Répondre à : rvzr-a.akamaihd.net 2016-09-08T13:23:22+00:00
Photo du profil de sushbersushber
Participant
Nombre d'articles : 25

et la suite du rapport :

—\ Processus lancés
[MD5.A824317EA303679481EF1039A5D66212] – (.Dritek System Inc. – Launch Manager Worker.) — C:Program Files (x86)Launch ManagerLMworker.exe [343632] [PID.2076]
[MD5.9DC1C210895A9F15AC8A9E3E40EFD768] – (.CyberLink Corp. – clear.fi Resident Program.) — C:Program Files (x86)Acerclear.fiMVPclear.fiAgent.exe [120104] [PID.3752]
[MD5.542D3040C7EF444589153BB625A84978] – (.CyberLink – DMREngine.) — C:Program Files (x86)Acerclear.fiMVP.KernelDMRDMREngine.exe [169352] [PID.3632]
[MD5.F02A533F517EB38333CB12A9E8963773] – (.Google Inc. – Programme d’installation de Google.) — C:UsersbernardAppDataLocalGoogleUpdateGoogleUpdate.exe [136176] [PID.2352]
[MD5.C3C077A40B42178B33A40E2D3D1BED3F] – (.Google – Google Drive.) — C:Program Files (x86)GoogleDrivegoogledrivesync.exe [20133824] [PID.4416]
[MD5.6BF7676296D5359AFC135A5397000053] – (.Acresso Corporation – Acresso Software Manager.) — C:ProgramDataFLEXnetConnect11ISUSPM.exe [222496] [PID.4424]
[MD5.4860117DA2E6E9B300144902629B09AC] – (.Spotify Ltd – SpotifyWebHelper.) — C:UsersbernardAppDataRoamingSpotifyDataSpotifyWebHelper.exe [1168896] [PID.4852]
[MD5.4272BB1D2B577D5917DA0AD9954C4A97] – (.Spotify Ltd – Spotify.) — C:UsersbernardAppDataRoamingSpotifyspotify.exe [5951488] [PID.5976]
[MD5.0D360F06B168A6F37ACA9D9F958245DA] – (.NTI Corporation – Acer Backup Manager.) — C:Program Files (x86)NTIAcer Backup ManagerBackupManagerTray.exe [297280] [PID.904]
[MD5.61350395623EE95ADB3EEDB4E60F2601] – (…) — C:UsersbernardAppDataRoamingSpotifyDataSpotifyHelper.exe [610304] [PID.4584]
[MD5.9ABC4E3B00CFA3A47D5569F5B49FE42F] – (.Dritek System Inc. – Launch Manager.) — C:Program Files (x86)Launch ManagerLManager.exe [1103440] [PID.6428]
[MD5.41D4102A550711871BB2DC49EA03CA7B] – (.CyberLink Corp. – clear.fi Movie Resident Program.) — C:Program Files (x86)Acerclear.fiMovieclear.fiMovieService.exe [177448] [PID.6460]
[MD5.BED38B0ADFF5F5CC6E988A6491017E83] – (.Research In Motion Limited – Launch Agent Service.) — C:Program Files (x86)Common FilesResearch In MotionUSB DriversRIMBBLaunchAgent.exe [267792] [PID.6524]
[MD5.E5F1D2C7D51C816437BBE2306828BC4B] – (.Nuance Communications, Inc. – PaperPort Print to Desktop for NT.) — C:Program Files (x86)NuancePaperPortpptd40nt.exe [29984] [PID.6552]
[MD5.9F0ACAA725CF5A391AF7E2067AE45746] – (.Nuance Communications, Inc. – PdfCreateHook Application.) — C:Program Files (x86)NuancePDF Viewer PluspdfPro5Hook.exe [636192] [PID.6772]
[MD5.273653EE7F9201F31834A9E6C5CDCF62] – (.Dropbox, Inc. – Dropbox.) — C:UsersbernardAppDataRoamingDropboxbinDropbox.exe [29769432] [PID.6912]
[MD5.7F42FFCD6FF7CA558C2D95DADCD5EFA9] – (.Brother Industries, Ltd. – Brother Status Monitor Application.) — C:Program Files (x86)Browny02BrotherBrStMonW.exe [2621440] [PID.6968]
[MD5.A9F9D081518AC03A51C1195986076F42] – (.Apple Inc. – iTunesHelper.) — C:Program Files (x86)iTunesiTunesHelper.exe [152392] [PID.7000]
[MD5.F6158734F1E24C6C510155CF0D363911] – (.RealNetworks, Inc. – RealNetworks Scheduler.) — C:Program Files (x86)RealRealPlayerUpdaterealsched.exe [295512] [PID.7028]
[MD5.1F0A97900FC718CE617A722BEF8580CD] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe [3568312] [PID.7064]
[MD5.E3564D023DCCA4A1854DC2226C99120D] – (.Brother Industries, Ltd. – ControlCenter Main Process.) — C:Program Files (x86)ControlCenter4BrCtrlCntr.exe [335872] [PID.3048]
[MD5.7CFD44EDD74553FC8EE8479A79987579] – (.Brother Industries, Ltd. – ControlCenter UX System.) — C:Program Files (x86)ControlCenter4BrCcUxSys.exe [1204224] [PID.5004]
[MD5.3E399A1328181C2A352472369DE2A93A] – (.Google Inc. – Google Chrome.) — C:UsersbernardAppDataLocalGoogleChromeApplicationchrome.exe [844752] [PID.5324]
[MD5.4909B1F447FB468FCC49C52DFED99AE8] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8278528] [PID.1300]
[MD5.4D41D30E2FAB3307967C7A0B045DC874] – (.AVAST Software – avast! Service.) — C:Program FilesAVAST SoftwareAvastAvastSvc.exe [50344] [PID.1260]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] – (.Adobe Systems Incorporated – Adobe Acrobat Update Service.) — C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [65640] [PID.2036]
[MD5.4FE5C6D40664AE07BE5105874357D2ED] – (.Apple Inc. – MobileDeviceService.) — C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe [57008] [PID.1072]
[MD5.9DD3A22F804697606C2B7FF9E912FF6B] – (.Dritek System Inc. – Dritek WMI Service.) — C:Program Files (x86)Launch Managerdsiwmis.exe [353360] [PID.1812]
[MD5.21ACFD2B4BF6C0F4D9080A437E400E88] – (.Dritek System Inc. – Launch Manager utility process.) — C:Program Files (x86)Launch ManagerLMutilps32.exe [418896] [PID.2084]
[MD5.C9B2D1D3F86FD3673EF847DEF73B6F9E] – (.Acer Incorporated – Global Registration Service.) — C:Program Files (x86)AcerRegistrationGREGsvc.exe [36456] [PID.2152]
[MD5.F02A533F517EB38333CB12A9E8963773] – (.Google Inc. – Programme d’installation de Google.) — C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [136176] [PID.2352]
[MD5.CF7B0E597C1F34E528285495721DEEE9] – (.Google Inc. – Google Crash Handler.) — C:Program Files (x86)GoogleUpdate1.3.21.165GoogleCrashHandler.exe [237960] [PID.2396]
[MD5.1873214666F6F0A883742DF91FBC48C9] – (.NTI Corporation – Backup Manager Module.) — C:Program Files (x86)NTIAcer Backup ManagerIScheduleSvc.exe [256832] [PID.2652]
[MD5.C1C3BAF078BE5A14384A4BA2D730817D] – (.Nuance Communications, Inc. – PDFPro IFilter Service.) — C:Program Files (x86)NuancePaperPortPDFProFiltSrvPP.exe [144672] [PID.2676]
[MD5.96EFEC24346A8EB1157E80523079ADDC] – (…) — C:Program Files (x86)RealNetworksRealDownloaderrndlresolversvc.exe [39056] [PID.2736]
[MD5.39B1D0A636A400304565D4521FAD6D77] – (.Microsoft Corporation – Microsoft Application Virtualization Virtua.) — C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe [207528] [PID.1692]
[MD5.77C5A741A7452812F278EF2C18478862] – (.Microsoft Corporation – Microsoft Application Virtualization Client.) — C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe [523944] [PID.2784]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] – (.Microsoft Corporation – Microsoft Office Client Virtualization Serv.) — C:Program Files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.exe [822504] [PID.3312]
[MD5.686045905787B68D829CE647A6DFAD2B] – (.Research In Motion Limited – BlackBerry Device Manager.) — C:Program Files (x86)Common FilesResearch In MotionUSB DriversBbDevMgr.exe [577536] [PID.6700]
[MD5.EA7E57F87D6FEE5FD6C5F813C04E8CD2] – (.Brother Industries, Ltd. – BrYNCSvc.) — C:Program Files (x86)Browny02BrYNSvc.exe [245760] [PID.6160]
[MD5.E79A8E33BD136D14BAE1FA20EB2EF124] – (.Intel Corporation – IAStorDataSvc.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe [13592] [PID.6516]
[MD5.50C7CE53EF461870410355F1F2E7D515] – (.Intel Corporation – Local Manageability Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe [326168] [PID.1464]
[MD5.A072423C3812472D326BC774610055CF] – (.NVIDIA Corporation – NVIDIA Settings Update Manager.) — C:Program Files (x86)NVIDIA CorporationNVIDIA Updatusdaemonu.exe [2009704] [PID.6608]
[MD5.374EBDA379A8F38E0CFC2211611E7167] – (.Intel Corporation – User Notification Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe [2656280] [PID.4772]
~ Processes Running: Scanned in 00mn 04s

—\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:UsersbernardAppDataLocalGoogleChromeUser DataDefaultPreferences
G2 – GCE: Preference [User DataDefault] [janmfndmohbaaoocpcgfbghioojoakjg] rtplugin v.0.7 (Désactivé)
~ Google Browser: 13 Legitimates Filtered in 00mn 12s

—\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 – HKCUSOFTWAREClassesSoftwareMicrosoftInternet ExplorerMain,Start Page = http://search.rpidity.com” onclick=”window.open(this.href);return false; =>Adware.Boxore
~ IE Browser: 19 Legitimates Filtered in 00mn 00s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyHttp1.1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

—\ Internet Explorer Toolbars (O3)
O3 – Toolbar: (no name) [64Bits] – [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
O3 – Toolbar: Google Toolbar [64Bits] – [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. – Google Toolbar.) — C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll =>Toolbar.Google
~ Toolbar: Scanned in 00mn 00s

—\ Autres liens utilisateurs (O4)
O4 – GSDesktop [Public]: SUPERAntiSpyware Free Edition.lnk . (.SUPERAntiSpyware – SUPERAntiSpyware Application.) — C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
O4 – GSDesktop [Public]: WinZip.lnk . (.WinZip Computing, S.L. – WinZip.) — C:Program Files (x86)WinZipWINZIP32.exe
O4 – GSDesktop [UpdatusUser]: Piano Virtuel Midi.lnk . (.Home – Pas de description.) — C:Program Files (x86)PvmPiano virtuel midi.exe
O4 – GSQuickLaunch [bernard]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSProgram [bernard]: Create Amazing Presentations.lnk – Clé orpheline
O4 – GSProgram [bernard]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSProgram [bernard]: Search.lnk . (.Google Inc. – Google Chrome.) — C:UsersbernardAppDataLocalGoogleChromeApplicationchrome.exe
O4 – GSProgram [bernard]: Webplayer.lnk . (…) — C:UsersbernardAppDataRoamingMicrosoftInstaller{9937E55B-6331-4804-93EF-77E992F204BD}_3F7CDAE07E1639C4AEA7A8.exe
O4 – GSSystemTools [bernard]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSDesktop [bernard]: Create Amazing Presentations.lnk – Clé orpheline
O4 – GSDesktop [bernard]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:UsersbernardAppDataLocalGoogleChromeApplicationchrome.exe
O4 – GSDesktop [bernard]: SpyHunter.lnk . (…) — C:Program Files (x86)Enigma Software GroupSpyHunterSpyHunter4.exe (.not file.) =>Crapware.SpyHunter
~ Global Startup: 87 Legitimates Filtered in 00mn 02s

—\ Applications lancées au démarrage du sytème (O4)
O4 – GSStartup [Public]: Adobe Gamma Loader.exe.lnk . (.Adobe Systems, Inc. – Adobe Gamma Loader.) — C:Program Files (x86)Common FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 – GSStartup [Public]: Adobe Gamma Loader.lnk . (.Adobe Systems, Inc. – Adobe Gamma Loader.) — C:Program Files (x86)Common FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 – GSStartup [bernard]: Dropbox.lnk . (.Dropbox, Inc. – Dropbox.) — C:UsersbernardAppDataRoamingDropboxbinDropbox.exe =>.Dropbox
O4 – HKLM..Run: [IgfxTray] . (.Intel Corporation – igfxTray Module.) — C:Windowssystem32igfxtray.exe
O4 – HKLM..Run: [HotKeysCmds] . (.Intel Corporation – hkcmd Module.) — C:Windowssystem32hkcmd.exe
O4 – HKLM..Run: [Persistence] . (.Intel Corporation – persistence Module.) — C:Windowssystem32igfxpers.exe
O4 – HKLM..Run: [IntelTBRunOnce] . (.Microsoft Corporation – Microsoft ® Windows Based Script Host.) — C:WindowsSystem32wscript.exe
O4 – HKLM..Run: [SynTPEnh] C:Program Files (x86)SynapticsSynTPSynTPEnh.exe (.not file.)
O4 – HKLM..Run: [RtHDVCpl] . (.Realtek Semiconductor – Gestionnaire audio HD Realtek.) — C:Program FilesRealtekAudioHDARAVCpl64.exe =>.Realtek Semiconductor Corp
O4 – HKLM..Run: [RtHDVBg] . (.Realtek Semiconductor – HD Audio Background Process.) — C:Program FilesRealtekAudioHDARAVBg64.exe
O4 – HKLM..Run: [Power Management] . (.Acer Incorporated – ePowerTray.) — C:Program FilesAcerAcer ePower ManagementePowerTray.exe
O4 – HKCU..Run: [Google Update] . (.Google Inc. – Programme d’installation de Google.) — C:UsersbernardAppDataLocalGoogleUpdateGoogleUpdate.exe =>.Google Inc
O4 – HKCU..Run: [GoogleDriveSync] . (.Google – Google Drive.) — C:Program Files (x86)GoogleDrivegoogledrivesync.exe
O4 – HKCU..Run: [ISUSPM] . (.Acresso Corporation – Acresso Software Manager.) — C:ProgramDataFLEXnetConnect11ISUSPM.exe
O4 – HKCU..Run: [chromium] . (.Google Inc. – Google Chrome.) — C:UsersbernardAppDataLocalGoogleChromeApplicationchrome.exe
O4 – HKCU..Run: [Spotify Web Helper] . (.Spotify Ltd – SpotifyWebHelper.) — C:UsersbernardAppDataRoamingSpotifyDataSpotifyWebHelper.exe
O4 – HKCU..Run: [Spotify] . (.Spotify Ltd – Spotify.) — C:UsersbernardAppDataRoamingSpotifySpotify.exe
O4 – HKCU..Run: [SUPERAntiSpyware] . (.SUPERAntiSpyware – SUPERAntiSpyware Application.) — C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
O4 – HKLM..Wow6432NodeRun: [SuiteTray] . (.Egis Technology Inc. – SuiteTray.) — C:Program Files (x86)EgisTec MyWinLockerSuitex86SuiteTray.exe
O4 – HKLM..Wow6432NodeRun: [BackupManagerTray] . (.NTI Corporation – Acer Backup Manager.) — C:Program Files (x86)NTIAcer Backup ManagerBackupManagerTray.exe
O4 – HKLM..Wow6432NodeRun: [LManager] . (.Dritek System Inc. – Launch Manager.) — C:Program Files (x86)Launch ManagerLManager.exe
O4 – HKLM..Wow6432NodeRun: [Dolby Advanced Audio v2] . (.Dolby Laboratories Inc. – Dolby Profile Selector.) — C:Dolby PCEE4pcee4.exe
O4 – HKLM..Wow6432NodeRun: [ArcadeMovieService] . (.CyberLink Corp. – clear.fi Movie Resident Program.) — C:Program Files (x86)Acerclear.fiMovieclear.fiMovieService.exe
O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
O4 – HKLM..Wow6432NodeRun: [RIMBBLaunchAgent.exe] . (.Research In Motion Limited – Launch Agent Service.) — C:Program Files (x86)Common FilesResearch In MotionUSB DriversRIMBBLaunchAgent.exe
O4 – HKLM..Wow6432NodeRun: [IndexSearch] . (.Nuance Communications, Inc. – PaperPort IndexSearch.) — C:Program Files (x86)NuancePaperPortIndexSearch.exe
O4 – HKLM..Wow6432NodeRun: [PaperPort PTD] . (.Nuance Communications, Inc. – PaperPort Print to Desktop for NT.) — C:Program Files (x86)NuancePaperPortpptd40nt.exe
O4 – HKLM..Wow6432NodeRun: [PPort12reminder] . (.Nuance Communications, Inc. – Ereg.) — C:Program Files (x86)NuancePaperPortEregEreg.exe
O4 – HKLM..Wow6432NodeRun: [PDFHook] . (.Nuance Communications, Inc. – PdfCreateHook Application.) — C:Program Files (x86)NuancePDF Viewer Pluspdfpro5hook.exe
O4 – HKLM..Wow6432NodeRun: [PDF5 Registry Controller] . (.Nuance Communications, Inc. – PDF Converter Registry Controller.) — C:Program Files (x86)NuancePDF Viewer PlusRegistryController.exe
O4 – HKLM..Wow6432NodeRun: [ControlCenter4] . (.Brother Industries, Ltd. – ControlCenter Launcher.) — C:Program Files (x86)ControlCenter4BrCcBoot.exe
O4 – HKLM..Wow6432NodeRun: [BrStsMon00] . (.Brother Industries, Ltd. – Brother Status Monitor Application.) — C:Program Files (x86)Browny02BrotherBrStMonW.exe
O4 – HKLM..Wow6432NodeRun: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe
O4 – HKLM..Wow6432NodeRun: [QuickTime Task] C:Program Files (x86)QuickTimeQTTask.exe (.not file.)
O4 – HKLM..Wow6432NodeRun: [iTunesHelper] . (.Apple Inc. – iTunesHelper.) — C:Program Files (x86)iTunesiTunesHelper.exe
O4 – HKLM..Wow6432NodeRun: [TkBellExe] . (.RealNetworks, Inc. – RealNetworks Scheduler.) — c:program files (x86)realrealplayerUpdaterealsched.exe =>.RealNetworks, Inc
O4 – HKLM..Wow6432NodeRun: [20131121] . (.AVAST Software – avast! Emergency Update.) — C:Program FilesAVAST SoftwareAvastsetupemupdate88ba65b1-850c-4e60-b9f9-446f4e2e121d.exe
O4 – HKLM..Wow6432NodeRun: [AvastUI.exe] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe
O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-18..RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation – Installateur Windows®.) — C:WindowsSystem32msiexec.exe
O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-19..RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation – Installateur Windows®.) — C:WindowsSystem32msiexec.exe
O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation – Installateur Windows®.) — C:WindowsSystem32msiexec.exe
O4 – HKUSS-1-5-21-160993745-2553314427-2703230190-1000..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-21-160993745-2553314427-2703230190-1000..Run: [Bubble Dock] C:UsersbernardAppDataRoamingNosibayBubble DockLBubble Dock.exe (.not file.) =>PUP.BubbleDock
O4 – HKUSS-1-5-21-160993745-2553314427-2703230190-1000..Run: [Spotify] . (.Spotify Ltd – Spotify.) — C:UsersbernardAppDataRoamingSpotifySpotify.exe
O4 – HKUSS-1-5-21-160993745-2553314427-2703230190-1000..Run: [Google Update] . (.Google Inc. – Programme d’installation de Google.) — C:UsersbernardAppDataLocalGoogleUpdateGoogleUpdate.exe =>.Google Inc
O4 – HKUSS-1-5-21-160993745-2553314427-2703230190-1000..Run: [GoogleDriveSync] . (.Google – Google Drive.) — C:Program Files (x86)GoogleDrivegoogledrivesync.exe
O4 – HKUSS-1-5-21-160993745-2553314427-2703230190-1000..Run: [ISUSPM] . (.Acresso Corporation – Acresso Software Manager.) — C:ProgramDataFLEXnetConnect11ISUSPM.exe
O4 – HKUSS-1-5-21-160993745-2553314427-2703230190-1000..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{0A0FCD36-B937-42B0-A871-FD0BE1422C22}: DhcpNameServer = 192.168.1.254
O17 – HKLMSystemCCSServicesTcpip..{0A0FCD36-B937-42B0-A871-FD0BE1422C22}: DhcpDomain = lan
O17 – HKLMSystemCS1ServicesTcpip..{0A0FCD36-B937-42B0-A871-FD0BE1422C22}: DhcpNameServer = 192.168.1.254
O17 – HKLMSystemCS1ServicesTcpip..{0A0FCD36-B937-42B0-A871-FD0BE1422C22}: DhcpDomain = lan
O17 – HKLMSystemCS2ServicesTcpip..{0A0FCD36-B937-42B0-A871-FD0BE1422C22}: DhcpNameServer = 192.168.1.254
O17 – HKLMSystemCS2ServicesTcpip..{0A0FCD36-B937-42B0-A871-FD0BE1422C22}: DhcpDomain = lan
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: wlpg [64Bits] – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (…) —
O18 – Filter: text/xml [64Bits] – {807553E5-5146-11D5-A672-00B0D022E945} . (…) —
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WindowsSystem32igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

—\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 – AppInit_DLLs: . (.NVIDIA Corporation – NVIDIA Compatible NVIDIA shim initializatio.) – C:Windowssystem32nvinitx.dll
~ AppInit DLL: Scanned in 00mn 00s

—\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [4915] (…) — C:UsersbernardAppDataLocalTemplaunchie.vbs \B (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{F4C59A13-D42F-46A7-B69F-F85BBE699769}] (…) — C:UsersbernardDesktopagendus_ppc_pro_en.exe (.not file.) [0]
~ Scheduled Task: 36 Legitimates Filtered in 00mn 05s

—\ Logiciels installés (O42)
O42 – Logiciel: moteur de recherche – (.moteur de recherche.) [HKLM][64Bits] — moteur de recherche
O42 – Logiciel: searchweb – (.searchweb.) [HKLM][64Bits] — searchweb =>Adware.SocialSkinz
~ Logic: 46 Legitimates Filtered in 00mn 00s

—\ HKCU & HKLM Software Keys
[HKCUSoftwareIncrediMail]
[HKLMSoftwareWow6432NodeVBMZ] =>PUP.Duuqu
~ Key Software: 356 Legitimates Filtered in 00mn 00s

—\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 12/02/2013 – 22:15:13 – [3.549] —-D C:Program Files (x86)myprogramme
O43 – CFD: 12/01/2013 – 21:29:06 – [23.027] -SH-D C:ProgramData{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
O43 – CFD: 04/12/2013 – 09:08:52 – [0.005] —-D C:UsersbernardAppDataRoamingMicrosoftWindowsStart MenuProgramsSpyHunter =>Crapware.SpyHunter
~ Program Folder: 213 Legitimates Filtered in 01mn 19s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.F862CD08F1AD4EE39BD506853F3C6103] – 04/12/2013 – 08:58:07 —A- . (…) — C:WindowsSysNativeieuinit.inf [16284]
O44 – LFC:[MD5.F862CD08F1AD4EE39BD506853F3C6103] – 04/12/2013 – 08:58:07 —A- . (…) — C:WindowsSystem32ieuinit.inf [16284]
O44 – LFC:[MD5.B13E8BE035E82DC3454A9E01021EBE82] – 04/12/2013 – 09:02:47 —A- . (…) — C:WindowsIE11_main.log [11300]
O44 – LFC:[MD5.3B32CAA07D672F8A2E0DF5CB3A873F45] – 04/12/2013 – 09:08:58 —A- . (…) — C:WindowsSystem32DriversEsgScanner.sys [22704]
O44 – LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] – 04/12/2013 – 09:09:30 —A- . (…) — C:autoexec.bat [0]
~ Files: 147 Legitimates Filtered in 00mn 11s

—\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 – LFCP:[MD5.5000A4EBEF7367FEACB291062305FCAD] – 04/12/2013 – 18:54:30 —A- – C:WindowsPrefetchAOM.EXE-ABD07C38.pf
O45 – LFCP:[MD5.5A3327C63673063EE712FDDCCD93855D] – 05/12/2013 – 03:02:02 —A- – C:WindowsPrefetchSAS_ENUM_COOKIES.EXE-E21A2E94.pf
O45 – LFCP:[MD5.8A58DF311EE7424B8F95B0D4EB3E1BFE] – 05/12/2013 – 08:39:26 —A- – C:WindowsPrefetchCACLS.EXE-8712205B.pf
O45 – LFCP:[MD5.449C9C3329AAA130AD73B0D71A9835D2] – 05/12/2013 – 08:47:07 —A- – C:WindowsPrefetchINSTUP.EXE-DCA24DB4.pf
O45 – LFCP:[MD5.40CC36C36AB6F9ED9992F3DD62EACF81] – 05/12/2013 – 09:36:37 —A- – C:WindowsPrefetchEREG.EXE-F738280F.pf
O45 – LFCP:[MD5.FB782D6A59DEE35EA75EB0C3AB1EB5C3] – 05/12/2013 – 09:36:42 —A- – C:WindowsPrefetchREGISTRYCONTROLLER.EXE-17B661E5.pf
O45 – LFCP:[MD5.5F601C7CD9E679D4B9B2DC8C84D06AB7] – 05/12/2013 – 09:36:44 —A- – C:WindowsPrefetchPPTD40NT.EXE-A66F772B.pf
O45 – LFCP:[MD5.F4B054696C8D34C636B2829113F37AA1] – 05/12/2013 – 09:36:52 —A- – C:WindowsPrefetch88BA65B1-850C-4E60-B9F9-446F4-37E4F564.pf
O45 – LFCP:[MD5.F86B3C4F43EBE833A59E8D8EA19B6510] – 05/12/2013 – 09:41:47 —A- – C:WindowsPrefetchSUITETRAY.EXE-42757614.pf
O45 – LFCP:[MD5.941349E34A629B265AEF9C167AA2F0AF] – 05/12/2013 – 09:41:48 —A- – C:WindowsPrefetchSPOTIFY.EXE-EFEDE40C.pf
O45 – LFCP:[MD5.26D9B7D1DF25376D8B47C81E4398A983] – 05/12/2013 – 09:41:54 —A- – C:WindowsPrefetchPCEE4.EXE-98ED232C.pf
O45 – LFCP:[MD5.D0DD42E9E5F5244BB2154C00A00F49C4] – 05/12/2013 – 09:41:58 —A- – C:WindowsPrefetchPDFPRO5HOOK.EXE-9C159B49.pf
O45 – LFCP:[MD5.D1A45C5419C7D904502A04E1D6FA31A9] – 05/12/2013 – 09:42:15 —A- – C:WindowsPrefetchCLEAR.FIMOVIESERVICE.EXE-80711C0A.pf
O45 – LFCP:[MD5.41CB5ACBB36B287B098EFA2DDD160872] – 05/12/2013 – 09:42:20 —A- – C:WindowsPrefetchSSUPDATE64.EXE-9E235A90.pf
O45 – LFCP:[MD5.80B534ED3D802F1E506E1659A0DAE9B8] – 05/12/2013 – 09:45:30 —A- – C:WindowsPrefetchJRT (1).EXE-1E0F90C9.pf
O45 – LFCP:[MD5.1E1DD10096BB12ACEBC2284068409C3D] – 05/12/2013 – 10:11:56 —A- – C:WindowsPrefetchJRT.EXE-75C104C7.pf
O45 – LFCP:[MD5.18467E4B1BE5F7A9C91DB50B6B636C9F] – 05/12/2013 – 10:11:58 —A- – C:WindowsPrefetchWGET.DAT-7A88E9F6.pf
O45 – LFCP:[MD5.A9BC31F84C23EA3993C8835B019CD11A] – 05/12/2013 – 10:16:56 —A- – C:WindowsPrefetchFC.EXE-CE11E8DE.pf
O45 – LFCP:[MD5.8C798D7536074B95F88E1279814BEBFF] – 05/12/2013 – 10:18:15 —A- – C:WindowsPrefetchNIRCMD.DAT-D061C43C.pf
~ Prefetcher: 142 Legitimates Filtered in 00mn 01s

—\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] – 30/11/2013 – 22:48:55 —A- . (…) — C:WindowsSystem32DriversaswRvrt.sys [65776]
O58 – SDL:[MD5.59787B95DD9CA44CB139D96863438587] – 30/11/2013 – 22:48:55 —A- . (…) — C:WindowsSystem32DriversaswVmm.sys [205320]
O58 – SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] – 14/07/2009 – 02:47:48 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [530496]
O58 – SDL:[MD5.3B32CAA07D672F8A2E0DF5CB3A873F45] – 22/06/2012 – 11:01:32 —A- . (…) — C:WindowsSystem32DriversEsgScanner.sys [22704]
O58 – SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] – 10/06/2009 – 21:31:59 —A- . (.Hauppauge Computer Works, Inc. – Hauppauge WinTV 885 Consumer IR Driver for eHome.) — C:WindowsSystem32Drivershcw85cir.sys [31232]
O58 – SDL:[MD5.113212D25D0C9BB8901A9833774DA97F] – 15/02/2012 – 23:24:38 —A- . (.DEVGURU Co., LTD.(http://www.devguru.co.kr) – SAMSUNG USB Composite Device Driver (MSS Ver.3).) — C:WindowsSystem32Driversssudbus.sys [99384]
O58 – SDL:[MD5.78CD64791F8634CF7B582FD085E57C4B] – 15/02/2012 – 23:24:40 —A- . (.DEVGURU Co., LTD.(http://www.devguru.co.kr) – SAMSUNG Android Modem Device Driver (MSS Ver.3).) — C:WindowsSystem32Driversssudmdm.sys [203320]
O58 – SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] – 14/07/2009 – 02:45:55 —A- . (.Promise Technology – Promise SuperTrak EX Series Driver for Windows.) — C:WindowsSystem32Driversstexstor.sys [24656]
O58 – SDL:[MD5.C9E9D59C0099A9FF51697E9306A44240] – 13/12/2012 – 12:50:36 —A- . (.Apple, Inc. – Apple Mobile Device USB Driver.) — C:WindowsSystem32Driversusbaapl64.sys [54784]
~ Drivers: 18 Legitimates Filtered in 00mn 07s

—\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 02/12/2013 – 11:09:18 —A- . (…) — C:UsersbernardAppDataLocalGDIPFONTCACHEV1.DAT [105232]
O61 – LFC: 02/12/2013 – 11:10:20 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Local Storagehttp_www.bfmtv.com_0.localstorage [3072]
O61 – LFC: 02/12/2013 – 11:10:20 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Local Storagehttp_www.bfmtv.com_0.localstorage-journal [3608]
O61 – LFC: 02/12/2013 – 11:10:28 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Network Action Predictor [98304]
O61 – LFC: 02/12/2013 – 11:10:28 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Network Action Predictor-journal [16384]
O61 – LFC: 02/12/2013 – 11:10:30 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Shortcuts [53248]
O61 – LFC: 02/12/2013 – 11:10:30 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Shortcuts-journal [16384]
O61 – LFC: 02/12/2013 – 11:18:20 —A- . (.ZAMBOTTO.) — C:UsersbernardDocumentsCoursBTS Blanc AG1 12 2013 exercice bilan- resultat.doc [42496]
O61 – LFC: 02/12/2013 – 11:18:20 —A- . (.ZAMBOTTO.) — C:UsersbernardDocumentsCoursBTS Blanc exercice bilan- resultat.doc [223232]
O61 – LFC: 02/12/2013 – 11:18:20 —A- . (.bernard.) — C:UsersbernardDocumentsCoursBTS BLANC AG 1 2013.doc [53760]
O61 – LFC: 02/12/2013 – 11:18:23 —A- . (.bernard.) — C:UsersbernardDocumentsCoursLes BudgetsEx pibroque.doc [5120512]
O61 – LFC: 02/12/2013 – 11:18:23 -SHA- . (…) — C:UsersbernardDocumentsCoursLes BudgetsThumbs.db [70656]
O61 – LFC: 02/12/2013 – 11:18:24 –HA- . (…) — C:UsersbernardDocumentsCours~$S BLANC AG 1 2013.doc [162]
O61 – LFC: 02/12/2013 – 11:18:24 –HA- . (…) — C:UsersbernardDocumentsCours~$S Blanc AG1 12 2013 exercice bilan- resultat.doc [162]
O61 – LFC: 02/12/2013 – 11:18:24 –HA- . (…) — C:UsersbernardDocumentsCours~$S Blanc exercice bilan- resultat.doc [162]
O61 – LFC: 02/12/2013 – 11:18:24 –HA- . (…) — C:UsersbernardDocumentsCours~$ormule.docx [162]
O61 – LFC: 02/12/2013 – 11:19:21 —A- . (.ZAMBOTTO.) — C:UsersbernardDownloadsexercice bilan- resultat (1).doc [222208]
O61 – LFC: 02/12/2013 – 11:19:21 —A- . (.ZAMBOTTO.) — C:UsersbernardDownloadsexercice bilan- resultat (2).doc [222208]
O61 – LFC: 02/12/2013 – 11:19:21 —A- . (.ZAMBOTTO.) — C:UsersbernardDownloadsexercice bilan- resultat (3).doc [222208]
O61 – LFC: 02/12/2013 – 11:19:21 —A- . (.ZAMBOTTO.) — C:UsersbernardDownloadsexercice bilan- resultat (4).doc [222208]
O61 – LFC: 02/12/2013 – 11:19:21 —A- . (.ZAMBOTTO.) — C:UsersbernardDownloadsexercice bilan- resultat.doc [222208]
O61 – LFC: 02/12/2013 – 11:19:28 –HA- . (…) — C:UsersbernardDownloads~$ercice bilan- resultat (1).doc [162]
O61 – LFC: 03/12/2013 – 11:18:48 —A- . (…) — C:UsersbernardDocumentsKYO sushiPlan de CampagneBOL CARRÉ KEOPS 15 X 15 CM PALMIER PAR25.docx [32685]
O61 – LFC: 03/12/2013 – 11:18:48 —A- . (…) — C:UsersbernardDocumentsKYO sushipage1 stock 01122013.jpeg [632062]
O61 – LFC: 03/12/2013 – 11:18:48 —A- . (…) — C:UsersbernardDocumentsKYO sushipage1 stock 01122013.pdf [842805]
O61 – LFC: 03/12/2013 – 11:18:48 —A- . (.bernard.) — C:UsersbernardDocumentsKYO sushiPlan de CampagneASSIETTE RECTANGULAIRE CUADRA 25 X 17 CM PALMIER PAR25.doc [43008]
O61 – LFC: 03/12/2013 – 11:18:53 —A- . (…) — C:UsersbernardDocumentsKYO sushiPlan de CampagneRHmutuelle Lux NEAK.jpeg [714728]
O61 – LFC: 03/12/2013 – 11:18:53 —A- . (…) — C:UsersbernardDocumentsKYO sushiPlan de CampagneRHmutuelle Lux NEAK.pdf [972089]
O61 – LFC: 03/12/2013 – 11:18:53 -SHA- . (…) — C:UsersbernardDocumentsKYO sushiPlan de CampagneRHThumbs.db [701440]
O61 – LFC: 03/12/2013 – 11:18:56 –HA- . (…) — C:UsersbernardDocumentsKYO sushiPlan de Campagne~$L CARRÉ KEOPS 15 X 15 CM PALMIER PAR25.docx [162]
O61 – LFC: 03/12/2013 – 11:18:56 –HA- . (…) — C:UsersbernardDocumentsKYO sushiPlan de Campagne~$SIETTE RECTANGULAIRE CUADRA 25 X 17 CM PALMIER PAR25.doc [162]
O61 – LFC: 03/12/2013 – 11:19:08 -SHA- . (…) — C:UsersbernardDocumentsKYO sushiThumbs.db [1368576]
O61 – LFC: 03/12/2013 – 11:19:17 —A- . (…) — C:UsersbernardDownloads882999.pdf [94604]
O61 – LFC: 03/12/2013 – 11:19:27 -SHA- . (…) — C:UsersbernardDownloadsThumbs.db [5810688]
O61 – LFC: 04/12/2013 – 11:09:33 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 1Cookies [23552]
O61 – LFC: 04/12/2013 – 11:10:15 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2databasesDatabases.db [7168]
O61 – LFC: 04/12/2013 – 11:10:15 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2databasesDatabases.db-journal [5672]
O61 – LFC: 04/12/2013 – 11:10:15 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2databaseshttps_safecart.com_016 [5120]
O61 – LFC: 04/12/2013 – 11:10:18 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Local Storagehttps_safecart.com_0.localstorage [3072]
O61 – LFC: 04/12/2013 – 11:10:18 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Local Storagehttps_safecart.com_0.localstorage-journal [3608]
O61 – LFC: 04/12/2013 – 11:10:18 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Local Storagehttps_secure.shared.live.com_0.localstorage [10240]
O61 – LFC: 04/12/2013 – 11:10:18 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Local Storagehttps_secure.shared.live.com_0.localstorage-journal [10832]
O61 – LFC: 04/12/2013 – 11:10:19 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Local Storagehttp_lesvirus.fr_0.localstorage [3072]
O61 – LFC: 04/12/2013 – 11:10:19 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Local Storagehttp_lesvirus.fr_0.localstorage-journal [512]
O61 – LFC: 04/12/2013 – 11:10:20 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Local Storagehttp_vacances.groupon.fr_0.localstorage [5120]
O61 – LFC: 04/12/2013 – 11:10:20 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Local Storagehttp_vacances.groupon.fr_0.localstorage-journal [5672]
O61 – LFC: 04/12/2013 – 11:10:20 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Local Storagehttp_www.2-spyware.com_0.localstorage [3072]
O61 – LFC: 04/12/2013 – 11:10:20 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Local Storagehttp_www.2-spyware.com_0.localstorage-journal [512]
O61 – LFC: 04/12/2013 – 11:10:20 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Local Storagehttp_www.commentcamarche.net_0.localstorage [3072]
O61 – LFC: 04/12/2013 – 11:10:20 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Local Storagehttp_www.commentcamarche.net_0.localstorage-journal [3608]
O61 – LFC: 04/12/2013 – 11:10:28 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Origin Bound Certs [35840]
O61 – LFC: 04/12/2013 – 11:10:28 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Origin Bound Certs-journal [3608]
O61 – LFC: 04/12/2013 – 11:10:49 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 3Cookies [366592]
O61 – LFC: 04/12/2013 – 11:17:44 R–A- . (…) — C:UsersbernardAppDataRoamingMicrosoftInstaller{72AAF455-1E54-475B-B0AB-5413C78D0E63}Icon1226A4C5.exe [110080]
O61 – LFC: 04/12/2013 – 11:17:44 R–A- . (…) — C:UsersbernardAppDataRoamingMicrosoftInstaller{72AAF455-1E54-475B-B0AB-5413C78D0E63}IconD7F16134.exe [110080]
O61 – LFC: 04/12/2013 – 11:17:44 R–A- . (…) — C:UsersbernardAppDataRoamingMicrosoftInstaller{72AAF455-1E54-475B-B0AB-5413C78D0E63}IconF7A21AF7.exe [110080]
O61 – LFC: 04/12/2013 – 11:18:45 —A- . (…) — C:UsersbernardDocumentsKYO sushiPAAHachoir 30 kg FTSM101 – METRO.pdf [217225]
O61 – LFC: 04/12/2013 – 11:18:53 —A- . (.bernard.) — C:UsersbernardDocumentsKYO sushiPlan de CampagneSuggestions du chef menu PDC.doc [801792]
O61 – LFC: 04/12/2013 – 11:19:17 —A- . (…) — C:UsersbernardDownloadsadwcleaner.exe [1110034]
O61 – LFC: 04/12/2013 – 11:19:27 —A- . (.SUPERAntiSpyware.) — C:UsersbernardDownloadsSUPERAntiSpyware.exe [28742296]
O61 – LFC: 04/12/2013 – 11:19:28 —A- . (.sbi.) — C:UsersbernardDownloadsUtilisation vehicules KYO SUSHI (1).doc [19968]
O61 – LFC: 04/12/2013 – 11:19:28 —A- . (.sbi.) — C:UsersbernardDownloadsUtilisation vehicules KYO SUSHI.doc [19968]
O61 – LFC: 05/12/2013 – 11:09:21 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataCertificate Revocation Lists [264845]
O61 – LFC: 05/12/2013 – 11:09:32 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataLocal State [54561]
O61 – LFC: 05/12/2013 – 11:09:45 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Archived History [4317184]
O61 – LFC: 05/12/2013 – 11:09:45 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Archived History-journal [16384]
O61 – LFC: 05/12/2013 – 11:10:15 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Cookies [1067008]
O61 – LFC: 05/12/2013 – 11:10:15 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Cookies-journal [16384]
O61 – LFC: 05/12/2013 – 11:10:15 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Custom Dictionary.txt [64]
O61 – LFC: 05/12/2013 – 11:10:15 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Custom Dictionary.txt.backup [55]
O61 – LFC: 05/12/2013 – 11:10:15 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Extension RulesCURRENT [16]
O61 – LFC: 05/12/2013 – 11:10:15 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Extension RulesLOG [148]
O61 – LFC: 05/12/2013 – 11:10:15 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Extension RulesLOG.old [148]
O61 – LFC: 05/12/2013 – 11:10:15 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Extension StateCURRENT [16]
O61 – LFC: 05/12/2013 – 11:10:15 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Extension StateLOG [148]
O61 – LFC: 05/12/2013 – 11:10:15 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Extension StateLOG.old [148]
O61 – LFC: 05/12/2013 – 11:10:15 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Extension StateMANIFEST-000586 [519]
O61 – LFC: 05/12/2013 – 11:10:15 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2databaseschrome-extension_jidjhchcblhlapbcpheibgdjkajekhbh_011 [24576]
O61 – LFC: 05/12/2013 – 11:10:17 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Favicons [2885632]
O61 – LFC: 05/12/2013 – 11:10:17 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Favicons-journal [16384]
O61 – LFC: 05/12/2013 – 11:10:17 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2History [5251072]
O61 – LFC: 05/12/2013 – 11:10:17 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2History Provider Cache [438194]
O61 – LFC: 05/12/2013 – 11:10:17 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2History-journal [16384]
O61 – LFC: 05/12/2013 – 11:10:17 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Last Session [155788]
O61 – LFC: 05/12/2013 – 11:10:17 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Last Tabs [8]
O61 – LFC: 05/12/2013 – 11:10:17 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Local Extension SettingsjidjhchcblhlapbcpheibgdjkajekhbhCURRENT [16]
O61 – LFC: 05/12/2013 – 11:10:17 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Local Extension SettingsjidjhchcblhlapbcpheibgdjkajekhbhLOG [267]
O61 – LFC: 05/12/2013 – 11:10:17 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Local Extension SettingsjidjhchcblhlapbcpheibgdjkajekhbhLOG.old [267]
O61 – LFC: 05/12/2013 – 11:10:17 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Local Extension SettingsjidjhchcblhlapbcpheibgdjkajekhbhMANIFEST-000168 [283]
O61 – LFC: 05/12/2013 – 11:10:17 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Local Storagehttps_dashbox.soundcloud.com_0.localstorage [3072]
O61 – LFC: 05/12/2013 – 11:10:17 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Local Storagehttps_dashbox.soundcloud.com_0.localstorage-journal [3608]
O61 – LFC: 05/12/2013 – 11:10:18 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Local Storagehttps_soundcloud.com_0.localstorage [15360]
O61 – LFC: 05/12/2013 – 11:10:18 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Local Storagehttps_soundcloud.com_0.localstorage-journal [13928]
O61 – LFC: 05/12/2013 – 11:10:18 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Local Storagehttps_www.youtube.com_0.localstorage [64512]
O61 – LFC: 05/12/2013 – 11:10:18 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Local Storagehttps_www.youtube.com_0.localstorage-journal [16384]
O61 – LFC: 05/12/2013 – 11:10:19 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Local Storagehttp_f.crdrjs.info_0.localstorage [3072]
O61 – LFC: 05/12/2013 – 11:10:19 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Local Storagehttp_f.crdrjs.info_0.localstorage-journal [512]
O61 – LFC: 05/12/2013 – 11:10:19 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Local Storagehttp_fr.wikipedia.org_0.localstorage [598016]
O61 – LFC: 05/12/2013 – 11:10:19 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Local Storagehttp_fr.wikipedia.org_0.localstorage-journal [16384]
O61 – LFC: 05/12/2013 – 11:10:19 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Local Storagehttp_fra1.ib.adnxs.com_0.localstorage [3072]
O61 – LFC: 05/12/2013 – 11:10:19 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Local Storagehttp_fra1.ib.adnxs.com_0.localstorage-journal [3608]
O61 – LFC: 05/12/2013 – 11:10:19 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Local Storagehttp_googleads.g.doubleclick.net_0.localstorage [3072]
O61 – LFC: 05/12/2013 – 11:10:19 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Local Storagehttp_googleads.g.doubleclick.net_0.localstorage-journal [3608]
O61 – LFC: 05/12/2013 – 11:10:19 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Local Storagehttp_ib.adnxs.com_0.localstorage [3072]
O61 – LFC: 05/12/2013 – 11:10:19 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Local Storagehttp_ib.adnxs.com_0.localstorage-journal [3608]
O61 – LFC: 05/12/2013 – 11:10:19 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Local Storagehttp_maps-4-u.com_0.localstorage [3072]
O61 – LFC: 05/12/2013 – 11:10:19 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Local Storagehttp_maps-4-u.com_0.localstorage-journal [3608]
O61 – LFC: 05/12/2013 – 11:10:19 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Local Storagehttp_maps-for-u.com_0.localstorage [3072]
O61 – LFC: 05/12/2013 – 11:10:19 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Local Storagehttp_maps-for-u.com_0.localstorage-journal [3608]
O61 – LFC: 05/12/2013 – 11:10:19 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Local Storagehttp_runcdns.com_0.localstorage [3072]
O61 – LFC: 05/12/2013 – 11:10:19 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Local Storagehttp_runcdns.com_0.localstorage-journal [3608]
O61 – LFC: 05/12/2013 – 11:10:20 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Local Storagehttp_static.live-lyrics.com_0.localstorage [2907136] =>Adware.AddLyrics
O61 – LFC: 05/12/2013 – 11:10:20 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Local Storagehttp_static.live-lyrics.com_0.localstorage-journal [16384] =>Adware.AddLyrics
O61 – LFC: 05/12/2013 – 11:10:21 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Local Storagehttp_www.forum-auto.com_0.localstorage [3072]
O61 – LFC: 05/12/2013 – 11:10:21 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Local Storagehttp_www.forum-auto.com_0.localstorage-journal [3608]
O61 – LFC: 05/12/2013 – 11:10:21 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Local Storagehttp_www.superfish.com_0.localstorage [5120]
O61 – LFC: 05/12/2013 – 11:10:21 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Local Storagehttp_www.superfish.com_0.localstorage-journal [5672]
O61 – LFC: 05/12/2013 – 11:10:22 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Login Data [18432]
O61 – LFC: 05/12/2013 – 11:10:22 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Login Data-journal [10792]
O61 – LFC: 05/12/2013 – 11:10:22 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Managed Mode Settings [8]
O61 – LFC: 05/12/2013 – 11:10:30 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Preferences [733512]
O61 – LFC: 05/12/2013 – 11:10:30 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2QuotaManager [23552]
O61 – LFC: 05/12/2013 – 11:10:30 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2QuotaManager-journal [13928]
O61 – LFC: 05/12/2013 – 11:10:30 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Session StorageCURRENT [16]
O61 – LFC: 05/12/2013 – 11:10:30 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Session StorageLOG [277]
O61 – LFC: 05/12/2013 – 11:10:30 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Session StorageLOG.old [790]
O61 – LFC: 05/12/2013 – 11:10:30 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Session StorageMANIFEST-006979 [433]
O61 – LFC: 05/12/2013 – 11:10:30 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Sync DataSyncData.sqlite3 [1359872]
O61 – LFC: 05/12/2013 – 11:10:30 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Sync DataSyncData.sqlite3-journal [16384]
O61 – LFC: 05/12/2013 – 11:10:30 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Top Sites [417792]
O61 – LFC: 05/12/2013 – 11:10:30 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Top Sites-journal [16384]
O61 – LFC: 05/12/2013 – 11:10:30 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2TransportSecurity [5113]
O61 – LFC: 05/12/2013 – 11:10:30 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Visited Links [524192]
O61 – LFC: 05/12/2013 – 11:10:30 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Web Data [124928]
O61 – LFC: 05/12/2013 – 11:10:30 —A- . (…) — C:UsersbernardAppDataLocalGoogleChromeUser DataProfile 2Web Data-journal [16384]
O61 – LFC: 05/12/2013 – 11:18:07 —A- . (…) — C:UsersbernardAppDataRoamingZHPLog.txt [18209] =>.Nicolas Coolman
O61 – LFC: 05/12/2013 – 11:18:07 —A- . (…) — C:UsersbernardAppDataRoamingZHPTestsZHPDiag.txt [2911] =>.Nicolas Coolman
O61 – LFC: 05/12/2013 – 11:19:17 —A- . (…) — C:UsersbernardDownloadsadwcleaner (1).exe [1110034]
~ 1329 Fichiers temporaires (Temporary files)
~ Files: 3567 Legitimates Filtered in 12mn 05s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:UsersbernardAppDataLocalGoogleChromeApplicationchrome.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
~ Keys: Scanned in 00mn 00s

—\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.7A93E7D6377640A2338438D1C51E2D3E] [SPRF][10/01/2013] (…) — C:UsersbernardAppDataLocalTempcacaonewaf94ed.exe [436224] =>PUP.CacaoWeb
[MD5.64CFBC94D91422A749F56D29F2C4BF89] [SPRF][19/03/2012] (…) — C:UsersbernardAppDataLocalTempconverter.exe [5254656]
[MD5.B919F915239E373275D4836A019166C2] [SPRF][13/08/2012] (…) — C:UsersbernardAppDataLocalTempdefaultCache.reg [1469030]
[MD5.3B32CAA07D672F8A2E0DF5CB3A873F45] [SPRF][22/06/2012] (…) — C:UsersbernardAppDataLocalTempESGScanner.sys [22704]
[MD5.9495FF73014B8A17BD4798911AD097FA] [SPRF][20/09/2011] (…) — C:UsersbernardAppDataLocalTempExtract.bat [87]
[MD5.1BB559316ECE8CA605DC9C974D7592D0] [SPRF][01/01/2013] (…) — C:UsersbernardAppDataLocalTempICReinstall_Webplayer_FR (5).exe [1208696]
[MD5.1EF36B4C0944E43F6B51433438475056] [SPRF][13/01/2013] (…) — C:UsersbernardAppDataLocalTempICReinstall_Webplayer_FR (9).exe [1203064]
[MD5.8525CB5D57FBB87967169BC0735BDE57] [SPRF][10/12/2011] (.Complitly – Complitly Setup.) — C:UsersbernardAppDataLocalTempKreapixel_addonAcPro.exe [579904] =>Adware.PredictAd
[MD5.7C90F77D368CABEA7B726A3758D6D761] [SPRF][07/12/2011] (.Babylon Ltd. – Babylon Client Setup.) — C:UsersbernardAppDataLocalTempMyBabylonTB.exe [919664] =>PUP.Babylon
[MD5.064377C8DA0B7BC08525FA09B4889F63] [SPRF][04/07/2013] (…) — C:UsersbernardAppDataLocalTemppool.bin [256]
[MD5.F3B33AC8EF0950E8F37AC867DB2825F6] [SPRF][03/11/2013] (…) — C:UsersbernardAppDataLocalTempQuarantine.exe [350259]
[MD5.466C4732BC4B126B94B0E69C6B5A2348] [SPRF][01/09/2013] (.Pas de propriétaire – SendMsg.) — C:UsersbernardAppDataLocalTempSendMsg.dll [9216]
[MD5.107DD417BE37F067AF3139976CD93C9B] [SPRF][07/12/2011] (…) — C:UsersbernardAppDataLocalTempSetup.exe [398635]
[MD5.C8F3AD4CA2B268C6F939739E7547AD48] [SPRF][04/12/2013] (…) — C:UsersbernardAppDataLocalTempSHSetup.exe [46777424] =>Crapware.SpyHunter
[MD5.C6D792E4583FC46DB0953FBF6E46348A] [SPRF][01/01/2013] (.SweetIM Technologies Lt – This installer.) — C:UsersbernardAppDataLocalTempSIMEEI2Installer.exe [2962432] =>PUP.SweetIM
[MD5.7704B843006444B69486FD27D4660845] [SPRF][01/01/2013] (.SweetIM Technologies Lt – This installer.) — C:UsersbernardAppDataLocalTempSIMEEIInstaller.exe [3380216] =>PUP.SweetIM
[MD5.5E489DE183B5F1BFEF58693EDA84FED8] [SPRF][08/03/2012] (.Spotify Ltd – Spotify Installer.) — C:UsersbernardAppDataLocalTempSpotifyUpgrader.exe [18294824]
[MD5.63BFC94267B804D44445C9E31A52374F] [SPRF][11/11/2013] (…) — C:UsersbernardAppDataLocalTempUninst.bat [642]
[MD5.273C96DABA53C76C83149101393F643E] [SPRF][11/07/2013] (.Babylon Ltd. – Uninstaller Application.) — C:UsersbernardAppDataLocalTempuninst1.exe [339016] =>PUP.Babylon
~ Files: 24 Legitimates Filtered in 00mn 03s

—\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 – FAEL: “{DE53863C-53BC-4790-A7BF-17027034C209}” |In – Private – P6 – TRUE | .(…) — C:Program Files (x86)SweetIMCommunicatorSweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
O87 – FAEL: “{657B77B1-37E1-4680-B23C-0A690FECA483}” |In – Private – P17 – TRUE | .(…) — C:Program Files (x86)SweetIMCommunicatorSweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
O87 – FAEL: “TCP Query User{468FDD14-CDFB-4D07-AC77-B14DC104279A}C:usersbernardappdataroamingcacaowebcacaoweb.exe” |In – Private – P6 – TRUE | .(…) — C:usersbernardappdataroamingcacaowebcacaoweb.exe (.not file.) =>PUP.CacaoWeb
O87 – FAEL: “UDP Query User{834C44D0-888E-4ED7-8850-332A789F962B}C:usersbernardappdataroamingcacaowebcacaoweb.exe” |In – Private – P17 – TRUE | .(…) — C:usersbernardappdataroamingcacaowebcacaoweb.exe (.not file.) =>PUP.CacaoWeb
O87 – FAEL: “TCP Query User{765D6F94-C995-4601-A2EB-9B095F76B06B}C:usersbernardappdataroamingcacaowebcacaoweb.exe” |In – Public – P6 – TRUE | .(…) — C:usersbernardappdataroamingcacaowebcacaoweb.exe (.not file.) =>PUP.CacaoWeb
O87 – FAEL: “UDP Query User{5901727E-A144-4F51-AE70-EB7A5EE77975}C:usersbernardappdataroamingcacaowebcacaoweb.exe” |In – Public – P17 – TRUE | .(…) — C:usersbernardappdataroamingcacaowebcacaoweb.exe (.not file.) =>PUP.CacaoWeb
O87 – FAEL: “{BD403ABC-B796-44E0-ABC0-16699615D18E}” |In – Private – P6 – TRUE | .(…) — C:WindowsSystem32dmwu.exe (.not file.)
O87 – FAEL: “{21E4C929-8BE6-4D03-A5DC-7811DBB915F6}” |In – Private – P17 – TRUE | .(…) — C:WindowsSystem32dmwu.exe (.not file.)
O87 – FAEL: “{3D77C93F-E045-42ED-ACE2-EB349425F08E}” |In – Public – P6 – TRUE | .(…) — C:WindowsSystem32dmwu.exe (.not file.)
O87 – FAEL: “{2605698D-20F5-4731-B369-4864475E279D}” |In – Public – P17 – TRUE | .(…) — C:WindowsSystem32dmwu.exe (.not file.)
O87 – FAEL: “{084FB28C-1D9B-4604-AEC3-16906F668581}” |In – None – P17 – TRUE | .(…) — C:Program Files (x86)IminentIminent.exe (.not file.) =>Adware.IMBooster
O87 – FAEL: “{B6324268-0E63-42B6-ABD8-376A5668D023}” |In – None – P17 – TRUE | .(…) — C:Program Files (x86)IminentIminent.Messengers.exe (.not file.) =>Adware.IMBooster
~ Firewall: 245 Legitimates Filtered in 00mn 01s