Se connecter / S'enregistrer
Votre question

redemarrages intempestifs sous xp

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
20 Septembre 2008 10:20:33

Bonjour à tous, j'espere que vous pourrez m'aider , je commence à desespérer !
Apres plusieurs mois de messages d'erreurs (windows a récupérer d'une erreur serieuse, windows n'a pas pu recuperer les données pour le dossier ...) voilà que maintenant il redémarre tout seul (après 3h d'utilisation ou 20 mn ) sans prévenir et sans aucun message d'erreur après le rédémarrage.
J'ai fait pleins de scan antivirus antimalware, antirootkit mais rien n'a réglé le problème . Avast me met seulement erreur 42125 42127 et 42145 archives..corrompue ; je ne sais pas ce que ca signifie mais il les detecte pas comme des virus. J'ai egalement fait Ccleaner et une defrag, voici le rapport hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:55:31, on 20/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
J:\WINDOWS\System32\smss.exe
J:\WINDOWS\system32\csrss.exe
J:\WINDOWS\system32\winlogon.exe
J:\WINDOWS\system32\services.exe
J:\WINDOWS\system32\lsass.exe
J:\WINDOWS\system32\Ati2evxx.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\System32\svchost.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\system32\svchost.exe
J:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
J:\Program Files\Alwil Software\Avast4\ashServ.exe
J:\WINDOWS\system32\Ati2evxx.exe
J:\WINDOWS\Explorer.EXE
J:\WINDOWS\system32\spoolsv.exe
J:\WINDOWS\ehome\ehtray.exe
J:\WINDOWS\SOUNDMAN.EXE
J:\WINDOWS\ALCWZRD.EXE
J:\WINDOWS\ALCMTR.EXE
J:\Program Files\QuickTime\qttask.exe
J:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
J:\WINDOWS\system32\rundll32.exe
J:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
J:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
J:\Program Files\SuperCopier2\SuperCopier2.exe
J:\WINDOWS\system32\ctfmon.exe
J:\Program Files\Windows Media Player\WMPNSCFG.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\eHome\ehRecvr.exe
J:\WINDOWS\eHome\ehSched.exe
J:\WINDOWS\System32\svchost.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\ehome\mcrdsvc.exe
J:\Program Files\Windows Media Player\WMPNetwk.exe
J:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
J:\Program Files\Alwil Software\Avast4\ashWebSv.exe
J:\WINDOWS\eHome\ehmsas.exe
J:\WINDOWS\system32\dllhost.exe
J:\WINDOWS\System32\alg.exe
J:\WINDOWS\system32\wuauclt.exe
J:\WINDOWS\system32\msiexec.exe
J:\Program Files\Internet Explorer\iexplore.exe
J:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
K:\Fichiers SRT\HiJackThis.exe
J:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - J:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - J:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - J:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - J:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [ehTray] J:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "J:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] J:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "J:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "J:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] J:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ctfmon.exe] J:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "K:\TomTom1\HOME\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [WMPNSCFG] "J:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = J:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://J:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://J:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://J:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://J:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://J:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - J:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - J:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - J:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {5308E02B-4ABA-48E4-AA9E-8A7693661473} (GameCtl Class) - http://jeuxenligne.orange.fr/GisActiveX/Ax/GameAx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps/utils/AccountHelpe...
O16 - DPF: {C7C7152F-6E85-44F3-A14B-A7F85FDDEA3B} (InstallerCtrl Class) - http://www.tellmemore-online.com/bin/tol7inst.cab
O16 - DPF: {C9E17F58-564C-41C6-989F-AB0FE0D2C9D1} (PopcapLoader Object) - http://jeuxentelechargement.orange.fr/orange2.0/OnlineH...
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne-beta.jeu.orange.fr/Gameshell/GameHos...
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - file:///J:/Documents%20and%20Settings/Administrateur/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/popcaploader_v6.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - J:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - J:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - J:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - J:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - J:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 9076 bytes

j'espere avoir mit tout ce qu'il faut , merci d'avance ;) )

Autres pages sur : redemarrages intempestifs

a b 8 Sécurité
20 Septembre 2008 13:34:43

Bonjour,

  • Télécharge Catchme ([#ff0000]Gmer[/#f]) sur ton Bureau.
  • Double clique sur catchme.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, poste le rapport catchme.log dans ta prochaine réponse.
    20 Septembre 2008 14:49:16

    Voilà ce que ça a donné :

    catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    ..Sinon les erreurs qu'avast a trouvé, vous savez ce que ça signifie ? (ex : erreur 42125 archive ZIP corrompue)
    Contenus similaires
    20 Septembre 2008 20:52:40

    Voila le rapport de fin d'analyse...enfin...c 'est bien ça ? ça me semble un peu long...

    Scanning for 1626845 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 3) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: ADMINIST-27F769

    Version information:
    BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
    AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
    LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
    LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
    ANTIVIR2.VDF : 7.0.6.153 3341312 Bytes 12/09/2008 17:22:37
    ANTIVIR3.VDF : 7.0.6.188 217088 Bytes 19/09/2008 17:22:38
    Engineversion : 8.1.1.34
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.76 319867 Bytes 20/09/2008 17:22:46
    AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
    AERDL.DLL : 8.1.1.2 438644 Bytes 20/09/2008 17:22:45
    AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
    AEOFFICE.DLL : 8.1.0.25 196986 Bytes 20/09/2008 17:22:44
    AEHEUR.DLL : 8.1.0.59 1438071 Bytes 20/09/2008 17:22:43
    AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
    AEGEN.DLL : 8.1.0.36 315764 Bytes 20/09/2008 17:22:40
    AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
    AECORE.DLL : 8.1.1.11 172406 Bytes 20/09/2008 17:22:39
    AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
    AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
    AVREP.DLL : 8.0.0.2 98344 Bytes 20/09/2008 17:22:39
    AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: j:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: J:, K:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: samedi 20 septembre 2008 19:25

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
    Scan process 'dllhost.exe' - '1' Module(s) have been scanned
    Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
    Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ehSched.exe' - '1' Module(s) have been scanned
    Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'SuperCopier2.exe' - '1' Module(s) have been scanned
    Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'qttask.exe' - '1' Module(s) have been scanned
    Scan process 'ALCMTR.EXE' - '1' Module(s) have been scanned
    Scan process 'ALCWZRD.EXE' - '1' Module(s) have been scanned
    Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
    Scan process 'ehtray.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    41 processes with 41 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD2
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD3
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD4
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD5
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.

    Start scanning boot sectors:
    Boot sector 'J:\'
    [INFO] No virus was found!
    Boot sector 'K:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '62' files ).


    Starting the file scan:

    Begin scan in 'J:\' <windows>
    J:\pagefile.sys
    [WARNING] The file could not be opened!
    J:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!
    Begin scan in 'K:\' <stockage donnees>


    End of the scan: samedi 20 septembre 2008 20:11
    Used time: 46:06 Minute(s)

    The scan has been done completely.

    5293 Scanning directories
    232207 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    232205 Files not concerned
    980 Archives were scanned
    7 Warnings
    0 Notes

    Voilà , à demain :) 
    a b 8 Sécurité
    20 Septembre 2008 21:47:23

    Reposte un rapport Hijackthis.
    21 Septembre 2008 10:23:20

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:13:52, on 21/09/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    J:\WINDOWS\System32\smss.exe
    J:\WINDOWS\system32\csrss.exe
    J:\WINDOWS\system32\winlogon.exe
    J:\WINDOWS\system32\services.exe
    J:\WINDOWS\system32\lsass.exe
    J:\WINDOWS\system32\Ati2evxx.exe
    J:\WINDOWS\system32\svchost.exe
    J:\WINDOWS\system32\svchost.exe
    J:\WINDOWS\System32\svchost.exe
    J:\WINDOWS\system32\svchost.exe
    J:\WINDOWS\system32\svchost.exe
    J:\WINDOWS\system32\spoolsv.exe
    J:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    J:\WINDOWS\system32\Ati2evxx.exe
    J:\WINDOWS\Explorer.EXE
    J:\WINDOWS\ehome\ehtray.exe
    J:\WINDOWS\SOUNDMAN.EXE
    J:\WINDOWS\ALCWZRD.EXE
    J:\WINDOWS\ALCMTR.EXE
    J:\WINDOWS\system32\rundll32.exe
    J:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    J:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    J:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    J:\Program Files\SuperCopier2\SuperCopier2.exe
    J:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    J:\WINDOWS\system32\ctfmon.exe
    J:\WINDOWS\system32\svchost.exe
    J:\WINDOWS\eHome\ehRecvr.exe
    J:\Program Files\Windows Media Player\WMPNSCFG.exe
    J:\WINDOWS\eHome\ehSched.exe
    J:\WINDOWS\System32\svchost.exe
    J:\WINDOWS\system32\svchost.exe
    J:\WINDOWS\system32\svchost.exe
    J:\WINDOWS\ehome\mcrdsvc.exe
    J:\Program Files\Windows Media Player\WMPNetwk.exe
    J:\WINDOWS\system32\dllhost.exe
    J:\WINDOWS\eHome\ehmsas.exe
    J:\WINDOWS\System32\alg.exe
    J:\WINDOWS\system32\wuauclt.exe
    J:\Program Files\Internet Explorer\iexplore.exe
    J:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    K:\Fichiers SRT\HiJackThis.exe
    J:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - J:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - J:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - J:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - J:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O4 - HKLM\..\Run: [ehTray] J:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "J:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "J:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "J:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [avgnt] "J:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [SuperCopier2.exe] J:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [ctfmon.exe] J:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TomTomHOME.exe] "K:\TomTom1\HOME\TomTom HOME 2\HOMERunner.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] "J:\Program Files\Windows Media Player\WMPNSCFG.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = J:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://J:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://J:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://J:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://J:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://J:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - J:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - J:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - J:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
    O16 - DPF: {5308E02B-4ABA-48E4-AA9E-8A7693661473} (GameCtl Class) - http://jeuxenligne.orange.fr/GisActiveX/Ax/GameAx.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
    O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps/utils/AccountHelpe...
    O16 - DPF: {C7C7152F-6E85-44F3-A14B-A7F85FDDEA3B} (InstallerCtrl Class) - http://www.tellmemore-online.com/bin/tol7inst.cab
    O16 - DPF: {C9E17F58-564C-41C6-989F-AB0FE0D2C9D1} (PopcapLoader Object) - http://jeuxentelechargement.orange.fr/orange2.0/OnlineH...
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne-beta.jeu.orange.fr/Gameshell/GameHos...
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - file:///J:/Documents%20and%20Settings/Administrateur/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/popcaploader_v6.cab
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - J:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - J:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - J:\WINDOWS\system32\Ati2evxx.exe

    --
    End of file - 8866 bytes

    J'ai oublié de mentionner que pendant l'apparition des messages "l'ecriture décalée a échouée " et "windows n'a pas pu sauvegarder toutes les données.." il arrivait que le panneau arriere s'affichait ; comme si je venais de brancher un periphérique (alors que non) . L'ordi devenait tres lent , je pouvais à peine fermer ces messages d'erreur .
    J'en suis venu à me demander si ce n'etait pas un problème matériel mais mon ordinateur a 3 ans environ ,le disc dur et carte graphique ont été changé il y a 2 ans. Est ce une piste ?
    a b 8 Sécurité
    21 Septembre 2008 12:59:46

    Re,

    Fix les lignes dans le cadre ci-dessous avec HijackThis : AIDE EN IMAGES

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)


    Citation :
    J'en suis venu à me demander si ce n'etait pas un problème matériel mais mon ordinateur a 3 ans environ ,le disc dur et carte graphique ont été changé il y a 2 ans. Est ce une piste ?

    Ton pc commence certainement à se faire vieux.
    21 Septembre 2008 19:31:07

    Ca y'est c'est fait mais apres redémarrage (intentionnel) , le logo de windows est toujours très lent à charger et supercopier-coller marche au ralentit (ça me l'avait déjà fait il y a longtemps, c'était un signe que ça allait pas :(  )
    Si tu as d'autres idées Angeldark , je suis preneuse bien sûr . Mais je te dis déjà un grand merci de ton aide et du temps que tu passe à nous aider; quand je vois le nombre de messages chaque jour .... faut du courage !! :) 
    a b 8 Sécurité
    21 Septembre 2008 20:23:16

    Je vois pas là :/ 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS