maxxxxxx

aye g reinstalle avast et mac fee je te remercie pour tout le temps que tu m'as accorde, j'espere que cette fois j'en suis venu a bout!!! encore merci et si g le moindre souci jte ais signe lol ciao

okok bin ca va etre long a telecharge tout ca!!! lol dois je faire autre chose ou ca yest jen suis totalement debarasse????

aye g termine la desinstallation de mcafee et ses composants, et non ct pas une version cracke lol, g regarde dans le dossier mcfee avt de l'effacer et g vu un truc keyword que g copier au cas ou!! lol, sinon voila je n'ai plus d'antivirus maintenant lol il me reste le pare feu windows, je retelecharge avast??? et apres cela je n'ai vraiment plus de virus sur mon ordi?????

ayé g desinstalle tools cleaner, bin jcrois qu'il vaut mieux que je desinstalle mac fee je crois pour pu du tout avoir de virus? C dommage car je crois que c'etait une version payante mais je n'ai pas de cd de reinstallation ou de cle! et apres je fais quoi d'autre??

[ Rapport ToolsCleaner version 2.3.7 (par A.Rothstein & dj QUIOU) ] --> Recherche: C:\Combofix.txt: trouvé ! C:\Qoobox: trouvé ! C:\Users\supermax\AppData\Roaming\Microsoft\Windows\Recent\HijackThis.lnk: trouvé ! C:\Users\supermax\Desktop\HijackThis.exe: trouvé ! C:\Users\supermax\Desktop\hijackthis.log: trouvé ! --------------------------------- --> Suppression: C:\Users\supermax\AppData\Roaming\Microsoft\Windows\Recent\HijackThis.lnk: supprimé ! C:\Users\supermax\Desktop\HijackThis.exe: supprimé ! C:\Combofix.txt: supprimé ! C:\Users\supermax\Desktop\hijackthis.log: supprimé ! C:\Qoobox: supprimé ! pour avast je l'ai supprime normalement entierement car g pas eu de probleme et pas mac fee comme tu mlas conseille et maintenant ?

bin a ton avis pour mac fee je fais comment??? j'efface aussi avast??? j'ai efface ce qu'il y avait dans c:/ qoobox dois je effacer le dossier vide aussi? pour les autres windows me les a pas trouve c quils doivent pas etre la!!

G TAPE DIRECTEMENT c:\qoobox et la il ya des trucs des fichiers et dossier dont Backenv, Quarantine, Add-remove program, combofix2, combofix quarantined, snapshot@2009 dois je tous les effacer???

g essaye plusieurs orthographes: combofix/u combofix /u meme en majuscule mais rien ny fait

bin non macfee depuis j'arrive pas a le demarrer, le probleme c'est que il etait avec mon ordi et je crois que jpourrais pas le ravoir pfff deg!! sinon il ne veut pas m'executer combofix /u, il me dit que windows ne trouve pas et demande de verifier si vous avez entre nom correct

merci encore pour le temps que tu m'accordes!!

voila le rapport, j'ai du redemarrer l'ordi car internet explorer ne marchait plus apres le rapport! ComboFix 09-07-06.05 - supermax 07/07/2009 16:29.1 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3070.2068 [GMT 2:00] Lancé depuis: c:\users\supermax\Desktop\TRALALA.EXE SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Un nouveau point de restauration a été créé . ((((((((((((((((((((((((((((( Fichiers créés du 2009-06-07 au 2009-07-07 )))))))))))))))))))))))))))))))))))) . 2009-07-06 21:58 . 2009-07-06 21:58 -------- d-----w- c:\program files\AxBx 2009-07-06 21:26 . 2009-07-06 21:26 -------- d-----w- c:\users\supermax\AppData\Roaming\Malwarebytes 2009-07-06 21:26 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-06 21:26 . 2009-07-06 21:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-06 21:26 . 2009-07-06 21:26 -------- d-----w- c:\progra~2\Malwarebytes 2009-07-06 21:26 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-06 20:37 . 2008-07-19 14:30 94392 ----a-w- c:\windows\system32\AvastSS.scr 2009-07-06 20:37 . 2008-07-19 14:43 1163960 ----a-w- c:\windows\system32\aswBoot.exe 2009-07-06 20:37 . 2008-07-19 14:36 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2009-06-14 14:19 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll 2009-06-14 14:19 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll 2009-06-10 18:26 . 2009-06-24 05:56 1 ----a-w- c:\users\supermax\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-06-10 18:25 . 2009-06-10 18:25 -------- d-----w- c:\users\supermax\AppData\Roaming\OpenOffice.org 2009-06-10 18:22 . 2009-06-10 18:22 -------- d-----w- c:\program files\OpenOffice.org 3 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-07 11:58 . 2009-02-12 14:49 680 ----a-w- c:\users\supermax\AppData\Local\d3d9caps.dat 2009-07-06 21:12 . 2008-01-21 08:40 669566 ----a-w- c:\windows\system32\perfh00C.dat 2009-07-06 21:12 . 2008-01-21 08:40 123556 ----a-w- c:\windows\system32\perfc00C.dat 2009-06-11 01:08 . 2008-03-27 02:44 -------- d-----w- c:\progra~2\Microsoft Help 2009-06-11 01:07 . 2008-03-27 02:45 -------- d-----w- c:\program files\Microsoft Works 2009-06-11 00:18 . 2008-10-29 20:15 74280 ----a-w- c:\users\supermax\AppData\Local\GDIPFONTCACHEV1.DAT 2009-05-16 15:33 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-04-24 16:05 . 2009-06-11 00:54 827904 ----a-w- c:\windows\system32\wininet.dll 2009-04-24 16:02 . 2009-06-11 00:54 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-04-24 13:44 . 2009-06-11 00:54 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2009-04-23 12:43 . 2009-06-11 00:54 784896 ----a-w- c:\windows\system32\rpcrt4.dll 2009-04-23 12:42 . 2009-06-11 00:54 636928 ----a-w- c:\windows\system32\localspl.dll 2009-04-21 11:55 . 2009-06-11 00:54 2033152 ----a-w- c:\windows\system32\win32k.sys 2009-04-08 15:25 . 2009-01-21 23:19 1834 ----a-w- c:\users\supermax\AppData\Roaming\SAS7_000.DAT 2006-05-03 09:06 . 2008-11-17 19:30 163328 --sh--r- c:\windows\System32\flvDX.dll 2007-02-21 10:47 . 2008-11-17 19:30 31232 --sh--r- c:\windows\System32\msfDX.dll 2008-03-16 12:30 . 2008-11-17 19:30 216064 --sh--r- c:\windows\System32\nbDX.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-01-03 01:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-07-06 78008] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-06 185872] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-01-24 102400] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936] "PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704] "PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2008-01-22 200704] "NvSvc"="c:\windows\system32\nvsvc.dll" [2008-03-11 92704] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-11 88608] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-11 8534560] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-06 582992] "LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 707080] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-11-22 178712] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-02-25 518656] "eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144] "DNS7reminder"="c:\program files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" [2007-03-19 259624] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-24 4702208] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2004-10-10 864256] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472] c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\ Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-27 535336] SETAUDIO.EXE [2008-4-4 20480] SETRES.EXE [2008-4-4 20480] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKLM\~\startupfolder\C:^Users^supermax^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk] path=c:\users\supermax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2123226601-3335222283-2956887339-1000] "EnableNotificationsRef"=dword:00000003 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{50EE9C1C-53B4-4D7B-B7E5-B1247A916E35}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe "{9646821E-AA4D-4EBB-91DE-C16DBFAA16AB}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician "{F7C96D37-D50D-474C-BC72-0B4DCDB7F566}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia "{8B91EBA4-FCB5-4048-BA9C-DED98F7F4709}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard "{4E58F5DB-0C95-4DA2-BC92-AAB96FFF4056}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{0E4A5ED0-3552-44DD-B6F9-CA2CDCBCF20C}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{0DBEA17D-9BB9-4EE2-A932-B77DA0387E61}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent "{F0E168EE-9E28-4C3C-A5AF-8CFF847606B1}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine "{1A83A408-C821-4308-BB3C-B7FCBEA0C9DF}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie "{3C260B07-87BE-448D-81A4-6F76205B9DB5}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program "{67765683-E8B3-4FB2-8335-3B2C8E269574}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{7F68E3D1-2B9C-4262-8DE6-DCBD8C0C789B}d:\\super\\pes6.exe"= UDP:d:\super\pes6.exe:pes6.exe "UDP Query User{B7EFC7BD-9155-4E25-89EF-48CA2387D090}d:\\super\\pes6.exe"= TCP:d:\super\pes6.exe:pes6.exe "TCP Query User{395FDABB-2781-4A64-846E-2D2F29529C72}c:\\program files\\common files\\newtech infosystems\\liveupdate\\liveupdate.exe"= UDP:c:\program files\common files\newtech infosystems\liveupdate\liveupdate.exe:LiveUpdate "UDP Query User{0EC718A9-EDA4-4CF3-8B95-BE769FC9E91B}c:\\program files\\common files\\newtech infosystems\\liveupdate\\liveupdate.exe"= TCP:c:\program files\common files\newtech infosystems\liveupdate\liveupdate.exe:LiveUpdate [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [25/06/2008 07:23 41456] R2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [27/03/2008 05:02 51200] R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [06/07/2009 22:37 51280] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [02/11/2008 03:58 210216] R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [27/03/2008 11:22 43008] S3 A310;AVerMedia A310 DVB-T;c:\windows\System32\drivers\AVerA310USB.sys [27/03/2008 11:22 26752] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [27/03/2008 11:22 179712] S3 BDASwCap;AVerMedia A310 BDA DVBT Capture Device;c:\windows\System32\drivers\AVerA310Cap.sys [27/03/2008 11:22 42752] S4 CanalPlus.VOD;CanalPlus.VOD;c:\program files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe [05/02/2009 15:38 188416] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://fr.fr.acer.yahoo.com mStart Page = hxxp://fr.fr.acer.yahoo.com uInternet Settings,ProxyServer = cache-etu.univ-artois.fr:3128 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-07 16:33 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl" . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'Explorer.exe'(3860) c:\program files\McAfee\SiteAdvisor\saHook.dll c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll c:\acer\Empowering Technology\EPOWER\SysHook.dll . Heure de fin: 2009-07-07 16:35 ComboFix-quarantined-files.txt 2009-07-07 14:34 ComboFix2.txt 2009-07-07 10:46 Avant-CF: 2 003 587 072 octets libres Après-CF: 1 989 935 104 octets libres 170 --- E O F --- 2009-06-16 13:30

euh bizarre il me dit for some reason your system denied write access to the hostS file etc... notepad C:/windows/System32/drivers/etc/hostsand press enter Find the line hijack this reports etc......... for vista exit hijack this ricght click on the hijack this icon choose run as administrator J'ai eu ca!!!!! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:04:41, on 07/07/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18248) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\RtHDVCpl.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Windows\PLFSetI.exe C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe C:\Users\supermax\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Acer\Empowering Technology\eAudio\eAudio.exe C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Windows\system32\wuauclt.exe C:\Users\supermax\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache-etu.univ-artois.fr:3128 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking9\Ereg.ini O4 - HKUS\S-1-5-18\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Default user') O4 - Global Startup: Empowering Technology Launcher.lnk = ? O4 - Global Startup: SETAUDIO.EXE O4 - Global Startup: SETRES.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9524 bytes euh apres je ferme hijack this ou je coche ts les trucs

bin il veut pas mouvrir hijack this, bizarre c un fichier zip, j'ai jamais eu de probleme a les ouvrir mais la il me dit application non reconnu impossible a ouvrir!! que puis je faire?

IL TE MANQUE DES TRUCS,,,????

VOILOU ENCORE MERCI Malwarebytes' Anti-Malware 1.38 Version de la base de données: 2297 Windows 6.0.6001 Service Pack 1 06/07/2009 23:34:14 mbam-log-2009-07-06 (23-34-14).txt Type de recherche: Examen rapide Eléments examinés: 80613 Temps écoulé: 6 minute(s), 45 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 7 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 6 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 8 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sK9Ou0s (Rootkit.Bagle) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\111111s1ro1s1a (Rootkit.Bagle) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sk9ou0s (Rootkit.Bagle.KillAV) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sk9ou0s (Rootkit.Bagle.KillAV) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\111111s1ro1s1a (Rootkit.Bagle) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\111111s1ro1s1a (Rootkit.Bagle) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\drvsyskit (Rootkit.Bagle) -> Delete on reboot. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.122,85.255.112.154 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{76f1d6ec-3b35-4163-a3ce-218c16cfd00f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.122,85.255.112.154 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.122,85.255.112.154 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{76f1d6ec-3b35-4163-a3ce-218c16cfd00f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.122,85.255.112.154 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.122,85.255.112.154 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{76f1d6ec-3b35-4163-a3ce-218c16cfd00f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.122,85.255.112.154 -> Quarantined and deleted successfully. Dossier(s) infecté(s): c:\Users\supermax\AppData\Roaming\drivers\downld (Worm.Bagle) -> Quarantined and deleted successfully. Fichier(s) infecté(s): c:\Users\supermax\AppData\Roaming\drivers\winupgro.exe (Trojan.Agent) -> Delete on reboot. c:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\supermax\AppData\Local\Temp\DVDextraPL.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\supermax\AppData\Roaming\drivers\11s11ro1s1a2.sys (Rootkit.Bagle.KillAV) -> Quarantined and deleted successfully. c:\Users\supermax\AppData\Roaming\drivers\111wfs1intwq.sys (Rootkit.Bagle) -> Quarantined and deleted successfully. C:\Windows\System32\MSIVXcount (Trojan.Agent) -> Quarantined and deleted successfully. c:\Windows\System32\MSIVXihstmihisoiqklruimaegfhxjmdryvji.dll (Trojan.Agent) -> Quarantined and deleted successfully. c:\Windows\System32\MSIVXnescfwfdshwbhopxwmupwgukosdiviqp.dll (Trojan.Agent) -> Quarantined and deleted successfully.