~ Rapport de ZHPDiag v2014.3.2.6 - Nicolas Coolman  (03/03/2014)
~ Lancé par laurenceet (07/03/2014 16:52:28)
~ Adresse du Site Web  http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version : 
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16518 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8.1 Pro, 64-bit  (Build 9600)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, VOLUME_KMSCLIENT channel
Windows ID Activation : OK
~ Windows Partial Key : 9D6T9
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W8

---\\ Logiciels d'optimisation du système
CCleaner v4.10 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer
µTorrent v2.0.4 =>P2P.µTorrent

---\\ Surveillance de Logiciels
Java 7 Update 51

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8140 MB (80% free)
System Restore: Activé (Enable)
System drive C: has 361 GB (77%) free of 465 GB

---\\ Mode de connexion au système
~ Computer Name: MINICHE
~ User Name: laurenceet
~ All Users Names: UpdatusUser, laurenceet, HomeGroupUser$, Administrateur, 
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\laurenceet\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\laurenceet\AppData\Roaming\
~ %Desktop% : C:\Users\laurenceet\Desktop\
~ %Favorites% : C:\Users\laurenceet\Favorites\
~ %LocalAppData% : C:\Users\laurenceet\AppData\Local\
~ %StartMenu% : C:\Users\laurenceet\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 361 Go of 465 Go)
E: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.63DC38C3E4564B2405D562855643ABA2] - (.Microsoft Corporation - Explorateur Windows.) (.14/11/2013 - 08:36:58.) -- C:\Windows\Explorer.exe [2328872]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Application de démarrage de Windows.) (.22/08/2013 - 10:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.263B6E451526A90FF8B1CEC759F22956] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.06/02/2014 - 10:24:52.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.7C94FDA3809015B8F2208D2E1C221F17] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.22/08/2013 - 10:55:08.) -- C:\Windows\System32\Winlogon.exe [564736]
[MD5.2F18065618E39AA2E656EE737B71E791] - (.Microsoft Corporation - Bibliothèque de licences.) (.22/08/2013 - 11:39:40.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 13:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 12:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 09:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.5DB26D7E0216D0BF364A81D3829AD7B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.22/08/2013 - 12:38:00.) -- C:\Windows\system32\Drivers\DfsC.sys [134656]
[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22/08/2013 - 12:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Pilote de port i8042.) (.22/08/2013 - 12:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.27/11/2013 - 13:02:29.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.79B6F3DF7CDFD12159871FF71464F0CE] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.23/11/2013 - 08:08:19.) -- C:\Windows\system32\Drivers\MRxSmb.sys [403456]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 12:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.4412D565C0278C401575E11072C7DCE3] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.22/08/2013 - 14:25:41.) -- C:\Windows\system32\Drivers\ntfs.sys [2011488]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22/08/2013 - 12:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 12:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.14/11/2013 - 08:16:42.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.9F9CE33B50611A1C61A46B8911E0B30B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.22/08/2013 - 13:39:15.) -- C:\Windows\system32\Drivers\volsnap.sys [312160]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/4088
~ Mes musiques (My Musics) : 1/94
~ Mes Videos (My Videos) : 2/85
~ Mes Favoris (My Favorites) : 1/24
~ Mes Documents (My Documents) : 3/487
~ Mon Bureau (My Desktop) : 2/244
~ Menu demarrer (Programs) : 1/29
~ Hidden Files:  Scanned in 00mn 03s



---\\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe   [532040] [PID.3544]
[MD5.D004558CE39AA4F01F207627EECF4CFB] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe   [12493152] [PID.3936]
[MD5.BAF535F843A3E790E04A7613811B55BC] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe   [152392] [PID.1164]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe   [254336] [PID.4684]
[MD5.9FBB2F038A2DDCE696BDEE7080241C0C] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe   [808112] [PID.5064]
[MD5.66EA3B698F9A7EA2DBF0E4B246B6C958] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [8349696] [PID.1768]
~ Processes Running:  Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\laurenceet\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] GoogleÂ Drive v.6.3 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] GoogleÂ Wallet v.0.0.6.1 (Activé)
~ Google Browser: 15 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: 3D Vision Photo Viewer.lnk . (.NVIDIA Corporation - NVIDIA 3D Vision Photo Viewer.)  -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe 
O4 - GS\Desktop [Public]: OpenOffice 4.0.1.lnk . (.Apache Software Foundation - OpenOffice 4.0.1.)  -- C:\Program Files (x86)\OpenOffice 4\program\soffice.exe 
O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline
O4 - GS\QuickLaunch [laurenceet]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\QuickLaunch [laurenceet]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.)  -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [laurenceet]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\Program [laurenceet]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
~ Global Startup: 40 Legitimates Filtered in 00mn 00s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe 
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe 
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe  =>.Oracle Corporation
O4 - HKUS\S-1-5-21-6503875-1468022273-1664418163-1001\..\Run: [uTorrent] . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Application:  Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office15\ONBttnIE.dll  =>.Microsoft Corporation
O9 - Extra button: Cliquer pour appeler Lync [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -- C:\Program Files\Microsoft Office\Office15\lync.exe (.not file.)
O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office15\ONBTTN~1.dll  =>.Microsoft Corporation
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{C60A1B12-0A11-4D76-BA1D-4CC3E55E9904}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{C60A1B12-0A11-4D76-BA1D-4CC3E55E9904}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain:  Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll  =>.Microsoft Corporation
O18 - Filter: text/xml [64Bits] - {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Service KMSELDI (Service KMSELDI) . (.Pas de propriétaire - Service_KMS.) - C:\Program Files\KMSpico\Service_KMS.exe =>PUP.KMSpico
O23 - Service: TeamViewer 9 (TeamViewer9) . (.TeamViewer GmbH - TeamViewer 9.) - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
~ Services: 8 Legitimates Filtered in 00mn 02s



---\\ Tâches planifiées en automatique (O39)
[MD5.D4F602B1F775B5827932D3C5B04A3FD2] [APT] [AutoKMS] (...) -- C:\WINDOWS\AutoKMS\AutoKMS.exe   [3372032]  =>Trojan.Trojan.Keygen
[MD5.E3FEA8060978EAB6FA5D40E74DE6308B] [APT] [AutoPico Daily Restart] (...) -- C:\Program Files\KMSpico\AutoPico.exe   [1051416]  =>PUP.KMSpico
~ Scheduled Task: 5 Legitimates Filtered in 00mn 02s



---\\ Logiciels installés (O42)
O42 - Logiciel: KMSpico v9.1.3 - (...) [HKLM][64Bits] -- KMSpico_is1 =>PUP.KMSpico
~ Logic: 24 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Condut]
[HKCU\Software\Reimage] =>Rogue.ReimageRepair
[HKLM\Software\Reimage] =>Rogue.ReimageRepair
[HKLM\Software\Wow6432Node\mamverifier]
~ Key Software: 159 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 03/03/2014 - 19:26:01 - [0] ----D C:\ProgramData\CDB
O43 - CFD: 06/03/2014 - 22:01:55 - [0,043] ----D C:\ProgramData\Reimage Express =>Rogue.ReimageRepair
O43 - CFD: 15/01/2014 - 19:51:54 - [1,063] ----D C:\Users\laurenceet\AppData\Roaming\0V1L2Z2Z1T1I1L1T
O43 - CFD: 09/01/2014 - 11:15:30 - [0] ----D C:\Users\laurenceet\AppData\Local\PackageStaging
~ Program Folder: 107 Legitimates Filtered in 00mn 08s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.F75596F8814E048D8FE229861D32D1E0] - 03/03/2014 - 19:26:04 ---A- . (...) -- C:\Windows\Reimage.ini   [119]  =>Rogue.ReimageRepair
O44 - LFC:[MD5.2460053C439319670B0944691C92A302] - 06/03/2014 - 22:01:57 ---A- . (...) -- C:\Windows\System32\SettingsFile   [1056]
O44 - LFC:[MD5.16560733735D497E0D2568F09684C7E9] - 06/03/2014 - 22:03:06 ---A- . (...) -- C:\Windows\System32\ScanResults.xml   [10078]
~ Files: 13 Legitimates Filtered in 00mn 02s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.1917A9DDD31CC0051AF3ECACADBBC924] - 01/03/2014 - 00:45:03 ---A- - C:\Windows\Prefetch\CAMERA.EXE-D751BF92.pf
O45 - LFCP:[MD5.3FCFDEF91686028DCDEAF62A236D07C1] - 01/03/2014 - 06:51:50 ---A- - C:\Windows\Prefetch\2045_ADOBE_PHOTOSHOP_CC.EXE-8190026C.pf
O45 - LFCP:[MD5.8E3EB9CD130D07375C6E7F3BDADF45D2] - 01/03/2014 - 06:57:37 ---A- - C:\Windows\Prefetch\THE_GIMP_2_7828.TMP-C63F4BCF.pf
O45 - LFCP:[MD5.3DDFCD27285021BC885029CED91EBEAB] - 01/03/2014 - 06:57:40 ---A- - C:\Windows\Prefetch\THE_GIMP_2_7828.TMP-736082FA.pf
O45 - LFCP:[MD5.92D0AACBB18D4221C3F0CECF2F386DB9] - 03/03/2014 - 19:24:28 ---A- - C:\Windows\Prefetch\AUDACITY_TSV157EQW.EXE-9535976D.pf
O45 - LFCP:[MD5.6614645DCEE8D776088126866ECAEC79] - 03/03/2014 - 19:24:54 ---A- - C:\Windows\Prefetch\MMAMSTUB.EXE-E49C09F1.pf
O45 - LFCP:[MD5.CBEC557A0650F2EDC5D2D9DC6F2294A4] - 03/03/2014 - 19:25:00 ---A- - C:\Windows\Prefetch\DLLOGIC.EXE-C35FAD67.pf
O45 - LFCP:[MD5.DFB66D0307DAA9E6940CFA29C073062E] - 03/03/2014 - 19:25:01 ---A- - C:\Windows\Prefetch\MAMSTUB.EXE-B55B56B9.pf
O45 - LFCP:[MD5.52609EA9B44A58CC6F56CD28BE90F2DE] - 03/03/2014 - 19:25:04 ---A- - C:\Windows\Prefetch\NSSF861.EXE-0795FCF6.pf
O45 - LFCP:[MD5.3028EA6803694B0204C8B41FF7ED47EE] - 03/03/2014 - 19:25:05 ---A- - C:\Windows\Prefetch\MAM_IE.EXE-AC9BDC14.pf
O45 - LFCP:[MD5.A03F1C151D9EF99D5D1F1AEF51D918E7] - 03/03/2014 - 19:25:05 ---A- - C:\Windows\Prefetch\NSY2BE6.EXE-AB8A210E.pf
O45 - LFCP:[MD5.1399021EEE5899B63515F5BB91088461] - 03/03/2014 - 19:25:06 ---A- - C:\Windows\Prefetch\REIMAGEREPAIR.EXE-1CC94382.pf  =>Rogue.ReimageRepair
O45 - LFCP:[MD5.268E52E02BC07FC6759E19C299BEDB25] - 03/03/2014 - 19:25:07 ---A- - C:\Windows\Prefetch\CTBE.EXE-353597C2.pf
O45 - LFCP:[MD5.F72A33C97DE7E32D948D67B4A587EF4B] - 03/03/2014 - 19:25:11 ---A- - C:\Windows\Prefetch\NSY44B0.EXE-A6803E2D.pf
O45 - LFCP:[MD5.217AE0FF2F8638557A1C4C786A7BD217] - 03/03/2014 - 19:25:34 ---A- - C:\Windows\Prefetch\154B76B778B3F13B7662C824FBB64-E20BC19F.pf
O45 - LFCP:[MD5.C39CB429C50494448A1CEDFD1A14FC45] - 03/03/2014 - 19:26:14 ---A- - C:\Windows\Prefetch\REIMAGE.EXE-BEE43FC1.pf  =>Rogue.ReimageRepair
O45 - LFCP:[MD5.6A882447A7E3C62CD3725661BEB2D8D8] - 04/03/2014 - 15:13:37 ---A- - C:\Windows\Prefetch\DRFONE-FOR-ANDROID_FULL1495.T-05D1F650.pf
O45 - LFCP:[MD5.828C0034EC7F0221E13D25BE9AD5A1EC] - 04/03/2014 - 15:14:19 ---A- - C:\Windows\Prefetch\DRFONEANDROID.EXE-99D2999B.pf
O45 - LFCP:[MD5.1940678AE6751C4B489CEDCB7D760F66] - 04/03/2014 - 20:43:28 ---A- - C:\Windows\Prefetch\COMMANDER.EXE-000E5A6A.pf
O45 - LFCP:[MD5.29BD517AF1E980AC56F3D333DFC61920] - 04/03/2014 - 21:26:00 ---A- - C:\Windows\Prefetch\LAME_V3.99.3_FOR_WINDOWS.TMP-523B32D1.pf
O45 - LFCP:[MD5.8D467342C233F169264BBE8F26CC99C2] - 04/03/2014 - 21:26:02 ---A- - C:\Windows\Prefetch\LAME_V3.99.3_FOR_WINDOWS.TMP-A4354B90.pf
O45 - LFCP:[MD5.D883D7179F938F8AD9417BB727FF27EF] - 04/03/2014 - 21:33:26 ---A- - C:\Windows\Prefetch\dynreservedpri.db
O45 - LFCP:[MD5.05F19681D059BAD77CE357B4BC3DF189] - 05/03/2014 - 09:24:26 ---A- - C:\Windows\Prefetch\FILEMANAGER.EXE-D7E24B17.pf
O45 - LFCP:[MD5.5956E53765C446B77B2DB323D29A19B2] - 06/03/2014 - 20:59:43 ---A- - C:\Windows\Prefetch\NARRATOR.EXE-6ADE25EF.pf
O45 - LFCP:[MD5.BF3AB1187EDEB2EFE7F4E362C78F7407] - 06/03/2014 - 22:01:57 ---A- - C:\Windows\Prefetch\SQLITE3.EXE-6A171062.pf
O45 - LFCP:[MD5.C33ECDED550D0C18C40BC59F17698EBF] - 06/03/2014 - 22:03:18 ---A- - C:\Windows\Prefetch\REIMAGEREMINDER.EXE-94945352.pf  =>Rogue.ReimageRepair
O45 - LFCP:[MD5.1A6FEA7C1C7280D8995B06A44008A549] - 07/03/2014 - 15:26:05 ---A- - C:\Windows\Prefetch\VALUEAPPS.EXE-66471E69.pf  =>Toolbar.Conduit
O45 - LFCP:[MD5.330D71C47004952E9D0FC52C22D09862] - 07/03/2014 - 15:26:05 ---A- - C:\Windows\Prefetch\VALUEAPPS.EXE-89DC78CB.pf  =>Toolbar.Conduit
O45 - LFCP:[MD5.0C82FEAA1B03E6215972EE8FBBDA5B9F] - 07/03/2014 - 15:26:25 ---A- - C:\Windows\Prefetch\_IU14D2N.TMP-2A09B2CA.pf
O45 - LFCP:[MD5.052A454618D456A15F68E69BA969E102] - 07/03/2014 - 15:27:28 ---A- - C:\Windows\Prefetch\UNINST.EXE-06B0FA67.pf
O45 - LFCP:[MD5.4E4EB0AFB521C4B3B3E159676E6B25D8] - 07/03/2014 - 15:27:33 ---A- - C:\Windows\Prefetch\CDB.EXE-94E3FDE7.pf
O45 - LFCP:[MD5.D9F3E355A7BF7890986044EDAF32519A] - 07/03/2014 - 15:27:33 ---A- - C:\Windows\Prefetch\SQLITE3.EXE-FBF5496C.pf
O45 - LFCP:[MD5.C44FF3BBE4A1FF68B8FB3C7B7BEE4BF8] - 07/03/2014 - 15:27:34 ---A- - C:\Windows\Prefetch\REIGUARD.EXE-3DAC7CD9.pf
O45 - LFCP:[MD5.4712A5D1E79C3A0F81A1001120C0E76E] - 07/03/2014 - 15:27:44 ---A- - C:\Windows\Prefetch\REISCANNER.EXE-DE674DA4.pf
O45 - LFCP:[MD5.864E7FF8CE2CB5DF01C6425DE4C639B8] - 07/03/2014 - 15:55:56 ---A- - C:\Windows\Prefetch\WSHOST.EXE-05F0A3AF.pf
O45 - LFCP:[MD5.A8A6350DFFD52F75B6AE7664B0035299] - 07/03/2014 - 15:57:42 ---A- - C:\Windows\Prefetch\PHOTOSAPP.EXE-8FE95EC8.pf
O45 - LFCP:[MD5.B7DEADC6195780FDC6EED6FF592D77C2] - 07/03/2014 - 16:14:58 ---A- - C:\Windows\Prefetch\GLCND.EXE-02A191A6.pf
O45 - LFCP:[MD5.8149498ACF588F6023BC273C967A01D0] - 15/02/2014 - 21:19:57 ---A- - C:\Windows\Prefetch\COMMANDER.EXE-49BDDBFA.pf
O45 - LFCP:[MD5.9125A084D23F1A963322C02BE9665496] - 17/02/2014 - 17:25:19 ---A- - C:\Windows\Prefetch\PDFREFLOW.EXE-C7AB87A0.pf
O45 - LFCP:[MD5.E6A2A4E82251D85A1A7B63B42D8B47BE] - 24/02/2014 - 11:27:27 ---A- - C:\Windows\Prefetch\RELPOST.EXE-AC41CDAF.pf
O45 - LFCP:[MD5.8FDD98F490B23766E6EC0A0982683179] - 24/02/2014 - 12:42:57 ---A- - C:\Windows\Prefetch\NODE.EXE-CFD9FF85.pf
~ Prefetcher: 263 Legitimates Filtered in 00mn 02s



---\\ Déni du service (Local Security Authority) (O48)
~ LSA: 3 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.C1ABB0F7E3BEA48A0417BDF6FF14AB21] - 13/08/2013 - 00:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2  Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys   [17624]
O58 - SDL:[MD5.73BDD44A6088916964945886F9025409] - 22/01/2014 - 08:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys   [108800]
O58 - SDL:[MD5.5252D7BC56E5E0ED715AEA8FE173A455] - 22/01/2014 - 08:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys   [206080]
O58 - SDL:[MD5.366DEA74BBA65B362BCCFC6FC2ADFD8B] - 22/08/2013 - 13:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys   [31072]
O58 - SDL:[MD5.C9E9D59C0099A9FF51697E9306A44240] - 13/12/2012 - 14:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys   [54784]
~ Drivers: 17 Legitimates Filtered in 00mn 04s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 06/03/2014 - 16:54:41 ---A- . (...) -- C:\Users\laurenceet\AppData\Roaming\Microsoft\Speech\Files\UserLexicons\SP_7D8CD309C7B0468181A848A51C39F47F.dat   [940]
O61 - LFC: 07/03/2014 - 16:54:44 ---A- . (...) -- C:\Users\laurenceet\AppData\Roaming\ZHP\Log.txt   [16807]  =>.Nicolas Coolman
O61 - LFC: 07/03/2014 - 16:54:44 ---A- . (...) -- C:\Users\laurenceet\AppData\Roaming\ZHP\TestsZHPDiag.txt   [2959]  =>.Nicolas Coolman
O61 - LFC: 07/03/2014 - 16:54:54 -SHA- . (...) -- C:\Users\laurenceet\Documents\Thumbs.db   [1217536]
O61 - LFC: 07/03/2014 - 16:54:54 -SHA- . (...) -- C:\Users\laurenceet\Downloads\Curse.of.Chucky.2013.STV.TRUEFRENCH.DVDRip.XviD-TMB\Thumbs.db   [6144]
O61 - LFC: 07/03/2014 - 16:54:55 -SHA- . (...) -- C:\Users\laurenceet\Downloads\Eyjafjallajokull.2013.FRENCH.BRRIP.XviD.AC3-ArRoWs\Thumbs.db   [5632]
O61 - LFC: 07/03/2014 - 16:54:56 -SHA- . (...) -- C:\Users\laurenceet\Downloads\Les.Profs.2013.FRENCH.DVDRip.XviD-ARTEFAC\Thumbs.db   [8192]
O61 - LFC: 07/03/2014 - 16:54:56 -SHA- . (...) -- C:\Users\laurenceet\Downloads\Thumbs.db   [1000960]
O61 - LFC: 07/03/2014 - 16:55:11 -SHA- . (...) -- C:\Users\laurenceet\Videos\Aquamarine.2006.FRENCH.DVDRiP.XViD\Thumbs.db   [5120]
O61 - LFC: 07/03/2014 - 16:55:11 -SHA- . (...) -- C:\Users\laurenceet\Videos\Blanche.Neige.et.les.Sept.Nains.FRENCH.DVDRip.XviD\Thumbs.db   [8704]
O61 - LFC: 07/03/2014 - 16:55:11 -SHA- . (...) -- C:\Users\laurenceet\Videos\Ca.Il.Est.Revenu.1990.FRENCH.DVDRip.DIVX\Thumbs.db   [8704]
O61 - LFC: 07/03/2014 - 16:55:12 -SHA- . (...) -- C:\Users\laurenceet\Videos\Sinister.2012.FRENCH.DVDRip.XviD-TMB\Thumbs.db   [5120]
O61 - LFC: 07/03/2014 - 16:55:12 -SHA- . (...) -- C:\Users\laurenceet\Videos\The.Hobbit.2013 - The.Desolation.of.Smaug.DVDSCR.FRENCH.MD.SUBS.XViD-SKuLL322\Thumbs.db   [13824]
O61 - LFC: 07/03/2014 - 16:55:12 -SHA- . (...) -- C:\Users\laurenceet\Videos\The.Hobbit.An.Unexpected.Journey.2012.FRENCH.BRRip.XviD.AC3-TMB\Thumbs.db   [5120]
O61 - LFC: 07/03/2014 - 16:55:12 -SHA- . (...) -- C:\Users\laurenceet\Videos\Thumbs.db   [28672]
~ 9 Fichiers temporaires (Temporary files)
~ Files: 1564 Legitimates Filtered in 02mn 10s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.8373F511EF09698758164A4B600CD635] [SPRF][15/02/2014] (...) -- C:\Users\laurenceet\Desktop\Codes candy crush.bat   [81]
~ Files: 1 Legitimates Filtered in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{01A69F0F-2B79-4041-8786-CEBCC4466A2E}" | In - Private - P6 - TRUE | .(.Pas de propriétaire - KMS GUI ELDI.) -- C:\Program Files\KMSpico\KMSELDI.exe =>PUP.KMSpico
O87 - FAEL: "{6A8203E9-401D-468C-927E-904A6D0E3BBF}" | In - Private - P17 - TRUE | .(.Pas de propriétaire - KMS GUI ELDI.) -- C:\Program Files\KMSpico\KMSELDI.exe =>PUP.KMSpico
O87 - FAEL: "{8FECEAD2-1907-423A-8301-687894CE888E}" | In - Private - P6 - TRUE | .(.Pas de propriétaire - AutoPico.) -- C:\Program Files\KMSpico\AutoPico.exe =>PUP.KMSpico
O87 - FAEL: "{1DFE1AA4-C476-4CBD-8591-93076BC67029}" | In - Private - P17 - TRUE | .(.Pas de propriétaire - AutoPico.) -- C:\Program Files\KMSpico\AutoPico.exe =>PUP.KMSpico
O87 - FAEL: "{D62F0BD2-B577-4262-9F8E-99A83EA14AA7}" | In - Private - P6 - TRUE | .(.Pas de propriétaire - Service_KMS.) -- C:\Program Files\KMSpico\Service_KMS.exe =>PUP.KMSpico
O87 - FAEL: "{408663D7-FACE-41C0-B3E4-D0425E91CB5F}" | In - Private - P17 - TRUE | .(.Pas de propriétaire - Service_KMS.) -- C:\Program Files\KMSpico\Service_KMS.exe =>PUP.KMSpico
~ Firewall: 273 Legitimates Filtered in 00mn 01s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 11/12/2013 1050904 |  (Service KMSELDI) . (...) - C:\Program Files\KMSpico\Service_KMS.exe =>PUP.KMSpico
SS - | Demand 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 07/09/2013 55624 |  (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/08/2011 462184 |  (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Demand 02/11/2013 641352 |  (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 04/04/2013 418376 |  (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 |  (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 23/10/2013 922912 |  (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvvsvc.exe
SR - | Auto 23/10/2013 414496 |  (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 17/02/2014 4915040 |  (TeamViewer9) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
SR - | Demand 10/07/1658 0 |  (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Auto 10/07/1658 0 |  (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10/07/1658 0 |  (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe  =>.Microsoft Corporation

~ Services:  Scanned in 00mn 04s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by laurenceet at 07/03/2014 16:55:51
~ OS 64 not supported by MBR tool

~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by laurenceet at 07/03/2014 16:55:53

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR:  Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13031 - (03/03/2014)
Clés trouvées (Keys found) : 4
Valeurs trouvées (Values found) : 2
Dossiers trouvés  (Folders found) : 2
Fichiers trouvés  (Files found) : 3

[HKLM\SYSTEM\CurrentControlSet\Services\Service KMSELDI]   =>PUP.KMSpico^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KMSpico_is1]   =>PUP.KMSpico^
[HKCU\Software\Reimage]   =>Rogue.ReimageRepair
[HKLM\Software\Reimage]   =>Rogue.ReimageRepair
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent   =>P2P.BitTorrent^
C:\ProgramData\Reimage Express   =>Rogue.ReimageRepair^
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico   =>PUP.KMSpico
C:\WINDOWS\AutoKMS\AutoKMS.exe   =>Trojan.Trojan.Keygen^
C:\Program Files\KMSpico\AutoPico.exe   =>PUP.KMSpico^
C:\Windows\Reimage.ini   =>Rogue.ReimageRepair
~ Additionnel Scan: 236426 Items scanned in 00mn 08s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/29633319-pup-kmspico   =>PUP.KMSpico
~ http://nicolascoolman.webs.com/apps/blog/show/26633218-rogue-reimagerepair   =>Rogue.ReimageRepair
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit   =>Toolbar.Conduit
~ MSI: 3 link(s) detected in 00mn 08s



~ 2611 Legitimates filtered by white list
End of the scan (447 lines in 03mn 34s)(0)