Windows Vista Recovery

Résolu/Fermé
Signaler
-
 Utilisateur anonyme -
Alors tout d'abord boujour/bonsoir,

Je me tourne vers vous car j'ai été infecté ce soir même par le virus "Windows Vista Restore".
Après la panique du début (la moitié des icones qui disparait et un programme intitulé "Windows Vista Restore" qui se lance, c'est pas ce qu'il y a de plus rassurant) j'ai décidé de faire une restauration système à la date du 06/06/2011, puis, constantant quelques ralentissements, j'ai prit une date encore antérieure, le 04/06/2011.

Apparemment, mon ordi ne semble plus infecté (j'ai récupéré tous mes raccourcis, je peux me connecter à internet etc...). Cependant, j'ai un doute sur le fait que ce soit aussi simple. Je voulais donc savoir s'il existait un moyen pour vérifier si le virus à bien été effacé.
J'ai vu qu'il existe des logiciel comme "Roguekiller", mais il faut l'aide d'une personne assez calée pour l'utiliser, et comme je suis un as en informatique...


Donc voilà, j'espère que quelqu'un répondra à cet appel à l'aide^^

Merci de m'avoir lu!


28 réponses


Bonjour,

1) * Télécharge sur le bureau RogueKiller (par tigzy)
https://www.luanagames.com/index.fr.html


*( Sous Vista/Seven,clique droit, lancer en tant qu'administrateur )

* Quitte tous tes programmes en cours
* Lance RogueKiller.exe.
* Lorsque demandé, tape 2 et valide
*Si le rogue empêche le lancement du programme, Renomme (RogueKiller) en "winlogon" ou "firefox". Sinon renomme le en winlogon.exe ou firefox.exe (rajouter l'extension .exe)
* Un rapport (RKreport.txt) a du se créer à côté de l'exécutable, colle son contenu dans la réponse
* Si le programme a été bloqué, ne pas hésiter a essayer plusieurs fois.

Relance rogueKiller puis tapes 4 ensuite 6

Poste donc les trois rapports...

@+
J'ai constaté en allumant mon ordi ce matin qu'il était toujours sujet à des ralentissements, de plus j'ai reçu le message suivant : "Catalyst Control Center : Host a cessé de fonctionner".

Comme conseillé j'ai scanné avec HouseCall et ce dernier n'a rien détecté.

J'ai ensuite lancé RogueKiller, et appuyé sur 1 (plutôt que directement sur 2). Voilà donc le rapport que j'ai eu :

RogueKiller V5.2.2 [05/06/2011] par Tigzy
contact sur http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html

Systeme d'exploitation: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur: ***** [Droits d'admin]
Mode: Recherche -- Date : 10/06/2011 14:27:34

Processus malicieux: 0

Entrees de registre: 4
[SUSP PATH] HKCU\[...]\Run : iMeshInstall ("C:\Users\ROMO~1\AppData\Local\Temp\iMeshInstaller\nseFC98.tmp.exe" /N) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1831842027-177660604-1231479221-1000[...]\Run : iMeshInstall ("C:\Users\ROMO~1\AppData\Local\Temp\iMeshInstaller\nseFC98.tmp.exe" /N) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Fichier HOSTS:
127.0.0.1 localhost
::1 localhost


Termine : << RKreport[1].txt >>
RKreport[1].txt

Re,

L'option 1 c'est l'option de recherche mais nous voulons faire la suppression !

Relance RogueKiller puis tapes 2 ensuite 4 et enfin 6

Donc j'attend trois rapports de rogueKiller (RogueKiller pour les trois options)

@+
D'accord désolé, j'avais suivit les consignes du site "Roguekiller".

Voici donc les trois rapports demandé :

Rapport [2] :

RogueKiller V5.2.2 [05/06/2011] par Tigzy  
contact sur http://www.sur-la-toile.com  
mail: tigzyRK<at>gmail<dot>com  
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html  

Systeme d'exploitation: Windows Vista (6.0.6002 Service Pack 2) 32 bits version  
Demarrage : Mode normal  
Utilisateur: ***** [Droits d'admin]  
Mode: Suppression -- Date : 10/06/2011 15:51:20  

Processus malicieux: 0  

Entrees de registre: 3  
[SUSP PATH] HKCU\[...]\Run : iMeshInstall ("C:\Users\ROMO~1\AppData\Local\Temp\iMeshInstaller\nseFC98.tmp.exe" /N) -> DELETED  
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)  
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)  

Fichier HOSTS:  
127.0.0.1       localhost  
::1             localhost  


Termine : << RKreport[2].txt >>  
RKreport[1].txt ; RKreport[2].txt  


Rapport [4] :


RogueKiller V5.2.2 [05/06/2011] par Tigzy  
contact sur http://www.sur-la-toile.com  
mail: tigzyRK<at>gmail<dot>com  
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html  

Systeme d'exploitation: Windows Vista (6.0.6002 Service Pack 2) 32 bits version  
Demarrage : Mode normal  
Utilisateur: ***** [Droits d'admin]  
Mode: Proxy RAZ -- Date : 10/06/2011 15:52:01  

Processus malicieux: 0  

Entrees de registre: 0  

Termine : << RKreport[3].txt >>  
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt



Et enfin le Rapport [6] :

RogueKiller V5.2.2 [05/06/2011] par Tigzy  
contact sur http://www.sur-la-toile.com  
mail: tigzyRK<at>gmail<dot>com  
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html  

Systeme d'exploitation: Windows Vista (6.0.6002 Service Pack 2) 32 bits version  
Demarrage : Mode normal  
Utilisateur: ***** [Droits d'admin]  
Mode: Raccourcis RAZ -- Date : 10/06/2011 15:59:00  

Processus malicieux: 0  

Attributs de fichiers restaures:   
Bureau: Success 1 / Fail 0  
Lancement rapide: Success 0 / Fail 0  
Programmes: Success 36474 / Fail 0  
Menu demarrer: Success 2 / Fail 0  
Dossier utilisateur: Success 4295 / Fail 0  
Mes documents: Success 52 / Fail 0  
Mes favoris: Success 0 / Fail 0  
Mes images: Success 0 / Fail 0  
Ma musique: Success 21 / Fail 0  
Mes videos: Success 0 / Fail 0  
Disques locaux: Success 8356 / Fail 0  
Sauvegarde: [FOUND] Success 4 / Fail 0  

Lecteurs:  
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored  
[D:] \Device\CdRom0 -- 0x5 --> Skipped  
[F:] \Device\CdRom1 -- 0x5 --> Skipped  

Termine : << RKreport[4].txt >>  
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt



A+

Re,

*Télécharges Malwarebytes' (mbam)

ICI >> Malwarebytes' (mbam)


* installes + mise a jour
* Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) sans les ouvrir
* Lances--> Malwarebytes (MBAM)
* Puis vas dans l'onglet "Recherche", coche >>Exécuter un examen complet
* puis "Rechercher"
* Sélectionnes tes disques durs" puis clique sur "Lancer l'examen"
* A la fin du scan, clique sur Afficher les résultats puis sur Enregistrer le rapport
*Si MalwareBytes' détecte des infections, clique sur ==>Afficher les résultats, puis sur ==>Supprimer la sélection
* S'il t' es demandé de redémarrer, clique sur "oui "
* aprés la suppression(s) de ou des infections trouvées --> poste le rapport ici
!!! Ne pas vider la quarantaine de MBAM sans avis !!!

@+
Voilà, il a enfin terminé. Alors apparemment toutes les infections détectés n'ont pu être supprimé. Je post deux rapports, celui d'avant la suppression et celui d'après. Attention, c'est long.

Avant :

Malwarebytes' Anti-Malware 1.51.0.1200 
www.malwarebytes.org 

Version de la base de données: 6827 

Windows 6.0.6002 Service Pack 2 
Internet Explorer 8.0.6001.19048 

10/06/2011 21:57:04 
MBAM.txt 

Type d'examen: Examen complet (C:\|D:\|E:\|F:\|) 
Elément(s) analysé(s): 509855 
Temps écoulé: 4 heure(s), 52 minute(s), 21 seconde(s) 

Processus mémoire infecté(s): 2 
Module(s) mémoire infecté(s): 3 
Clé(s) du Registre infectée(s): 126 
Valeur(s) du Registre infectée(s): 13 
Elément(s) de données du Registre infecté(s): 0 
Dossier(s) infecté(s): 13 
Fichier(s) infecté(s): 72 

Processus mémoire infecté(s): 
c:\program files\mywebsearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> 3916 -> No action taken. 
c:\program files\mywebsearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> 2384 -> No action taken. 

Module(s) mémoire infecté(s): 
c:\program files\mywebsearch\bar\1.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> No action taken. 

Clé(s) du Registre infectée(s): 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken. 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken. 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken. 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken. 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken. 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken. 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken. 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin.1 (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin (Adware.MyWebSearch) -> No action taken. 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager.1 (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\FunWebProducts.DataControl.1 (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\FunWebProducts.DataControl (Adware.MyWebSearch) -> No action taken. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2 (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu (Adware.MyWebSearch) -> No action taken. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> No action taken. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl.1 (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl (Adware.MyWebSearch) -> No action taken. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin (Adware.MyWebSearch) -> No action taken. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton.1 (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch) -> No action taken. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch) -> No action taken. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager.1 (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler.1 (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar.1 (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin.1 (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin (Adware.MyWebSearch) -> No action taken. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> No action taken. 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken. 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> No action taken. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> No action taken. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> No action taken. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> No action taken. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> No action taken. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> No action taken. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> No action taken. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> No action taken. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> No action taken. 
HKEY_CLASSES_ROOT\CLSID\{67FA02C4-AB30-4e77-A640-78EE8EC8673B} (Adware.MyWebSearch) -> No action taken. 
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken. 
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken. 
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken. 
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> No action taken. 
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken. 

Valeur(s) du Registre infectée(s): 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\My Web Search Bar Search Scope Monitor (Adware.MyWebSearch) -> Value: My Web Search Bar Search Scope Monitor -> No action taken. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Email Plugin -> No action taken. 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Email Plugin -> No action taken. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Plugin -> No action taken. 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44CF-8957-5838F569A31D} -> No action taken. 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> No action taken. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> No action taken. 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> No action taken. 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44cf-8957-5838F569A31D} -> No action taken. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> No action taken. 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Value: (default) -> No action taken. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> No action taken. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> No action taken. 

Elément(s) de données du Registre infecté(s): 
(Aucun élément nuisible détecté) 

Dossier(s) infecté(s): 
c:\program files\funwebproducts (Adware.MyWebSearch) -> No action taken. 
c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> No action taken. 
c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\Avatar (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\Game (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\icons (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\Message (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\Notifier (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> No action taken. 

Fichier(s) infecté(s): 
c:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\1.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> No action taken. 
c:\program files\mozilla firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\1.bin\F3PSSAVR.SCR (PUP.FunWebProducts) -> No action taken. 
c:\program files\mywebsearch\bar\1.bin\F3REGHK.DLL (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\1.bin\F3RESTUB.DLL (PUP.FunWebProducts) -> No action taken. 
c:\program files\mywebsearch\bar\1.bin\F3SCHMON.EXE (PUP.FunWebProducts) -> No action taken. 
c:\program files\mywebsearch\bar\1.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\1.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\1.bin\M3PATCH.DLL (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> No action taken. 
c:\program files\windows live\messenger\riched20.dll (PUP.FunWebProducts) -> No action taken. 
c:\Users\Roméo\AppData\Local\Temp\tmpB7F2.tmp (Trojan.FakeAlert) -> No action taken. 
c:\Users\Roméo\Music\Guitar\GP\guitar pro 5.2\guitar pro keygen.exe (RiskWare.Tool.CK) -> No action taken. 
c:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> No action taken. 
c:\program files\mywebsearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\1.bin\m3ffxtbr.manifest (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\1.bin\m3ntstbr.manifest (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> No action taken. 
c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> No action taken.



Après :

Malwarebytes' Anti-Malware 1.51.0.1200 
www.malwarebytes.org 

Version de la base de données: 6827 

Windows 6.0.6002 Service Pack 2 
Internet Explorer 8.0.6001.19048 

10/06/2011 21:57:38 
mbam-log-2011-06-10 (21-57-38).txt 

Type d'examen: Examen complet (C:\|D:\|E:\|F:\|) 
Elément(s) analysé(s): 509855 
Temps écoulé: 4 heure(s), 52 minute(s), 21 seconde(s) 

Processus mémoire infecté(s): 2 
Module(s) mémoire infecté(s): 3 
Clé(s) du Registre infectée(s): 126 
Valeur(s) du Registre infectée(s): 13 
Elément(s) de données du Registre infecté(s): 0 
Dossier(s) infecté(s): 13 
Fichier(s) infecté(s): 72 

Processus mémoire infecté(s): 
c:\program files\mywebsearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> 3916 -> Unloaded process successfully. 
c:\program files\mywebsearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> 2384 -> Unloaded process successfully. 

Module(s) mémoire infecté(s): 
c:\program files\mywebsearch\bar\1.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Delete on reboot. 
c:\program files\mywebsearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot. 
c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Delete on reboot. 

Clé(s) du Registre infectée(s): 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\FunWebProducts.DataControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\FunWebProducts.DataControl (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully. 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CLASSES_ROOT\CLSID\{67FA02C4-AB30-4e77-A640-78EE8EC8673B} (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. 

Valeur(s) du Registre infectée(s): 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\My Web Search Bar Search Scope Monitor (Adware.MyWebSearch) -> Value: My Web Search Bar Search Scope Monitor -> Quarantined and deleted successfully. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Email Plugin -> Quarantined and deleted successfully. 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Email Plugin -> Quarantined and deleted successfully. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Plugin -> Quarantined and deleted successfully. 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44CF-8957-5838F569A31D} -> Quarantined and deleted successfully. 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully. 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully. 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44cf-8957-5838F569A31D} -> Quarantined and deleted successfully. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully. 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Value: (default) -> Quarantined and deleted successfully. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> Quarantined and deleted successfully. 

Elément(s) de données du Registre infecté(s): 
(Aucun élément nuisible détecté) 

Dossier(s) infecté(s): 
c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch (Adware.MyWebSearch) -> Delete on reboot. 
c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Delete on reboot. 
c:\program files\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> Delete on reboot. 
c:\program files\mywebsearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully. 

Fichier(s) infecté(s): 
c:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Delete on reboot. 
c:\program files\mywebsearch\bar\1.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Delete on reboot. 
c:\program files\mywebsearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot. 
c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Delete on reboot. 
c:\program files\mywebsearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mozilla firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\1.bin\F3PSSAVR.SCR (PUP.FunWebProducts) -> Not selected for removal. 
c:\program files\mywebsearch\bar\1.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\1.bin\F3RESTUB.DLL (PUP.FunWebProducts) -> Not selected for removal. 
c:\program files\mywebsearch\bar\1.bin\F3SCHMON.EXE (PUP.FunWebProducts) -> Not selected for removal. 
c:\program files\mywebsearch\bar\1.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\1.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\1.bin\M3PATCH.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\windows live\messenger\riched20.dll (PUP.FunWebProducts) -> Not selected for removal. 
c:\Users\Roméo\AppData\Local\Temp\tmpB7F2.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. 
c:\Users\Roméo\Music\Guitar\GP\guitar pro 5.2\guitar pro keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully. 
c:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> Not selected for removal. 
c:\program files\mywebsearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\1.bin\m3ffxtbr.manifest (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\1.bin\m3ntstbr.manifest (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. 
c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.




A+
Re,

C'est quoi toutes ces infections ? :o

1/
Not selected for removal: il y'a des infections (des lignes)

qui ne sont pas sélectionnées pour la suppression.

Redémarre ton PC, relance Malwarebytes, vide la quarentaine puis fais une autre analyse pour s'assurer qu'il n'existe pas d'autres infections, puis poste le rapport

2/

Nous allons effectuer un diagnostic de ton PC:

*Télécharge ZHPDiag sur ton bureau :

https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
ou :
http://www.premiumorange.com/zeb-help-process/zhpdiag.html

* Laisse toi guider lors de l'installation,coche "Ajouter une icône sur le bureau" et décoche la case "Exécuter ZHPDiag"

/!\Utilisateur de Vista et Seven : Clique droit sur le logo de ZHPdiag, « exécuter en tant qu'Administrateur »

* Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
* Héberge le rapport ZHPDiag.txt sur un des sites ci dessous, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum :
http://pjjoint.malekal.com/

Si indisponible:
http://www.cijoint.fr/

* Tuto zhpdiag :
http://www.premiumorange.com/zeb-help-process/zhpdiag.html


Hébergement de rapport sur pjjoint.malekal.com

* Rends toi sur http://pjjoint.malekal.com/
* Clique sur le bouton Parcourir
* Sélectionne le fichier que tu veux heberger et clique sur Ouvrir
*Clique sur le bouton Envoyer
* Un message de confirmation s'affiche, copie le lien dans ta prochaine réponse.



-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
Membre, Contributeur

-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
Alors j'ai fait deux analyses avec Malwarebytes (mon ordi à coupé à la fin de la première, je ne savais donc pas si les dossiers infectés avaient été supprimé).

Je te donne d'abord le rapporti de hier, où deux infections avaient été détectés, puis celui d'aujourd'hui, où tout est nickel.

Hier :

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Version de la base de données: 6830

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

11/06/2011 06:01:57
mbam-log-2011-06-11 (06-01-57).txt

Type d'examen: Examen complet (C:\|D:\|F:\|)
Elément(s) analysé(s): 503591
Temps écoulé: 5 heure(s), 35 minute(s), 16 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\program files\windows live\messenger\riched20.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> Quarantined and deleted successfully.


Aujourd'hui :


Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Version de la base de données: 6830

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

11/06/2011 17:44:17
mbam-log-2011-06-11 (17-44-17).txt

Type d'examen: Examen complet (C:\|D:\|F:\|)
Elément(s) analysé(s): 504225
Temps écoulé: 4 heure(s), 14 minute(s), 23 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)



Enfin, voici le lien pour le document ZHP :

http://pjjoint.malekal.com/files.php?id=2328888f3710116

Re,

Il existe encore des infections !

1/
* Télécharge de AD-Remover sur ton Bureau.
http://www.teamxscript.org/adremoverTelechargement.html

/!\ Ferme toutes applications en cours /!\

- Double-clique sur l'icône Ad-remover située sur ton Bureau.
- Sur la page, clique sur le bouton « Nettoyer »
- Confirme lancement du scan
- Laisse travailler l'outil.
- Poste le rapport qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-report(Scan/clean).Txt)

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour c
Re,

Et voilà le rapport d'AD-R

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [2]) -> Lancé à 20:03:28 le 11/06/2011, Mode normal

Microsoft® Windows Vista(TM) Édition Familiale Premium  Service Pack 2 (X86) 
Roméo@DIAVOLO (Packard Bell BV EasyNote_ST86-M-020FR) 
 
============== ACTION(S) ==============


Dossier supprimé: C:\Users\Roméo\AppData\LocalLow\FunWebProducts
Dossier supprimé: C:\Users\Roméo\AppData\LocalLow\MyWebSearch
Dossier supprimé: C:\Users\Roméo\AppData\LocalLow\pdfforge
Dossier supprimé: C:\Program Files\pdfforge Toolbar
Dossier supprimé: C:\Users\Roméo\AppData\LocalLow\Search Settings
Dossier supprimé: C:\Users\Roméo\AppData\LocalLow\vShare
Dossier supprimé: C:\Program Files\vShare
Dossier supprimé: C:\Program Files\iMesh Applications

(!) -- Fichiers temporaires supprimés.


Clé supprimée: HKLM\Software\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Clé supprimée: HKLM\Software\Classes\CLSID\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Clé supprimée: HKLM\Software\Classes\CLSID\{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484}
Clé supprimée: HKLM\Software\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Clé supprimée: HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Clé supprimée: HKLM\Software\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Clé supprimée: HKLM\Software\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Clé supprimée: HKLM\Software\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Clé supprimée: HKLM\Software\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}
Clé supprimée: HKLM\Software\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Clé supprimée: HKLM\Software\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Clé supprimée: HKLM\Software\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Clé supprimée: HKLM\Software\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Clé supprimée: HKLM\Software\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Clé supprimée: HKLM\Software\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Clé supprimée: HKLM\Software\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Clé supprimée: HKLM\Software\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Clé supprimée: HKLM\Software\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Clé supprimée: HKLM\Software\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Clé supprimée: HKLM\Software\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Clé supprimée: HKLM\Software\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Clé supprimée: HKLM\Software\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Clé supprimée: HKLM\Software\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Clé supprimée: HKLM\Software\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Clé supprimée: HKLM\Software\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Clé supprimée: HKLM\Software\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Clé supprimée: HKLM\Software\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Clé supprimée: HKLM\Software\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Clé supprimée: HKLM\Software\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Clé supprimée: HKLM\Software\Classes\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}
Clé supprimée: HKLM\Software\Classes\vShare.IMedixProtocol
Clé supprimée: HKLM\Software\Classes\vShare.IMedixProtocol.1
Clé supprimée: HKLM\Software\Classes\vShare.PugiObj
Clé supprimée: HKLM\Software\Classes\vShare.PugiObj.1
Clé supprimée: HKLM\Software\Classes\vShare.ScriptHelpers
Clé supprimée: HKLM\Software\Classes\vShare.ScriptHelpers.1
Clé supprimée: HKLM\Software\pdfforge
Clé supprimée: HKLM\Software\Search Settings
Clé supprimée: HKCU\Software\iMesh
Clé supprimée: HKCU\Software\Search Settings
Clé supprimée: HKCU\Software\vShare
Clé supprimée: HKCU\Software\AppDataLow\Software\Fun Web Products
Clé supprimée: HKCU\Software\AppDataLow\Software\FunWebProducts
Clé supprimée: HKCU\Software\AppDataLow\Software\MyWebSearch
Clé supprimée: HKCU\Software\AppDataLow\Software\pdfforge
Clé supprimée: HKLM\Software\Classes\Installer\Products\A6EB8FE4C9986914497E92C7F5A702E3
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A6EB8FE4C9986914497E92C7F5A702E3
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4EF8BE6A-899C-4196-94E7-297C5F7A203E}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyWebSearch bar Uninstall
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\vShare
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4EF8BE6A-899C-4196-94E7-297C5F7A203E}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\vShare
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Clé supprimée: HKLM\Software\Classes\PROTOCOLS\Handler\vsharechrome

Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SearchSettings
Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{B922D405-6D13-4A2B-AE89-08A030DA4402}
Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{043C5167-00BB-4324-AF7E-62013FAEDACF}
Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{043C5167-00BB-4324-AF7E-62013FAEDACF}


============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [4.0.1 (fr)] ****

HKLM_MozillaPlugins\@pandonetworks.com/PandoWebPlugin (x)
HKCU_MozillaPlugins\pandonetworks.com/PandoWebPlugin (x)
Searchplugins\bing.xml (    hxxp://www.bing.com/search)
Components\browsercomps.dll (Mozilla Foundation)
HKCU_Extensions|{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a} - C:\Users\Roméo\Program Files\DNA

-- C:\Users\Roméo\AppData\Roaming\Mozilla\FireFox\Profiles\e4fen5na.default --
Prefs.js - browser.download.lastDir, C:\\Users\\Roméo\\Desktop
Prefs.js - browser.startup.homepage_override.buildID, 20110413222027
Prefs.js - browser.startup.homepage_override.mstone, rv:2.0.1

========================================

**** Internet Explorer Version [8.0.6001.19048] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_URLSearchHooks|{AEEC3B59-CA98-4EBA-A140-57B94E283583} (x)
HKCU_URLSearchHooks|{08C06D61-F1F3-4799-86F8-BE1A89362C85} - "Search Class" (C:\Program Files\Orange\Connexion Internet Orange\SearchURLHook\SearchPageURL.dll)
HKCU_SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E} - "Google Desktop" (hxxp://127.0.0.1:4664/search&s=aJmmhWhS9JeiI347JVKpEP0n8xc?q={searchTerms})
HKCU_Toolbar\WebBrowser|{D3028143-6145-4318-99D3-3EDCE54A95A9} (C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000315.dll)
HKLM_Toolbar|{D3028143-6145-4318-99D3-3EDCE54A95A9} (C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000315.dll)
HKLM_Toolbar|{8dcb7100-df86-4384-8842-8fa844297b3f} (C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll)
HKCU_ElevationPolicy\{6052BF20-EA23-4A04-B3C1-A20EFE01A95A} - C:\Program Files\Veetle\Player\vtl_hfs.exe (?)
HKCU_ElevationPolicy\{680FA47E-AB59-46BE-B594-7358726E108B} - C:\Program Files\Veetle\Player\player.exe (?)
HKCU_ElevationPolicy\{6BCACB3E-180D-45CF-A083-5756B714EB02} - C:\Program Files\Orange\Connexion Internet Orange\Launcher\Launcher.exe (France Telecom SA)
HKCU_ElevationPolicy\{E8BC6C2B-DD90-4397-96EB-2AAF0E48ABE6} - C:\Program Files\Veetle\Player\vtl_hfax.exe (?)
HKLM_ElevationPolicy\{442E3CEB-D71B-11DA-8750-001185653D78} - c:\program files\google\googletoolbar1user.exe (x)
HKLM_ElevationPolicy\{6052BF20-EA23-4A04-B3C1-A20EFE01A95A} - C:\Program Files\Veetle\Player\vtl_hfs.exe (?)
HKLM_ElevationPolicy\{680FA47E-AB59-46BE-B594-7358726E108B} - C:\Program Files\Veetle\Player\player.exe (?)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{74351F14-5437-4d87-805B-04D409B09976} - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
HKLM_ElevationPolicy\{E8BC6C2B-DD90-4397-96EB-2AAF0E48ABE6} - C:\Program Files\Veetle\Player\vtl_hfax.exe (?)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 217 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 16 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 11/06/2011 20:01:51 (480 Octet(s)) 
C:\Ad-Report-CLEAN[2].txt - 11/06/2011 20:03:31 (11318 Octet(s)) 

Fin à: 20:09:25, 11/06/2011 
 
============== E.O.F ============== 

Re,
1/
Télécharge ZHPFixScript.txt sur ton bureau depuis ce lien :
http://www.cijoint.fr/cjlink.php?file=cj201106/cijdiCfKsM.txt
Lance ZHPFix et clique sur le H (coller les lignes helpers)
Fait un glisser/déposer de ZHPFixScript.txt dans ZHPFix
Clique sur le bouton GO
Héberge le rapport et donne le lien

2/
* Télécharge load_tdsskiller (de Loup Blanc) sur ton Bureau

http://fradesch.perso.cegetel.net/transf/Load_tdsskiller.exe

* Lance load_tdsskiller en faisant un double-clic dessus / Lance par un clic-droit dessus ? Exécuter en temps qu'administrateur
* L'outil va se connecter pour télécharger une copie à jour de TDSSKiller, puis va lancer une analyse
* Lorsque l'outil a terminé son travail d'inspection, si des nuisibles ("Malicious objects") ont été trouvés, vérifier que l'option (Cure) est sélectionnée,
* Si des objects suspects ("Suspicious objects") ont été détectés, sur l'écran de demande de confirmation, modifier l'action à entreprendre et indiquer Quarantine (au lieu de Skip),
* A la fin, il te sera demandé d'appuyer sur une touche, puis le rapport s'affichera automatiquement : copie-colle son contenu dans ta prochaine réponse (C:\tdsskiller\report.txt)

3/
J'attend les 2 rapports :)


@+
Re,

1/ Voici le rapport ZHPFix :

http://pjjoint.malekal.com/files.php?id=fd3e525e2115137


2/ Rapport de TdssKiller. Là par contre j'ai un peu de mal. Il a détecté un "Souspicious objects", je l'ai mis en quarantaine, mais si je relance le scan, il détecte à nouveau cet objet, alors qu'il est censé "être en quarantaine". C'est normal?
Ah et, à la fin j'ai pas du appuyer sur une touche. Enfin je pense pas que ce soit d'une grande importance mais sait-on jamais.


2011/06/11 22:25:57.0168 1312	TDSS rootkit removing tool 2.5.4.0 Jun  7 2011 17:31:48
2011/06/11 22:25:57.0619 1312	================================================================================
2011/06/11 22:25:57.0619 1312	SystemInfo:
2011/06/11 22:25:57.0619 1312	
2011/06/11 22:25:57.0619 1312	OS Version: 6.0.6002 ServicePack: 2.0
2011/06/11 22:25:57.0619 1312	Product type: Workstation
2011/06/11 22:25:57.0619 1312	ComputerName: DIAVOLO
2011/06/11 22:25:57.0619 1312	UserName: *****
2011/06/11 22:25:57.0619 1312	Windows directory: C:\Windows
2011/06/11 22:25:57.0619 1312	System windows directory: C:\Windows
2011/06/11 22:25:57.0619 1312	Processor architecture: Intel x86
2011/06/11 22:25:57.0619 1312	Number of processors: 2
2011/06/11 22:25:57.0619 1312	Page size: 0x1000
2011/06/11 22:25:57.0619 1312	Boot type: Normal boot
2011/06/11 22:25:57.0619 1312	================================================================================
2011/06/11 22:25:58.0205 1312	Initialize success
2011/06/11 22:26:44.0496 5956	================================================================================
2011/06/11 22:26:44.0496 5956	Scan started
2011/06/11 22:26:44.0496 5956	Mode: Manual; 
2011/06/11 22:26:44.0496 5956	================================================================================
2011/06/11 22:26:45.0116 5956	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/06/11 22:26:45.0370 5956	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/06/11 22:26:45.0551 5956	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/06/11 22:26:45.0807 5956	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/06/11 22:26:46.0050 5956	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/06/11 22:26:46.0130 5956	AFD             (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/06/11 22:26:46.0258 5956	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/06/11 22:26:46.0460 5956	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/11 22:26:46.0508 5956	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/06/11 22:26:46.0531 5956	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/06/11 22:26:46.0557 5956	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/06/11 22:26:46.0586 5956	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/06/11 22:26:47.0002 5956	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/06/11 22:26:47.0134 5956	amdkmdag        (4b8d3a9c16ad7be14f0cadb47041c0bc) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/11 22:26:47.0589 5956	amdkmdap        (f4f36314185d7fede419d12b188a6f3e) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/06/11 22:26:47.0994 5956	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/06/11 22:26:48.0107 5956	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/06/11 22:26:48.0368 5956	aswFsBlk        (b4079a98f294a3e262872cb76f4849f0) C:\Windows\system32\DRIVERS\aswFsBlk.sys
2011/06/11 22:26:48.0536 5956	aswMonFlt       (e2851cb7dbb831888eaea46c55c05e44) C:\Windows\system32\DRIVERS\aswMonFlt.sys
2011/06/11 22:26:48.0559 5956	aswRdr          (8080d683489c99cbace813f6fa4069cc) C:\Windows\system32\drivers\aswRdr.sys
2011/06/11 22:26:48.0609 5956	aswSP           (2e5a2ad5004b55df39b7606130a88142) C:\Windows\system32\drivers\aswSP.sys
2011/06/11 22:26:48.0665 5956	aswTdi          (d4c83a37efadfa2c398362e0776e3773) C:\Windows\system32\drivers\aswTdi.sys
2011/06/11 22:26:48.0751 5956	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/11 22:26:48.0811 5956	atapi           (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/06/11 22:26:49.0555 5956	atikmdag        (4b8d3a9c16ad7be14f0cadb47041c0bc) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/11 22:26:49.0679 5956	atksgt          (f9c24d25d9ff29f894995a64812b4d85) C:\Windows\system32\DRIVERS\atksgt.sys
2011/06/11 22:26:49.0915 5956	avgntflt        (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/06/11 22:26:49.0962 5956	avipbb          (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/06/11 22:26:50.0016 5956	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/06/11 22:26:50.0056 5956	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/06/11 22:26:50.0098 5956	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/11 22:26:50.0142 5956	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/11 22:26:50.0164 5956	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/11 22:26:50.0200 5956	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/11 22:26:50.0232 5956	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/11 22:26:50.0264 5956	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/11 22:26:50.0289 5956	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/11 22:26:50.0328 5956	BthEnum         (da7b195275bda7f8fcf79b40e0f45dde) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/06/11 22:26:50.0363 5956	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/06/11 22:26:50.0513 5956	BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/06/11 22:26:50.0563 5956	BTHPORT         (73d53f8e90550ba81e2cf44a0873b410) C:\Windows\system32\Drivers\BTHport.sys
2011/06/11 22:26:50.0646 5956	BTHUSB          (32045a4bb143bbc5bab1298c4e9e309a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/06/11 22:26:50.0761 5956	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/11 22:26:50.0850 5956	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/11 22:26:51.0009 5956	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/11 22:26:51.0051 5956	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/06/11 22:26:51.0360 5956	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/11 22:26:51.0444 5956	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/06/11 22:26:51.0475 5956	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/11 22:26:51.0532 5956	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/06/11 22:26:51.0565 5956	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/06/11 22:26:51.0668 5956	DfsC            (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/06/11 22:26:51.0765 5956	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/06/11 22:26:51.0957 5956	driverhardwarev2 (d6b4a21e29d006359446fb95905b7267) C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
2011/06/11 22:26:52.0064 5956	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/06/11 22:26:52.0122 5956	dualshock3      (53c381fb643dcfdf664cf58338815fa2) C:\Windows\system32\DRIVERS\dualshock3.sys
2011/06/11 22:26:52.0214 5956	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/11 22:26:52.0256 5956	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/11 22:26:52.0505 5956	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/06/11 22:26:52.0787 5956	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/06/11 22:26:53.0014 5956	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/06/11 22:26:53.0108 5956	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/06/11 22:26:53.0310 5956	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/06/11 22:26:53.0383 5956	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/11 22:26:53.0438 5956	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/06/11 22:26:53.0486 5956	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/06/11 22:26:53.0508 5956	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/11 22:26:53.0596 5956	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/06/11 22:26:53.0722 5956	fssfltr         (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/06/11 22:26:53.0771 5956	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/11 22:26:53.0824 5956	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/11 22:26:53.0850 5956	GEARAspiWDM     (f2f431d1573ee632975c524418655b84) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/11 22:26:53.0966 5956	hamachi         (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
2011/06/11 22:26:54.0054 5956	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/06/11 22:26:54.0155 5956	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/11 22:26:54.0225 5956	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/11 22:26:54.0284 5956	HidIr           (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/11 22:26:54.0335 5956	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/11 22:26:54.0386 5956	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/06/11 22:26:54.0436 5956	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/06/11 22:26:54.0488 5956	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/06/11 22:26:54.0600 5956	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/11 22:26:54.0783 5956	iaStor          (80c633722da72e97f3f5b3b11325696d) C:\Windows\system32\DRIVERS\iaStor.sys
2011/06/11 22:26:55.0003 5956	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/06/11 22:26:55.0286 5956	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/11 22:26:55.0476 5956	IntcAzAudAddService (23ebcee9aaa4d6c88728791fab462456) C:\Windows\system32\drivers\RTKVHDA.sys
2011/06/11 22:26:55.0719 5956	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/06/11 22:26:55.0812 5956	intelkmd        (8dad27dd28a4274866767c89c0bf154f) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/06/11 22:26:55.0985 5956	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/11 22:26:56.0132 5956	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/11 22:26:56.0218 5956	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/11 22:26:56.0310 5956	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/11 22:26:56.0368 5956	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/06/11 22:26:56.0399 5956	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/06/11 22:26:56.0439 5956	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/11 22:26:56.0467 5956	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/11 22:26:56.0519 5956	itecir          (8bcd857c7932ad005d5f9c89329da2e1) C:\Windows\system32\DRIVERS\itecir.sys
2011/06/11 22:26:56.0574 5956	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/11 22:26:56.0600 5956	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/11 22:26:56.0644 5956	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/11 22:26:56.0735 5956	KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/11 22:26:56.0895 5956	libusb0         (e2f1dcf4a68cc6cf694fbfba1842f4cd) C:\Windows\system32\drivers\libusb0.sys
2011/06/11 22:26:56.0953 5956	lirsgt          (8ccf9ed46d52af1375875f74a91ffacf) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/06/11 22:26:56.0994 5956	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/11 22:26:57.0081 5956	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/11 22:26:57.0109 5956	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/11 22:26:57.0217 5956	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/11 22:26:57.0249 5956	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/06/11 22:26:57.0436 5956	MBAMProtector   (3d2c13377763eeac0ca6fb46f57217ed) C:\Windows\system32\drivers\mbam.sys
2011/06/11 22:26:57.0566 5956	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/06/11 22:26:57.0620 5956	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/06/11 22:26:57.0655 5956	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/06/11 22:26:57.0680 5956	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/11 22:26:57.0701 5956	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/11 22:26:57.0721 5956	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/11 22:26:57.0765 5956	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/06/11 22:26:57.0802 5956	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/06/11 22:26:57.0836 5956	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/11 22:26:57.0894 5956	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/11 22:26:57.0943 5956	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/11 22:26:57.0986 5956	mrxsmb          (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/11 22:26:58.0038 5956	mrxsmb10        (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/11 22:26:58.0073 5956	mrxsmb20        (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/11 22:26:58.0133 5956	msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/06/11 22:26:58.0173 5956	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/06/11 22:26:58.0409 5956	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/06/11 22:26:58.0530 5956	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/06/11 22:26:58.0631 5956	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/11 22:26:58.0771 5956	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/11 22:26:58.0844 5956	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/06/11 22:26:58.0895 5956	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/06/11 22:26:58.0922 5956	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/11 22:26:59.0018 5956	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/06/11 22:26:59.0062 5956	MTsensor        (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
2011/06/11 22:26:59.0106 5956	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/06/11 22:26:59.0296 5956	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/11 22:26:59.0384 5956	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/06/11 22:26:59.0413 5956	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/11 22:26:59.0443 5956	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/11 22:26:59.0498 5956	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/11 22:26:59.0529 5956	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/06/11 22:26:59.0615 5956	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/11 22:26:59.0658 5956	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/11 22:27:00.0985 5956	NETw5v32        (9ca26dccf0b84a6ff2b54fbb2a94520b) C:\Windows\system32\DRIVERS\NETw5v32.sys
2011/06/11 22:27:01.0177 5956	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/11 22:27:01.0244 5956	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/06/11 22:27:01.0301 5956	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/11 22:27:01.0518 5956	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/06/11 22:27:01.0619 5956	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/11 22:27:01.0649 5956	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/06/11 22:27:01.0676 5956	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/06/11 22:27:01.0760 5956	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/06/11 22:27:01.0838 5956	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/06/11 22:27:01.0973 5956	ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/11 22:27:02.0102 5956	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/06/11 22:27:02.0154 5956	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/06/11 22:27:02.0188 5956	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/06/11 22:27:02.0222 5956	PCAMp50         (1bf91f352d746ad7469fa71783b5fae8) C:\Windows\system32\Drivers\PCAMp50.sys
2011/06/11 22:27:02.0248 5956	PCASp50         (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\Drivers\PCASp50.sys
2011/06/11 22:27:02.0341 5956	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/06/11 22:27:02.0373 5956	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/06/11 22:27:02.0402 5956	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/06/11 22:27:02.0458 5956	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/11 22:27:02.0605 5956	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/11 22:27:02.0712 5956	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/06/11 22:27:02.0791 5956	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/11 22:27:02.0819 5956	PxHelp20        (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
2011/06/11 22:27:02.0878 5956	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/06/11 22:27:03.0037 5956	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/11 22:27:03.0089 5956	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/11 22:27:03.0126 5956	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/11 22:27:03.0152 5956	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/11 22:27:03.0200 5956	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/11 22:27:03.0241 5956	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/11 22:27:03.0283 5956	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/11 22:27:03.0333 5956	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/11 22:27:03.0375 5956	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/06/11 22:27:03.0400 5956	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/11 22:27:03.0479 5956	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/06/11 22:27:03.0584 5956	RFCOMM          (34cc78c06587718c2ad6d3aa83b1f072) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/06/11 22:27:03.0630 5956	rimmptsk        (a5b12a4b3b774432db9b9fa221190e59) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/06/11 22:27:03.0678 5956	rimsptsk        (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/06/11 22:27:03.0710 5956	rismxdp         (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/06/11 22:27:03.0773 5956	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/11 22:27:03.0822 5956	RTHDMIAzAudService (2c94e7fe7499c5a12cdd9ade0559e929) C:\Windows\system32\drivers\RtHDMIV.sys
2011/06/11 22:27:03.0873 5956	RTL8169         (2fc33077f85d7dc0d03678c06d43898c) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/06/11 22:27:03.0943 5956	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/11 22:27:04.0049 5956	sdbus           (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/06/11 22:27:04.0175 5956	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/11 22:27:04.0228 5956	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/06/11 22:27:04.0258 5956	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/06/11 22:27:04.0292 5956	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/06/11 22:27:04.0530 5956	sfdrv01         (b7018644e132a8dfb12ed90106e06739) C:\Windows\system32\drivers\sfdrv01.sys
2011/06/11 22:27:04.0610 5956	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/06/11 22:27:04.0654 5956	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/11 22:27:04.0709 5956	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/11 22:27:04.0807 5956	sfhlp02         (daad4c099ebf5094d32c373ac1ac0f3c) C:\Windows\system32\drivers\sfhlp02.sys
2011/06/11 22:27:04.0834 5956	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/06/11 22:27:04.0873 5956	sfsync04        (755c933969a81d119106097aa466715d) C:\Windows\system32\drivers\sfsync04.sys
2011/06/11 22:27:04.0930 5956	sfvfs02         (197cef62eb4bc043e1578529fa2b9a48) C:\Windows\system32\drivers\sfvfs02.sys
2011/06/11 22:27:04.0997 5956	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/06/11 22:27:05.0060 5956	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/06/11 22:27:05.0123 5956	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/06/11 22:27:05.0202 5956	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/06/11 22:27:05.0422 5956	SNP2UVC         (0302bc619d4a723317e7f8eb0c362bd3) C:\Windows\system32\DRIVERS\snp2uvc.sys
2011/06/11 22:27:05.0554 5956	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/06/11 22:27:05.0625 5956	sptd            (a80cd850d69d996c832bea37e3a6aa1e) C:\Windows\system32\Drivers\sptd.sys
2011/06/11 22:27:05.0625 5956	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: a80cd850d69d996c832bea37e3a6aa1e
2011/06/11 22:27:05.0631 5956	sptd - detected LockedFile.Multi.Generic (1)
2011/06/11 22:27:08.0118 5956	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/06/11 22:27:08.0334 5956	srv2            (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/11 22:27:08.0441 5956	srvnet          (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/11 22:27:08.0642 5956	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/06/11 22:27:08.0737 5956	StillCam        (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
2011/06/11 22:27:08.0837 5956	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/11 22:27:08.0929 5956	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/11 22:27:09.0002 5956	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/11 22:27:09.0857 5956	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/11 22:27:10.0009 5956	SynTP           (49de397db345d9ee5373c9b99afe5d78) C:\Windows\system32\DRIVERS\SynTP.sys
2011/06/11 22:27:10.0155 5956	Tcpip           (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/06/11 22:27:10.0276 5956	Tcpip6          (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/11 22:27:10.0403 5956	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/11 22:27:10.0536 5956	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/06/11 22:27:10.0611 5956	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/06/11 22:27:10.0669 5956	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/11 22:27:10.0709 5956	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/11 22:27:10.0797 5956	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/11 22:27:11.0169 5956	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/11 22:27:11.0427 5956	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/11 22:27:11.0535 5956	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/06/11 22:27:11.0611 5956	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/11 22:27:11.0708 5956	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/11 22:27:11.0746 5956	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/06/11 22:27:11.0779 5956	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/11 22:27:11.0802 5956	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/11 22:27:11.0824 5956	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/11 22:27:11.0943 5956	UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
2011/06/11 22:27:12.0062 5956	USBAAPL         (60a68a5ea173a97971ee9f1ff49eb2b3) C:\Windows\system32\Drivers\usbaapl.sys
2011/06/11 22:27:12.0140 5956	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/11 22:27:12.0171 5956	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/11 22:27:12.0214 5956	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/11 22:27:12.0283 5956	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/11 22:27:12.0318 5956	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/06/11 22:27:12.0366 5956	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/11 22:27:12.0405 5956	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/11 22:27:12.0447 5956	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/11 22:27:12.0468 5956	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/11 22:27:12.0518 5956	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/06/11 22:27:12.0563 5956	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/11 22:27:12.0589 5956	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/06/11 22:27:12.0617 5956	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/06/11 22:27:12.0648 5956	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/06/11 22:27:12.0678 5956	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/06/11 22:27:12.0708 5956	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/06/11 22:27:12.0990 5956	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/06/11 22:27:13.0055 5956	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/06/11 22:27:13.0093 5956	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/06/11 22:27:13.0204 5956	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/11 22:27:13.0371 5956	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/11 22:27:13.0423 5956	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/11 22:27:13.0483 5956	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/06/11 22:27:13.0524 5956	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/11 22:27:13.0719 5956	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/06/11 22:27:13.0868 5956	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/06/11 22:27:13.0986 5956	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/11 22:27:14.0165 5956	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/11 22:27:14.0229 5956	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/06/11 22:27:14.0242 5956	================================================================================
2011/06/11 22:27:14.0242 5956	Scan finished
2011/06/11 22:27:14.0242 5956	================================================================================
2011/06/11 22:27:14.0255 4076	Detected object count: 1
2011/06/11 22:27:14.0255 4076	Actual detected object count: 1
2011/06/11 22:27:39.0975 4076	sptd            (a80cd850d69d996c832bea37e3a6aa1e) C:\Windows\system32\Drivers\sptd.sys
2011/06/11 22:27:39.0975 4076	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: a80cd850d69d996c832bea37e3a6aa1e
2011/06/11 22:27:39.0989 4076	C:\Windows\system32\Drivers\sptd.sys - copied to quarantine
2011/06/11 22:27:39.0990 4076	LockedFile.Multi.Generic(sptd) - User select action: Quarantine 
2011/06/11 22:27:58.0652 5096	Deinitialize success
Re,
1/
Copie tout le texte présent ci-dessous ( tu le selectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C )


R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} . (.Spigot, Inc. - Search Settings IE.) (1, 2, 2, 2) -- C:\Program Files\pdfforge Toolbar\SearchSettings.dll    => Infection BT (Adware.WidgiToolbar) 
O2 - BHO: vShare Toolbar - {043C5167-00BB-4324-AF7E-62013FAEDACF} . (...) -- C:\Program Files\vShare\vshare_toolbar.dll    => Infection BT (Parasite.Pugi) 
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} . (.Spigot, Inc. - Widgi Toolbar for Internet Explorer.) -- C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll    => Infection BT (Adware.WidgiToolbar) 
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} . (.Spigot, Inc. - Search Settings IE.) -- C:\Program Files\pdfforge Toolbar\SearchSettings.dll    => Infection BT (Adware.WidgiToolbar) 
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} . (.Spigot, Inc. - Widgi Toolbar for Internet Explorer.) -- C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll    => Infection BT (Adware.WidgiToolbar) 
O3 - Toolbar: vShare Toolbar - {043C5167-00BB-4324-AF7E-62013FAEDACF} . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\vShare\vshare_toolbar.dll    => Infection BT (Parasite.Pugi) 
O4 - HKLM\..\Run: [SearchSettings] . (.Spigot, Inc. - Search Settings application.) -- C:\Program Files\pdfforge Toolbar\SearchSettings.exe    => Infection BT (Adware.WidgiToolbar) 
O18 - Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\vShare\vshare_toolbar.dll    => Infection BT (Parasite.Pugi) 
O42 - Logiciel: pdfforge Toolbar v1.1.1 - (.Spigot, Inc..) [HKLM] -- {4EF8BE6A-899C-4196-94E7-297C5F7A203E}    => Infection BT (PUP.Dealio) 
O42 - Logiciel: vShare Plugin - (.Pas de propriétaire.) [HKLM] -- vShare    => Infection BT (Parasite.Pugi) 
[HKCU\Software\AppDataLow\Software\Fun Web Products]    => Infection BT (Adware.MyWebSearch) 
[HKCU\Software\AppDataLow\Software\FunWebProducts]    => Infection BT (Adware.MyWebSearch) 
[HKCU\Software\AppDataLow\Software\MyWebSearch]    => Infection BT (Adware.MyWebSearch) 
[HKCU\Software\AppDataLow\Software\pdfforge]    => Infection BT (PUP.Dealio) 
[HKCU\Software\Search Settings]    => Infection PUP (PUP.Dealio) 
[HKCU\Software\iMesh]    => Infection PUP (PUP.iMesh) 
[HKCU\Software\vShare]    => Infection BT (Parasite.Pugi) 
[HKLM\Software\Search Settings]    => Infection PUP (PUP.Dealio) 
[HKLM\Software\pdfforge]    => Infection BT (PUP.Dealio) 
O43 - CFD: 24/08/2009 - 21:28:36 - [3301] ----D- C:\Program Files\iMesh Applications    => Infection PUP (PUP.iMesh) 
O43 - CFD: 16/08/2009 - 17:44:48 - [3002986] ----D- C:\Program Files\pdfforge Toolbar    => Infection BT (Adware.WidgiToolbar) 
O43 - CFD: 02/02/2011 - 22:28:02 - [1376720] ----D- C:\Program Files\vShare    => Infection BT (Parasite.Pugi) 
O69 - SBI: SearchScopes [HKCU] {043C5167-00BB-4324-AF7E-62013FAEDACF} - (Web Search...) - http://ww1.toolbarhome.com    => Infection BT (Parasite.Pugi) 
[MD5.780D14604D49E3C634200C523DEF8351] [SPRF] (...) -- C:\Users\Roméo\AppData\Local\Temp\bassmod.dll   [9728] 
[HKCU\Software\Microsoft\Internet Explorer\lowregistry\search settings] 
[HKLM\Software\Classes\PROTOCOLS\Handler\vsharechrome] 

FirewallRAZ 
EmptyTemp 
EmptyFlash 



Puis Lance ZHPFix depuis le raccourci du bureau .

* Une fois l'outil ZHPFix ouvert , clique sur le bouton [ H ] ( "coller les lignes Helper" ) .

* Dans l'encadré principal tu verras donc les lignes que tu as copié précédemment apparaitrent .

Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.

Clique sur le bouton GO

Copie/Colle le rapport à l'écran dans ton prochain message.

2/ Ensuite
Prépare un nouveau rapport ZHPDiag stp

-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
Membre, Contributeur

-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
1/ Alors je sais pas si c'est normal mais dès que je lance ZHPfix toutes mes icônes ainsi que la barre de tâche disparaissent. Je suis obliger d'éteindre l'ordi à l'aide du menu 'ctrl + alt + suppr".
Enfin bon, j'ai quand même réussit à avoir le rapport ZHPfix:

Rapport de ZHPFix 1.12.3306 par Nicolas Coolman, Update du 10/06/2011
Fichier d'export Registre : C:\ZHPExportRegistry-11-06-2011-23-36-57.txt
Run by Roméo at 11/06/2011 23:36:57
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html

========== Logiciel(s) ==========
ABSENT Software Key: {4EF8BE6A-899C-4196-94E7-297C5F7A203E}
ABSENT Software Key: vShare

========== Clé(s) du Registre ==========
ABSENT CLSID BHO: {043C5167-00BB-4324-AF7E-62013FAEDACF}
ABSENT CLSID BHO: {B922D405-6D13-4A2B-AE89-08A030DA4402}
ABSENT CLSID BHO: {E312764E-7706-43F1-8DAB-FCDD2B1E416D}
ABSENT CLSID PAPP: {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484}
ABSENT HKCU\Software\AppDataLow\Software\Fun Web Products
ABSENT HKCU\Software\AppDataLow\Software\FunWebProducts
ABSENT HKCU\Software\AppDataLow\Software\MyWebSearch
ABSENT HKCU\Software\AppDataLow\Software\pdfforge
ABSENT HKCU\Software\Search Settings
ABSENT HKCU\Software\iMesh
ABSENT HKCU\Software\vShare
ABSENT HKLM\Software\Search Settings
ABSENT HKLM\Software\pdfforge
ABSENT SearchScopes :{043C5167-00BB-4324-AF7E-62013FAEDACF}
ABSENT HKCU\Software\Microsoft\Internet Explorer\lowregistry\search settings
ABSENT HKLM\Software\Classes\PROTOCOLS\Handler\vsharechrome

========== Valeur(s) du Registre ==========
ABSENT R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} . (.Spigot, Inc. - Search Settings IE.) (1, 2, 2, 2) -- C:\Program Files\pdfforge Toolbar\SearchSettings.dll
ABSENT O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} . (.Spigot, Inc. - Widgi Toolbar for Internet Explorer.) -- C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
ABSENT O3 - Toolbar: vShare Toolbar - {043C5167-00BB-4324-AF7E-62013FAEDACF} . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\vShare\vshare_toolbar.dll
ABSENT RunValue: SearchSettings
ABSENT Valeur Domain Profile: FirewallRaz :

========== Dossier(s) ==========
ABSENT C:\Program Files\iMesh Applications
ABSENT C:\Program Files\pdfforge Toolbar
ABSENT C:\Program Files\vShare
SUPPRIME Temporaires Windows: : 75
SUPPRIME Flash Cookies: 1

========== Fichier(s) ==========
ABSENT File: c:\program files\pdfforge toolbar\searchsettings.dll
ABSENT File: c:\program files\vshare\vshare_toolbar.dll
ABSENT File: c:\program files\pdfforge toolbar\pdfforgetoolbarie.dll
ABSENT File: c:\program files\pdfforge toolbar\searchsettings.exe
ABSENT Folder/File: c:\users\roméo\appdata\local\temp\bassmod.dll [9728]
SUPPRIME Temporaires Windows: : 6
SUPPRIME Flash Cookies: 0


========== Récapitulatif ==========
16 : Clé(s) du Registre
5 : Valeur(s) du Registre
5 : Dossier(s)
7 : Fichier(s)
2 : Logiciel(s)


End of the scan



2/ Voilà le rapport ZHPdiag :

http://pjjoint.malekal.com/files.php?id=94e814c95813512

Re,

System drive C: has 30 GB (6%) free of 453 GB

Tu as installé deux antivirus avast et avira, on doit avoir qu'un seul antivirus pour qu'il n'y'aura pas de conflit!
1/
*Désinstallation d'avast :

* Téléchargez aswclear.exe sur votre bureau
* Désactivez le système d'autoprotection avast! ou redémarrez Windows en Mode sans Echec
* Exécutez l'utilitaire téléchargé
* Cliquez sur "Uninstall"
* Redémarrez votre ordinateur
2/
Plusieurs logiciels installés, je te conseille de supprimer ceux que tu n'as pas besoin ou de les transférer si besoin dans un DD externe.

Malgrès que le Disque dure de ton PC peut contenir 453 GB,

il te reste seulement 30 GB

Un nettoyage d'été est nécessaire :)

3/
Désinstalle ce logiciel source d'infection :

O43 - CFD: 25/03/2011 - 06:32:30 - [25656989046] ----D- C:\Program Files\Jeux


4/
* Télécharge OTM (OldTimer) sur ton Bureau

ICI >> OTM (OldTimer)
* Double clic "OTMoveIt3.exe"
* Utilisateurs Windows Vista / 7 Clic droit sur "OTMoveIt3.exe" choisis "exécuter en tant qu'administrateur" afin de le lancer.

- Copie (Ctrl+C) le texte suivant en gras ci-dessous :




:Reg

[-HKCU\Software\BrowserChoice]

:commands
[emptytemp]
[Reboot]


- Colle (Ctrl+V) le texte précédemment copié dans le cadre: Paste Instructions for Items to be Moved.
- Clique maintenant sur le bouton MoveIt!
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
- Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

5/
Copie tout le texte présent en gras ci-dessous ( tu le selectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C )

[MD5.AFA1F8CC076AB0462512A78473D86D53] - (.BitTorrent, Inc. - DNA.) -- C:\Users\Roméo\Program Files\DNA\btdna.exe [323392]
O4 - Global Startup: C:\Users\Roméo\Desktop\Fallout 3.lnk - Clé orpheline
O44 - LFC:[MD5.9FC547E729CCA96EB5038BD43BBF69E6] - 11/06/2011 - 22:43:12 ---A- . (...) -- C:\error.log [30453]
O44 - LFC:[MD5.144B2DBDE149AB43C67D9212B4399325] - 11/06/2011 - 19:09:25 ---A- . (...) -- C:\Ad-Report-CLEAN[2].txt [11458]
O64 - Services: CurCS - (.not file.) - 35501290 (35501290) .(...) - LEGACY_35501290
O64 - Services: CurCS - (.not file.) - 37373404 (37373404) .(...) - LEGACY_37373404
O64 - Services: CurCS - (.not file.) - 81189168 (81189168) .(...) - LEGACY_81189168




Puis Lance ZHPFix depuis le raccourci du bureau .

* Une fois l'outil ZHPFix ouvert , clique sur le bouton [ H ] ( "coller les lignes Helper" ) .

* Dans l'encadré principal tu verras donc les lignes que tu as copié précédemment apparaitrent .

Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.

Clique sur le bouton GO

Copie/Colle le rapport à l'écran dans ton prochain message.


1/ Avast désinstallé.

2/ Je vais investir dans un DD externe bientôt, mais en attendant je suis obligé de tout conserver sur mon ordi, d'où le fait qu'il ne me reste presque plus d'espace libre.

3/ Qu'en est-il des programmes qui se trouvent dans le répertoire "C:\Program Files\Jeux "? Parce qu'il s'y trouve plusieurs jeux dont je n'ai pas vraiment envie de me séparer (ou de perdre les sauvegardes).

4/ Rapport OTM :

All processes killed
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\BrowserChoice\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Roméo
->Temp folder emptied: 18786834 bytes
->Temporary Internet Files folder emptied: 1279592209 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 47460017 bytes
->Google Chrome cache emptied: 7265586 bytes
->Flash cache emptied: 2863624 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 100289018 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 8044404 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 743 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1 396,00 mb
 
 
OTM by OldTimer - Version 3.1.18.0 log created on 06122011_011523

Files moved on Reboot...

Registry entries deleted on Reboot...


5/ Rapport ZHPfix :

Rapport de ZHPFix 1.12.3306 par Nicolas Coolman, Update du 10/06/2011
Fichier d'export Registre : C:\ZHPExportRegistry-12-06-2011-01-40-30.txt
Run by Roméo at 12/06/2011 01:40:30
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html

========== Clé(s) du Registre ==========
SUPPRIME Service Legacy: LEGACY_35501290
SUPPRIME Service Legacy: LEGACY_37373404
SUPPRIME Service Legacy: LEGACY_81189168

========== Fichier(s) ==========
SUPPRIME c:\users\roméo\desktop\fallout 3.lnk
SUPPRIME c:\error.log
SUPPRIME c:\ad-report-clean[2].txt


========== Récapitulatif ==========
3 : Clé(s) du Registre
3 : Fichier(s)


End of the scan

Re,

As tu d'autres soucis ?

Donc pense le plutôt possible d'alléger ton en investissant un DD externe

Si tous va bien, on va finaliser :

1/

IMPORTANT

Purger les points de restauration système:

Télécharge OneClick2RestorePoint

http://www.multifa7.be/Laddy/OneClick2RP.exe

Mirroirs si non accessible :
http://batchdhelus.open-web.fr/Laddy/OneClick2RP.exe
https://app.box.com/s/cqcsz5m0oz

* Double clic sur OneClick2RP pour l'exécuter (Clic-droit choisir Executer en tant qu'administrateur sous Vista/Seven)
* Clic sur le bouton "Purger", l'outil de nettoyage de windows va s'ouvrir
* Choisis ton disque dur principal en général (C:\) ... Patiente pendant le scan...
* Rends toi dans l'onglet "Autres options"
* Dans la zone restauration système, clic sur le bouton nettoyer puis sur le bouton Supprimer.
* Les points de restauration système seront purgés sauf le dernier créé.


Ensuite avec le même outil
Créer un nouveau point de restauration reconnaissable

Aide ICI
2/

Télécharge DelFix sur ton bureau.
* Lance le, tape suppression puis valide

Patiente pendant le scan jusqu'à l'ouverture du rapport.

* Copie/Colle le contenu du rapport dans ta prochaine réponse.

Note : Le rapport se trouve également sous C:\DelFix.txt

tu peux le desinstaller


3/
Mise à jour Java
* Tu peux vérifier ta Console Java :

Installer la nouvelle version si besoin (dans ce cas désinstalle avant l'ancienne version).

voici pour desinstaller :

JavaRa

Décompresse le fichier sur le Bureau (Clic droit > Extraire tout).
* Double-clique (clic droit "en tant qu'administrateur" pour Vista) sur le répertoire JavaRa.
* Puis double-clique sur le fichier JavaRa.exe (le exe peut ne pas s'afficher).
* Choisis Français puis clique sur Select.
* Clique sur Recherche de mises à jour.
* Sélectionne Mettre à jour via jucheck.exe puis clique sur Rechercher.
* Autorise le processus à se connecter s'il le demande, clique sur Installer et suis les instructions d'installation qui prennent quelques minutes.
* L'installation est terminée, reviens à l'écran de JavaRa et clique sur Effacer les anciennes versions.
* Clique sur Oui pour confirmer. Laisse travailler et clique ensuite sur OK, puis une deuxième fois sur OK.
* Un rapport va s'ouvrir. Poste-le dans ta prochaine réponse.
* Ferme l'application.

Note : le rapport se trouve aussi dans C:\ sous le nom JavaRa.log.
4/
Télécharge et installe :

CCleaner version Slim

* Lance-le.(clic droit "en tant qu'administrateur" pour Vista et Seven) Va dans Options puis

Avancé et décoche la case Effacer uniquement les fichiers etc....

* Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.

* Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare

toutes les erreurs tant de fois qu il en trouve a l analyse .

**************** Aide ICI ******************

Tu peux utiliser Ccleaner une fois par semaine

5/

Téléchage updatechecker pour t'indiquer les logiciels qui ne sont pas à jour et te permet aussi d'effectuer ces mises à jour

Fais la mise à jour surtout d'adobe reader



6/

Aussi tu peux garder Malwarebytes et l'utiliser aussi une fois par semaine.

7/

Je te conseille d'utiliser le navigateur Firefox et d'installer les modules

complémentaires WOT pour t'indiquer les fichiers douteux et Adblock plus pour bloquer les publicités...
8/
Un peu de lecture :
* Les dangers du Peer-To-Peer, Emule etc..
* Comment Sécuriser son ordinateur...


J'attend les rapports ...



Je sais pas si on peut appeler ça un soucis, mais j'ai effectivement quelque chose d'autre qui me dérange : dans ma partition C: des fichiers sont apparus de nul part, comme par exemple "found.000", 'IO.SYS" ou encore "MSDOS.SYS"

Est-ce normal? Quels sont ces programmes et comment puis-je les supprimer?



1/ Fait

2/ Rapport de Delfix :

# DelFix v8.0 - Rapport créé le 12/06/2011 à 14:59  
# Mis à jour le 01/06/11 à 13h par Xplode  
# Système d'exploitation : Windows Vista (TM) Home Premium (32 bits) [version 6.0.6002] Service Pack 2  
# Nom d'utilisateur : Roméo - DIAVOLO (Administrateur)  
# Exécuté depuis : C:\Users\Roméo\Desktop\delfix.exe  
# Option [Suppression]  


~~~~~~ Dossier(s) ~~~~~~  

Supprimé : C:\_OTM  
Supprimé : C:\tdsskiller  
Supprimé : C:\Program Files\Ad-Remover  
Supprimé : C:\Program Files\ZHPDiag  
Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP  

~~~~~~ Fichier(s) ~~~~~~  

Supprimé : C:\PhysicalDisk0_MBR.bin  
Supprimé : C:\TDSSKiller.2.5.4.0_11.06.2011_22.25.57_log.txt  
Supprimé : C:\TDSSKiller.2.5.4.0_11.06.2011_22.28.25_log.txt  
Supprimé : C:\TDSSKiller.2.5.4.0_11.06.2011_22.31.55_log.txt  
Supprimé : C:\ZHPExportRegistry-11-06-2011-21-57-44.txt  
Supprimé : C:\ZHPExportRegistry-11-06-2011-23-08-28.txt  
Supprimé : C:\ZHPExportRegistry-11-06-2011-23-09-29.txt  
Supprimé : C:\ZHPExportRegistry-11-06-2011-23-36-57.txt  
Supprimé : C:\ZHPExportRegistry-12-06-2011-01-40-30.txt  
Supprimé : C:\Users\Roméo\Desktop\AD-R.lnk  
Supprimé : C:\Users\Roméo\Desktop\Load_tdsskiller.exe  
Supprimé : C:\Users\Roméo\Desktop\OneClick2RP.exe  
Supprimé : C:\Users\Roméo\Desktop\OTM.exe  
Supprimé : C:\Users\Roméo\Desktop\RogueKiller.exe  
Supprimé : C:\Users\Roméo\Desktop\ZHPDiag.txt  
Supprimé : C:\Users\Roméo\Desktop\ZHPDiag2.exe  
Supprimé : C:\Users\Roméo\Desktop\ZHPDiag2.Txt  
Supprimé : C:\Users\Roméo\Desktop\ZHPFixReport.txt  
Supprimé : C:\Users\Public\Desktop\MBRCheck.lnk  
Supprimé : C:\Users\Public\Desktop\ZHPDiag.lnk  
Supprimé : C:\Users\Public\Desktop\ZHPFix.lnk  

~~~~~~ Registre ~~~~~~  

Clé Supprimée : HKCU\SOFTWARE\Ad-Remover  
Clé Supprimée : HKLM\Software\OldTimer Tools  
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Remover  
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1  

~~~~~~ Autre ~~~~~~  

-> Prefetch vidé  

########## EOF - "C:\DelFixSuppr.txt" - [2121 octets] ##########


3/ J'ai fait la mise à jour Java et ai supprimé les anciennes versions, par contre je ne trouve pas le rapport dans le disque C:

4/ J'ai lancé CCleaner une bonne quinzaine de fois, mais il y a toujours un dossier qui ne se répare pas.
L'extension de fichier {80b8c23c-16e0-4cd8-bbc3-cecec9a78b79} fait référence à un programme inexistant. Ce genre de référence est souvent laissé après la désinstallation d'un programme.   

 Solution : effacer la valeur du registre.


Je n'ai aucune idée de ce que ça peut être. Lorsque je lance la réparation il me dit que le problème est résolu, mais si je relance un scan il le détecte à nouveau.

EDIT : Après recherche il semblerait qu'il s'agisse de la clé d'Avira. Tu peux confirmer? Si c'est le cas je peux laisser le fichier je suppose?

5/ 6/ 7/ J'ai commencé à installer certaines mise à jour (en commençant par Adobe Reader). Je finirais le reste plus tard.

Re,

1/
Concernant le clé de registre, c'est vrai il correspond à avira

Clique sur ce lien pour le résoudre!

2/
Pour supprimer les fichiers apparus, tu peux essayer ceci :

Clique sur:
-Menu démarrer;
-Documents (ou Image, Jeux, Musique,...peu importe...);
-Organiser (en haut à gauche);
-Option des dossiers et des recherches;
-Affichage;
-Cocher: "Masquer les fichiers protégés du système d'exploitation (recommandé)"

Tiens moi au courant le résultat

@+