 2009-10-10 11:10:43 ----D---- C:\Documents and Settings\zorglub\Application Data\ESET 2009-10-10 11:08:49 ----D---- C:\Program Files\ESET 2009-10-10 11:08:49 ----D---- C:\Documents and Settings\All Users\Application Data\ESET 2009-10-08 18:31:47 ----AH---- C:\Documents and Settings\zorglub\Application Data\dach100.dll 2009-10-07 12:19:08 ----D---- C:\rsit 2009-10-07 09:50:25 ----D---- C:\Program Files\CPUID 2009-10-05 18:24:12 ----HD---- C:\WINDOWS\$NtUninstallKB968389$ 2009-09-29 19:08:27 ----D---- C:\Documents and Settings\All Users\Application Data\TomTom 2009-09-29 18:36:49 ----D---- C:\SymbolPath 2009-09-29 18:27:29 ----D---- C:\Program Files\Debugging Tools for Windows (x86) 2009-09-29 09:24:02 ----D---- C:\WINDOWS\Minidump 2009-09-28 09:57:36 ----D---- C:\Program Files\SuperF4 2009-09-26 19:09:36 ----D---- C:\Program Files\Belarc 2009-09-26 11:01:46 ----D---- C:\Documents and Settings\zorglub\Application Data\BankPerfect 2009-09-26 10:19:50 ----A---- C:\WINDOWS\Sqirlz Morph Uninstaller.exe 2009-09-26 10:19:49 ----D---- C:\Program Files\Sqirlz Morph 2009-09-26 10:10:52 ----D---- C:\Program Files\Cartoonist 2009-09-26 10:03:30 ----D---- C:\Program Files\STOIK 2009-09-26 08:57:25 ----D---- C:\Program Files\Ctr 2009-09-24 18:41:47 ----D---- C:\Program Files\Calendrier 2009-09-23 18:29:47 ----D---- C:\dernier ======List of files/folders modified in the last 1 months====== 2009-10-12 09:13:18 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-10-12 08:00:46 ----A---- C:\WINDOWS\EditXper.ini 2009-10-11 13:00:24 ----RASH---- C:\WINDOWS\winstart.bat 2009-10-11 08:47:38 ----A---- C:\WINDOWS\DUMP6244.tmp 2009-10-10 19:08:46 ----A---- C:\aitorg.txt 2009-10-10 16:20:18 ----A---- C:\WINDOWS\wininit.ini 2009-10-08 18:42:22 ----SH---- C:\boot.ini 2009-10-08 18:42:22 ----A---- C:\WINDOWS\win.ini 2009-10-08 18:42:22 ----A---- C:\WINDOWS\system.ini 2009-09-24 08:25:58 ----A---- C:\rsqXPdir.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 41856] R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-03-06 3840] R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-07-01 53256] R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-07-01 54280] R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2005-09-26 286720] R1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys [2005-09-26 81920] R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2004-05-05 4228] R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-07-01 39944] R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-07-01 71688] R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2006-05-25 3712] R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2009-03-05 44704] R2 v2imount;Symantec V2i Mount Driver; C:\WINDOWS\system32\DRIVERS\v2imount.sys [2008-01-19 38112] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-08-23 821760] R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-07-01 30728] R3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-01-19 15664] R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2006-05-10 13568] R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2006-05-10 27264] R3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2006-05-10 36736] R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2006-05-10 71680] R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [] R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288] R3 netrcacm;RCA USB Digital Cable Modem Driver; C:\WINDOWS\System32\DRIVERS\netrcacm.sys [2005-03-08 20648] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-10-06 1550043] R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-04-23 33588] S3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320] S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064] S3 RegGuard;RegGuard; \??\C:\WINDOWS\system32\Drivers\regguard.sys [] S3 se58bus;Sony Ericsson Device 088 driver (WDM); C:\WINDOWS\system32\DRIVERS\se58bus.sys [2006-09-05 61536] S3 se58mdfl;Sony Ericsson Device 088 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se58mdfl.sys [2006-09-05 9360] S3 se58mdm;Sony Ericsson Device 088 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se58mdm.sys [2006-09-05 97088] S3 se58mgmt;Sony Ericsson Device 088 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se58mgmt.sys [2006-09-05 88624] S3 se58nd5;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (NDIS); C:\WINDOWS\system32\DRIVERS\se58nd5.sys [2006-09-05 18704] S3 se58obex;Sony Ericsson Device 088 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se58obex.sys [2006-09-05 86432] S3 se58unic;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (WDM); C:\WINDOWS\system32\DRIVERS\se58unic.sys [2006-09-05 90800] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 VProEventMonitor;Symantec Event Monitor Driver; C:\WINDOWS\system32\DRIVERS\vproeventmonitor.sys [2008-01-19 15088] S3 WimFltr;WimFltr; C:\WINDOWS\system32\DRIVERS\wimfltr.sys [2008-01-19 128104] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe [2008-10-13 554264] R2 CSIScanner;CSIScanner; C:\Program Files\Prevx\prevx.exe [2009-10-10 4368952] R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224] R2 KPF4;Kerio Personal Firewall 4; C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe [2005-10-10 1617920] R2 MBAMService;MBAMService; D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-09-10 269648] R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-07-01 19200] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-24 138168] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792] S3 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-08-27 92008] S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] S4 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2003-10-06 81920] -----------------EOF-----------------

Merci de te pencher sur mon problème. voici le rapport : REGEDIT4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00 "Bounds"=hex:00,30,00,00,00,20,00,00 "Security Packages"=hex(7):6b,65,72,62,65,72,6f,73,00,6d,73,76,31,5f,30,00,73,\ 63,68,61,6e,6e,65,6c,00,77,64,69,67,65,73,74,00,00 "LsaPid"=dword:000005d0 "SecureBoot"=dword:00000001 "auditbaseobjects"=dword:00000000 "crashonauditfail"=dword:00000000 "disabledomaincreds"=dword:00000000 "everyoneincludesanonymous"=dword:00000000 "fipsalgorithmpolicy"=dword:00000000 "forceguest"=dword:00000001 "fullprivilegeauditing"=hex:00 "limitblankpassworduse"=dword:00000001 "lmcompatibilitylevel"=dword:00000000 "nodefaultadminowner"=dword:00000001 "nolmhash"=dword:00000000 "restrictanonymous"=dword:00000000 "restrictanonymoussam"=dword:00000001 "Notification Packages"=hex(7):00,3a,5c,57,49,4e,44,4f,57 "ImpersonatePrivilegeUpgradeToolHasRun"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders] "ProviderOrder"=hex(7):57,69,6e,64,6f,77,73,20,4e,54,20,41,63,63,65,73,73,20,\ 50,72,6f,76,69,64,65,72,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider] "ProviderPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\ 33,32,5c,6e,74,6d,61,72,74,61,2e,64,6c,6c,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data] "Pattern"=hex:39,aa,05,ad,bb,f6,d5,8f,f7,87,0b,ba,dc,ed,18,0c,35,31,62,34,65,\ 34,65,39,00,68,07,00,01,00,00,00,d8,00,00,00,dc,00,00,00,48,fa,06,00,d6,48,\ 51,74,04,00,00,00,a0,fd,06,00,b8,fd,06,00,62,6b,16,43 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG] "GrafBlumGroup"=hex:2f,c1,82,db,f5,9b,be,ba,e7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD] "Lookup"=hex:79,c0,75,5b,26,dc [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0] "Auth132"="IISSUBA" "ntlmminclientsec"=dword:00000000 "ntlmminserversec"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1] "SkewMatrix"=hex:20,04,b1,0d,95,f5,42,84,8b,74,16,0c,0e,45,14,47 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4] "SSOURL"="http://www.passport.com" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache] "Time"=hex:fe,8f,9a,c4,e9,ad,c9,01 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll] "Name"="Digest" "Comment"="Digest SSPI Authentication Package" "Capabilities"=dword:00004050 "RpcId"=dword:0000ffff "Version"=dword:00000001 "TokenSize"=dword:0000ffff "Time"=hex:00,72,4c,db,94,9d,c8,01 "Type"=dword:00000031 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll] "Name"="DPA" "Comment"="DPA Security Package" "Capabilities"=dword:00000037 "RpcId"=dword:00000011 "Version"=dword:00000001 "TokenSize"=dword:00000300 "Time"=hex:00,26,11,e0,94,9d,c8,01 "Type"=dword:00000031 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll] "Name"="MSN" "Comment"="MSN Security Package" "Capabilities"=dword:00000037 "RpcId"=dword:00000012 "Version"=dword:00000001 "TokenSize"=dword:00000300 "Time"=hex:00,53,42,e1,94,9d,c8,01 "Type"=dword:00000031 prevx m'a notamment éliminé ar_install , inst_ctfmon etrf60lic.exe. mon antivirus et malwarebytes n'avaient pourtant rien trouvé. pour explorer, je crois avoir trouvé. c'est Egui de nod32 puisque à l'ouverture de session explorer plante puis drwatson comme ce matin ( Date : 12/10/2009 Heure : 07:57:39 Utilisateur : N/A Ordinateur : X-X69FB0WY08STW Description : Application défaillante drwtsn32.exe, version 5.1.2600.0, module défaillant dbghelp.dll, version 5.1.2600.5512, adresse de défaillance 0x0001295d. et Egui n'apparait plus dans le systray. je l'avais pourtant désinstallé et réinstallé. [ [

Bonjour, es excuses pour le temps pris à répondre mais j'ai eu d'autres problèmes avec explorer qui plantait: (Type de l'événement : Informations Source de l'événement : Application Popup Catégorie de l'événement : Aucun ID de l'événement : 26 Date : 07/10/2009 Heure : 08:31:22 Utilisateur : N/A Ordinateur : X-X69FB0WY08STW Description : Application popup : Explorer.EXE - Erreur d'application : L'instruction à "0x7337611a" emploie l'adresse mémoire "0x7337611a". La mémoire ne peut pas être "read". aprés moults vérifications et antivirus, antimalwares, prevx m'a éradiqué 6 malwares.le problème persistant j'ai changé les barrettes de mémoire et ça ne le fait presque plus au démarrage. Cela dit , voici les rapports RSIT: Logfile of random's system information tool 1.06 (written by random/random) Run by zorglub at 2009-10-07 12:19:08 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 10 GB (39%) free of 25 GB Total RAM: 767 MB (60% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:14:34, on 05/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\system32\ctfmon.exe F:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Documents And Settings\zorglub\Bureau\OUTILS\procexp.exe F:\Program Files\Calendrier\Cld2000.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\EditXper\EditXper.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe D:\Program Files\firefox portable\FirefoxPortable.exe D:\Program Files\firefox portable\App\firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [RegRun WinBait] C:\WINDOWS\winbait.exe O4 - HKLM\..\Run: [@RegRunOnSecure] F:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe O4 - HKCU\..\Run: [Regrun2] F:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Startup: KPF4SS.lnk = ? O4 - Startup: egui.lnk = ? O4 - Startup: procexp.lnk = ? O4 - Startup: Cld2000.lnk = ? O4 - Startup: Unhackme.lnk = ? O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: (no name) - AutorunsDisabled - (no file) O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 5815 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\GlaryInitialize.job C:\WINDOWS\tasks\1-Click Maintenance.job C:\WINDOWS\tasks\EasyShare Registration Task.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-09-24 2403392] {724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2009-08-05 5960520] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RegRun WinBait"=C:\WINDOWS\winbait.exe [2008-12-22 20192] "Malwarebytes Anti-Malware (reboot)"=D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080] "@RegRunOnSecure"=C:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe [2008-12-22 61664] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Regrun2"=C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe [2008-12-22 384224] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "Cld2000.exe"=C:\Program Files\Calendrier\Cld2000.exe [2009-09-14 2993664] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "UnHackMe"=C:\PROGRA~1\Greatis\REGRUN~1\Unhackme.exe [2009-02-19 2151424] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2008-09-24 171448] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "NVSvc"=3 C:\Documents and Settings\zorglub\Menu Démarrer\Programmes\Démarrage procexp.lnk - C:\Documents And Settings\zorglub\Bureau\OUTILS\procexp.exe SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe AntiCrash.lnk - C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{F552DDE6-2090-4bf4-B924-6141E87789A5}"=C:\PROGRA~1\Greatis\REGRUN~1\RRShell.dll [2008-10-20 335943] "{81559C35-8464-49F7-BB0E-07A383BEF910}"=C:\Program Files\SpywareGuard\spywareguard.dll [2003-08-02 126976] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"= :\WINDOW [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoSMBalloonTip"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoResolveSearch"= "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Spotify\spotify.exe"="C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify" "D:\Program Files\Spotify\spotify.exe"="D:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{984db290-ad13-11de-9ba9-00038a000015}] shell\AutoRun\command - K:\InstallTomTomHOME.exe ======File associations====== .bat - edit - C:\Program Files\EditXper\EditXper.exe %1 .ini - open - notepad.exe %1 .js - open - c:\windows\system32\wscript.exe "%1" %* .txt - open - notepad.exe %1 .vbs - open - c:\windows\system32\wscript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2009-10-07 12:19:08 ----D---- C:\rsit 2009-10-07 12:10:05 ----AH---- C:\Documents and Settings\zorglub\Application Data\dach100.dll 2009-10-07 12:07:03 ----A---- C:\WINDOWS\Partizan.txt 2009-10-07 09:50:25 ----D---- C:\Program Files\CPUID 2009-10-07 09:12:44 ----A---- C:\WINDOWS\inst_ctfmon.exe 2009-10-07 09:12:43 ----A---- C:\WINDOWS\ar_install.exe 2009-10-07 08:52:56 ----SHD---- C:\FOUND.001 2009-10-05 18:24:12 ----HD---- C:\WINDOWS\$NtUninstallKB968389$ 2009-10-03 08:51:32 ----SHD---- C:\FOUND.000 2009-09-29 19:08:27 ----D---- C:\Documents and Settings\All Users\Application Data\TomTom 2009-09-29 18:36:49 ----D---- C:\SymbolPath 2009-09-29 18:27:29 ----D---- C:\Program Files\Debugging Tools for Windows (x86) 2009-09-29 09:24:02 ----D---- C:\WINDOWS\Minidump 2009-09-28 09:57:36 ----D---- C:\Program Files\SuperF4 2009-09-26 19:09:36 ----D---- C:\Program Files\Belarc 2009-09-26 11:01:46 ----D---- C:\Documents and Settings\zorglub\Application Data\BankPerfect 2009-09-26 10:19:50 ----A---- C:\WINDOWS\Sqirlz Morph Uninstaller.exe 2009-09-26 10:19:49 ----D---- C:\Program Files\Sqirlz Morph 2009-09-26 10:10:52 ----D---- C:\Program Files\Cartoonist 2009-09-26 10:03:30 ----D---- C:\Program Files\STOIK 2009-09-26 08:57:25 ----D---- C:\Program Files\Ctr 2009-09-24 18:41:47 ----D---- C:\Program Files\Calendrier 2009-09-23 18:29:47 ----D---- C:\dernier 2009-09-13 11:12:59 ----HD---- C:\WINDOWS\$NtUninstallKB968816_WM9$ 2009-09-13 11:12:53 ----HD---- C:\WINDOWS\$NtUninstallKB956844$ ======List of files/folders modified in the last 1 months====== 2009-10-07 12:06:36 ----A---- C:\WINDOWS\system32\PARTIZAN.TXT 2009-10-07 12:05:44 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-10-07 08:37:16 ----A---- C:\WINDOWS\EditXper.ini 2009-10-05 18:42:42 ----SH---- C:\boot.ini 2009-10-05 18:42:42 ----A---- C:\WINDOWS\win.ini 2009-10-05 18:42:42 ----A---- C:\WINDOWS\system.ini 2009-09-24 08:25:58 ----A---- C:\rsqXPdir.ini 2009-09-16 20:08:58 ----A---- C:\aitorg.txt 2009-09-13 11:13:04 ----A---- C:\WINDOWS\imsins.BAK ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 41856] R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-03-06 3840] R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-07-01 53256] R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312] R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2005-09-26 286720] R1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys [2005-09-26 81920] R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2004-05-05 4228] R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-07-01 39944] R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2006-05-25 3712] R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2009-03-05 44704] R2 v2imount;Symantec V2i Mount Driver; C:\WINDOWS\system32\DRIVERS\v2imount.sys [2008-01-19 38112] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-08-23 821760] R3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-01-19 15664] R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2006-05-10 13568] R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2006-05-10 27264] R3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2006-05-10 36736] R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2006-05-10 71680] R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [] R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-10-06 1550043] R3 RegGuard;RegGuard; \??\C:\WINDOWS\System32\Drivers\regguard.sys [] R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-04-23 33588] S3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 netrcacm;RCA USB Digital Cable Modem Driver; C:\WINDOWS\System32\DRIVERS\netrcacm.sys [2005-03-08 20648] S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320] S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064] S3 se58bus;Sony Ericsson Device 088 driver (WDM); C:\WINDOWS\system32\DRIVERS\se58bus.sys [2006-09-05 61536] S3 se58mdfl;Sony Ericsson Device 088 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se58mdfl.sys [2006-09-05 9360] S3 se58mdm;Sony Ericsson Device 088 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se58mdm.sys [2006-09-05 97088] S3 se58mgmt;Sony Ericsson Device 088 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se58mgmt.sys [2006-09-05 88624] S3 se58nd5;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (NDIS); C:\WINDOWS\system32\DRIVERS\se58nd5.sys [2006-09-05 18704] S3 se58obex;Sony Ericsson Device 088 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se58obex.sys [2006-09-05 86432] S3 se58unic;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (WDM); C:\WINDOWS\system32\DRIVERS\se58unic.sys [2006-09-05 90800] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 VProEventMonitor;Symantec Event Monitor Driver; C:\WINDOWS\system32\DRIVERS\vproeventmonitor.sys [2008-01-19 15088] S3 WimFltr;WimFltr; C:\WINDOWS\system32\DRIVERS\wimfltr.sys [2008-01-19 128104] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe [2008-10-13 554264] R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224] R2 KPF4;Kerio Personal Firewall 4; C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe [2005-10-10 1617920] R2 MBAMService;MBAMService; D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-09-10 269648] R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-07-01 19200] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-24 138168] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792] S3 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-08-27 92008] S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] S4 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2003-10-06 81920] -----------------EOF----------------- info.txt logfile of random's system information tool 1.06 2009-10-07 12:21:58 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf AbiWord 2.6.8-->D:\Program Files\AbiSuite2\UninstallAbiWord2.exe AbiWord Importer/Exporter Plugins-->"D:\Program Files\AbiSuite2\AbiWord\plugins\UninstallAbiWordIEPlugins.exe" Acronis True Image Home-->MsiExec.exe /X{37C8899D-FD70-481F-94AA-1F1B08765E22} AD Sound Recorder 3.1.1-->"D:\Program Files\AD Sound Recorder\unins000.exe" Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe AI RoboForm (All Users)-->"C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe" AntiCrash 3.6.1-->"C:\Program Files\Dachshund Software\AntiCrash\Uninstall.exe" "C:\Program Files\Dachshund Software\AntiCrash\install.log" AnyTV Free 2.28-->"D:\Program Files\FDRLab\AnyTV\unins000.exe" Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Applian FLV Player-->"C:\WINDOWS\Applian FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml" BankPerfect 6.51-->"C:\Program Files\BankPerfect\uninstall.exe" Bel Atout 4.44-->"D:\Program Files\Jeux de cartes\Bel Atout\unins000.exe" Belarc Advisor 8.1-->"C:\PROGRA~1\BELARC\ADVISOR\Uninstall.exe" "C:\PROGRA~1\BELARC\ADVISOR\INSTALL.LOG" Bill2's Process Manager (Désinstallation uniquement)-->C:\Program Files\Bill2's Process Manager\uninstall.exe Calendrier Xtra v11.000-->"C:\Program Files\Calendrier\unins000.exe" CamStudio 2.0 Fr-->"C:\Program Files\CamStudio\unins000.exe" Canon i320-->C:\WINDOWS\system32\CNMCP47.exe "-PRINTERNAMECanon i320" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i320 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i320 Installer\Inst2\cnmi040c.dll" Canon Utilities Easy-PhotoPrint-->C:\WINDOWS\ISUN040C.EXE -f"D:\Program Files\Easy-PhotoPrint\Uninst.isu" -c"D:\Program Files\Easy-PhotoPrint\EZUNINST.DLL" CaptEcran V 1.0-->"C:\Program Files\CaptEcran\unins000.exe" CareWindows Process Control Master v5.0.3.2-->"D:\Program Files\CareWindows Process Control Master\unins000.exe" Caricatures PRO [4.4.0.3]-->"C:\Program Files\Ctr\unins000.exe" Cartoonist 1.3-->"C:\Program Files\Cartoonist\unins000.exe" CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" C-Media WDM Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe Cool Record Edit Deluxe v6.1.1-->"D:\Program Files\Cool Record Edit Deluxe\unins000.exe" Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Correctif pour Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" Correctif pour Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe" Cossacks - Back To War-->C:\WINDOWS\una2setup.exe CPUID CPU-Z 1.52.2-->"C:\Program Files\CPUID\CPU-Z\unins000.exe" D'Accord Drums Player 1.0-->"D:\Program Files\D'Accord Music Software\D'Accord Drums Player 1.0\unins000.exe" Debugging Tools for Windows (x86)-->MsiExec.exe /I{300A2961-B2B5-4889-9CB9-5C2A570D08AD} Disk Heal-->D:\Program Files\Disk Heal\Uninstall Disk Heal.exe DriverMax 2.3-->"C:\Program Files\Innovative Solutions\DriverMax\unins000.exe" DropMyRights-->MsiExec.exe /I{E5B72007-07C9-4E67-B29E-696073F45704} EditXper-->"C:\Program Files\EditXper\Uninstall.exe" ESET NOD32 Antivirus-->MsiExec.exe /I{3407FD83-0A2F-475E-BE94-34F1FA342C84} FairStars Recorder 3.23-->"D:\Program Files\FairStars Recorder\unins000.exe" FileNote (Remove Only)-->C:\Program Files\FileNote\Uninstall.exe C:\PROGRA~1\FILENOTE\INSTALL.LOG FotoTagger 2.6.0.3-->D:\Program Files\FotoTagger\uninst.exe Foxit Reader-->D:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe Free ISO Creator version 2.8-->"D:\Program Files\Free ISO Creator\unins000.exe" Free Organizer Clock 1.0-->"D:\Program Files\Free Organizer Clock\unins000.exe" FunPhotor 6.0-->"D:\Program Files\Zeallsoft\FunPhotor\unins000.exe" Glary Utilities 2.9.0.518-->"D:\Program Files\Glary Utilities\unins000.exe" GoodSync-->"C:\Program Files\Siber Systems\GoodSync\uninstall.exe" Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} HijackThis 2.0.2-->"C:\trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe Java 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF} Kerio Personal Firewall-->MsiExec.exe /X{333BECA0-DED8-4139-A516-8D9E44E22669} KhalSetup-->MsiExec.exe /I{EE7B9A8D-19F0-450D-8E94-3E391E6044CD} K-Meleon 1.5.3 fr-FR (supprimer uniquement)-->C:\Program Files\K-Meleon\uninstall.exe Logitech SetPoint-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x40c -removeonly Malwarebytes' Anti-Malware-->"D:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" MemAv-->"C:\Program Files\MemAv_V1_2\unins000.exe" Mes Polices version 1.0-->"C:\Program Files\MesPolices10\unins000.exe" Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE} Microsoft Reader Text-to-Speech pour le français-->MsiExec.exe /X{6F1547AA-8DA7-4FAC-BA11-BE1659E7086E} Microsoft Reader-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x40c Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 8 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP8$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" Morph Man v.4 Trial-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5C5D70E-33DC-4A04-92F9-63964ECC30E1}\Setup.exe" Morpion 1.3-->c:\ZMSoft\Morpion\Uninstal.exe Mozilla Firefox (3.5.3)-->D:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC} MyPhoneExplorer-->D:\Program Files\MyPhoneExplorer\uninstall.exe Norton PartitionMagic 8.0-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{21DBBDD6-93A5-4326-9A04-C9A5C9148502} OpenOffice.org 3.1-->MsiExec.exe /I{B2E581DB-C4DD-432C-AC84-ED761AC056BC} Opera 10.00-->MsiExec.exe /X{2085F05D-24C5-4E27-B7B4-A51DE890FFC9} PhotoFiltre-->"D:\Program Files\PhotoFiltre\Uninst.exe" Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe" Pilote de clavier français enrichi-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\KBDFRAC2.INF, DefaultUninstall.ntx86 PowerpointImageExtractor-->"C:\Program Files\PowerpointImageExtractor_V1_2\unins000.exe" Process Tamer 2.09.01-->"D:\Program Files\ProcessTamer\unins000.exe" QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68} Record-Anything v2.95 Trial Edition-->"C:\Program Files\Record-Anything\unins000.exe" RegRun Security Suite Platinum-->C:\Program Files\Greatis\RegRunSuite\R3UR.exe Security Process Explorer 1.6-->"D:\Program Files\Security Process Explorer\unins000.exe" Service Controller XP-->"C:\Program Files\Service Controller XP\Uninstall.exe" Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748} Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36} SmartClose 1.1-->"C:\Program Files\SmartClose\unins000.exe" SodaBush Windowpaper XP v1.01-->MsiExec.exe /X{80CE352B-9086-44FC-BD57-BD6CFA4C9AB1} Spotify-->"D:\Program Files\Spotify\uninstall.exe" Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe" SpywareGuard v2.2-->"C:\Program Files\SpywareGuard\unins000.exe" Sqirlz Morph-->"C:\WINDOWS\Sqirlz Morph Uninstaller.exe" SuperF4-->"C:\Program Files\SuperF4\Uninstall.exe" System Safety Monitor Free Edition-->C:\Program Files\System Safety Monitor\Setup\Setup.exe TeraCopy 1.22-->"C:\Program Files\TeraCopy\unins000.exe" TextAloud-->"D:\Program Files\TextAloud\unins000.exe" The KMPlayer v2.9.4.1435 FR-->"C:\Program Files\The KMPlayer FR\unins000.exe" Todae - Live Media-->C:\Program Files\Windows Media Player\Plugins\Todae\RMP\uninstall_fr.exe TomTom HOME 2.7.2.1825-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533} Tomtomax Maxi-Box V2.0.17-->"D:\Program Files\Tomtomax Maxi-Box\unins000.exe" Total Recorder 7.1-->"D:\Program Files\HighCriteria\TotalRecorder\setup.exe" U Total Recorder Editor Pro v11.5.1-->"D:\Program Files\Total Recorder Editor Pro\unins000.exe" Trojan Remover 6.8.1-->"C:\Program Files\Trojan Remover\unins000.exe" TuneUp Utilities 2007-->MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B} Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta" Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Windows Doctor 1.7-->"D:\Program Files\Windows Doctor\1.7\unins000.exe" Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52} Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Resource Kit Tools - SubInAcl.exe-->MsiExec.exe /X{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE} Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinPatrol 2009-->C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0 WinPcap 4.0.2-->C:\Program Files\WinPcap\uninstall.exe WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe WinRescue XP-->"D:\Program Files\WinRescue XP\unins000.exe" WM Recorder-->D:\Program Files\WMR11\Uninstal.exe XnView 1.96.5-->"C:\Program Files\XnView\unins000.exe" XP SysPad V7.8 by xtort.net ©-->"D:\Program Files\XPSysPad\unins000.exe" xp-AntiSpy 3.97-2-->C:\Program Files\xp-AntiSpy\Uninstall.exe Your Uninstaller! 2006 Version 5-->"C:\Program Files\Your Uninstaller 2006\unins000.exe" Your Uninstaller! 2008 Version 6.2-->"C:\Program Files\Your Uninstaller 2008\unins000.exe" ZebHelpProcess 2.33.8-->"C:\Program Files\ZebHelpProcess\unins000.exe" ZNsoft Optimizer Xp-->"C:\Program Files\ZNsoft Corporation\ZNsoft Optimizer Xp\unins000.exe" ======Hosts File====== 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com ======Security center information====== AV: ESET NOD32 Antivirus 3.0 FW: Kerio Personal Firewall ======System event log====== Computer Name: X-X69FB0WY08STW Event Code: 26 Message: Application popup : : Machine Check: Record Number: 9731 Source Name: Application Popup Time Written: 20090704185926.000000+120 Event Type: Informations User: Computer Name: X-X69FB0WY08STW Event Code: 7036 Message: Le service Compatibilité avec le Changement rapide d'utilisateur est entré dans l'état : en cours d'exécution. Record Number: 9730 Source Name: Service Control Manager Time Written: 20090704185920.000000+120 Event Type: Informations User: Computer Name: X-X69FB0WY08STW Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Compatibilité avec le Changement rapide d'utilisateur. Record Number: 9729 Source Name: Service Control Manager Time Written: 20090704185920.000000+120 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: X-X69FB0WY08STW Event Code: 7036 Message: Le service Services Terminal Server est entré dans l'état : en cours d'exécution. Record Number: 9728 Source Name: Service Control Manager Time Written: 20090704185920.000000+120 Event Type: Informations User: Computer Name: X-X69FB0WY08STW Event Code: 7036 Message: Le service Gestionnaire de connexions d'accès distant est entré dans l'état : en cours d'exécution. Record Number: 9727 Source Name: Service Control Manager Time Written: 20090704185914.000000+120 Event Type: Informations User: =====Application event log===== Computer Name: X-X69FB0WY08STW Event Code: 1800 Message: Le service Centre de sécurité Windows a démarré. Record Number: 537 Source Name: SecurityCenter Time Written: 20090220185143.000000+060 Event Type: Informations User: Computer Name: X-X69FB0WY08STW Event Code: 1800 Message: Le service Centre de sécurité Windows a démarré. Record Number: 536 Source Name: SecurityCenter Time Written: 20090219185926.000000+060 Event Type: Informations User: Computer Name: X-X69FB0WY08STW Event Code: 1800 Message: Le service Centre de sécurité Windows a démarré. Record Number: 535 Source Name: SecurityCenter Time Written: 20090219081944.000000+060 Event Type: Informations User: Computer Name: X-X69FB0WY08STW Event Code: 1800 Message: Le service Centre de sécurité Windows a démarré. Record Number: 534 Source Name: SecurityCenter Time Written: 20090218190507.000000+060 Event Type: Informations User: Computer Name: X-X69FB0WY08STW Event Code: 1800 Message: Le service Centre de sécurité Windows a démarré. Record Number: 533 Source Name: SecurityCenter Time Written: 20090218190116.000000+060 Event Type: Informations User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD "PROCESSOR_REVISION"=0801 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "FP_NO_HOST_CHECK"=NO -----------------EOF-----------------

Merci Thanos, ça a marché avec flushdns. Ce service peut il être désactivé?

Bonjour, le service DNS occupant jusqu'à 80% du CPU, j'ai passé antivirus et antispyware sans succes. j'ai donc utilisé gmer puis smitfraud mais n'étant pas expert je ne vois rien d'anormal. le voici: SmitFraudFix v2.424 Rapport fait à 10:14:28,04, 30/09/2009 Executé à partir de F:\Documents and Settings\Rebo\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\spoolsv.exe F:\Program Files\a-squared Free\a2service.exe F:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe F:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe F:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe F:\WINDOWS\Explorer.EXE F:\WINDOWS\System32\svchost.exe F:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe F:\WINDOWS\system32\RunDll32.exe F:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe F:\WINDOWS\system32\ctfmon.exe F:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe F:\Program Files\Calendrier\Cld2000.exe F:\Documents and Settings\Rebo\Bureau\Demarrages\process explorer\procexp.exe F:\Program Files\SpywareGuard\sgmain.exe F:\Program Files\SpywareGuard\sgbhp.exe F:\Program Files\Mozilla Firefox\firefox.exe F:\Documents and Settings\Rebo\Bureau\r88enuxh.exe F:\Program Files\EditXper\EditXper.exe F:\Documents and Settings\Rebo\Bureau\SmitfraudFix\Policies.exe F:\WINDOWS\system32\cmd.exe F:\Documents and Settings\Rebo\Bureau\SmitfraudFix\Policies.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» F:\ »»»»»»»»»»»»»»»»»»»»»»»» F:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» F:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» F:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» F:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» F:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» F:\Documents and Settings\Rebo »»»»»»»»»»»»»»»»»»»»»»»» F:\DOCUME~1\Rebo\LOCALS~1\Temp »»»»»»»»»»»»»»»»»»»»»»»» F:\Documents and Settings\Rebo\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» F:\DOCUME~1\REBO\FAVORIS »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» F:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» o4Patch !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! o4Patch Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! Agent.OMZ.Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="F:\\WINDOWS\\system32\\userinit.exe," »»»»»»»»»»»»»»»»»»»»»»»» RK [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: RCA USB Cable Modem - Miniport d'ordonnancement de paquets DNS Server Search Order: 89.2.0.1 DNS Server Search Order: 89.2.0.2 HKLM\SYSTEM\CCS\Services\Tcpip\..\{DFFA7905-7CE0-4B6F-8935-BBA32C1CDDFD}: DhcpNameServer=89.2.0.1 89.2.0.2 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin Merci de l'examiner

Personne pour m'aider? :P

Bonjour, sous XP home, je m'aperçois que le narrateur ne fonctionne pas. je suis donc la procédure Zébulon: j'installe msreader puis readertts mais le bouton voix demeure toujours inactif et le panneau de propriétés sons et périphériques audio ne donne qu'un choix:Realtek AC97 Audio. comment activer la synthese vocale? Merci

Merci, c'est ce que je cherchais.

Merci, c'est justement ce que je ne sais pas faire. comment déplacer cette partition? avec partition magic ou gparted?

J'ai tout sauvegardé avant de formater.ce qui reste sur E peut etre effacé sans probleme. ce que je voudrais savoir c'est la manip pour l'espace non alloué.

Bonjour, Sur mon premier disque, j'ai 3 partitions(cf images:= http://img193.imageshack.us/i/disquesd.jpg /][img= http://img193.imageshack.us/img193/8798/disquesd.jpg] et je souhaite redistribuer l'espace de E sur C.j'ai donc formaté et redimensionné E et je me retrouve avec de l'espace non alloué qui n'est pas contigu de C. Comment avec partition magic élargir C avec cet espace libre? Merci

http://img8.imageshack.us/img8/8467/installedh.jpg http://img15.imageshack.us/img15/6154/softwareq.jpg encore un grand MERCI à toi

Succes complet :framework 1 et 2 installés. je vais pouvoir installer my phone explorer et autres. MERCI encore pour tous tes bons soins

VICTOIRE! aprés creation d'un nouveau compte administrateur, l'intallation est passée comme une lettre à la poste(sur ce compte).

Il ne frezze que avec l'éditeur du registre quanf j'essaie ta manip. Regrun surveille la BDR mais ne bloque rien à ma connaissance sans demander. de toutes façons ça ne marche pas même en désactivant tout. Ps:je suis seul administrateur + un compte limité

Oui, je pense essyer de supprimer ce compte et (ou) installer net framework en mode sans echec. les applications ouvertes sont notamment l'antivirus nod32, regrun et kerio firewall

le pc bug, je veux dire par la que le pc se fige et je dois rebooter. je vais essayer en mode sans echec