Publicité
Publicité
Commentaire : Rapport ZHPDiag
Format du document : text/plain
Prévisualisation
~ Rapport de ZHPDiag v2015.6.16.57 - Nicolas Coolman (16-06-15)
~ Lancé par Thomas (20-06-15 16:27:20)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://www.forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17728
GCIE: Google Chrome v43.0.2357.124 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows Server License Manager Script : OK
~ Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : 9BR24
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 8.1 Connected, 32-bit (Build 9600)
---\\ Logiciels de protection du système
Windows Defender W8 (Activate)
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
---\\ Informations sur le système
~ Processor: x86 Family 6 Model 55 Stepping 8, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 958 MB (8% free)
System Restore: Désactivé (Disabled)
System drive C: has 3 GB (13%) free of 21 GB
---\\ Mode de connexion au système
~ Computer Name: NEUFGNONTABLET
~ User Name: Thomas
~ All Users Names: Val, Thomas, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Thomas\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Thomas\AppData\Roaming\
~ %Desktop% : C:\Users\Thomas\Desktop\
~ %Favorites% : C:\Users\Thomas\Favorites\
~ %LocalAppData% : C:\Users\Thomas\AppData\Local\
~ %StartMenu% : C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 3 Go of 21 Go)
D: Floppy drive, Flash card reader, USB Key (Free 19 Go of 30 Go)
---\\ Etat du Centre de Sécurité Windows
~ Security Center: 38 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.195822ACCDAA2B4815DD01BAFC335595] - (.Microsoft Corporation - Explorateur Windows.) (.23-08-14 - 08:13:24.) -- C:\Windows\Explorer.exe [2084520]
[MD5.02BC073156B3097E94D63C4D609020DD] - (.Microsoft Corporation - Application de démarrage de Windows.) (.22-08-13 - 03:49:55.) -- C:\Windows\System32\Wininit.exe [112640]
[MD5.C46904F2E9E121A91DDDABB48D7648C3] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.13-03-15 - 03:20:28.) -- C:\Windows\System32\wininet.dll [1888256]
[MD5.70C57DC69D4A7D92D2CAC90C3AD16E6F] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.18-03-14 - 08:49:13.) -- C:\Windows\System32\Winlogon.exe [459264]
[MD5.BFB9E1202225113991F981D29BFB9029] - (.Microsoft Corporation - Bibliothèque de licences.) (.18-03-14 - 08:49:13.) -- C:\Windows\System32\sppcomapi.dll [438272]
[MD5.D75FB05E8DBF21FA0EF313C7503243F1] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.30-05-14 - 04:05:35.) -- C:\Windows\system32\Drivers\AFD.sys [461312]
[MD5.72FCAE2CE6DFEAB2AB072435017F3417] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22-08-13 - 06:33:25.) -- C:\Windows\system32\Drivers\atapi.sys [23392]
[MD5.CE232BB0965C0C0B786C3F976CCBFB7D] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22-08-13 - 05:11:55.) -- C:\Windows\system32\Drivers\Cdfs.sys [73728]
[MD5.E2FC132D48EA4E8B04432C33EFB77801] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22-08-13 - 02:59:12.) -- C:\Windows\system32\Drivers\Cdrom.sys [124928]
[MD5.55758EBBC45E1628161121D7CFEAD4A1] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.06-03-14 - 09:23:11.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.3D06FB84CFFB1D959ACE7690A27A89E1] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.18-03-14 - 08:22:40.) -- C:\Windows\system32\Drivers\HDAudBus.sys [69632]
[MD5.5043E69532392A43549E5D41E22638AA] - (.Microsoft Corporation - Pilote de port i8042.) (.22-08-13 - 05:10:59.) -- C:\Windows\system32\Drivers\i8042prt.sys [82944]
[MD5.FA6C94C754A566EA8A61D658932F32DE] - (.Microsoft Corporation - IP Network Address Translator.) (.18-03-14 - 08:49:18.) -- C:\Windows\system32\Drivers\IpNat.sys [126976]
[MD5.E11D4B798CF0FF9F739CD9BDC552FF08] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.30-04-14 - 06:29:36.) -- C:\Windows\system32\Drivers\MRxSmb.sys [333312]
[MD5.BC242922B0D08F61CF7C87FD08FAFA8B] - (.Microsoft Corporation - MBT Transport driver.) (.22-08-13 - 05:08:26.) -- C:\Windows\system32\Drivers\netBT.sys [218624]
[MD5.BAFDB3519A9D1A6A0665A70696BA98D5] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.20-03-14 - 02:09:53.) -- C:\Windows\system32\Drivers\ntfs.sys [1679704]
[MD5.4F30970F15ADCC382544B31D5D7E368E] - (.Microsoft Corporation - Pilote de port parallèle.) (.22-08-13 - 05:11:49.) -- C:\Windows\system32\Drivers\Parport.sys [81408]
[MD5.C51AB62AB41A2E8560D12472B204CC00] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22-08-13 - 05:07:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [81920]
[MD5.67E91843B0344411820A012063E876B2] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.18-03-14 - 08:29:14.) -- C:\Windows\system32\Drivers\rdpdr.sys [143872]
[MD5.DB0C184142CF9FA1746F598A16EE92B2] - (.Microsoft Corporation - TDI Translation Driver.) (.22-08-13 - 07:13:54.) -- C:\Windows\system32\Drivers\tdx.sys [87040]
[MD5.F4138DC230FC3DFE9E31201561D0491B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.06-03-14 - 11:37:49.) -- C:\Windows\system32\Drivers\volsnap.sys [264536]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/7
~ Mes Favoris (My Favorites) : 1/7
~ Mon Bureau (My Desktop) : 1/4
~ Menu demarrer (Programs) : 1/24
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lancés
[MD5.2197DED64442B4B342971598208A7D1A] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) -- C:\Windows\system32\taskhostex.exe [66624] [PID.6004]
[MD5.EBCB7B97A720AE9E445CFA7119F5C5B0] - (.ASUSTek Computer INC. - ASUS Patch For Touch Panel.) -- C:\ProgramData\AsTouchPanel\AsPatchTouchPanel.exe [144512] [PID.5620]
[MD5.671D93A39F5DDC36C08D7F249032EDC5] - (.Intel Corporation - igfxEM Module.) -- C:\Windows\system32\igfxEM.exe [398152] [PID.6828]
[MD5.CD43E1B84A6477786FBCC5415E6BE866] - (.Intel Corporation - igfxHK Module.) -- C:\Windows\system32\igfxHK.exe [205128] [PID.6792]
[MD5.A12569269B5C5B89B66820E7F26B92F1] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxTray.exe [402760] [PID.4356]
[MD5.99B0DD6A5DF7E130C81C7CC05137A861] - (.ASUSTek Computer Inc. - ATKOSD2.) -- C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [406328] [PID.6936]
[MD5.A1AAE034B1C463FDC571ADAB950C50D7] - (.ASUSTek Computer Inc. - ATK Media.) -- C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe [209720] [PID.6608]
[MD5.C640F23B2E64585D33ADC99C6591C924] - (.Microsoft Corporation - Clavier tactile et volet d’écriture manuscr.) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [292824] [PID.6696]
[MD5.E1BE759C1BCE85B17CCE5BA6FE58337E] - (.Microsoft Corporation - OneDrive Sync Engine.) -- C:\Windows\System32\skydrive.exe [877056] [PID.3648]
[MD5.6D1153DEBFCDEEFE88A8A48D9CB5E8AE] - (.Realtek Semiconductor - Gestionnaire audio Realtek.) -- C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe [7761920] [PID.7656]
[MD5.6B53177248AC5327FFB5CB2D5C500C94] - (.CANON INC. - Canon IJ Network Scanner Selector EX.) -- C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736] [PID.2644]
[MD5.02EB0C2990DF40CB137D2B0EE4D2BF88] - (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe [1012832] [PID.4928]
[MD5.79DBE26023CDD3D872BF111BC8DD54C1] - (.AsusTek - ASUS Smart Gesture Loader.) -- C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLoader.exe [354616] [PID.7092]
[MD5.D525D410865D2E67F3519962B88DC6DC] - (.AsusTek - ASUS Smart Gesture Center.) -- C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPCenter.exe [295736] [PID.7660]
[MD5.94E39CD7611923E6DCFE7981566A85BC] - (.ASUSTeK Computer Inc. - Asus Smart Gesture Detector.) -- C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusSmartGestureDetector.exe [250168] [PID.2552]
[MD5.8C7A00B0D4BEC5E1C29C449495875A76] - (.AsusTek - ASUS Smart Gesture Helper.) -- C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPHelper.exe [175928] [PID.5256]
[MD5.DB0FE6E51909BEB42004242EB08FEF47] - (.Microsoft Corporation - Host Process for Setting Synchronization.) -- C:\Windows\System32\SettingSyncHost.exe [517120] [PID.2212]
[MD5.8998A4837A47F16F27000C0A61EFC90D] - (.Microsoft Corporation - Runtime Broker.) -- C:\Windows\System32\RuntimeBroker.exe [29920] [PID.3164]
[MD5.97315863A358FD92990A08A2111F4E1F] - (.Pas de propriétaire - Map.) -- C:\Program Files\WindowsApps\Microsoft.BingMaps_2.0.2530.2317_x86__8wekyb3d8bbwe\Map.exe [1633280] [PID.4560]
[MD5.7E95C8AC0B2B98A72B32E9667FFB41AB] - (.Microsoft Corporation - Photos.) -- C:\Windows\FileManager\PhotosApp.exe [364584] [PID.5612]
[MD5.4547360EB0D90804B3AD080CE1D1D814] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [813896] [PID.4536]
[MD5.B25CBA1DEE9E0C7678748857F34B1452] - (.Microsoft Corporation - Aide et support Microsoft.) -- C:\Windows\helppane.exe [891904] [PID.6536]
[MD5.5F1B1148C830C0F149A476A58CE0D09D] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [815248] [PID.7052]
[MD5.DBC94AD54B5CCDA0EB1427280952E986] - (.Adobe Systems Incorporated - Adobe® Flash® Player Utility.) -- C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe [948728] [PID.6368]
[MD5.9B10FDFEC75A5AADD445F9D27D1B57D6] - (.Microsoft Corporation - Assistant Dépannage de diagnostic.) -- C:\Windows\system32\msdt.exe [956928] [PID.5480]
[MD5.7E3A51DD3F44C0635C97FEE0D46201D7] - (.Microsoft Corporation - Hôte natif de diagnostics scriptés.) -- C:\Windows\System32\sdiagnhost.exe [22016] [PID.8060]
[MD5.609B6A585E1FD63785324C0A90839D25] - (.Microsoft Corporation - Paramètres du PC.) -- C:\Windows\ImmersiveControlPanel\SystemSettings.exe [86256] [PID.5996]
[MD5.E7B58CE9BD61BF575E2880088F4E5447] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8218112] [PID.9648]
~ Processes Running: Scanned in 00mn 11s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Preferences
---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 15 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s
---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [ASUSPRP] . (.ASUSTek Computer Inc. - ASUS Product Register Program.) -- C:\Program Files\ASUS\APRP\APRP.exe
O4 - HKLM\..\Run: [DptfPolicyLpmServiceHelper] . (.Intel Corporation - Intel DPTF LPM Service Helper.) -- C:\Windows\system32\DptfPolicyLpmServiceHelper.exe
O4 - HKLM\..\Run: [RtkNGUI] . (.Realtek Semiconductor - Gestionnaire audio Realtek.) -- C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] . (.CANON INC. - Canon IJ Network Scanner Selector EX.) -- C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
O4 - HKCU\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Thomas\AppData\Roaming\Spotify\SpotifyWebHelper.exe
O4 - HKUS\S-1-5-21-1517971749-667288178-3721139889-1001\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Thomas\AppData\Roaming\Spotify\SpotifyWebHelper.exe
~ Application: Scanned in 00mn 04s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation - Skype for Business.) -- C:\Program Files\Microsoft Office 15\root\Office15\lync.exe
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A664405-ED91-4A78-82D1-A26DB1DDB4FB}: DhcpNameServer = 40.51.1.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{8AB5AC6A-BFA1-4054-98D3-43B41B01F682}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A664405-ED91-4A78-82D1-A26DB1DDB4FB}: DhcpDomain = wds-11.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{8A664405-ED91-4A78-82D1-A26DB1DDB4FB}: DhcpNameServer = 40.51.1.11
O17 - HKLM\System\CS1\Services\Tcpip\..\{8AB5AC6A-BFA1-4054-98D3-43B41B01F682}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{8A664405-ED91-4A78-82D1-A26DB1DDB4FB}: DhcpDomain = wds-11.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1090]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1094]
~ Scheduled Task: 12 Legitimates Filtered in 00mn 09s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 18-03-14 - 09:29:21 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 20-06-15 - 14:32:44 - [] -SH-D C:\Users\Thomas\AppData\Local\EmieBrowserModeList
~ Program Folder: 97 Legitimates Filtered in 00mn 00s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.EAD9B9B98682111CC54B4A2979440E6C] - 20-06-15 - 11:21:52 ---A- . (...) -- C:\Windows\System32\CNC176ED.TBL [88576]
~ Files: 14 Legitimates Filtered in 00mn 33s
---\\ Déni du service (Local Security Authority) (O48)
~ LSA: 3 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:13-11-14 - 05:50:37 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [16128]
O58 - SDL:07-09-13 - 19:25:18 ---A- . (.Capella Microsystems, Inc. - Capella Micro Sensor Filter Driver.) -- C:\Windows\System32\Drivers\CPLMACPI.sys [16488]
O58 - SDL:22-08-13 - 06:32:57 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x86.) -- C:\Windows\System32\Drivers\stexstor.sys [26976]
~ Drivers: 59 Legitimates Filtered in 00mn 02s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.4A93070098539B54FDA391D4D551C880] [SPRF][22-07-09] (...) -- C:\ProgramData\SetStretch.exe [24576]
~ Files: 1 Legitimates Filtered in 00mn 00s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 13-11-14 1677016 | (BcmBtRSupport) . (.Broadcom Corporation..) - C:\Windows\System32\BtwRSupportService.exe
SS - | Demand 10-06-14 278344 | (cphs) . (.Intel Corporation.) - C:\Windows\System32\IntelCpHeciSvc.exe
SS - | Auto 24-04-15 107848 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 24-04-15 107848 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 01-07-13 637912 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe
SR - | Auto 09-09-13 103224 | (AsHidService) . (.ASUSTek Computer Inc..) - C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe
SR - | Auto 26-03-14 115512 | (ASLDRService) . (.ASUSTek Computer Inc..) - C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
SR - | Auto 21-11-11 96896 | (ATKGFNEXSrv) . (.ASUS.) - C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
SR - | Auto 24-06-14 75264 | (DptfParticipantProcessorService) . (.Intel Corporation.) - C:\Windows\System32\DptfParticipantProcessorService.exe
SR - | Auto 24-06-14 89088 | (DptfPolicyCriticalService) . (.Intel Corporation.) - C:\Windows\System32\DptfPolicyCriticalService.exe
SR - | Auto 24-06-14 82432 | (DptfPolicyLpmService) . (.Intel Corporation.) - C:\Windows\System32\DptfPolicyLpmService.exe
SR - | Auto 10-06-14 277320 | (igfxCUIService1.0.0.0) . (.Intel Corporation.) - C:\Windows\System32\igfxCUIService.exe
SR - | Auto 01-07-13 586752 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
SR - | Auto 15-01-14 168216 | (jhi_service) . (.Intel Corporation.) - C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe
SR - | Auto 13-05-14 22224 | (WinDefend) . (.Microsoft Corporation.) - C:\Program Files\Windows Defender\MsMpEng.exe
SR - | Auto 22-08-13 31552 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 39s
---\\ Scan Additionnel (O88)
Database Version : 13008 - (16-06-15)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
~ Additionnel Scan: 190116 Items scanned in 00mn 44s
---\\ Informations complémentaires sur les modules
~ http://www.nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://www.nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ AMI: 2 Legitimates Filtered in 00mn 00s
~ 413 Legitimates filtered by white list
End of the scan (323 lines in 04mn 22s)(0.10)
~ Lancé par Thomas (20-06-15 16:27:20)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://www.forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17728
GCIE: Google Chrome v43.0.2357.124 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows Server License Manager Script : OK
~ Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : 9BR24
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 8.1 Connected, 32-bit (Build 9600)
---\\ Logiciels de protection du système
Windows Defender W8 (Activate)
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
---\\ Informations sur le système
~ Processor: x86 Family 6 Model 55 Stepping 8, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 958 MB (8% free)
System Restore: Désactivé (Disabled)
System drive C: has 3 GB (13%) free of 21 GB
---\\ Mode de connexion au système
~ Computer Name: NEUFGNONTABLET
~ User Name: Thomas
~ All Users Names: Val, Thomas, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Thomas\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Thomas\AppData\Roaming\
~ %Desktop% : C:\Users\Thomas\Desktop\
~ %Favorites% : C:\Users\Thomas\Favorites\
~ %LocalAppData% : C:\Users\Thomas\AppData\Local\
~ %StartMenu% : C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 3 Go of 21 Go)
D: Floppy drive, Flash card reader, USB Key (Free 19 Go of 30 Go)
---\\ Etat du Centre de Sécurité Windows
~ Security Center: 38 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.195822ACCDAA2B4815DD01BAFC335595] - (.Microsoft Corporation - Explorateur Windows.) (.23-08-14 - 08:13:24.) -- C:\Windows\Explorer.exe [2084520]
[MD5.02BC073156B3097E94D63C4D609020DD] - (.Microsoft Corporation - Application de démarrage de Windows.) (.22-08-13 - 03:49:55.) -- C:\Windows\System32\Wininit.exe [112640]
[MD5.C46904F2E9E121A91DDDABB48D7648C3] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.13-03-15 - 03:20:28.) -- C:\Windows\System32\wininet.dll [1888256]
[MD5.70C57DC69D4A7D92D2CAC90C3AD16E6F] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.18-03-14 - 08:49:13.) -- C:\Windows\System32\Winlogon.exe [459264]
[MD5.BFB9E1202225113991F981D29BFB9029] - (.Microsoft Corporation - Bibliothèque de licences.) (.18-03-14 - 08:49:13.) -- C:\Windows\System32\sppcomapi.dll [438272]
[MD5.D75FB05E8DBF21FA0EF313C7503243F1] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.30-05-14 - 04:05:35.) -- C:\Windows\system32\Drivers\AFD.sys [461312]
[MD5.72FCAE2CE6DFEAB2AB072435017F3417] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22-08-13 - 06:33:25.) -- C:\Windows\system32\Drivers\atapi.sys [23392]
[MD5.CE232BB0965C0C0B786C3F976CCBFB7D] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22-08-13 - 05:11:55.) -- C:\Windows\system32\Drivers\Cdfs.sys [73728]
[MD5.E2FC132D48EA4E8B04432C33EFB77801] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22-08-13 - 02:59:12.) -- C:\Windows\system32\Drivers\Cdrom.sys [124928]
[MD5.55758EBBC45E1628161121D7CFEAD4A1] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.06-03-14 - 09:23:11.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.3D06FB84CFFB1D959ACE7690A27A89E1] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.18-03-14 - 08:22:40.) -- C:\Windows\system32\Drivers\HDAudBus.sys [69632]
[MD5.5043E69532392A43549E5D41E22638AA] - (.Microsoft Corporation - Pilote de port i8042.) (.22-08-13 - 05:10:59.) -- C:\Windows\system32\Drivers\i8042prt.sys [82944]
[MD5.FA6C94C754A566EA8A61D658932F32DE] - (.Microsoft Corporation - IP Network Address Translator.) (.18-03-14 - 08:49:18.) -- C:\Windows\system32\Drivers\IpNat.sys [126976]
[MD5.E11D4B798CF0FF9F739CD9BDC552FF08] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.30-04-14 - 06:29:36.) -- C:\Windows\system32\Drivers\MRxSmb.sys [333312]
[MD5.BC242922B0D08F61CF7C87FD08FAFA8B] - (.Microsoft Corporation - MBT Transport driver.) (.22-08-13 - 05:08:26.) -- C:\Windows\system32\Drivers\netBT.sys [218624]
[MD5.BAFDB3519A9D1A6A0665A70696BA98D5] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.20-03-14 - 02:09:53.) -- C:\Windows\system32\Drivers\ntfs.sys [1679704]
[MD5.4F30970F15ADCC382544B31D5D7E368E] - (.Microsoft Corporation - Pilote de port parallèle.) (.22-08-13 - 05:11:49.) -- C:\Windows\system32\Drivers\Parport.sys [81408]
[MD5.C51AB62AB41A2E8560D12472B204CC00] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22-08-13 - 05:07:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [81920]
[MD5.67E91843B0344411820A012063E876B2] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.18-03-14 - 08:29:14.) -- C:\Windows\system32\Drivers\rdpdr.sys [143872]
[MD5.DB0C184142CF9FA1746F598A16EE92B2] - (.Microsoft Corporation - TDI Translation Driver.) (.22-08-13 - 07:13:54.) -- C:\Windows\system32\Drivers\tdx.sys [87040]
[MD5.F4138DC230FC3DFE9E31201561D0491B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.06-03-14 - 11:37:49.) -- C:\Windows\system32\Drivers\volsnap.sys [264536]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/7
~ Mes Favoris (My Favorites) : 1/7
~ Mon Bureau (My Desktop) : 1/4
~ Menu demarrer (Programs) : 1/24
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lancés
[MD5.2197DED64442B4B342971598208A7D1A] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) -- C:\Windows\system32\taskhostex.exe [66624] [PID.6004]
[MD5.EBCB7B97A720AE9E445CFA7119F5C5B0] - (.ASUSTek Computer INC. - ASUS Patch For Touch Panel.) -- C:\ProgramData\AsTouchPanel\AsPatchTouchPanel.exe [144512] [PID.5620]
[MD5.671D93A39F5DDC36C08D7F249032EDC5] - (.Intel Corporation - igfxEM Module.) -- C:\Windows\system32\igfxEM.exe [398152] [PID.6828]
[MD5.CD43E1B84A6477786FBCC5415E6BE866] - (.Intel Corporation - igfxHK Module.) -- C:\Windows\system32\igfxHK.exe [205128] [PID.6792]
[MD5.A12569269B5C5B89B66820E7F26B92F1] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxTray.exe [402760] [PID.4356]
[MD5.99B0DD6A5DF7E130C81C7CC05137A861] - (.ASUSTek Computer Inc. - ATKOSD2.) -- C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [406328] [PID.6936]
[MD5.A1AAE034B1C463FDC571ADAB950C50D7] - (.ASUSTek Computer Inc. - ATK Media.) -- C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe [209720] [PID.6608]
[MD5.C640F23B2E64585D33ADC99C6591C924] - (.Microsoft Corporation - Clavier tactile et volet d’écriture manuscr.) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [292824] [PID.6696]
[MD5.E1BE759C1BCE85B17CCE5BA6FE58337E] - (.Microsoft Corporation - OneDrive Sync Engine.) -- C:\Windows\System32\skydrive.exe [877056] [PID.3648]
[MD5.6D1153DEBFCDEEFE88A8A48D9CB5E8AE] - (.Realtek Semiconductor - Gestionnaire audio Realtek.) -- C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe [7761920] [PID.7656]
[MD5.6B53177248AC5327FFB5CB2D5C500C94] - (.CANON INC. - Canon IJ Network Scanner Selector EX.) -- C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736] [PID.2644]
[MD5.02EB0C2990DF40CB137D2B0EE4D2BF88] - (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe [1012832] [PID.4928]
[MD5.79DBE26023CDD3D872BF111BC8DD54C1] - (.AsusTek - ASUS Smart Gesture Loader.) -- C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLoader.exe [354616] [PID.7092]
[MD5.D525D410865D2E67F3519962B88DC6DC] - (.AsusTek - ASUS Smart Gesture Center.) -- C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPCenter.exe [295736] [PID.7660]
[MD5.94E39CD7611923E6DCFE7981566A85BC] - (.ASUSTeK Computer Inc. - Asus Smart Gesture Detector.) -- C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusSmartGestureDetector.exe [250168] [PID.2552]
[MD5.8C7A00B0D4BEC5E1C29C449495875A76] - (.AsusTek - ASUS Smart Gesture Helper.) -- C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPHelper.exe [175928] [PID.5256]
[MD5.DB0FE6E51909BEB42004242EB08FEF47] - (.Microsoft Corporation - Host Process for Setting Synchronization.) -- C:\Windows\System32\SettingSyncHost.exe [517120] [PID.2212]
[MD5.8998A4837A47F16F27000C0A61EFC90D] - (.Microsoft Corporation - Runtime Broker.) -- C:\Windows\System32\RuntimeBroker.exe [29920] [PID.3164]
[MD5.97315863A358FD92990A08A2111F4E1F] - (.Pas de propriétaire - Map.) -- C:\Program Files\WindowsApps\Microsoft.BingMaps_2.0.2530.2317_x86__8wekyb3d8bbwe\Map.exe [1633280] [PID.4560]
[MD5.7E95C8AC0B2B98A72B32E9667FFB41AB] - (.Microsoft Corporation - Photos.) -- C:\Windows\FileManager\PhotosApp.exe [364584] [PID.5612]
[MD5.4547360EB0D90804B3AD080CE1D1D814] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [813896] [PID.4536]
[MD5.B25CBA1DEE9E0C7678748857F34B1452] - (.Microsoft Corporation - Aide et support Microsoft.) -- C:\Windows\helppane.exe [891904] [PID.6536]
[MD5.5F1B1148C830C0F149A476A58CE0D09D] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [815248] [PID.7052]
[MD5.DBC94AD54B5CCDA0EB1427280952E986] - (.Adobe Systems Incorporated - Adobe® Flash® Player Utility.) -- C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe [948728] [PID.6368]
[MD5.9B10FDFEC75A5AADD445F9D27D1B57D6] - (.Microsoft Corporation - Assistant Dépannage de diagnostic.) -- C:\Windows\system32\msdt.exe [956928] [PID.5480]
[MD5.7E3A51DD3F44C0635C97FEE0D46201D7] - (.Microsoft Corporation - Hôte natif de diagnostics scriptés.) -- C:\Windows\System32\sdiagnhost.exe [22016] [PID.8060]
[MD5.609B6A585E1FD63785324C0A90839D25] - (.Microsoft Corporation - Paramètres du PC.) -- C:\Windows\ImmersiveControlPanel\SystemSettings.exe [86256] [PID.5996]
[MD5.E7B58CE9BD61BF575E2880088F4E5447] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8218112] [PID.9648]
~ Processes Running: Scanned in 00mn 11s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Preferences
---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 15 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s
---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [ASUSPRP] . (.ASUSTek Computer Inc. - ASUS Product Register Program.) -- C:\Program Files\ASUS\APRP\APRP.exe
O4 - HKLM\..\Run: [DptfPolicyLpmServiceHelper] . (.Intel Corporation - Intel DPTF LPM Service Helper.) -- C:\Windows\system32\DptfPolicyLpmServiceHelper.exe
O4 - HKLM\..\Run: [RtkNGUI] . (.Realtek Semiconductor - Gestionnaire audio Realtek.) -- C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] . (.CANON INC. - Canon IJ Network Scanner Selector EX.) -- C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
O4 - HKCU\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Thomas\AppData\Roaming\Spotify\SpotifyWebHelper.exe
O4 - HKUS\S-1-5-21-1517971749-667288178-3721139889-1001\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Thomas\AppData\Roaming\Spotify\SpotifyWebHelper.exe
~ Application: Scanned in 00mn 04s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation - Skype for Business.) -- C:\Program Files\Microsoft Office 15\root\Office15\lync.exe
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A664405-ED91-4A78-82D1-A26DB1DDB4FB}: DhcpNameServer = 40.51.1.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{8AB5AC6A-BFA1-4054-98D3-43B41B01F682}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A664405-ED91-4A78-82D1-A26DB1DDB4FB}: DhcpDomain = wds-11.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{8A664405-ED91-4A78-82D1-A26DB1DDB4FB}: DhcpNameServer = 40.51.1.11
O17 - HKLM\System\CS1\Services\Tcpip\..\{8AB5AC6A-BFA1-4054-98D3-43B41B01F682}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{8A664405-ED91-4A78-82D1-A26DB1DDB4FB}: DhcpDomain = wds-11.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1090]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1094]
~ Scheduled Task: 12 Legitimates Filtered in 00mn 09s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 18-03-14 - 09:29:21 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 20-06-15 - 14:32:44 - [] -SH-D C:\Users\Thomas\AppData\Local\EmieBrowserModeList
~ Program Folder: 97 Legitimates Filtered in 00mn 00s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.EAD9B9B98682111CC54B4A2979440E6C] - 20-06-15 - 11:21:52 ---A- . (...) -- C:\Windows\System32\CNC176ED.TBL [88576]
~ Files: 14 Legitimates Filtered in 00mn 33s
---\\ Déni du service (Local Security Authority) (O48)
~ LSA: 3 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:13-11-14 - 05:50:37 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [16128]
O58 - SDL:07-09-13 - 19:25:18 ---A- . (.Capella Microsystems, Inc. - Capella Micro Sensor Filter Driver.) -- C:\Windows\System32\Drivers\CPLMACPI.sys [16488]
O58 - SDL:22-08-13 - 06:32:57 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x86.) -- C:\Windows\System32\Drivers\stexstor.sys [26976]
~ Drivers: 59 Legitimates Filtered in 00mn 02s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.4A93070098539B54FDA391D4D551C880] [SPRF][22-07-09] (...) -- C:\ProgramData\SetStretch.exe [24576]
~ Files: 1 Legitimates Filtered in 00mn 00s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 13-11-14 1677016 | (BcmBtRSupport) . (.Broadcom Corporation..) - C:\Windows\System32\BtwRSupportService.exe
SS - | Demand 10-06-14 278344 | (cphs) . (.Intel Corporation.) - C:\Windows\System32\IntelCpHeciSvc.exe
SS - | Auto 24-04-15 107848 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 24-04-15 107848 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 01-07-13 637912 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe
SR - | Auto 09-09-13 103224 | (AsHidService) . (.ASUSTek Computer Inc..) - C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe
SR - | Auto 26-03-14 115512 | (ASLDRService) . (.ASUSTek Computer Inc..) - C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
SR - | Auto 21-11-11 96896 | (ATKGFNEXSrv) . (.ASUS.) - C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
SR - | Auto 24-06-14 75264 | (DptfParticipantProcessorService) . (.Intel Corporation.) - C:\Windows\System32\DptfParticipantProcessorService.exe
SR - | Auto 24-06-14 89088 | (DptfPolicyCriticalService) . (.Intel Corporation.) - C:\Windows\System32\DptfPolicyCriticalService.exe
SR - | Auto 24-06-14 82432 | (DptfPolicyLpmService) . (.Intel Corporation.) - C:\Windows\System32\DptfPolicyLpmService.exe
SR - | Auto 10-06-14 277320 | (igfxCUIService1.0.0.0) . (.Intel Corporation.) - C:\Windows\System32\igfxCUIService.exe
SR - | Auto 01-07-13 586752 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
SR - | Auto 15-01-14 168216 | (jhi_service) . (.Intel Corporation.) - C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe
SR - | Auto 13-05-14 22224 | (WinDefend) . (.Microsoft Corporation.) - C:\Program Files\Windows Defender\MsMpEng.exe
SR - | Auto 22-08-13 31552 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 39s
---\\ Scan Additionnel (O88)
Database Version : 13008 - (16-06-15)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
~ Additionnel Scan: 190116 Items scanned in 00mn 44s
---\\ Informations complémentaires sur les modules
~ http://www.nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://www.nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ AMI: 2 Legitimates Filtered in 00mn 00s
~ 413 Legitimates filtered by white list
End of the scan (323 lines in 04mn 22s)(0.10)