Processus hôte windows (Rundll32) à cessé de fonctionner...

Salut

C'est que le nettoyage a été partiel.

Télécharge ici :OTL

▶ enregistre le sur ton Bureau.

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."

sur OTL.exe pour le lancer.

▶ => Clique ici pour voir la Configuration

▶ Copie et colle le contenu de ce qui suit en gras dans la partie inférieure d'OTL "Personnalisation"

/md5start
explorer.exe
winlogon.exe
wininit.exe
services.exe
volsnap.sys
atapi.sys
ndisuio.sys
net.exe
tdx.sys
netbt.sys
afd.sys
net1.exe
Rundll32.exe
/md5stop
netsvcs
safebootminimal
safebootnetwork
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\system32\*.ini
%systemroot%\Tasks\*.*
%systemroot%\system32\Tasks\*.*
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\config\*.exe /s
%systemroot%\system32\*.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa /s
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
CREATERESTOREPOINT
SAVEMBR:0

▶ Clic sur Analyse.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\<Bureau ou Desktop>\OTL.txt)

▶▶▶ NE LE POSTE PAS SUR LE FORUM (il est trop long)

heberge OTL.txt et extra.txt sur FEC Upload et donne les liens obtenus en échange

salut,

il ne faut pas cliquer sur le lien une fois celui-ci créé, mais le copier ...
là, je ne sais pas télécharger tes rapports :(

D'accord je vais réessayer

https://forums-fec.be/upload/www/?action=d&id=0818701529

https://forums-fec.be/upload/www/?action=d&id=8564507430

Super :)

Désinstalle Registry Reviver (arnaque)
Désinstalle Mirar
Eviter Shareaza & consorts ... Source d'infectionSSSSssss !
Eviter les sites comme 01 pas net du tout et Softonic
Désinstalle tout java

Ensuite, à faire dans l'ordre indiqué :

====================================================

ATTENTION !!! : Script personnalisé pour cette machine uniquement , ne pas reproduire !!

Relance OTL

▶ Copie la liste qui se trouve en gras ci-dessouset colle-la dans la zone sous "Personnalisation" :


:OTL
PRC - [2012/09/20 17:20:34 | 001,898,960 | ---- | M] (iMesh, Inc) -- C:\Program Files\iMesh Applications\Mediabar\Datamngr\datamngrUI.exe
MOD - [2012/09/20 17:20:37 | 001,747,408 | ---- | M] (iMesh, Inc) -- C:\PROGRA~1\IMESHA~1\Mediabar\Datamngr\datamngr.dll
SRV - File not found [Auto | Stopped] -- -- (0275801240526351mcinstcleanup)
IE - HKLM\..\URLSearchHook: {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSof0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://www1.search-results.com/web?l=dis&q=&o=APN10653&apn_dtid=%5EIME001%5EYY%5EFR&shad=s_0043&apn_uid=1353451594024450&gct=ds&apn_ptnrs=%5EAG1&d=1-333&lang=en&atb=sysid%3D1%3Aappid%3D333%3Auid%3Da24c0bf3f3c9a7c6%3Asrc%3Dieb%3Ao%3DAPN10653%3Atg%3D&p2=%5EAG1%5EIME001%5EYY%5EFR{searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2567681
IE - HKU\S-1-5-21-2366517288-3578682309-463860932-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2366517288-3578682309-463860932-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.net
IE - HKU\S-1-5-21-2366517288-3578682309-463860932-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=119998&babsrc=SP_ss&mntrId=ea3679fe00000000000000234e7f548f
IE - HKU\S-1-5-21-2366517288-3578682309-463860932-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://www1.search-results.com/web?l=dis&q=&o=APN10653&apn_dtid=%5EIME001%5EYY%5EFR&shad=s_0043&apn_uid=1353451594024450&gct=ds&apn_ptnrs=%5EAG1&d=1-333&lang=en&atb=sysid%3D1%3Aappid%3D333%3Auid%3Da24c0bf3f3c9a7c6%3Asrc%3Dieb%3Ao%3DAPN10653%3Atg%3D&p2=%5EAG1%5EIME001%5EYY%5EFR{
IE - HKU\S-1-5-21-2366517288-3578682309-463860932-1000\..\SearchScopes\{C8AA830F-4877-49C8-9B9C-2E301756E350}: "URL" = http://start.funmoods.com/results.php?f=4&a=ironto&q={searchTerms}
O2 - BHO: (Messenger Plus Live France Toolbar) - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSof0.dll (Conduit Ltd.)
O2 - BHO: (DataMngr) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\PROGRA~1\IMESHA~1\Mediabar\Datamngr\BROWSE~1.DLL (iMesh, Inc)
O2 - BHO: (Search-Results Toolbar) - {bff6b2ca-366c-4a90-b685-d87776deb0d2} - C:\PROGRA~1\IMESHA~1\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
O3 - HKLM\..\Toolbar: (Messenger Plus Live France Toolbar) - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {bff6b2ca-366c-4a90-b685-d87776deb0d2} - C:\PROGRA~1\IMESHA~1\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
O3 - HKU\S-1-5-21-2366517288-3578682309-463860932-1000\..\Toolbar\WebBrowser: (Messenger Plus Live France Toolbar) - {4DAAC69C-CBA7-45E2-9BC8-1044483D3352} - C:\Program Files\Softonic_France\tbSof0.dll (Conduit Ltd.)
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\IMESHA~1\Mediabar\Datamngr\DATAMN~1.EXE (iMesh, Inc)
O4 - HKLM\..\Run: [EoEngine] File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\Mediabar\Datamngr\datamngr.dll) - C:\PROGRA~1\IMESHA~1\Mediabar\Datamngr\datamngr.dll (iMesh, Inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\Mediabar\Datamngr\IEBHO.dll) - C:\PROGRA~1\IMESHA~1\Mediabar\Datamngr\IEBHO.dll (iMesh, Inc)
[2012/11/11 16:22:45 | 000,000,000 | ---D | C] -- C:\ProgramData\2D331
[2012/10/28 08:59:27 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/10/14 13:58:25 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Local\{F32B3559-FAE5-4066-94A4-FCC6A6313E54}
[2012/10/05 15:22:32 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Local\{A5F2F48E-C1E3-4CC1-B3A1-5D271E16D282}
[2012/09/25 16:56:55 | 000,000,000 | ---D | C] -- C:\Program Files\iMesh Applications
[2012/12/15 13:41:00 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\Registry Reviver-acer-Startup.job
[2012/02/19 13:38:58 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Babylon
[2011/01/11 13:27:45 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\moovida-1
[2010/11/19 20:16:44 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\OfferBox
[2012/08/09 19:06:31 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Tuto4pc
@Alternate Data Stream - 16 bytes -> C:\Users\acer\Downloads:Shareaza.GUID


:Files
C:\Program Files\Softonic_France
ipconfig /flushdns /c

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{257F7345-5471-4B92-A0B6-80DAEADEFB3C}"=-
"{637DA563-45FD-4453-B583-4D6DEFD1BE5A}"=-
"{74692A1E-2836-4C07-BF7F-1C98C9D2E991}"=-
"{952C01E2-AD0A-4E2C-9042-19DBC58975AE}"=-
"{EDDFADB2-CCB3-42FF-A93D-E91DD9115AC7}"=-
"{F6CF0348-39A6-4999-808F-14FC177783C7}"=-

:Commands
[EMPTYTEMP]


▶ Clique sur "Correction" pour lancer la suppression.


▶ Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail apres le redemarrage.

======================================================

▶ Télécharge sur cette page: AdwCleaner (de Xplode)

▶ Lance-le

clique sur Suppression et patiente le temps du nettoyage.

▶ Poste le contenu du rapport que tu trouveras dans ton disque dur c:\ADwcleaner[Sx].txt ou son contenu s'il s'ouvre.

======================================================

▶ Télécharge et installe Malwarebytes' Anti-Malware (MBAM).

▶ Exécute-le. Accepte la mise à jour.



● Uniquement en cas de problème de mise à jour:

● Télécharger mises à jour manuelles MBAM

● Exécute le fichier après l'installation de MBAM



▶ Sélectionne "Exécuter un examen complet"
▶ Clique sur "Rechercher"
▶ L'analyse démarre, le scan est relativement long, c'est normal.

A la fin de l'analyse, un message s'affiche :

Citation :

L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.

▶ Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
▶ Ferme tes navigateurs.
▶ Si des malwares ont été détectés, clique sur Afficher les résultats.
▶ Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse : ferme le.

Si MBAM demande à redémarrer le pc : ▶ fais-le.

Au redémarrage, relance MBAM, onglet "Rapport/Logs", copie/colle celui qui correspond à l'analyse effectuée.

====================================================

Relance OTL.
Coche Rapport minimal, et ne touche à rien d'autre
Clique sur Analyse
Héberge le rapport sur FEC Upload et colle le lien.


Bon courage.
A tout à l'heure :)

Merci de votre aide, je suis entrain de desinstaller java, mais je ne trouve nul part dans mon ordinateur Registry Reviver et Mirar.

Dans ce cas, tu passe à la correction OTL ;)

Mon antivirus bloque la désinstallation de Mirar car quand je clique sur désinstaller il m'ouvre une page malveillante et impossible de le désinstaller.

Désactive l'antivirus :)
Il est fort, il te laisse l'installer alors que c'est une m€rde et ensuite il veut pas que tu le désinstalle car il le détecte comme une m€rde o_O

Oui c'est très fort ;)
C'est une galère a désinstaller mirar

Il me dit qu'il ne trouve pas l'emplacement des fichiers Mirar sur mon ordinateur et me propose de faire un Scan avec Regzooka pour les trouver, mais c'est un scan qu'il faut acheter.

N'installe pas Regzooka c'est une arnaque.

Bon passe à la correction avec OTL, on patine là :)

Oui je vais passer a la correction sinon on va passer la nuit sur Mirar ;)

:)

Voilà le rapport :

All processes killed
========== OTL ==========
Process datamngrUI.exe killed successfully!
Service 0275801240526351mcinstcleanup stopped successfully!
Service 0275801240526351mcinstcleanup deleted successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{4daac69c-cba7-45e2-9bc8-1044483d3352} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4daac69c-cba7-45e2-9bc8-1044483d3352}\ deleted successfully.
C:\Program Files\Softonic_France\tbSof0.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\S-1-5-21-2366517288-3578682309-463860932-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-2366517288-3578682309-463860932-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2366517288-3578682309-463860932-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-2366517288-3578682309-463860932-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ not found.
Registry key HKEY_USERS\S-1-5-21-2366517288-3578682309-463860932-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C8AA830F-4877-49C8-9B9C-2E301756E350}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8AA830F-4877-49C8-9B9C-2E301756E350}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4daac69c-cba7-45e2-9bc8-1044483d3352}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4daac69c-cba7-45e2-9bc8-1044483d3352}\ not found.
File C:\Program Files\Softonic_France\tbSof0.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}\ deleted successfully.
File move failed. C:\PROGRA~1\IMESHA~1\Mediabar\Datamngr\BROWSE~1.DLL scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bff6b2ca-366c-4a90-b685-d87776deb0d2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bff6b2ca-366c-4a90-b685-d87776deb0d2}\ deleted successfully.
C:\PROGRA~1\IMESHA~1\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4daac69c-cba7-45e2-9bc8-1044483d3352} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4daac69c-cba7-45e2-9bc8-1044483d3352}\ not found.
File C:\Program Files\Softonic_France\tbSof0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{bff6b2ca-366c-4a90-b685-d87776deb0d2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bff6b2ca-366c-4a90-b685-d87776deb0d2}\ not found.
File C:\PROGRA~1\IMESHA~1\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll not found.
Registry value HKEY_USERS\S-1-5-21-2366517288-3578682309-463860932-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4DAAC69C-CBA7-45E2-9BC8-1044483D3352} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4DAAC69C-CBA7-45E2-9BC8-1044483D3352}\ not found.
File C:\Program Files\Softonic_France\tbSof0.dll not found.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
File move failed. C:\PROGRA~1\IMESHA~1\Mediabar\Datamngr\DATAMN~1.EXE scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\IMESHA~1\Mediabar\Datamngr\datamngr.dll deleted successfully.
C:\PROGRA~1\IMESHA~1\Mediabar\Datamngr\datamngr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\IMESHA~1\Mediabar\Datamngr\IEBHO.dll deleted successfully.
C:\PROGRA~1\IMESHA~1\Mediabar\Datamngr\IEBHO.dll moved successfully.
C:\ProgramData\2D331 folder moved successfully.
C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\x86 folder moved successfully.
C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86 folder moved successfully.
C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 folder moved successfully.
C:\Users\acer\AppData\Local\{F32B3559-FAE5-4066-94A4-FCC6A6313E54} folder moved successfully.
C:\Users\acer\AppData\Local\{A5F2F48E-C1E3-4CC1-B3A1-5D271E16D282} folder moved successfully.
C:\Program Files\iMesh Applications\Mediabar\Datamngr\SRTOOL~1\components folder moved successfully.
C:\Program Files\iMesh Applications\Mediabar\Datamngr\SRTOOL~1\chrome\skin\searchbar folder moved successfully.
C:\Program Files\iMesh Applications\Mediabar\Datamngr\SRTOOL~1\chrome\skin\options folder moved successfully.
C:\Program Files\iMesh Applications\Mediabar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Program Files\iMesh Applications\Mediabar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Program Files\iMesh Applications\Mediabar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Program Files\iMesh Applications\Mediabar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Program Files\iMesh Applications\Mediabar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa folder moved successfully.
C:\Program Files\iMesh Applications\Mediabar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images folder moved successfully.
C:\Program Files\iMesh Applications\Mediabar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Program Files\iMesh Applications\Mediabar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Program Files\iMesh Applications\Mediabar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Program Files\iMesh Applications\Mediabar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default folder moved successfully.
C:\Program Files\iMesh Applications\Mediabar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\css folder moved successfully.
C:\Program Files\iMesh Applications\Mediabar\Datamngr\SRTOOL~1\chrome\skin\lib\panels folder moved successfully.
C:\Program Files\iMesh Applications\Mediabar\Datamngr\SRTOOL~1\chrome\skin\lib\debugbar folder moved successfully.
C:\Program Files\iMesh Applications\Mediabar\Datamngr\SRTOOL~1\chrome\skin\lib folder moved successfully.
C:\Program Files\iMesh Applications\Mediabar\Datamngr\SRTOOL~1\chrome\skin folder moved successfully.
C:\Program Files\iMesh Applications\Mediabar\Datamngr\SRTOOL~1\chrome\locale\toolbar folder moved successfully.
C:\Program Files\iMesh Applications\Mediabar\Datamngr\SRTOOL~1\chrome\locale\lib folder moved successfully.
C:\Program Files\iMesh Applications\Mediabar\Datamngr\SRTOOL~1\chrome\locale folder moved successfully.
C:\Program Files\iMesh Applications\Mediabar\Datamngr\SRTOOL~1\chrome\data\weather folder moved successfully.
C:\Program Files\iMesh Applications\Mediabar\Datamngr\SRTOOL~1\chrome\data\search folder moved successfully.
C:\Program Files\iMesh Applications\Mediabar\Datamngr\SRTOOL~1\chrome\data folder moved successfully.
C:\Program Files\iMesh Applications\Mediabar\Datamngr\SRTOOL~1\chrome\content\widgets\net.vmn.www.RadioBeta folder moved successfully.
C:\Program Files\iMesh Applications\Mediabar\Datamngr\SRTOOL~1\chrome\content\widgets\com.djboxservice.dj.DJBox\thumbs folder moved successfully.
C:\Program Files\iMesh Applications\Mediabar\Datamngr\SRTOOL~1\chrome\content\widgets\com.djboxservice.dj.DJBox folder moved successfully.
C:\Program Files\iMesh Applications\Mediabar\Datamngr\SRTOOL~1\chrome\content\widgets folder moved successfully.
C:\Program Files\iMesh Applications\Mediabar\Datamngr\SRTOOL~1\chrome\content\modules folder moved successfully.
C:\Program Files\iMesh Applications\Mediabar\Datamngr\SRTOOL~1\chrome\content\lib folder moved successfully.
C:\Program Files\iMesh Applications\Mediabar\Datamngr\SRTOOL~1\chrome\content folder moved successfully.
C:\Program Files\iMesh Applications\Mediabar\Datamngr\SRTOOL~1\chrome folder moved successfully.
C:\Program Files\iMesh Applications\Mediabar\Datamngr\SRTOOL~1 folder moved successfully.
C:\Program Files\iMesh Applications\Mediabar\Datamngr\ChromeExtension\lib folder moved successfully.
C:\Program Files\iMesh Applications\Mediabar\Datamngr\ChromeExtension\config\skin\images folder moved successfully.
C:\Program Files\iMesh Applications\Mediabar\Datamngr\ChromeExtension\config\skin\css folder moved successfully.
C:\Program Files\iMesh Applications\Mediabar\Datamngr\ChromeExtension\config\skin folder moved successfully.
C:\Program Files\iMesh Applications\Mediabar\Datamngr\ChromeExtension\config folder moved successfully.
C:\Program Files\iMesh Applications\Mediabar\Datamngr\ChromeExtension folder moved successfully.
C:\Program Files\iMesh Applications\Mediabar\Datamngr folder moved successfully.
C:\Program Files\iMesh Applications\Mediabar folder moved successfully.
C:\Program Files\iMesh Applications folder moved successfully.
C:\Windows\Tasks\Registry Reviver-acer-Startup.job moved successfully.
C:\Users\acer\AppData\Roaming\Babylon folder moved successfully.
C:\Users\acer\AppData\Roaming\moovida-1\addin-db-001\hosts folder moved successfully.
C:\Users\acer\AppData\Roaming\moovida-1\addin-db-001\addin-dir-data folder moved successfully.
C:\Users\acer\AppData\Roaming\moovida-1\addin-db-001\addin-data\1 folder moved successfully.
C:\Users\acer\AppData\Roaming\moovida-1\addin-db-001\addin-data folder moved successfully.
C:\Users\acer\AppData\Roaming\moovida-1\addin-db-001 folder moved successfully.
C:\Users\acer\AppData\Roaming\moovida-1 folder moved successfully.
C:\Users\acer\AppData\Roaming\OfferBox folder moved successfully.
C:\Users\acer\AppData\Roaming\Tuto4pc folder moved successfully.
Unable to delete ADS C:\Users\acer\Downloads:Shareaza.GUID .
========== FILES ==========
C:\Program Files\Softonic_France folder moved successfully.
[color=#A23BEC]< ipconfig /flushdns /c >/color
Configuration IP de Windows
Cache de r'solution DNS vid'.
C:\Users\acer\Desktop\cmd.bat deleted successfully.
C:\Users\acer\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{257F7345-5471-4B92-A0B6-80DAEADEFB3C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{257F7345-5471-4B92-A0B6-80DAEADEFB3C}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{637DA563-45FD-4453-B583-4D6DEFD1BE5A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{637DA563-45FD-4453-B583-4D6DEFD1BE5A}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{74692A1E-2836-4C07-BF7F-1C98C9D2E991} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74692A1E-2836-4C07-BF7F-1C98C9D2E991}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{952C01E2-AD0A-4E2C-9042-19DBC58975AE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{952C01E2-AD0A-4E2C-9042-19DBC58975AE}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EDDFADB2-CCB3-42FF-A93D-E91DD9115AC7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EDDFADB2-CCB3-42FF-A93D-E91DD9115AC7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F6CF0348-39A6-4999-808F-14FC177783C7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6CF0348-39A6-4999-808F-14FC177783C7}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: acer
->Temp folder emptied: 93805360 bytes
->Temporary Internet Files folder emptied: 31249508 bytes
->Java cache emptied: 134406089 bytes
->Google Chrome cache emptied: 333526422 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 57955 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 71342 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 566,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12152012_160122

Files\Folders moved on Reboot...
File\Folder C:\PROGRA~1\IMESHA~1\Mediabar\Datamngr\BROWSE~1.DLL not found!
File\Folder C:\PROGRA~1\IMESHA~1\Mediabar\Datamngr\DATAMN~1.EXE not found!
File\Folder C:\Windows\temp\mcafee_I8svdpezePrLHE9 not found!
File\Folder C:\Windows\temp\mcafee_wMgwh5fQLdt6DkC not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Royal :)

AdwCleaner maintenant ;)

AdwCleaner :

# AdwCleaner v2.100 - Rapport créé le 15/12/2012 à 16:14:10
# Mis à jour le 09/12/2012 par Xplode
# Système d'exploitation : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Nom d'utilisateur : acer - PC-DE-ACER
# Mode de démarrage : Normal
# Exécuté depuis : C:\Users\acer\Downloads\adwcleaner.exe
# Option [Suppression]


***** [Services] *****


***** [Fichiers / Dossiers] *****

Dossier Supprimé : C:\Program Files\Ask.com
Dossier Supprimé : C:\Program Files\Fluendo
Dossier Supprimé : C:\Program Files\Funmoods
Dossier Supprimé : C:\Program Files\Giant Savings
Dossier Supprimé : C:\Program Files\ICQ6Toolbar
Dossier Supprimé : C:\ProgramData\Ask
Dossier Supprimé : C:\ProgramData\Babylon
Dossier Supprimé : C:\ProgramData\boost_interprocess
Dossier Supprimé : C:\ProgramData\ICQ\ICQToolbar
Dossier Supprimé : C:\Users\acer\AppData\Local\Babylon
Dossier Supprimé : C:\Users\acer\AppData\Local\Giant Savings
Dossier Supprimé : C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj
Dossier Supprimé : C:\Users\acer\AppData\Local\moovida air
Dossier Supprimé : C:\Users\acer\AppData\Local\OpenCandy
Dossier Supprimé : C:\Users\acer\AppData\Local\Tuto4pc
Dossier Supprimé : C:\Users\acer\AppData\LocalLow\Conduit
Dossier Supprimé : C:\Users\acer\AppData\LocalLow\PriceGong
Dossier Supprimé : C:\Users\acer\AppData\LocalLow\Softonic_France
Dossier Supprimé : C:\Users\acer\AppData\Roaming\Save
Dossier Supprimé : C:\Windows\Installer\{2C8574B5-6935-4FCE-860E-F4E8602378FF}
Fichier Supprimé : C:\user.js

***** [Registre] *****

Clé Supprimée : HKCU\Software\APN DTX
Clé Supprimée : HKCU\Software\AppDataLow\Software\Conduit
Clé Supprimée : HKCU\Software\AppDataLow\Software\Crossrider
Clé Supprimée : HKCU\Software\AppDataLow\Software\Giant Savings
Clé Supprimée : HKCU\Software\AppDataLow\Software\PriceGong
Clé Supprimée : HKCU\Software\AppDataLow\Software\Softonic_France
Clé Supprimée : HKCU\Software\AppDataLow\Toolbar
Clé Supprimée : HKCU\Software\Conduit
Clé Supprimée : HKCU\Software\Cr_Installer
Clé Supprimée : HKCU\Software\DataMngr
Clé Supprimée : HKCU\Software\DataMngr_Toolbar
Clé Supprimée : HKCU\Software\Funmoods
Clé Supprimée : HKCU\Software\InstalledBrowserExtensions
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Funmoods
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Giant Savings
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Softonic_France Toolbar
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdate_is1
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4260E0CC-0F75-462E-88A3-1E05C248BF4C}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4DAAC69C-CBA7-45E2-9BC8-1044483D3352}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BFF6B2CA-366C-4A90-B685-D87776DEB0D2}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4260E0CC-0F75-462E-88A3-1E05C248BF4C}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4DAAC69C-CBA7-45E2-9BC8-1044483D3352}
Clé Supprimée : HKCU\Software\Offerbox
Clé Supprimée : HKCU\Software\Softonic
Clé Supprimée : HKCU\Software\Spointer
Clé Supprimée : HKCU\Software\Tuto4PC
Clé Supprimée : HKCU\Software\WhenUSave
Clé Supprimée : HKLM\Software\Babylon
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{C1C897CB-9D37-4462-8B23-14103A392372}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011441179}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022442279}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{D6EABD14-6C9D-45B1-8566-FEB8F6C2DC62}
Clé Supprimée : HKLM\SOFTWARE\Classes\Conduit.Engine
Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0004479.BHO
Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0004479.BHO.1
Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0004479.Sandbox
Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0004479.Sandbox.1
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445579}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446679}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Clé Supprimée : HKLM\SOFTWARE\Classes\Prod.cap
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar.CT2186548
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar.CT2542115
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar.CT2567681
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044444479}
Clé Supprimée : HKLM\Software\Conduit
Clé Supprimée : HKLM\Software\DataMngr
Clé Supprimée : HKLM\Software\Funmoods
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\ndkhncnongaclekkbelchmeafffimifj
Clé Supprimée : HKLM\Software\Messenger Plus!\OpenCandy
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011441179}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BFF6B2CA-366C-4A90-B685-D87776DEB0D2}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011441179}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D6EABD14-6C9D-45B1-8566-FEB8F6C2DC62}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Giant Savings
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softonic_France Toolbar
Clé Supprimée : HKLM\Software\Softonic_France
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Valeur Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion [adv_i]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion [adv_i]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [EoEngine]

***** [Navigateurs] *****

-\\ Internet Explorer v9.0.8112.16457

Remplacé : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.funmoods.com/?f=2&a=ironto --> hxxp://www.google.com

-\\ Google Chrome v23.0.1271.97

Fichier : C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[S1].txt - [9413 octets] - [15/12/2012 16:14:10]

########## EOF - C:\AdwCleaner[S1].txt - [9473 octets] ##########

Mais c'est nickel :)

Malwarebytes now ;)

Voilà le rapport de Malwarebyte :

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Version de la base de données: v2012.12.15.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
acer :: PC-DE-ACER [administrateur]

15/12/2012 16:32:49
mbam-log-2012-12-15 (16-32-49).txt

Type d'examen: Examen complet (C:\|D:\|E:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 390634
Temps écoulé: 2 heure(s), 23 minute(s), 57 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)

(fin)

Et voici le lien du rapport OTL :

https://forums-fec.be/upload/www/?action=d&id=0676619475

Mais c'est royal :)

Reste à faire une correction OTL (comme au début) mais avec ça :

:OTL
IE - HKLM\..\SearchScopes\{2A893A39-EA85-4258-BD6A-253CF73CCA1F}: "URL" = http://www.mirarsearch.com/?q={searchTerms}&a=SEARCH