cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.1.2.5 - Nicolas Coolman (02/01/2014)
~ Lancé par Robert (16/08/2015 16:06:48)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17959 (Defaut)
MFIE: Mozilla Firefox 35.0.1
GCIE: Google Chrome v39.0.2171.95

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_COA_SLP channel
Windows ID Activation : OK
~ Windows Partial Key : 8HQ4V
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Microsoft Security Client v4.8.0204.0
Windows Defender W7

---\\ Logiciels d'optimisation du système
CCleaner v5.02 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 18 ActiveX

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 30 Stepping 5, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6103 MB (62% free)
System Restore: Activé (Enable)
System drive C: has 727 GB (79%) free of 919 GB

---\\ Mode de connexion au système
~ Computer Name: ROBERT-PC
~ User Name: Robert
~ All Users Names: Robert, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Robert\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Robert\AppData\Roaming\
~ %Desktop% : C:\Users\Robert\Desktop\
~ %Favorites% : C:\Favoris\Favo\
~ %LocalAppData% : C:\Users\Robert\AppData\Local\
~ %StartMenu% : C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 727 Go of 919 Go)
D: CD-ROM drive (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.C555B5C8142844DED9E3BD94E6313000] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.16/07/2015 - 20:12:42.) -- C:\Windows\System32\wininet.dll [2427904]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.17/07/2014 - 03:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.B2081803D510DCE174992BA880EDCA70] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2015 - 17:46:59.) -- C:\Windows\system32\Drivers\MRxSmb.sys [159232]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.70988118145F5F10EF24720B97F35F65] - (.Microsoft Corporation - TDI Translation Driver.) (.11/11/2014 - 02:46:26.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 4/37
Mes musiques (My Musics) : 26/26 (Modified)
~ Mes Videos (My Videos) : 117/167
~ Mes Favoris (My Favorites) : 1/3476
~ Mes Documents (My Documents) : 6/1110
~ Mon Bureau (My Desktop) : 2/6455
~ Menu demarrer (Programs) : 1/363
~ Hidden Files: Scanned in 00mn 09s



---\\ Processus lancés
[MD5.C7A3E9F1BBF7FDAAAD3B3CC4757DFB7B] - (.CANON INC. - Canon Utilities Image Transfer Utility.) -- C:\Program Files (x86)\Canon\ImageTransferUtility\ImageTransferUtility.exe [3189760] [PID.2244]
[MD5.A1482A51803EBBC3E7D8E05CFD3D4DFC] - (.Pas de propriétaire - MFManager.) -- C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe [69120] [PID.2256]
[MD5.324EB08C7610095182D5D399ED1A0EB3] - (.Power Software Ltd - PowerISO Virtual Drive Manager.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.exe [366904] [PID.2416]
[MD5.34D296AFC913E302953C70463EF09A48] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [96056] [PID.2424]
[MD5.34CA7536C887700B3A529EEF502BE431] - (.Samsung Electronics Co., Ltd. - Samsung AllShare Agent.) -- C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072] [PID.2432]
[MD5.7869D29080028FC8B1B47E9686680D63] - (.Mindspark - Mindspark Toolbar Platform.) -- C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\APPINTEGRATOR.exe [230424] [PID.2468] =>Adware.MapsGalaxy
[MD5.6717A0C329A2AD0CB4E55E523BE7B3F2] - (.Dell Inc. - Dell Update.) -- C:\Program Files (x86)\Dell Update\DellUpTray.exe [707800] [PID.4468]
[MD5.F9DE700A35BBACF62FDA8005E1E58ECF] - (.Microsoft Corporation - Microsoft Word for Windows.) -- C:\Program Files (x86)\Microsoft Office\Office\WINWORD.exe [8441907] [PID.1472]
[MD5.C2A6A7E10E872F62F261637B67AFB248] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [815312] [PID.3364]
[MD5.B5A25FE2553F5DEB182F67582DB5970B] - (.Mindspark - Mindspark Toolbar Platform.) -- C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\CrExtP39.exe [1158168] [PID.4888] =>Adware.MapsGalaxy
[MD5.486BDC196F8914845302745A15310D62] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8321024] [PID.5304]
[MD5.97737D05F81A41BCADFE4AD15B3ADD4F] - (.Ellora Assets Corp. - CaptureLibService.) -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216] [PID.1740]
[MD5.66DA1A91E1ED5D59BECFAD85F53C05F9] - (.Mindspark - Mindspark Toolbar Platform.) -- C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39barsvc.exe [90648] [PID.2836] =>Adware.MapsGalaxy
[MD5.72678EA6612977AAB170592C2E7E9DDB] - (.Dell Inc. - Dell Update Windows Service.) -- C:\Program Files (x86)\Dell Update\DellUpService.exe [237272] [PID.2644]
[MD5.51508F0C2476177E50C31B0BBFBF1BDB] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107912] [PID.776]
[MD5.CB8C1CC4F46FBAC78150754D77460C73] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe [230792] [PID.2772]
~ Processes Running: Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\w1ccxlux.default\prefs.js
~ Firefox Browser: 1 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://webmail.numericable.fr
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = http://google.com
~ IE Browser: 23 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 1



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Toolbar BHO [64Bits] - {1e91a655-bb4b-4693-a05e-2edebc4c9d89} . (.Mindspark - Mindspark Toolbar Platform.) -- C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll =>Adware.MapsGalaxy
O2 - BHO: Search Assistant BHO [64Bits] - {71c1d63a-c944-428a-a5bd-ba513190e5d2} . (.Mindspark - Mindspark Toolbar Platform.) -- C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll =>Adware.MapsGalaxy
~ BHO: 5 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{364EA597-E728-4CE4-BB4A-ED846EF47970} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [Public]: Documentation d'aide de Dell.lnk . (...) -- C:\Program Files (x86)\Dell Inc\Dell Edoc Viewer\EDocs.exe (.not file.)
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: SyncToy 2.1(x64).lnk . (...) -- C:\Windows\Installer\{88DAAF05-5A72-46D2-A7C5-C3759697E943}\_6FEFF9B68218417F98F549.exe
O4 - GS\QuickLaunch [Robert]: Free PDF to Word Converter.lnk . (.Free-PDF-to-Word.com - Free PDF to Word Converter.) -- C:\Program Files (x86)\Free PDF to Word Converter\PDF2Word.exe
O4 - GS\QuickLaunch [Robert]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Robert]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Robert]: Free YouTube to MP3 Converter.lnk . (.DVDVideoSoft Ltd. - FreeYouTubeToMP3Converter.) -- C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe
O4 - GS\TaskBar [Robert]: FSX.lnk . (.Microsoft Corp. - Microsoft Flight Simulator®.) -- C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\fsx.exe
O4 - GS\TaskBar [Robert]: iexplore.exe - Raccourci.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Robert]: Magnify.lnk . (.Microsoft Corporation - Loupe Microsoft.) -- C:\Windows\system32\magnify.exe
O4 - GS\Program [Robert]: Google Traduction.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Program [Robert]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Robert]: Webmail Numericable - robert.gostanian@numericable.fr.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\SystemTools [Robert]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Robert]: Brouillon3.lnk . (...) -- C:\Users\Robert\Mes dossiers\MonWord\Brouillon3
O4 - GS\Desktop [Robert]: Favoris i.lnk . (...) -- C:\Favoris
O4 - GS\Desktop [Robert]: fsx.exe - Raccourci.lnk . (.Microsoft Corp. - Microsoft Flight Simulator®.) -- C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\fsx.exe
O4 - GS\Desktop [Robert]: Mes dossiers - Raccourci.lnk . (...) -- C:\Users\Robert\Mes dossiers
O4 - GS\Desktop [Robert]: Plus Utilisé -.lnk . (...) -- C:\Users\Robert\Mes dossiers\Plus Utilisé
~ Global Startup: 84 Legitimates Filtered in 00mn 00s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: Image Transfer Utility.lnk . (.CANON INC. - Canon Utilities Image Transfer Utility.) -- C:\Program Files (x86)\Canon\ImageTransferUtility\ImageTransferUtility.exe
O4 - GS\Startup [Public]: ImageBrowser EX Agent.lnk . (...) -- C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>Piriform Ltd
O4 - HKLM\..\Wow6432Node\Run: [PWRISOVM.EXE] . (.Power Software Ltd - PowerISO Virtual Drive Manager.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [AllShareAgent] . (.Samsung Electronics Co., Ltd. - Samsung AllShare Agent.) -- C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
O4 - HKLM\..\Wow6432Node\Run: [MapsGalaxy EPM Support] . (.Mindspark - Mindspark Toolbar Platform.) -- C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39medint.exe =>Adware.MapsGalaxy
O4 - HKLM\..\Wow6432Node\Run: [MapsGalaxy AppIntegrator 32-bit] . (.Mindspark - Mindspark Toolbar Platform.) -- C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\APPINTEGRATOR.exe =>Adware.MapsGalaxy
O4 - HKLM\..\Wow6432Node\Run: [MapsGalaxy AppIntegrator 64-bit] . (.Mindspark - Mindspark Toolbar Platform.) -- C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\AppIntegrator64.exe =>Adware.MapsGalaxy
O4 - HKUS\S-1-5-21-1091958193-1671727849-1654219146-1001\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>Piriform Ltd
~ Application: Scanned in 00mn 00s



---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] *.dell.com
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ((no name)) - http://www.ma-config.com/plugins/MaConfigx64_5_1_5_0.cab
O16 - DPF: {D27CDB6E-0000-0000-0000-000000000000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{F11E7A27-A5BC-41DA-87EE-E64B11E2A970}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{F11E7A27-A5BC-41DA-87EE-E64B11E2A970}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{F11E7A27-A5BC-41DA-87EE-E64B11E2A970}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.2.0.1 89.2.0.2
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: MapsGalaxyService (MapsGalaxy_39Service) . (.Mindspark - Mindspark Toolbar Platform.) - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39barsvc.exe =>Adware.MapsGalaxy
O23 - Service: Dell SupportAssist Agent (SupportAssistAgent) . (.Dell Inc. - Service.) - C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
~ Services: 10 Legitimates Filtered in 00mn 02s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{325D82EC-9A42-45F6-93ED-916BE5CD263D}] (...) -- D:\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{61BC7058-47EC-425F-ACA0-C72B673C8C10}] (...) -- D:\install.exe (.not file.) [0]
~ Scheduled Task: 14 Legitimates Filtered in 00mn 01s



---\\ Logiciels installés (O42)
O42 - Logiciel: AI Carriers - (...) [HKLM][64Bits] -- AICarriers
O42 - Logiciel: Aerospatiale AS350 Olympic FSX & P3D - (.Tamas & Peter Nemeth, Yiannis Katehis Tsetsas.) [HKLM][64Bits] -- {B247CD44-700C-452C-A645-88321E393290}
O42 - Logiciel: Ant's De Havilland Tiger Moth Version 1.1 FSX - (.Anthony Lynch.) [HKLM][64Bits] -- {BD43E91E-5610-4E53-8350-4E475DA50118}
O42 - Logiciel: Atlas CheetahC FSX & P3D - (.Thinus Pretorius.) [HKLM][64Bits] -- {E86EF56A-D3DF-4EAE-9CC2-A913FDDFA949}
O42 - Logiciel: Bell X-22A FSX & P3D - (.Kazunori Ito, FSX update by Michael Pook.) [HKLM][64Bits] -- {720D8459-E4F1-4662-83AD-AA5375D55546}
O42 - Logiciel: Bombardier Canadair CL-215 v3.0X FSX & P3D - (.Massimo Taccoli, Dennis Seeley, dave Eckert, Michel Gerard.) [HKLM][64Bits] -- {D46552C5-943A-4939-BC0B-BD92034CD151}
O42 - Logiciel: Curtiss HawkIII 68 & BF2C-1 FSX - (.Ivan Hsu.) [HKLM][64Bits] -- {F7502EE0-D090-49C0-A679-DC519BE94877}
O42 - Logiciel: Eurocopter AS350-BA Fspainter Complete FSX - (.FSpainter / Florian LAROYE.) [HKLM][64Bits] -- {048B0E48-1689-41D7-9493-FD2DA9402C94}
O42 - Logiciel: FS Water Configurator 3.15 - (...) [HKLM][64Bits] -- FS Water Configurator
O42 - Logiciel: FSND CitationX Ultra Package FSX - (.Alejandro Rojas Lucena.) [HKLM][64Bits] -- {C068B6BF-5A1F-4731-8AE3-168529608EDB}
O42 - Logiciel: FSX London City Airport Installer - (...) [HKCU][64Bits] -- FSX London City Airport Installer
O42 - Logiciel: FSX-SP2 Cessna Citation 500 2008 - (.Alejandro Rojas Lucena.) [HKLM][64Bits] -- {2FD15D1F-7157-4027-9CF7-92BFDC42F01E}
O42 - Logiciel: Harrier FSX - (...) [HKCU][64Bits] -- Harrier FSX
O42 - Logiciel: ICE AI Traffic Para FSX - (.ICE AI Traffic Group.) [HKLM][64Bits] -- {3EDA9408-F257-4A2E-B725-4F25AC77B5CA}
O42 - Logiciel: Ilyushin Il-18 FSX - (.Edgar Giunart.) [HKLM][64Bits] -- {BB93F6FF-F441-4C01-BA47-07E768CCCB30}
O42 - Logiciel: KLAX - LA Intl Airport Photoreal V3.0 FSX - (.Glenn Johnson.) [HKLM][64Bits] -- {491C5535-F887-466E-9373-3B5EB9FC7637}
O42 - Logiciel: KSAN Photo Real Scenery V3.0 FSX & P3D - (.Glenn Johnson.) [HKLM][64Bits] -- {20AC574E-9DBE-421D-8ECB-AB1F7FEF8355}
O42 - Logiciel: LANDIVISIAU FSX - (...) [HKCU][64Bits] -- LANDIVISIAU FSX
O42 - Logiciel: La Corse version I FSX - (.Toni Agramont (ancien résistant).) [HKLM][64Bits] -- {5CCCABBA-DF66-4B2F-B34F-EF9F359E6F3B}
O42 - Logiciel: Legacy 'The Luxury Aircraft Collection' - (...) [HKLM][64Bits] -- Legacy 'The Luxury Aircraft Collection'
O42 - Logiciel: McDonnell Douglas DC-10 Version 2 FSX - (.Thomas Ruth & Erick Cantu.) [HKLM][64Bits] -- {EEFCEA4B-CE9E-4211-801A-D3ACD79DD251}
O42 - Logiciel: Mitsubishi T-2 FSX SP2 - (.Tim Piglet Conrad.) [HKLM][64Bits] -- {018F362E-D917-4E91-ABAC-4824BB0BF51F}
O42 - Logiciel: Mooney Acclaim Type S Turbo FSX - (.Mark Rooks.) [HKLM][64Bits] -- {3C0A07AD-B90D-43A9-9774-BF9DDB303E82}
O42 - Logiciel: North American Rockwell OV-10A Bronco Series FSX - (.Tim Piglet Conrad.) [HKLM][64Bits] -- {4A817889-C032-41FC-8762-BB7E95D88B34}
O42 - Logiciel: Real ATC Mission AZ601 - (...) [HKLM][64Bits] -- Real ATC Mission AZ601
O42 - Logiciel: Robin DR400 FSX & P3D - (.Yannick Lavigne, Christian Winkel, Patrick Machabert, Danny Garnier.) [HKLM][64Bits] -- {9540201C-CA7E-4EF7-9654-DE6768995D43}
O42 - Logiciel: Robin R2160 Alpha 160A for FSX-SP2 FSX - (.Premier Aircraft Design.) [HKLM][64Bits] -- {ED99A50F-64D0-4596-9BB4-3B4DC4C373C7}
O42 - Logiciel: Scenery Installation - (...) [HKCU][64Bits] -- Scenery Installation
O42 - Logiciel: Spartan 7W Executive FSX & P3D - (.Milton Shupe, Scott Thomas, Urs Burkhardt, FSX modif by Duane L. Tarbox.) [HKLM][64Bits] -- {C5727486-5DC8-4C68-B137-33DCEFF3A886}
O42 - Logiciel: Super Cobra AH-1W ALPHA FSX - (.Alphasim.) [HKLM][64Bits] -- {74DA5C6B-8225-4ABA-97E2-4BE071923A72}
O42 - Logiciel: UKMIL Buccaneer S2 PACKAGE FSX - (.UKMIL.) [HKLM][64Bits] -- {F89A6DDD-D915-4C9C-A874-52C958712F35}
O42 - Logiciel: UKMIL FSX Gazelle AH1 Package - (.UKMIL.) [HKLM][64Bits] -- {D2E4D9B1-FE07-42D1-BC50-0BB79B245BAB}
O42 - Logiciel: USS Nimitz & USS Eisenhower v2 FSX & P3D - (.Javier Fernandez, Sylvain Parouty.) [HKLM][64Bits] -- {D085AEC0-D870-410F-9C04-D9CF1FA9EE5F}
O42 - Logiciel: VEH Clemenceau V2-10 - (...) [HKCU][64Bits] -- VEH Clemenceau V2-10
O42 - Logiciel: VEH Foch- Clemenceau V3-20 - (...) [HKCU][64Bits] -- VEH Foch- Clemenceau V3-20
O42 - Logiciel: WWA Piper Turbo Arrow III - (...) [HKLM][64Bits] -- WWA Piper Turbo Arrow III
O42 - Logiciel: Zeppelin NT V1.0 pour FSX SP1 + SP2 - (.Thomas Röhl.) [HKLM][64Bits] -- {8B5A1345-495B-4C8C-9C12-7DC1366C860C}
~ Logic: 40 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\HYBRIDWEB.de]
[HKCU\Software\JAB Soft]
[HKCU\Software\TAS]
[HKLM\Software\InstallMate]
[HKLM\Software\Wow6432Node\Florenc]
[HKLM\Software\Wow6432Node\ICE AI Traffic Group]
[HKLM\Software\Wow6432Node\JAB Soft]
[HKLM\Software\Wow6432Node\MapsGalaxy_39] =>Adware.MapsGalaxy
[HKLM\Software\Wow6432Node\SOSVirus]
[HKLM\Software\Wow6432Node\lc0277]
~ Key Software: 520 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 09/12/2014 - 14:07:05 - [0,819] ----D C:\Program Files (x86)\AICarriers
O43 - CFD: 09/08/2015 - 16:26:05 - [11,051] ----D C:\Program Files (x86)\MapsGalaxy_39 =>Adware.MapsGalaxy
O43 - CFD: 21/04/2015 - 11:28:24 - [5,256] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 27/06/2015 - 18:02:24 - [25,785] ----D C:\ProgramData\SupportAssistAgent
O43 - CFD: 27/06/2015 - 18:03:07 - [8,126] --H-D C:\ProgramData\{8AF32939-989B-460A-8726-CA2C776032A1}
O43 - CFD: 09/12/2014 - 14:57:54 - [545,079] ----D C:\Users\Robert\AppData\Roaming\ICE AI Traffic Group
O43 - CFD: 11/06/2015 - 11:11:07 - [0] -SH-D C:\Users\Robert\AppData\Local\EmieBrowserModeList
O43 - CFD: 11/06/2015 - 11:11:07 - [0] -SH-D C:\Users\Robert\AppData\Local\EmieSiteList
O43 - CFD: 11/06/2015 - 11:11:07 - [0] -SH-D C:\Users\Robert\AppData\Local\EmieUserList
O43 - CFD: 02/06/2015 - 15:51:29 - [0] ----D C:\Users\Robert\AppData\Local\GWX
O43 - CFD: 09/08/2015 - 16:26:26 - [1,357] ----D C:\Users\Robert\AppData\Local\MapsGalaxy_39 =>Adware.MapsGalaxy
O43 - CFD: 09/12/2014 - 14:56:12 - [2,941] ----D C:\Users\Robert\AppData\Local\PARIS, RUE DU PRESSOIR Archives- 03-2010_fichiers
O43 - CFD: 09/12/2014 - 14:56:31 - [0,001] ----D C:\Users\Robert\AppData\Local\_
O43 - CFD: 09/12/2014 - 14:59:26 - [0,001] ----D C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FSX London City Airport Installer
O43 - CFD: 09/12/2014 - 14:59:26 - [0,001] ----D C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Harrier FSX
O43 - CFD: 09/12/2014 - 14:59:26 - [0,001] ----D C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LANDIVISIAU FSX
O43 - CFD: 09/12/2014 - 14:59:40 - [0,001] ----D C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VEH_Clemenceau_V2-10
O43 - CFD: 09/12/2014 - 14:59:40 - [0,005] ----D C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VEH_Foch-Clemenceau_V3-20
~ Program Folder: 323 Legitimates Filtered in 00mn 45s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\IMSS [Key] . (.Pas de propriétaire - PIconStartup application.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
O53 - SMSR:HKLM\...\startupreg\THX Audio Control Panel [Key] . (...) -- C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\UpdReg [Key] . (...) -- C:\Windows\UpdReg.exe (.not file.)
~ SMSR Keys: 26 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.2E83D2621E87C493AB45DC6655BA77D4] - 28/06/2013 - 08:32:07 ---A- . (...) -- C:\Windows\System32\Drivers\aswSnx.sys.sum [175]
O58 - SDL:[MD5.A5F29AC2F0ADE8B995B49D7350CE3AC0] - 28/06/2013 - 08:32:07 ---A- . (...) -- C:\Windows\System32\Drivers\aswSP.sys.sum [175]
O58 - SDL:[MD5.E86C64478D9A90D62255FE9EB0150C6E] - 28/06/2013 - 08:32:07 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys.sum [175]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.12C061D9F9621BE916D58191872EC281] - 17/09/2008 - 14:14:00 R--A- . (.EnTech Taiwan - EnTech driver for Windows XP 64.) -- C:\Windows\System32\Drivers\Entech64.sys [12744]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.955FFE2B1D74A9E0E3E0E558E6A17F3B] - 28/10/2013 - 01:12:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [107288]
O58 - SDL:[MD5.BB94A5E2CEE5FD83BA5A72A37AECADDF] - 28/10/2013 - 01:12:12 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [204568]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.531121E7ED50084B493A69F8F8A7A927] - 16/01/2015 - 10:18:43 ---A- . (...) -- C:\Windows\System32\Drivers\TrueSight.sys [37624]
~ Drivers: 18 Legitimates Filtered in 00mn 00s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: UsbFix - (.El Desaparecido - www.usbfix.net - www.sosvirus.net.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: ZHPFix 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPFix_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 06/12/2013 - C:\Windows\System32\DRIVERS\atikmdag.sys (amdkmdag) .(.Advanced Micro Devices, Inc. - ATI Radeon Kernel Mode Driver.) - LEGACY_AMDKMDAG
O64 - Services: CurCS - 10/06/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 120 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {7DFC8967-5AAB-40B4-BEBF-A09FB161A97B} - ((www.google.com) Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "8049ADE3752FE2A47B52F452CA775BAC" . (.ICE AI Traffic Para FSX.) -- C:\Windows\Installer\{3EDA9408-F257-4A2E-B725-4F25AC77B5CA}\ICEWhiteNew.exe
~ Update Products: 171 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.A49BDC6CEA473FA0FC6CA81B60EBD1DF] [WIS][21/03/2012] (.ICE AI Traffic Group - ICE AI Traffic Para FSX.) -- C:\Windows\Installer\16b38a.msi [1457152]
[MD5.8720DB74FA66B22A339CE775526F8217] [WIS][31/08/2014] (.HYBRIDWEB.de - FLV-Media-Player.) -- C:\Windows\Installer\19056f.msi [30236672]
[MD5.4326229DE8DDE6EE32BF5B0A8FE328FB] [WIS][17/03/2014] (.iFly Developer Team - iFly 747-400 for Microsoft Flight Simulator X.) -- C:\Windows\Installer\693d72.msi [42211840]
[MD5.7CEC68FF4AF0E31BAD109F227D31D0CE] [WIS][28/01/2010] (.ATI - Catalyst Control Center.) -- C:\Windows\Installer\8afe.msi [2438144]
~ WIS: 176 Legitimates Filtered in 00mn 23s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 12/08/2015 269000 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 14/02/2011 1045256 | (FLEXnet Licensing Service) . (.Acresso Software Inc..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Auto 22/10/2014 107912 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 22/10/2014 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 25/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Disabled 02/10/2009 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SS - | Demand 03/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Disabled 30/09/2009 268824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SS - | Disabled 20/01/2014 2818896 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SS - | Demand 23/01/2015 114800 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 02/03/2012 25504 | (SamsungAllShareV2.0) . (.Samsung Electronics Co., Ltd..) - C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
SS - | Demand 02/03/2012 27584 | (SimpleSlideShowServer) . (.Samsung Electronics Co., Ltd..) - C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe
SS - | Disabled 30/09/2009 2320920 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SS - | Disabled 14/12/2006 544768 | (UPnPService) . (.Magix AG.) - C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 06/12/2013 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 22/05/2015 2573520 | (DellDataVault) . (.Dell Inc..) - C:\Program Files\Dell\DellDataVault\DellDataVault.exe
SR - | Auto 22/05/2015 201936 | (DellDataVaultWiz) . (.Dell Inc..) - C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
SR - | Auto 09/06/2015 237272 | (DellUpdate) . (.Dell Inc..) - C:\Program Files (x86)\Dell Update\DellUpService.exe
SR - | Auto 07/10/2014 9216 | (FreemakeVideoCapture) . (.Ellora Assets Corp..) - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
SR - | Demand 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\system32\svchost.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\system32\svchost.exe
SR - | Auto 09/08/2015 90648 | (MapsGalaxy_39Service) . (.Mindspark.) - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39barsvc.exe =>Adware.MapsGalaxy
SR - | Auto 30/04/2015 23816 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 11/06/2015 20648 | (SupportAssistAgent) . (.Dell Inc..) - C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 24s



---\\ Scan Additionnel (O88)
Database Version : 13018 - (02/01/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 3
Fichiers trouvés (Files found) : 4

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E91A655-BB4B-4693-A05E-2EDEBC4C9D89}] =>Adware.MapsGalaxy^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71C1D63A-C944-428A-A5BD-BA513190E5D2}] =>Adware.MapsGalaxy^
[HKLM\SYSTEM\CurrentControlSet\Services\MapsGalaxy_39Service] =>Adware.MapsGalaxy^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:MapsGalaxy EPM Support =>Adware.MapsGalaxy^
C:\Program Files (x86)\MapsGalaxy_39 =>Adware.MapsGalaxy^
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\Users\Robert\AppData\Local\MapsGalaxy_39 =>Adware.MapsGalaxy^
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\APPINTEGRATOR.exe =>Adware.MapsGalaxy^
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\CrExtP39.exe =>Adware.MapsGalaxy^
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39barsvc.exe =>Adware.MapsGalaxy^
[HKLM\Software\Wow6432Node\MapsGalaxy_39] =>Adware.MapsGalaxy^
~ Additionnel Scan: 516944 Items scanned in 00mn 17s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/27157393-adware-mapsgalaxy =>Adware.MapsGalaxy
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma
~ MSI: 2 link(s) detected in 00mn 17s



~ 1607 Legitimates filtered by white list
End of the scan (498 lines in 01mn 52s)(0)

Publicité


Signaler le contenu de ce document

Publicité