Répondre à : Infectée par rvzr-a.akamaihd.net 2016-09-08T13:21:56+00:00
Plantu
Participant
Nombre d'articles : 11

je tente en 2 parties :

~ Rapport de ZHPDiag v2013.11.28.59 – Nicolas Coolman (28/11/2013)
~ Lancé par Admin (29/11/2013 20:28:47)
~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
~ Forums gratuits d’Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Not Found

—\ Navigateurs Internet
MSIE: Internet Explorer v6.0.2900.5512
MFIE: Mozilla Firefox 25.0.1 (Defaut)
GCIE: Google Chrome v31.0.1650.57

—\ Informations sur les produits Windows
~ Langage: Français
Windows XP Home Edition Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK

—\ Logiciels de protection du système
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Security Client FR-FR Language Pack v2.0.0657.0
McAfee Security Scan Plus v3.8.130.10

—\ Logiciels d’optimisation du système

—\ Logiciels de partage PeerToPeer

—\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader X

—\ Informations sur le système
~ Processor: x86 Family 16 Model 6 Stepping 2, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1791 MB (69% free)
System Restore: Activé (Enable)
System drive C: has 23 GB (15%) free of 146 GB

—\ Mode de connexion au système
~ Computer Name: ADMIN-732D4ABFF
~ User Name: Admin
~ All Users Names: SUPPORT_388945a0, HelpAssistant, Administrateur, Admin,
~ Unselected Option: None
Logged in as Administrator

—\ Variables d’environnement
~ System Unit : C:
~ %AppZHP% : C:Documents and SettingsAdminApplication DataZHP
~ %AppData% : C:Documents and SettingsAdminApplication Data
~ %Desktop% : C:Documents and SettingsAdminBureau
~ %Favorites% : C:Documents and SettingsAdminFavoris
~ %LocalAppData% : C:Documents and SettingsAdminLocal SettingsApplication Data
~ %StartMenu% : C:Documents and SettingsAdminMenu Démarrer
~ %Windir% : C:WINDOWS
~ %System% : C:WINDOWSsystem32

—\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 23 Go of 146 Go)
D: CD-ROM drive (Free 0 Go of 0 Go)
E: Hard drive, Flash drive, Thumb drive (Free 31 Go of 152 Go)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
J: Floppy drive, Flash card reader, USB Key (Not Inserted)

—\ Etat du Centre de Sécurité Windows
~ Security Center: 38 Legitimates Filtered in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] – (.Microsoft Corporation – Explorateur Windows.) (.14/04/2008 – 13:00:00.) — C:WINDOWSExplorer.exe [1037824]
[MD5.ACDDE3874BF2BEDB91B334307C68CA53] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.12/10/2013 – 15:53:59.) — C:WINDOWSsystem32wininet.dll [672768]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] – (.Microsoft Corporation – Application d’ouverture de session Windows NT.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.17/08/2011 – 14:49:54.) — C:WINDOWSsystem32DriversAFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] – (.Microsoft Corporation – IDE/ATAPI Port Driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32Driversatapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversCdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversCdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] – (.Microsoft Corporation – Pilote de cryptographie FIPS.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversFips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] – (.Windows (R) Server 2003 DDK provider – High Definition Audio Bus Driver v1.0a.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversHDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] – (.Microsoft Corporation – Pilote de port i8042.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32Driversi8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] – (.Microsoft Corporation – IMAPI Kernel Driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversImapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] – (.Microsoft Corporation – IP Network Address Translator.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversIpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] – (.Microsoft Corporation – IPSec Driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversIPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.15/07/2011 – 14:29:31.) — C:WINDOWSsystem32DriversMRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] – (.Microsoft Corporation – MBT Transport driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversnetBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] – (.Microsoft Corporation – NT File System Driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32Driversntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversParport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversRasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.13/04/2008 – 10:32:52.) — C:WINDOWSsystem32Driversrdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] – (.Microsoft Corporation – Pilote de filtre audio Livre rouge.) (.13/04/2008 – 19:57:36.) — C:WINDOWSsystem32Driversredbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32Driversvolsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s

—\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/10227
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 2/4
~ Mes Favoris (My Favorites) : 1/9
~ Mes Documents (My Documents) : 2/22933
~ Mon Bureau (My Desktop) : 2/6935
~ Menu demarrer (Programs) : 1/33
~ Hidden Files: Scanned in 00mn 22s

—\ Processus lancés
[MD5.90DC23D940551DB35367FB1E40575B25] – (.Microsoft Corporation – Antimalware Service Executable.) — C:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe [11736] [PID.976]
[MD5.CF7B0E597C1F34E528285495721DEEE9] – (.Google Inc. – Google Crash Handler.) — C:Program FilesGoogleUpdate1.3.21.165GoogleCrashHandler.exe [237960] [PID.144]
[MD5.B9F4E7FC374ED524A7564124B20F8C99] – (.VIA Technologies, Inc. – HDeck MFC Application.) — C:Program FilesVIAVIAudioiHDADeckHDeck.exe [33624064] [PID.1580]
[MD5.F8D427DAE2984A4968E2D1CB53634784] – (.Nuance Communications, Inc. – OCR Aware.) — C:Program FilesScanSoftOmniPageSE4OpwareSE4.exe [79400] [PID.1704]
[MD5.5BA8A7DA5D0573F7923E02B260AAD2F1] – (.Logitech Inc. – LVCom Server.) — C:WINDOWSsystem32LVCOMSX.exe [221184] [PID.1716]
[MD5.2D3BCCA5C7CA55FEDD60E3336D3A92AF] – (.Logitech Inc. – ImageStudio Tray Application.) — C:Program FilesLogitechVideoLogiTray.exe [217088] [PID.1760]
[MD5.BE7B7CA2067F597AFFBC4A557167681E] – (.Dassault Systèmes SolidWorks Corp. – sldIM.) — C:Program FilesFichiers communsGestionnaire d’installation SolidWorksSchedulersldIMScheduler.exe [7218472] [PID.1776]
[MD5.640609646D2E6F805E89238F0ADD3A1A] – (.Brother Industries, Ltd. – Brother Status Monitor Application.) — C:Program FilesBrowny02BrotherBrStMonW.exe [2621440] [PID.1800]
[MD5.36E5CA5DCE72A831A3F7C7ED8AEA83AE] – (.Brother Industries, Ltd. – Control Center 3 Main Program.) — C:Program FilesBrotherControlCenter3brccMCtl.exe [872448] [PID.1812]
[MD5.F773D2886EDF879860F220EB59C4552B] – (.Pas de propriétaire – DivX Update.) — C:Program FilesDivXDivX UpdateDivXUpdate.exe [1263512] [PID.1904]
[MD5.2E0B0A051FFAA86E358465BB0880D453] – (.Microsoft Corporation – Windows Update.) — C:WINDOWSsystem32wuauclt.exe [53784] [PID.1916]
[MD5.7771618E69C8CC7AE91830F6F0B9D356] – (.UnH Solutions – IE Privacy Keeper.) — C:Program FilesUnH SolutionsIE Privacy KeeperIEPrivacyKeeper.exe [1015808] [PID.2016]
[MD5.9B385494F9FEC11696435F0466186A70] – (.Dassault Systèmes SolidWorks Corp. – swBOEngine.) — C:Program FilesSolidWorks CorpSolidWorksswSchedulerswBOEngine.exe [841000] [PID.1980]
[MD5.1B11C113DC4383C6C07A45BFFBDC7D63] – (.Logitech Inc. – QuickCam Framework Server.) — C:Program FilesLogitechVideoFxSvr2.exe [192512] [PID.956]
[MD5.EA7E57F87D6FEE5FD6C5F813C04E8CD2] – (.Brother Industries, Ltd. – BrYNCSvc.) — C:Program FilesBrowny02BrYNSvc.exe [245760] [PID.2584]
[MD5.DBA0C529D62F6E2F59C6F4367A0A5543] – (.Nicolas Coolman – ZHPDiag.) — C:Program FilesZHPDiagZHPDiag.exe [8256512] [PID.3472]
~ Processes Running: Scanned in 00mn 03s

—\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultPreferences
~ Google Browser: 16 Legitimates Filtered in 00mn 18s

—\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultprefs.js
M2 – MFEP: prefs.js [Admin – kutfpq8i.defaultjid1-FCM5fDwCW5M3AQ@jetpack] [] Smart Display v1.2 (..) =>Spyware.SmartDisplay
P2 – FPN:Firefox Plugin Navigator . (…) — C:Program FilesMozilla FirefoxPluginsNPSibelius.dll
P2 – FPN:Firefox Plugin Navigator . (…) — C:Program FilesMozilla FirefoxPluginsScorchAxPlugin.dll
P2 – FPN:Firefox Plugin Navigator . (…) — C:Program FilesMozilla FirefoxPluginsScorchPDFWrapper.dll
P2 – FPN: [HKLM] [@Sibelius.com/Scorch Plugin,version=6.2.0.88] – (…) — C:Program FilesSibelius SoftwareScorchnpsibelius.dll
~ Firefox Browser: 29 Legitimates Filtered in 00mn 01s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:WINDOWSsystem32userinit.exe,
F2 – REG:system.ini: Shell=C:WINDOWSexplorer.exe
F2 – REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL “sysdm.cpl”
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20

—\ Internet Explorer Toolbars (O3)
O3 – ToolbarWebBrowser: (no name) – [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline
O3 – ToolbarWebBrowser: (no name) – [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

—\ Autres liens utilisateurs (O4)
O4 – GSProgram [AllUsers]: HD ADeck.lnk . (.VIA Technologies, Inc. – HDeck MFC Application.) — C:Program FilesVIAVIAudioiHDADeckHDeck.exe
O4 – GSProgram [AllUsers]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
O4 – GSProgram [Admin]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet ExplorerIEXPLORE.exe
~ Global Startup: 15 Legitimates Filtered in 00mn 01s

—\ Applications lancées au démarrage du sytème (O4)
O4 – GSProgram [Admin]: Moteur du Planificateur de tâches SolidWorks.lnk . (.Dassault Systèmes SolidWorks Corp. – swBOEngine.) — C:Program FilesSolidWorks CorpSolidWorksswSchedulerswBOEngine.exe
O4 – HKLM..Run: [HDAudDeck] . (.VIA Technologies, Inc. – HDeck MFC Application.) — C:Program FilesVIAVIAudioiHDADeckHDeck.exe
O4 – HKLM..Run: [NeroFilterCheck] . (.Ahead Software Gmbh – NeroCheck.) — C:WINDOWSsystem32NeroCheck.exe
O4 – HKLM..Run: [CanonSolutionMenu] . (.CANON INC. – CNSLMAIN.) — C:Program FilesCanonSolutionMenuCNSLMAIN.exe
O4 – HKLM..Run: [CanonMyPrinter] . (.CANON INC. – Canon My Printer.) — C:Program FilesCanonMyPrinterBJMyPrt.exe
O4 – HKLM..Run: [SSBkgdUpdate] . (.Nuance Communications, Inc. – SSBkgdUpdate.) — C:Program FilesFichiers communsScansoft SharedSSBkgdUpdateSSBkgdupdate.exe
O4 – HKLM..Run: [OpwareSE4] . (.Nuance Communications, Inc. – OCR Aware.) — C:Program FilesScanSoftOmniPageSE4OpwareSE4.exe =>.ScanSoft, Inc
O4 – HKLM..Run: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program FilesFichiers communsAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
O4 – HKLM..Run: [LVCOMSX] . (.Logitech Inc. – LVCom Server.) — C:WINDOWSsystem32LVCOMSX.exe
O4 – HKLM..Run: [LogitechVideoRepair] . (.Logitech Inc. – Logitech QuickCam Startup Application.) — C:Program FilesLogitechVideoISStart.exe
O4 – HKLM..Run: [LogitechVideoTray] . (.Logitech Inc. – ImageStudio Tray Application.) — C:Program FilesLogitechVideoLogiTray.exe
O4 – HKLM..Run: [SolidWorks_CheckForUpdates] . (.Dassault Systèmes SolidWorks Corp. – sldIM.) — C:Program FilesFichiers communsGestionnaire d’installation SolidWorksSchedulersldIMScheduler.exe
O4 – HKLM..Run: [BigDogPath] C:WINDOWSVM_STI.exe (.not file.)
O4 – HKLM..Run: [ControlCenter3] . (.Brother Industries, Ltd. – ControlCenter Program.) — C:Program FilesBrotherControlCenter3brctrcen.exe
O4 – HKLM..Run: [BrStsMon00] . (.Brother Industries, Ltd. – Brother Status Monitor Application.) — C:Program FilesBrowny02BrotherBrStMonW.exe
O4 – HKLM..Run: [MSC] . (.Microsoft Corporation – Microsoft Security Client User Interface.) — C:Program FilesMicrosoft Security Clientmsseces.exe
O4 – HKLM..Run: [DivXMediaServer] . (.Pas de propriétaire – DivX DLNA Media Server.) — C:Program FilesDivXDivX Media ServerDivXMediaServer.exe
O4 – HKLM..Run: [DivXUpdate] . (.Pas de propriétaire – DivX Update.) — C:Program FilesDivXDivX UpdateDivXUpdate.exe
O4 – HKLM..Run: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program FilesFichiers communsAppleApple Application SupportAPSDaemon.exe
O4 – HKLM..Run: [QuickTime Task] . (.Apple Inc. – QuickTime Task.) — C:Program FilesQuickTimeQTTask.exe
O4 – HKCU..Run: [IE Privacy Keeper] . (.UnH Solutions – IE Privacy Keeper.) — C:Program FilesUnH SolutionsIE Privacy KeeperIEPrivacyKeeper.exe
O4 – HKCU..Run: [ctfmon.exe] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32ctfmon.exe
O4 – HKCU..Run: [LogitechSoftwareUpdate] . (.Logitech Inc. – Logitech Software Update.) — C:Program FilesLogitechVideoManifestEngine.exe
O4 – HKCU..Run: [Facebook Update] . (.Facebook Inc. – Programme d’installation de Facebook.) — C:Documents and SettingsAdminLocal SettingsApplication DataFacebookUpdateFacebookUpdate.exe
O4 – HKCU..Run: [NBJ] . (.Ahead Software AG – Nero BackItUp Scheduler Application.) — C:Program FilesAheadNero BackItUpNBJ.exe
O4 – HKCU..Run: [Google Update] . (.Google Inc. – Programme d’installation de Google.) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe =>.Google Inc
O4 – HKUSS-1-5-18..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32CTFMON.exe
O4 – HKUSS-1-5-18..Run: [DWQueuedReporting] . (.Microsoft Corporation – Watson Subscriber for SENS Network Notifica.) — C:Program FilesFichiers communsMicrosoft SharedDWDWTRIG20.exe
O4 – HKUSS-1-5-19..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32CTFMON.exe
O4 – HKUSS-1-5-20..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32CTFMON.exe
O4 – HKUSS-1-5-21-1957994488-796845957-682003330-1004..Run: [IE Privacy Keeper] . (.UnH Solutions – IE Privacy Keeper.) — C:Program FilesUnH SolutionsIE Privacy KeeperIEPrivacyKeeper.exe
O4 – HKUSS-1-5-21-1957994488-796845957-682003330-1004..Run: [ctfmon.exe] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32ctfmon.exe
O4 – HKUSS-1-5-21-1957994488-796845957-682003330-1004..Run: [LogitechSoftwareUpdate] . (.Logitech Inc. – Logitech Software Update.) — C:Program FilesLogitechVideoManifestEngine.exe
O4 – HKUSS-1-5-21-1957994488-796845957-682003330-1004..Run: [Facebook Update] . (.Facebook Inc. – Programme d’installation de Facebook.) — C:Documents and SettingsAdminLocal SettingsApplication DataFacebookUpdateFacebookUpdate.exe
O4 – HKUSS-1-5-21-1957994488-796845957-682003330-1004..Run: [NBJ] . (.Ahead Software AG – Nero BackItUp Scheduler Application.) — C:Program FilesAheadNero BackItUpNBJ.exe
O4 – HKUSS-1-5-21-1957994488-796845957-682003330-1004..Run: [Google Update] . (.Google Inc. – Programme d’installation de Google.) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe =>.Google Inc
~ Application: Scanned in 00mn 00s

—\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (…) — C:Program FilesMicrosoft OfficeOffice12REFBARH.ICO
O9 – Extra button: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} — Clé orpheline
O9 – Extra button: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation – Windows Messenger.) — C:Program FilesMessengermsmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s

—\ Objets ActiveX (Downloaded Program Files)(O16)
O16 – DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} ((no name)) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1311094778015” onclick=”window.open(this.href);return false;
O16 – DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ((no name)) – http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1376062795750” onclick=”window.open(this.href);return false;
~ Objets ActiveX: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{AD6314AB-591A-4471-80A1-EDA3243FEC35}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS1ServicesTcpip..{AD6314AB-591A-4471-80A1-EDA3243FEC35}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS2ServicesTcpip..{AD6314AB-591A-4471-80A1-EDA3243FEC35}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: wia – {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation – WIA Scripting Layer.) — C:WINDOWSsystem32wiascr.dll
O18 – Filter: text/xml – {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesFichiers communsMicrosoft SharedOFFICE12MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 – Winlogon Notify: crypt32chain . (.Microsoft Corporation – Crypto API32.) — C:WINDOWSsystem32crypt32.dll
O20 – Winlogon Notify: cryptnet . (.Microsoft Corporation – Crypto Network Related API.) — C:WINDOWSsystem32cryptnet.dll
O20 – Winlogon Notify: cscdll . (.Microsoft Corporation – Agent réseau hors connexion.) — C:WINDOWSsystem32cscdll.dll
O20 – Winlogon Notify: dimsntfy . (.Microsoft Corporation – DIMS Notification Handler.) — C:WINDOWSsystem32dimsntfy.dll
O20 – Winlogon Notify: ScCertProp . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
O20 – Winlogon Notify: Schedule . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
O20 – Winlogon Notify: sclgntfy . (.Microsoft Corporation – DLL secondaire de notification de service d.) — C:WINDOWSsystem32sclgntfy.dll
O20 – Winlogon Notify: SensLogn . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32WlNotify.dll
O20 – Winlogon Notify: termsrv . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
O20 – Winlogon Notify: wlballoon . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
~ Winlogon: Scanned in 00mn 00s

—\ Enumération Active Desktop & MHTML Editor (O24)
O24 – Desktop General: BackupWallPaper – .(…) – C:Documents and SettingsAdminLocal SettingsApplication DataMicrosoftWallpaper1.bmp
O24 – Desktop General: WallPaper – .(…) – C:Documents and SettingsAdminLocal SettingsApplication DataMicrosoftWallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s

—\ Logiciels installés (O42)
O42 – Logiciel: OpenSong Version 1.6 – (…) [HKLM] — OpenSong_is1
O42 – Logiciel: Video Converter Packages – (…) [HKCU] — Video Converter Packages
O42 – Logiciel: Video Converter Packages 42 – (…) [HKCU] — Video Converter Packages 42
O42 – Logiciel: e-Sword – (.Rick Meyers.) [HKLM] — {9B98010C-A6E2-40D4-A69D-7EA024EAEC79}
~ Logic: 33 Legitimates Filtered in 00mn 00s

—\ HKCU & HKLM Software Keys
[HKCUSoftwareIncrediMail]
[HKCUSoftwareSenvid]
[HKLMSoftwareSenvid]
~ Key Software: 302 Legitimates Filtered in 00mn 00s

—\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 29/07/2011 – 22:19:15 – [50,202] —-D C:Program Filese-Sword
O43 – CFD: 29/07/2011 – 20:37:05 – [0] —-D C:Program FilesMoNooN
O43 – CFD: 26/10/2012 – 15:34:08 – [52,188] —-D C:Program FilesOpenSong
O43 – CFD: 29/07/2011 – 22:09:51 – [1,051] —-D C:Program FilesFichiers communsEzTools
O43 – CFD: 29/11/2013 – 20:24:11 – [3,316] —-D C:Documents and SettingsAdminApplication DataIM
O43 – CFD: 26/10/2012 – 15:41:09 – [0,002] —-D C:Documents and SettingsAdminApplication DataOpenSong
O43 – CFD: 13/07/2013 – 09:56:04 – [1,063] —-D C:Documents and SettingsAdminApplication DataVideo Converter Packages
O43 – CFD: 29/07/2011 – 21:02:48 – [27,802] —-D C:Documents and SettingsAdminLocal SettingsApplication DataDownloaded Cashe
~ Program Folder: 193 Legitimates Filtered in 00mn 33s