Infecté par Malware defender : A l'aide !Résolu/Fermé

Question

Bonjour, donc j'ai été infecté par un espece de virus qui s'appelle Malware defender 2009 

Se virus m'ouvre des fenetre pour me dire que j'ai soit disant été infecté par un Trojan (Cheval de troie) ou d'autre pour acheter se logiciel.

En bref se truc me pourrie la vie...
J'ai éssayer de faire des analyse avec : Avast, Windows defender et Malware Bites ils n'ont rien trouvé 

je ne sait plus quoi faire donc... j'aurais besoin d'aide pour carboniser se virus a coups de blaster ;)


Merci d'avance pour les réponse.

Utilisateur anonyme · Answer

Salut ,


&#9654; Télécharge random's system information tool (RSIT) et sauvegarde-le sur le Bureau. 

• Double-clique sur RSIT.exe afin de lancer RSIT. 

• Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions). 

• Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence. 

• Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. 

• Poste le contenu de log.txt .

• Tuto : https://forum.pcastuces.com/randoms_system_information_tool_rsit-f31s31.htm

Inifinitii · Answer

Alors voila enfin par contre c'est long
--------------------------------------------------


Logfile of random's system information tool 1.06 (written by random/random)
Run by pascal at 2009-12-26 17:36:25
Microsoft® Windows Vista™ Édition Familiale Premium  Service Pack 1
System drive C: has 29 GB (20%) free of 148 GB
Total RAM: 3066 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:37:07, on 26/12/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\system32	askeng.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32undll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Users\pascal\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Windows\PLFSetI.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Iminent\IMBooster\IMBooster.exe
C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Users\pascal\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\pascal\AppData\Local\Temp\wscsvc32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Live\Messenger\wlcsdk.exe
C:\Users\pascal\Downloads\Downloader_AirRivals_FR_1.0.0.1.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Users\pascal\AppData\Local\Temp\is-IEURR.tmp\Downloader_AirRivals_FR_1.0.0.1.tmp
C:\Users\pascal\Downloads\Downloader_AirRivals_FR_1.0.0.1.exe
C:\Users\pascal\AppData\Local\Temp\is-L0RTP.tmp\Downloader_AirRivals_FR_1.0.0.1.tmp
C:\Windows\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Users\pascal\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\pascal\Downloads\RSIT.exe
C:\Program Files	rend micro\pascal.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.iminent.com/?appId=8588f1fc-258e-4b9c-b368-e5c79c9c5634
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trooner.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: PHPNukeFR Toolbar - {1c491116-c175-45e1-a570-6fb14fea8b7b} - C:\Program Files\PHPNukeFR	bPHP0.dll
R3 - URLSearchHook: Iminent.BHO.NavigationError - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - C:\Program Files\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PHPNukeFR Toolbar - {1c491116-c175-45e1-a570-6fb14fea8b7b} - C:\Program Files\PHPNukeFR	bPHP0.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: CHelperBHO - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - C:\Program Files\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Iminent.LinkToContent - {A6E9BAAF-53CD-4575-967B-2AF710A7D21F} - C:\Program Files\Iminent\IMBooster\Iminent.LinkToContent.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: PHPNukeFR Toolbar - {1c491116-c175-45e1-a570-6fb14fea8b7b} - C:\Program Files\PHPNukeFR	bPHP0.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe /warmup
O4 - HKLM\..\Run: [Iminent.Notifier] C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Vivaty] "C:\Program Files\Vivaty\VivatyPlayer\vivaty.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\pascal\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [richtx64.exe] C:\Users\pascal\AppData\Local\Tempichtx64.exe
O4 - HKCU\..\RunOnce: [Iminent.Notifier Install] "C:\Users\pascal\AppData\Local\Temp\NotifierSetup.exe" /s
O4 - HKCU\..\RunOnce: [.IMinentUpdate] C:\Users\pascal\AppData\Local\Temp\NotifierSetup.exe /s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Users\pascal\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} (SonyOnlineInstallerX) - https://www.daybreakgames.com/home
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Service Google Update (gupdate1c9e8145afa2a40) (gupdate1c9e8145afa2a40) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
vvsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

Utilisateur anonyme · Answer

Plusieures infection : Rogue , rootkit et adware ..


Télécharge ce fichier : https://www.ionos.fr/?affiliate_id=77097 

Double clic dessus , le pc va redémarrer aussitot . 

Au redémarrage post le rapport C:\Log.txt qui apparaitra .


##############


Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

Avant de telecharger clic sur enregistrer renome le en killbagle et enregistre le sur le bureau 


-> Double clique sur killbagle.exe. 
-> Tape sur la touche 1 (Yes) pour démarrer le scan. 
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt 

Avant d'utiliser ComboFix : 

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours. 


Une fois fait, sur ton bureau double-clic sur killbagle.exe. 

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc. 

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes. 

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire. 

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

Inifinitii · Answer

Dpnc j'ai le rapport d'apres moi il a été suprimé c'est ecrit sur le bilan et je n'ai plus les fentre de publiciter enfin on verra 

----------------------

############# [ RemoverMD Logfile ]

Supprimé ! C:\Users\pascal\AppData\Local\Temp\richtx64.exe 
Supprimé ! C:\Users\pascal\AppData\Local\Temp\wscsvc32.exe 
Supprimé ! C:\Program Files\Malware Defense 

Supprimé ! [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "richtx64.exe"  

############# [ EOF ]

Utilisateur anonyme · Answer

passe combofix comme expliqué ..

Inifinitii · Answer

Donc la j'ai le compte rendu je te le post ?

Inifinitii · Answer

.

Utilisateur anonyme · Answer

on va soccuper de l adware :


• Télécharge Ad-remover ( de C_XX ) sur ton bureau : 


! Déconnecte toi et ferme toutes applications en cours ! 

• Double clique sur "Ad-R.exe" pour lancer l'installation  . 

• L'installation est automatique , l outil souvre .
 
• Au menu principal choisis l'option "L" et tape sur [entrée] .

• Laisse travailler l'outil et ne touche à rien ... 

--> Poste le rapport qui apparait à la fin , sur le forum ...

( Le rapport est sauvegardé aussi sous C:\Ad-report.log ) 
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller ) 

Tuto : http://pagesperso-orange.fr/NosTools/tuto_adr_3.html

Inifinitii · Answer

Il me met un message du genre "le controle des compte d'uttilisateur est actif, dans ces condition le logiciel ne peu pas s'éxécuté veuillez en parlé a la personne qui vous aide"


"

Utilisateur anonyme · Answer

Exact t es sous vista 

Désactive l UAC : comme expliqué ici :

http://pagesperso-orange.fr/nostools/uac_vista.html

Redémarre le pc et relance ad Remover

Inifinitii · Answer

Voila apres environ 15-30 minute j'ai le rapport 

------------------------------

.
======= RAPPORT D'AD-REMOVER 1.1.4.6_F | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 24.12.2009 à 13:08
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 19:47:35, 26/12/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows Vista™ Home Premium Service Pack 1 v6.0.6001
Nom du PC: PC-DE-PASCAL | Utilisateur actuel: pascal

Bonnes fêtes de fin d'année à vous tous :)
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.

C:\Windows\Installer\{E1B94435-241E-4519-B1C3-C4DD9EB352A2} 
C:\Program Files\Mozilla FireFox\extensions\linkcontent@iminent 
C:\Program Files\Mozilla FireFox\searchplugins\SearchTheWeb.xml 
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\IMBooster 
C:\ProgramData\Iminent 
C:\Windows\Installer\a6e8ea.msi   
C:\Windows\Installer\a6e8f7.msi   
C:\Users\pascal\AppData\Local\cyawy.bat 
C:\Users\pascal\AppData\Local\gwyic.bat 
C:\Program Files\Iminent - ... [b]ERREUR SUPPRESSION !!/b 

(!) -- Fichiers temporaires supprimés.
 
.
HKCU\software\Grand Virtual
HKCU\software\Iminent
HKCU\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
HKCU\software\microsoft\internet explorer\searchscopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} 
HKLM\Software\Classes\CLSID\{696E3174-4F6C-4777-7834-654C4A705677}
HKLM\Software\Classes\CLSID\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
HKLM\Software\Classes\CLSID\{A6E9BAAF-53CD-4575-967B-2AF710A7D21F}
HKLM\software\classes\IminentBHONavigationError.CHelperBHO
HKLM\software\classes\IminentBHONavigationError.CHelperBHO.1
HKLM\software\classes\IminentLinkToContent.LinkToContent
HKLM\software\classes\IminentLinkToContent.LinkToContent.1
HKLM\software\classes\installer\Products\53449B1EE14291541B3C4CDDE93B252A
HKLM\software\classes\installer\Products\C73660D04266C3348A703CD454AD1B48
HKLM\Software\Classes\Interface\{0CA97EEE-C8C4-4B10-A332-10AF1FBEB534}
HKLM\Software\Classes\Interface\{12FB9C3D-0875-4CAA-B3B1-9DCCCE749DE5}
HKLM\Software\Classes\TypeLib\{2C6674DB-EFB5-464A-A715-3E770B9C8A94}
HKLM\Software\Classes\TypeLib\{587D1093-12E0-4B0E-9426-AF9DC5ABB77D}
HKLM\Software\Classes\TypeLib\{77860007-19AE-4C29-B26D-AEA48F3A05C5}
HKLM\software\iAvatars.com
HKLM\software\Iminent
HKLM\software\Loader
HKLM\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
HKLM\software\microsoft\internet explorer\searchscopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6E9BAAF-53CD-4575-967B-2AF710A7D21F}
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Products\53449B1EE14291541B3C4CDDE93B252A
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Products\C73660D04266C3348A703CD454AD1B48
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\IMBooster 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Iminent.Notifier 
HKLM\software\microsoft\windows\currentversion\uninstall\{0D06637C-6624-433C-A807-C34D45DAB184}
HKLM\software\microsoft\windows\currentversion\uninstall\{E1B94435-241E-4519-B1C3-C4DD9EB352A2}
HKLM\software\microsoft\windows\currentversion\uninstall\gwyic
HKLM\software\microsoft\windows\currentversion\uninstall\IMBooster
HKLM\software\microsoft\windows\currentversion\uninstall\SearchTheWeb
.
============== Scan additionnel ==============
.
.
* Internet Explorer Version 8.0.6001.18865 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\Windows\system32\blank.htm
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Enable Browser Extensions: yes
Start Page Redirect Cache: hxxp://fr.msn.com/?ocid=iehp
Start Page Redirect Cache_TIMESTAMP: 92628a1b63f6c901
Start Page Redirect Cache AcceptLangs: fr
Use Search Asst: no
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\Windows\System32\blank.htm
Enable Browser Extensions: yes
Use Search Asst: no
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
5033 Octet(s) - C:\Ad-Report-CLEAN[1].log 
.
3 Fichier(s) - C:\Users\pascal\AppData\Local\Temp 
7 Fichier(s) - C:\Windows\Temp 
0 Fichier(s) - C:\Windows\Prefetch 
.
18 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
843 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE 
.
Fin à: 20:25:16 | 26/12/2009 - CLEAN[1]
.
============== E.O.F ==============

Utilisateur anonyme · Answer

Réitère l option L car y a un fichier qui resiste ^^

et post le rapport stp

Inifinitii · Answer

Oui le fichier qui résiste c'est IMinent tu est siur que c'est nuisible a mon PC parceque c'est un suplément pour MSN ^^

Utilisateur anonyme · Answer

C est un adware ...

Inifinitii · Answer

Ce qui veut dire ?

Utilisateur anonyme · Answer

Que c est une infection

Inifinitii · Answer

<t'a une autre idée parceque IMinent c'est de la glu....

Par contre en lisant le truc j'ai remarquer que le logiciel disant Je cite "
Bonnes fêtes de fin d'année à vous tous :)" xD

----------------------




======= RAPPORT D'AD-REMOVER 1.1.4.6_F | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 24.12.2009 à 13:08
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 21:12:23, 26/12/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows Vista™ Home Premium Service Pack 1 v6.0.6001
Nom du PC: PC-DE-PASCAL | Utilisateur actuel: pascal

Bonnes fêtes de fin d'année à vous tous :)
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.

C:\Program Files\Iminent - ... [b]ERREUR SUPPRESSION !!/b 

(!) -- Fichiers temporaires supprimés.
 
.
.
============== Scan additionnel ==============
.
.
* Internet Explorer Version 8.0.6001.18865 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\Windows\system32\blank.htm
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Enable Browser Extensions: yes
Start Page Redirect Cache: hxxp://fr.msn.com/?ocid=iehp
Start Page Redirect Cache_TIMESTAMP: 92628a1b63f6c901
Start Page Redirect Cache AcceptLangs: fr
Use Search Asst: no
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\Windows\System32\blank.htm
Enable Browser Extensions: yes
Use Search Asst: no
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
5402 Octet(s) - C:\Ad-Report-CLEAN[1].log 
2085 Octet(s) - C:\Ad-Report-CLEAN[2].log 
.
5 Fichier(s) - C:\Users\pascal\AppData\Local\Temp 
7 Fichier(s) - C:\Windows\Temp 
0 Fichier(s) - C:\Windows\Prefetch 
.
19 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
846 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE 
.
Fin à: 21:38:34 | 26/12/2009 - CLEAN[2]
.
============== E.O.F ==============

Inifinitii · Answer

Logiquement je devrais pouvoir le désinstalé non ? je te rappelle que c'est un "Add on" pour MSN

Utilisateur anonyme · Answer

Oui désinstal le , 

On finira demain si tu veux bien :)

Bonne nuit .

Inifinitii · Answer

OK Merci beaucoup pour l'aide ;)

Utilisateur anonyme · Answer

Bonjours ,

Comment va le pc ?

Refais un scan RSIT et post log.txt pour faire le point .

Inifinitii · Answer

Mieux depuis que Malware defender a dégager 

-------------------------------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by pascal at 2009-12-27 19:18:12
Microsoft® Windows Vista™ Édition Familiale Premium  Service Pack 1
System drive C: has 42 GB (28%) free of 148 GB
Total RAM: 3066 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:18:27, on 27/12/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32undll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Windows\PLFSetI.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Users\pascal\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Windows\system32	askeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\pascal\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Live\Messenger\wlcsdk.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\pascal\Downloads\RSIT.exe
C:\Program Files	rend micro\pascal.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: PHPNukeFR Toolbar - {1c491116-c175-45e1-a570-6fb14fea8b7b} - C:\Program Files\PHPNukeFR	bPHP0.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PHPNukeFR Toolbar - {1c491116-c175-45e1-a570-6fb14fea8b7b} - C:\Program Files\PHPNukeFR	bPHP0.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: PHPNukeFR Toolbar - {1c491116-c175-45e1-a570-6fb14fea8b7b} - C:\Program Files\PHPNukeFR	bPHP0.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\pascal\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Users\pascal\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} (SonyOnlineInstallerX) - http://www.freerealms.com/gamedata/FreeRealmsInstaller.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Service Google Update (gupdate1c9e8145afa2a40) (gupdate1c9e8145afa2a40) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
vvsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

Utilisateur anonyme · Answer

Ok , on termine :

&#9654; Télécharge OTM de OldTimer sur ton Bureau. 

• Double-clique sur OTM.exe afin de le lancer. 

• Copie (Ctrl+C) le texte suivant ci-dessous : 



:processes 
explorer.exe 

:services 
catchme
EagleNT
Bonjour Service

:files 
C:\Program Files\Ad-Remover 
C:\ComboFix.txt 
C:\Windows\zip.exe 
C:\Windows\SWSC.exe 
C:\Windows\SWREG.exe 
C:\Windows\sed.exe 
C:\Windows\PEV.exe 
C:\Windows\NIRCMD.exe 
C:\Windows\MBR.exe 
C:\Windows\grep.exe 
C:\Windows\ERDNT 
C:\Windows\SWXCACLS.exe 
C:\Qoobox 
C:\RemoveMD 
C:\Program Files	rend micro 
C:sit 
C:\ProgramData\sysReserve.ini 
C:\Program Files\Iminent 

:commands 
[emptytemp] 
[reboot] 



• Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved. 

• Clique maintenant sur le bouton MoveIt! puis ferme OTM. 

&#9654; Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. 
&#9654; Accepte en cliquant sur YES. 

• Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\ 
Le nom du rapport correspond au moment de sa création : date_heure.log


#######

Maintenant , nous allons supprimer les logiciels de désinfection que je t'ai fait téléchargé. 
En effet , s'en servir est dangereux pour le pc si l'on ne s'y connais pas. 
De plus ils sont mis régulièrement à jours. 

&#8594; Ferme toutes les applications en cours, puis télécharge ToolsCleaner2 sur ton Bureau. 

&#8594; Fais un clic droit sur ToolsCleaner2.exe 
&#8594; Choisis executer en tant qu administrateur
&#8594; Clique sur .Recherche 
&#8594; puis sur Suppression quand la liste est trouvée. 
&#8594; Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\). 


(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller ) 

Note : ton bureau RISQUE de disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante : 

CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches. 
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter" 

Tape explorer.exe et valide. Cela fera re-apparaître le Bureau 


########

tuto vista : Désactive et reactive ta restauration

Inifinitii · Answer

Voila, Mon bureau a éffectivement disparu puis le programme a eu un "ne répond pas" du coups j'ai eu peur et j'ai voulu plutot faire la comande pour internet explorer xD (Iexplorer).

---------------------------------

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
Service catchme stopped successfully!
Service catchme deleted successfully!
Service EagleNT stopped successfully!
Service EagleNT deleted successfully!
Service Bonjour Service stopped successfully!
Service Bonjour Service deleted successfully!
========== FILES ==========
C:\Program Files\Ad-Remover\QUARANTINE\Windows\INSTAL~1\{E1B94~1 folder moved successfully.
C:\Program Files\Ad-Remover\QUARANTINE\Windows\INSTAL~1 folder moved successfully.
C:\Program Files\Ad-Remover\QUARANTINE\Windows folder moved successfully.
C:\Program Files\Ad-Remover\QUARANTINE\Users\pascal\AppData\Local folder moved successfully.
C:\Program Files\Ad-Remover\QUARANTINE\Users\pascal\AppData folder moved successfully.
C:\Program Files\Ad-Remover\QUARANTINE\Users\pascal folder moved successfully.
C:\Program Files\Ad-Remover\QUARANTINE\Users folder moved successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\IMBOOS~1 folder moved successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs folder moved successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~2\MICROS~1\Windows\STARTM~1 folder moved successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~2\MICROS~1\Windows folder moved successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~2\MICROS~1 folder moved successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~2\Iminent\IMINEN~1\Updates folder moved successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~2\Iminent\IMINEN~1\Raw\3 folder moved successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~2\Iminent\IMINEN~1\Raw\2 folder moved successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~2\Iminent\IMINEN~1\Raw\1 folder moved successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~2\Iminent\IMINEN~1\Raw folder moved successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~2\Iminent\IMINEN~1\Cache\APIIMI~1.COM folder moved successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~2\Iminent\IMINEN~1\Cache folder moved successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~2\Iminent\IMINEN~1 folder moved successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~2\Iminent folder moved successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~2 folder moved successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\MOZILL~1\SEARCH~1 folder moved successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\MOZILL~1\EXTENS~1\LINKCO~1\COMPON~1 folder moved successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\MOZILL~1\EXTENS~1\LINKCO~1\chrome\content folder moved successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\MOZILL~1\EXTENS~1\LINKCO~1\chrome folder moved successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\MOZILL~1\EXTENS~1\LINKCO~1 folder moved successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\MOZILL~1\EXTENS~1 folder moved successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\MOZILL~1 folder moved successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\Iminent\SEARCH~1 folder moved successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\Iminent\IMBOOS~1o folder moved successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\Iminent\IMBOOS~1\pt folder moved successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\Iminent\IMBOOS~1\it folder moved successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\Iminent\IMBOOS~1\inst folder moved successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\Iminent\IMBOOS~1\fr folder moved successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\Iminent\IMBOOS~1\es folder moved successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\Iminent\IMBOOS~1\en folder moved successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\Iminent\IMBOOS~1\de folder moved successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\Iminent\IMBOOS~1 folder moved successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\Iminent folder moved successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1 folder moved successfully.
C:\Program Files\Ad-Remover\QUARANTINE folder moved successfully.
C:\Program Files\Ad-Remover\ERUNT folder moved successfully.
C:\Program Files\Ad-Remover\BACKUP\Registry 26-12-2009\Users\00000002 folder moved successfully.
C:\Program Files\Ad-Remover\BACKUP\Registry 26-12-2009\Users\00000001 folder moved successfully.
C:\Program Files\Ad-Remover\BACKUP\Registry 26-12-2009\Users folder moved successfully.
C:\Program Files\Ad-Remover\BACKUP\Registry 26-12-2009 folder moved successfully.
C:\Program Files\Ad-Remover\BACKUP folder moved successfully.
C:\Program Files\Ad-Remover\1 folder moved successfully.
C:\Program Files\Ad-Remover folder moved successfully.
C:\ComboFix.txt moved successfully.
C:\Windows\zip.exe moved successfully.
C:\Windows\SWSC.exe moved successfully.
C:\Windows\SWREG.exe moved successfully.
C:\Windows\sed.exe moved successfully.
C:\Windows\PEV.exe moved successfully.
C:\Windows\NIRCMD.exe moved successfully.
C:\Windows\MBR.exe moved successfully.
C:\Windows\grep.exe moved successfully.
C:\Windows\ERDNT\subs\Users\00000004 folder moved successfully.
C:\Windows\ERDNT\subs\Users\00000003 folder moved successfully.
C:\Windows\ERDNT\subs\Users\00000002 folder moved successfully.
C:\Windows\ERDNT\subs\Users\00000001 folder moved successfully.
C:\Windows\ERDNT\subs\Users folder moved successfully.
C:\Windows\ERDNT\subs folder moved successfully.
C:\Windows\ERDNT\Hiv-backup\Users\00000004 folder moved successfully.
C:\Windows\ERDNT\Hiv-backup\Users\00000003 folder moved successfully.
C:\Windows\ERDNT\Hiv-backup\Users\00000002 folder moved successfully.
C:\Windows\ERDNT\Hiv-backup\Users\00000001 folder moved successfully.
C:\Windows\ERDNT\Hiv-backup\Users folder moved successfully.
C:\Windows\ERDNT\Hiv-backup folder moved successfully.
C:\Windows\ERDNT\cache folder moved successfully.
C:\Windows\ERDNT folder moved successfully.
C:\Windows\SWXCACLS.exe moved successfully.
C:\Qoobox\Quarantine\Registry_backups folder moved successfully.
C:\Qoobox\Quarantine\C\Windows\System32 folder moved successfully.
C:\Qoobox\Quarantine\C\Windows folder moved successfully.
C:\Qoobox\Quarantine\C\Users\pascal\AppData\Roaming\.# folder moved successfully.
C:\Qoobox\Quarantine\C\Users\pascal\AppData\Roaming folder moved successfully.
C:\Qoobox\Quarantine\C\Users\pascal\AppData\Local\Microsoft\Windows\Temporary Internet Files folder moved successfully.
C:\Qoobox\Quarantine\C\Users\pascal\AppData\Local\Microsoft\Windows folder moved successfully.
C:\Qoobox\Quarantine\C\Users\pascal\AppData\Local\Microsoft folder moved successfully.
C:\Qoobox\Quarantine\C\Users\pascal\AppData\Local folder moved successfully.
C:\Qoobox\Quarantine\C\Users\pascal\AppData folder moved successfully.
C:\Qoobox\Quarantine\C\Users\pascal folder moved successfully.
C:\Qoobox\Quarantine\C\Users folder moved successfully.
C:\Qoobox\Quarantine\C folder moved successfully.
C:\Qoobox\Quarantine folder moved successfully.
C:\Qoobox\BackEnv folder moved successfully.
C:\Qoobox folder moved successfully.
C:\RemoveMD folder moved successfully.
C:\Program Files	rend micro folder moved successfully.
C:sit folder moved successfully.
C:\ProgramData\sysReserve.ini moved successfully.
C:\Program Files\Iminent\IMBooster folder moved successfully.
C:\Program Files\Iminent folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
 
User: pascal
->Temp folder emptied: 4679048 bytes
->Java cache emptied: 49506035 bytes
->FireFox cache emptied: 69149400 bytes
->Google Chrome cache emptied: 6222435 bytes
->Apple Safari cache emptied: 1224928 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 45043712 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 275872 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 25494475 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 192,00 mb
 
 
OTM by OldTimer - Version 3.1.4.0 log created on 12272009_194357
All processes killed
 
OTM by OldTimer - Version 3.1.4.0 log created on 12272009_194353

Files moved on Reboot...
File C:\Users\pascal\AppData\Local\Temp\eDatasecurity\FileList.txt not found!
File C:\Windows	emp\_avast4_\Webshlock.txt not found!
File C:\Windows	emp\mcafee_CaI2pT3ofZ6CfBs not found!
File C:\Windows	emp\mcmsc_AK0W9dPg87LYlbO not found!
File C:\Windows	emp\mcmsc_Dho0coeKfGdhijt not found!
File C:\Windows	emp\mcmsc_RMgaiRBVbVSrrHp not found!
C:\Windows	emp\sqlite_eJ3rtO2SIyjQz9R moved successfully.
C:\Windows	emp\sqlite_UGuFmhIc6IRGZ9r moved successfully.

Registry entries deleted on Reboot...

Infecté par Malware defender : A l'aide !

24 réponses

Discussions similaires

Newsletters