cedric
Participant
Nombre d'articles : 10

voici la deuxieme partis du rapport !m
—\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS – | Demand 20/08/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WINDOWSsystem32MacromedFlashFlashPlayerUpdateService.exe
SR – | Auto 02/07/2013 84024 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) – C:Program FilesAviraAntiVir Desktopsched.exe
SR – | Auto 02/07/2013 108088 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) – C:Program FilesAviraAntiVir Desktopavguard.exe
SR – | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) – C:Program FilesFichiers communsAppleMobile Device SupportAppleMobileDeviceService.exe
SR – | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
SS – | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) – C:WINDOWSsystem32dmadmin.exe
SS – | Auto 11/08/2012 135664 | (gupdate) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
SS – | Demand 11/08/2012 135664 | (gupdatem) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
SS – | Demand 27/08/2012 194032 | (gusvc) . (.Google.) – C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
SR – | Demand 16/08/2013 553288 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
SR – | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program FilesMalwarebytes’ Anti-Malwarembamscheduler.exe
SR – | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program FilesMalwarebytes’ Anti-Malwarembamservice.exe
SS – | Demand 08/08/2013 117656 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program FilesMozilla Maintenance Servicemaintenanceservice.exe
SS – | Auto 21/06/2013 162408 | (SkypeUpdate) . (.Skype Technologies.) – C:Program FilesSkypeUpdaterUpdater.exe
SR – | Auto 06/08/2009 66792 | (SRS_WOWXT_Service) . (.SRS Labs, Inc..) – C:Program FilesSRS LabsSRS WOW XT and TSXTSRS_PostInstaller.exe
~ Services: Scanned in 00mn 13s

—\ Recherche dinfection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net” onclick=”window.open(this.href);return false;
Run by Bretagne at 26/08/2013 17:07:01

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
1 ntkrnlpa!IofCallDriver[0x804EF200] >> DeviceHarddisk0DR0[0x86B39AB8]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 13 Legitimates Filtered in 00mn 02s

—\ Recherche dinfection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
Run by Bretagne at 26/08/2013 17:07:03

********* Dump file Name *********
C:PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s

—\ Scan Additionnel (O88)
Database Version : v2.12865 – (24/08/2013)
Clés trouvées (Keys found) : 40
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 13
Fichiers trouvés (Files found) : 23

[HKLMSoftwareGoogleChromeExtensionshlddcjcfgdjclmkhhddocoendieiooag] =>Adware.AddLyrics^
[HKLMSoftwareGoogleChromeExtensionsihkeoookbpemkdccdccdmacnidhooohk] =>PUP.RewardsArcade^
[HKLMSoftwareGoogleChromeExtensionsmmiopbgcekanlhpjkonogoljpfmhpkhf] =>Adware.AddLyrics^
[HKLMSoftwareGoogleChromeExtensionsnohfdhapjjlndfgjnmdlcabloeembdkj] =>Toolbar.DeltaSearch^
[HKLMSoftwareGoogleChromeExtensionspxpohikckhbcljgombipcdoinkaedlfa] =>Spyware.SmartDisplay^
[HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DC29DB0F-529E-415E-9754-C4D493333108}] =>Adware.AddLyrics^
[HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{2AEEC9BE-127F-480F-9F4E-51080D8480AF}] =>Adware.AddLyrics^
[HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{CA2B24FD-EE10-42B9-B049-AA80268E7E21}] =>Adware.Boxore^
[HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{b6f4d32a-8066-470a-b12e-14cf2675282d}] =>Adware.AddLyrics^
[HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{42974caa-fd59-4421-ad43-cf5e6a6bbd56}] =>Adware.AddLyrics^
[HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon
[HKLMSoftwareClassesInterface{26E7211D-0650-43CF-8498-4C81E83AEAAA}] =>Toolbar.Minibar
[HKLMSoftwareClassesCLSID{539F76FD-084E-4858-86D5-62F02F54AE86}] =>Toolbar.Minibar
[HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{AA74D58F-ACD0-450D-A85E-6C04B171C044}] =>Toolbar.Minibar
[HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{AA74D58F-ACD0-450D-A85E-6C04B171C044}] =>Toolbar.Minibar
[HKLMSoftwareClassesCLSID{AA74D58F-ACD0-450D-A85E-6C04B171C044}] =>Toolbar.Minibar
[HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA74D58F-ACD0-450D-A85E-6C04B171C044}] =>Toolbar.Minibar
[HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{AAA38851-3CFF-475F-B5E0-720D3645E4A5}] =>Toolbar.Minibar
[HKLMSoftwareClassesCLSID{AAA38851-3CFF-475F-B5E0-720D3645E4A5}] =>Toolbar.Minibar
[HKLMSoftwareMicrosoftInternet Explorerextensions{AAA38851-3CFF-475F-B5E0-720D3645E4A5}] =>Toolbar.Minibar
[HKLMSoftwareClassesAppID{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
[HKLMSoftwareClassesTypeLib{F13D3582-1359-4F8F-9A48-EF3AE9F5701C}] =>Toolbar.Minibar
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUpgradeCodes1C875DDE39636004CA8CDAEC335B4160] =>Adware.PredictAd
[HKLMSoftwareASKInstaller] =>Toolbar.AskBarDis
[HKCUSoftwareBabylonToolbar] =>Toolbar.Babylon
[HKLMSoftwareBabylonToolbar] =>Toolbar.Babylon
[HKCUSoftwareDataMngr] =>Adware.Bandoo
[HKLMSoftwareDataMngr] =>Adware.Bandoo
[HKLMSoftwareMinibar] =>Toolbar.Minibar
[HKCUSoftwareSomoto] =>Adware.MegaSearch
[HKLMSoftwareTarma Installer] =>Toolbar.Tarma
[HKLMSOFTWARESOFTWAREUPDATECLIENTS{5B54E9B6-D6C4-11E0-8E9D-92FB4824019B}] =>Adware.Boxore
[HKLMSoftwareClassesProd.cap] =>Toolbar.Babylon
[HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallbi_uninstaller] =>Adware.MegaSearch
[HKCUSoftwareBI] =>Adware.MegaSearch
[HKLMSoftwareMicrosoftInternet ExplorerLow RightsElevationPolicy{21111111-1111-1111-1111-110111991162}] =>PUP.CrossRider
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components38D5CDD0A851B3940A43CC50ABBA251C] =>Adware.Boxore^
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsAAC05EAA51DC78A41A1DCE3B31038584] =>Adware.Boxore^
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsBA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsCA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
[HKLMSoftwareMicrosoftInternet ExplorerToolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun]:SDP =>Adware.MegaSearch^
C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultcrossriderapp19962@crossrider.com =>PUP.RewardsArcade^
C:Documents and SettingsAll UsersApplication DataBabylon =>Toolbar.Babylon^
C:Documents and SettingsAll UsersApplication DataBrowserDefender =>Hijacker.Eazel^
C:Documents and SettingsAll UsersApplication DataTarma Installer =>Toolbar.Tarma^
C:Documents and SettingsBretagneApplication DataBabylon =>Toolbar.Babylon^
C:Documents and SettingsBretagneLocal SettingsApplication DataUpdater19962 =>PUP.CrossRider^
C:Program FilesMinibar =>Toolbar.Minibar
C:Program FilesSoftware =>Adware.Boxore
C:Documents and SettingsBretagneApplication DataMinibar =>Toolbar.Minibar
C:Documents and SettingsBretagneLocal SettingsApplication DataMinibar =>Toolbar.Minibar
C:Documents and SettingsBretagneLocal SettingsApplication DataSoftware =>Adware.Boxore
C:Documents and SettingsBretagneLocal SettingsApplication DataBundled software uninstaller =>Adware.MegaSearch
C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultExtensions{97A78363-B868-4B48-AC91-A783A31215AF} =>Toolbar.Minibar
C:Documents and SettingsBretagneLocal SettingsApplication DataFilesFrog Update Checkerupdate_checker.exe =>Adware.MegaSearch^
C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionshlddcjcfgdjclmkhhddocoendieiooag =>Adware.AddLyrics^
C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsihkeoookbpemkdccdccdmacnidhooohk =>PUP.RewardsArcade^
C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsmmiopbgcekanlhpjkonogoljpfmhpkhf =>Adware.AddLyrics^
C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsnohfdhapjjlndfgjnmdlcabloeembdkj =>Toolbar.DeltaSearch^
C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionspxpohikckhbcljgombipcdoinkaedlfa =>Spyware.SmartDisplay^
C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultsearchpluginswiseconvert-15-customized-web-search.xml =>Toolbar.Conduit^
C:Program FilesLyricsPal130.dll =>Adware.AddLyrics^
C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll =>Toolbar.Google^
C:WINDOWSTasksLyrics Plus Update.job =>Adware.AddLyrics^
C:WINDOWSTasksLyrics-Pal Update.job =>Adware.AddLyrics^
[HKCUSoftwareBabSolution] =>Hijacker.BabSolution^
[HKCUSoftwareDataMngr_Toolbar] =>PUP.Datamngr^
C:WINDOWSPrefetchBOXORE.EXE-2493A27E.pf =>Adware.Boxore^
C:WINDOWSPrefetchSUPREME SAVINGS-BG.EXE-36D71DB8.pf =>PUP.RewardsArcade^
C:WINDOWSPrefetchSUPREME SAVINGS.EXE-023257F5.pf =>PUP.RewardsArcade^
C:WINDOWSPrefetchLYRICSPLS.EXE-06E48AB4.pf =>Adware.AddLyrics^
C:WINDOWSPrefetchLYRICSPAL_1060-8101_V122.EXE-0E2A197A.pf =>Adware.AddLyrics^
C:WINDOWSPrefetchLYRICS.EXE-0DB3C90C.pf =>Adware.AddLyrics^
C:Documents and SettingsBretagneApplication DataBabylonlog_file.txt =>Toolbar.Babylon^
C:WINDOWSInstaller{CA2B24FD-EE10-42B9-B049-AA80268E7E21}boxore.ico =>Adware.Boxore^
C:WindowsInstaller333bed3.msi =>Adware.Boxore^
C:WINDOWSTasksEPUpdater.job =>Hijacker.BabSolution
~ Additionnel Scan: 226391 Items scanned in 00mn 42s

—\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com26919368-adware-megasearch” onclick=”window.open(this.href);return false; =>Adware.MegaSearch
~ http://nicolascoolman.webs.com26601058-adware-addlyrics” onclick=”window.open(this.href);return false; =>Adware.AddLyrics
~ http://nicolascoolman.webs.com28000037-pup-rewardsarcade” onclick=”window.open(this.href);return false; =>PUP.RewardsArcade
~ http://nicolascoolman.webs.com27875657-toolbar-deltasearch” onclick=”window.open(this.href);return false; =>Toolbar.DeltaSearch
~ http://nicolascoolman.webs.com29507721-toolbar-conduit” onclick=”window.open(this.href);return false; =>Toolbar.Conduit
~ http://nicolascoolman.webs.com32384220-toolbar-google” onclick=”window.open(this.href);return false; =>Toolbar.Google
~ http://nicolascoolman.webs.com26626977-adware-boxore” onclick=”window.open(this.href);return false; =>Adware.Boxore
~ http://nicolascoolman.webs.com26678994-hijacker-babsolution” onclick=”window.open(this.href);return false; =>Hijacker.BabSolution
~ http://nicolascoolman.webs.com26627369-toolbar-babylon” onclick=”window.open(this.href);return false; =>Toolbar.Babylon
~ http://nicolascoolman.webs.com27583992-pup-datamngr” onclick=”window.open(this.href);return false; =>PUP.Datamngr
~ http://nicolascoolman.webs.com29637859-toolbar-tarma” onclick=”window.open(this.href);return false; =>Toolbar.Tarma
~ http://nicolascoolman.webs.com27161672-hijacker-eazel” onclick=”window.open(this.href);return false; =>Hijacker.Eazel
~ http://nicolascoolman.webs.com27583526-pup-crossrider” onclick=”window.open(this.href);return false; =>PUP.CrossRider
~ http://nicolascoolman.webs.com27229962-adware-predictad” onclick=”window.open(this.href);return false; =>Adware.PredictAd
~ http://nicolascoolman.webs.com26611092-adware-bandoo” onclick=”window.open(this.href);return false; =>Adware.Bandoo
~ MSI: 15 link(s) detected in 00mn 42s

~ 1661 Legitimates filtered by white list
End of the scan (787 lines in 08mn 28s)(0)erci