tonky1200

Merci Notpa, A++

Bonjour Notpa, bon je vais faire avec... Tu n'as pas une astuce pour pouvoir agrandir les fenêtres ? puisque l'option "CTR + ROULETTE" marche pas. Merci

Re toujours pas ;(( Fait la désintallation avec Revo + un nettoyage avec Glary Utilities... La chose étrange c'est que ça marchait au début (1°installation de FF), Merci pour ta patience Notpa

Rien à faire... FF en safe mode même chose et oui la barre sur la droite defile bien en double-cliquant dessus. A+

Bonjour Notpa, oui elle est bien cochée.

Bonjour, depuis peu je n'ai plus la possibilité de défiler rapidement dans les pages Firefox, avec le touch pad ou avec molette de la souris. Déjà réinstallé Firefox vierge...rien, mise à jour du pilote souris et touch pad.... rien. A noter que cela fonctionne en dehors de Firefox !! Des suggestions ?? MERCI !!! Laptop Acer V3-771G

J'ai trouvé finalement la facture.... 2 ans de garantie... SAV direct!!! Ils m'ont dit que j'étais pas le premier avec ce modèle... Changement du processeur. Voili voilà, merci encore pour vos réponses.

Merci, je vais essayer ça... Demain.. Pas le temps maintenant. Je vous ferai savoir!!

Oui, il tourne bien.... j'ai ouvert la bête et un petit coup de soufflette, aspirateur... mais il monte très vite en température et arrivé à +/-100°c ... il s'éteint ( La plaquette en feraille au dessus du processeur (radiateur) est très chaud!!

Acer laptop Aspire 5735Z. Le portable s'éteint tout seul après quelque temps... Installé HWMonitor pour controller la temp du CPU et après démarrage à froid (+/- 50°C) en lançant quelque applications (vidéo, internet..) la température monte jusqu'à 100°Celsius !!!!???? Les ouïes de refroidissement sont propres. L'ordi n'a que 1 an!! Des idées ?? Merci.

Toujours trop rapide Apollo!!!! Oublies le précèdent post.

Encore une petite question: Comment signaler cette discussion "résolu" sur le forum? Comme je suis un petit nouveau dans les forums........... Thx

Yessss !!!!! J'ai fait aussi les vérifications des programmes que tu conseilles...(avec PSI) et la machine tourne comme sortie d'usine (!) Encore un grand merci Apollo; Bravo pour ton efficacité et rapidité!!!!! Bonne nuitée

RSIT info RSIT log Voici

ComboFix 10-10-26.04 - satine 27/10/2010 21:21:02.1.4 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3326.2143 [GMT 2:00] Lancé depuis: c:\users\satine\Desktop\plop.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\satine\AppData\Roaming\chrtmp c:\windows\explorer.exe . . . est infecté!! . . .Failed to restore. Attempting to replace on reboot Une copie infectée de c:\windows\System32\wininit.exe a été trouvée et désinfectée Copie restaurée à partir de - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe Une copie infectée de c:\windows\explorer.exe a été trouvée et désinfectée Copie restaurée à partir de - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_Boonty Games ((((((((((((((((((((((((((((( Fichiers créés du 2010-09-27 au 2010-10-27 )))))))))))))))))))))))))))))))))))) . 2010-10-27 19:25 . 2010-10-27 20:05 -------- d-----w- c:\users\satine\AppData\Local\temp 2010-10-27 19:25 . 2010-10-27 19:25 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-10-27 15:37 . 2010-10-27 15:37 -------- d-----w- c:\users\satine\AppData\Roaming\Malwarebytes 2010-10-27 15:37 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-27 15:37 . 2010-10-27 15:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-10-27 15:37 . 2010-10-27 15:37 -------- d-----w- c:\programdata\Malwarebytes 2010-10-27 15:37 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-26 12:27 . 2010-10-26 12:27 -------- d-----w- c:\users\satine\AppData\Roaming\Vast Studios 2010-10-26 11:54 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C56D4E2-4464-4358-884E-168DF4C15BA1}\mpengine.dll 2010-10-25 12:35 . 2010-10-25 12:35 -------- d-----w- c:\users\satine\AppData\Roaming\Mariaglorum 2010-10-25 01:34 . 2010-10-25 01:34 -------- d-----w- c:\users\satine\AppData\Roaming\Namco 2010-10-25 01:33 . 2010-10-26 00:45 -------- d-----w- c:\program files\Namco 2010-10-24 23:47 . 2010-10-24 23:47 -------- d-----w- c:\users\satine\AppData\Roaming\Die Saeule der Maya 2010-10-24 23:46 . 2010-10-24 23:46 -------- d-----w- c:\program files\Games 2010-10-24 18:41 . 2010-10-24 18:41 -------- d-----w- c:\users\satine\AppData\Roaming\Apple Computer 2010-10-21 10:35 . 2010-10-21 10:35 -------- d-----w- c:\users\satine\AppData\Roaming\Canneverbe Limited 2010-10-21 10:35 . 2010-10-21 10:35 -------- d-----w- c:\programdata\Canneverbe Limited 2010-10-21 10:35 . 2010-10-21 10:35 -------- d-----w- c:\program files\CDBurnerXP 2010-10-20 18:05 . 2010-10-20 18:06 -------- d-----w- c:\users\satine\AppData\Roaming\ThreeDays2 2010-10-20 16:02 . 2010-10-20 16:02 -------- d-----w- c:\windows\The Island Castaway 2010-10-20 16:01 . 2010-10-20 16:01 -------- d-----w- c:\windows\system32\2038 2010-10-20 13:41 . 2010-10-20 13:41 -------- d-----w- c:\programdata\Veronica&BoD 2010-10-19 01:43 . 2010-10-19 01:44 -------- d-----w- c:\users\satine\AppData\Local\SpookyManor 2010-10-18 23:49 . 2010-10-19 02:43 -------- d-----w- C:\GameHouse Games 2010-10-18 21:38 . 2010-10-18 21:38 -------- d-----w- c:\programdata\Casual Box 2010-10-18 20:37 . 2010-10-18 20:37 -------- d-----w- c:\users\satine\AppData\Roaming\MiniIT Games 2010-10-18 20:37 . 2010-10-18 20:37 -------- d-----w- c:\programdata\MiniIT Games 2010-10-18 13:59 . 2010-10-18 13:59 -------- d-----w- c:\windows\The Adventures of Mary Ann Lucky Pirates 2010-10-18 08:25 . 2010-10-18 08:25 -------- d-----w- c:\programdata\Friday's games 2010-10-16 11:28 . 2010-10-16 11:28 -------- d-----w- c:\users\satine\AppData\Roaming\perfect future studio 2010-10-16 11:03 . 2010-10-19 11:01 -------- d-----w- c:\users\satine\AppData\Roaming\GlarySoft 2010-10-16 10:59 . 2010-10-16 10:59 -------- d-----w- c:\program files\Glary Utilities 2010-10-16 10:48 . 2010-10-16 10:48 -------- d-----w- c:\program files\Common Files\Adobe 2010-10-15 11:24 . 2010-10-24 13:21 -------- d-----w- c:\users\satine\AppData\Roaming\World-LooM 2010-10-14 16:22 . 2010-10-14 16:22 -------- d-----w- c:\programdata\Elephant Games 2010-10-14 03:22 . 2010-10-14 03:22 -------- d-----w- c:\programdata\Robin Hood 2010-10-13 10:40 . 2010-10-13 10:40 -------- d-----w- c:\programdata\Becky Brogan 2 2010-10-07 11:18 . 2010-10-07 11:18 -------- d-----w- c:\users\satine\AppData\Local\Zivix 2010-10-06 14:18 . 2010-10-24 15:24 -------- d-----w- c:\users\satine\AppData\Roaming\Zuzu 2010-10-05 00:22 . 2010-10-05 00:22 -------- d-----w- c:\windows\Biggest Little Adventure 2010-10-04 21:34 . 2010-10-04 21:34 -------- d-----w- c:\users\satine\AppData\Local\Astar Games 2010-10-04 21:19 . 2010-10-04 21:19 -------- d-----w- c:\users\satine\AppData\Roaming\Youdagames 2010-10-04 21:19 . 2010-10-04 21:19 -------- d-----w- c:\programdata\Youdagames 2010-10-03 18:44 . 2010-10-03 18:44 -------- d-----w- c:\programdata\Die Saeule der Maya 2010-10-02 16:17 . 2010-10-21 12:29 -------- d-----w- c:\users\satine\AppData\Roaming\Artifex Mundi 2010-10-01 02:29 . 2010-10-01 02:29 -------- d-----w- c:\users\satine\AppData\Local\Microsoft Games 2010-09-30 16:32 . 2010-09-30 16:36 -------- d-----w- c:\programdata\TheFallTrilogyEp2-BF 2010-09-30 12:14 . 2010-09-30 12:14 -------- d-----w- c:\programdata\Rare Treasures - Dinnerware Trading Company 2010-09-29 08:04 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-19 09:41 . 2010-02-11 10:52 222080 ------w- c:\windows\system32\MpSigStub.exe 2010-08-17 14:11 . 2010-09-15 22:46 128000 ----a-w- c:\windows\system32\spoolsv.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-21 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-01-19 8452640] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] c:\users\satine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KOO9RV9K4Z HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Spooler HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norman ZANDA HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchEngineProtection HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMH2B46TDP [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar] 2009-12-08 19:29 240992 ----a-w- c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-289405200-1804262588-853402014-1000] "EnableNotificationsRef"=dword:00000001 R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-18 135664] R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] S2 iWinTrusted;iWinTrusted;d:\program files\iWin Games\iWinTrusted.exe [2010-09-02 176408] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-06-07 240232] --- Autres Services/Pilotes en mémoire --- *Deregistered* - pfdzwspe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contenu du dossier 'Tâches planifiées' 2010-10-27 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2010-10-16 08:32] 2010-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-18 01:50] 2010-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-18 01:50] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://start.iplay.com/?o=shp uInternet Settings,ProxyOverride = *.local IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - ProfilePath - c:\users\satine\AppData\Roaming\Mozilla\Firefox\Profiles\17wvvk2b.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=VIATDF&PC=VIATDF&q= FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://fr.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - component: c:\users\satine\AppData\Roaming\Mozilla\Firefox\Profiles\17wvvk2b.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npMyGames.dll FF - plugin: c:\program files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHELINS SUPPRIMES - - - - MSConfigStartUp-ctfupd - c:\program files\Common Files\Sysupdate\ctfupd.exe AddRemove-HijackThis - J:\HijackThis.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-10-27 22:08 Windows 6.0.6002 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pfdzwspe] . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\nvvsvc.exe c:\program files\OpenOffice.org 3\program\soffice.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\OpenOffice.org 3\program\soffice.bin c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\windows\system32\IoctlSvc.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\windows\system32\WUDFHost.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\servicing\TrustedInstaller.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Windows Media Player\wmpnscfg.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE . ************************************************************************** . Heure de fin: 2010-10-27 22:12:23 - La machine a redémarré ComboFix-quarantined-files.txt 2010-10-27 20:12 Avant-CF: 208 675 061 760 octets libres Après-CF: 208 153 513 984 octets libres - - End Of File - - 68ED726A3911F9969503F9831F939185 ---------------------------------------------// Voili voilà

ComboFix exécuté et après le scan il a redémarré le PC...mais ça fait +/-25min qu'il bloque sur la page "Fermeture de Session", la souris ne marche plus...

Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4966 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 27/10/2010 18:53:16 mbam-log-2010-10-27 (18-53-16).txt Type d'examen: Examen complet (C:\|D:\|) Elément(s) analysé(s): 292420 Temps écoulé: 47 minute(s), 29 seconde(s) Processus mémoire infecté(s): 1 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 12 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 3 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 15 Processus mémoire infecté(s): C:\Windows\System32\sdra64.exe (Spyware.Passwords.XGen) -> Unloaded process successfully. Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{446c29ec-5489-65be-5189-28400b3e2802} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{446c29ec-5489-65be-5189-28400b3e2802} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{83313942-b21e-454e-b5ae-d01992a63ad5} (Backdoor.SpyNet) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{83313942-b21e-454e-b5ae-d01992a63ad5} (Backdoor.SpyNet) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{446c29ec-5489-65be-5189-28400b3e2802} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\KOO9RV9K4Z (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\SMH2B46TDP (Trojan.FakeAlert) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Passwords.XGen) -> Data: c:\windows\system32\sdra64.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Passwords.XGen) -> Data: system32\sdra64.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Users\satine\AppData\Roaming\8h6tilQB0Tj4.exe,C:\Windows\system32\sdra64.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\Windows\System32\lowsec (Stolen.data) -> Delete on reboot. Fichier(s) infecté(s): C:\Windows\System32\basecspp.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Windows\System32\sdra64.exe (Spyware.Passwords.XGen) -> Delete on reboot. C:\Users\satine\AppData\Local\Mozilla\Firefox\Profiles\17wvvk2b.default\Cache\48B5BC38d01 (Rogue.SmartEngine) -> Quarantined and deleted successfully. C:\Users\satine\AppData\Local\Mozilla\Firefox\Profiles\17wvvk2b.default\Cache\5E88E9B7d01 (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\satine\AppData\Local\Mozilla\Firefox\Profiles\17wvvk2b.default\Cache\BEE2FC0Ed01 (Rogue.SmartEngine) -> Quarantined and deleted successfully. C:\Windows\System32\raseerver.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Windows\System32\sshnas21.dll (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\Windows\System32\drivers\pfdzwspe.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\lowsec\local.ds (Stolen.data) -> Delete on reboot. C:\Windows\System32\lowsec\user.ds (Stolen.data) -> Delete on reboot. C:\Windows\System32\lowsec\user.ds.lll (Stolen.data) -> Quarantined and deleted successfully. C:\Users\Public\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\Users\Public\Documents\Server\server.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. -------------------------------/ PC redémarré et toujours Antir qui sonne!!

Bonsoir Apollo, merci de ta rapidité... @+

Bonjour, depuis quelques jour mon PC est devenu fou.... plus moyen de se connecter au web...Antivir qui sonne les cloches toutes les 3 secondes... Et toujours le même message de Antivir: Troyan XPACK.Gen.2... HELP Merci PS: voici le log hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:23:43, on 27/10/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe C:\Windows\system32\sdra64.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe D:\Program Files\iWin Games\iWinTrusted.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Windows\system32\IoctlSvc.exe C:\Windows\system32\svchost.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\wuauclt.exe C:\Windows\System32\svchost.exe J:\HiJackThis.exe C:\Windows\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = I-play Web Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Users\satine\AppData\Roaming\8h6tilQB0Tj4.exe,C:\Windows\system32\sdra64.exe, O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Adobe PDF Link Helper - {446C29EC-5489-65BE-5189-28400B3E2802} - C:\Windows\system32\basecspp.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O13 - Gopher Prefix: O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} (Java Plug-in 1.6.0_20) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: iWinTrusted - iWin Inc. - D:\Program Files\iWin Games\iWinTrusted.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 8922 bytes --------------------------------------------------------------------// LIEN POUR TROUVER LE log ZHPDiag effectué avec ZHPDiag Mon lien -----------------------------------------------------------------------// Log éffectué avec Malwarebyte'Anti Malware Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4966 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 27/10/2010 18:28:30 mbam-log-2010-10-27 (18-28-30).txt Type d'examen: Examen complet (C:\|D:\|) Elément(s) analysé(s): 292420 Temps écoulé: 47 minute(s), 29 seconde(s) Processus mémoire infecté(s): 1 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 12 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 3 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 15 Processus mémoire infecté(s): C:\Windows\System32\sdra64.exe (Spyware.Passwords.XGen) -> No action taken. Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{446c29ec-5489-65be-5189-28400b3e2802} (Trojan.Vundo.H) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{446c29ec-5489-65be-5189-28400b3e2802} (Trojan.Vundo.H) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{83313942-b21e-454e-b5ae-d01992a63ad5} (Backdoor.SpyNet) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{83313942-b21e-454e-b5ae-d01992a63ad5} (Backdoor.SpyNet) -> No action taken. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{446c29ec-5489-65be-5189-28400b3e2802} (Trojan.Vundo.H) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\KOO9RV9K4Z (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\SMH2B46TDP (Trojan.FakeAlert) -> No action taken. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> No action taken. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Passwords.XGen) -> Data: c:\windows\system32\sdra64.exe -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Passwords.XGen) -> Data: system32\sdra64.exe -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Users\satine\AppData\Roaming\8h6tilQB0Tj4.exe,C:\Windows\system32\sdra64.exe,) Good: (userinit.exe) -> No action taken. Dossier(s) infecté(s): C:\Windows\System32\lowsec (Stolen.data) -> No action taken. Fichier(s) infecté(s): C:\Windows\System32\basecspp.dll (Trojan.Vundo.H) -> No action taken. C:\Windows\System32\sdra64.exe (Spyware.Passwords.XGen) -> No action taken. C:\Users\satine\AppData\Local\Mozilla\Firefox\Profiles\17wvvk2b.default\Cache\48B5BC38d01 (Rogue.SmartEngine) -> No action taken. C:\Users\satine\AppData\Local\Mozilla\Firefox\Profiles\17wvvk2b.default\Cache\5E88E9B7d01 (Trojan.FakeAlert) -> No action taken. C:\Users\satine\AppData\Local\Mozilla\Firefox\Profiles\17wvvk2b.default\Cache\BEE2FC0Ed01 (Rogue.SmartEngine) -> No action taken. C:\Windows\System32\raseerver.exe (Trojan.Dropper) -> No action taken. C:\Windows\System32\sshnas21.dll (Rootkit.TDSS) -> No action taken. C:\Windows\System32\drivers\pfdzwspe.sys (Rootkit.Agent) -> No action taken. C:\Windows\System32\lowsec\local.ds (Stolen.data) -> No action taken. C:\Windows\System32\lowsec\user.ds (Stolen.data) -> No action taken. C:\Windows\System32\lowsec\user.ds.lll (Stolen.data) -> No action taken. C:\Users\Public\Documents\Server\admin.txt (Malware.Trace) -> No action taken. C:\Users\Public\Documents\Server\server.dat (Malware.Trace) -> No action taken. C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> No action taken. C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken. ------------------------------------------///