Bastos17

J'ai seulement OC ma carte graphique. Après avoir fini le scan avec Combofix, j'ai éteint le PC, mais il a crashé à ce moment là. Je le rallume donc et il m'affiche "operating system not found". Mon disque dur n'étant plus reconnu, je l'ai branché en USB sur un autre PC et j'ai récupéré les données avec Testdisk et je l'ai formaté pour réinstaller Seven. Je pense que je ne pouvais pas faire mieux au point où j'en était arrivé. Merci d'avoir consacré de ton temps à mon probleme !!

J'ai enfin réussis à lancer ComboFix en mode sans échec !!! Le log : ComboFix 11-04-29.01 - Bastos 01/05/2011 14:46:16.1.2 - x86 NETWORK Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.33.1033.18.3067.2495 [GMT 2:00] Lancé depuis: c:\users\Bastos\Desktop\ComboFix.exe AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Un nouveau point de restauration a été créé . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Bastos\Documents\BackupRegistry03-04-2011.reg . . ((((((((((((((((((((((((((((( Fichiers créés du 2011-04-01 au 2011-05-01 )))))))))))))))))))))))))))))))))))) . . 2011-05-01 12:51 . 2011-05-01 12:51 -------- d-----w- c:\users\Guest\AppData\Local\temp 2011-05-01 12:51 . 2011-05-01 12:51 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-04-28 17:02 . 2011-04-30 19:59 -------- d-----w- C:\tdsskiller 2011-04-27 19:28 . 2011-04-27 19:28 -------- d-----w- c:\programdata\ZA_PreservedFiles 2011-04-26 16:41 . 2011-04-26 16:41 -------- d-----w- c:\program files\Trend Micro 2011-04-25 15:36 . 2011-04-25 15:49 -------- d-----w- c:\users\Bastos\AppData\Local\ApplicationHistory 2011-04-25 15:34 . 2011-04-25 15:34 -------- d-----w- c:\program files\DNsoft.be 2011-04-25 15:31 . 2011-04-25 15:31 -------- d-----w- c:\windows\system32\URTTEMP 2011-04-25 13:12 . 2011-04-25 13:12 -------- d-----w- c:\users\Bastos\AppData\Roaming\Malwarebytes 2011-04-25 13:12 . 2010-11-29 15:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-04-25 13:12 . 2011-04-25 13:12 -------- d-----w- c:\programdata\Malwarebytes 2011-04-25 13:12 . 2011-04-25 13:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-04-25 13:12 . 2010-11-29 15:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-24 21:28 . 2011-04-24 21:28 -------- d-----w- c:\users\Bastos\AppData\Roaming\Intel 2011-04-24 21:28 . 2011-04-24 21:28 -------- d-----w- c:\users\Public\Roaming 2011-04-24 21:28 . 2011-04-24 21:28 -------- d-----w- c:\users\Guest\Roaming 2011-04-24 21:28 . 2011-04-24 21:28 -------- d-----w- c:\users\Default\Roaming 2011-04-24 21:28 . 2011-04-24 21:28 -------- d-----w- c:\users\Bastos\Roaming 2011-04-24 21:28 . 2011-04-24 21:28 -------- d-----w- c:\programdata\Roaming 2011-04-24 21:25 . 2011-04-24 21:25 -------- d-----w- c:\program files\Cisco 2011-04-24 21:25 . 2011-04-24 21:25 -------- d-----w- c:\program files\Common Files\Intel 2011-04-24 21:25 . 2011-04-24 21:25 -------- d-----w- c:\programdata\Intel 2011-04-24 21:25 . 2011-04-24 21:25 -------- d-----w- c:\program files\Intel 2011-04-22 18:37 . 2011-04-22 18:41 -------- d-----w- c:\users\Bastos\AppData\Roaming\HandBrake 2011-04-22 18:37 . 2011-04-22 18:37 -------- d-----w- c:\users\Bastos\AppData\Local\HandBrake 2011-04-22 18:37 . 2011-04-22 18:37 -------- d-----w- c:\program files\Handbrake 2011-04-07 18:00 . 2011-04-16 19:10 234768 ----a-w- c:\windows\system32\PnkBstrB.xtr 2011-04-07 17:57 . 2011-04-07 17:57 -------- d-----w- c:\users\Bastos\AppData\Local\PunkBuster 2011-04-07 17:23 . 2011-04-16 19:10 138264 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2011-04-04 21:41 . 2011-04-07 17:23 138056 ----a-w- c:\users\Bastos\AppData\Roaming\PnkBstrK.sys 2011-04-04 21:37 . 2011-04-16 19:10 234768 ----a-w- c:\windows\system32\PnkBstrB.exe 2011-04-04 21:37 . 2011-04-07 17:22 75136 ----a-w- c:\windows\system32\PnkBstrA.exe 2011-04-04 19:08 . 2011-04-04 19:08 -------- d-----w- c:\program files\EA Games . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-02 09:53 . 2010-12-17 17:35 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-03-29 20:32 . 2011-03-29 20:32 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2011-02-24 16:30 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll 2011-02-19 06:30 . 2011-03-27 21:20 805376 ----a-w- c:\windows\system32\FntCache.dll 2011-02-19 06:30 . 2011-03-27 21:20 1076736 ----a-w- c:\windows\system32\DWrite.dll 2011-02-19 06:30 . 2011-03-27 21:20 739840 ----a-w- c:\windows\system32\d2d1.dll 2011-02-18 16:29 . 2011-03-07 19:06 46592 ----a-w- c:\windows\system32\vsutil_loc040c.dll 2011-02-18 16:28 . 2010-12-17 18:36 1238528 ----a-w- c:\windows\system32\zpeng25.dll 2011-02-18 16:28 . 2010-12-17 18:36 69120 ----a-w- c:\windows\system32\zlcomm.dll 2011-02-18 16:28 . 2010-12-17 18:36 104448 ----a-w- c:\windows\system32\zlcommdb.dll 2011-02-03 05:54 . 2011-02-21 18:24 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896] "eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-09-11 544768] "ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504] "LManager"="c:\program files\Launch Manager\LManager.exe" [2008-06-16 809480] "PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-08 9267816] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-17 281768] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 3420776] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] . c:\users\Bastos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ HwMonTray.lnk - c:\users\Bastos\Desktop\HwMonTray.exe [2010-12-21 163840] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKLM\~\startupfolder\C:^Users^Bastos^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^taskmgr.lnk] backup=c:\windows\pss\taskmgr.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2008-02-28 16:07 1828136 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobile Connectivity Suite] 2009-11-19 15:19 598016 ----a-r- c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] 2008-02-18 15:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] 2010-12-17 19:08 395640 ----a-w- c:\program files\uTorrent\uTorrent.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background "WiFiSiStr"= . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" "RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" /S "RivaTuner"="c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" /T . R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-08-17 135336] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328] R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-08-19 24576] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2009-10-26 25088] R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088] R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2011-04-12 311744] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [x] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-02 227600] R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x] R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-09-07 123496] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] R3 rk_remover-boot;rk_remover-boot;c:\windows\system32\drivers\rk_remover.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt; [x] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-03-29 218688] S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2010-11-09 7430144] S3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclock.sys [2009-09-15 38248] . . --- Autres Services/Pilotes en mémoire --- . *Deregistered* - klmd25 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.com/ IE: E&xporter vers Microsoft Excel - c:\progra~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Bastos\AppData\Roaming\Mozilla\Firefox\Profiles\zn99zf54.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/webhp?rls=ig FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Password Exporter: {B17C1C5A-04B1-11DB-9804-B622A1EF5492} - %profile%\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} FF - Ext: Battlefield Play4Free: battlefieldplay4free@ea.com - %profile%\extensions\battlefieldplay4free@ea.com . . ------- Associations de fichier ------- . .scr=AutoCADScriptFile . - - - - ORPHELINS SUPPRIMES - - - - . HKLM-RunOnce-<NO NAME> - (no file) . . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Heure de fin: 2011-05-01 14:52:50 ComboFix-quarantined-files.txt 2011-05-01 12:52 . Avant-CF: 86 668 701 696 octets libres Après-CF: 86 741 512 192 octets libres . - - End Of File - - 32EC5EF33CAE8E61ED55CDA2F7CC1D1D J'espère que ça pourra faire avancer le schmilblick ^^

Bon toujours rien avec TDSSKiller =/ Mais il y a du nouveau !! Combofix fait crasher mon PC !! Je commence à désespérer .... Le rapport WhoCrashed : Crash Dump Analysis -------------------------------------------------------------------------------- Crash dump directory: C:\Windows\Minidump Crash dumps are enabled on your computer. On Fri 29/04/2011 19:16:38 GMT your computer crashed crash dump file: C:\Windows\Minidump\042911-24538-01.dmp This was probably caused by the following module: ntkrnlpa.exe (nt+0x415CB) Bugcheck code: 0xA (0x1, 0x2, 0x0, 0xFFFFFFFF83092A1C) Error: IRQL_NOT_LESS_OR_EQUAL file path: C:\Windows\system32\ntkrnlpa.exe product: Microsoft® Windows® Operating System company: Microsoft Corporation description: NT Kernel & System Bug check description: This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above. This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time. On Fri 29/04/2011 19:16:38 GMT your computer crashed crash dump file: C:\Windows\memory.dmp This was probably caused by the following module: ntkrpamp.exe (nt!Kei386EoiHelper+0x29D3) Bugcheck code: 0xA (0x1, 0x2, 0x0, 0xFFFFFFFF83092A1C) Error: IRQL_NOT_LESS_OR_EQUAL Bug check description: This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above. This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: ntkrpamp.exe . Google query: ntkrpamp.exe IRQL_NOT_LESS_OR_EQUAL On Fri 29/04/2011 19:02:23 GMT your computer crashed crash dump file: C:\Windows\Minidump\042911-31995-01.dmp This was probably caused by the following module: hal.sys (hal+0x590F) Bugcheck code: 0xA (0x1, 0x2, 0x0, 0xFFFFFFFF83087A1C) Error: IRQL_NOT_LESS_OR_EQUAL Bug check description: This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above. This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: hal.sys . Google query: hal.sys IRQL_NOT_LESS_OR_EQUAL On Fri 29/04/2011 18:55:54 GMT your computer crashed crash dump file: C:\Windows\Minidump\042911-29920-01.dmp This was probably caused by the following module: Unknown (0x00000001) Bugcheck code: 0x1000008E (0xFFFFFFFFC0000005, 0x1, 0xFFFFFFFFAC1F19F8, 0x0) Error: KERNEL_MODE_EXCEPTION_NOT_HANDLED_M Bug check description: This indicates that a kernel-mode program generated an exception which the error handler did not catch. This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: Unknown . Google query: Unknown KERNEL_MODE_EXCEPTION_NOT_HANDLED_M On Fri 29/04/2011 18:30:29 GMT your computer crashed crash dump file: C:\Windows\Minidump\042911-32729-01.dmp This was probably caused by the following module: hal.sys (hal+0x590F) Bugcheck code: 0xA (0x1, 0x2, 0x0, 0xFFFFFFFF830BBA1C) Error: IRQL_NOT_LESS_OR_EQUAL Bug check description: This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above. This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: hal.sys . Google query: hal.sys IRQL_NOT_LESS_OR_EQUAL On Fri 29/04/2011 17:29:02 GMT your computer crashed crash dump file: C:\Windows\Minidump\042911-26800-01.dmp This was probably caused by the following module: ntkrnlpa.exe (nt+0x415CB) Bugcheck code: 0xA (0x16, 0x2, 0x0, 0xFFFFFFFF8304BF66) Error: IRQL_NOT_LESS_OR_EQUAL file path: C:\Windows\system32\ntkrnlpa.exe product: Microsoft® Windows® Operating System company: Microsoft Corporation description: NT Kernel & System Bug check description: This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above. This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time. On Wed 27/04/2011 19:28:31 GMT your computer crashed crash dump file: C:\Windows\Minidump\042711-34585-01.dmp This was probably caused by the following module: hssdrv.sys (HssDrv+0x1F6C) Bugcheck code: 0xD1 (0x0, 0x2, 0x0, 0xFFFFFFFF8B680D11) Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL Bug check description: This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high. This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: hssdrv.sys . Google query: hssdrv.sys DRIVER_IRQL_NOT_LESS_OR_EQUAL EDIT : Si ça peut aider, voici le log de TDSSKiller : 2011/04/30 21:59:53.0304 2920 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/04/30 21:59:53.0714 2920 ================================================================================ 2011/04/30 21:59:53.0714 2920 SystemInfo: 2011/04/30 21:59:53.0714 2920 2011/04/30 21:59:53.0714 2920 OS Version: 6.1.7601 ServicePack: 1.0 2011/04/30 21:59:53.0714 2920 Product type: Workstation 2011/04/30 21:59:53.0714 2920 ComputerName: BASTOS-PC 2011/04/30 21:59:53.0714 2920 UserName: Bastos 2011/04/30 21:59:53.0714 2920 Windows directory: C:\Windows 2011/04/30 21:59:53.0714 2920 System windows directory: C:\Windows 2011/04/30 21:59:53.0714 2920 Processor architecture: Intel x86 2011/04/30 21:59:53.0714 2920 Number of processors: 2 2011/04/30 21:59:53.0714 2920 Page size: 0x1000 2011/04/30 21:59:53.0714 2920 Boot type: Normal boot 2011/04/30 21:59:53.0714 2920 ================================================================================ 2011/04/30 21:59:54.0034 2920 !crdlk J'ai aussi essayé avec Norman TDSS Cleaner, résultat : Unable to load nsak.sys Error (0x00000001). Idem avec TDSS Remover => "Error while creating or starting service" Le debug log de TDSS Remover : .\main.cpp(3998) : Debug log started at 30.04.2011 - 20:06:27 .\main.cpp(3999) : Program Version: 1.8.0.0 .\main.cpp(4003) : OS Version: Microsoft Windows 7 Ultimate Edition Service Pack 1 (build 7601), 32-bit .\main.cpp(4011) : --------------------------------------- .\service.cpp(90) : Creating service... .\service.cpp(109) : Allready exists .\service.cpp(128) : Starting service... .\service.cpp(149) : StartService() ERROR 31

Je commence à croire que mon PC ne veut pas être désinfecté Lorsque je lance l'appli, ça se lance, ça télécharge et ça ouvre une petite fenêtre avec une barre d'avancement 10 - 20 %... jusqu'à 80% où là elle disparait. Ensuite le Bloc Note se lance mais pas de TDSSKiller. J'ai essayé en lançant directement ce TDSSKiller, mais là aussi, la fenêtre d'avancement se ferme à 80% puis rien. Même en mode sans échec. :cry:

Merci Pour le Blue screen, c'est mon soft VPN AnchorFree qui l'a provoqué : Crash Dump Analysis -------------------------------------------------------------------------------- Crash dump directory: C:\Windows\Minidump Crash dumps are enabled on your computer. On Wed 27/04/2011 19:28:31 GMT your computer crashed crash dump file: C:\Windows\Minidump\042711-34585-01.dmp This was probably caused by the following module: hssdrv.sys (HssDrv+0x1F6C) Bugcheck code: 0xD1 (0x0, 0x2, 0x0, 0xFFFFFFFF8B680D11) Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL file path: C:\Windows\system32\drivers\hssdrv.sys product: Hotspot Shield® Routing Driver company: AnchorFree Inc. description: Hotspot Shield Routing Driver Bug check description: This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high. This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: hssdrv.sys (Hotspot Shield Routing Driver, AnchorFree Inc.). Google query: hssdrv.sys AnchorFree Inc. DRIVER_IRQL_NOT_LESS_OR_EQUAL On Wed 27/04/2011 19:28:31 GMT your computer crashed crash dump file: C:\Windows\memory.dmp This was probably caused by the following module: hssdrv.sys (HssDrv+0x1F6C) Bugcheck code: 0xD1 (0x0, 0x2, 0x0, 0xFFFFFFFF8B680D11) Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL file path: C:\Windows\system32\drivers\hssdrv.sys product: Hotspot Shield® Routing Driver company: AnchorFree Inc. description: Hotspot Shield Routing Driver Bug check description: This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high. This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: hssdrv.sys (Hotspot Shield Routing Driver, AnchorFree Inc.). Google query: hssdrv.sys AnchorFree Inc. DRIVER_IRQL_NOT_LESS_OR_EQUAL Pas d'autres choix que de le supprimer ? Parce qu'il est plutôt pratique pour regarder des séries US. Par contre pour Windows Update, toujours l'erreur 80072EFE

Merci de ton aide ! Cependant, le lien de WinUpdateFix est mort =/ et ils ne parlent même pas de ce soft sur leur site. Je réessayerais plus tard. ZoneAlarm est désinstallé, reste plus qu'a voir si les ralentissements venaient de lui. Pour ce qui est de l'erreur c0000c64 HARD ERROR, tu n'as pas d'idée de ce quelle signifie, ni d'où elle peut provenir? Car Google ne le sais pas lui ...

Bonsoir à tous Cela fait quelques jours que mon PC débloque légèrement . Ça a commencé avec une erreur avec Windows Update (code 80072EFE), puis des ralentissements du PC, des redirections des résultats sur Google (vers monstermarketplace.com) et un magnifique blue screen avec "STOP c0000c64 HARD ERROR". Les scans avec Avira, Spybot et MBAM sont négatifs (du moins, ils l'étaient avant-hier). Après plusieurs recherche, je trouve que le rootkit TDSS est souvent cité dans des cas comme le mien (pour les 3 premiers symptômes). J'ai aussi vu qu'un scan Hijackthis était souvent demandé, je l'ai fait. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:14:58, on 26/04/2011 Platform: Unknown Windows (WinNT 6.01.3505 SP1) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\CheckPoint\ZAForceField\ForceField.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\Launch Manager\LManager.exe C:\Windows\PLFSetI.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Users\Bastos\Desktop\HwMonTray.exe C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe C:\Users\Bastos\Desktop\HWMonitor.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe C:\Windows\system32\wbem\unsecapp.exe C:\Users\Bastos\AppData\Local\Microsoft\Windows Sidebar\Gadgets\GPUMonitor.gadget\GPUMonitor.exe C:\Windows\system32\taskmgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" /T O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" /S O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [iSW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: HwMonTray.lnk = C:\Users\Bastos\Desktop\HwMonTray.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.64.0.cab O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe -- End of file - 9114 bytes J'épère qu'une âme charitable voudra bien m'aider Merci d'avance !! PS : Peut-on modifier le titre du sujet ?