Sujet Précédent Sujet Suivant

Problème de desinfection avec Avira 2012

Fermé
multipan Messages postés 96 Date d'inscription vendredi 9 novembre 2007 Statut Membre Dernière intervention 26 décembre 2020 - 17 déc. 2012 à 16:26
multipan Messages postés 96 Date d'inscription vendredi 9 novembre 2007 Statut Membre Dernière intervention 26 décembre 2020 - 17 déc. 2012 à 16:36
Bonjour,
Je viens de constater que dans mes tous lecteurs il y a deux fichiers qui ne peuvent pas être supprimés.Je crois que mon PC est infecté mais Avira me signale qu'il n'y a rien après le scan.Je vous envoie ci-dessous le diagnostic et l'analyse faits par ZHP car j'ai besoin de votre aide.

Merci beaucoup et je m'excuse pour la longueur du texte,

ZHPDiag
Rapport de ZHPDiag v1.31.19 par Nicolas Coolman, Update du 06/09/2012
Run by Anitha Ralijaona at 17/12/2012 12:34:22
Web site : http://nicolascoolman.skyrock.com/
State : Problème connexion internet


---\\ Web Browser
MSIE: Internet Explorer v6.0.2900.5512
MFIE: Mozilla Firefox 15.0 v15.0 (Defaut)

---\\ Windows Product Information
~ Langage: Français
Windows XP Professional Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO

---\\ System Information
~ Processor: x86 Family 6 Model 8 Stepping 6, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 511 MB (48% free)
System Restore: Activé (Enable)
System drive C: has 13 GB (67%) free of 19 GB

---\\ Logged in mode
~ Computer Name: LOT-A19B6F07F62
~ User Name: Anitha Ralijaona
~ All Users Names: SUPPORT_388945a0, HelpAssistant, Anitha Ralijaona, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Documents and Settings\Anitha Ralijaona\Application Data\
~ %Desktop% : C:\Documents and Settings\Anitha Ralijaona\Bureau\
~ %Favorites% : C:\Documents and Settings\Anitha Ralijaona\Favoris\
~ %LocalAppData% : C:\Documents and Settings\Anitha Ralijaona\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\Anitha Ralijaona\Menu Démarrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 13 Go of 19 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ CD-ROM drive (Not Inserted)
F:\ Hard drive, Flash drive, Thumb drive (Free 5 Go of 40 Go)
G:\ Hard drive, Flash drive, Thumb drive (Free 7 Go of 36 Go)
H:\ Hard drive, Flash drive, Thumb drive (Free 9 Go of 36 Go)



---\\ Security Center & Tools Informations
~ UAC deactivate by user
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
~ Scan Security Center in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.13/04/2008 - 18:34:04.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.4A6E04EA20F48D750D9BFED8600D516B] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.13/04/2008 - 18:33:50.) -- C:\WINDOWS\system32\wininet.dll [670208]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.13/04/2008 - 18:34:30.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.322D0E36693D6E24A2398BEE62A268CD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/04/2008 - 11:19:24.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138112]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 10:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 11:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 10:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.13/04/2008 - 17:57:40.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 08:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.13/04/2008 - 18:00:54.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 10:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 10:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 11:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.68755F0FF16070178B54674FE5B847B0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.13/04/2008 - 11:17:02.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456576]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 11:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 11:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.13/04/2008 - 18:47:24.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 11:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 10:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 21:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.13/04/2008 - 17:56:06.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Scan Generic Processes in 00mn 02s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/13
~ Mes musiques (My Musics) : 1/2
~ Mes Favoris (My Favorites) : 1/7
~ Mes Documents (My Documents) : 1/24
~ Mon Bureau (My Desktop) : 1/222
~ Menu demarrer (Programs) : 1/34
~ Scan Hidden Files in 00mn 00s



---\\ Processus lancés
[MD5.B458A95F12D36F55F98A42FD66BAEBFA] - (.Avira Operations GmbH & Co. KG - Avira Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224] [PID.]
[MD5.40B7402E26615A47F05AF95037CBEB48] - (.Microsoft Corporation - Microsoft (R) HTML Application host.) -- C:\WINDOWS\system32\mshta.exe [29184] [PID.]
[MD5.CC3110EEF77AA0810CAA03741168BA8F] - (.Avira Operations GmbH & Co. KG - Avira On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032] [PID.]
[MD5.DD3FAD2CB414AD310B21FC9EFA89ABC4] - (.Nero AG - incdsrv.) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [1551408] [PID.]
[MD5.8AF19FE86CCA847A2FCE826ADE707946] - (...) -- C:\Program Files\InternetEverywhere\InternetEverywhere_Service.exe [316880] [PID.]
[MD5.66D4456C920E21BD2188F8CC33680DF5] - (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40048] [PID.]
[MD5.C67173388E6E7F11EC0E8729CD484223] - (.Ask - Ask Updater.) -- C:\Program Files\Ask.com\Updater\Updater.exe [1391272] [PID.]
[MD5.2C487CAB3DCB2E49F9DE6B30E5E9CE19] - (.Nero AG - NBH.) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [1629744] [PID.]
[MD5.884037B6034A89FFB03CC02A29DFFAAB] - (.Nero AG - InCD.) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe [1057328] [PID.]
[MD5.7AB260753EB3A96844E15D2ED59726F8] - (.SlipStream Data Inc. - Accelerator Core Services.) -- H:\Program Files\Orange Madagascar Booster\slipcore.exe [323584] [PID.]
[MD5.9F0BE235A0136EA9E94CF9BD037C30EC] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [348664] [PID.]
[MD5.F6987FF6C6D683F79FDCE707B071A997] - (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe [955392] [PID.]
[MD5.ECE648CDC3A09421E996DFFDA76F5C53] - (.Nero AG - Nero Home.) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [153136] [PID.]
[MD5.504F86F230A39B0C159D9BC00572A9D7] - (.© Une création http://GraphysWeb.com - X'nBeep, réveil digital pour Windows XP.) -- C:\Program Files\X'nBeep 1.1\XnBeep.exe [1067520] [PID.]
[MD5.395A66AC319A538DCF4B024CDD16724C] - (...) -- C:\Program Files\InternetEverywhere\InternetEverywhere_Launcher.exe [472528] [PID.]
[MD5.C2B1BD112D361E0F5E3265D27CC65137] - (.SlipStream Data Inc. - Accelerator User Interface.) -- H:\Program Files\Orange Madagascar Booster\slipgui.exe [208896] [PID.]
[MD5.E869E31D3FD7B6314EEFEA4304C413CA] - (.Avira Operations GmbH & Co. KG - Avira Shadow Copy Service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [80336] [PID.]
[MD5.A21AD1957C24A499E1AC2B0215E985BB] - (.Avira Operations GmbH & Co. KG - Avira WebGuard Service.) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.exe [465360] [PID.]
[MD5.060DAF68493AD7ADF104413E5A62AFA8] - (.Nero AG - Nero Home.) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [271920] [PID.]
[MD5.B920AAF7ABEA489AC415DD38AD7B76CD] - (.Nero AG - Nero Home.) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe [1209904] [PID.]
[MD5.4CE0626245E0F0AC4970AF913FB6964A] - (...) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [3764736] [PID.]
~ Scan Processes Running in 00mn 04s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Documents and Settings\Anitha Ralijaona\Application Data\Mozilla\Firefox\Profiles\gpdbdvl6.default\prefs.js
M3 - MFPP: Plugins - [Anitha Ralijaona] -- C:\Documents and Settings\Anitha Ralijaona\Application Data\Mozilla\Firefox\Profiles\gpdbdvl6.default\searchplugins\myplaycity-search.xml
M3 - MFPP: Plugins - [Anitha Ralijaona] -- C:\Documents and Settings\Anitha Ralijaona\Application Data\Mozilla\Firefox\Profiles\gpdbdvl6.default\searchplugins\myplaycity.xml
M2 - MFEP: prefs.js [Anitha Ralijaona - gpdbdvl6.default\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}] [] MyPlayCity Toolbar v1.5.48.2 (.Conduit Ltd..)
P2 - FPN: [HKLM] [@videolan.org/vlc,version=2.0.4] - (.VideoLAN - VLC media player Web Plugin 2.0.2.) -- C:\Program Files\VideoLAN\VLC\npvlc.dll
~ Scan Firefox Browser in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.myplaycity.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.myplaycity.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/fr-fr/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=17DBE7D168544FA98200E890A8051984
R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} . (.VideoLAN - VLC media player Web Plugin 2.0.2.) (No version) -- (.not file.)
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.VideoLAN - VLC media player Web Plugin 2.0.2.) (No version) -- (.not file.)
R3 - URLSearchHook: (no name) - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} . (.VideoLAN - VLC media player Web Plugin 2.0.2.) (No version) -- (.not file.)
~ Scan IE Browser in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Scan Proxy management in 00mn 00s



---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Scan Keys in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Scan Hosts File in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} Clé orpheline
O2 - BHO: (no name) - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} Clé orpheline
O2 - BHO: (no name) - {9AA2F14F-E956-44B8-8694-A5B615CDF341} Clé orpheline
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} Clé orpheline
~ Scan BHO in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{D4027C7F-154A-4066-A1AD-4243D8127440} . (...) -- (.not file.)
O3 - Toolbar: (no name) - [HKLM]{8B79EE88-E62D-4AA8-B530-CC357BA112B7} . (...) -- (.not file.)
O3 - Toolbar: (no name) - [HKLM]{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} . (...) -- (.not file.)
~ Scan Toolbar in 00mn 00s



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [ApnUpdater] . (.Ask - Ask Updater.) -- C:\Program Files\Ask.com\Updater\Updater.exe
O4 - HKLM\..\Run: [NeroFilterCheck] . (.Nero AG - NeroCheck.) -- C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] . (.Nero AG - NBH.) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] . (.Nero AG - InCD.) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [SlipStream] . (.SlipStream Data Inc. - Accelerator Core Services.) -- H:\Program Files\Orange Madagascar Booster\slipcore.exe
O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [X'nBeep] . (.© Une création http://GraphysWeb.com - X'nBeep, réveil digital pour Windows XP.) -- C:\Program Files\X'nBeep 1.1\XnBeep.exe
O4 - HKCU\..\Run: [HijackThis startup scan] . (.Trend Micro Inc. - HijackThis.) -- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-1004336348-1580818891-842925246-1003\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1004336348-1580818891-842925246-1003\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-21-1004336348-1580818891-842925246-1003\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-1004336348-1580818891-842925246-1003\..\Run: [X'nBeep] . (.© Une création http://GraphysWeb.com - X'nBeep, réveil digital pour Windows XP.) -- C:\Program Files\X'nBeep 1.1\XnBeep.exe
O4 - HKUS\S-1-5-21-1004336348-1580818891-842925246-1003\..\Run: [HijackThis startup scan] . (.Trend Micro Inc. - HijackThis.) -- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
~ Scan Application in 00mn 01s



---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Adobe Reader 8.lnk . (...) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A81000000003}\SC_Reader.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\MSN.lnk . (.Microsoft Corporation.) -- C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Messenger.lnk . (.Microsoft Corporation.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Movie Maker.lnk . (.Microsoft Corporation.) -- C:\Program Files\Movie Maker\moviemk.exe
O4 - Global Startup: C:\Documents And Settings\Anitha Ralijaona\Menu Démarrer\Programmes\Assistance à distance.lnk . (.Microsoft Corporation.) -- C:\WINDOWS\system32\rcimlby.exe
O4 - Global Startup: C:\Documents And Settings\Anitha Ralijaona\Menu Démarrer\Programmes\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - Global Startup: C:\Documents And Settings\Anitha Ralijaona\Menu Démarrer\Programmes\Lecteur Windows Media.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Documents And Settings\Anitha Ralijaona\Menu Démarrer\Programmes\Outlook Express.lnk . (.Microsoft Corporation.) -- C:\Program Files\Outlook Express\msimn.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Adobe Reader 8.lnk . (...) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A81000000003}\SC_Reader.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\MSN.lnk . (.Microsoft Corporation.) -- C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Messenger.lnk . (.Microsoft Corporation.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Movie Maker.lnk . (.Microsoft Corporation.) -- C:\Program Files\Movie Maker\moviemk.exe
O4 - Global Startup: C:\Documents And Settings\Anitha Ralijaona\Menu Démarrer\Programmes\Assistance à distance.lnk . (.Microsoft Corporation.) -- C:\WINDOWS\system32\rcimlby.exe
O4 - Global Startup: C:\Documents And Settings\Anitha Ralijaona\Menu Démarrer\Programmes\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - Global Startup: C:\Documents And Settings\Anitha Ralijaona\Menu Démarrer\Programmes\Lecteur Windows Media.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Documents And Settings\Anitha Ralijaona\Menu Démarrer\Programmes\Outlook Express.lnk . (.Microsoft Corporation.) -- C:\Program Files\Outlook Express\msimn.exe
~ Scan Global Startup in 00mn 02s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ Scan IE Extra Buttons in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
~ Scan Winsock in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\WINDOWS\system32\mshtml.dll
O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\WINDOWS\system32\msvidctl.dll
O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\WINDOWS\system32\itss.dll
O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\WINDOWS\system32\mshtml.dll
O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\WINDOWS\system32\mshtml.dll
O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API.) -- C:\WINDOWS\system32\inetcomm.dll
O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\WINDOWS\system32\itss.dll
O18 - Handler: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} . (.Microsoft Corporation - Microsoft Office Web Components 2003.) -- C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.dll
O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\WINDOWS\system32\mshtml.dll
O18 - Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\WINDOWS\system32\mshtml.dll
O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\WINDOWS\system32\msvidctl.dll
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\WINDOWS\system32\mshtml.dll
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.dll
~ Scan Protocole Additionnel in 00mn 01s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll



ZHP Analyse

Zeb Help Process v3.0.76 by Nicolas Coolman - Rapport Général du 17/12/2012 12:51:04

Rapport de ZHPDiag v1.31.19 par Nicolas Coolman, Update du 06/09/2012
Run by Anitha Ralijaona at 17/12/2012 12:34:22
Web site : http://nicolascoolman.skyrock.com/
State : Problème connexion internet


---\\ Web Browser
MSIE: Internet Explorer v6.0.2900.5512
MFIE: Mozilla Firefox 15.0 v15.0 (Defaut)

---\\ Windows Product Information
~ Langage: Français
Windows XP Professional Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO

---\\ System Information
~ Processor: x86 Family 6 Model 8 Stepping 6, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 511 MB (48% free)
System Restore: Activé (Enable)
System drive C: has 13 GB (67%) free of 19 GB

---\\ Logged in mode
~ Computer Name: LOT-A19B6F07F62
~ User Name: Anitha Ralijaona
~ All Users Names: SUPPORT_388945a0, HelpAssistant, Anitha Ralijaona, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Documents and Settings\Anitha Ralijaona\Application Data\
~ %Desktop% : C:\Documents and Settings\Anitha Ralijaona\Bureau\
~ %Favorites% : C:\Documents and Settings\Anitha Ralijaona\Favoris\
~ %LocalAppData% : C:\Documents and Settings\Anitha Ralijaona\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\Anitha Ralijaona\Menu Démarrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 13 Go of 19 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ CD-ROM drive (Not Inserted)
F:\ Hard drive, Flash drive, Thumb drive (Free 5 Go of 40 Go)
G:\ Hard drive, Flash drive, Thumb drive (Free 7 Go of 36 Go)
H:\ Hard drive, Flash drive, Thumb drive (Free 9 Go of 36 Go)



---\\ Security Center & Tools Informations
~ UAC deactivate by user
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
~ Scan Security Center in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.13/04/2008 - 18:34:04.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.4A6E04EA20F48D750D9BFED8600D516B] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.13/04/2008 - 18:33:50.) -- C:\WINDOWS\system32\wininet.dll [670208]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.13/04/2008 - 18:34:30.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.322D0E36693D6E24A2398BEE62A268CD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/04/2008 - 11:19:24.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138112]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 10:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 11:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 10:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.13/04/2008 - 17:57:40.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 08:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.13/04/2008 - 18:00:54.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 10:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 10:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 11:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.68755F0FF16070178B54674FE5B847B0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.13/04/2008 - 11:17:02.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456576]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 11:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 11:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.13/04/2008 - 18:47:24.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 11:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 10:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 21:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.13/04/2008 - 17:56:06.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Scan Generic Processes in 00mn 02s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/13
~ Mes musiques (My Musics) : 1/2
~ Mes Favoris (My Favorites) : 1/7
~ Mes Documents (My Documents) : 1/24
~ Mon Bureau (My Desktop) : 1/222
~ Menu demarrer (Programs) : 1/34
~ Scan Hidden Files in 00mn 00s



---\\ Processus lancés
[MD5.B458A95F12D36F55F98A42FD66BAEBFA] - (.Avira Operations GmbH & Co. KG - Avira Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224] [PID.]
[MD5.40B7402E26615A47F05AF95037CBEB48] - (.Microsoft Corporation - Microsoft HTML Application host.) -- C:\WINDOWS\system32\mshta.exe [29184] [PID.]
[MD5.CC3110EEF77AA0810CAA03741168BA8F] - (.Avira Operations GmbH & Co. KG - Avira On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032] [PID.]
[MD5.DD3FAD2CB414AD310B21FC9EFA89ABC4] - (.Nero AG - incdsrv.) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [1551408] [PID.]
[MD5.8AF19FE86CCA847A2FCE826ADE707946] - (...) -- C:\Program Files\InternetEverywhere\InternetEverywhere_Service.exe [316880] [PID.]
[MD5.66D4456C920E21BD2188F8CC33680DF5] - (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40048] [PID.]
[MD5.C67173388E6E7F11EC0E8729CD484223] - (.Ask - Ask Updater.) -- C:\Program Files\Ask.com\Updater\Updater.exe [1391272] [PID.]
[MD5.2C487CAB3DCB2E49F9DE6B30E5E9CE19] - (.Nero AG - NBH.) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [1629744] [PID.]
[MD5.884037B6034A89FFB03CC02A29DFFAAB] - (.Nero AG - InCD.) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe [1057328] [PID.]
[MD5.7AB260753EB3A96844E15D2ED59726F8] - (.SlipStream Data Inc. - Accelerator Core Services.) -- H:\Program Files\Orange Madagascar Booster\slipcore.exe [323584] [PID.]
[MD5.9F0BE235A0136EA9E94CF9BD037C30EC] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [348664] [PID.]
[MD5.F6987FF6C6D683F79FDCE707B071A997] - (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe [955392] [PID.]
[MD5.ECE648CDC3A09421E996DFFDA76F5C53] - (.Nero AG - Nero Home.) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [153136] [PID.]
[MD5.504F86F230A39B0C159D9BC00572A9D7] - (.© Une création http://GraphysWeb.com - X'nBeep, réveil digital pour Windows XP.) -- C:\Program Files\X'nBeep 1.1\XnBeep.exe [1067520] [PID.]
[MD5.395A66AC319A538DCF4B024CDD16724C] - (...) -- C:\Program Files\InternetEverywhere\InternetEverywhere_Launcher.exe [472528] [PID.]
[MD5.C2B1BD112D361E0F5E3265D27CC65137] - (.SlipStream Data Inc. - Accelerator User Interface.) -- H:\Program Files\Orange Madagascar Booster\slipgui.exe [208896] [PID.]
[MD5.E869E31D3FD7B6314EEFEA4304C413CA] - (.Avira Operations GmbH & Co. KG - Avira Shadow Copy Service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [80336] [PID.]
[MD5.A21AD1957C24A499E1AC2B0215E985BB] - (.Avira Operations GmbH & Co. KG - Avira WebGuard Service.) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.exe [465360] [PID.]
[MD5.060DAF68493AD7ADF104413E5A62AFA8] - (.Nero AG - Nero Home.) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [271920] [PID.]
[MD5.B920AAF7ABEA489AC415DD38AD7B76CD] - (.Nero AG - Nero Home.) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe [1209904] [PID.]
[MD5.4CE0626245E0F0AC4970AF913FB6964A] - (...) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [3764736] [PID.]
~ Scan Processes Running in 00mn 04s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Documents and Settings\Anitha Ralijaona\Application Data\Mozilla\Firefox\Profiles\gpdbdvl6.default\prefs.js
M3 - MFPP: Plugins - [Anitha Ralijaona] -- C:\Documents and Settings\Anitha Ralijaona\Application Data\Mozilla\Firefox\Profiles\gpdbdvl6.default\searchplugins\myplaycity-search.xml
M3 - MFPP: Plugins - [Anitha Ralijaona] -- C:\Documents and Settings\Anitha Ralijaona\Application Data\Mozilla\Firefox\Profiles\gpdbdvl6.default\searchplugins\myplaycity.xml
M2 - MFEP: prefs.js [Anitha Ralijaona - gpdbdvl6.default\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}] [] MyPlayCity Toolbar v1.5.48.2 (.Conduit Ltd..)
P2 - FPN: [HKLM] [@videolan.org/vlc,version=2.0.4] - (.VideoLAN - VLC media player Web Plugin 2.0.2.) -- C:\Program Files\VideoLAN\VLC\npvlc.dll
~ Scan Firefox Browser in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.myplaycity.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.myplaycity.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/fr-fr/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=17DBE7D168544FA98200E890A8051984
R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} . (.VideoLAN - VLC media player Web Plugin 2.0.2.) (No version) -- (.not file.)
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.VideoLAN - VLC media player Web Plugin 2.0.2.) (No version) -- (.not file.)
R3 - URLSearchHook: (no name) - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} . (.VideoLAN - VLC media player Web Plugin 2.0.2.) (No version) -- (.not file.)
~ Scan IE Browser in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Scan Proxy management in 00mn 00s



---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Scan Keys in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Scan Hosts File in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} Clé orpheline
O2 - BHO: (no name) - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} Clé orpheline
O2 - BHO: (no name) - {9AA2F14F-E956-44B8-8694-A5B615CDF341} Clé orpheline
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} Clé orpheline
~ Scan BHO in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{D4027C7F-154A-4066-A1AD-4243D8127440} . (...) -- (.not file.)
O3 - Toolbar: (no name) - [HKLM]{8B79EE88-E62D-4AA8-B530-CC357BA112B7} . (...) -- (.not file.)
O3 - Toolbar: (no name) - [HKLM]{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} . (...) -- (.not file.)
~ Scan Toolbar in 00mn 00s



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [ApnUpdater] . (.Ask - Ask Updater.) -- C:\Program Files\Ask.com\Updater\Updater.exe
O4 - HKLM\..\Run: [NeroFilterCheck] . (.Nero AG - NeroCheck.) -- C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] . (.Nero AG - NBH.) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] . (.Nero AG - InCD.) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [SlipStream] . (.SlipStream Data Inc. - Accelerator Core Services.) -- H:\Program Files\Orange Madagascar Booster\slipcore.exe
O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [X'nBeep] . (.© Une création http://GraphysWeb.com - X'nBeep, réveil digital pour Windows XP.) -- C:\Program Files\X'nBeep 1.1\XnBeep.exe
O4 - HKCU\..\Run: [HijackThis startup scan] . (.Trend Micro Inc. - HijackThis.) -- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-1004336348-1580818891-842925246-1003\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1004336348-1580818891-842925246-1003\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-21-1004336348-1580818891-842925246-1003\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-1004336348-1580818891-842925246-1003\..\Run: [X'nBeep] . (.© Une création http://GraphysWeb.com - X'nBeep, réveil digital pour Windows XP.) -- C:\Program Files\X'nBeep 1.1\XnBeep.exe
O4 - HKUS\S-1-5-21-1004336348-1580818891-842925246-1003\..\Run: [HijackThis startup scan] . (.Trend Micro Inc. - HijackThis.) -- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
~ Scan Application in 00mn 01s



---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Adobe Reader 8.lnk . (...) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A81000000003}\SC_Reader.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\MSN.lnk . (.Microsoft Corporation.) -- C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Messenger.lnk . (.Microsoft Corporation.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Movie Maker.lnk . (.Microsoft Corporation.) -- C:\Program Files\Movie Maker\moviemk.exe
O4 - Global Startup: C:\Documents And Settings\Anitha Ralijaona\Menu Démarrer\Programmes\Assistance à distance.lnk . (.Microsoft Corporation.) -- C:\WINDOWS\system32\rcimlby.exe
O4 - Global Startup: C:\Documents And Settings\Anitha Ralijaona\Menu Démarrer\Programmes\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - Global Startup: C:\Documents And Settings\Anitha Ralijaona\Menu Démarrer\Programmes\Lecteur Windows Media.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Documents And Settings\Anitha Ralijaona\Menu Démarrer\Programmes\Outlook Express.lnk . (.Microsoft Corporation.) -- C:\Program Files\Outlook Express\msimn.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Adobe Reader 8.lnk . (...) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A81000000003}\SC_Reader.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\MSN.lnk . (.Microsoft Corporation.) -- C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Messenger.lnk . (.Microsoft Corporation.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Movie Maker.lnk . (.Microsoft Corporation.) -- C:\Program Files\Movie Maker\moviemk.exe
O4 - Global Startup: C:\Documents And Settings\Anitha Ralijaona\Menu Démarrer\Programmes\Assistance à distance.lnk . (.Microsoft Corporation.) -- C:\WINDOWS\system32\rcimlby.exe
O4 - Global Startup: C:\Documents And Settings\Anitha Ralijaona\Menu Démarrer\Programmes\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - Global Startup: C:\Documents And Settings\Anitha Ralijaona\Menu Démarrer\Programmes\Lecteur Windows Media.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Documents And Settings\Anitha Ralijaona\Menu Démarrer\Programmes\Outlook Express.lnk . (.Microsoft Corporation.) -- C:\Program Files\Outlook Express\msimn.exe
~ Scan Global Startup in 00mn 02s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ Scan IE Extra Buttons in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
~ Scan Winsock in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft .) -- C:\WINDOWS\system32\mshtml.dll
O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\WINDOWS\system32\msvidctl.dll
O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\WINDOWS\system32\itss.dll
O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft .) -- C:\WINDOWS\system32\mshtml.dll
O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft .) -- C:\WINDOWS\system32\mshtml.dll
O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API.) -- C:\WINDOWS\system32\inetcomm.dll
O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\WINDOWS\system32\itss.dll
O18 - Handler: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} . (.Microsoft Corporation - Microsoft Office Web Components 2003.) -- C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.dll
O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft .) -- C:\WINDOWS\system32\mshtml.dll
O18 - Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} . (.Microsoft Corporation - Visionneuse HTML Microsoft .) -- C:\WINDOWS\system32\mshtml.dll
O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\WINDOWS\system32\msvidctl.dll
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft .) -- C:\WINDOWS\system32\mshtml.dll
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.dll
~ Scan Protocole Additionnel in 00mn 01s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Scan Winlogon in 00mn 00s



---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Contrôleur de site Web.) -- C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll
~ Scan SSODL in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Avira Planificateur (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG - Avira Scheduler.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Protection temps réel (AntiVirService) . (.Avira Operations GmbH & Co. KG - Avira On-Access Service.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Protection Web (AntiVirWebService) . (.Avira Operations GmbH & Co. KG - Avira WebGuard Service.) - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.exe
O23 - Service: InCD Helper (InCDsrv) . (.Nero AG - incdsrv.) - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: InternetEverywhere_Service (InternetEverywhere_Service) . (...) - C:\Program Files\InternetEverywhere\InternetEverywhere_Service.exe
~ Scan Services in 00mn 00s



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(.Microsoft Corporation - Microsoft Office Word.) - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.exe
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Anitha Ralijaona\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Anitha Ralijaona\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Scan Desktop Component in 00mn 00s



---\\ BootExecute (O34)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
~ Scan Keys in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GlaryInitialize.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Win32SecuritySystem.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\WindowsUpdate.job
[MD5.44C00A385CA9DBC1D5CF3781F8C26AEA] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
[MD5.D65560625F5F6247332D0633F991B0F6] [APT] [GlaryInitialize] (.Glarysoft Ltd.) -- C:\Program Files\Glary Utilities\initialize.exe
[MD5.BB92A5F10D76140569216E8C4D67115A] [APT] [Scheduled Update for Ask Toolbar] (...) -- C:\Program Files\Ask.com\UpdateTask.exe
[MD5.A38FEAE20CD8A67B52612AE777D48389] [APT] [Win32SecuritySystem] (...) -- C:\windows\system32\MSE\Message_pour_le_Monde.exe
[MD5.35FD47FA54F13B988731605F4AD3E291] [APT] [WindowsUpdate] (...) -- C:\windows\Default\run.hta
~ Scan Scheduled Task in 00mn 00s



---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Microsoft Windows Media Player - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Utilitaire d'installation du Lecteur Windows Media Microsoft.) -- C:\WINDOWS\inf\unregmp2.exe
O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - Windows NT User Data Migration Tool.) -- C:\WINDOWS\system32\shmgrate.exe
O40 - ASIC: Outlook Express - >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} . (.Microsoft Corporation - Windows NT User Data Migration Tool.) -- C:\WINDOWS\system32\shmgrate.exe
O40 - ASIC: Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} . (.Microsoft Corporation - Windows Media 6.4 Player Shim.) -- C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: Lecteur Windows Media Microsoft 6.4 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media 6.4 Player Shim.) -- C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: DirectAnimation - {283807B5-2C60-11D0-A31D-00AA00B92C03} . (.Microsoft Corporation - DirectX Media -- DirectAnimation.) -- C:\WINDOWS\system32\danim.dll
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API Windows Theme.) -- C:\WINDOWS\system32\themeui.dll
O40 - ASIC: Microsoft Outlook Express 6 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Bibliothèque d'installation Outlook Express.) -- C:\Program Files\Outlook Express\setup50.exe
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} . (...) -- C:\WINDOWS\INF\msnetmtg.inf
O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} . (...) -- C:\WINDOWS\INF\msmsgs.inf
O40 - ASIC: Améliorations pour la navigation - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extension Shell dossier FTP Microsoft Internet Explorer..) -- C:\WINDOWS\system32\msieftp.dll
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (...) -- C:\WINDOWS\INF\wmp.inf
O40 - ASIC: Carnet d'adresses 6 - {7790769C-0471-11d2-AF11-00C04FA35D02} . (.Microsoft Corporation - Bibliothèque d'installation Outlook Express.) -- C:\Program Files\Outlook Express\setup50.exe
O40 - ASIC: Mise à jour du Bureau Windows - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\shell32.dll
O40 - ASIC: Internet Explorer 6 - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitaire d'installation individualisée de Internet Explorer.) -- C:\WINDOWS\system32\ie4uinit.exe
O40 - ASIC: Macromedia Shockwave Flash - {D27CDB6E-AE6D-11cf-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 11.4 r402.) -- C:\WINDOWS\system32\Macromed\Flash\Flash32_11_4_402_287.ocx
O40 - ASIC: Installed Component - S-1-5-21-1004336348-1580818891-842925246-1003 - >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS -- Not Hexadécimal CLSID
~ Scan Active Setup in 00mn 01s



---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\WINDOWS\system32\drivers\afd.sys
O41 - Driver: (avipbb) . (.Avira GmbH - Avira Driver for Security Enhancement.) - C:\WINDOWS\system32\DRIVERS\avipbb.sys
O41 - Driver: (avkmgr) . (.Avira GmbH - Avira Manager Driver.) - C:\WINDOWS\system32\DRIVERS\avkmgr.sys
O41 - Driver: (Cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\WINDOWS\system32\DRIVERS\cdrom.sys
A voir également:

1 réponse

Réponse 1 / 1
multipan Messages postés 96 Date d'inscription vendredi 9 novembre 2007 Statut Membre Dernière intervention 26 décembre 2020 2
17 déc. 2012 à 16:36
Milles excuses encore car il y a une partie du texte qui n'a pas été copiée et que je vous envoie ci-dessous:

O41 - Driver: (i8042prt) . (.Microsoft Corporation - Pilote de port i8042.) - C:\WINDOWS\system32\DRIVERS\i8042prt.sys
O41 - Driver: (Imapi) . (.Microsoft Corporation - IMAPI Kernel Driver.) - C:\WINDOWS\system32\DRIVERS\imapi.sys
O41 - Driver: (InCDPass) . (.Nero AG - Ahead RW Filter Driver.) - C:\WINDOWS\system32\drivers\InCDPass.sys
O41 - Driver: (incdrm) . (.Nero AG - Nero MRW Filter Driver.) - C:\WINDOWS\system32\drivers\InCDRm.sys
O41 - Driver: (IPSec) . (.Microsoft Corporation - IPSec Driver.) - C:\WINDOWS\system32\DRIVERS\ipsec.sys
O41 - Driver: (Kbdclass) . (.Microsoft Corporation - Pilote de la classe Clavier.) - C:\WINDOWS\system32\DRIVERS\kbdclass.sys
O41 - Driver: (Mouclass) . (.Microsoft Corporation - Pilote de la classe Souris.) - C:\WINDOWS\system32\DRIVERS\mouclass.sys
O41 - Driver: (MRxSmb) . (.Microsoft Corporation - Windows NT SMB Minirdr.) - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\WINDOWS\system32\DRIVERS\netbios.sys
O41 - Driver: (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\WINDOWS\system32\DRIVERS\netbt.sys
O41 - Driver: (P3) . (.Microsoft Corporation - Pilote de périphérique processeur.) - C:\WINDOWS\system32\DRIVERS\p3.sys
O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\WINDOWS\system32\DRIVERS\rasacd.sys
O41 - Driver: (Rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\WINDOWS\system32\DRIVERS\rdbss.sys
O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
O41 - Driver: (redbook) . (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) - C:\WINDOWS\system32\DRIVERS\redbook.sys
O41 - Driver: (Serial) . (.Microsoft Corporation - Pilote de périphérique série.) - C:\WINDOWS\system32\DRIVERS\serial.sys
O41 - Driver: (ssmdrv) . (.Avira GmbH - AVIRA SnapShot Driver.) - C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
O41 - Driver: (Tcpip) . (.Microsoft Corporation - TCP/IP Protocol Driver.) - C:\WINDOWS\system32\DRIVERS\tcpip.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\WINDOWS\system32\DRIVERS\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\WINDOWS\system32\drivers\vga.sys
~ Scan Drivers in 00mn 01s



---\\ Logiciels installés (O42)
O42 - Logiciel: Adobe Reader 8.1.0 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A81000000003}
O42 - Logiciel: Archiveur WinRAR - (.Pas de propriétaire.) [HKLM] -- WinRAR archiver
O42 - Logiciel: Ask Toolbar - (.Ask.com.) [HKLM] -- {86D4B82A-ABED-442A-BE86-96357B70F4FE}
O42 - Logiciel: Ask Toolbar Updater - (.Ask.com.) [HKCU] -- {79A765E1-C399-405B-85AF-466F52E918B0}
O42 - Logiciel: AusLogics Disk Defrag - (.Auslogics Software Pty. Ltd..) [HKLM] -- {DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1
O42 - Logiciel: Avira Free Antivirus - (.Avira.) [HKLM] -- Avira AntiVir Desktop
O42 - Logiciel: Billiard Art - (.MyPlayCity, Inc..) [HKLM] -- Billiard Art_is1
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: CueClub - (.Pas de propriétaire.) [HKLM] -- {39D7BD4A-5BE7-11D4-9D68-0020781864F1}
O42 - Logiciel: Guitar Pro 5.0 - (.Arobas Music.) [HKLM] -- Guitar Pro 5_is1
O42 - Logiciel: ImgBurn - (.LIGHTNING UK!.) [HKLM] -- ImgBurn
O42 - Logiciel: Internet Everywhere - (.Internet Everywhere.) [HKLM] -- InternetEverywhere
O42 - Logiciel: Lost Treasures of El Dorado - (.MyPlayCity, Inc..) [HKLM] -- Lost Treasures of El Dorado_is1
O42 - Logiciel: Microsoft Office Standard Edition 2003 - (.Microsoft Corporation.) [HKLM] -- {9012040C-6000-11D3-8CFE-0150048383C9}
O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM] -- MozillaMaintenanceService
O42 - Logiciel: MyPlayCity Toolbar - (.Pas de propriétaire.) [HKLM] -- MyPlayCity Toolbar
O42 - Logiciel: Nero 7 Essentials - (.Nero AG.) [HKLM] -- {66EBD70F-A42C-475F-AEDF-277378151036}
O42 - Logiciel: Orange Madagascar Booster - (.Orange Madagascar.) [HKLM] -- SlipStream
O42 - Logiciel: PElectro - (.Jean Barreau.) [HKLM] -- {50076704-2E67-4EE8-A8EE-D7B6AE012DDE}
O42 - Logiciel: SuperCopier2 - (.Pas de propriétaire.) [HKLM] -- SuperCopier2
O42 - Logiciel: World's Greatest Places Mahjong - (.MyPlayCity, Inc..) [HKLM] -- World's Greatest Places Mahjong_is1
O42 - Logiciel: neroxml - (.Nero AG.) [HKLM] -- {56C049BE-79E9-4502-BEA7-9754A3E60F9B}

---\\ HKCU & HKLM Software Keys
[HKCU\Software\3rd Eye Solutions]
[HKCU\Software\APN]
[HKCU\Software\Adobe]
[HKCU\Software\Ahead]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\Ask.com]
[HKCU\Software\AskToolbar]
[HKCU\Software\AusLogics]
[HKCU\Software\Avira]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\Conduit]
[HKCU\Software\Digital River]
[HKCU\Software\FreeTime]
[HKCU\Software\GNU]
[HKCU\Software\Gabest]
[HKCU\Software\GlarySoft]
[HKCU\Software\Graphys]
[HKCU\Software\GreatestsPlacesMR]
[HKCU\Software\GuitareTuner]
[HKCU\Software\Haali]
[HKCU\Software\ImgBurn]
[HKCU\Software\Intel]
[HKCU\Software\JollyBear]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\Lost Treasures Of El Dorado]
[HKCU\Software\Macromedia]
[HKCU\Software\Media Research Group]
[HKCU\Software\Memodata]
[HKCU\Software\MyPlayCity]
[HKCU\Software\Netscape]
[HKCU\Software\Northcode Inc]
[HKCU\Software\ODBC]
[HKCU\Software\PElectro]
[HKCU\Software\ParetoLogic]
[HKCU\Software\Policies]
[HKCU\Software\Recisio]
[HKCU\Software\SFX TEAM]
[HKCU\Software\Skype]
[HKCU\Software\SlipStream]
[HKCU\Software\SoulSeek]
[HKCU\Software\TechTracker.com]
[HKCU\Software\TechTracker]
[HKCU\Software\Usbfix]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\WebToGo]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\mc]
[HKLM\Software\APN]
[HKLM\Software\ATI Technologies]
[HKLM\Software\Adobe]
[HKLM\Software\Ahead]
[HKLM\Software\Arobas Music]
[HKLM\Software\AskToolbar]
[HKLM\Software\Audible]
[HKLM\Software\AviSynth]
[HKLM\Software\Avira]
[HKLM\Software\Big Fish Games]
[HKLM\Software\Borland]
[HKLM\Software\Bulldog]
[HKLM\Software\C07ft5Y]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Conduit]
[HKLM\Software\Creative Tech]
[HKLM\Software\DDV]
[HKLM\Software\DelFix]
[HKLM\Software\GNU]
[HKLM\Software\Gemplus]
[HKLM\Software\GlarySoft]
[HKLM\Software\Google]
[HKLM\Software\HaaliMkx]
[HKLM\Software\ImInstaller]
[HKLM\Software\Licenses]
[HKLM\Software\Macromedia]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\MyPlayCity]
[HKLM\Software\Nero]
[HKLM\Software\ODBC]
[HKLM\Software\ParetoLogic]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\Program Groups]
[HKLM\Software\Real]
[HKLM\Software\Recisio]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Schlumberger]
[HKLM\Software\Secure]
[HKLM\Software\Skype]
[HKLM\Software\TrendMicro]
[HKLM\Software\VideoLAN]
[HKLM\Software\WebToGo]
[HKLM\Software\Windows 3.1 Migration Status]
[HKLM\Software\X-AVCSD]
[HKLM\Software\mozilla.org]
~ Scan Softwares in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 09/10/2012 - 12:06:38 - [191,123] ----D C:\Program Files\Adobe
O43 - CFD: 10/10/2012 - 18:09:59 - [3,312] ----D C:\Program Files\Ask.com
O43 - CFD: 10/10/2012 - 11:54:47 - [4,042] ----D C:\Program Files\Auslogics
O43 - CFD: 02/12/2012 - 18:57:39 - [185,722] ----D C:\Program Files\Avira
O43 - CFD: 21/10/2012 - 12:44:34 - [4,795] ----D C:\Program Files\CCleaner
O43 - CFD: 07/10/2012 - 12:13:06 - [0] ----D C:\Program Files\ComPlus Applications
O43 - CFD: 10/11/2012 - 18:56:48 - [0,461] ----D C:\Program Files\Conduit
O43 - CFD: 12/10/2012 - 14:00:58 - [0,115] ----D C:\Program Files\Creative
O43 - CFD: 16/12/2012 - 01:13:10 - [235,292] ----D C:\Program Files\Fichiers communs
O43 - CFD: 09/10/2012 - 18:13:16 - [109,514] ----D C:\Program Files\FreeTime
O43 - CFD: 09/10/2012 - 18:12:18 - [18,789] ----D C:\Program Files\Glary Utilities
O43 - CFD: 07/10/2012 - 12:15:36 - [0,978] ----D C:\Program Files\Internet Explorer
O43 - CFD: 07/10/2012 - 12:57:14 - [19,864] ----D C:\Program Files\InternetEverywhere
O43 - CFD: 11/11/2012 - 14:46:40 - [0,992] ----D C:\Program Files\LG Electronics
O43 - CFD: 07/10/2012 - 12:12:35 - [2,072] ----D C:\Program Files\Messenger
O43 - CFD: 07/10/2012 - 12:20:07 - [0] ----D C:\Program Files\microsoft frontpage
O43 - CFD: 09/10/2012 - 11:56:13 - [115,138] ----D C:\Program Files\Microsoft Office
O43 - CFD: 12/10/2012 - 13:47:05 - [0,013] ----D C:\Program Files\Microsoft Windows OneCare Live
O43 - CFD: 07/10/2012 - 12:15:23 - [9,894] ----D C:\Program Files\Movie Maker
O43 - CFD: 10/11/2012 - 18:25:10 - [0,211] ----D C:\Program Files\Mozilla Maintenance Service
O43 - CFD: 07/10/2012 - 12:11:30 - [18,385] ----D C:\Program Files\MSN
O43 - CFD: 07/10/2012 - 12:12:28 - [8,341] ----D C:\Program Files\MSN Gaming Zone
O43 - CFD: 08/12/2012 - 14:02:09 - [3,896] ----D C:\Program Files\MyPlayCity
O43 - CFD: 27/11/2012 - 19:35:50 - [34,206] ----D C:\Program Files\MyPlayCity.com
O43 - CFD: 09/10/2012 - 18:25:27 - [463,542] ----D C:\Program Files\Nero
O43 - CFD: 07/10/2012 - 12:15:46 - [3,133] ----D C:\Program Files\NetMeeting
O43 - CFD: 07/10/2012 - 12:12:45 - [0,002] ----D C:\Program Files\Online Services
O43 - CFD: 07/10/2012 - 12:15:40 - [4,176] ----D C:\Program Files\Outlook Express
O43 - CFD: 19/11/2012 - 14:43:04 - [25,965] ----D C:\Program Files\Real
O43 - CFD: 07/10/2012 - 12:16:39 - [0,001] ----D C:\Program Files\Services en ligne
O43 - CFD: 13/11/2012 - 13:15:41 - [1,382] ----D C:\Program Files\Sokoban
O43 - CFD: 09/10/2012 - 12:13:46 - [1,169] ----D C:\Program Files\SuperCopier2
O43 - CFD: 16/12/2012 - 00:51:37 - [0,384] ----D C:\Program Files\Trend Micro
O43 - CFD: 07/10/2012 - 12:27:44 - [0] --H-D C:\Program Files\Uninstall Information
O43 - CFD: 04/11/2012 - 19:22:41 - [96,070] ----D C:\Program Files\VideoLAN
O43 - CFD: 09/10/2012 - 18:24:23 - [3,916] ----D C:\Program Files\Windows Media Player
O43 - CFD: 07/10/2012 - 12:12:11 - [3,756] ----D C:\Program Files\Windows NT
O43 - CFD: 07/10/2012 - 12:16:45 - [0] --H-D C:\Program Files\WindowsUpdate
O43 - CFD: 10/10/2012 - 12:18:42 - [3,280] ----D C:\Program Files\WinRAR
O43 - CFD: 07/10/2012 - 12:20:08 - [0] ----D C:\Program Files\xerox
O43 - CFD: 16/12/2012 - 01:12:54 - [117,021] ----D C:\Program Files\ZebHelpProcess
O43 - CFD: 17/12/2012 - 12:34:32 - [9,996] ----D C:\Program Files\ZHPDiag
O43 - CFD: 09/10/2012 - 12:08:01 - [10,315] ----D C:\Program Files\Fichiers communs\Adobe
O43 - CFD: 30/10/2012 - 20:11:16 - [113,851] ----D C:\Program Files\Fichiers communs\Ahead
O43 - CFD: 16/12/2012 - 01:13:10 - [7,320] ----D C:\Program Files\Fichiers communs\Borland Shared
O43 - CFD: 09/10/2012 - 11:56:41 - [0,082] ----D C:\Program Files\Fichiers communs\DESIGNER
O43 - CFD: 19/11/2012 - 14:43:00 - [1,273] ----D C:\Program Files\Fichiers communs\InstallShield
O43 - CFD: 09/10/2012 - 11:57:15 - [79,556] ----D C:\Program Files\Fichiers communs\Microsoft Shared
O43 - CFD: 07/10/2012 - 12:15:38 - [0,271] ----D C:\Program Files\Fichiers communs\MSSoap
O43 - CFD: 07/10/2012 - 16:04:07 - [0] ----D C:\Program Files\Fichiers communs\ODBC
O43 - CFD: 07/10/2012 - 12:15:45 - [0,008] ----D C:\Program Files\Fichiers communs\Services
O43 - CFD: 07/10/2012 - 16:04:02 - [3,612] ----D C:\Program Files\Fichiers communs\SpeechEngines
O43 - CFD: 11/10/2012 - 16:12:38 - [0,184] ----D C:\Program Files\Fichiers communs\SWF Studio
O43 - CFD: 09/10/2012 - 11:55:48 - [18,820] ----D C:\Program Files\Fichiers communs\System
O43 - CFD: 13/12/2012 - 19:49:14 - [197,271] R-H-D C:\Documents and Settings\All Users\Application Data
O43 - CFD: 16/12/2012 - 01:25:49 - [0,005] ----D C:\Documents and Settings\All Users\Bureau
O43 - CFD: 07/10/2012 - 12:14:16 - [1,624] R---D C:\Documents and Settings\All Users\Documents
O43 - CFD: 09/10/2012 - 18:23:37 - [0,101] -SH-D C:\Documents and Settings\All Users\DRM
O43 - CFD: 07/10/2012 - 16:03:08 - [0] ----D C:\Documents and Settings\All Users\Favoris
O43 - CFD: 07/10/2012 - 12:57:16 - [0,215] R---D C:\Documents and Settings\All Users\Menu Démarrer
O43 - CFD: 07/10/2012 - 16:03:08 - [0] --H-D C:\Documents and Settings\All Users\Modèles
O43 - CFD: 07/11/2012 - 14:32:59 - [0,039] ----D C:\Documents and Settings\Anitha Ralijaona\Application Data\Adobe
O43 - CFD: 04/11/2012 - 19:42:03 - [0,624] ----D C:\Documents and Settings\Anitha Ralijaona\Application Data\Ahead
O43 - CFD: 10/10/2012 - 11:54:53 - [0,108] ----D C:\Documents and Settings\Anitha Ralijaona\Application Data\Auslogics
O43 - CFD: 02/12/2012 - 19:04:51 - [0] ----D C:\Documents and Settings\Anitha Ralijaona\Application Data\Avira
O43 - CFD: 12/10/2012 - 13:01:08 - [0,037] ----D C:\Documents and Settings\Anitha Ralijaona\Application Data\DriverCure
O43 - CFD: 12/12/2012 - 12:46:51 - [0,000] ----D C:\Documents and Settings\Anitha Ralijaona\Application Data\dvdcss
O43 - CFD: 12/10/2012 - 18:30:32 - [0,612] ----D C:\Documents and Settings\Anitha Ralijaona\Application Data\ImgBurn
O43 - CFD: 28/11/2012 - 23:46:41 - [0,690] ----D C:\Documents and Settings\Anitha Ralijaona\Application Data\InternetEverywhere
O43 - CFD: 11/10/2012 - 16:12:40 - [0,000] ----D C:\Documents and Settings\Anitha Ralijaona\Application Data\Macromedia
O43 - CFD: 21/11/2012 - 17:19:23 - [0,001] ----D C:\Documents and Settings\Anitha Ralijaona\Application Data\md studio
O43 - CFD: 13/12/2012 - 19:49:14 - [0,592] -S--D C:\Documents and Settings\Anitha Ralijaona\Application Data\Microsoft
O43 - CFD: 17/10/2012 - 07:33:29 - [13,049] ----D C:\Documents and Settings\Anitha Ralijaona\Application Data\Mozilla
O43 - CFD: 14/10/2012 - 12:36:13 - [4,000] ----D C:\Documents and Settings\Anitha Ralijaona\Application Data\SlipStream
O43 - CFD: 12/10/2012 - 13:20:46 - [0,001] ----D C:\Documents and Settings\Anitha Ralijaona\Application Data\VersionTracker Pro
O43 - CFD: 16/12/2012 - 23:48:16 - [0,686] ----D C:\Documents and Settings\Anitha Ralijaona\Application Data\vlc
O43 - CFD: 17/10/2012 - 07:47:29 - [0] ----D C:\Documents and Settings\Anitha Ralijaona\Application Data\WinRAR
O43 - CFD: 12/10/2012 - 11:37:26 - [0,098] ----D C:\Documents and Settings\Anitha Ralijaona\Local Settings\Application Data\Adobe
O43 - CFD: 04/11/2012 - 19:30:55 - [2,260] ----D C:\Documents and Settings\Anitha Ralijaona\Local Settings\Application Data\Ahead
O43 - CFD: 14/11/2012 - 13:37:25 - [0,444] ----D C:\Documents and Settings\Anitha Ralijaona\Local Settings\Application Data\AskToolbar
O43 - CFD: 10/11/2012 - 18:56:49 - [0] ----D C:\Documents and Settings\Anitha Ralijaona\Local Settings\Application Data\Conduit
O43 - CFD: 12/10/2012 - 10:56:53 - [0] ----D C:\Documents and Settings\Anitha Ralijaona\Local Settings\Application Data\Help
O43 - CFD: 09/10/2012 - 18:40:16 - [0,508] ----D C:\Documents and Settings\Anitha Ralijaona\Local Settings\Application Data\Identities
O43 - CFD: 26/10/2012 - 09:39:59 - [0] ----D C:\Documents and Settings\Anitha Ralijaona\Local Settings\Application Data\JollyBear
O43 - CFD: 09/12/2012 - 22:51:21 - [27,132] ----D C:\Documents and Settings\Anitha Ralijaona\Local Settings\Application Data\Microsoft
O43 - CFD: 14/10/2012 - 11:57:49 - [48,976] ----D C:\Documents and Settings\Anitha Ralijaona\Local Settings\Application Data\Mozilla
O43 - CFD: 10/11/2012 - 18:56:48 - [0] ----D C:\Documents and Settings\Anitha Ralijaona\Local Settings\Application Data\MyPlayCity
O43 - CFD: 07/10/2012 - 12:27:51 - [0,014] R---D C:\Documents and Settings\Anitha Ralijaona\Menu Démarrer\Programmes\Accessoires
O43 - CFD: 16/12/2012 - 12:43:14 - [0,000] R---D C:\Documents and Settings\Anitha Ralijaona\Menu Démarrer\Programmes\Démarrage
O43 - CFD: 09/10/2012 - 18:14:04 - [0,003] ----D C:\Documents and Settings\Anitha Ralijaona\Menu Démarrer\Programmes\FormatFactory
O43 - CFD: 10/11/2012 - 12:57:27 - [0,001] ----D C:\Documents and Settings\Anitha Ralijaona\Menu Démarrer\Programmes\Sokoban
O43 - CFD: 09/10/2012 - 12:13:50 - [0,006] ----D C:\Documents and Settings\Anitha Ralijaona\Menu Démarrer\Programmes\SuperCopier2
O43 - CFD: 10/10/2012 - 12:18:43 - [0,002] ----D C:\Documents and Settings\Anitha Ralijaona\Menu Démarrer\Programmes\WinRAR
~ Scan Program Folder in 00mn 17s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.CBCA0EFC116532535C95A74E73466AC1] - 17/12/2012 - 12:35:01 ---A- . (...) -- C:\Green Peace.html [2446]
O44 - LFC:[MD5.5E45B4F3FF1927C47C699421173950ED] - 17/12/2012 - 12:34:24 ---A- . (...) -- C:\WINDOWS\WindowsUpdate.log [383032]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 17/12/2012 - 12:30:29 ---A- . (...) -- C:\WINDOWS\0.log [0]
O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 17/12/2012 - 12:28:06 -S-A- . (...) -- C:\WINDOWS\bootstat.dat [2048]
O44 - LFC:[MD5.6AC45F3F699B10D5C606A76D2F970EC9] - 17/12/2012 - 06:16:52 ---A- . (...) -- C:\WINDOWS\SchedLgU.Txt [32600]
O44 - LFC:[MD5.493A723BB9751C4F3009D64AE21E0733] - 16/12/2012 - 19:44:31 ---A- . (...) -- C:\PDOXUSRS.NET [13030]
O44 - LFC:[MD5.BEED859862DD30EC68C84C61AB7417EB] - 16/12/2012 - 13:33:14 ---A- . (...) -- C:\WINDOWS\setupact.log [120]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 16/12/2012 - 13:09:20 ---A- . (...) -- C:\WINDOWS\setuperr.log [0]
O44 - LFC:[MD5.EB6035EBCED17E42C7A618C99754AA64] - 16/12/2012 - 12:41:56 ---A- . (...) -- C:\WINDOWS\system32\wpa.dbl [2206]
O44 - LFC:[MD5.7A910434E303D61DD4B9C3FF74613A75] - 16/12/2012 - 00:52:31 ---A- . (...) -- C:\hijackthis.log [6561]
O44 - LFC:[MD5.CC62F93E5F47B81B3565656237270F1D] - 16/12/2012 - 00:48:29 ---A- . (...) -- C:\UsbFix151212.txt [3750]
O44 - LFC:[MD5.CC62F93E5F47B81B3565656237270F1D] - 16/12/2012 - 00:47:54 ---A- . (...) -- C:\UsbFix.txt [3750]
O44 - LFC:[MD5.6AD05CEEC492D0033D1ED38D91D410A7] - 15/12/2012 - 11:54:53 ---A- . (...) -- C:\error.txt [157]
O44 - LFC:[MD5.C72263A0B16B36E0B4BD2FD442FFFD54] - 15/12/2012 - 11:54:48 ---A- . (...) -- C:\WINDOWS\system32\SIntf16.dll [12067]
O44 - LFC:[MD5.9A7A95E48E629A075C6D883D0EE524C8] - 15/12/2012 - 11:54:48 ---A- . (...) -- C:\WINDOWS\system32\SIntf32.dll [17212]
O44 - LFC:[MD5.222810667D9FC2FAB1BEF82A8E510A1B] - 15/12/2012 - 11:54:48 ---A- . (...) -- C:\WINDOWS\system32\SIntfNT.dll [21840]
O44 - LFC:[MD5.C56D52B5CCC65522EBD0C23ED7276766] - 15/12/2012 - 11:33:45 ---A- . (...) -- C:\WINDOWS\cncscore.ini [551]
O44 - LFC:[MD5.C7BC96C3711C0D269DA26D1F0ECEC547] - 14/12/2012 - 20:57:07 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini [69]
O44 - LFC:[MD5.157CB93994C405C055658A83FF260612] - 08/12/2012 - 13:21:43 ---A- . (...) -- C:\WINDOWS\wiadebug.log [216]
O44 - LFC:[MD5.5ADF061A7B5FE0557D9EB58A3A25C4F4] - 08/12/2012 - 12:27:56 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 08/12/2012 - 12:27:55 ---A- . (...) -- C:\WINDOWS\Sti_Trace.log [0]
O44 - LFC:[MD5.A36EE93698802CD899F98BFD553D8185] - 02/12/2012 - 18:57:48 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\WINDOWS\system32\Drivers\ssmdrv.sys [28520]
O44 - LFC:[MD5.7D967A682D4694DF7FA57D63A2DB01FE] - 02/12/2012 - 18:57:43 ---A- . (.Avira GmbH - Avira Driver for Security Enhancement.) -- C:\WINDOWS\system32\Drivers\avipbb.sys [137928]
O44 - LFC:[MD5.53E56450DA16A1A7F0D002F511113F67] - 02/12/2012 - 18:57:43 ---A- . (.Avira GmbH - Avira Manager Driver.) -- C:\WINDOWS\system32\Drivers\avkmgr.sys [36000]
O44 - LFC:[MD5.D5541F0AFB767E85FC412FC609D96A74] - 02/12/2012 - 18:57:43 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\WINDOWS\system32\Drivers\avgntflt.sys [83392]
O44 - LFC:[MD5.2C16A7D5E3F01B151EF906562F06F4B9] - 02/12/2012 - 18:53:38 ---A- . (...) -- C:\WINDOWS\setupapi.log [4591]
O44 - LFC:[MD5.ACE3748B8726FB7620A37FD5DCE5CD9C] - 28/11/2012 - 23:46:40 ---A- . (...) -- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt [15616]
O44 - LFC:[MD5.0E10FC1911D6A138C513BC05FF60BEF4] - 23/11/2012 - 14:00:06 ---A- . (.Adobe Systems Incorporated - Adobe Flash Player Control Panel Applet.) -- C:\WINDOWS\system32\FlashPlayerApp.exe [696760]
O44 - LFC:[MD5.81D851DB12CD7AB54F0BF352036D7721] - 23/11/2012 - 14:00:04 ---A- . (.Adobe Systems Incorporated - Adobe Flash Player Control Panel Applet.) -- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl [73656]
O44 - LFC:[MD5.EEBB0FA277FF042F70E581A2E4C494F9] - 19/11/2012 - 08:57:07 ---A- . (...) -- C:\WINDOWS\PhotoSnapViewer.INI [151]
O44 - LFC:[MD5.A38FEAE20CD8A67B52612AE777D48389] - 18/02/2011 - 08:15:40 ---A- . (...) -- C:\Message_pour_le_Monde.exe [26652]
O44 - LFC:[MD5.8C25E347F5E2C2BCA9B5258A68B72AE7] - 20/01/1999 - 05:01:00 ---A- . (...) -- C:\WINDOWS\system32\DBCLIENT.DLL [210032]
O44 - LFC:[MD5.4BC02BD73338C3A26265F5C64DBEC770] - 12/11/1999 - 05:11:00 ---A- . (...) -- C:\WINDOWS\system32\BDEADMIN.CPL [183808]
~ Scan Files in 02mn 17s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ Scan ShellExecuteHooks in 00mn 00s



---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe
O47 - AAKE:Key Export SP - "C:\Documents and Settings\Anitha Ralijaona\Local Settings\Temp\ImInstaller\magentic_installer.exe" [Enabled] .(...) -- C:\Documents and Settings\Anitha Ralijaona\Local Settings\Temp\ImInstaller\magentic_installer.exe (.not fil
O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe
~ Scan Keys in 00mn 00s



---\\ Déni du service (Local Security Authority) (O48)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\system32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l'Éditeur de configuration de sécurité Windows.) -- C:\WINDOWS\system32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Kerberos Security Package.) -- C:\WINDOWS\system32\kerberos.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\system32\msv1_0.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\WINDOWS\system32\wdigest.dll
~ Scan Keys in 00mn 00s



---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys . (.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disque NT.) -- C:\WINDOWS\system32\Drivers\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys . (.Microsoft Corp., Veritas Software - Pilote E/S du Gestionnaire de disques NT.) -- C:\WINDOWS\system32\Drivers\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (...) -- C:\WINDOWS\system32\Drivers\sermouse.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys . (.Microsoft Corporation - Pilote de filtre de système de fichiers pour la restauration du système.) -- C:\WINDOWS\system32\Drivers\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\WINDOWS\system32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\WINDOWS\system32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys . (.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disque NT.) -- C:\WINDOWS\system32\Drivers\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys . (.Microsoft Corp., Veritas Software - Pilote E/S du Gestionnaire de disques NT.) -- C:\WINDOWS\system32\Drivers\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys . (.Microsoft Corporation - IPv6 Windows Firewall Driver.) -- C:\WINDOWS\system32\Drivers\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\WINDOWS\system32\Drivers\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpcdd.sys . (.Microsoft Corporation - RDP Miniport.) -- C:\WINDOWS\system32\Drivers\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpdd.sys . (...) -- C:\WINDOWS\system32\Drivers\rdpdd.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpwd.sys . (.Microsoft Corporation - RDP Terminal Stack Driver (US/Canada Only, Not for Export).) -- C:\WINDOWS\system32\Drivers\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (...) -- C:\WINDOWS\system32\Drivers\sermouse.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys . (.Microsoft Corporation - Pilote de filtre de système de fichiers pour la restauration du système.) -- C:\WINDOWS\system32\Drivers\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdpipe.sys . (.Microsoft Corporation - Named Pipe Transport Driver.) -- C:\WINDOWS\system32\Drivers\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdtcp.sys . (.Microsoft Corporation - TCP Transport Driver.) -- C:\WINDOWS\system32\Drivers\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\WINDOWS\system32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\WINDOWS\system32\Drivers\vgasave.sys (.not file.)
~ Scan CSB in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ Scan IFEO in 00mn 00s



---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{21231860-1065-11e2-bda1-005004c30230}\AutoRun\command. (...) -- G:\.\Setup.exe (.not file.)
~ Scan Keys in 00mn 00s



---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - Codec audio TrueSpeech DSP Group pour MSACM V3.50.) -- C:\WINDOWS\system32\tssoft32.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\system32\iccvid.dll
O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (...) -- C:\WINDOWS\system32\ir32_32.dll
O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (...) -- C:\WINDOWS\system32\ir32_32.dll
O52 - TDSD: \Drivers32\"vidc.iv41"="ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\WINDOWS\system32\ir41_32.ax
O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\system32\sl_anet.acm
O52 - TDSD: \Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax
O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- C:\WINDOWS\system32\ir50_32.dll
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm
O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\system32\sl_anet.acm
O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\iac25_32.ax"="Indeo® audio software" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax
O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm
O52 - TDSD: \drivers.desc\"tssoft32.acm"="tssoft32.acm" . (.DSP GROUP, INC. - Codec audio TrueSpeech DSP Group pour MSACM V3.50.) -- C:\WINDOWS\system32\tssoft32.acm
O52 - TDSD: \drivers.desc\"iccvid.dll"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\system32\iccvid.dll
O52 - TDSD: \drivers.desc\"ir32_32.dll"="ir32_32.dll" . (...) -- C:\WINDOWS\system32\ir32_32.dll
O52 - TDSD: \drivers.desc\"ir41_32.ax"="ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\WINDOWS\system32\ir41_32.ax
~ Scan Keys in 00mn 01s



---\\ ShareTools MSconfig StartupReg (O53) (None)

---\\ Microsoft Control Security Providers (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll
~ Scan Keys in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKCU\...\Policies\System] - "DisableRegistryTools"=0
~ Scan Keys in 00mn 00s



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveAutoRun"=3
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDrives"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDrivesL"=
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveAutoRun"=3
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveTypeAutoRun"=0
~ Scan Keys in 00mn 00s



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.417352592432F5368A8296F7FB73BECF] - 13/04/2008 - 18:55:34 ---A- . (.ATI Technologies Inc. - Pilote de miniport ATI RAGE 128.) -- C:\WINDOWS\system32\Drivers\ati2mtag.sys [701440]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 28/08/2001 - 15:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
~ Scan Drivers in 00mn 00s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: HijackThis 2.0.2 - (.TrendMicro.) [HKLM] -- HijackThis
O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido.) [HKLM] -- Usbfix
~ Scan ADS in 00mn 00s



---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 23/11/2012 - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (AdobeFlashPlayerUpdateSvc) .(.Adobe Systems Incorporated - Adobe® Flash® Player Update Service 11.4 r4.) - LEGACY_ADOBEFLASHPLAYERUPDATESVC
O64 - Services: CurCS - 10/10/2012 - C:\Program Files\Avira\AntiVir Desktop\sched.exe (AntiVirSchedulerService) .(.Avira Operations GmbH & Co. KG - Avira Scheduler.) - LEGACY_ANTIVIRSCHEDULERSERVICE
O64 - Services: CurCS - 10/10/2012 - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (AntiVirService) .(.Avira Operations GmbH & Co. KG - Avira On-Access Service.) - LEGACY_ANTIVIRSERVICE
O64 - Services: CurCS - 10/10/2012 - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.exe (AntiVirWebService) .(.Avira Operations GmbH & Co. KG - Avira WebGuard Service.) - LEGACY_ANTIVIRWEBSERVICE
O64 - Services: CurCS - 27/09/2012 - C:\WINDOWS\system32\DRIVERS\avgntflt.sys (avgntflt) .(.Avira GmbH - Avira Minifilter Driver.) - LEGACY_AVGNTFLT
O64 - Services: CurCS - 27/09/2012 - C:\WINDOWS\system32\DRIVERS\avipbb.sys (avipbb) .(.Avira GmbH - Avira Driver for Security Enhancement.) - LEGACY_AVIPBB
O64 - Services: CurCS - 27/09/2012 - C:\WINDOWS\system32\DRIVERS\avkmgr.sys (avkmgr) .(.Avira GmbH - Avira Manager Driver.) - LEGACY_AVKMGR
O64 - Services: CurCS - ??\??\???? - (DcomLaunch) .(. - .) - LEGACY_DCOMLAUNCH
O64 - Services: CurCS - 13/04/2008 - C:\WINDOWS\system32\dmadmin.exe (dmadmin) .(.Microsoft Corp., Veritas Software - Processus du service Gestionnaire de disque.) - LEGACY_DMADMIN
O64 - Services: CurCS - 13/04/2008 - C:\WINDOWS\system32\drivers\dmboot.sys (dmboot) .(.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disq.) - LEGACY_DMBOOT
O64 - Services: CurCS - 28/08/2001 - C:\WINDOWS\system32\drivers\dmload.sys (dmload) .(.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) - LEGACY_DMLOAD
O64 - Services: CurCS - 01/06/2007 - C:\WINDOWS\system32\drivers\InCDFs.sys (InCDfs) .(.Nero AG - InCD File System Driver.) - LEGACY_INCDFS
O64 - Services: CurCS - 01/06/2007 - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (InCDsrv) .(.Nero AG - incdsrv.) - LEGACY_INCDSRV
O64 - Services: CurCS - 23/03/2010 - C:\Program Files\InternetEverywhere\InternetEverywhere_Service.exe - InternetEverywhere_Service (InternetEverywhere_Service) .(...) - LEGACY_INTERNETEVERYWHERE_SERVICE
O64 - Services: CurCS - 01/06/2007 - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (NMIndexingService) .(.Nero AG - Nero Home.) - LEGACY_NMINDEXINGSERVICE
O64 - Services: CurCS - 17/12/1999 - C:\WINDOWS\system32\PfModNT.sys (PfModNT) .(.Creative Technology Ltd. - PCI/ISA Device Info. Service.) - LEGACY_PFMODNT
O64 - Services: CurCS - ??\??\???? - (RpcSs) .(. - .) - LEGACY_RPCSS
O64 - Services: CurCS - 27/08/2012 - C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (ssmdrv) .(.Avira GmbH - AVIRA SnapShot Driver.) - LEGACY_SSMDRV
O64 - Services: CurCS - ??\??\???? - (TermService) .(. - .) - LEGACY_TERMSERVICE
~ Scan Services in 00mn 01s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\shell32.dll
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft Windows Based Script Host.) -- C:\WINDOWS\system32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- H:\Program Files\firefox.exe
O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\shell32.dll
O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- H:\Program Files\firefox.exe
O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft Windows Based Script Host.) -- C:\WINDOWS\system32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe
~ Scan Keys in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- H:\Program Files\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ShowIconsCommand] (...) -- H:\Program Files\uninstall\helper.exe (.not file.)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ShowIconsCommand] (...) -- C:\WINDOWS\system32\shmgrate.exe (.not file.)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ReinstallCommand] (...) -- H:\Program Files\uninstall\helper.exe (.not file.)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ReinstallCommand] (...) -- C:\WINDOWS\system32\shmgrate.exe (.not file.)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\HideIconsCommand] (...) -- H:\Program Files\uninstall\helper.exe (.not file.)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\HideIconsCommand] (...) -- C:\WINDOWS\system32\shmgrate.exe (.not file.)
~ Scan Keys in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - (Ask Search) - http://www.search.ask.com/?o=10148&l=dis
O69 - SBI: SearchScopes [HKCU] {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} [DefaultScope] - (MyPlayCity Search) - http://home.myplaycity.com
O69 - SBI: SearchScopes [HKCU] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (MyPlayCity Customized Web Search) - http://search.conduit.com
~ Scan Keys in 00mn 00s



---\\ Recherche des services démarrés par Svchost (O83)
O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Service Installation de logiciels.) -- C:\WINDOWS\system32\appmgmts.dll [176640]
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) -- C:\WINDOWS\system32\audiosrv.dll [42496]
O83 - Search Svchost Services: Browser (Browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\WINDOWS\system32\browser.dll [77824]
O83 - Search Svchost Services: CryptSvc (CryptSvc) . (.Microsoft Corporation - Cryptographic Services.) -- C:\WINDOWS\system32\cryptsvc.dll [62464]
O83 - Search Svchost Services: DMServer (DMServer) . (.Microsoft Corp. - DLL Service gestionnaire de disque logique.) -- C:\WINDOWS\system32\dmserver.dll [24576]
O83 - Search Svchost Services: DHCP (DHCP) . (.Microsoft Corporation - Service client DHCP.) -- C:\WINDOWS\system32\dhcpcsvc.dll [127488]
O83 - Search Svchost Services: ERSvc (ERSvc) . (.Microsoft Corporation - Windows Error Reporting Service.) -- C:\WINDOWS\system32\ersvc.dll [23040]
O83 - Search Svchost Services: EventSystem (EventSystem) . (.Microsoft Corporation - Pas de description.) -- C:\WINDOWS\system32\es.dll [246272]
O83 - Search Svchost Services: FastUserSwitchingCompatibility (FastUserSwitchingCompatibility) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\WINDOWS\system32\shsvcs.dll [135680]
O83 - Search Svchost Services: HidServ (HidServ) . (...) -- C:\WINDOWS\system32\hidserv.dll [0]
O83 - Search Svchost Services: LanmanServer (LanmanServer) . (.Microsoft Corporation - Server Service DLL.) -- C:\WINDOWS\system32\srvsvc.dll [96768]
O83 - Search Svchost Services: LanmanWorkstation (LanmanWorkstation) . (.Microsoft Corporation - Workstation Service DLL.) -- C:\WINDOWS\system32\wkssvc.dll [132096]
O83 - Search Svchost Services: Messenger (Messenger) . (.Microsoft Corporation - NT Messenger Service.) -- C:\WINDOWS\system32\msgsvc.dll [33792]
O83 - Search Svchost Services: Netman (Netman) . (.Microsoft Corporation - Gestionnaire de connexions réseau.) -- C:\WINDOWS\system32\netman.dll [198144]
O83 - Search Svchost Services: Nla (Nla) . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll [247808]
O83 - Search Svchost Services: Ntmssvc (Ntmssvc) . (.Microsoft Corporation - Gestionnaire de stockage amovible.) -- C:\WINDOWS\system32\ntmssvc.dll [438272]
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\WINDOWS\system32\rasauto.dll [88576]
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\WINDOWS\system32\rasmans.dll [186368]
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\WINDOWS\system32\mprdim.dll [53248]
O83 - Search Svchost Services: Schedule (Schedule) . (.Microsoft Corporation - Moteur du Planificateur de tâches.) -- C:\WINDOWS\system32\schedsvc.dll [194560]
O83 - Search Svchost Services: Seclogon (Seclogon) . (.Microsoft Corporation - DLL de service d'ouverture de session secondaire.) -- C:\WINDOWS\system32\seclogon.dll [18944]
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\WINDOWS\system32\sens.dll [39424]
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Composants de l'application d'assistance à Microsoft NAT.) -- C:\WINDOWS\system32\ipnathlp.dll [332800]
O83 - Search Svchost Services: SRService (SRService) . (.Microsoft Corporation - Service de restauration du système.) -- C:\WINDOWS\system32\srsvc.dll [171520]
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Serveur de téléphonie Microsoft® Windows.) -- C:\WINDOWS\system32\tapisrv.dll [249856]
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\WINDOWS\system32\shsvcs.dll [135680]
O83 - Search Svchost Services: TrkWks (TrkWks) . (.Microsoft Corporation - Distributed Link Tracking Client.) -- C:\WINDOWS\system32\trkwks.dll [90112]
O83 - Search Svchost Services: W32Time (W32Time) . (.Microsoft Corporation - Service de temps Windows.) -- C:\WINDOWS\system32\w32time.dll [178176]
O83 - Search Svchost Services: WZCSVC (WZCSVC) . (.Microsoft Corporation - Service configuration automatique sans fil.) -- C:\WINDOWS\system32\wzcsvc.dll [483840]
O83 - Search Svchost Services: Wmi (Wmi) . (.Microsoft Corporation - API avancées Windows 32.) -- C:\WINDOWS\system32\advapi32.dll [685568]
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\WINDOWS\system32\wbem\WMIsvc.dll [145408]
O83 - Search Svchost Services: wscsvc (wscsvc) . (.Microsoft Corporation - Windows Security Center Service.) -- C:\WINDOWS\system32\wscsvc.dll [80896]
O83 - Search Svchost Services: xmlprov (xmlprov) . (.Microsoft Corporation - Network Provisioning Service.) -- C:\WINDOWS\system32\xmlprov.dll [129024]
O83 - Search Svchost Services: napagent (napagent) . (.Microsoft Corporation - Exécution du service Agent de quarantaine.) -- C:\WINDOWS\system32\qagentrt.dll [293376]
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Service Gestion des clés.) -- C:\WINDOWS\system32\kmsvc.dll [61440]
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Service de transfert intelligent en arrière-plan.) -- C:\WINDOWS\system32\qmgr.dll [409088]
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update AutoUpdate Service.) -- C:\WINDOWS\system32\wuauserv.dll [6656]
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\WINDOWS\system32\shsvcs.dll [135680]
O83 - Search Svchost Services: helpsvc (helpsvc) . (.Microsoft Corporation - Microsoft PCHealth Service Holder.) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400]
O83 - Search Svchost Services: WmdmPmSN (WmdmPmSN) . (.Microsoft Corporation - Microsoft Media Device Service Provider.) -- C:\WINDOWS\system32\MsPMSNSv.dll [25088]
~ Scan Services in 00mn 01s



---\\ Scan Additionnel (O88)
Database Version : 9187 - (06/09/2012)
Clés trouvées (Keys found) : 30
Valeurs trouvées (Values found) : 5
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 0

[HKLM\Software\Classes\AppID\GenericAskToolbar.DLL]
[HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd]
[HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1]
[HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}]
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}]
[HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}]
[HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}]
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}]
[HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}]
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}]
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}]
[HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}]
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF]
[HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF]
[HKCU\Software\APN]
[HKLM\Software\APN]
[HKCU\Software\Ask.com]
[HKCU\Software\Ask.com]
[HKCU\Software\AskToolbar]
[HKLM\Software\AskToolbar]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}]
[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{00000000-6E41-4FD3-8538-502F5495E5FC}
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440}
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440}
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{D4027C7F-154A-4066-A1AD-4243D8127440}
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]:ApnUpdater
C:\Program Files\Ask.com
C:\Program Files\Conduit
C:\Documents and Settings\Anitha Ralijaona\Local Settings\Application Data\AskToolbar
C:\Documents and Settings\Anitha Ralijaona\Local Settings\Application Data\Conduit
~ Scan Additionnel in 00mn 19s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 23/11/2012 250808 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 10/10/2012 86224 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 10/10/2012 110032 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 10/10/2012 465360 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.exe
SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SR - | Auto 01/06/2007 1551408 | (InCDsrv) . (.Nero AG.) - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
SR - | Auto 316880 | (InternetEverywhere_Service) . (...) - C:\Program Files\InternetEverywhere\InternetEverywhere_Service.exe
SS - | Demand 25/08/2012 114144 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 13/04/2007 792112 | (NBService) . (.Nero AG.) - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
SR - | Demand 01/06/2007 271920 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
~ Scan Services in 00mn 20s



End of the scan (984 lines in 03mn 37s)(0)

Lignes traitées 1647/1668 en 00mn 16s)
0

Discussions similaires

Télécharger solidworks 2012-2013 et la licence
chris -
Chris 94 -

4 réponses
impossible de supprimer avira
fumezou -
cybercop95 -

12 réponses
Télécharger musique MP3 gratuitement avec Tubidy
X-Eddy_18-X -
Ambre.ezzn -

25 réponses
impossible de désistaller avira launcher (generic)
Feraz -
bazfile -

2 réponses
Comment supprimer Avira définitivement
Caticat17 -
Malekal_morte- -

19 réponses