---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\system32\shell32.dll
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- "%1" %*
O67 - Shell Spawning: <.com> <ComFile>[HKLM\..\open\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- "%1" %*
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\system32\shell32.dll
O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- "%1" %*
O67 - Shell Spawning: <.com> <ComFile>[HKCR\..\open\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- "%1" %*
O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
~ Scan Keys in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe
O68 - StartMenuInternet: <Safari.exe> <Safari>[HKLM\..\Shell\open\Command] (.Apple Inc. - Safari.) -- C:\Program Files\Safari\Safari.exe
~ Scan Keys in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: prefs.js [Sarah - eh3dtbf6.default] user_pref("CT2851639.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2851639
O69 - SBI: prefs.js [Sarah - eh3dtbf6.default] user_pref("ConduitEngine.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) -
http://www.bing.comO69 - SBI: SearchScopes [HKCU] {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - (Ask Search) -
http://tbsearch.ask.comO69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) -
http://www.google.comO69 - SBI: SearchScopes [HKCU] {9C8074B6-7B6B-4EE6-8448-AAF83A23DD22} - (Google) -
http://www.google.comO69 - SBI: SearchScopes [HKCU] {B0967535-ECAC-4630-B4BE-376FA699A124} - (Yahoo! France) -
http://fr.search.yahoo.com~ Scan Keys in 00mn 00s
---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.A6C18EAEE88228169764D8BB2EA39B8F] [SPRF][26/03/2009] (...) -- C:\Users\Sarah\AppData\Local\iycmi.bat [88]
[MD5.D0313FE25C02FD1E07BF80E79DE1718E] [SPRF][12/02/2009] (...) -- C:\Users\Sarah\AppData\Local\rvalptg.bat [90]
[MD5.CBE5295F531FE8A59FA741250BE30865] [SPRF][23/07/2008] (...) -- C:\Users\Sarah\Desktop\antivir_workstation_winu_en_h.exe [25049240]
[MD5.D59F24B86431EEB25281BCE7817783F1] [SPRF][15/11/2010] (.Pas de propriétaire - Audacity Setup.) -- C:\Users\Sarah\Desktop\audacity-win-1.2.6.exe [2228534]
[MD5.B8F465616861BD66FA4F1239FDAD9F08] [SPRF][30/04/2009] (.Electronic Arts - Autorun Application.) -- C:\Users\Sarah\Desktop\Autorun.exe [54544]
[MD5.44593B21F369C879E94437ED62222859] [SPRF][07/11/2009] (.Piriform Ltd - CCleaner Installer.) -- C:\Users\Sarah\Desktop\ccsetup225_slim.exe [1067856]
[MD5.BCA11B7E7F05B428E5D096FCED90B03B] [SPRF][24/07/2008] (.COMODO - COMODO Firewall Installer.) -- C:\Users\Sarah\Desktop\CFP_Setup_3.0.25.378_XP_Vista_x32.exe [19564288]
[MD5.37C4EDFB87F6BAC764910A0745B681A3] [SPRF][04/01/2011] (...) -- C:\Users\Sarah\Desktop\Elf_1.exe [2485584]
[MD5.CFE340BAB437D912A7FC7DB1A545DCE0] [SPRF][27/12/2008] (...) -- C:\Users\Sarah\Desktop\eMule0.49b-Installer1.exe [3231826]
[MD5.28CD7E4F65E737F59F7EB2EDAF35DC1F] [SPRF][17/12/2009] (.Mozilla - Firefox.) -- C:\Users\Sarah\Desktop\Firefox Setup 3.5.6.exe [8143344]
[MD5.F51971D87D5839DE0499FA20FF54D92B] [SPRF][05/01/2010] (.Greentube AG - Ski Challenge 2010 (FTV).) -- C:\Users\Sarah\Desktop\FR-SkiChallenge10.exe [40187520]
[MD5.E8269245566BE948F6A219135B434160] [SPRF][04/04/2009] (.Trend Micro Inc. - HijackThis.) -- C:\Users\Sarah\Desktop\HiJackThis.exe [401720]
[MD5.C60983BC8885FF55F666F7BB626441A6] [SPRF][14/04/2011] (.Adobe Systems, Inc. - Adobe® Flash® Player Installer/Uninstaller 10.2 r153.) -- C:\Users\Sarah\Desktop\install_flash_player.exe [2833568]
[MD5.626330E517187B37226EE7C73A653E6D] [SPRF][19/07/2011] (.Adobe Systems, Inc. - Adobe® Flash® Player Installer/Uninstaller 10.3 r181.) -- C:\Users\Sarah\Desktop\install_flash_player_ax.exe [3124384]
[MD5.79CA0CD09F089FC68F5393AE2EFF64AB] [SPRF][25/01/2011] (.Apple Inc. - iTunes Installer.) -- C:\Users\Sarah\Desktop\iTunesSetup (1).exe [81876264]
[MD5.CE495BB9B9AF04340D5D484AC3F29C2A] [SPRF][03/11/2009] (.Apple Inc. - iTunes Installer.) -- C:\Users\Sarah\Desktop\iTunesSetup.exe [93226280]
[MD5.866E72C78E98CA4919CD16724A3BD4C1] [SPRF][24/10/2009] (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Users\Sarah\Desktop\mbam-setup.exe [4045528]
[MD5.D5F4AB6063B3B3795B1C0F0CF30C7DFB] [SPRF][01/02/2009] (.Microsoft Corporation - Win32 Cabinet Self-Extractor.) -- C:\Users\Sarah\Desktop\msicuu2.exe [359656]
[MD5.E8269245566BE948F6A219135B434160] [SPRF][04/04/2009] (.Trend Micro Inc. - HijackThis.) -- C:\Users\Sarah\Desktop\Sarah.exe [401720]
[MD5.DBB952921D1745486F0DF8512540E54B] [SPRF][06/09/2010] (.Pas de propriétaire - AVAST Software Setup Engine.) -- C:\Users\Sarah\Desktop\setup_av_free_fre.exe [49513448]
[MD5.E230F3DCD78E462DBF1DD538FC70FF2A] [SPRF][26/03/2009] (.Microsoft Corporation - Self Extracting Stub.) -- C:\Users\Sarah\Desktop\Windows6.0-KB936330-X86-wave0.exe [455611504]
[MD5.169F4C5A54AABECEFE123919C28E12C0] [SPRF][11/09/2010] (.Pas de propriétaire - Weight Watchers Points Calculator Setup.) -- C:\Users\Sarah\Desktop\WWPC-Setup.exe [414440]
[MD5.DD3975246D8928C04549B31B6B49434F] [SPRF][24/03/2008] (.Adobe Systems Incorporated - Adobe® Flash® Player ActiveX Installer.) -- C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe [1527056]
[MD5.C86E26B3238837484F69273648DD3BEE] [SPRF][16/06/2010] (.IPLabs GmbH - JordanApplet http file uploader.) -- C:\Windows\Downloaded Program Files\JordanApplet.dll [3237328]
[MD5.7B995B40BAA728B52BE7951A08DCA153] [SPRF][05/05/2010] (...) -- C:\Windows\Downloaded Program Files\JuniperExt.exe [398704]
[MD5.DC38B1B71CB7FF8F4241333B9EC84F03] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\lfbmp13n.dll [57344]
[MD5.6CBA9ECE3186ADEAE144A79E3AC769FE] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\lfcmp13n.dll [401408]
[MD5.BDD316D6479220B8FA2A911262898640] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\lfeps13n.dll [65536]
[MD5.8B83DC9053B8164731B15AF455CBD9A9] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\lffax13n.dll [98304]
[MD5.A63B94BB949D5E836F144A0A754E5451] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\lfgif13n.dll [69632]
[MD5.1E1FDE2FF4B0197EF8A36259244CF142] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\lfpcd13n.dll [49152]
[MD5.9D9CA493D0864DF83D282E2393FE5825] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\lfpcx13n.dll [53248]
[MD5.AD6D6FAC370748775FB9FB33A398BFF9] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\lfpng13n.dll [159744]
[MD5.4A3A0CE4ED63580116A7354E06B42CDF] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\lfpsd13n.dll [55808]
[MD5.BBBE68D622945FF8BC9CE847975B2389] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\lftga13n.dll [53248]
[MD5.333F810C00745C05EDF17D6580A4601E] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\lftif13n.dll [155648]
[MD5.E220815EECAD443CDAE2E0C221E51105] [SPRF][15/12/2009] (.IPLabs GmbH - ImageMagick Wrapper DLL.) -- C:\Windows\Downloaded Program Files\libwrpmag.dll [2994176]
[MD5.9788C72C2EC7011E6CC40CFDD5CE2251] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\ltclr13n.dll [1693696]
[MD5.55D16BEB62D0B6C54CE315F7063FA7A1] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\ltdis13n.dll [299008]
[MD5.F56BA445D7D36EB4DDBFE4477BAD594D] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\ltefx13n.dll [206336]
[MD5.BF1727ED495670881E18E346D162CA3D] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\ltfil13n.dll [163840]
[MD5.209B65395E75CD957E14B8EC3C742A7B] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\ltimg13n.dll [450560]
[MD5.CEFC7E62D25BDC3A4501062718D0A65F] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\ltkrn13n.dll [462848]
[MD5.A0F541D9D2CACEEC7A4A378CD0C31626] [SPRF][20/11/2006] (.Microsoft® Corporation - MSN Photo Upload Tool.) -- C:\Windows\Downloaded Program Files\MsnPUpld.dll [543544]
[MD5.4690A678A1EC998100506D9A5809181A] [SPRF][20/11/2006] (.Eastman Kodak - PCDLIB32.) -- C:\Windows\Downloaded Program Files\pcdlib32.dll [212480]
[MD5.732CACA8E848F6E721B093E51FC50B1D] [SPRF][09/01/2007] (.Microsoft® Corporation - Outil MSN Téléchargement de photos.) -- C:\Windows\Downloaded Program Files\PURfr-fr.dll [110592]
[MD5.7FAF5222EEB546E1DC0F348DCB314B0B] [SPRF][29/08/2006] (.Zylom Games - Zylom Games Player.) -- C:\Windows\Downloaded Program Files\zylomgamesplayer.dll [161976]
~ Scan Files in 00mn 18s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{C811BB3A-C6BF-48F1-A9B2-9E3A25CD7478}" | In - Public - P6 - TRUE | .(...) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe
O87 - FAEL: "{EF6CA61F-9863-45F4-8549-FD48443B7E7E}" | In - Public - P17 - TRUE | .(...) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe
O87 - FAEL: "{AD63F5DE-D4D5-42A6-8136-9102C7EF05E3}" | In - Public - P6 - TRUE | .(...) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O87 - FAEL: "{0AB6ED54-0E52-40D4-9621-20AB7D749574}" | In - Public - P17 - TRUE | .(...) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O87 - FAEL: "{66FF50A4-40D9-4C3E-A4CD-BC4C3A933208}" | In - Public - P6 - TRUE | .(.Intel(R) Corporation - Intel® Remoting Service.) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O87 - FAEL: "{DBCB39EF-C1D7-4419-9ECE-DE15D7C52483}" | In - Public - P17 - TRUE | .(.Intel(R) Corporation - Intel® Remoting Service.) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O87 - FAEL: "TCP Query User{6917B577-D2E6-48FD-A28A-3BA24F474421}C:\program files\emule\emule.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files\emule\emule.exe (.not file.)
O87 - FAEL: "UDP Query User{07CEEEFA-CE9C-495D-84EE-FBC78E3FC9A3}C:\program files\emule\emule.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files\emule\emule.exe (.not file.)
O87 - FAEL: "{63327458-4334-489F-B353-AA1E2EB99486}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\Winamp Remote\bin\Orb.exe (.not file.)
O87 - FAEL: "{3406DB5A-8FF1-4478-9DA6-F71680F16A9C}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\Winamp Remote\bin\Orb.exe (.not file.)
O87 - FAEL: "{F54D1984-7390-4F43-979A-877D587FAAD8}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\Winamp Remote\bin\OrbTray.exe (.not file.)
O87 - FAEL: "{8DD60B67-1B2D-4876-A404-2B8F1B0811EA}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\Winamp Remote\bin\OrbTray.exe (.not file.)
O87 - FAEL: "{6685B999-8B2C-4A2C-B091-0ACC75AA523B}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\Winamp Remote\bin\OrbIR.exe (.not file.)
O87 - FAEL: "{0960D641-2863-4459-98D9-30E1C2D6B9D9}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\Winamp Remote\bin\OrbIR.exe (.not file.)
O87 - FAEL: "{CC274E9C-BB10-4103-B579-662084BC1836}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe (.not file.)
O87 - FAEL: "{9F19241A-B226-4805-9F7B-6026EBE5D078}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe (.not file.)
O87 - FAEL: "TCP Query User{6E1CCEE3-FD48-471A-9EC5-B993DBBBC44A}C:\program files\tmnationsforever\tmforever.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files\tmnationsforever\tmforever.exe (.not file.)
O87 - FAEL: "UDP Query User{3E9417FB-D648-4078-AC49-1974CBFFE171}C:\program files\tmnationsforever\tmforever.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files\tmnationsforever\tmforever.exe (.not file.)
O87 - FAEL: "TCP Query User{C0EC37FE-D4CA-406C-8CBF-39B9CB49B36B}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\french\setup.exe" | In - Private - P6 - TRUE | .(.Kaspersky Lab.) -- C:\programdata\kaspersky lab setup files\kaspersky an
O87 - FAEL: "UDP Query User{A50B1065-08B9-4637-92DE-8B768CFCB1DC}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\french\setup.exe" | In - Private - P17 - TRUE | .(.Kaspersky Lab.) -- C:\programdata\kaspersky lab setup files\kaspersky a
O87 - FAEL: "TCP Query User{B43BC0E9-66B1-48A6-B263-BF0C55FD70DA}C:\program files\azureus\azureus.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files\azureus\azureus.exe (.not file.)
O87 - FAEL: "UDP Query User{9E1A7EBC-7A48-479C-8983-8BD7A0A271B7}C:\program files\azureus\azureus.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files\azureus\azureus.exe (.not file.)
O87 - FAEL: "TCP Query User{B7FC4CF9-AFE9-43C6-9680-6632E7AC170E}C:\program files\emule\emule.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files\emule\emule.exe (.not file.)
O87 - FAEL: "UDP Query User{F863F51B-3FFC-4EBD-823B-2547C26578B0}C:\program files\emule\emule.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files\emule\emule.exe (.not file.)
O87 - FAEL: "TCP Query User{4799B607-8A54-45BA-A339-202164DE39B0}C:\users\sarah\documents\emule\emule.exe" | In - Public - P6 - TRUE | .(.
http://www.emule-project.net - eMule.) -- C:\users\sarah\documents\emule\emule.exe
O87 - FAEL: "UDP Query User{DEEA18C8-F338-4945-8485-5961CBBD8865}C:\users\sarah\documents\emule\emule.exe" | In - Public - P17 - TRUE | .(.
http://www.emule-project.net - eMule.) -- C:\users\sarah\documents\emule\emule.exe
O87 - FAEL: "{2CA3D832-C978-4F6E-973B-887C8E822581}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Sarah\AppData\Local\Temp\WZSE2.TMP\SymNRT.exe (.not file.)
O87 - FAEL: "{91D669EC-5D12-4BD9-B8CF-214E6CECCC7A}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Sarah\AppData\Local\Temp\WZSE2.TMP\SymNRT.exe (.not file.)
O87 - FAEL: "TCP Query User{E3B9482F-592E-4EC7-9A7A-EEDA2A02673B}C:\program files\electronic arts\eadm\core.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files\electronic arts\eadm\core.exe (.not file.)
O87 - FAEL: "UDP Query User{F0BF279D-85FE-4942-A301-F989D4476C7E}C:\program files\electronic arts\eadm\core.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files\electronic arts\eadm\core.exe (.not file.)
O87 - FAEL: "TCP Query User{950FB6B3-2D69-4140-B2CC-8E8ED5F795DD}C:\users\sarah\desktop\fixitupkatesadventuredownload.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\sarah\desktop\fixitupkatesadventuredownload.exe (.not file.)
O87 - FAEL: "UDP Query User{49047E31-1B92-4B27-953D-2D9F955A4387}C:\users\sarah\desktop\fixitupkatesadventuredownload.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\sarah\desktop\fixitupkatesadventuredownload.exe (.not file.)
O87 - FAEL: "TCP Query User{7F7E205F-AD80-4D90-9170-3D4555F81B6C}C:\program files\mozilla firefox\firefox.exe" | In - Public - P6 - TRUE | .(.Mozilla Corporation - Firefox.) -- C:\program files\mozilla firefox\firefox.exe
O87 - FAEL: "UDP Query User{403EDBCD-E7B9-4245-B82F-A73901D5E356}C:\program files\mozilla firefox\firefox.exe" | In - Public - P17 - TRUE | .(.Mozilla Corporation - Firefox.) -- C:\program files\mozilla firefox\firefox.exe
O87 - FAEL: "{CA2006D5-D9A8-4370-ADB0-0B22AFC6F404}" | In - None - P17 - TRUE | .(.Apple Inc. - iTunes.) -- C:\Program Files\iTunes\iTunes.exe
~ Scan Firewall in 00mn 01s
---\\ Scan Additionnel (O88)
Database Version : 8634 - (29/08/2011)
Clés trouvées (Keys found) : 24
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 20
Fichiers trouvés (Files found) : 0
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine] =>Toolbar.Conduit
[HKLM\Software\Classes\Conduit.Engine] =>Toolbar.Conduit
[HKLM\Software\Classes\imside1egate.application.1] =>Adware.BHO
[HKLM\Software\Classes\Toolbar.CT2851639] =>Toolbar.Agent
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C5428486-50A0-4A02-9D20-520B59A9F9B3}] =>Adware.ShopperReports
[HKCU\Software\Microsoft\aoprndtws] =>Trojan.Vundo
[HKCU\Software\Microsoft\removerp] =>Trojan.Vundo
[HKCU\Software\AppDataLow\Software\Conduit] =>Toolbar.Conduit
[HKLM\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\AppDataLow\Software\conduitEngine] =>Toolbar.Conduit
[HKLM\Software\conduitEngine] =>Toolbar.Conduit
[HKCU\Software\freeze.com] =>Adware.BHO
[HKLM\Software\freeze.com] =>Adware.BHO
[HKCU\Software\PopCap] =>Adware.PopCap
[HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong
[HKCU\Software\AppDataLow\Software\ShoppingReport] =>Adware.ShopperReports
[HKCU\Software\AppDataLow\Toolbar] =>Toolbar.Conduit
[HKLM\Software\Trymedia Systems] =>Adware.Trymedia
[HKCU\Software\AppDataLow\Software\uTorrentBar_FR] =>Toolbar.Conduit
[HKLM\Software\uTorrentBar_FR] =>Toolbar.Conduit
[HKCU\Software\Winamp Toolbar] =>Toolbar.Winamp
[HKLM\Software\Winamp Toolbar] =>Toolbar.Winamp
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{30F9B915-B755-4826-820B-08FBA6BD249D} =>Toolbar.Conduit
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{30F9B915-B755-4826-820B-08FBA6BD249D} =>Toolbar.Conduit
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Toolbar.AskSBar
C:\Program Files\Conduit =>Toolbar.Conduit
C:\Program Files\ConduitEngine =>Toolbar.Conduit
C:\Program Files\Trymedia =>Adware.Trymedia
C:\Program Files\uTorrentBar_FR =>Toolbar.Conduit
C:\ProgramData\iWin =>Adware.BHO
C:\ProgramData\Trymedia =>Adware.Trymedia
C:\ProgramData\Winamp Toolbar =>Toolbar.Winamp
C:\Users\Sarah\AppData\Roaming\iWin =>Adware.BHO
C:\Users\Sarah\AppData\Local\OpenCandy =>Adware.OpenCandy
C:\Users\Sarah\AppData\Local\Winamp Toolbar =>Toolbar.Winamp
C:\Users\Sarah\AppData\LocalLow\Conduit =>Toolbar.Conduit
C:\Users\Sarah\AppData\LocalLow\ConduitEngine =>Toolbar.Conduit
C:\Users\Sarah\AppData\LocalLow\PriceGong =>Adware.PriceGong
C:\Users\Sarah\AppData\LocalLow\ShoppingReport =>Adware.SmartShopper
C:\Users\Sarah\AppData\LocalLow\uTorrentBar_FR =>Toolbar.Conduit
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\eh3dtbf6.default\Conduit =>Toolbar.Conduit
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\eh3dtbf6.default\ConduitEngine =>Toolbar.Conduit
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\eh3dtbf6.default\Extensions\engine@conduit.com =>Toolbar.Conduit
~ Scan Additionnel in 00mn 11s
---\\ Recherche détournement de DNS routeur (O89)
Serveur : ns1.numericable.net
Address: 89.2.0.1
Nom :
www.google.fr.numericable.frAddress: 82.216.111.15
~ Scan DNS in 00mn 02s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 19/06/2011 64952 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 01/09/2007 188416 | (AlertService) . (.Intel(R) Corporation.) - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
SR - | Auto 21/03/2011 37664 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 01/09/2007 606208 | (Ati External Event Utility) . (.ATI Technologies Inc..) - C:\Windows\system32\Ati2evxx.exe
SR - | Auto 06/09/2011 44768 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 208896 | (DQLWinService) . (...) - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
SS - | Auto 27/02/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 27/02/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Auto 0 | (gusvc) . (...) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 01/09/2007 61440 | (HP Health Check Service) . (.Hewlett-Packard.) - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
SS - | Demand 01/09/2007 73728 | (IDriverT) . (.Macrovision Corporation.) - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
SS - | Auto 01/09/2007 29696 | (IntelDHSvcConf) . (.Intel(R) Corporation.) - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
SR - | Demand 21/03/2011 820520 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 01/09/2007 75264 | (ISSM) . (.Intel(R) Corporation.) - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
SR - | Auto 01/09/2007 79136 | (LightScribeService) . (.Hewlett-Packard Company.) - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
SS - | Demand 26624 | (M1 Server) . (...) - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
SS - | Demand 01/09/2007 167936 | (MCLServiceATL) . (.Intel(R) Corporation.) - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
SS - | Demand 01/09/2007 544256 | (Remote UI Service) . (.Intel(R) Corporation.) - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
SS - | Demand 01/09/2007 887544 | (RoxMediaDB9) . (.Sonic Solutions.) - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
SS - | Demand 01/09/2007 74656 | (stllssvr) . (.MicroVision Development, Inc..) - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
SR - | Auto 26/03/2009 21504 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\system32\svchost.exe
~ Scan Services in 00mn 04s
---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer,
http://www.gmer.netRun by Sarah at 18/09/2011 11:38:03
device: opened successfully
user: error reading MBR
Disk trace:
error: Read Descripteur non valide
kernel: error reading MBR
~ Scan MBR in 00mn 06s
---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13,
http://ad13.geekstogRun by Sarah at 18/09/2011 11:38:05
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ Scan MBR in 00mn 08s
End of the scan (1691 lines in 13mn 23s)(0)