Sujet Précédent Sujet Suivant

C:\WINDOWS\MEMORY.DMP

Fermé
GERARD - 24 févr. 2011 à 22:24
 GERARD - 4 mars 2011 à 00:13
Bonjour,

je suis sur un pc Windows 7 et dernièrement mon ordinateur se plantait de temps en temps et l'écran devenait tout bleu avant de crasher et de redémarrer, jusque la sa va le problème c'est que je croyais que c'était du à une mauvaise ventilation (je n'y connais pas trop niveau problèmes pc) mais dernièrement mon ordinateur n'arrête pas de planter, rien qu'aujourd'hui sur 2h il a planté 7 fois.
la description du problème: l'écran devient bleu avec des lignes colorées qui apparaissent et alors le pc reste comme sa quelques instants, s'éteint puis il redémarre. Ensuite lorsque j'arrive sur mon bureau une notification apparait en me disant que le problème aurait été causé par C:\WINDOWS\MEMORY.DMP.

j'ai vu plusieurs autres personnes qui ont eu le problème mais j'ai pas compris la méthode de résolution.

merci d'avance

21 réponses

  • 1
  • 2
Réponse 1 / 21
Excessimo Messages postés 2111 Date d'inscription jeudi 15 juillet 2010 Statut Membre Dernière intervention 30 novembre 2012 157
Modifié par Excessimo le 24/02/2011 à 22:42
Salut, On va voir si le problème est d'ordre infectieux,

commence par désactiver l'UAC car elle pourrait entraver certains programmes :

https://www.commentcamarche.net/informatique/windows/261-desactiver-le-controle-de-compte-d-utilisateur-uac-de-windows/

Laisse désactivé durant toute la désinfection, je te dirai quand réactiver

LIS BIEN LES INSTRUCTIONS SI TU NE VEUX PAS PLANTER ton PC :) et tant que je ne t'ai PAS confirmé la fin de la désinfection il FAUT revenir consulter REGULIEREMENT le forum même si les symptômes ont disparu :)



===============ZHPDIAG====================

On va faire un diagnostic du PC :

[*]Télécharge ZHPDiag sur ton bureau :

https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

[*]Laisse toi guider lors de l'installation, il se lancera automatiquement à la fin.

/!\Utilisateur de Vista et Seven : Clique droit sur le logo de ZHPdiag, « exécuter en tant qu'Administrateur »

[*]Clique sur l'icône représentant une loupe en haut à gauche (« Lancer le diagnostic »)
[*]Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
[*]Héberge le rapport ZHPDiag.txt (qui se trouve sur ton bureau) sur Cjoint, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum :

https://www.cjoint.com/

tuto zhpdiag :
http://www.premiumorange.com/zeb-help-process/zhpdiag.html
1
Réponse 2 / 21
GERARD
24 févr. 2011 à 23:36
bon j'ai fais tout ce que tu m'as dis EXACTEMENT et voila le lien:

https://www.cjoint.com/?0cyxIfJMFb

encore merci pour ta rapidité !!!
1
Réponse 3 / 21
Excessimo Messages postés 2111 Date d'inscription jeudi 15 juillet 2010 Statut Membre Dernière intervention 30 novembre 2012 157
Modifié par Excessimo le 25/02/2011 à 00:09
Re, je t'invite tout d'abord à désinstaller Spybot, il est devenu obsolète et ralenti ton système inutilement, Avira est amplement suffisant, et il le remplace très bien.

Ensuite il y a quelques Adwares

1)
=============AD-REMOVER==================

* Télécharge AD-Remover ici
ferme toutes les applications en cours !!!

Note : Utilisateurs de vista/seven -> Clic droit sur "Ad-R.exe" puis " Exécuter en tant qu'administrateur "

* Double-clique sur l'icône AD-Remover
* Au menu principal, clique sur "Nettoyer"
* Confirme le lancement de l'analyse et laisse l'outil travailler
* Poste le rapport qui apparait à la fin (il est aussi sauvegardé sous C:\Ad-report-CLEAN.txt )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )


2)
############### Malwarebytes' Anti-Malware ###############

On va passer un scan généraliste,

[x] Télécharge Malwarebytes' Anti-malware sur ton bureau.

http://www.malwarebytes.org/mbam-download.php

* NB : pour lancer le téléchargement, cliquer sur Download NOW"

[x] Désactive ton Antivirus pour éviter les conflits

[x] Installe le en laissant les options par défaut ( Cocher seulement " Créer une icône sur le bureau " )

[x] A la fin de l'installation, laisse les 2 cases pour l"éxécution et la mise à jour cochées.

[x] Une fois lancé, clique sur " Exécuter un examen rapide" puis sur " Rechercher "

[x] Clique ensuite sur " Afficher les résultats " puis sur " SUPPRIMER LA SELECTION !!! ". Valide ensuite par " Ok ".

[x] MBAM ouvrira un rapport, copie/colle son contenu dans ta prochaine réponse.

[x] Note : Tu devra peut être redémarrer ton PC, accepte. Le rapport se trouve dans la partie " Rapports/Logs " du logiciel.

* (NB : S'il te manque"COMCTL32.OCX" lors de l'installe, alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/


3)
on va faire une vérif' :

===============MBRCheck====================

[X] sur le Bureau se trouve MBRCheck (par a_d_13)

[X] Fermer tout et cliquer sur MBRCheck.exe

* S'il te demande de taper "Y or N", tapes Y puis valider en tapant sur la touche entrée de ton clavier,
* S'il te demande de taper sur la touche "entrée" seulement, fais le

[X] Un rapport s'ouvre en fin de scan et sera automatiquement enregistré sur le Bureau. Il sera du type MBRCheck_AA.JJ.MM_hh.mm.ss.txt (i.e. MBRCheck_07.21.10_18.08.06.txt).
1
Réponse 4 / 21
Excessimo Messages postés 2111 Date d'inscription jeudi 15 juillet 2010 Statut Membre Dernière intervention 30 novembre 2012 157
25 févr. 2011 à 11:07
ok, on a viré eorezo (adware), mbam ne détecte rien (postes quand même son résultat qui se trouve dans la partir log/rapport du programme), et MBRCheck est clean.

Télécharge ici : Blue screen View
Décompresse l'archive sur ton Bureau.
Double clique sur le fichier BlueScreenView.exe pour le lancer. (Clic droit Executer en tant qu'administrateur sous Vista/Seven)

A la fin du scan, , clique sur Edit puis Select All.
Puis Go File et Save Selected Items.
Sauve le rapport sous BSOD.txt.
Ouvre BSOD.txt dans le Bloc-notes, copie son contenu et poste le dans ta réponse.
1
GERARD
25 févr. 2011 à 12:32
encore merci !! première fois que j'utilise un forum et waow !!!
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 21
Excessimo Messages postés 2111 Date d'inscription jeudi 15 juillet 2010 Statut Membre Dernière intervention 30 novembre 2012 157
25 févr. 2011 à 12:48
C'est un problème causé par ce drivers mfewfpk.sys, qui est un reste de McAfee,

The Avenger étant incompatible x64,

Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe et sauvegarde le sur ton bureau impérativement !!

/!\Désactive les logiciels de protection (Antivirus, Antispywares), déconnecte toi d'internet /!\ puis :


-+-+-+-+-> CFScript <-+-+-+-+-


[x] Copie le texte ci dessous :

-------------------------------------------------

KillAll::

Driver::

mfewfpk

File::

c:\windows\system32\drivers\mfewfpk.sys

-------------------------------------------------


[x] Ouvre le bloc-note puis colle le texte ci dessus dedans.

[x] Enregistre ce fichier sur ton bureau (appelle le CFScript).

[x] Fais un glisser/déposer de ce fichier sur combofix.exe comme expliqué ici.

[x] Combofix va se lancer, patiente le temps du scan.

/!\ Ne fais rien pendant le scan ( clavier/souris ) /!\

[x] Poste le contenu du rapport qui s'ouvrira dans ta prochaine réponse.
1
Réponse 6 / 21
Excessimo Messages postés 2111 Date d'inscription jeudi 15 juillet 2010 Statut Membre Dernière intervention 30 novembre 2012 157
Modifié par Excessimo le 25/02/2011 à 23:07
Ou lala autant pour moi :)

J'ai lu ton rapport à l'envers. (Pour le "glisser comme" tu as très bien compris ;) ) :

Télécharge ceci et met le impérativement là : C:\

https://www.cjoint.com/?3czva8bDXrn

veille à virer tout ce qu'il y a dans son nom de manière à ce qu'il se nomme : ntoskrnl


-+-+-+-+-> CFScript <-+-+-+-+-

/!\ Attention : Cette procédure n'est valable que pour /!\

[x] Copie le texte ci dessous :

-------------------------------------------------

KillAll::

File::

C:\WINDOWS\System32\ntoskrnl.exe

FCopy::

C:\ntoskrnl.exe | C:\WINDOWS\System32\ntoskrnl.exe

Reboot::

-------------------------------------------------


[x] Ouvre le bloc-note puis colle le texte ci dessus dedans.

[x] Enregistre ce fichier sur ton bureau (appelle le CFScript).

[x] Fais un glisser/déposer de ce fichier sur combofix.exe comme expliqué ici.

[x] Combofix va se lancer, patiente le temps du scan.

/!\ Ne fais rien pendant le scan ( clavier/souris ) /!\

[x] Poste le contenu du rapport qui s'ouvrira dans ta prochaine réponse.
1
Réponse 7 / 21
Excessimo Messages postés 2111 Date d'inscription jeudi 15 juillet 2010 Statut Membre Dernière intervention 30 novembre 2012 157
27 févr. 2011 à 10:16
J'étais presque sûr que ça allait revenir...:)

Télécharge SEAF.exe (de C_XX) sur ton bureau.
http://www.teamxscript.org/SEAFTelechargement.html


-Double clique sur SEAF.exe (Exécuter en tant qu'administrateur pour Vista) .

-Coche les cases:
- Chercher également dans le registre
- Informations supplémentaires


- Tape exactement ce texte dans cette fenêtre puis valide par [Entrée] :

ntoskrnl.exe

-Patiente pendant la recherche, et ne touche a rien ...

-Une fenêtre avec un log .txt va s'afficher.

- Copie/colle ce rapport dans ta prochaine réponse.

Tuto :
http://www.teamxscript.org/SEAFRecherche.html
1
Réponse 8 / 21
Excessimo Messages postés 2111 Date d'inscription jeudi 15 juillet 2010 Statut Membre Dernière intervention 30 novembre 2012 157
28 févr. 2011 à 14:07
non j'ai eu ce que je voulais :)

Bon on va voir si Windows va se réparer comme un grand.

dans le menu démarrer tape ceci dans la barre de recherche :

cmd

Puis clic droit sur cmd éxécuter en tant...

Une fenêtre noire va apparaitre, tape ceci

sfc /scannow

un scan va démarrer patiente, lorsqu'il sera terminé une réponse va apparaitre, transmet la moi dans ta prochaine réponse.

Si cette méthode ne fonctionne pas, j'ai encore une carte à jouer :)

Juste une question : depuis quand bug t-il, est ce suite à une quelconque mise à jour ?
1
Réponse 9 / 21
GERARD
25 févr. 2011 à 09:38
et voila le rapport de mbrcheck:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Studio 1558
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 199):
0x0300A000 \SystemRoot\system32\ntoskrnl.exe
0x035E6000 \SystemRoot\system32\hal.dll
0x00BBB000 \SystemRoot\system32\kdcom.dll
0x00C58000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C9C000 \SystemRoot\system32\PSHED.dll
0x00CB0000 \SystemRoot\system32\CLFS.SYS
0x00D0E000 \SystemRoot\system32\CI.dll
0x00EA3000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F47000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F56000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FAD000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FB6000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00FC0000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FF3000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E00000 \SystemRoot\System32\drivers\partmgr.sys
0x00E15000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E1E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E2A000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E3F000 \SystemRoot\System32\drivers\volmgrx.sys
0x00DCE000 \SystemRoot\System32\drivers\mountmgr.sys
0x01058000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x01262000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x0126D000 \SystemRoot\system32\drivers\fltmgr.sys
0x012B9000 \SystemRoot\system32\drivers\fileinfo.sys
0x012CD000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01408000 \SystemRoot\System32\Drivers\Ntfs.sys
0x012D9000 \SystemRoot\System32\Drivers\msrpc.sys
0x015AB000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01337000 \SystemRoot\System32\Drivers\cng.sys
0x015C5000 \SystemRoot\System32\drivers\pcw.sys
0x015D6000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01699000 \SystemRoot\system32\drivers\ndis.sys
0x0178B000 \SystemRoot\system32\drivers\NETIO.SYS
0x01600000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01803000 \SystemRoot\System32\drivers\tcpip.sys
0x0162B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x013AA000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01675000 \SystemRoot\system32\DRIVERS\stdflt.sys
0x0167D000 \SystemRoot\System32\Drivers\spldr.sys
0x01000000 \SystemRoot\System32\drivers\rdyboost.sys
0x01685000 \SystemRoot\System32\Drivers\mup.sys
0x017EB000 \SystemRoot\System32\drivers\hwpolicy.sys
0x00C00000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x015E0000 \SystemRoot\system32\DRIVERS\disk.sys
0x01A31000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x042E3000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x0430D000 \SystemRoot\System32\Drivers\Null.SYS
0x04316000 \SystemRoot\System32\Drivers\Beep.SYS
0x0431D000 \SystemRoot\System32\drivers\vga.sys
0x0432B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x04350000 \SystemRoot\System32\drivers\watchdog.sys
0x04360000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x04369000 \SystemRoot\system32\drivers\rdpencdd.sys
0x04372000 \SystemRoot\system32\drivers\rdprefmp.sys
0x0437B000 \SystemRoot\System32\Drivers\Msfs.SYS
0x04386000 \SystemRoot\System32\Drivers\Npfs.SYS
0x04397000 \SystemRoot\system32\DRIVERS\tdx.sys
0x043B5000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x04000000 \SystemRoot\System32\DRIVERS\netbt.sys
0x01A6F000 \SystemRoot\system32\drivers\afd.sys
0x01AF9000 \SystemRoot\system32\DRIVERS\vsdatant.sys
0x04045000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x0404E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04074000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x0408A000 \SystemRoot\system32\DRIVERS\netbios.sys
0x04099000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x043C2000 \SystemRoot\system32\DRIVERS\termdd.sys
0x01B8E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x043D6000 \SystemRoot\system32\drivers\nsiproxy.sys
0x043E2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x043ED000 \SystemRoot\System32\drivers\discache.sys
0x01BDF000 \SystemRoot\System32\Drivers\dfsc.sys
0x040B4000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x01A00000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x02E19000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04AC8000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x050FE000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04A00000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04A46000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04A6A000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x04A7B000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02E3F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x044DA000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
0x047C8000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x047D5000 \SystemRoot\system32\DRIVERS\risdpe64.sys
0x04400000 \SystemRoot\system32\DRIVERS\rimspe64.sys
0x04419000 \SystemRoot\system32\DRIVERS\rixdpe64.sys
0x0446F000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x02E95000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x044AD000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x044CB000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x02ED4000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x047EE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x047F0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04A8C000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x04A99000 \SystemRoot\system32\DRIVERS\Impcd.sys
0x051F2000 \SystemRoot\system32\DRIVERS\Acceler.sys
0x02F1F000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04ABE000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x02F35000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x02F3A000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x02F4A000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x02F60000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02F84000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02F90000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02FBF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02FDA000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0103A000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x051FE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x054C8000 \SystemRoot\system32\DRIVERS\ks.sys
0x0550B000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0551D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05577000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0558C000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x055AD000 \SystemRoot\system32\drivers\portcls.sys
0x05400000 \SystemRoot\system32\drivers\drmk.sys
0x05422000 \SystemRoot\system32\drivers\ksthunk.sys
0x05428000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x054A7000 \SystemRoot\System32\Drivers\crashdmp.sys
0x040C5000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x054B5000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000B0000 \SystemRoot\System32\win32k.sys
0x055EA000 \SystemRoot\System32\drivers\Dxapi.sys
0x00C3A000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x02C85000 \SystemRoot\System32\Drivers\usbvideo.sys
0x02CB3000 \SystemRoot\system32\DRIVERS\CtClsFlt.sys
0x02CDE000 \SystemRoot\system32\DRIVERS\monitor.sys
0x02CEC000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x02CFA000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x02D13000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x02D1C000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x02D2A000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x00410000 \SystemRoot\System32\TSDDD.dll
0x006E0000 \SystemRoot\System32\cdd.dll
0x02D37000 \SystemRoot\system32\drivers\luafv.sys
0x02D5A000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x02D77000 \SystemRoot\system32\drivers\WudfPf.sys
0x02D98000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02DAD000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02C00000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02C13000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02C2B000 \SystemRoot\system32\DRIVERS\TurboB.sys
0x02C32000 \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
0x06218000 \SystemRoot\system32\drivers\HTTP.sys
0x062E0000 \SystemRoot\system32\DRIVERS\bowser.sys
0x062FE000 \SystemRoot\System32\drivers\mpsdrv.sys
0x06316000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x06343000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x06391000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06832000 \SystemRoot\system32\drivers\peauth.sys
0x068D8000 \SystemRoot\System32\Drivers\secdrv.SYS
0x068E3000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06910000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06922000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06CC0000 \SystemRoot\System32\DRIVERS\srv.sys
0x06D56000 \SystemRoot\system32\drivers\tdtcp.sys
0x06D61000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0x06D70000 \SystemRoot\System32\Drivers\RDPWD.SYS
0x06DA8000 \SystemRoot\system32\drivers\BCM42RLY.sys
0x06DB1000 \SystemRoot\System32\Drivers\fastfat.SYS
0x77C80000 \WINDOWS\System32\ntdll.dll
0x480C0000 \WINDOWS\System32\smss.exe
0xFFFA0000 \WINDOWS\System32\apisetschema.dll
0xFF3A0000 \WINDOWS\System32\autochk.exe
0xFF200000 \WINDOWS\System32\shell32.dll
0xFF0F0000 \WINDOWS\System32\msctf.dll
0xFF070000 \WINDOWS\System32\difxapi.dll
0xFF040000 \WINDOWS\System32\imm32.dll
0xFEDE0000 \WINDOWS\System32\iertutil.dll
0xFEBD0000 \WINDOWS\System32\ole32.dll
0xFEB30000 \WINDOWS\System32\msvcrt.dll
0xFEB10000 \WINDOWS\System32\imagehlp.dll
0x77E50000 \WINDOWS\System32\normaliz.dll
0xFEB00000 \WINDOWS\System32\lpk.dll
0xFE9D0000 \WINDOWS\System32\rpcrt4.dll
0x77B60000 \WINDOWS\System32\kernel32.dll
0xFE930000 \WINDOWS\System32\comdlg32.dll
0xFE800000 \WINDOWS\System32\wininet.dll
0xFE7E0000 \WINDOWS\System32\sechost.dll
0xFE770000 \WINDOWS\System32\gdi32.dll
0xFE760000 \WINDOWS\System32\nsi.dll
0xFE6E0000 \WINDOWS\System32\shlwapi.dll
0xFE600000 \WINDOWS\System32\oleaut32.dll
0xFE520000 \WINDOWS\System32\advapi32.dll
0x77E40000 \WINDOWS\System32\psapi.dll
0xFE450000 \WINDOWS\System32\usp10.dll
0xFE400000 \WINDOWS\System32\Wldap32.dll
0xFE360000 \WINDOWS\System32\clbcatq.dll
0xFE1E0000 \WINDOWS\System32\urlmon.dll
0x77A60000 \WINDOWS\System32\user32.dll
0xFE000000 \WINDOWS\System32\setupapi.dll
0xFDFB0000 \WINDOWS\System32\ws2_32.dll
0xFDF10000 \WINDOWS\System32\comctl32.dll
0xFDEA0000 \WINDOWS\System32\KernelBase.dll
0xFDE60000 \WINDOWS\System32\wintrust.dll
0xFDCF0000 \WINDOWS\System32\crypt32.dll
0xFDCB0000 \WINDOWS\System32\cfgmgr32.dll
0xFDC90000 \WINDOWS\System32\devobj.dll
0xFDC80000 \WINDOWS\System32\msasn1.dll

Processes (total 79):
0 System Idle Process
4 System
324 C:\WINDOWS\System32\smss.exe
460 csrss.exe
528 C:\WINDOWS\System32\wininit.exe
552 csrss.exe
592 C:\WINDOWS\System32\services.exe
616 C:\WINDOWS\System32\lsass.exe
624 C:\WINDOWS\System32\lsm.exe
720 C:\WINDOWS\System32\svchost.exe
772 C:\WINDOWS\System32\winlogon.exe
880 C:\WINDOWS\System32\svchost.exe
940 C:\WINDOWS\System32\atiesrxx.exe
1012 C:\WINDOWS\System32\svchost.exe
340 C:\WINDOWS\System32\svchost.exe
468 C:\WINDOWS\System32\svchost.exe
428 C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe
960 C:\WINDOWS\System32\audiodg.exe
1160 C:\WINDOWS\System32\svchost.exe
1328 C:\Program Files\Dell\DellDock\DockLogin.exe
1348 C:\WINDOWS\System32\atieclxx.exe
1476 C:\WINDOWS\System32\svchost.exe
1576 C:\WINDOWS\SysWOW64\ZoneLabs\vsmon.exe
1692 C:\WINDOWS\System32\wlanext.exe
1700 C:\WINDOWS\System32\conhost.exe
1840 C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
1864 C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
1872 C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
1972 C:\WINDOWS\System32\spoolsv.exe
2000 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
2020 C:\WINDOWS\System32\svchost.exe
1544 C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
1704 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1100 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1504 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2088 C:\WINDOWS\System32\svchost.exe
2124 C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
2144 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
2192 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2212 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
2256 C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
2264 C:\WINDOWS\System32\conhost.exe
2300 C:\WINDOWS\System32\svchost.exe
2880 C:\WINDOWS\System32\taskhost.exe
3004 C:\WINDOWS\System32\dwm.exe
2756 C:\WINDOWS\explorer.exe
3692 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3700 C:\Program Files\IDT\WDM\sttray64.exe
3708 C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
3732 C:\Program Files\Dell\QuickSet\quickset.exe
3744 C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
3804 WmiPrvSE.exe
3848 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3868 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3912 C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
4036 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
4052 C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
4060 C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
4072 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
4088 C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
3028 C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
2488 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
1264 C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
2184 C:\Program Files (x86)\iTunes\iTunesHelper.exe
2784 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
4216 C:\WINDOWS\System32\svchost.exe
4244 C:\WINDOWS\System32\SearchIndexer.exe
4804 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
5112 C:\Program Files\iPod\bin\iPodService.exe
4924 C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
1296 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
2284 C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
4360 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
3672 C:\WINDOWS\System32\svchost.exe
5076 C:\Program Files\Windows Media Player\wmpnetwk.exe
5536 C:\WINDOWS\servicing\TrustedInstaller.exe
5600 C:\WINDOWS\System32\wuauclt.exe
2572 C:\Program Files (x86)\ZHPDiag\mbrcheck.exe
876 C:\WINDOWS\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003'abf38a00 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-75A23T0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!
0
Réponse 10 / 21
GERARD
25 févr. 2011 à 09:44
bon bizarrement les rapports que j'ai posté avant sont pas passés .... je les reposte:

======= RAPPORT D'AD-REMOVER 2.0.0.2,E | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 21/02/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files (x86)\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 08:24:59 le 25/02/2011, Mode normal

Microsoft Windows 7 Édition Familiale Premium (X64)
gerard@GERARD-PC (Dell Inc. Studio 1558)

============== ACTION(S) ==============


Dossier supprimé: C:\Users\gerard\AppData\LocalLow\Conduit
Dossier supprimé: C:\Program Files (x86)\Conduit
Dossier supprimé: C:\Users\gerard\AppData\Roaming\EoRezo

(!) -- Fichiers temporaires supprimés.


Clé supprimée: HKLM\Software\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Clé supprimée: HKLM\Software\Classes\Conduit.Engine
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2645238
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2738886
Clé supprimée: HKLM\Software\Conduit
Clé supprimée: HKCU\Software\AppDataLow\Toolbar
Clé supprimée: HKCU\Software\AppDataLow\Software\Conduit
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Eoengine
Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Eoweather


============== SCAN ADDITIONNEL ==============

-- C:\Users\gerard\AppData\Roaming\Mozilla\FireFox\Profiles\137ic6bd.default --
Prefs.js - browser.startup.homepage_override.buildID, 20110203141415
Prefs.js - browser.startup.homepage_override.mstone, rv:2.0b11

========================================

**** Internet Explorer Version [8.0.7600.16385] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_URLSearchHooks|{c31212e2-a150-4036-985a-f55e14037b94} (x)
HKCU_URLSearchHooks|{472734EA-242A-422b-ADF8-83D1E48CC825} (x)
HKCU_URLSearchHooks|{91da5e8a-3318-4f8c-b67e-5964de3ab546} - "ZoneAlarm Security Toolbar" (C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll)
HKLM_URLSearchHooks|{91da5e8a-3318-4f8c-b67e-5964de3ab546} - "ZoneAlarm Security Toolbar" (C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll)
HKCU_SearchScopes\{31446CBC-6F75-4E23-916C-F82BF1956365} - "?" (?)
HKCU_Toolbar\WebBrowser|{C31212E2-A150-4036-985A-F55E14037B94} (x)
HKCU_Toolbar\WebBrowser|{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} (C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll)
HKLM_Toolbar|{91da5e8a-3318-4f8c-b67e-5964de3ab546} (C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll)
HKLM_ElevationPolicy\be3d8c36-9fa2-483b-adf6-8cf626a45dba - C:\Program Files (x86)\ZoneAlarm_Security\ZoneAlarm_SecurityToolbarHelper.exe (?)
HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x)
HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x)
HKLM_Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - "Skype add-on for Internet Explorer" (C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\icon.ico)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll)
BHO\{91da5e8a-3318-4f8c-b67e-5964de3ab546} - "ZoneAlarm Security Toolbar" (C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll)

========================================

C:\Program Files (x86)\Ad-Remover\Quarantine: 6 Fichier(s)
C:\Program Files (x86)\Ad-Remover\Backup: 14 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 25/02/2011 08:25:15 (4471 Octet(s))

Fin à: 08:26:05, 25/02/2011

============== E.O.F ==============



et pour le rapport de malware, il n'a rien trouvé .... et j'ai perdu le rapport si t'en a besoin je le retrouve.
0
Réponse 11 / 21
GERARD
25 févr. 2011 à 12:30
voila le rapport de malware:


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 5871

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

25/02/2011 08:33:59
mbam-log-2011-02-25 (08-33-59).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 172289
Temps écoulé: 2 minute(s), 57 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


et voila le scan de blue scree :

==================================================
Dump File : 022411-13119-01.dmp
Crash Time : 24/02/2011 21:27:39
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff800'03081ec0
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16617 (win7_gdr.100618-1621)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\022411-13119-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 022411-14383-01.dmp
Crash Time : 24/02/2011 21:26:53
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff800'0304bec0
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16617 (win7_gdr.100618-1621)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\022411-14383-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 022411-13962-01.dmp
Crash Time : 24/02/2011 21:03:57
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff800'0308aec0
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16617 (win7_gdr.100618-1621)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\022411-13962-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 022411-14866-01.dmp
Crash Time : 24/02/2011 20:40:33
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff800'0308aec0
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16617 (win7_gdr.100618-1621)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\022411-14866-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 022411-13540-01.dmp
Crash Time : 24/02/2011 20:36:56
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff800'03038ec0
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16617 (win7_gdr.100618-1621)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\022411-13540-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 022411-18486-01.dmp
Crash Time : 24/02/2011 20:25:02
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff800'030a0ec0
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16617 (win7_gdr.100618-1621)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\022411-18486-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 022411-19125-01.dmp
Crash Time : 24/02/2011 20:19:03
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff800'0308aec0
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16617 (win7_gdr.100618-1621)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\022411-19125-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 022411-20560-01.dmp
Crash Time : 24/02/2011 20:07:07
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff800'03098ec0
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16617 (win7_gdr.100618-1621)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\022411-20560-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 022411-22854-01.dmp
Crash Time : 24/02/2011 19:49:05
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff800'03086ec0
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16617 (win7_gdr.100618-1621)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\022411-22854-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 022311-18376-01.dmp
Crash Time : 23/02/2011 20:21:34
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff800'03052ec0
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16617 (win7_gdr.100618-1621)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\022311-18376-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 022211-15709-01.dmp
Crash Time : 22/02/2011 22:05:49
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff880'013d1237
Caused By Driver : mfewfpk.sys
Caused By Address : mfewfpk.sys+17237
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\022211-15709-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 022211-14461-01.dmp
Crash Time : 22/02/2011 00:15:57
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff880'01a57237
Caused By Driver : mfewfpk.sys
Caused By Address : mfewfpk.sys+17237
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\022211-14461-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 022011-18876-01.dmp
Crash Time : 20/02/2011 23:18:51
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff880'00c8d237
Caused By Driver : mfewfpk.sys
Caused By Address : mfewfpk.sys+17237
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\022011-18876-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 022011-15693-01.dmp
Crash Time : 20/02/2011 23:06:46
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff880'00c17237
Caused By Driver : mfewfpk.sys
Caused By Address : mfewfpk.sys+17237
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\022011-15693-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 021711-17113-01.dmp
Crash Time : 17/02/2011 07:20:45
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff880'00dbd237
Caused By Driver : mfewfpk.sys
Caused By Address : mfewfpk.sys+17237
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\021711-17113-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 021511-19796-01.dmp
Crash Time : 15/02/2011 20:34:22
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff880'00dcd237
Caused By Driver : mfewfpk.sys
Caused By Address : mfewfpk.sys+17237
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\021511-19796-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 021511-15256-01.dmp
Crash Time : 15/02/2011 09:57:33
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff800'03044ec0
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16617 (win7_gdr.100618-1621)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\021511-15256-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 021011-16052-01.dmp
Crash Time : 10/02/2011 21:02:15
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff880'01784237
Caused By Driver : mfewfpk.sys
Caused By Address : mfewfpk.sys+17237
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\021011-16052-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 021011-17284-01.dmp
Crash Time : 10/02/2011 19:36:58
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff880'01795237
Caused By Driver : mfewfpk.sys
Caused By Address : mfewfpk.sys+17237
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\021011-17284-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 021011-17440-01.dmp
Crash Time : 10/02/2011 19:24:44
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff880'01a9e237
Caused By Driver : mfewfpk.sys
Caused By Address : mfewfpk.sys+17237
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\021011-17440-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 020811-18657-01.dmp
Crash Time : 8/02/2011 22:37:09
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff880'01af5237
Caused By Driver : mfewfpk.sys
Caused By Address : mfewfpk.sys+17237
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\020811-18657-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 020611-19858-01.dmp
Crash Time : 6/02/2011 19:36:01
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff880'016a2237
Caused By Driver : mfewfpk.sys
Caused By Address : mfewfpk.sys+17237
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\020611-19858-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 012411-15319-01.dmp
Crash Time : 24/01/2011 22:25:26
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff880'00dc2237
Caused By Driver : mfewfpk.sys
Caused By Address : mfewfpk.sys+17237
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\012411-15319-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 011611-14305-01.dmp
Crash Time : 16/01/2011 11:15:08
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff880'01ac8237
Caused By Driver : mfewfpk.sys
Caused By Address : mfewfpk.sys+17237
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\011611-14305-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 011511-18844-01.dmp
Crash Time : 15/01/2011 19:26:41
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff880'01817237
Caused By Driver : mfewfpk.sys
Caused By Address : mfewfpk.sys+17237
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\011511-18844-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 011511-15818-01.dmp
Crash Time : 15/01/2011 19:08:27
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff880'0173d237
Caused By Driver : mfewfpk.sys
Caused By Address : mfewfpk.sys+17237
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\011511-15818-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 011511-14898-01.dmp
Crash Time : 15/01/2011 01:08:21
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff880'013d2237
Caused By Driver : mfewfpk.sys
Caused By Address : mfewfpk.sys+17237
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\011511-14898-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 011011-14055-01.dmp
Crash Time : 10/01/2011 19:20:26
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff880'01b23237
Caused By Driver : mfewfpk.sys
Caused By Address : mfewfpk.sys+17237
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\011011-14055-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 010911-17362-01.dmp
Crash Time : 9/01/2011 15:57:21
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff880'01abf237
Caused By Driver : mfewfpk.sys
Caused By Address : mfewfpk.sys+17237
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\010911-17362-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 010111-16380-01.dmp
Crash Time : 1/01/2011 02:02:49
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff880'01817237
Caused By Driver : mfewfpk.sys
Caused By Address : mfewfpk.sys+17237
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\010111-16380-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================
0
Réponse 12 / 21
GERARD
25 févr. 2011 à 20:13
voila le rapport de combofix, le seul problème c'est que ton lien qui explique comment glisser un fichier sur combofix, ne marche pas (j'ai essayé plusieurs fois avec internet, firefox et opéra.) donc j'ai suivi tes étapes et j'ai compris le "glisser comme "prendre le fichier et le déposer sur le combofix.exe et il s'est lancé..... bon si c'est pas sa dis le moi je referais la démarche mais voila le rapport quand même:

ComboFix 11-02-24.05 - gerard 25/02/2011 18:18:26.2.4 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.32.1036.18.3957.2507 [GMT 1:00]
Lancé depuis: c:\users\gerard\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\gerard\Desktop\CFScript.txt
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\drivers\mfewfpk.sys"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MFEWFPK


((((((((((((((((((((((((((((( Fichiers créés du 2011-01-25 au 2011-02-25 ))))))))))))))))))))))))))))))))))))
.

2011-02-25 17:24 . 2011-02-25 17:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-25 07:24 . 2011-02-25 07:24 -------- d-----w- c:\program files (x86)\Ad-Remover
2011-02-24 22:11 . 2011-02-24 22:11 -------- d-----w- c:\windows\Sun
2011-02-24 21:28 . 2011-02-24 21:31 -------- d-----w- c:\program files (x86)\ZHPDiag
2011-02-24 00:54 . 2011-02-24 00:54 -------- d-----w- c:\users\gerard\AppData\Roaming\codeblocks
2011-02-23 23:27 . 2011-02-23 23:27 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-02-23 19:02 . 2011-02-02 16:10 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F7074CA-5982-4893-A805-E26709FD994B}\mpengine.dll
2011-02-23 19:02 . 2011-02-02 16:11 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-02-23 12:04 . 2011-02-23 12:04 -------- d-----w- c:\users\gerard\AppData\Roaming\Steinberg
2011-02-22 19:14 . 2011-02-22 19:14 -------- d-----w- c:\windows\SysWow64\Adobe
2011-02-19 23:00 . 2011-02-19 23:00 -------- d-----w- c:\program files (x86)\CodeBlocks
2011-02-19 03:07 . 2011-02-19 03:07 -------- d-----w- c:\users\Mcx1-GERARD-PC
2011-02-19 02:22 . 2011-02-19 02:24 -------- d--h--w- c:\windows\msdownld.tmp
2011-02-19 02:22 . 2011-02-19 02:26 -------- d-----w- c:\users\gerard\AppData\Roaming\XBMC
2011-02-18 13:59 . 2011-02-18 13:59 -------- d-----w- c:\users\gerard\AppData\Local\Mozilla
2011-02-18 13:58 . 2011-02-19 22:01 -------- d-----w- c:\program files (x86)\Mozilla Firefox 4.0 Beta 11
2011-02-18 07:39 . 2011-02-18 07:39 -------- d-----w- C:\Python27
2011-02-15 03:33 . 2011-02-15 03:33 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-02-15 03:33 . 2011-02-15 03:33 704320 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-02-14 12:25 . 2011-02-14 12:25 -------- d-----w- c:\users\gerard\.thumbnails
2011-02-14 12:25 . 2011-02-14 12:25 -------- d-----w- c:\users\gerard\AppData\Roaming\Blender Foundation
2011-02-14 10:34 . 2011-02-14 10:34 -------- d-----w- c:\users\gerard\.idlerc
2011-02-14 09:47 . 2011-02-14 09:47 -------- d-----w- C:\Documents
2011-02-14 06:23 . 2011-02-14 06:23 -------- d-----w- c:\users\gerard\AppData\Roaming\LolClient
2011-02-14 00:05 . 2008-07-31 09:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll
2011-02-14 00:05 . 2008-07-31 09:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll
2011-02-14 00:05 . 2008-07-12 07:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2011-02-14 00:05 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2011-02-14 00:05 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2011-02-14 00:00 . 2011-02-14 00:00 -------- d-----w- C:\Riot Games
2011-02-13 18:05 . 2011-02-14 06:23 -------- d-----w- c:\users\gerard\AppData\Local\PMB Files
2011-02-13 18:05 . 2011-02-13 18:58 -------- d-----w- c:\programdata\PMB Files
2011-02-13 18:04 . 2011-02-13 18:04 -------- d-----w- c:\program files (x86)\Pando Networks
2011-02-02 13:31 . 2011-02-02 13:31 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-02-02 13:31 . 2011-02-02 13:31 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-01-30 15:45 . 2011-01-30 15:45 135568 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-01-28 22:53 . 2011-01-28 22:54 -------- d-----w- c:\program files\iTunes
2011-01-28 22:53 . 2011-01-28 22:54 -------- d-----w- c:\program files (x86)\iTunes
2011-01-28 22:53 . 2011-01-28 22:53 -------- d-----w- c:\program files\iPod
2011-01-27 01:47 . 2011-01-27 01:47 84621672 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\wlcAA30.tmp

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 20:40 . 2010-10-22 10:35 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-01-14 19:11 . 2011-01-14 19:11 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-01-14 19:11 . 2011-01-14 19:11 704320 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-12-20 17:09 . 2010-12-27 20:54 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-12-27 20:54 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-19 17:40 . 2010-12-19 17:40 1548080 ----a-w- c:\windows\SysWow64\install.scr
2010-12-13 07:40 . 2010-12-27 21:20 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-13 07:40 . 2010-12-27 21:20 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files (x86)\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
2010-12-01 10:27 2735200 ----a-w- c:\program files (x86)\ZoneAlarm_Security\tbZone.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files (x86)\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-11 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-18 98304]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2010-11-16 1043968]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

c:\users\gerard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 - Capture d''cran et lancement.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-16 1324384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

R2 gupdate;Service Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-11 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-19 50688]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-13 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [2009-07-23 18792]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-18 202752]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-12-13 135336]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-06-23 60928]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2010-11-05 33528]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2010-11-05 822264]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-07-02 60416]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2009-07-01 80896]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-07-04 55808]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2009-07-24 23912]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-12 151040]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]

.
Contenu du dossier 'Tâches planifiées'

2011-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-11 21:17]

2011-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-11 21:17]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF23731.cfxxe" [X]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-20 487424]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2009-12-16 5470208]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-04-02 3217056]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-11-05 1123320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Envoyer à OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: E&xporter vers Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\gerard\AppData\Roaming\Mozilla\Firefox\Profiles\137ic6bd.default\
.
- - - - ORPHELINS SUPPRIMES - - - -

URLSearchHooks-{c31212e2-a150-4036-985a-f55e14037b94} - (no file)
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{C31212E2-A150-4036-985A-F55E14037B94} - (no file)
WebBrowser-{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Visages birmans - c:\windows\system32\install.scr


.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Heure de fin: 2011-02-25 19:06:45 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-02-25 18:06

Avant-CF: 240.391.852.032 octets libres
Après-CF: 240.038.903.808 octets libres

- - End Of File - - 7230D5C285F3C6D17F9116BAE832C2AA
0
Réponse 13 / 21
GERARD
26 févr. 2011 à 11:27
voila le rapport mais ya un truc que je comprends pas dans ton dernier post, /!\ Attention : Cette procédure n'est valable que pour /!\ je crois que t'as oublié la fin :).


ComboFix 11-02-24.05 - gerard 26/02/2011 10:10:25.3.4 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.32.1036.18.3957.2686 [GMT 1:00]
Lancé depuis: c:\users\gerard\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\gerard\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\windows\System32\ntoskrnl.exe"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\ntoskrnl.exe --> c:\WINDOWS\System32\ntoskrnl.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-01-26 au 2011-02-26 ))))))))))))))))))))))))))))))))))))
.

2011-02-26 09:15 . 2011-02-26 09:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-26 02:53 . 2011-02-26 02:53 5563776 ------w- C:\ntoskrnl.exe
2011-02-25 07:24 . 2011-02-25 07:24 -------- d-----w- c:\program files (x86)\Ad-Remover
2011-02-24 22:11 . 2011-02-24 22:11 -------- d-----w- c:\windows\Sun
2011-02-24 21:28 . 2011-02-24 21:31 -------- d-----w- c:\program files (x86)\ZHPDiag
2011-02-24 00:54 . 2011-02-24 00:54 -------- d-----w- c:\users\gerard\AppData\Roaming\codeblocks
2011-02-23 23:27 . 2011-02-23 23:27 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-02-23 19:02 . 2011-02-02 16:10 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F7074CA-5982-4893-A805-E26709FD994B}\mpengine.dll
2011-02-23 19:02 . 2011-02-02 16:11 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-02-23 12:04 . 2011-02-23 12:04 -------- d-----w- c:\users\gerard\AppData\Roaming\Steinberg
2011-02-22 19:14 . 2011-02-22 19:14 -------- d-----w- c:\windows\SysWow64\Adobe
2011-02-19 23:00 . 2011-02-19 23:00 -------- d-----w- c:\program files (x86)\CodeBlocks
2011-02-19 03:07 . 2011-02-19 03:07 -------- d-----w- c:\users\Mcx1-GERARD-PC
2011-02-19 02:22 . 2011-02-19 02:24 -------- d--h--w- c:\windows\msdownld.tmp
2011-02-19 02:22 . 2011-02-19 02:26 -------- d-----w- c:\users\gerard\AppData\Roaming\XBMC
2011-02-18 13:59 . 2011-02-18 13:59 -------- d-----w- c:\users\gerard\AppData\Local\Mozilla
2011-02-18 13:58 . 2011-02-26 09:01 -------- d-----w- c:\program files (x86)\Mozilla Firefox 4.0 Beta 11
2011-02-18 07:39 . 2011-02-18 07:39 -------- d-----w- C:\Python27
2011-02-15 03:33 . 2011-02-15 03:33 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-02-15 03:33 . 2011-02-15 03:33 704320 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-02-14 12:25 . 2011-02-14 12:25 -------- d-----w- c:\users\gerard\.thumbnails
2011-02-14 12:25 . 2011-02-14 12:25 -------- d-----w- c:\users\gerard\AppData\Roaming\Blender Foundation
2011-02-14 10:34 . 2011-02-14 10:34 -------- d-----w- c:\users\gerard\.idlerc
2011-02-14 09:47 . 2011-02-14 09:47 -------- d-----w- C:\Documents
2011-02-14 06:23 . 2011-02-14 06:23 -------- d-----w- c:\users\gerard\AppData\Roaming\LolClient
2011-02-14 00:05 . 2008-07-31 09:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll
2011-02-14 00:05 . 2008-07-31 09:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll
2011-02-14 00:05 . 2008-07-12 07:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2011-02-14 00:05 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2011-02-14 00:05 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2011-02-14 00:00 . 2011-02-14 00:00 -------- d-----w- C:\Riot Games
2011-02-13 18:05 . 2011-02-14 06:23 -------- d-----w- c:\users\gerard\AppData\Local\PMB Files
2011-02-13 18:05 . 2011-02-13 18:58 -------- d-----w- c:\programdata\PMB Files
2011-02-13 18:04 . 2011-02-13 18:04 -------- d-----w- c:\program files (x86)\Pando Networks
2011-02-02 13:31 . 2011-02-02 13:31 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-02-02 13:31 . 2011-02-02 13:31 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-01-30 15:45 . 2011-01-30 15:45 135568 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-01-28 22:53 . 2011-01-28 22:54 -------- d-----w- c:\program files\iTunes
2011-01-28 22:53 . 2011-01-28 22:54 -------- d-----w- c:\program files (x86)\iTunes
2011-01-28 22:53 . 2011-01-28 22:53 -------- d-----w- c:\program files\iPod

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-26 02:53 . 2010-10-22 13:07 5563776 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-02-02 20:40 . 2010-10-22 10:35 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-01-14 19:11 . 2011-01-14 19:11 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-01-14 19:11 . 2011-01-14 19:11 704320 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-12-20 17:09 . 2010-12-27 20:54 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-12-27 20:54 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-19 17:40 . 2010-12-19 17:40 1548080 ----a-w- c:\windows\SysWow64\install.scr
2010-12-13 07:40 . 2010-12-27 21:20 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-13 07:40 . 2010-12-27 21:20 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
.

((((((((((((((((((((((((((((( SnapShot@2011-02-25_18.03.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-15 08:19 . 2011-02-26 02:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-11-15 08:19 . 2011-02-25 17:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2011-02-25 17:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-02-26 09:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-02-25 17:27 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-02-26 09:16 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-02-26 09:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-02-25 17:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-22 11:16 . 2011-02-26 02:50 48844 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-02-25 17:07 34166 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-02-26 02:50 34166 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-11-12 01:18 . 2011-02-26 02:50 13778 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-118899141-2189773999-3650851856-1001_UserData.bin
+ 2010-11-11 18:59 . 2011-02-26 02:48 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-11-11 18:59 . 2011-02-25 17:27 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-11-11 18:59 . 2011-02-25 17:27 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-11-11 18:59 . 2011-02-26 02:48 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-11-11 18:59 . 2011-02-26 02:48 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-11-11 18:59 . 2011-02-25 17:27 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-11-11 21:04 . 2011-02-25 17:27 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-11 21:04 . 2011-02-26 02:48 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-11 22:08 . 2011-02-26 08:59 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\index.dat
- 2010-11-11 22:08 . 2011-02-25 18:03 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\index.dat
- 2010-11-11 21:04 . 2011-02-25 17:27 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-11 21:04 . 2011-02-26 02:48 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-26 09:16 . 2011-02-26 09:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-02-25 17:25 . 2011-02-25 17:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-02-26 09:16 . 2011-02-26 09:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-02-25 17:25 . 2011-02-25 17:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-11-12 01:12 . 2011-02-26 08:56 290706 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 05:01 . 2011-02-25 17:24 396660 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-02-26 09:15 396660 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-02-25 07:26 . 2011-02-25 17:24 396660 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-118899141-2189773999-3650851856-1001-12288.dat
+ 2011-02-25 07:26 . 2011-02-26 09:15 396660 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-118899141-2189773999-3650851856-1001-12288.dat
- 2009-07-14 02:34 . 2011-02-25 07:40 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-02-26 03:01 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files (x86)\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
2010-12-01 10:27 2735200 ----a-w- c:\program files (x86)\ZoneAlarm_Security\tbZone.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files (x86)\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-11 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-18 98304]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2010-11-16 1043968]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

c:\users\gerard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 - Capture d''cran et lancement.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-16 1324384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

R2 gupdate;Service Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-11 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-19 50688]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-13 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [2009-07-23 18792]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-18 202752]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-12-13 135336]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-06-23 60928]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2010-11-05 33528]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2010-11-05 822264]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-07-02 60416]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2009-07-01 80896]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-07-04 55808]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2009-07-24 23912]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-12 151040]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]

.
Contenu du dossier 'Tâches planifiées'

2011-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-11 21:17]

2011-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-11 21:17]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-20 487424]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2009-12-16 5470208]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-11-05 1123320]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Envoyer à OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: E&xporter vers Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\gerard\AppData\Roaming\Mozilla\Firefox\Profiles\137ic6bd.default\
.
- - - - ORPHELINS SUPPRIMES - - - -

Toolbar-Locked - (no file)
WebBrowser-{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - (no file)


.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Heure de fin: 2011-02-26 10:21:02 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-02-26 09:21
ComboFix2.txt 2011-02-25 18:06

Avant-CF: 239.747.821.568 octets libres
Après-CF: 239.664.136.192 octets libres

- - End Of File - - A251E9C83552D2969711DD10B368B0E8
0
Excessimo Messages postés 2111 Date d'inscription jeudi 15 juillet 2010 Statut Membre Dernière intervention 30 novembre 2012 157
26 févr. 2011 à 11:34
Bon il n'a pas supprimé ce que je voulais, bizarre, par contre la copie à réussi.

Bon continues à te servir de ton PC, au moindre BlueScreen revient me le dire ;)
0
GERARD
26 févr. 2011 à 14:18
ok merci pour tout.

et j'hésiterais pas! sinon tu saurais me dire pourquoi j'avais ces crash ??
0
Réponse 14 / 21
GERARD
27 févr. 2011 à 09:25
juste une question, tout ce qui est affiché ne pourrait pas etre utilisé par qqun je suppose ??
0
Réponse 15 / 21
GERARD
27 févr. 2011 à 09:30
LOL pendant que je t'écrivais j'ai eu un écran bleu ....
0
Réponse 16 / 21
GERARD
28 févr. 2011 à 01:17
Voila le rapport , si tu réponds à toutes les personnes comme tu le fais avecmoi je px comprendre que tu n'aies pas le temps de me répondre mais je me posais la question de ta formation ?? si tu étais un informaticien avec un doctorat et qui travaille actuellement dans une agence de sécurité ou autre ?? juste par curiosité (ton savoir m'a quand même impressionné et j'arrive tjrs pas à comprendre comment tu fais pour tout analyser ??) ciao et encore merci pour tout.


1. ========================= SEAF 1.0.1.0 - C_XX
2.
3. Commencé à: 01:03:41 le 28/02/2011
4.
5. Valeur(s) recherchée(s):
6. ntoskrnl.exe
7.
8. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès
9.
10. (!) --- Informations supplémentaires
11. (!) --- Recherche registre
12.
13. ====== Fichier(s) ======
14.
15.
16. "C:\ntoskrnl.exe" [ NORMAL | 5564 Ko ]
17. TC: 26/02/2011,03:53:14 | TM: 26/02/2011,03:53:18 | DA: 26/02/2011,03:53:11
18.
19. CompanyName: Microsoft Corporation
20. ProductName: Microsoft® Windows® Operating System
21. InternalName: ntkrnlmp.exe
22. OriginalFileName: ntkrnlmp.exe
23. LegalCopyright: © Microsoft Corporation. All rights reserved.
24. ProductVersion: 6.1.7601.17514
25. FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
26.
27. =========================
28.
29.
30. "C:\WINDOWS\ERDNT\cache64\ntoskrnl.exe" [ ARCHIVE | 5508 Ko ]
31. TC: 25/02/2011,19:05:19 | TM: 22/10/2010,14:07:52 | DA: 25/02/2011,19:05:19
32.
33. CompanyName: Microsoft Corporation
34. ProductName: Microsoft® Windows® Operating System
35. InternalName: ntkrnlmp.exe
36. OriginalFileName: ntkrnlmp.exe
37. LegalCopyright: © Microsoft Corporation. All rights reserved.
38. ProductVersion: 6.1.7600.16617
39. FileVersion: 6.1.7600.16617 (win7_gdr.100618-1621)
40.
41. =========================
42.
43.
44. "C:\WINDOWS\ERDNT\cache86\ntoskrnl.exe" [ ARCHIVE | 5564 Ko ]
45. TC: 25/02/2011,19:05:20 | TM: 26/02/2011,03:53:18 | DA: 25/02/2011,19:05:20
46.
47. CompanyName: Microsoft Corporation
48. ProductName: Microsoft® Windows® Operating System
49. InternalName: ntkrnlmp.exe
50. OriginalFileName: ntkrnlmp.exe
51. LegalCopyright: © Microsoft Corporation. All rights reserved.
52. ProductVersion: 6.1.7601.17514
53. FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
54.
55. =========================
56.
57.
58. "C:\WINDOWS\System32\ntoskrnl.exe" [ ARCHIVE | 3902 Ko ]
59. TC: 28/02/2011,00:10:04 | TM: 27/10/2010,05:43:38 | DA: 28/02/2011,00:10:04
60.
61. CompanyName: Microsoft Corporation
62. ProductName: Microsoft® Windows® Operating System
63. InternalName: ntkrnlmp.exe
64. OriginalFileName: ntkrnlmp.exe
65. LegalCopyright: © Microsoft Corporation. All rights reserved.
66. ProductVersion: 6.1.7600.16695
67. FileVersion: 6.1.7600.16695 (win7_gdr.101026-1503)
68.
69. =========================
70.
71.
72. "C:\WINDOWS\SysWOW64\ntoskrnl.exe" [ ARCHIVE | 3902 Ko ]
73. TC: 28/02/2011,00:10:04 | TM: 27/10/2010,05:43:38 | DA: 28/02/2011,00:10:04
74.
75. CompanyName: Microsoft Corporation
76. ProductName: Microsoft® Windows® Operating System
77. InternalName: ntkrnlmp.exe
78. OriginalFileName: ntkrnlmp.exe
79. LegalCopyright: © Microsoft Corporation. All rights reserved.
80. ProductVersion: 6.1.7600.16695
81. FileVersion: 6.1.7600.16695 (win7_gdr.101026-1503)
82.
83. =========================
84.
85.
86. "C:\WINDOWS\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_c8255347cdd4190f\ntoskrnl.exe" [ ARCHIVE | 5511 Ko ]
87. TC: 14/07/2009,00:41:51 | TM: 14/07/2009,02:48:28 | DA: 14/07/2009,16:38:10
88.
89. CompanyName: Microsoft Corporation
90. ProductName: Microsoft® Windows® Operating System
91. InternalName: ntkrnlmp.exe
92. OriginalFileName: ntkrnlmp.exe
93. LegalCopyright: © Microsoft Corporation. All rights reserved.
94. ProductVersion: 6.1.7600.16385
95. FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
96.
97. =========================
98.
99.
100. "C:\WINDOWS\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16617_none_c8730901cd997f9b\ntoskrnl.exe" [ ARCHIVE | 5508 Ko ]
101. TC: 22/10/2010,14:07:52 | TM: 22/10/2010,14:07:52 | DA: 22/10/2010,14:07:52
102.
103. CompanyName: Microsoft Corporation
104. ProductName: Microsoft® Windows® Operating System
105. InternalName: ntkrnlmp.exe
106. OriginalFileName: ntkrnlmp.exe
107. LegalCopyright: © Microsoft Corporation. All rights reserved.
108. ProductVersion: 6.1.7600.16617
109. FileVersion: 6.1.7600.16617 (win7_gdr.100618-1621)
110.
111. =========================
112.
113.
114. "C:\WINDOWS\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_c81a890dcddc2c75\ntoskrnl.exe" [ ARCHIVE | 5511 Ko ]
115. TC: 28/02/2011,00:10:04 | TM: 27/10/2010,06:18:36 | DA: 28/02/2011,00:10:04
116.
117. CompanyName: Microsoft Corporation
118. ProductName: Microsoft® Windows® Operating System
119. InternalName: ntkrnlmp.exe
120. OriginalFileName: ntkrnlmp.exe
121. LegalCopyright: © Microsoft Corporation. All rights reserved.
122. ProductVersion: 6.1.7600.16695
123. FileVersion: 6.1.7600.16695 (win7_gdr.101026-1503)
124.
125. =========================
126.
127.
128. "C:\WINDOWS\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20738_none_c8e8063ee6c6709e\ntoskrnl.exe" [ ARCHIVE | 5474 Ko ]
129. TC: 22/10/2010,14:07:52 | TM: 22/10/2010,14:07:52 | DA: 22/10/2010,14:07:52
130.
131. CompanyName: Microsoft Corporation
132. ProductName: Microsoft® Windows® Operating System
133. InternalName: ntkrnlmp.exe
134. OriginalFileName: ntkrnlmp.exe
135. LegalCopyright: © Microsoft Corporation. All rights reserved.
136. ProductVersion: 6.1.7600.20738
137. FileVersion: 6.1.7600.20738 (win7_ldr.100618-1621)
138.
139. =========================
140.
141.
142. "C:\WINDOWS\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20826_none_c8f0d77ce6c01f26\ntoskrnl.exe" [ ARCHIVE | 5477 Ko ]
143. TC: 28/02/2011,00:10:05 | TM: 27/10/2010,06:23:11 | DA: 28/02/2011,00:10:05
144.
145. CompanyName: Microsoft Corporation
146. ProductName: Microsoft® Windows® Operating System
147. InternalName: ntkrnlmp.exe
148. OriginalFileName: ntkrnlmp.exe
149. LegalCopyright: © Microsoft Corporation. All rights reserved.
150. ProductVersion: 6.1.7600.20826
151. FileVersion: 6.1.7600.20826 (win7_ldr.101026-1502)
152.
153. =========================
154.
155.
156. "C:\WINDOWS\winsxs\Backup\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_c81a890dcddc2c75_ntoskrnl.exe_0fb0ab79" [ ARCHIVE | 5511 Ko ]
157. TC: 28/02/2011,00:18:02 | TM: 28/02/2011,00:12:23 | DA: 28/02/2011,00:12:22
158.
159. CompanyName: Microsoft Corporation
160. ProductName: Microsoft® Windows® Operating System
161. InternalName: ntkrnlmp.exe
162. OriginalFileName: ntkrnlmp.exe
163. LegalCopyright: © Microsoft Corporation. All rights reserved.
164. ProductVersion: 6.1.7600.16695
165. FileVersion: 6.1.7600.16695 (win7_gdr.101026-1503)
166.
167. =========================
168.
169.
170. "C:\WINDOWS\winsxs\Backup\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_6bfbed8a157ebb3f_ntoskrnl.exe_0fb0ab79" [ ARCHIVE | 3902 Ko ]
171. TC: 28/02/2011,00:18:02 | TM: 28/02/2011,00:12:23 | DA: 28/02/2011,00:12:23
172.
173. CompanyName: Microsoft Corporation
174. ProductName: Microsoft® Windows® Operating System
175. InternalName: ntkrnlmp.exe
176. OriginalFileName: ntkrnlmp.exe
177. LegalCopyright: © Microsoft Corporation. All rights reserved.
178. ProductVersion: 6.1.7600.16695
179. FileVersion: 6.1.7600.16695 (win7_gdr.101026-1503)
180.
181. =========================
182.
183.
184. "C:\WINDOWS\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_6c06b7c41576a7d9\ntoskrnl.exe" [ ARCHIVE | 3899 Ko ]
185. TC: 14/07/2009,00:15:49 | TM: 14/07/2009,02:20:44 | DA: 14/07/2009,00:15:49
186.
187. CompanyName: Microsoft Corporation
188. ProductName: Microsoft® Windows® Operating System
189. InternalName: ntkrnlmp.exe
190. OriginalFileName: ntkrnlmp.exe
191. LegalCopyright: © Microsoft Corporation. All rights reserved.
192. ProductVersion: 6.1.7600.16385
193. FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
194.
195. =========================
196.
197.
198. "C:\WINDOWS\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16617_none_6c546d7e153c0e65\ntoskrnl.exe" [ ARCHIVE | 3900 Ko ]
199. TC: 22/10/2010,14:07:52 | TM: 22/10/2010,14:07:52 | DA: 22/10/2010,14:07:52
200.
201. CompanyName: Microsoft Corporation
202. ProductName: Microsoft® Windows® Operating System
203. InternalName: ntkrnlmp.exe
204. OriginalFileName: ntkrnlmp.exe
205. LegalCopyright: © Microsoft Corporation. All rights reserved.
206. ProductVersion: 6.1.7600.16617
207. FileVersion: 6.1.7600.16617 (win7_gdr.100618-1621)
208.
209. =========================
210.
211.
212. "C:\WINDOWS\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_6bfbed8a157ebb3f\ntoskrnl.exe" [ ARCHIVE | 3902 Ko ]
213. TC: 28/02/2011,00:10:04 | TM: 27/10/2010,05:43:38 | DA: 28/02/2011,00:10:04
214.
215. CompanyName: Microsoft Corporation
216. ProductName: Microsoft® Windows® Operating System
217. InternalName: ntkrnlmp.exe
218. OriginalFileName: ntkrnlmp.exe
219. LegalCopyright: © Microsoft Corporation. All rights reserved.
220. ProductVersion: 6.1.7600.16695
221. FileVersion: 6.1.7600.16695 (win7_gdr.101026-1503)
222.
223. =========================
224.
225.
226. "C:\WINDOWS\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20738_none_6cc96abb2e68ff68\ntoskrnl.exe" [ ARCHIVE | 3910 Ko ]
227. TC: 22/10/2010,14:07:52 | TM: 22/10/2010,14:07:52 | DA: 22/10/2010,14:07:52
228.
229. CompanyName: Microsoft Corporation
230. ProductName: Microsoft® Windows® Operating System
231. InternalName: ntkrnlmp.exe
232. OriginalFileName: ntkrnlmp.exe
233. LegalCopyright: © Microsoft Corporation. All rights reserved.
234. ProductVersion: 6.1.7600.20738
235. FileVersion: 6.1.7600.20738 (win7_ldr.100618-1621)
236.
237. =========================
238.
239.
240. "C:\WINDOWS\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20826_none_6cd23bf92e62adf0\ntoskrnl.exe" [ ARCHIVE | 3912 Ko ]
241. TC: 28/02/2011,00:10:04 | TM: 27/10/2010,05:33:37 | DA: 28/02/2011,00:10:04
242.
243. CompanyName: Microsoft Corporation
244. ProductName: Microsoft® Windows® Operating System
245. InternalName: ntkrnlmp.exe
246. OriginalFileName: ntkrnlmp.exe
247. LegalCopyright: © Microsoft Corporation. All rights reserved.
248. ProductVersion: 6.1.7600.20826
249. FileVersion: 6.1.7600.20826 (win7_ldr.101026-1502)
250.
251. =========================
252.
253.
254.
255. ====== Entrée(s) du registre ======
256.
257.
258. [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Perflib\009]
259. "Help"="3
260. The System performance object consists of counters that apply to more than one instance of a component processors on the computer.
261. 5
262. The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes.
263. 7
264. % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idle thread that consumes cycles when no other threads are ready to run). This counter is the primary indicator of processor activity, and displays the average percentage of busy time observed during the sample interval. It should be noted that the accounting calculation of whether the processor is idle is performed at an internal sampling interval of the system clock (10ms). On todays fast processors, % Processor Time can therefore underestimate the processor utilization as the processor may be spending a lot of time servicing threads between the system clock sampling interval. Workload based timer applications are one example of applications which are more likely to be measured inaccurately as timers are signaled just after the sample is taken.
265. 9
266. % Total DPC Time is the average percentage of time that all processors spend receiving and servicing deferred procedure calls (DPCs). (DPCs are interrupts that run at a lower priority than the standard interrupts). It is the sum of Processor: % DPC Time for all processors on the computer, divided by the number of processors. System: % Total DPC Time is a component of System: % Total Privileged Time because DPCs are executed in privileged mode. DPCs are counted separately and are not a component of the interrupt count. This counter displays the average busy time as a percentage of the sample time.
267. 11
268. File Read Operations/sec is the combined rate of file system read requests to all devices on the computer, including requests to read from the file system cache. It is measured in numbers of reads. This counter displays the difference between the values observed in the last two samples, divided by the duration of the sample interval.
269. 13
270. File Write Operations/sec is the combined rate of the file system write requests to all devices on the computer, including requests to write to data in the file system cache. It is measured in numbers of writes. This counter displays the difference between the values observed in the last two samples, divided by the duration of the sample interval.
271. 15
272. File Control Operations/sec is the combined rate of file system operations that are neither reads nor writes, such as file system control requests and requests for information about device characteristics or status. This is the inverse of System: File Data Operations/sec and is measured in number of operations perf second. This counter displays the difference between the values observed in the last two samples, divided by the duration of the sample interval.
273. 17
274. File Read Bytes/sec is the overall rate at which bytes are read to satisfy file system read requests to all devices on the computer, including reads from the file system cache. It is measured in number of bytes per second. This counter displays the difference between the values observed in the last two samples, divided by the duration of the sample interval.
275. 19
276. File Write Bytes/sec is the overall rate at which bytes are written to satisfy file system write requests to all devices on the computer, including writes to the file system cache. It is measured in number of bytes per second. This counter displays the difference between the values observed in the last two samples, divided by the duration of the sample interval.
277. 21
278. File Control Bytes/sec is the overall rate at which bytes are transferred for all file system operations that are neither reads nor writes, including file system control requests and requests for information about device characteristics or status. It is measured in numbers of bytes. This counter displays the difference between the values observed in the last two samples, divided by the duration of the sample interval.
279. 23
280. % Total Interrupt Time is the average percentage of time that all processors spend receiving and servicing hardware interrupts during sample intervals, where the value is an indirect indicator of the activity of devices that generate interrupts. It is the sum of Processor: % Interrupt Time for of all processors on the computer, divided by the number of processors. DPCs are counted separately and are not a component of the interrupt count. This value is an indirect indicator of the activity of devices that generate interrupts, such as the system timer, the mouse, disk drivers, data communication lines, network interface cards and other peripheral devices.
281. 25
282. Available Bytes is the amount of physical memory, in bytes, immediately available for allocation to a process or for system use. It is equal to the sum of memory assigned to the standby (cached), free and zero page lists. For a full explanation of the memory manager, refer to MSDN and/or the System Performance and Troubleshooting Guide chapter in the Windows Server 2003 Resource Kit.
283. 27
284. Committed Bytes is the amount of committed virtual memory, in bytes. Committed memory is the physical memory which has space reserved on the disk paging file(s). There can be one or more paging files on each physical drive. This counter displays the last observed value only; it is not an average.
285. 29
286. Page Faults/sec is the average number of pages faulted per second. It is measured in number of pages faulted per second because only one page is faulted in each fault operation, hence this is also equal to the number of page fault operations. This counter includes both hard faults (those that require disk access) and soft faults (where the faulted page is found elsewhere in physical memory.) Most processors can handle large numbers of soft faults without significant consequence. However, hard faults, which require disk access, can cause significant delays.
287. 31
288. Commit Limit is the amount of virtual memory that can be committed without having to extend the paging file(s). It is measured in bytes. Committed memory is the physical memory which has space reserved on the disk paging files. There can be one paging file on each logical drive). If the paging file(s) are be expanded, this limit increases accordingly. This counter displays the last observed value only; it is not an average.
289. 33
290. Write Copies/sec is the rate at which page faults are caused by attempts to write that have been satisfied by coping of the page from elsewhere in physical memory. This is an economical way of sharing data since pages are only copied when they are written to; otherwise, the page is shared. This counter shows the number of copies, without regard for the number of pages copied in each operation.
291. 35
292. Transition Faults/sec is the rate at which page faults are resolved by recovering pages that were being used by another process sharing the page, or were on the modified page list or the standby list, or were being written to disk at the time of the page fault. The pages were recovered without additional disk activity. Transition faults are counted in numbers of faults; because only one page is faulted in each operation, it is also equal to the number of pages faulted.
293. 37
294. Cache Faults/sec is the rate at which faults occur when a page sought in the file system cache is not found and must be retrieved from elsewhere in memory (a soft fault) or from disk (a hard fault). The file system cache is an area of physical memory that stores recently used pages of data for applications. Cache activity is a reliable indicator of most application I/O operations. This counter shows the number of faults, without regard for the number of pages faulted in each operation.
295. 39
296. Demand Zero Faults/sec is the rate at which a zeroed page is required to satisfy the fault. Zeroed pages, pages emptied of previously stored data and filled with zeros, are a security feature of Windows that prevent processes from seeing data stored by earlier processes that used the memory space. Windows maintains a list of zeroed pages to accelerate this process. This counter shows the number of faults, without regard to the number of pages retrieved to satisfy the fault. This counter displays the difference between the values observed in the last two samples, divided by the duration of the sample interval.
297. 41
298. Pages/sec is the rate at which pages are read from or written to disk to resolve hard page faults. This counter is a primary indicator of the kinds of faults that cause system-wide delays. It is the sum of Memory\\Pages Input/sec and Memory\\Pages Output/sec. It is counted in numbers of pages, so it can be compared to other counts of pages, such as Memory\\Page Faults/sec, without conversion. It includes pages retrieved to satisfy faults in the file system cache (usually requested by applications) non-cached mapped memory files.
299. 43
300. Page Reads/sec is the rate at which the disk was read to resolve hard page faults. It shows the number of reads operations, without regard to the number of pages retrieved in each operation. Hard page faults occur when a process references a page in virtual memory that is not in working set or elsewhere in physical memory, and must be retrieved from disk. This counter is a primary indicator of the kinds of faults that cause system-wide delays. It includes read operations to satisfy faults in the file system cache (usually requested by applications) and in non-cached mapped memory files. Compare the value of Memory\\Pages Reads/sec to the value of Memory\\Pages Input/sec to determine the average number of pages read during each operation.
301. 45
302. Processor Queue Length is the number of threads in the processor queue. Unlike the disk counters, this counter counters, this counter shows ready threads only, not threads that are running. There is a single queue for processor time even on computers with multiple processors. Therefore, if a computer has multiple processors, you need to divide this value by the number of processors servicing the workload. A sustained processor queue of less than 10 threads per processor is normally acceptable, dependent of the workload.
303. 47
304. Thread State is the current state of the thread. It is 0 for Initialized, 1 for Ready, 2 for Running, 3 for Standby, 4 for Terminated, 5 for Wait, 6 for Transition, 7 for Unknown. A Running thread is using a processor; a Standby thread is about to use one. A Ready thread wants to use a processor, but is waiting for a processor because none are free. A thread in Transition is waiting for a resource in order to execute, such as waiting for its execution stack to be paged in from disk. A Waiting thread has no use for the processor because it is waiting for a peripheral operation to complete or a resource to become free.
305. 49
306. Pages Output/sec is the rate at which pages are written to disk to free up space in physical memory. Pages are written back to disk only if they are changed in physical memory, so they are likely to hold data, not code. A high rate of pages output might indicate a memory shortage. Windows writes more pages back to disk to free up space when physical memory is in short supply. This counter shows the number of pages, and can be compared to other counts of pages, without conversion.
307. 51
308. Page Writes/sec is the rate at which pages are written to disk to free up space in physical memory. Pages are written to disk only if they are changed while in physical memory, so they are likely to hold data, not code. This counter shows write operations, without regard to the number of pages written in each operation. This counter displays the difference between the values observed in the last two samples, divided by the duration of the sample interval.
309. 53
310. The Browser performance object consists of counters that measure the rates of announcements, enumerations, and other Browser transmissions.
311. 55
312. Announcements Server/sec is the rate at which the servers in this domain have announced themselves to this server.
313. 57
314. Pool Paged Bytes is the size, in bytes, of the paged pool, an area of system memory (physical memory used by the operating system) for objects that can be written to disk when they are not being used. Memory\\Pool Paged Bytes is calculated differently than Process\\Pool Paged Bytes, so it might not equal Process\\Pool Paged Bytes\\_Total. This counter displays the last observed value only; it is not an average.
315. 59
316. Pool Nonpaged Bytes is the size, in bytes, of the nonpaged pool, an area of system memory (physical memory used by the operating system) for objects that cannot be written to disk, but must remain in physical memory as long as they are allocated. Memory\\Pool Nonpaged Bytes is calculated differently than Process\\Pool Nonpaged Bytes, so it might not equal Process\\Pool Nonpaged Bytes\\_Total. This counter displays the last observed value only; it is not an average.
317. 61
318. Pool Paged Allocs is the number of calls to allocate space in the paged pool. The paged pool is an area of system memory (physical memory used by the operating system) for objects that can be written to disk when they are not being used. It is measured in numbers of calls to allocate space, regardless of the amount of space allocated in each call. This counter displays the last observed value only; it is not an average.
319. 63
320. Pool Paged Resident Bytes is the current size, in bytes, of the paged pool. The paged pool is an area of system memory (physical memory used by the operating system) for objects that can be written to disk when they are not being used. Space used by the paged and nonpaged pools are taken from physical memory, so a pool that is too large denies memory space to processes. This counter displays the last observed value only; it is not an average.
321. 65
322. Pool Nonpaged Allocs is the number of calls to allocate space in the nonpaged pool. The nonpaged pool is an area of system memory area for objects that cannot be written to disk, and must remain in physical memory as long as they are allocated. It is measured in numbers of calls to allocate space, regardless of the amount of space allocated in each call. This counter displays the last observed value only; it is not an average.
323. 67
324. Bytes Total/sec is the total rate of bytes sent to or received from the network by the protocol, but only for the frames (packets) which carry data. This is the sum of Frame Bytes/sec and Datagram Bytes/sec.
325. 69
326. System Code Total Bytes is the size, in bytes, of the pageable operating system code currently in virtual memory. It is a measure of the amount of physical memory being used by the operating system that can be written to disk when not in use. This value is calculated by summing the bytes in Ntoskrnl.exe, Hal.dll, the boot drivers, and file systems loaded by Ntldr/osloader. This counter does not include code that must remain in physical memory and cannot be written to disk. This counter displays the last observed value only; it is not an average.
327. 71
328. System Code Resident Bytes is the size, in bytes of the operating system code currently in physical memory that can be written to disk when not in use. This value is a component of Memory\\System Code Total Bytes, which also includes operating system code on disk. Memory\\System Code Resident Bytes (and Memory\\System Code Total Bytes) does not include code that must remain in physical memory and cannot be written to disk. This counter displays the last observed value only; it is not an average.
329. 73
330. System Driver Total Bytes is the size, in bytes, of the pageable virtual memory currently being used by device drivers. Pageable memory can be written to disk when it is not being used. It includes physical memory (Memory\\System Driver Resident Bytes) and code and data paged to disk. It is a component of Memory\\System Code Total Bytes. This counter displays the last observed value only; it is not an average.
331. 75
332. System Driver Resident Bytes is the size, in bytes, of the pageable physical memory being used by device drivers. It is the working set (physical memory area) of the drivers. This value is a component of Memory\\System Driver Total Bytes, which also includes driver memory that has been written to disk. Neither Memory\\System Driver Resident Bytes nor Memory\\System Driver Total Bytes includes memory that cannot be written to disk.
333. 77
334. System Cache Resident Bytes is the size, in bytes, of the pageable operating system code in the file system cache. This value includes only current physical pages and does not include any virtual memory pages not currently resident. It does equal the System Cache value shown in Task Manager. As a result, this value may be smaller than the actual amount of virtual memory in use by the file system cache. This value is a component of Memory\\System Code Resident Bytes which represents all pageable operating system code that is currently in physical memory. This counter displays the last observed value only; it is not an average.
335. 79
336. Announcements Domain/sec is the rate at which a domain has announced itself to the network.
337. 81
338. Election Packets/sec is the rate at which browser election packets have been received by this workstation.
339. 83
340. Mailslot Writes/sec is the rate at which mailslot messages have been successfully received.
341. 85
342. Server List Requests/sec is the rate at which requests to retrieve a list of browser servers have been processed by this workstation.
343. 87
344. The Cache performance object consists of counters that monitor the file system cache, an area of physical memory that stores recently used data as long as possible to permit access to the data without having to read from the disk. Because applications typically use the cache, the cache is monitored as an indicator of application I/O operations. When memory is plentiful, the cache can grow, but when memory is scarce, the cache can become too small to be effective.
345. 89
346. Data Maps/sec is the frequency that a file system such as NTFS, maps a page of a file into the file system cache to read the page.
347. 91
348. Sync Data Maps/sec counts the frequency that a file system, such as NTFS, maps a page of a file into the file system cache to read the page, and wishes to wait for the page to be retrieved if it is not in main memory.
349. 93
350. Async Data Maps/sec is the frequency that an application using a file system, such as NTFS, to map a page of a file into the file system cache to read the page, and does not wait for the page to be retrieved if it is not in main memory.
351. 95
352. Data Map Hits is the percentage of data maps in the file system cache that could be resolved without having to retrieve a page from the disk, because the page was already in physical memory.
353. 97
354. Data Map Pins/sec is the frequency of data maps in the file system cache that resulted in pinning a page in main memory, an action usually preparatory to writing to the file on disk. While pinned, a page's physical address in main memory and virtual address in the file system cache will not be altered.
355. 99
356. Pin Reads/sec is the frequency of reading data into the file system cache preparatory to writing the data back to disk. Pages read in this fashion are pinned in memory at the completion of the read. While pinned, a page's physical address in the file system cache will not be altered.
357. 101
358. Sync Pin Reads/sec is the frequency of reading data into the file system cache preparatory to writing the data back to disk. Pages read in this fashion are pinned in memory at the completion of the read. The file system will not regain control until the page is pinned in the file system cache, in particular if the disk must be accessed to retrieve the page. While pinned, a page's physical address in the file system cache will not be altered.
359. 103
360. Async Pin Reads/sec is the frequency of reading data into the file system cache preparatory to writing the data back to disk. Pages read in this fashion are pinned in memory at the completion of the read. The file system will regain control immediately even if the disk must be accessed to retrieve the page. While pinned, a page's physical address will not be altered.
361. 105
362. Pin Read Hits is the percentage of pin read requests that hit the file system cache, i.e., did not require a disk read in order to provide access to the page in the file system cache. While pinned, a page's physical address in the file system cache will not be altered. The LAN Redirector uses this method for retrieving data from the cache, as does the LAN Server for small transfers. This is usually the method used by the disk file systems as well.
363. 107
364. Copy Reads/sec is the frequency of reads from pages of the file system cache that involve a memory copy of the data from the cache to the application's buffer. The LAN Redirector uses this method for retrieving information from the file system cache, as does the LAN Server for small transfers. This is a method used by the disk file systems as well.
365. 109
366. Sync Copy Reads/sec is the frequency of reads from pages of the file system cache that involve a memory copy of the data from the cache to the application's buffer. The file system will not regain control until the copy operation is complete, even if the disk must be accessed to retrieve the page.
367. 111
368. Async Copy Reads/sec is the frequency of reads from pages of the file system cache that involve a memory copy of the data from the cache to the application's buffer. The application will regain control immediately even if the disk must be accessed to retrieve the page.
369. 113
370. Copy Read Hits is the percentage of cache copy read requests that hit the cache, that is, they did not require a disk read in order to provide access to the page in the cache. A copy read is a file read operation that is satisfied by a memory copy from a page in the cache to the application's buffer. The LAN Redirector uses this method for retrieving information from the cache, as does the LAN Server for small transfers. This is a method used by the disk file systems as well.
371. 115
372. MDL Reads/sec is the frequency of reads from the file system cache that use a Memory Descriptor List (MDL) to access the data. The MDL contains the physical address of each page involved in the transfer, and thus can employ a hardware Direct Memory Access (DMA) device to effect the copy. The LAN Server uses this method for large transfers out of the server.
373. 117
374. Sync MDL Reads/sec is the frequency of reads from the file system cache that use a Memory Descriptor List (MDL) to access the pages. The MDL contains the physical address of each page in the transfer, thus permitting Direct Memory Access (DMA) of the pages. If the accessed page(s) are not in main memory, the caller will wait for the pages to fault in from the disk.
375. 119
376. Async MDL Reads/sec is the frequency of reads from the file system cache that use a Memory Descriptor List (MDL) to access the pages. The MDL contains the physical address of each page in the transfer, thus permitting Direct Memory Access (DMA) of the pages. If the accessed page(s) are not in main memory, the calling application program will not wait for the pages to fault in from disk.
377. 121
378. MDL Read Hits is the percentage of Memory Descriptor List (MDL) Read requests to the file system cache that hit the cache, i.e., did not require disk accesses in order to provide memory access to the page(s) in the cache.
379. 123
380. Read Aheads/sec is the frequency of reads from the file system cache in which the Cache detects sequential access to a file. The read aheads permit the data to be transferred in larger blocks than those being requested by the application, reducing the overhead per access.
381. 125
382. Fast Reads/sec is the frequency of reads from the file system cache that bypass the installed file system and retrieve the data directly from the cache. Normally, file I/O requests invoke the appropriate file system to retrieve data from a file, but this path permits direct retrieval of data from the cache without file system involvement if the data is in the cache. Even if the data is not in the cache, one invocation of the file system is avoided.
383. 127
384. Sync Fast Reads/sec is the frequency of reads from the file system cache that bypass the installed file system and retrieve the data directly from the cache. Normally, file I/O requests invoke the appropriate file system to retrieve data from a file, but this path permits direct retrieval of data from the cache without file system involvement if the data is in the cache. Even if the data is not in the cache, one invocation of the file system is avoided. If the data is not in the cache, the request (application program call) will wait until the data has been retrieved from disk.
385. 129
386. Async Fast Reads/sec is the frequency of reads from the file system cache that bypass the installed file system and retrieve the data directly from the cache. Normally, file I/O requests will invoke the appropriate file system to retrieve data from a file, but this path permits data to be retrieved from the cache directly (without file system involvement) if the data is in the cache. Even if the data is not in the cache, one invocation of the file system is avoided. If the data is not in the cache, the request (application program call) will not wait until the data has been retrieved from disk, but will get control immediately.
387. 131
388. Fast Read Resource Misses/sec is the frequency of cache misses necessitated by the lack of available resources to satisfy the request.
389. 133
390. Fast Read Not Possibles/sec is the frequency of attempts by an Application Program Interface (API) function call to bypass the file system to get to data in the file system cache that could not be honored without invoking the file system.
391. 135
392. Lazy Write Flushes/sec is the rate at which the Lazy Writer thread has written to disk. Lazy Writing is the process of updating the disk after the page has been changed in memory, so that the application that changed the file does not have to wait for the disk write to be complete before proceeding. More than one page can be transferred by each write operation.
393. 137
394. Lazy Write Pages/sec is the rate at which the Lazy Writer thread has written to disk. Lazy Writing is the process of updating the disk after the page has been changed in memory, so that the application that changed the file does not have to wait for the disk write to be complete before proceeding. More than one page can be transferred on a single disk write operation.
395. 139
396. Data Flushes/sec is the rate at which the file system cache has flushed its contents to disk as the result of a request to flush or to satisfy a write-through file write request. More than one page can be transferred on each flush operation.
397. 141
398. Data Flush Pages/sec is the number of pages the file system cache has flushed to disk as a result of a request to flush or to satisfy a write-through file write request. More than one page can be transferred on each flush operation.
399. 143
400. % User Time is the percentage of elapsed time the processor spends in the user mode. User mode is a restricted processing mode designed for applications, environment subsystems, and integral subsystems. The alternative, privileged mode, is designed for operating system components and allows direct access to hardware and all memory. The operating system switches application threads to privileged mode to access operating system services. This counter displays the average busy time as a percentage of the sample time.
401. 145
402. % Privileged Time is the percentage of elapsed time that the process threads spent executing code in privileged mode. When a Windows system service in called, the service will often run in privileged mode to gain access to system-private data. Such data is protected from access by threads executing in user mode. Calls to the system can be explicit or implicit, such as page faults or interrupts. Unlike some early operating systems, Windows uses process boundaries for subsystem protection in addition to the traditional protection of user and privileged modes. Some work done by Windows on behalf of the application might appear in other subsystem processes in addition to the privileged time in the process.
403. 147
404. Context Switches/sec is the combined rate at which all processors on the computer are switched from one thread to another. Context switches occur when a running thread voluntarily relinquishes the processor, is preempted by a higher priority ready thread, or switches between user-mode and privileged (kernel) mode to use an Executive or subsystem service. It is the sum of Thread\\Context Switches/sec for all threads running on all processors in the computer and is measured in numbers of switches. There are context switch counters on the System and Thread objects. This counter displays the difference between the values observed in the last two samples, divided by the duration of the sample interval.
405. 149
406. Interrupts/sec is the average rate, in incidents per second, at which the processor received and serviced hardware interrupts. It does not include deferred procedure calls (DPCs), which are counted separately. This value is an indirect indicator of the activity of devices that generate interrupts, such as the system clock, the mouse, disk drivers, data communication lines, network interface cards, and other peripheral devices. These devices normally interrupt the processor when they have completed a task or require attention. Normal thread execution is suspended. The system clock typically interrupts the processor every 10 milliseconds, creating a background of interrupt activity. This counter displays the difference between the values observed in the last two samples, divided by the duration of the sample interval.
407. 151
408. System Calls/sec is the combined rate of calls to operating system service routines by all processes running on the computer. These routines perform all of the basic scheduling and synchronization of activities on the computer, and provide access to non-graphic devices, memory management, and name space management. This counter displays the difference between the values observed in the last two samples, divided by the duration of the sample interval.
409. 153
410. Level 1 TLB Fills/sec is the frequency of faults that occur when reference is made to memory whose Page Table Entry (PTE) is not in the Translation Lookaside Buffer (TLB). On some computers this fault is handled by software loading the PTE into the TLB, and this counter is incremented.
411. 155
412. Level 2 TLB Fills/sec is the frequency of faults that occur when reference is made to memory whose Page Table Entry (PTE) is not in the Translation Lookaside Buffer (TLB), nor is the page containing the PTE. On some computers this fault is handled by software loading the PTE into the TLB, and this counter is incremented.
413. 157
414. % User Time is the percentage of elapsed time that the process threads spent executing code in user mode. Applications, environment subsystems, and integral subsystems execute in user mode. Code executing in user mode cannot damage the integrity of the Windows executive, kernel, and device drivers. Unlike some early operating systems, Windows uses process boundaries for subsystem protection in addition to the traditional protection of user and privileged modes. Some work done by Windows on behalf of the application might appear in other subsystem processes in addition to the privileged time in the process.
415. 159
416. % Privileged Time is the percentage of elapsed time that the process threads spent executing code in privileged mode. When a Windows system service is called, the service will often run in privileged mode to gain access to system-private data. Such data is protected from access by threads executing in user mode. Calls to the system can be explicit or implicit, such as page faults or interrupts. Unlike some early operating systems, Windows uses process boundaries for subsystem protection in addition to the traditional protection of user and privileged modes. Some work done by Windows on behalf of the application might appear in other subsystem processes in addition to the privileged time in the process.
417. 161
418. Enumerations Server/sec is the rate at which server browse requests have been processed by this workstation.
419. 163
420. Enumerations Domain/sec is the rate at which domain browse requests have been processed by this workstation.
421. 165
422. Enumerations Other/sec is the rate at which browse requests processed by this workstation are not domain or server browse requests.
423. 167
424. Missed Server Announcements is the number of server announcements that have been missed due to configuration or allocation limits.
425. 169
426. Missed Mailslot Datagrams is the number of Mailslot Datagrams that have been discarded due to configuration or allocation limits.
427. 171
428. Missed Server List Requests is the number of requests to retrieve a list of browser servers that were received by this workstation, but could not be processed.
429. 173
430. Virtual Bytes Peak is the maximum size, in bytes, of virtual address space the process has used at any one time. Use of virtual address space does not necessarily imply corresponding use of either disk or main memory pages. However, virtual space is finite, and the process might limit its ability to load libraries.
431. 175
432. Virtual Bytes is the current size, in bytes, of the virtual address space the process is using. Use of virtual address space does not necessarily imply corresponding use of either disk or main memory pages. Virtual space is finite, and the process can limit its ability to load libraries.
433. 177
434. Page Faults/sec is the rate at which page faults by the threads executing in this process are occurring. A page fault occurs when a thread refers to a virtual memory page that is not in its working set in main memory. This may not cause the page to be fetched from disk if it is on the standby list and hence already in main memory, or if it is in use by another process with whom the page is shared.
435. 179
436. Working Set Peak is the maximum size, in bytes, of the Working Set of this process at any point in time. The Working Set is the set of memory pages touched recently by the threads in the process. If free memory in the computer is above a threshold, pages are left in the Working Set of a process even if they are not in use. When free memory falls below a threshold, pages are trimmed from Working Sets. If they are needed they will then be soft-faulted back into the Working Set before they leave main memory.
437. 181
438. Working Set is the current size, in bytes, of the Working Set of this process. The Working Set is the set of memory pages touched recently by the threads in the process. If free memory in the computer is above a threshold, pages are left in the Working Set of a process even if they are not in use. When free memory falls below a threshold, pages are trimmed from Working Sets. If they are needed they will then be soft-faulted back into the Working Set before leaving main memory.
439. 183
440. Page File Bytes Peak is the maximum amount of virtual memory, in bytes, that this process has reserved for use in the paging file(s). Paging files are used to store pages of memory used by the process that are not contained in other files. Paging files are shared by all processes, and the lack of space in paging files can prevent other processes from allocating memory. If there is no paging file, this counter reflects the maximum amount of virtual memory that the process has reserved for use in physical memory.
441. 185
442. Page File Bytes is the current amount of virtual memory, in bytes, that this process has reserved for use in the paging file(s). Paging files are used to store pages of memory used by the process that are not contained in other files. Paging files are shared by all processes, and the lack of space in paging files can prevent other processes from allocating memory. If there is no paging file, this counter reflects the current amount of virtual memory that the process has reserved for use in physical memory.
443. 187
444. Private Bytes is the current size, in bytes, of memory that this process has allocated that cannot be shared with other processes.
445. 189
446. % Processor Time is the percentage of elapsed time that all of process threads used the processor to execution instructions. An instruction is the basic unit of execution in a computer, a thread is the object that executes instructions, and a process is the object created when a program is run. Code executed to handle some hardware interrupts and trap conditions are included in this count.
447. 191
448. % Processor Time is the percentage of elapsed time that all of process threads used the processor to execution instructions. An instruction is the basic unit of execution in a computer, a thread is the object that executes instructions, and a process is the object created when a program is run. Code executed to handle some hardware interrupts and trap conditions are included in this count.
449. 193
450. % User Time is the percentage of elapsed time that this thread has spent executing code in user mode. Applications, environment subsystems, and integral subsystems execute in user mode. Code executing in user mode cannot damage the integrity of the Windows NT Executive, Kernel, and device drivers. Unlike some early operating systems, Windows NT uses process boundaries for subsystem protection in addition to the traditional protection of user and privileged modes. These subsystem processes provide additional protection. Therefore, some work done by Windows NT on behalf of your application might appear in other subsystem processes in addition to the privileged time in your process.
451. 195
452. % Privileged Time is the percentage of elapsed time that the process threads spent executing code in privileged mode. When a Windows system service in called, the service will often run in privileged mode to gain access to system-private data. Such data is protected from access by threads executing in user mode. Calls to the system can be explicit or implicit, such as page faults or interrupts. Unlike some early operating systems, Windows uses process boundaries for subsystem protection in addition to the traditional protection of user and privileged modes. Some work done by Windows on behalf of the application might appear in other subsystem processes in addition to the privileged time in the process.
453. 197
454. Context Switches/sec is the rate of switches from one thread to another. Thread switches can occur either inside of a single process or across processes. A thread switch can be caused either by one thread asking another for information, or by a thread being preempted by another, higher priority thread becoming ready to run. Unlike some early operating systems, Windows NT uses process boundaries for subsystem protection in addition to the traditional protection of user and privileged modes. These subsystem processes provide additional protection. Therefore, some work done by Windows NT on behalf of an application appear in other subsystem processes in addition to the privileged time in the application. Switching to the subsystem process causes one Context Switch in the application thread. Switching back causes another Context Switch in the subsystem thread.
455. 199
456. Current Disk Queue Length is the number of requests outstanding on the disk at the time the performance data is collected. It also includes requests in service at the time of the collection. This is a instantaneous snapshot, not an average over the time interval. Multi-spindle disk devices can have multiple requests that are active at one time, but other concurrent requests are awaiting service. This counter might reflect a transitory high or low queue length, but if there is a sustained load on the disk drive, it is likely that this will be consistently high. Requests experience delays proportional to the length of this queue minus the number of spindles on the disks. For good performance, this difference should average less than two.
457. 201
458. % Disk Time is the percentage of elapsed time that the selected disk drive was busy servicing read or write requests.
459. 203
460. % Disk Read Time is the percentage of elapsed time that the selected disk drive was busy servicing read requests.
461. 205
462. % Disk Write Time is the percentage of elapsed time that the selected disk drive was busy servicing write requests.
463. 207
464. Avg. Disk sec/Transfer is the time, in seconds, of the average disk transfer.
465. 209
466. Avg. Disk sec/Read is the average time, in seconds, of a read of data from the disk.
467. 211
468. Avg. Disk sec/Write is the average time, in seconds, of a write of data to the disk.
469. 213
470. Disk Transfers/sec is the rate of read and write operations on the disk.
471. 215
472. Disk Reads/sec is the rate of read operations on the disk.
473. 217
474. Disk Writes/sec is the rate of write operations on the disk.
475. 219
476. Disk Bytes/sec is the rate bytes are transferred to or from the disk during write or read operations.
477. 221
478. Disk Read Bytes/sec is the rate at which bytes are transferred from the disk during read operations.
479. 223
480. Disk Write Bytes/sec is rate at which bytes are transferred to the disk during write operations.
481. 225
482. Avg. Disk Bytes/Transfer is the average number of bytes transferred to or from the disk during write or read operations.
483. 227
484. Avg. Disk Bytes/Read is the average number of bytes transferred from the disk during read operations.
485. 229
486. Avg. Disk Bytes/Write is the average number of bytes transferred to the disk during write operations.
487. 231
488. The Process performance object consists of counters that monitor running application program and system processes. All the threads in a process share the same address space and have access to the same data.
489. 233
490. The Thread performance object consists of counters that measure aspects of thread behavior. A thread is the basic object that executes instructions on a processor. All running processes have at least one thread.
491. 235
492. The Physical Disk performance object consists of counters that monitor hard or fixed disk drive on a computer. Disks are used to store file, program, and paging data and are read to retrieve these items, and written to record changes to them. The values of physical disk counters are sums of the values of the logical disks (or partitions) into which they are divided.
493. 237
494. The Logical Disk performance object consists of counters that monitor logical partitions of a hard or fixed disk drives. Performance Monitor identifies logical disks by their a drive letter, such as C.
495. 239
496. The Processor performance object consists of counters that measure aspects of processor activity. The processor is the part of the computer that performs arithmetic and logical computations, initiates operations on peripherals, and runs the threads of processes. A computer can have multiple processors. The processor object represents each processor as an instance of the object.
497. 241
498. % Total Processor Time is the average percentage of time that all processors on the computer are executing non-idle threads. This counter was designed as the primary indicator of processor activity on multiprocessor computers. It is equal to the sum of Process: % Processor Time for all processors, divided by the number of processors. It is calculated by summing the time that all processors spend executing the thread of the Idle process in each sample interval, subtracting that value from 100%, and dividing the difference by the number of processors on the computer. (Each processor has an Idle thread which consumes cycles when no other threads are ready to run). For example, on a multiprocessor computer, a value of 50% means that all processors are busy for half of the sample interval, or that half of the processors are busy for all of the sample interval. This counter displays the average percentage of busy time observed during the sample interval. It is calculated by monitoring the time the service was inactive, and then subtracting that value from 100%.
499. 243
500. % Total User Time is the average percentage of non-idle time all processors spend in user mode. It is the sum of Processor: % User Time for all processors on the computer, divided by the number of processors. System: % Total User Time and System: % Total Privileged Time sum to % Total Processor Time, but not always to 100%. (User mode is a restricted processing mode designed for applications, environment subsystems, and integral subsystems. The alternative, privileged mode, is designed for operating system components and allows direct access to hardware and all memory. The operating system switches application threads to privileged mode to access operating system services). This counter displays the average busy time as a percentage of the sample time.
501. 245
502. % Total Privileged Time is the average percentage of non-idle time all processors spend in privileged (kernel) mode. It is the sum of Processor: % Privileged Time for all processors on the computer, divided by the number of processors. System: % Total User Time and System: % Total Privileged Time sum to % Total Processor Time, but not always to 100%. (Privileged mode is an processing mode designed for operating system components which allows direct access to hardware and all memory. The operating system switches application threads to privileged mode to access operating system services. The alternative, user mode, is a restricted processing mode designed for applications and environment subsystems). This counter displays the average busy time as a percentage of the sample time.
503. 247
504. Total Interrupts/sec is the combined rate of hardware interrupts received and serviced by all processors on the computer It is the sum of Processor: Interrupts/sec for all processors, and divided by the number of processors, and is measured in numbers of interrupts. It does not include DPCs, which are counted separately. This value is an indirect indicator of the activity of devices that generate interrupts, such as the system timer, the mouse, disk drivers, data communication lines, network interface cards and other peripheral devices. These devices normally interrupt the processor when they have completed a task or require attention. Normal thread execution is suspended during interrupts. Most system clocks interrupt the processor every 10 milliseconds, creating a background of interrupt activity. This counter displays the difference between the values observed in the last two samples, divided by the duration of the sample interval.
505. 249
506. Processes is the number of processes in the computer at the time of data collection. This is an instantaneous count, not an average over the time interval. Each process represents the running of a program.
507. 251
508. Threads is the number of threads in the computer at the time of data collection. This is an instantaneous count, not an average over the time interval. A thread is the basic executable entity that can execute instructions in a processor.
509. 253
510. Events is the number of events in the computer at the time of data collection. This is an instantaneous count, not an average over the time interval. An event is used when two or more threads try to synchronize execution.
511. 255
512. Semaphores is the number of semaphores in the computer at the time of data collection. This is an instantaneous count, not an average over the time interval. Threads use semaphores to obtain exclusive access to data structures that they share with other threads.
513. 257
514. Mutexes counts the number of mutexes in the computer at the time of data collection. This is an instantaneous count, not an average over the time interval. Mutexes are used by threads to assure only one thread is executing a particular section of code.
515. 259
516. Sections is the number of sections in the computer at the time of data collection. This is an instantaneous count, not an average over the time interval. A section is a portion of virtual memory created by a process for storing data. A process can share sections with other processes.
517. 261
518. The Object performance object consists of counters that monitor logical objects in the system, such as processes, threads, mutexes, and semaphores. This information can be used to detect the unnecessary consumption of computer resources. Each object requires memory to store basic information about the object.
519. 263
520. The Redirector performance object consists of counter that monitor network connections originating at the local computer.
521. 265
522. Bytes Received/sec is the rate of bytes coming in to the Redirector from the network. It includes all application data as well as network protocol information (such as packet headers).
523. 267
524. Packets Received/sec is the rate at which the Redirector is receiving packets (also called SMBs or Server Message Blocks). Network transmissions are divided into packets. The average number of bytes received in a packet can be obtained by dividing Bytes Received/sec by this counter. Some packets received might not contain incoming data (for e
0
Réponse 17 / 21
GERARD
28 févr. 2011 à 13:28
Euh j'ai remarqué que le rapport n'est pas complet tu px me dire où je px le retrouver pour le poster dans son entièreté.
à plus
0
Réponse 18 / 21
GERARD
28 févr. 2011 à 19:56
je t'avoue que je ne sais plus je sais juste te dire qu'il buguait depuis au moins 2 mois mais genre 1 fois toutes les semaines ou toute les deux semaines donc sa ne m'a pas inquiéter mais dernièrement c'était très répétitif.

Voila la réponse de l'invite de commande:

Le programme de protection des ressources Windows n'a trouvé aucune violation d'intégrité.

Plus qu'une CARTE !!!!! quitte ou double :)
0
Réponse 19 / 21
GERARD
28 févr. 2011 à 22:01
rhaaaaaa j"ai encore eu un bleuscreen ...... je comprends vraiment pas pourquoi ???? mon pc est clean !!!!!!!!!!!!
0
GERARD
28 févr. 2011 à 22:13
==================================================
Dump File : 022811-14601-01.dmp
Crash Time : 28/02/2011 22:03:17
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff800'02e96eb0
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16695 (win7_gdr.101026-1503)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\022811-14601-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 022811-35505-01.dmp
Crash Time : 28/02/2011 21:24:22
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff800'02e54eb0
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16695 (win7_gdr.101026-1503)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\022811-35505-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 022811-16972-01.dmp
Crash Time : 28/02/2011 21:17:44
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff800'02e4aeb0
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16695 (win7_gdr.101026-1503)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\022811-16972-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 022811-17316-01.dmp
Crash Time : 28/02/2011 21:11:44
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff800'02e8deb0
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16695 (win7_gdr.101026-1503)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\022811-17316-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 022811-16770-01.dmp
Crash Time : 28/02/2011 21:05:44
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff800'02e85eb0
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16695 (win7_gdr.101026-1503)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\022811-16770-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 022811-16863-01.dmp
Crash Time : 28/02/2011 20:59:44
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff800'02ea0eb0
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16695 (win7_gdr.101026-1503)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\022811-16863-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 022811-18470-01.dmp
Crash Time : 28/02/2011 20:53:49
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff800'02e96eb0
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16695 (win7_gdr.101026-1503)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\022811-18470-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 022811-15038-01.dmp
Crash Time : 28/02/2011 19:36:46
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff800'02e90eb0
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16695 (win7_gdr.101026-1503)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\022811-15038-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 022711-16270-01.dmp
Crash Time : 27/02/2011 09:27:01
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff800'02e84ec8
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16695 (win7_gdr.101026-1503)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\022711-16270-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 022611-16598-01.dmp
Crash Time : 26/02/2011 10:30:46
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff800'02e90ec0
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16695 (win7_gdr.101026-1503)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\022611-16598-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 022411-13119-01.dmp
Crash Time : 24/02/2011 21:27:39
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff800'03081ec0
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16695 (win7_gdr.101026-1503)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\022411-13119-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 022411-14383-01.dmp
Crash Time : 24/02/2011 21:26:53
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff800'0304bec0
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16695 (win7_gdr.101026-1503)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\022411-14383-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 022411-13962-01.dmp
Crash Time : 24/02/2011 21:03:57
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff800'0308aec0
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16695 (win7_gdr.101026-1503)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\022411-13962-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 022411-14866-01.dmp
Crash Time : 24/02/2011 20:40:33
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff800'0308aec0
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16695 (win7_gdr.101026-1503)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\022411-14866-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 022411-13540-01.dmp
Crash Time : 24/02/2011 20:36:56
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff800'03038ec0
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16695 (win7_gdr.101026-1503)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\022411-13540-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 022411-18486-01.dmp
Crash Time : 24/02/2011 20:25:02
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff800'030a0ec0
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16695 (win7_gdr.101026-1503)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\022411-18486-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 022411-19125-01.dmp
Crash Time : 24/02/2011 20:19:03
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff800'0308aec0
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16695 (win7_gdr.101026-1503)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\022411-19125-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 022411-20560-01.dmp
Crash Time : 24/02/2011 20:07:07
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff800'03098ec0
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16695 (win7_gdr.101026-1503)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\022411-20560-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 022411-22854-01.dmp
Crash Time : 24/02/2011 19:49:05
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff800'03086ec0
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16695 (win7_gdr.101026-1503)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\022411-22854-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 022311-18376-01.dmp
Crash Time : 23/02/2011 20:21:34
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff800'03052ec0
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16695 (win7_gdr.101026-1503)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\022311-18376-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 022211-15709-01.dmp
Crash Time : 22/02/2011 22:05:49
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff880'013d1237
Caused By Driver : mfewfpk.sys
Caused By Address : mfewfpk.sys+17237
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\022211-15709-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 022211-14461-01.dmp
Crash Time : 22/02/2011 00:15:57
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff880'01a57237
Caused By Driver : mfewfpk.sys
Caused By Address : mfewfpk.sys+17237
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\022211-14461-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 022011-18876-01.dmp
Crash Time : 20/02/2011 23:18:51
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff880'00c8d237
Caused By Driver : mfewfpk.sys
Caused By Address : mfewfpk.sys+17237
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\022011-18876-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 022011-15693-01.dmp
Crash Time : 20/02/2011 23:06:46
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff880'00c17237
Caused By Driver : mfewfpk.sys
Caused By Address : mfewfpk.sys+17237
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\022011-15693-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 021711-17113-01.dmp
Crash Time : 17/02/2011 07:20:45
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff880'00dbd237
Caused By Driver : mfewfpk.sys
Caused By Address : mfewfpk.sys+17237
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\021711-17113-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 021511-19796-01.dmp
Crash Time : 15/02/2011 20:34:22
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff880'00dcd237
Caused By Driver : mfewfpk.sys
Caused By Address : mfewfpk.sys+17237
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\021511-19796-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 021511-15256-01.dmp
Crash Time : 15/02/2011 09:57:33
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff800'03044ec0
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16695 (win7_gdr.101026-1503)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\021511-15256-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 021011-16052-01.dmp
Crash Time : 10/02/2011 21:02:15
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff880'01784237
Caused By Driver : mfewfpk.sys
Caused By Address : mfewfpk.sys+17237
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\021011-16052-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 021011-17284-01.dmp
Crash Time : 10/02/2011 19:36:58
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff880'01795237
Caused By Driver : mfewfpk.sys
Caused By Address : mfewfpk.sys+17237
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\021011-17284-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 021011-17440-01.dmp
Crash Time : 10/02/2011 19:24:44
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff880'01a9e237
Caused By Driver : mfewfpk.sys
Caused By Address : mfewfpk.sys+17237
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\021011-17440-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 020811-18657-01.dmp
Crash Time : 8/02/2011 22:37:09
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff880'01af5237
Caused By Driver : mfewfpk.sys
Caused By Address : mfewfpk.sys+17237
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\020811-18657-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 020611-19858-01.dmp
Crash Time : 6/02/2011 19:36:01
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff880'016a2237
Caused By Driver : mfewfpk.sys
Caused By Address : mfewfpk.sys+17237
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\020611-19858-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 012411-15319-01.dmp
Crash Time : 24/01/2011 22:25:26
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff880'00dc2237
Caused By Driver : mfewfpk.sys
Caused By Address : mfewfpk.sys+17237
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\012411-15319-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 011611-14305-01.dmp
Crash Time : 16/01/2011 11:15:08
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff880'01ac8237
Caused By Driver : mfewfpk.sys
Caused By Address : mfewfpk.sys+17237
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\011611-14305-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 011511-18844-01.dmp
Crash Time : 15/01/2011 19:26:41
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff880'01817237
Caused By Driver : mfewfpk.sys
Caused By Address : mfewfpk.sys+17237
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\011511-18844-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 011511-15818-01.dmp
Crash Time : 15/01/2011 19:08:27
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff880'0173d237
Caused By Driver : mfewfpk.sys
Caused By Address : mfewfpk.sys+17237
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\011511-15818-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 011511-14898-01.dmp
Crash Time : 15/01/2011 01:08:21
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff880'013d2237
Caused By Driver : mfewfpk.sys
Caused By Address : mfewfpk.sys+17237
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\011511-14898-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 011011-14055-01.dmp
Crash Time : 10/01/2011 19:20:26
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff880'01b23237
Caused By Driver : mfewfpk.sys
Caused By Address : mfewfpk.sys+17237
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\011011-14055-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 010911-17362-01.dmp
Crash Time : 9/01/2011 15:57:21
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff880'01abf237
Caused By Driver : mfewfpk.sys
Caused By Address : mfewfpk.sys+17237
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\010911-17362-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================

==================================================
Dump File : 010111-16380-01.dmp
Crash Time : 1/01/2011 02:02:49
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000'00000008
Parameter 2 : 00000000'80050031
Parameter 3 : 00000000'000006f8
Parameter 4 : fffff880'01817237
Caused By Driver : mfewfpk.sys
Caused By Address : mfewfpk.sys+17237
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\010111-16380-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 275.576
==================================================
0
Excessimo Messages postés 2111 Date d'inscription jeudi 15 juillet 2010 Statut Membre Dernière intervention 30 novembre 2012 157
1 mars 2011 à 19:37
re, je suis archi occupé ces temps ci, mais je ne t'ai pas oublié, je reviendrai une fois cette semaine chargée terminée. Espérons que ma dernière carte va fonctionner,

Juste une question : depuis quand bug t-il, est ce suite à une quelconque mise à jour ?
0
GERARD
1 mars 2011 à 23:01
lol tu m'as déja posé la question mais j'ai une nouvelle réponse : je crois que j'ai sa de manière fréquente depuis que j'ai un jeu appelé league of legends et que j'ai désinstallé McAfee .... mais j'ai quand même le souvenir que sa fait assez longtemps ?? pas sur de la raison....

bon sinon bonne chance pour ta dure semaine et j'attendrai patiemment tes réponses quand t'auras moins de travail.
0
Réponse 20 / 21
Excessimo Messages postés 2111 Date d'inscription jeudi 15 juillet 2010 Statut Membre Dernière intervention 30 novembre 2012 157
Modifié par Excessimo le 2/03/2011 à 18:36
Télécharge ceci et met le impérativement là : C:\ (supprime l'ancien avant de télécharger s'il y est encore)

https://www.cjoint.com/?3dcoN9u6iz5

veille à virer tout ce qu'il y a dans son nom de manière à ce qu'il se nomme : ntoskrnl


-+-+-+-+-> CFScript <-+-+-+-+-

/!\ Attention : Cette procédure n'est valable que pour /!\

[x] Copie le texte ci dessous :

-------------------------------------------------

KillAll::

File::

C:\WINDOWS\SysWOW64\ntoskrnl.exe

FCopy::

C:\ntoskrnl.exe | C:\WINDOWS\SysWOW64\ntoskrnl.exe

Reboot::

-------------------------------------------------


[x] Ouvre le bloc-note puis colle le texte ci dessus dedans.

[x] Enregistre ce fichier sur ton bureau (appelle le CFScript).

[x] Fais un glisser/déposer de ce fichier sur combofix.exe comme expliqué ici.

[x] Combofix va se lancer, patiente le temps du scan.

/!\ Ne fais rien pendant le scan ( clavier/souris ) /!\

[x] Poste le contenu du rapport qui s'ouvrira dans ta prochaine réponse.



Test ton PC, si ça ne fonctionne pas test tes ram :

https://www.commentcamarche.net/informatique/composants/1437-tester-la-memoire-vive-ram-d-un-ordinateur-avec-memtest86/

et vérifie ton fichier d'échange :

Aller dans panneau de configuration, Système et sécurité, puis système, à gauche paramètres avancés. Une fenêtre va s'ouvrir, cliques sur le bouton paramètre correspondant aux performances, une autre fenêtre va s'ouvrir, en haut cliques sur l'onglet avancé. Donnes moi la taille de ton fichier d'échange.

mets à jours tes drivers ici : https://www.touslesdrivers.com/index.php?v_page=29
0
GERARD
4 mars 2011 à 00:08
la taille de mon fichier d'échange est 3956MB
0
GERARD
4 mars 2011 à 00:13
euh par rapport à mes drivers (je pose une question qui peut paraitre évidente mais qui me semble importante): pour les mettre à jour j'appuye sur la flèche verte en dessous du drivre qu'il va maj ??
0