Répondre à : Infection virus, 6 éléments détectés par Malwarebytes 2016-09-08T13:08:54+00:00
Doriarella
Participant
Nombre d'articles : 79

Suite du rapport car cela dépassait le nombres de caractères :

—\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
~ Keys: Scanned in 00mn 00s

—\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.30A91E684A40DE0F03D96B1BFCD81EAA] [SPRF][11/10/2013] (…) — C:Documents and SettingsAliceLocal SettingsApplication Datafusioncache.dat [128]
~ Files: 1 Legitimates Filtered in 00mn 00s

—\ Enumère les codes produits des logiciels (PUC) (O90)
O90 – PUC: “25946514D2147365007A7A857BC05010” . (.Avira SearchFree Toolbar.) — C:WINDOWSInstaller{41564952-412D-5637-00A7-A758B70C0501}ToolbarIcon.exe =>Toolbar.Avira
~ Update Products: 30 Legitimates Filtered in 00mn 00s

—\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.048ED754627879AFCB5B9D4910320FE1] [WIS][13/10/2013] (.APN, LLC – Avira SearchFree Toolbar.) — C:WindowsInstaller2a79dd.msi [760832] =>Toolbar.Avira
~ WIS: 32 Legitimates Filtered in 00mn 05s

—\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR – | Auto 29/03/2006 28672 | (AcerMemUsageCheckService) . (.Acer Inc..) – C:AcerEmpowering TechnologyePerformanceMemCheck.exe
SR – | Auto 22/12/2006 108712 | (AdobeActiveFileMonitor5.0) . (…) – C:Program FilesAdobePhotoshop Elements 5.0PhotoshopElementsFileAgent.exe
SR – | Auto 13/10/2013 84024 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) – C:Program FilesAviraAntiVir Desktopsched.exe
SR – | Auto 13/10/2013 108088 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) – C:Program FilesAviraAntiVir Desktopavguard.exe
SR – | Auto 13/10/2013 815160 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) – C:Program FilesAviraAntiVir DesktopAVWEBGRD.exe
SR – | Auto 24/09/2013 164816 | (APNMCP) . (.APN LLC..) – C:Program FilesAskPartnerNetworkToolbarapnmcp.exe
SR – | Auto 17/07/2006 401408 | (Ati HotKey Poller) . (.ATI Technologies Inc..) – C:WINDOWSsystem32Ati2evxx.exe
SS – | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) – C:WINDOWSsystem32dmadmin.exe
SR – | Auto 17/02/2006 73728 | (LightScribeService) . (.Hewlett-Packard Company.) – C:Program FilesFichiers communsLightScribeLSSrvc.exe
SR – | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program FilesMalwarebytes’ Anti-Malwarembamscheduler.exe
SR – | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program FilesMalwarebytes’ Anti-Malwarembamservice.exe
~ Services: Scanned in 00mn 06s

—\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net” onclick=”window.open(this.href);return false;
Run by Alice at 14/10/2013 03:44:05

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
1 ntkrnlpa!IofCallDriver[0x804EF200] >> DeviceHarddisk0DR0[0x85274AB8]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 13 Legitimates Filtered in 00mn 02s

—\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
Run by Alice at 14/10/2013 03:44:07

********* Dump file Name *********
C:PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s

—\ Scan Additionnel (O88)
Database Version : 12946 – (13/10/2013)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 7

[HKCUSoftwareAskPartnerNetwork] =>Toolbar.Ask
[HKLMSoftwareAskPartnerNetwork] =>Toolbar.Ask
[HKLMSoftwareMicrosoftInternet ExplorerToolbar]:{41564952-412D-5637-00A7-7A786E7484D7} =>Toolbar.Avira^
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun]:ApnTBMon =>Toolbar.Ask^
C:Program FilesAskPartnerNetwork =>Toolbar.Ask
C:Documents and SettingsAll UsersApplication DataAskPartnerNetwork =>Toolbar.Ask
C:Program FilesAskPartnerNetworkToolbarUpdaterTBNotifier.exe =>Toolbar.Ask^
C:Program FilesAskPartnerNetworkToolbarAVIRA-V7Passport.dll =>Toolbar.Avira^
C:WINDOWSPrefetchLYRICSBUDDY-1-ENABLER.EXE-32DEC2C2.pf =>Adware.AddLyrics^
C:WINDOWSPrefetchLYRICSBUDDY-1-CODEDOWNLOADER.-37EB4EBF.pf =>Adware.AddLyrics^
C:WINDOWSPrefetchLYRICSBUDDY-1-BG.EXE-1B696D3F.pf =>Adware.AddLyrics^
C:WINDOWSInstaller{41564952-412D-5637-00A7-A758B70C0501}ToolbarIcon.exe =>Toolbar.Avira^
C:WindowsInstaller2a79dd.msi =>Toolbar.Avira^
~ Additionnel Scan: 155775 Items scanned in 00mn 18s

—\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask” onclick=”window.open(this.href);return false; =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/28419247-toolbar-avira” onclick=”window.open(this.href);return false; =>Toolbar.Avira
~ http://nicolascoolman.webs.com/apps/blog/show/26601058-adware-addlyrics” onclick=”window.open(this.href);return false; =>Adware.AddLyrics
~ MSI: 3 link(s) detected in 00mn 18s

~ 2088 Legitimates filtered by white list
End of the scan (700 lines in 03mn 09s)(0)