~ Rapport de ZHPDiag v2013.8.15.24 - Nicolas Coolman  (2013-08-15)
~ Lancé par Utilisateur (2013-08-16 17:33:09)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v9.0.8112.16421 (Defaut)
GCIE: Google Chrome v28.0.1500.95

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_COA_NSLP channel
Windows ID Activation : OK
~ Windows Partial Key : P2F6K
Windows License : OK
~ Windows Remaining Initializations Number : 1
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W7

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader X

---\\ Informations sur le système
~ Processor: x86 Family 6 Model 30 Stepping 5, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3550.1 MB (60% free)
System Restore: Activé (Enable)
System drive C: has 405 GB (86%) free of 466 GB

---\\ Mode de connexion au système
~ Computer Name: UTILISATEUR-PC
~ User Name: Utilisateur
~ All Users Names: Utilisateur, HomeGroupUser$, Administrateur, 
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppData% : C:\Users\Utilisateur\AppData\Roaming\
~ %Desktop% : C:\Users\Utilisateur\Desktop\
~ %Favorites% : C:\Users\Utilisateur\Favorites\
~ %LocalAppData% : C:\Users\Utilisateur\AppData\Local\
~ %StartMenu% : C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C:\ Hard drive, Flash drive, Thumb drive (Free 405 Go of 466 Go)
D:\ CD-ROM drive (Not Inserted)
F:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 37 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.2011-02-25 - 00:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.2009-07-13 - 20:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.5553611E2F9EA6F613079177F1233068] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.2012-08-24 - 01:51:27.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.2010-11-20 - 07:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.2010-11-20 - 07:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.2011-04-24 - 21:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.2009-07-13 - 20:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.2009-07-13 - 18:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.2010-11-20 - 03:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.2010-11-20 - 03:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.2010-11-20 - 04:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.2009-07-13 - 18:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.2009-07-13 - 18:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.2011-04-26 - 21:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.2FD3E9FE35380B268E8C0E67F5428F15] - (....) (.2010-11-20 - 03:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.0D87503986BB3DFED58E343FE39DDE13] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.2012-08-31 - 12:18:09.) -- C:\Windows\system32\Drivers\ntfs.sys [1211760]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.2009-07-13 - 18:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.2009-07-13 - 18:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.2010-11-20 - 05:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.2009-07-13 - 18:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.2010-11-20 - 03:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.2010-11-20 - 07:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/85
~ Mes musiques (My Musics) : 1/25
~ Mes Favoris (My Favorites) : 1/2207
~ Mes Documents (My Documents) : 1/16307
~ Mon Bureau (My Desktop) : 1/2534
~ Menu demarrer (Programs) : 1/30
~ Hidden Files:  Scanned in 00mn 04s



---\\ Processus lancés au démarrage su système
[MD5.488F6C93EF4ED581D80CE7AA9F5E9C46] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe   [9398888] [PID.3032]
[MD5.54FA8528EDA1B6B34615F4EA3FCB35E6] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe   [103720] [PID.3052]
[MD5.251F10B000F0A032D00399D706DF3BBA] - (.Microsoft Corporation - IType.exe.) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe   [1778064] [PID.3132]
[MD5.E7704CBF568815C1CAA6E513387BD3F2] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe   [65536] [PID.3148]
[MD5.8DC0519D131EAE30F30509CCC8EA609A] - (.Entrust(R) - Entrust Entelligence Taskbar Notification.) -- C:\Program Files\Common Files\Entrust\ESP\eesystry.exe   [68608] [PID.3212]
[MD5.D970EF1C5468ABF7A4E2DA43AAB772D8] - (.Entrust(R) - Entrust Entelligence Digital ID Monitor.) -- C:\Program Files\Common Files\Entrust\ESP\eecwatch.exe   [23552] [PID.3240]
[MD5.A9F9D081518AC03A51C1195986076F42] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe   [152392] [PID.3344]
[MD5.E02E715FA2BC8D88FF9362374E309D76] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe   [2363392] [PID.3352]
[MD5.63E8F84D500C4266C8387B04F29ACB6E] - (.Entrust(R) - Entrust Entelligence Login Service.) -- C:\Windows\system32\eelssrv.exe   [79360] [PID.428]
[MD5.74EF310FAC89341CE2897B7F2C4A7B0F] - (.ATI Technologies Inc. - Catalyst Control Centre: Host application.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe   [65536] [PID.3620]
[MD5.B60F263FC062314AF16912E623284BA3] - (.WDC - WD Drive Manager.) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe   [2057536] [PID.4040]
[MD5.BE0B735454260BEC42D1E5E736C636E8] - (.Western Digital - WD SmartWare.) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe   [9136960] [PID.2644]
[MD5.22CC6CDBA678790046693654C3B212E4] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe   [748680] [PID.4280]
[MD5.10B01048B1DA075CD1EE27E30B4CF342] - (.Google Inc. - Google Toolbar Broker.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe   [308816] [PID.4432]  =>Toolbar.Google
[MD5.22F297689CAA74CB2BDBE964B8CC2562] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe   [7823360] [PID.5504]
~ Processes Running:  Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 9 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca
~ IE Browser: 13 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 1



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll  =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar:  Scanned in 00mn 00s



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe 
O4 - HKLM\..\Run: [UpdateLBPShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe 
O4 - HKLM\..\Run: [CLMLServer] . (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe 
O4 - HKLM\..\Run: [UpdateP2GoShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe 
O4 - HKLM\..\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe 
O4 - HKLM\..\Run: [ATICustomerCare] . (.Advanced Micro Devices, Inc. - ATI Customer Care.) -- C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe 
O4 - HKLM\..\Run: [itype] . (.Microsoft Corporation - IType.exe.) -- c:\Program Files\Microsoft IntelliType Pro\itype.exe 
O4 - HKLM\..\Run: [eesystry.exe] . (.Entrust(R) - Entrust Entelligence Taskbar Notification.) -- C:\Program Files\Common Files\Entrust\ESP\eesystry.exe 
O4 - HKLM\..\Run: [espwatchdog] . (.Entrust(R) - Entrust Entelligence Digital ID Monitor.) -- C:\Program Files\Common Files\Entrust\ESP\eecwatch.exe 
O4 - HKLM\..\Run: [MAJ_Notarius] . (.Indigo Rose Corporation - TrueUpdate Client.) -- C:\Program Files\Common Files\Notarius\Notarius_MAJ.exe 
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe 
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe 
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe 
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe 
O4 - HKCU\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe 
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe 
O4 - HKUS\S-1-5-21-2118671871-29075184-1130171957-1001\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe 
O4 - HKUS\S-1-5-21-2118671871-29075184-1130171957-1001\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe 
~ Application:  Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: AutoCAD 2000.lnk . (.Autodesk, Inc. - AutoCAD Application.)  -- C:\Program Files\ACAD2000\acad.exe 
O4 - GS\TaskBar: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files\Google\Chrome\Application\chrome.exe 
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\TaskBar: Microsoft Office Access 2003.lnk . (...)  -- C:\Windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
O4 - GS\TaskBar: Microsoft Office Excel 2003.lnk . (...)  -- C:\Windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
O4 - GS\TaskBar: Microsoft Office Word 2003.lnk . (...)  -- C:\Windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.)  -- C:\Windows\explorer.exe 
O4 - GS\TaskBar: Windows Live Mail.lnk . (.Microsoft Corporation - Windows Live Mail.)  -- C:\Program Files\Windows Live\Mail\wlmail.exe 
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.)  -- C:\Program Files\Windows Media Player\wmplayer.exe 
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\Programs: Microsoft SkyDrive.lnk . (.Microsoft Corporation - Microsoft SkyDrive.)  -- C:\Users\Utilisateur\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe 
O4 - GS\Programs: Spotify.lnk . (.Spotify Ltd - Spotify.)  -- C:\Users\Utilisateur\AppData\Roaming\Spotify\spotify.exe 
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files\Google\Chrome\Application\chrome.exe 
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\QuickLaunch: Malwarebytes Anti-Malware.lnk . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.)  -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe 
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.)  -- C:\Windows\system32\eudcedit.exe 
O4 - GS\SendTo: ConsignO - 1. Appliquer un modèle....lnk . (...)  -- C:\Program Files\Notarius\ConsignO 3.1.2\scripts\applyTemplate.bat 
O4 - GS\SendTo: ConsignO - 2. Signer....lnk . (...)  -- C:\Program Files\Notarius\ConsignO 3.1.2\scripts\sign.bat 
O4 - GS\SendTo: ConsignO - 3. Créer un porte-documents....lnk . (...)  -- C:\Program Files\Notarius\ConsignO 3.1.2\scripts\writePortfolio.bat 
O4 - GS\SendTo: ConsignO - 4. Fusionner fichiers signés....lnk . (...)  -- C:\Program Files\Notarius\ConsignO 3.1.2\scripts\mergeSignedFiles.bat 
O4 - GS\SendTo: ConsignO - 5. Fusionner fichiers non signés....lnk . (...)  -- C:\Program Files\Notarius\ConsignO 3.1.2\scripts\mergeUnsignedFiles.bat 
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft  Windows Fax and Scan.)  -- C:\Windows\system32\WFS.exe 
O4 - GS\Desktop: Documents - Raccourci.lnk . (...)  -- C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms 
O4 - GS\Desktop: Invite de commandes.lnk . (.Microsoft Corporation - Interpréteur de commandes Windows.)  -- C:\WINDOWS\system32\cmd.exe 
O4 - Global Startup: C:\Users\Utilisateur\Desktop\Jambon à la bière - Menu de cabane à sucre.url . (.Microsoft Corporation - Interpréteur de commandes Windows.)  -- C:\Users\Utilisateur\Desktop\Jambon à la bière - Menu de cabane à sucre.url
O4 - Global Startup: C:\Users\Utilisateur\Desktop\Lesnoeuds.com, les noeuds de pêche.url . (...)  -- C:\Users\Utilisateur\Desktop\Lesnoeuds.com, les noeuds de pêche.url
O4 - GS\Desktop: Microsoft Office Access 2003.lnk . (...)  -- C:\Windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
O4 - GS\Desktop: Mises à jour de Notarius.lnk . (.Indigo Rose Corporation - TrueUpdate Client.)  -- C:\Program Files\Common Files\Notarius\Notarius_MAJ.exe 
O4 - GS\Desktop: Spotify.lnk . (.Spotify Ltd - Spotify.)  -- C:\Users\Utilisateur\AppData\Roaming\Spotify\spotify.exe 
O4 - GS\Desktop: Toolbox 4.9.lnk . (.CANON INC. - iR Toolbox Application.)  -- C:\Program Files\Canon\iR Toolbox Ver4.9\iRTBox.exe 
O4 - GS\Desktop: WD SmartWare.lnk . (.Western Digital - WD SmartWare.)  -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe 
~ Global Startup:  Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: Garmin Communicator Plug-In (Garmin Communicator Plug-In) - https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
O16 - DPF: {0F7A9297-7268-11D1-B81A-00A076C01B0A} ((no name)) - http://www.registrefoncier.gouv.qc.ca/Sirf/Script/14_05_04/CPCViewAX_060503/CpcViewAX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} ((no name)) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} ((no name)) - https://akamaicdn.webex.com/client/WBXclient-T27L10NSP24-10113/event/ieatgpc1.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} ((no name)) - http://www.registrefoncier.gouv.qc.ca/Sirf/Script/14_05_04/ActiveCGM/Acgm.cab
~ Objets ActiveX:  Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2903E378-9E5B-4272-9564-6C9A11AB4672}: DhcpNameServer = 142.169.1.16 199.84.242.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{2903E378-9E5B-4272-9564-6C9A11AB4672}: DhcpNameServer = 142.169.1.16 199.84.242.22
O17 - HKLM\System\CS2\Services\Tcpip\..\{2903E378-9E5B-4272-9564-6C9A11AB4672}: DhcpNameServer = 142.169.1.16 199.84.242.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 142.169.1.16 199.84.242.22
~ Domain:  Scanned in 00mn 00s



---\\ Titr_HJT34=Protocole additionnel (O18)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.dll
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Entrust Entelligence Computer Digital ID (EEComputerDigitalIDService) . (.Entrust(R) - Entrust Entelligence Computer Digital ID Se.) - C:\Windows\system32\eemdissrv.exe
O23 - Service: Entrust Entelligence Logging Service (eelogsvc) . (.Entrust(R) - Entrust Entelligence Logging Service.) - C:\Windows\system32\eelogsvc.exe
O23 - Service: Entrust Entelligence Login Service (EELSService) . (.Entrust(R) - Entrust Entelligence Login Service.) - C:\Windows\system32\eelssrv.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) . (.Memeo - WDSmartWareBackgroundService.) - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
~ Services: 13 Legitimates Filtered in 00mn 04s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: C:\Windows\System32\drivers\netbt.sys (NetBT) . (...) - C:\Windows\System32\DRIVERS\netbt.sys
~ Drivers: 63 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: CPC View ax 6.5.3 - (.Cartesian Products, Inc..) [HKLM] -- {0F7A9297-7268-11D1-B81A-00A076C01B0A}
O42 - Logiciel: ConsignO 3.2.1 - (.Notarius.) [HKLM] -- {23093649-388F-4DDC-B9A1-B1437039CBD6}
O42 - Logiciel: Entrust Entelligence Security Provider 9.1 for Windows - (.Entrust, Inc..) [HKLM] -- {EB9CC6F2-7F76-4DBB-95BB-59C0BEE6DFF0}
O42 - Logiciel: Mises à jour automatiques de Notarius - (...) [HKLM] -- MAJ_Notarius
~ Logic: 71 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\CBU]
[HKCU\Software\Cartesian Products]
[HKCU\Software\Entrust]
[HKCU\Software\IncrediMail]
[HKLM\Software\Entrust]
[HKLM\Software\Notarius]
~ Key Software: 130 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 2012-06-21 - 14:43:49 - [5.526] ----D C:\Program Files\Entrust
O43 - CFD: 2012-06-21 - 14:45:21 - [163.691] ----D C:\Program Files\Notarius
O43 - CFD: 2012-06-21 - 14:43:02 - [12.795] ----D C:\Program Files\Common Files\Entrust
O43 - CFD: 2012-06-21 - 14:55:34 - [0.711] ----D C:\Program Files\Common Files\Notarius
O43 - CFD: 2012-04-11 - 09:29:37 - [0.000] ----D C:\ProgramData\IM
O43 - CFD: 2012-04-11 - 09:29:09 - [0.012] ----D C:\ProgramData\IncrediMail
O43 - CFD: 2011-04-12 - 14:02:19 - [0] ----D C:\Users\Utilisateur\AppData\Roaming\.consigno3
O43 - CFD: 2012-06-21 - 14:46:18 - [17.532] ----D C:\Users\Utilisateur\AppData\Local\BeAnywhere Support Express
O43 - CFD: 2012-06-21 - 14:46:19 - [15.530] ----D C:\Users\Utilisateur\AppData\Local\Entrust
O43 - CFD: 2012-06-21 - 14:55:46 - [75.971] ----D C:\Users\Utilisateur\AppData\Local\IM
~ 1044 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 1351 Legitimates Filtered in 00mn 14s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.2FD3E9FE35380B268E8C0E67F5428F15] - 2013-08-16 - 10:34:27 ---A- . (...) -- C:\Windows\System32\Drivers\netbt.sys.dump   [187904]
O44 - LFC:[MD5.0277C027A26428DB64EF4F64F52BB4FD] - 2013-08-16 - 11:00:03 ---A- . (...) -- C:\Windows\MBR.exe   [208896]
O44 - LFC:[MD5.F042EE4C8D66248D9B86DCF52ABAE416] - 2013-08-16 - 11:00:03 ---A- . (...) -- C:\Windows\PEV.exe   [256000]
O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 2013-08-16 - 11:00:03 ---A- . (...) -- C:\Windows\grep.exe   [80412]
O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 2013-08-16 - 11:00:03 ---A- . (...) -- C:\Windows\sed.exe   [98816]
O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 2013-08-16 - 11:00:03 ---A- . (...) -- C:\Windows\zip.exe   [68096]
O44 - LFC:[MD5.3CF3D4A45CC2AF973DBC30EC8D33252B] - 2013-08-16 - 14:23:34 ---A- . (...) -- C:\Windows\system.ini   [215]
O44 - LFC:[MD5.0DBD7E341C19B24BE195761B5F227E48] - 2013-08-16 - 14:27:02 ---A- . (...) -- C:\ComboFix.txt   [12373]
O44 - LFC:[MD5.8533CE5980FA449B1849055EC7554048] - 2013-08-16 - 15:07:45 ---A- . (...) -- C:\TDSSKiller.2.9.2.0_16.08.2013_16.06.23_log.txt   [134574]
O44 - LFC:[MD5.B134EFF14CD0513856754D50AD9A9189] - 2013-08-16 - 15:48:28 ---A- . (...) -- C:\TDSSKiller.2.9.2.0_16.08.2013_16.43.26_log.txt   [138838]
O44 - LFC:[MD5.D6767D36902E4B9F9EBB2DDD3BBF1A35] - 2013-08-16 - 15:52:02 ---A- . (...) -- C:\Windows\System32\Drivers\mbamchameleon.sys   [31560]
~ Files: 28 Legitimates Filtered in 00mn 01s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.E47407D2D403775455D8802EDF303D4D] - 2013-08-16 - 14:10:27 ---A- - C:\Windows\Prefetch\NSD2BD.TMP-36E029AF.pf
O45 - LFCP:[MD5.FA7BB18099D7CB37F6C4832AEE597AAD] - 2013-08-16 - 14:10:35 ---A- - C:\Windows\Prefetch\NSF1E1.TMP-618FD386.pf
O45 - LFCP:[MD5.628BAF406251468669E47C482779A19A] - 2013-08-16 - 14:10:36 ---A- - C:\Windows\Prefetch\SETPATH.3XE-DED0183F.pf
O45 - LFCP:[MD5.4DA7A3524B6B5161CDFA2B5A6626A4CD] - 2013-08-16 - 14:10:38 ---A- - C:\Windows\Prefetch\NSFE70.TMP-D5EF17CF.pf
O45 - LFCP:[MD5.A20050DD0426EFA1689C7DD239E39E09] - 2013-08-16 - 14:11:08 ---A- - C:\Windows\Prefetch\CATCHME.TMP-AD1006A5.pf
O45 - LFCP:[MD5.9D1B1D180C6AB9E70FB160655760A2F4] - 2013-08-16 - 14:13:22 ---A- - C:\Windows\Prefetch\FC.EXE-959DEF30.pf
O45 - LFCP:[MD5.466CD7F4A1AB5A9BC01DA2BFF5F6B164] - 2013-08-16 - 14:21:13 ---A- - C:\Windows\Prefetch\MTEE.3XE-D4152166.pf
O45 - LFCP:[MD5.81BF792CD685432E0C33E339B26C0F3D] - 2013-08-16 - 14:22:26 ---A- - C:\Windows\Prefetch\CATCHME.3XE-24B31018.pf
O45 - LFCP:[MD5.B7941D4D543C2360EC658EFEC5B34C36] - 2013-08-16 - 14:24:48 ---A- - C:\Windows\Prefetch\S0RT.3XE-00D79A64.pf
O45 - LFCP:[MD5.149E705378F18BF9893789927F438D4C] - 2013-08-16 - 14:24:53 ---A- - C:\Windows\Prefetch\SORT.EXE-CDAF7663.pf
O45 - LFCP:[MD5.1CA3EECD6B6D83886086232EADA800D4] - 2013-08-16 - 14:26:14 ---A- - C:\Windows\Prefetch\ROUTE.3XE-CA70A9FA.pf
O45 - LFCP:[MD5.49E106130F174ED8DB7E02D4AFD2B083] - 2013-08-16 - 14:26:19 ---A- - C:\Windows\Prefetch\CF19896.3XE-EA1039B9.pf
O45 - LFCP:[MD5.74E1D523010B4DCFB95DA950AC587C00] - 2013-08-16 - 14:26:21 ---A- - C:\Windows\Prefetch\NIRCMDB.EXE-11550AEC.pf
O45 - LFCP:[MD5.48FA61F25E439647AB94706E72E22E08] - 2013-08-16 - 14:26:28 ---A- - C:\Windows\Prefetch\PV.3XE-2070A53D.pf
O45 - LFCP:[MD5.06B35F9DB03E3ACDA341E40A2C58698D] - 2013-08-16 - 14:26:56 ---A- - C:\Windows\Prefetch\DUMPHIVE.3XE-2295F4A1.pf
O45 - LFCP:[MD5.EBE9C035A157C8A50753AB16148CD322] - 2013-08-16 - 14:27:02 ---A- - C:\Windows\Prefetch\DD.3XE-030C3907.pf
O45 - LFCP:[MD5.60CEA855EA0FE5C94893FEC4445B8802] - 2013-08-16 - 14:27:04 ---A- - C:\Windows\Prefetch\CHCP.COM-950EAF32.pf
~ Prefetcher: 128 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 2009-07-13 - 20:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys   [422976]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 2009-07-13 - 16:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS   [9029]
~ Drivers:  Scanned in 00mn 00s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 2003-10-22 - 13:17:30 ---A- C:\Users\Utilisateur\Documents\pl243fr\hpltren1.ex_   [366186]
O61 - LFC: 2003-10-22 - 13:26:36 ---A- C:\Users\Utilisateur\Documents\pl243fr\hpltcol2.ex_   [53663]
O61 - LFC: 2003-10-22 - 13:26:38 ---A- C:\Users\Utilisateur\Documents\pl243fr\hpltrpl1.ex_   [24474]
O61 - LFC: 2003-10-22 - 13:26:42 ---A- C:\Users\Utilisateur\Documents\pl243fr\hpltlnk1.ex_   [18036]
O61 - LFC: 2013-08-16 - 08:44:20 ---A- C:\Users\Utilisateur\AppData\Local\Entrust\ESP\CRLCache\MetaData\ABF7953F025C2976DD3D9421F33E7F73C5E4A5E0   [228]
O61 - LFC: 2013-08-16 - 08:44:20 ---A- C:\Users\Utilisateur\AppData\Local\Entrust\ESP\CRLCache\MetaData\E0138CE696D72A49ECF73832ED7C4886CBDB17AD   [239]
O61 - LFC: 2013-08-16 - 10:35:35 ---A- C:\Users\Utilisateur\AppData\Local\Google\Toolbar Cache\7.5.4209.2358\fr\translate_element.js.content   [2381]
O61 - LFC: 2013-08-16 - 15:06:01 ---A- C:\Users\Utilisateur\Downloads\tdsskiller.exe   [2748256]
O61 - LFC: 2013-08-16 - 15:43:24 ---A- C:\Users\Utilisateur\AppData\Local\Entrust\ESP\CRLCache\MetaData\1D7C57DB8860A28ADE26117A824524F8313B39B0   [250]
O61 - LFC: 2013-08-16 - 15:43:24 ---A- C:\Users\Utilisateur\AppData\Local\Entrust\ESP\CRLCache\MetaData\40B456B7DF42C054230AD15D7245A08AC8DEC547   [242]
O61 - LFC: 2013-08-16 - 15:43:24 ---A- C:\Users\Utilisateur\AppData\Local\Entrust\ESP\CRLCache\MetaData\99372A936FAF28B399FF06159E9D93C71D9A133A   [245]
O61 - LFC: 2013-08-16 - 16:12:54 ---A- C:\Users\Utilisateur\AppData\Local\Entrust\ESP\CRLCache\Content\0559EAF7F6271BF869DFEA3452E8E57FF436C703   [1165]
O61 - LFC: 2013-08-16 - 16:12:54 ---A- C:\Users\Utilisateur\AppData\Local\Entrust\ESP\CRLCache\MetaData\0559EAF7F6271BF869DFEA3452E8E57FF436C703   [252]
O61 - LFC: 2013-08-16 - 16:12:55 ---A- C:\Users\Utilisateur\AppData\Local\Entrust\ESP\CRLCache\Content\21BE3DF18EF5BF3C0AE6FFCC8C1ABA62D03A0EBD   [6012]
O61 - LFC: 2013-08-16 - 16:12:55 ---A- C:\Users\Utilisateur\AppData\Local\Entrust\ESP\CRLCache\MetaData\21BE3DF18EF5BF3C0AE6FFCC8C1ABA62D03A0EBD   [252]
O61 - LFC: 2013-08-16 - 16:13:02 ---A- C:\Users\Utilisateur\AppData\Local\Entrust\ESP\CRLCache\Content\139048B59E6B158CED29A36F6E5CED225840CE99   [533]
O61 - LFC: 2013-08-16 - 16:13:02 ---A- C:\Users\Utilisateur\AppData\Local\Entrust\ESP\CRLCache\Content\5B1787486239E43BD1A46FD9A41E1B35C112488A   [898]
O61 - LFC: 2013-08-16 - 16:13:02 ---A- C:\Users\Utilisateur\AppData\Local\Entrust\ESP\CRLCache\MetaData\139048B59E6B158CED29A36F6E5CED225840CE99   [237]
O61 - LFC: 2013-08-16 - 16:13:02 ---A- C:\Users\Utilisateur\AppData\Local\Entrust\ESP\CRLCache\MetaData\5B1787486239E43BD1A46FD9A41E1B35C112488A   [225]
O61 - LFC: 2013-08-16 - 16:13:03 ---A- C:\Users\Utilisateur\AppData\Local\Entrust\ESP\CRLCache\Content\72C0F6EE231776F5D4E9838139A590F10B705775   [192482]
O61 - LFC: 2013-08-16 - 16:13:03 ---A- C:\Users\Utilisateur\AppData\Local\Entrust\ESP\CRLCache\MetaData\72C0F6EE231776F5D4E9838139A590F10B705775   [239]
O61 - LFC: 2013-08-16 - 16:15:12 ---A- C:\Users\Utilisateur\AppData\Local\Entrust\ESP\CRLCache\MetaData\22366D193AFC0D6EF32620A7034C01BE141E4A93   [228]
O61 - LFC: 2013-08-16 - 16:15:12 ---A- C:\Users\Utilisateur\AppData\Local\Entrust\ESP\CRLCache\MetaData\E2E11174DD1843C8F16F592F1BE1E42F4F147F36   [241]
O61 - LFC: 2013-08-16 - 16:24:35 ---A- C:\Users\Utilisateur\AppData\Local\Entrust\ESP\CRLCache\MetaData\F66C93A94B38DF1D86AFC7DE34C7FE584D4EEFED   [256]
O61 - LFC: 2013-08-16 - 16:27:53 ---A- C:\Users\Utilisateur\AppData\Roaming\Google\Local Search History\google%2Eweb.w   [23758]
~ 1 Fichiers temporaires (Temporary files)
~ Files: 85 Legitimates Filtered in 00mn 09s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS:  Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {B43F99EF-A7D2-4248-934B-585AB35CDAC0} [DefaultScope] - (Google) - http://www.google.com
~ Keys:  Scanned in 00mn 00s



---\\ Recherche dans la clé de registre Feature Controls (IFC) (O81)
O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe  =>Rootkit.TDSS
O81 - IFC: Internet Feature Controls [HKUS\S-1-5-18] [FEATURE_BROWSER_EMULATION] -- svchost.exe  =>Rootkit.TDSS
~ Keys:  Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.A03D04E060DC90F3C30011A34256EE43] [SPRF][2012-06-26] (...) -- C:\Users\Utilisateur\Desktop\39epy376.exe   [87946896]
[MD5.4C47469F47FD9F8437B62A86F6E0874F] [SPRF][2013-07-28] (...) -- C:\Users\Utilisateur\Desktop\adwcleaner.exe   [666633]
[MD5.6394474BC2E6BD499CBE83B6F835062D] [SPRF][2013-08-16] (.Swearware - ComboFix NSIS Installer.) -- C:\Users\Utilisateur\Desktop\ComboFix.exe   [5105390]
[MD5.46D6C182D36ABD9908ADDBD26FA7C416] [SPRF][2012-06-26] (...) -- C:\Users\Utilisateur\Desktop\GetSupport.exe   [2758272]
[MD5.FFF94BC725DD70168D694BE889B02F2F] [SPRF][2010-12-27] (.Google Inc. - Setup.) -- C:\Users\Utilisateur\Desktop\googleupdatesetup.exe   [568832]
[MD5.4B2F2BB6A9B3F30BDB49DB59D9B58EF1] [SPRF][2005-02-19] (.Zero G Software, Inc. - InstallAnywhere Self Extractor.) -- C:\Users\Utilisateur\Desktop\install.exe   [2514573]
[MD5.5473998D34EF3A8E2B255262386175DC] [SPRF][2013-08-16] (.Malwarebytes Corp. - Malwarebytes Anti-Rootkit Utility.) -- C:\Users\Utilisateur\Desktop\mbar-1.06.1.1005.exe   [12081912]
[MD5.AE4C63D1FBE6029108A65043D4A1E217] [SPRF][2013-08-06] (...) -- C:\Users\Utilisateur\Desktop\RogueKiller.exe   [920576]
[MD5.A4E5960F96F5F68879F366CDDD340E2F] [SPRF][2007-02-06] (.Zero G Software, Inc. - InstallAnywhere Self Extractor.) -- C:\Users\Utilisateur\Desktop\t4_install.exe   [2395327]
[MD5.55631E4F54910DCF673029AB4ED2033D] [SPRF][2009-02-13] (.Zero G Software, Inc. - InstallAnywhere Self Extractor.) -- C:\Users\Utilisateur\Desktop\t4_nstll.exe   [2487804]
[MD5.93AAFCE5EB0BA6C77E53B892E9440BC4] [SPRF][2013-08-16] (.Kaspersky Lab ZAO - TDSS rootkit removing tool.) -- C:\Users\Utilisateur\Desktop\tdsskiller.exe   [2748256]
[MD5.788FCDDD88240A85039F7F561093B118] [SPRF][2013-07-30] (.OldTimer Tools - Pas de description.) -- C:\Users\Utilisateur\Desktop\TFC.exe   [448512]
[MD5.A257CD45A66729C1398A6ACD00E59D9F] [SPRF][2011-02-24] (.Cisco WebEx LLC - Download Manager.) -- C:\Windows\Downloaded Program Files\ieatgpc.dll   [289592]
~ Files:  Scanned in 00mn 02s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "94639032F883CDD49B1A1B340793BC6D" . (.ConsignO 3.2.1.) -- C:\Windows\Installer\{23093649-388F-4DDC-B9A1-B1437039CBD6}\sign.exe
O90 - PUC: "A41934622C2E08143869958B1EAEAFF2" . (.Canon iR Toolbox 4.9.1.1.ir02.) -- C:\Windows\Installer\{2643914A-E2C2-4180-8396-59B8E1EAFA2F}\ARPPRODUCTICON.exe
~ Update Products: 77 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.005136157F13A98580F1C3C9D3866BEC] [WIS][2011-04-12] (.Entrust, Inc. - Entrust Entelligence Security Provider 9.1 for Windows.) -- C:\Windows\Installer\11cd074.msi   [8846848]
[MD5.987ABDE3DB399F9F4E8E2040C2302C01] [WIS][2011-04-12] (.Entrust, Inc. - Entrust Entelligence Security Provider 9.1 for Windows French.) -- C:\Windows\Installer\11cd0b7.msi   [1184256]
[MD5.9D1FC3737A86F6B516152DFF025F2FC7] [WIS][2013-07-12] (.Google Inc. - Google Update Helper.) -- C:\Windows\Installer\131fb7b.msi   [26112]
[MD5.09E282A60261D97369F7E618AE066A11] [WIS][2007-01-29] (.Canon - iR Toolbox 4.9.) -- C:\Windows\Installer\1c38e5c.msi   [1081856]
[MD5.29C68B2C1174103922C0076F01295333] [WIS][2010-07-14] (.ATI Technologies, Inc. - ATI Catalyst Install Manager Installer (32 bit).) -- C:\Windows\Installer\1f130.msi   [5537280]
[MD5.7824D5E4E43C07B6A25772616CAC2AA2] [WIS][2010-04-16] (.ATI - Branding.) -- C:\Windows\Installer\1f135.msi   [549888]
[MD5.E2B5574BFF037325F7951C738CDB0C38] [WIS][2009-12-16] (.ATI Technologies, Inc. - AMD Turbine Desktop Shortcut.) -- C:\Windows\Installer\1f15e.msi   [719872]
[MD5.0235566E5134C79D5D40C1397220AC4E] [WIS][2012-11-21] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\2be82.msi   [28160]  =>Toolbar.Google
[MD5.8502E5D6A109E464251A9BB648961258] [WIS][2012-03-03] (.Notarius - ConsignO 3.2.1.) -- C:\Windows\Installer\5723d.msi   [105206272]
[MD5.AD9193D6E6486500DE761B70356FB56A] [WIS][2013-07-12] (.Google - Google Earth.) -- C:\Windows\Installer\71c7d.msi   [1319936]
~ WIS: 77 Legitimates Filtered in 00mn 12s



---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 2013-05-10 65640 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 2013-07-16 257416 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 2010-07-06 176128 |  (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 2012-12-21 57008 |  (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 2011-08-30 390504 |  (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 2010-02-12 16384 |  (EEComputerDigitalIDService) . (.Entrust(R).) - C:\Windows\system32\eemdissrv.exe
SR - | Auto 2010-02-12 94208 |  (eelogsvc) . (.Entrust(R).) - C:\Windows\system32\eelogsvc.exe
SR - | Auto 2010-11-03 79360 |  (EELSService) . (.Entrust(R).) - C:\Windows\system32\eelssrv.exe
SS - | Auto 2010-12-27 136176 |  (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 2010-12-27 136176 |  (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 2012-11-21 194032 |  (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Demand 2013-05-31 553288 |  (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 2009-08-20 73728 |  (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 2010-04-15 325656 |  (LMS) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SS - | Demand 2009-07-13 20992 | C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (nosGetPlusHelper) . (.NOS Microsystems Ltd..) - C:\Windows\System32\svchost.exe
SR - | Auto 2010-04-15 2533400 |  (UNS) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 2010-01-21 110592 |  (WDDMService) . (.WDC.) - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
SR - | Auto 2009-06-16 20480 |  (WDSmartWareBackgroundService) . (.Memeo.) - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
SR - | Auto 2009-07-13 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 2009-07-13 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 12s



---\\ Recherche dinfection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Utilisateur at 2013-08-16 17:34:30

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 
1 ntkrnlpa!IofCallDriver[0x82E3EBC5] >> \Device\Harddisk0\DR0[0x867B4030]
kernel: MBR read successfully
user & kernel MBR OK 
~ MBR: 13 Legitimates Filtered in 00mn 02s



---\\ Recherche dinfection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Utilisateur at 2013-08-16 17:34:32

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR:  Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : v2.12855 - (2013-08-15)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 1
Dossiers trouvés  (Folders found) : 0
Fichiers trouvés  (Files found) : 3

[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F}   =>Toolbar.Google^
Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe   =>Toolbar.Google^
C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll   =>Toolbar.Google^
Windows\Installer\2be82.msi   =>Toolbar.Google^
~ Additionnel Scan: 257286 Items scanned in 00mn 23s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/26611908-rootkit-tdss   =>Rootkit.TDSS
~ MSI: 1 link(s) detected in 00mn 23s



~ 2364 Legitimates filtered by white list
End of the scan (564 lines in 01mn 46s)(0)