Sujet Précédent Sujet Suivant

TR/Crypt.XPACK.Gen3

Fermé
jalilouz Messages postés 3 Date d'inscription vendredi 12 juin 2015 Statut Membre Dernière intervention 13 juin 2015 - 12 juin 2015 à 20:17
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 - 22 juin 2015 à 09:52
Bonjour,
je suis sous windows vista et depuis hier un message d'erreur d'avira antivir personal me dit :
un virus a été détecté cheval de troie
cela affiche TR/Crypt.XPACK.Gen3
a chaques fois que je m'est supprimer ou placer en quarantaine ... le message réaparait , comment faire pour enlever le virus ?
merci
A voir également:

17 réponses

Réponse 1 / 17
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
12 juin 2015 à 20:35
Bonsoir,
On va vérifier s'il est un faux positif..
---------------
[*] Télécharge :Farbar Recovery Scan Tool (FRST) à partir
ce lien : https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
[*] Enregistre le sur votre bureau ( Vous devez exécuter la version compatible avec votre système 32 bits ou 64 bits)
==> Comment savoir quelle version 32 bits ou 64 bits est exécutée sur mon système ?
[*] Lance FRST, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
[*] Sur le menu principal, vérifie que la case "Addition.txt" soit cochée puis clique sur "Scan" et patiente le temps de l'analyse

[*] Une fois le scan terminé rends toi sur le bureau, deux rapports FRST.txt et Addition.txt ont été créés.
[*] Héberge les rapports FRST.txt et Addition.txt présent sur ton bureau sur : malekal.com
[*] Fais copier/coller les liens fournis dans ta prochaine réponse.

==> Aide: <<<ICI>>>


0
Réponse 2 / 17
jalilouz Messages postés 3 Date d'inscription vendredi 12 juin 2015 Statut Membre Dernière intervention 13 juin 2015
12 juin 2015 à 22:00
bonsoir

Merci beaucoup
voici les liens

https://pjjoint.malekal.com/files.php?id=20150612_i6u13w6f6x12

https://pjjoint.malekal.com/files.php?id=20150612_y13x12v8i11x5
0
Réponse 3 / 17
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
13 juin 2015 à 09:35
Bonjour,
1/
Tu as installé des adwares et programmes indésirables sur ton PC.
-------------------------------
Télécharge : AdwCleaner (merci à Xplode)
Lance AdwCleaner
Clique sur Scanner puis Nettoyer, et patiente le temps du nettoyage.
Poste le rapport qui apparait en fin de recherche.
(Le rapport est sauvegardé aussi sous C:\AdwCleaner\AdwCleaner[x].txt)
----------------------------
Pour éviter d'avoir des publicités et des toolbars, tu peux lire ceci : https://forum.malekal.com/viewtopic.php?t=33776&start=

2/
ZHPCleaner
[*] Télécharge et enregistre ZHPCleaner sur ton bureau à partir ce lien : https://nicolascoolman.eu
[*] Exécute le en cliquant sur le bouton droit de la souris et en choisissant "Exécuter en tant qu'administrateur"
[*]Accepte les conditions d'utilisation,
[*]Clique sur le bouton [Réparer] ( ou [Nettoyer])
[*]Accepte toutes les réparations proposées
[*]Un rapport ZHPCleaner.txt sera créé sur le bureau
[*]Clique sur Rapport si tu ne vois pas le rapport, une copie (%appdata%\ZHP\ZHPCleaner.txt) s'ouvrira,
[*]Héberge ce rapport sur : http://pjjoint.malekal.com/ ou https://www.cjoint.com/
[*]Copie/Colle le lien généré dans ta réponse.

@+

0
Réponse 4 / 17
jalilouz Messages postés 3 Date d'inscription vendredi 12 juin 2015 Statut Membre Dernière intervention 13 juin 2015
13 juin 2015 à 12:58
bj voici le rapport pour adwcleaner
https://pjjoint.malekal.com/files.php?id=20150613_g5b6c8y11g14

par contre pour zhpcleaner le logiciel plante a 40¨% du nettoyage j'ai fait plusieurs tentatives il me met tj le même message d'erreur
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 17
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
13 juin 2015 à 17:59
Salut,
Démarre en Mode sans échec avec prise en charge réseau :
Pour cela, tu tapotes la touche F8 dès le début de l'allumage du pc sans t'arrêter
Une fenêtre va s'ouvrir tu te déplaces avec les flèches du clavier sur >> démarrer en Mode sans échec avec prise en charge réseau
puis tape entrée.
Une fois sur le bureau s'il n'y a pas toutes les couleurs et autres c'est normal !
(Si F8 ne marche pas utilise la touche F5)
----------------------------
Aide : https://www.commentcamarche.net/informatique/windows/113-demarrer-windows-10-en-mode-sans-echec/
===========================
Dans ce mode tu refais la procédure de ZHPCleaner puis poste le rapport stp
0
Réponse 6 / 17
jalilouz
13 juin 2015 à 19:55
le même message d'erreur en mode sans echec
0
Réponse 7 / 17
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
13 juin 2015 à 22:02
Bonsoir,
1/
[*] Appuies simultanément sur les touches Windows et R
[*] Une fenêtre va s'ouvrir, tape ceci : notepad
[*] Clic sur OK (Le bloc note va s'ouvrir)

[*] Coller le script en gras ci-dessous dans votre bloc-notes



start
CloseProcesses:
CreateRestorePoint:
Task: C:\WINDOWS\Tasks\Go for FilesUpdate.job => C:\Program Files\GoforFiles\GFFUpdater.exehttp:/www.goforfiles.com <==== ATTENTION
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:4F636E25
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/... [Pays - 54.83.21.168]
SearchScopes: HKLM -> DefaultScope {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_tele_14_23_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtB0Fzzzy0B0BtBzyyEyEtCzztN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzzyByC0A0A0DtDtG0Azy0DtCtGtBtCtC0BtGyDzztDyCtGtBtBtA0FtC0ByDyCzzzztD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtA0CtDtBzzzytGtDtAzyyCtGtCtAyBtDtGtC0BtDzytGtByEtD0AyB0FtAyB0A0FtC0A2Q&cr=1035688138&ir= [Pays - 54.83.21.168]
SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_tele_14_23_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtB0Fzzzy0B0BtBzyyEyEtCzztN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzzyByC0A0A0DtDtG0Azy0DtCtGtBtCtC0BtGyDzztDyCtGtBtBtA0FtC0ByDyCzzzztD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtA0CtDtBzzzytGtDtAzyyCtGtCtAyBtDtGtC0BtDzytGtByEtD0AyB0FtAyB0A0FtC0A2Q&cr=1035688138&ir= [Pays - 54.83.21.168]
SearchScopes: HKU\S-1-5-21-436374069-2147049855-1417001333-1003 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com?q={searchTerms}&affID=119556&tt=030213_yd&babsrc=SP_ss&mntrId=d80b441800000000000000112f89bb29 [Pays - ]
SearchScopes: HKU\S-1-5-21-436374069-2147049855-1417001333-1003 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_tele_14_23_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtB0Fzzzy0B0BtBzyyEyEtCzztN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzzyByC0A0A0DtDtG0Azy0DtCtGtBtCtC0BtGyDzztDyCtGtBtBtA0FtC0ByDyCzzzztD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtA0CtDtBzzzytGtDtAzyyCtGtCtAyBtDtGtC0BtDzytGtByEtD0AyB0FtAyB0A0FtC0A2Q&cr=1035688138&ir= [Pays - 54.83.21.168]
SearchScopes: HKU\S-1-5-21-436374069-2147049855-1417001333-1003 -> {92DFD6BF-EFD4-48FC-9E0C-2402F2AB7956} URL = https://en.softonic.com{searchTerms}&SearchSource=4&cc=&mi=d80b441800000000000000112f89bb29&r=234 [Pays ES - 46.28.209.17]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/... [Pays - 54.83.21.168]
SearchScopes: HKLM -> DefaultScope {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_tele_14_23_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtB0Fzzzy0B0BtBzyyEyEtCzztN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzzyByC0A0A0DtDtG0Azy0DtCtGtBtCtC0BtGyDzztDyCtGtBtBtA0FtC0ByDyCzzzztD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtA0CtDtBzzzytGtDtAzyyCtGtCtAyBtDtGtC0BtDzytGtByEtD0AyB0FtAyB0A0FtC0A2Q&cr=1035688138&ir= [Pays - 54.83.21.168]
SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_tele_14_23_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtB0Fzzzy0B0BtBzyyEyEtCzztN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzzyByC0A0A0DtDtG0Azy0DtCtGtBtCtC0BtGyDzztDyCtGtBtBtA0FtC0ByDyCzzzztD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtA0CtDtBzzzytGtDtAzyyCtGtCtAyBtDtGtC0BtDzytGtByEtD0AyB0FtAyB0A0FtC0A2Q&cr=1035688138&ir= [Pays - 54.83.21.168]
SearchScopes: HKU\S-1-5-21-436374069-2147049855-1417001333-1003 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com?q={searchTerms}&affID=119556&tt=030213_yd&babsrc=SP_ss&mntrId=d80b441800000000000000112f89bb29 [Pays - ]
SearchScopes: HKU\S-1-5-21-436374069-2147049855-1417001333-1003 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_tele_14_23_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtB0Fzzzy0B0BtBzyyEyEtCzztN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzzyByC0A0A0DtDtG0Azy0DtCtGtBtCtC0BtGyDzztDyCtGtBtBtA0FtC0ByDyCzzzztD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtA0CtDtBzzzytGtDtAzyyCtGtCtAyBtDtGtC0BtDzytGtByEtD0AyB0FtAyB0A0FtC0A2Q&cr=1035688138&ir= [Pays - 54.83.21.168]
SearchScopes: HKU\S-1-5-21-436374069-2147049855-1417001333-1003 -> {92DFD6BF-EFD4-48FC-9E0C-2402F2AB7956} URL = https://en.softonic.com{searchTerms}&SearchSource=4&cc=&mi=d80b441800000000000000112f89bb29&r=234 [Pays ES - 46.28.209.17]
SearchScopes: HKU\S-1-5-21-436374069-2147049855-1417001333-1003 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091 [Pays NL - 195.78.120.88]
FF Extension: New Tab - C:\Documents and Settings\julie\Application Data\Mozilla\Firefox\Profiles\jh1455ac.default-1385494682671\Extensions\{01145754-47b0-4c4e-8e9d-79a40f737d10}.xpi [2014-11-29]
FF Extension: Search Tool for Mozilla Firefox - C:\Documents and Settings\julie\Application Data\Mozilla\Firefox\Profiles\jh1455ac.default-1385494682671\Extensions\{74904424-ec46-4d61-bd52-8b528a96f6d1}.xpi [2014-11-25]
S4 hpt3xx; No ImagePath
S4 IntelIde; No ImagePath
2015-06-04 21:06 - 2015-06-04 21:06 - 06420480 _____ C:\Program Files\GUT3F.tmp
2015-06-04 21:06 - 2015-06-04 21:06 - 00000000 ____D C:\Program Files\GUM3E.tmp
2015-06-04 16:05 - 2015-06-04 21:06 - 00000000 ____D C:\Program Files\GUM10.tmp
2015-06-04 16:05 - 2015-06-04 16:05 - 06420480 _____ C:\Program Files\GUT11.tmp
2015-06-04 16:05 - 2015-06-04 16:05 - 6420480 _____ () C:\Program Files\GUT11.tmp
2015-06-12 19:05 - 2015-06-12 19:05 - 6420480 _____ () C:\Program Files\GUT2.tmp
2015-06-04 21:06 - 2015-06-04 21:06 - 6420480 _____ () C:\Program Files\GUT3F.tmp
2013-11-22 23:00 - 2013-11-22 23:05 - 0001374 _____ () C:\Documents and Settings\julie\Application Data\Bubble Dock.boostrap.log
2013-11-22 23:00 - 2013-11-24 19:22 - 0018070 _____ () C:\Documents and Settings\julie\Application Data\Bubble Dock.installation.log
2010-11-09 19:42 - 2010-11-10 21:02 - 0002672 _____ () C:\Documents and Settings\julie\Local Settings\Application Data\AEE80575-7210-41C9-A903-34A875D2B2AB.txt
2007-01-27 18:04 - 2014-10-01 09:39 - 0144384 _____ () C:\Documents and Settings\julie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-05-24 22:50 - 2011-05-24 22:50 - 0000000 ___SH () C:\Documents and Settings\julie\Local Settings\Application Data\elx.exe
2011-05-24 22:50 - 2011-05-24 22:50 - 0000000 ___SH () C:\Documents and Settings\julie\Local Settings\Application Data\hyw.exe
2011-05-24 22:50 - 2011-05-24 22:50 - 0000000 ___SH () C:\Documents and Settings\julie\Local Settings\Application Data\jhq.exe
2011-05-24 22:50 - 2011-05-25 11:07 - 0015704 ___SH () C:\Documents and Settings\julie\Local Settings\Application Data\x5gms0uvt28gf524kf3000vvvhx51pxmcy54c02m0cf8ols
2011-05-24 22:50 - 2011-05-24 22:50 - 0000000 ___SH () C:\Documents and Settings\julie\Local Settings\Application Data\yxk.exe

EmptyTemp:
end



[*] Une fois, le texte coller dans le bloc-note.
[*] Cliquez sur "Fichier" puis dans le menu déroulant sur "Enregistrer sous"
[*] A cette fenêtre cliquez sur "Bureau"
[*] Dans la zone de "Nom de fichier" tapez : fixlist puis validez en cliquant sur Enregistrer
[*] Sur votre bureau vous avez le fichier texte (fixlist.txt & FRST.exe)

[*] Lancez FRST, "exécuter en tant qu'administrateur" sous Windows Vista, Windows Seven et Windows 8/8.1
[*] Cliquez sur "Fix"

[*] Un fichier texte apparaît, copie/colle le contenu ici dans un nouveau message.
[*] Redémarre l'ordinateur.

[*] ===> Aide : <<<ICI>>>



2/
[*] Lance Malwarebytes.
[*] Mets le à jour puis lance un examen "Menaces".
[*] coche "Recherche de rootkits" (Paramètres -> Détection et protection)
[*] A la fin du scan, clic sur "Mettre tous en quarantaine" en bas à gauche.
[*] Redémarre l'ordinateur si besoin.
[*] Après redémarrage, relance Malwarebytes.
[*] Vas chercher le rapport dans l'onglet "Historique".
[*] Clic à gauche sur l'onglet Journaux de l'application.
[*] Double-clic sur le journal d'examen pour l'afficher.
[*] En bas à gauche choisis "Copier dans le presse papier"
[*] colle le rapport le contenu du journal ici

Bonne soirée
0
Réponse 8 / 17
jalilouz
16 juin 2015 à 19:27
Fix result of Farbar Recovery Scan Tool (x86) Version: 13-06-2015
Ran by julie at 2015-06-14 12:03:41 Run:1
Running from C:\Documents and Settings\julie\Bureau
Loaded Profiles: julie (Available Profiles: julie)
Boot Mode: Normal

==============================================

fixlist content:

start

CloseProcesses:

CreateRestorePoint:

Task: C:\WINDOWS\Tasks\Go for FilesUpdate.job => C:\Program Files\GoforFiles\GFFUpdater.exehttp:/www.goforfiles.com <==== ATTENTION

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:4F636E25

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/... [Pays - 54.83.21.168]

SearchScopes: HKLM -> DefaultScope {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_tele_14_23_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtB0Fzzzy0B0BtBzyyEyEtCzztN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzzyByC0A0A0DtDtG0Azy0DtCtGtBtCtC0BtGyDzztDyCtGtBtBtA0FtC0ByDyCzzzztD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtA0CtDtBzzzytGtDtAzyyCtGtCtAyBtDtGtC0BtDzytGtByEtD0AyB0FtAyB0A0FtC0A2Q&cr=1035688138&ir= [Pays - 54.83.21.168]

SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_tele_14_23_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtB0Fzzzy0B0BtBzyyEyEtCzztN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzzyByC0A0A0DtDtG0Azy0DtCtGtBtCtC0BtGyDzztDyCtGtBtBtA0FtC0ByDyCzzzztD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtA0CtDtBzzzytGtDtAzyyCtGtCtAyBtDtGtC0BtDzytGtByEtD0AyB0FtAyB0A0FtC0A2Q&cr=1035688138&ir= [Pays - 54.83.21.168]

SearchScopes: HKU\S-1-5-21-436374069-2147049855-1417001333-1003 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.yd.delta-search.com/?q={searchTerms}&affID=119556&tt=030213_yd&babsrc=SP_ss&mntrId=d80b441800000000000000112f89bb29 [Pays - ]

SearchScopes: HKU\S-1-5-21-436374069-2147049855-1417001333-1003 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_tele_14_23_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtB0Fzzzy0B0BtBzyyEyEtCzztN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzzyByC0A0A0DtDtG0Azy0DtCtGtBtCtC0BtGyDzztDyCtGtBtBtA0FtC0ByDyCzzzztD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtA0CtDtBzzzytGtDtAzyyCtGtCtAyBtDtGtC0BtDzytGtByEtD0AyB0FtAyB0A0FtC0A2Q&cr=1035688138&ir= [Pays - 54.83.21.168]

SearchScopes: HKU\S-1-5-21-436374069-2147049855-1417001333-1003 -> {92DFD6BF-EFD4-48FC-9E0C-2402F2AB7956} URL = http://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=d80b441800000000000000112f89bb29&r=234 [Pays ES - 46.28.209.17]

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/... [Pays - 54.83.21.168]

SearchScopes: HKLM -> DefaultScope {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_tele_14_23_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtB0Fzzzy0B0BtBzyyEyEtCzztN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzzyByC0A0A0DtDtG0Azy0DtCtGtBtCtC0BtGyDzztDyCtGtBtBtA0FtC0ByDyCzzzztD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtA0CtDtBzzzytGtDtAzyyCtGtCtAyBtDtGtC0BtDzytGtByEtD0AyB0FtAyB0A0FtC0A2Q&cr=1035688138&ir= [Pays - 54.83.21.168]

SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_tele_14_23_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtB0Fzzzy0B0BtBzyyEyEtCzztN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzzyByC0A0A0DtDtG0Azy0DtCtGtBtCtC0BtGyDzztDyCtGtBtBtA0FtC0ByDyCzzzztD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtA0CtDtBzzzytGtDtAzyyCtGtCtAyBtDtGtC0BtDzytGtByEtD0AyB0FtAyB0A0FtC0A2Q&cr=1035688138&ir= [Pays - 54.83.21.168]

SearchScopes: HKU\S-1-5-21-436374069-2147049855-1417001333-1003 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.yd.delta-search.com/?q={searchTerms}&affID=119556&tt=030213_yd&babsrc=SP_ss&mntrId=d80b441800000000000000112f89bb29 [Pays - ]

SearchScopes: HKU\S-1-5-21-436374069-2147049855-1417001333-1003 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_tele_14_23_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtB0Fzzzy0B0BtBzyyEyEtCzztN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzzyByC0A0A0DtDtG0Azy0DtCtGtBtCtC0BtGyDzztDyCtGtBtBtA0FtC0ByDyCzzzztD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtA0CtDtBzzzytGtDtAzyyCtGtCtAyBtDtGtC0BtDzytGtByEtD0AyB0FtAyB0A0FtC0A2Q&cr=1035688138&ir= [Pays - 54.83.21.168]

SearchScopes: HKU\S-1-5-21-436374069-2147049855-1417001333-1003 -> {92DFD6BF-EFD4-48FC-9E0C-2402F2AB7956} URL = http://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=d80b441800000000000000112f89bb29&r=234 [Pays ES - 46.28.209.17]

SearchScopes: HKU\S-1-5-21-436374069-2147049855-1417001333-1003 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091 [Pays NL - 195.78.120.88]

FF Extension: New Tab - C:\Documents and Settings\julie\Application Data\Mozilla\Firefox\Profiles\jh1455ac.default-1385494682671\Extensions\{01145754-47b0-4c4e-8e9d-79a40f737d10}.xpi [2014-11-29]

FF Extension: Search Tool for Mozilla Firefox - C:\Documents and Settings\julie\Application Data\Mozilla\Firefox\Profiles\jh1455ac.default-1385494682671\Extensions\{74904424-ec46-4d61-bd52-8b528a96f6d1}.xpi [2014-11-25]

S4 hpt3xx; No ImagePath

S4 IntelIde; No ImagePath

2015-06-04 21:06 - 2015-06-04 21:06 - 06420480 _____ C:\Program Files\GUT3F.tmp

2015-06-04 21:06 - 2015-06-04 21:06 - 00000000 ____D C:\Program Files\GUM3E.tmp

2015-06-04 16:05 - 2015-06-04 21:06 - 00000000 ____D C:\Program Files\GUM10.tmp

2015-06-04 16:05 - 2015-06-04 16:05 - 06420480 _____ C:\Program Files\GUT11.tmp

2015-06-04 16:05 - 2015-06-04 16:05 - 6420480 _____ () C:\Program Files\GUT11.tmp

2015-06-12 19:05 - 2015-06-12 19:05 - 6420480 _____ () C:\Program Files\GUT2.tmp

2015-06-04 21:06 - 2015-06-04 21:06 - 6420480 _____ () C:\Program Files\GUT3F.tmp

2013-11-22 23:00 - 2013-11-22 23:05 - 0001374 _____ () C:\Documents and Settings\julie\Application Data\Bubble Dock.boostrap.log

2013-11-22 23:00 - 2013-11-24 19:22 - 0018070 _____ () C:\Documents and Settings\julie\Application Data\Bubble Dock.installation.log

2010-11-09 19:42 - 2010-11-10 21:02 - 0002672 _____ () C:\Documents and Settings\julie\Local Settings\Application Data\AEE80575-7210-41C9-A903-34A875D2B2AB.txt

2007-01-27 18:04 - 2014-10-01 09:39 - 0144384 _____ () C:\Documents and Settings\julie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2011-05-24 22:50 - 2011-05-24 22:50 - 0000000 ___SH () C:\Documents and Settings\julie\Local Settings\Application Data\elx.exe

2011-05-24 22:50 - 2011-05-24 22:50 - 0000000 ___SH () C:\Documents and Settings\julie\Local Settings\Application Data\hyw.exe

2011-05-24 22:50 - 2011-05-24 22:50 - 0000000 ___SH () C:\Documents and Settings\julie\Local Settings\Application Data\jhq.exe

2011-05-24 22:50 - 2011-05-25 11:07 - 0015704 ___SH () C:\Documents and Settings\julie\Local Settings\Application Data\x5gms0uvt28gf524kf3000vvvhx51pxmcy54c02m0cf8ols

2011-05-24 22:50 - 2011-05-24 22:50 - 0000000 ___SH () C:\Documents and Settings\julie\Local Settings\Application Data\yxk.exe



EmptyTemp:
0
Réponse 9 / 17
jalilouz
16 juin 2015 à 19:28
Malwarebytes Anti-Malware
www.malwarebytes.org

Date de l'examen: 14/06/2015
Heure de l'examen: 13:15:57
Fichier journal: mal.txt
Administrateur: Oui

Version: 2.01.6.1022
Base de données Malveillants: v2015.06.14.01
Base de données Rootkits: v2015.06.02.01
Licence: Essai
Protection contre les malveillants: Activé(e)
Protection contre les sites Web malveillants: Activé(e)
Auto-protection: Désactivé(e)

Système d'exploitation: Windows XP Service Pack 2
Processeur: x86
Système de fichiers: NTFS
Utilisateur: julie

Type d'examen: Examen "Menaces"
Résultat: Terminé
Objets analysés: 330888
Temps écoulé: 10 h, 48 min, 37 sec

Mémoire: Activé(e)
Démarrage: Activé(e)
Système de fichiers: Activé(e)
Archives: Activé(e)
Rootkits: Activé(e)
Examen approfondi Rootkits: Activé(e)
Heuristique: Activé(e)
PUP: Activé(e)
PUM: Activé(e)

Processus: 0
(Aucun élément malicieux détecté)

Modules: 0
(Aucun élément malicieux détecté)

Clés du Registre: 0
(Aucun élément malicieux détecté)

Valeurs du Registre: 0
(Aucun élément malicieux détecté)

Données du Registre: 0
(Aucun élément malicieux détecté)

Dossiers: 0
(Aucun élément malicieux détecté)

Fichiers: 0
(Aucun élément malicieux détecté)

Secteurs physiques: 0
(Aucun élément malicieux détecté)


(end)

Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 14/06/2015 13:04:11, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Starting,
Protection, 14/06/2015 13:04:11, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Started,
Protection, 14/06/2015 13:04:11, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Starting,
Protection, 14/06/2015 13:05:16, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Started,
Update, 14/06/2015 13:05:19, SYSTEM, JULIE-QZFCRDUV2, Manual, IP Database, 0.0.0.0, 2015.6.12.1,
Update, 14/06/2015 13:05:19, SYSTEM, JULIE-QZFCRDUV2, Manual, Remediation Database, 2015.3.9.1, 2015.5.13.1,
Update, 14/06/2015 13:05:19, SYSTEM, JULIE-QZFCRDUV2, Manual, Domain Database, 0.0.0.0, 2015.6.12.1,
Update, 14/06/2015 13:05:19, SYSTEM, JULIE-QZFCRDUV2, Manual, Rootkit Database, 2015.2.25.1, 2015.6.2.1,
Update, 14/06/2015 13:05:30, SYSTEM, JULIE-QZFCRDUV2, Manual, Malware Database, 2015.3.9.5, 2015.6.14.1,
Protection, 14/06/2015 13:05:30, SYSTEM, JULIE-QZFCRDUV2, Protection, Refresh, Starting,
Protection, 14/06/2015 13:05:30, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Stopping,
Protection, 14/06/2015 13:05:31, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Stopped,
Protection, 14/06/2015 13:06:18, SYSTEM, JULIE-QZFCRDUV2, Protection, Refresh, Success,
Protection, 14/06/2015 13:06:18, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Starting,
Protection, 14/06/2015 13:07:25, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Started,
Update, 14/06/2015 15:07:26, SYSTEM, JULIE-QZFCRDUV2, Scheduler, Malware Database, 2015.6.14.1, 2015.6.14.3,
Protection, 14/06/2015 15:07:27, SYSTEM, JULIE-QZFCRDUV2, Protection, Refresh, Starting,
Protection, 14/06/2015 15:07:27, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Stopping,
Protection, 14/06/2015 15:07:29, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Stopped,
Protection, 14/06/2015 15:09:08, SYSTEM, JULIE-QZFCRDUV2, Protection, Refresh, Success,
Protection, 14/06/2015 15:09:09, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Starting,
Protection, 14/06/2015 15:10:22, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Started,
Update, 14/06/2015 22:08:06, SYSTEM, JULIE-QZFCRDUV2, Scheduler, Malware Database, 2015.6.14.3, 2015.6.14.5,
Protection, 14/06/2015 22:08:08, SYSTEM, JULIE-QZFCRDUV2, Protection, Refresh, Starting,
Protection, 14/06/2015 22:08:08, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Stopping,
Protection, 14/06/2015 22:08:08, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Stopped,
Protection, 14/06/2015 22:10:48, SYSTEM, JULIE-QZFCRDUV2, Protection, Refresh, Success,
Protection, 14/06/2015 22:11:13, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Starting,
Protection, 14/06/2015 22:12:25, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Started,

(end)
0
Réponse 10 / 17
jalilouz
16 juin 2015 à 19:31
Malwarebytes Anti-Malware
www.malwarebytes.org

Date de l'examen: 14/06/2015
Heure de l'examen: 13:15:57
Fichier journal: mal2.txt
Administrateur: Oui

Version: 2.01.6.1022
Base de données Malveillants: v2015.06.14.01
Base de données Rootkits: v2015.06.02.01
Licence: Essai
Protection contre les malveillants: Activé(e)
Protection contre les sites Web malveillants: Activé(e)
Auto-protection: Désactivé(e)

Système d'exploitation: Windows XP Service Pack 2
Processeur: x86
Système de fichiers: NTFS
Utilisateur: julie

Type d'examen: Examen "Menaces"
Résultat: Terminé
Objets analysés: 330888
Temps écoulé: 10 h, 48 min, 37 sec

Mémoire: Activé(e)
Démarrage: Activé(e)
Système de fichiers: Activé(e)
Archives: Activé(e)
Rootkits: Activé(e)
Examen approfondi Rootkits: Activé(e)
Heuristique: Activé(e)
PUP: Activé(e)
PUM: Activé(e)

Processus: 0
(Aucun élément malicieux détecté)

Modules: 0
(Aucun élément malicieux détecté)

Clés du Registre: 7
PUP.Optional.ConduitTB.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{30F9B915-B755-4826-820B-08FBA6BD249D}, Mis en quarantaine, [41581c9e3555d066e9753f30ff04f20e],
PUP.Optional.ConduitTB.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{30F9B915-B755-4826-820B-08FBA6BD249D}, Mis en quarantaine, [41581c9e3555d066e9753f30ff04f20e],
PUP.Optional.RockTurner.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Rock Turner, Mis en quarantaine, [c6d3c7f3dbaf0d2941d3649e1ee653ad],
Trojan.FakeAlert, HKU\S-1-5-18\SOFTWARE\mdnkso81qq2, Mis en quarantaine, [72272199d4b6ba7c9a6098cd19eb40c0],
Malware.Trace, HKU\S-1-5-18\SOFTWARE\ndo8thb2ikwe, Mis en quarantaine, [722713a7c0ca2d090322353318ec8e72],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-18\TOOLBAR\REGISTEREDSOURCES, Mis en quarantaine, [fd9ce3d7d0ba280ec0dfcfbbd431a759],
PUP.Optional.SmartBar.A, HKU\S-1-5-21-436374069-2147049855-1417001333-1003\SOFTWARE\SMARTBAR, Mis en quarantaine, [7d1cfac0b7d3e6509bae3c4f8283d32d],

Valeurs du Registre: 2
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-18\TOOLBAR\REGISTEREDSOURCES|CT2567681, 0, Mis en quarantaine, [fd9ce3d7d0ba280ec0dfcfbbd431a759]
PUP.Optional.SmartBar.A, HKU\S-1-5-21-436374069-2147049855-1417001333-1003\SOFTWARE\SMARTBAR|GlobalUserId, 97E6205E-626A-402C-9585-A87A07DFC4EA, Mis en quarantaine, [7d1cfac0b7d3e6509bae3c4f8283d32d]

Données du Registre: 0
(Aucun élément malicieux détecté)

Dossiers: 4
PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
PUP.Optional.VuzeRemoteTB.A, C:\Documents and Settings\NetworkService\Local Settings\Application Data\Vuze_Remote, Mis en quarantaine, [54454b6fa5e55fd7874ac70fc2417e82],
PUP.Optional.VuzeRemoteTB.A, C:\Documents and Settings\NetworkService\Local Settings\Application Data\Vuze_Remote\Logs, Mis en quarantaine, [54454b6fa5e55fd7874ac70fc2417e82],

Fichiers: 35
PUP.Optiona.ConduitTB.Gen, C:\Documents and Settings\LocalService\Local Settings\Application Data\Messenger_Plus_Live_France\tbMes0.dll, Mis en quarantaine, [4a4fa416d4b601358c32691312f48977],
PUP.Optiona.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\Conduit\CT2567681\Messenger_Plus_Live_FranceAutoUpdaterHelper.exe, Mis en quarantaine, [d6c35a603159dc5ad7e72b5151b5f808],
PUP.Optiona.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\ConduitEngine.dll, Mis en quarantaine, [eaaf26943159ad89bc02215b08feae52],
PUP.Optiona.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\MessengerPlusLive_France_TB\tbMes2.dll, Mis en quarantaine, [e3b67248503abd79e4dad2aacb3b7b85],
PUP.Optiona.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\Messenger_Plus_Live_France\tbMes0.dll, Mis en quarantaine, [dfba98226e1ce35328965923d531ac54],
PUP.Optiona.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\Vuze_Remote\ldrtbVuze.dll, Mis en quarantaine, [2079e0dacfbb6ec80eb06d0fd0367987],
PUP.Optiona.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\Vuze_Remote\tbVuze.dll, Mis en quarantaine, [693029917a1046f04d712755c34357a9],
PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\1.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\a.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\b.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\c.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\d.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\e.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\f.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\g.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\h.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\i.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\J.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\k.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\l.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\m.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\n.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\o.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\p.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\q.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\r.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\s.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\t.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\u.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\v.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\w.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\x.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\y.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\z.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
PUP.Optional.VuzeRemoteTB.A, C:\Documents and Settings\NetworkService\Local Settings\Application Data\Vuze_Remote\toolbar.cfg, Mis en quarantaine, [54454b6fa5e55fd7874ac70fc2417e82],

Secteurs physiques: 0
(Aucun élément malicieux détecté)


(end)
0
Réponse 11 / 17
jalilouz
16 juin 2015 à 19:32
Malwarebytes Anti-Malware
www.malwarebytes.org


Scan, 15/06/2015 00:19:42, SYSTEM, JULIE-QZFCRDUV2, Manual, Départ: 14/06/2015 13:15:57, Durée: 10 hr 48 min 37 sec, Examen "Menaces", Terminé, Détection de malveillants 2, Détection de non-malveillants de 46,
Protection, 15/06/2015 00:20:08, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Stopping,
Protection, 15/06/2015 00:20:08, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Stopped,
Protection, 15/06/2015 00:20:09, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Starting,
Protection, 15/06/2015 00:21:13, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Started,
Protection, 15/06/2015 06:30:56, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Starting,
Protection, 15/06/2015 06:30:56, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Started,
Protection, 15/06/2015 06:30:56, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Starting,
Protection, 15/06/2015 06:31:59, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Started,
Protection, 15/06/2015 06:38:58, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Stopping,
Protection, 15/06/2015 06:38:59, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Stopped,
Protection, 15/06/2015 06:38:59, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Stopping,
Protection, 15/06/2015 06:39:01, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Stopped,
Update, 15/06/2015 06:40:07, SYSTEM, JULIE-QZFCRDUV2, Manual, Rootkit Database, 2015.2.25.1, 2015.6.2.1,
Update, 15/06/2015 06:40:09, SYSTEM, JULIE-QZFCRDUV2, Manual, Remediation Database, 2015.3.9.1, 2015.5.13.1,
Update, 15/06/2015 06:40:09, SYSTEM, JULIE-QZFCRDUV2, Manual, IP Database, 0.0.0.0, 2015.6.12.1,
Update, 15/06/2015 06:40:09, SYSTEM, JULIE-QZFCRDUV2, Manual, Domain Database, 0.0.0.0, 2015.6.12.1,
Protection, 15/06/2015 06:40:10, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Starting,
Protection, 15/06/2015 06:40:11, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Started,
Protection, 15/06/2015 06:40:11, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Starting,
Update, 15/06/2015 06:40:33, SYSTEM, JULIE-QZFCRDUV2, Manual, Malware Database, 2015.3.9.5, 2015.4.5.2,
Protection, 15/06/2015 06:40:34, SYSTEM, JULIE-QZFCRDUV2, Protection, Refresh, Starting,
Protection, 15/06/2015 06:41:14, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Started,
Protection, 15/06/2015 06:41:14, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Stopping,
Protection, 15/06/2015 06:41:15, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Stopped,
Protection, 15/06/2015 06:42:10, SYSTEM, JULIE-QZFCRDUV2, Protection, Refresh, Success,
Protection, 15/06/2015 06:42:12, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Starting,
Protection, 15/06/2015 06:43:18, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Started,
Protection, 15/06/2015 06:43:18, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Stopping,
Protection, 15/06/2015 06:43:18, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Stopped,
Protection, 15/06/2015 06:43:18, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Stopping,
Protection, 15/06/2015 06:43:20, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Stopped,
Update, 15/06/2015 06:45:13, SYSTEM, JULIE-QZFCRDUV2, Manual, Remediation Database, 2015.3.9.1, 2015.5.13.1,
Update, 15/06/2015 06:45:13, SYSTEM, JULIE-QZFCRDUV2, Manual, Rootkit Database, 2015.2.25.1, 2015.6.2.1,
Update, 15/06/2015 06:45:13, SYSTEM, JULIE-QZFCRDUV2, Manual, Domain Database, 0.0.0.0, 2015.6.12.1,
Update, 15/06/2015 06:45:14, SYSTEM, JULIE-QZFCRDUV2, Manual, IP Database, 0.0.0.0, 2015.6.12.1,
Protection, 15/06/2015 06:45:15, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Starting,
Protection, 15/06/2015 06:45:15, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Started,
Protection, 15/06/2015 06:45:15, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Starting,
Update, 15/06/2015 06:45:37, SYSTEM, JULIE-QZFCRDUV2, Manual, Malware Database, 2015.3.9.5, 2015.4.5.2,
Protection, 15/06/2015 06:45:38, SYSTEM, JULIE-QZFCRDUV2, Protection, Refresh, Starting,
Protection, 15/06/2015 06:46:15, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Started,
Protection, 15/06/2015 06:46:15, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Stopping,
Protection, 15/06/2015 06:46:15, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Stopped,
Protection, 15/06/2015 06:46:57, SYSTEM, JULIE-QZFCRDUV2, Protection, Refresh, Success,
Protection, 15/06/2015 06:46:57, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Starting,
Protection, 15/06/2015 06:47:58, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Started,
Protection, 15/06/2015 19:01:31, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Starting,
Protection, 15/06/2015 19:01:32, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Started,
Protection, 15/06/2015 19:01:32, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Starting,
Protection, 15/06/2015 19:02:31, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Started,
Protection, 15/06/2015 19:12:24, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Starting,
Protection, 15/06/2015 19:12:25, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Started,
Protection, 15/06/2015 19:12:25, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Starting,
Protection, 15/06/2015 19:13:38, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Started,
Protection, 15/06/2015 19:13:40, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Stopping,
Protection, 15/06/2015 19:13:40, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Stopped,
Protection, 15/06/2015 19:13:41, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Stopping,
Protection, 15/06/2015 19:13:43, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Stopped,
Protection, 15/06/2015 19:15:10, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Starting,
Protection, 15/06/2015 19:15:10, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Started,
Protection, 15/06/2015 19:15:10, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Starting,
Protection, 15/06/2015 19:16:15, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Started,
Update, 15/06/2015 19:19:12, SYSTEM, JULIE-QZFCRDUV2, Manual, Remediation Database, 2015.3.9.1, 2015.6.15.1,
Update, 15/06/2015 19:19:13, SYSTEM, JULIE-QZFCRDUV2, Manual, Domain Database, 0.0.0.0, 2015.6.12.1,
Update, 15/06/2015 19:19:13, SYSTEM, JULIE-QZFCRDUV2, Manual, Rootkit Database, 2015.2.25.1, 2015.6.15.1,
Update, 15/06/2015 19:19:13, SYSTEM, JULIE-QZFCRDUV2, Manual, IP Database, 0.0.0.0, 2015.6.12.1,
Protection, 15/06/2015 19:19:51, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Starting,
Protection, 15/06/2015 19:19:51, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Started,
Protection, 15/06/2015 19:19:52, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Starting,
Update, 15/06/2015 19:20:25, SYSTEM, JULIE-QZFCRDUV2, Manual, Malware Database, 2015.3.9.5, 2015.4.5.2,
Protection, 15/06/2015 19:20:34, SYSTEM, JULIE-QZFCRDUV2, Protection, Refresh, Starting,
Protection, 15/06/2015 19:21:09, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Started,
Protection, 15/06/2015 19:21:09, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Stopping,
Protection, 15/06/2015 19:21:09, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Stopped,
Protection, 15/06/2015 19:21:58, SYSTEM, JULIE-QZFCRDUV2, Protection, Refresh, Success,
Protection, 15/06/2015 19:21:58, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Starting,

(end)
0
Réponse 12 / 17
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
17 juin 2015 à 07:17
Bonjour,
Tu n'as pas effectué la procédure du fix de FRST demandé ici en en 1/
https://forums.commentcamarche.net/forum/affich-32103391-tr-crypt-xpack-gen3#7
Refais la procédure puis poste le rapport fixlog.txt (sur le bureau)

@+
0
jalilouz
20 juin 2015 à 20:23
Fix result of Farbar Recovery Scan Tool (x86) Version: 13-06-2015
Ran by julie at 2015-06-20 20:09:49 Run:2
Running from C:\Documents and Settings\julie\Bureau
Loaded Profiles: julie (Available Profiles: julie)
Boot Mode: Normal

==============================================

fixlist content:

start
CloseProcesses:
CreateRestorePoint:
Task: C:\WINDOWS\Tasks\Go for FilesUpdate.job => C:\Program Files\GoforFiles\GFFUpdater.exehttp:/www.goforfiles.com <==== ATTENTION
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:4F636E25
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/... [Pays - 54.83.21.168]
SearchScopes: HKLM -> DefaultScope {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_tele_14_23_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtB0Fzzzy0B0BtBzyyEyEtCzztN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzzyByC0A0A0DtDtG0Azy0DtCtGtBtCtC0BtGyDzztDyCtGtBtBtA0FtC0ByDyCzzzztD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtA0CtDtBzzzytGtDtAzyyCtGtCtAyBtDtGtC0BtDzytGtByEtD0AyB0FtAyB0A0FtC0A2Q&cr=1035688138&ir= [Pays - 54.83.21.168]
SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_tele_14_23_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtB0Fzzzy0B0BtBzyyEyEtCzztN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzzyByC0A0A0DtDtG0Azy0DtCtGtBtCtC0BtGyDzztDyCtGtBtBtA0FtC0ByDyCzzzztD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtA0CtDtBzzzytGtDtAzyyCtGtCtAyBtDtGtC0BtDzytGtByEtD0AyB0FtAyB0A0FtC0A2Q&cr=1035688138&ir= [Pays - 54.83.21.168]
SearchScopes: HKU\S-1-5-21-436374069-2147049855-1417001333-1003 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.yd.delta-search.com/?q={searchTerms}&affID=119556&tt=030213_yd&babsrc=SP_ss&mntrId=d80b441800000000000000112f89bb29 [Pays - ]
SearchScopes: HKU\S-1-5-21-436374069-2147049855-1417001333-1003 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_tele_14_23_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtB0Fzzzy0B0BtBzyyEyEtCzztN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzzyByC0A0A0DtDtG0Azy0DtCtGtBtCtC0BtGyDzztDyCtGtBtBtA0FtC0ByDyCzzzztD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtA0CtDtBzzzytGtDtAzyyCtGtCtAyBtDtGtC0BtDzytGtByEtD0AyB0FtAyB0A0FtC0A2Q&cr=1035688138&ir= [Pays - 54.83.21.168]
SearchScopes: HKU\S-1-5-21-436374069-2147049855-1417001333-1003 -> {92DFD6BF-EFD4-48FC-9E0C-2402F2AB7956} URL = http://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=d80b441800000000000000112f89bb29&r=234 [Pays ES - 46.28.209.17]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/... [Pays - 54.83.21.168]
SearchScopes: HKLM -> DefaultScope {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_tele_14_23_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtB0Fzzzy0B0BtBzyyEyEtCzztN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzzyByC0A0A0DtDtG0Azy0DtCtGtBtCtC0BtGyDzztDyCtGtBtBtA0FtC0ByDyCzzzztD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtA0CtDtBzzzytGtDtAzyyCtGtCtAyBtDtGtC0BtDzytGtByEtD0AyB0FtAyB0A0FtC0A2Q&cr=1035688138&ir= [Pays - 54.83.21.168]
SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_tele_14_23_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtB0Fzzzy0B0BtBzyyEyEtCzztN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzzyByC0A0A0DtDtG0Azy0DtCtGtBtCtC0BtGyDzztDyCtGtBtBtA0FtC0ByDyCzzzztD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtA0CtDtBzzzytGtDtAzyyCtGtCtAyBtDtGtC0BtDzytGtByEtD0AyB0FtAyB0A0FtC0A2Q&cr=1035688138&ir= [Pays - 54.83.21.168]
SearchScopes: HKU\S-1-5-21-436374069-2147049855-1417001333-1003 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.yd.delta-search.com/?q={searchTerms}&affID=119556&tt=030213_yd&babsrc=SP_ss&mntrId=d80b441800000000000000112f89bb29 [Pays - ]
SearchScopes: HKU\S-1-5-21-436374069-2147049855-1417001333-1003 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_tele_14_23_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtB0Fzzzy0B0BtBzyyEyEtCzztN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzzyByC0A0A0DtDtG0Azy0DtCtGtBtCtC0BtGyDzztDyCtGtBtBtA0FtC0ByDyCzzzztD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtA0CtDtBzzzytGtDtAzyyCtGtCtAyBtDtGtC0BtDzytGtByEtD0AyB0FtAyB0A0FtC0A2Q&cr=1035688138&ir= [Pays - 54.83.21.168]
SearchScopes: HKU\S-1-5-21-436374069-2147049855-1417001333-1003 -> {92DFD6BF-EFD4-48FC-9E0C-2402F2AB7956} URL = http://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=d80b441800000000000000112f89bb29&r=234 [Pays ES - 46.28.209.17]
SearchScopes: HKU\S-1-5-21-436374069-2147049855-1417001333-1003 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091 [Pays NL - 195.78.120.88]
FF Extension: New Tab - C:\Documents and Settings\julie\Application Data\Mozilla\Firefox\Profiles\jh1455ac.default-1385494682671\Extensions\{01145754-47b0-4c4e-8e9d-79a40f737d10}.xpi [2014-11-29]
FF Extension: Search Tool for Mozilla Firefox - C:\Documents and Settings\julie\Application Data\Mozilla\Firefox\Profiles\jh1455ac.default-1385494682671\Extensions\{74904424-ec46-4d61-bd52-8b528a96f6d1}.xpi [2014-11-25]
S4 hpt3xx; No ImagePath
S4 IntelIde; No ImagePath
2015-06-04 21:06 - 2015-06-04 21:06 - 06420480 _____ C:\Program Files\GUT3F.tmp
2015-06-04 21:06 - 2015-06-04 21:06 - 00000000 ____D C:\Program Files\GUM3E.tmp
2015-06-04 16:05 - 2015-06-04 21:06 - 00000000 ____D C:\Program Files\GUM10.tmp
2015-06-04 16:05 - 2015-06-04 16:05 - 06420480 _____ C:\Program Files\GUT11.tmp
2015-06-04 16:05 - 2015-06-04 16:05 - 6420480 _____ () C:\Program Files\GUT11.tmp
2015-06-12 19:05 - 2015-06-12 19:05 - 6420480 _____ () C:\Program Files\GUT2.tmp
2015-06-04 21:06 - 2015-06-04 21:06 - 6420480 _____ () C:\Program Files\GUT3F.tmp
2013-11-22 23:00 - 2013-11-22 23:05 - 0001374 _____ () C:\Documents and Settings\julie\Application Data\Bubble Dock.boostrap.log
2013-11-22 23:00 - 2013-11-24 19:22 - 0018070 _____ () C:\Documents and Settings\julie\Application Data\Bubble Dock.installation.log
2010-11-09 19:42 - 2010-11-10 21:02 - 0002672 _____ () C:\Documents and Settings\julie\Local Settings\Application Data\AEE80575-7210-41C9-A903-34A875D2B2AB.txt
2007-01-27 18:04 - 2014-10-01 09:39 - 0144384 _____ () C:\Documents and Settings\julie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-05-24 22:50 - 2011-05-24 22:50 - 0000000 ___SH () C:\Documents and Settings\julie\Local Settings\Application Data\elx.exe
2011-05-24 22:50 - 2011-05-24 22:50 - 0000000 ___SH () C:\Documents and Settings\julie\Local Settings\Application Data\hyw.exe
2011-05-24 22:50 - 2011-05-24 22:50 - 0000000 ___SH () C:\Documents and Settings\julie\Local Settings\Application Data\jhq.exe
2011-05-24 22:50 - 2011-05-25 11:07 - 0015704 ___SH () C:\Documents and Settings\julie\Local Settings\Application Data\x5gms0uvt28gf524kf3000vvvhx51pxmcy54c02m0cf8ols
2011-05-24 22:50 - 2011-05-24 22:50 - 0000000 ___SH () C:\Documents and Settings\julie\Local Settings\Application Data\yxk.exe

EmptyTemp:
end


Processes closed successfully.
Restore point was successfully created.
C:\WINDOWS\Tasks\Go for FilesUpdate.job not found.
"C:\Documents and Settings\All Users\Application Data\TEMP" => ":4F636E25" ADS not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B} => key not found.
HKCR\CLSID\{31090377-0740-419E-BEFC-A56E50500D5B} => key not found.
HKU\S-1-5-21-436374069-2147049855-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => key not found.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => key not found.
HKU\S-1-5-21-436374069-2147049855-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B} => key not found.
HKCR\CLSID\{31090377-0740-419E-BEFC-A56E50500D5B} => key not found.
HKU\S-1-5-21-436374069-2147049855-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{92DFD6BF-EFD4-48FC-9E0C-2402F2AB7956} => key not found.
HKCR\CLSID\{92DFD6BF-EFD4-48FC-9E0C-2402F2AB7956} => key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B} => key not found.
HKCR\CLSID\{31090377-0740-419E-BEFC-A56E50500D5B} => key not found.
HKU\S-1-5-21-436374069-2147049855-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => key not found.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => key not found.
HKU\S-1-5-21-436374069-2147049855-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B} => key not found.
HKCR\CLSID\{31090377-0740-419E-BEFC-A56E50500D5B} => key not found.
HKU\S-1-5-21-436374069-2147049855-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{92DFD6BF-EFD4-48FC-9E0C-2402F2AB7956} => key not found.
HKCR\CLSID\{92DFD6BF-EFD4-48FC-9E0C-2402F2AB7956} => key not found.
HKU\S-1-5-21-436374069-2147049855-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => key not found.
HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => key not found.
C:\Documents and Settings\julie\Application Data\Mozilla\Firefox\Profiles\jh1455ac.default-1385494682671\Extensions\{01145754-47b0-4c4e-8e9d-79a40f737d10}.xpi => not found.
C:\Documents and Settings\julie\Application Data\Mozilla\Firefox\Profiles\jh1455ac.default-1385494682671\Extensions\{74904424-ec46-4d61-bd52-8b528a96f6d1}.xpi => not found.
hpt3xx => Service not found.
IntelIde => Service not found.
"C:\Program Files\GUT3F.tmp" => File/Folder not found.
"C:\Program Files\GUM3E.tmp" => File/Folder not found.
"C:\Program Files\GUM10.tmp" => File/Folder not found.
"C:\Program Files\GUT11.tmp" => File/Folder not found.
"C:\Program Files\GUT11.tmp" => File/Folder not found.
"C:\Program Files\GUT2.tmp" => File/Folder not found.
"C:\Program Files\GUT3F.tmp" => File/Folder not found.
"C:\Documents and Settings\julie\Application Data\Bubble Dock.boostrap.log" => File/Folder not found.
"C:\Documents and Settings\julie\Application Data\Bubble Dock.installation.log" => File/Folder not found.
"C:\Documents and Settings\julie\Local Settings\Application Data\AEE80575-7210-41C9-A903-34A875D2B2AB.txt" => File/Folder not found.
"C:\Documents and Settings\julie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini" => File/Folder not found.
"C:\Documents and Settings\julie\Local Settings\Application Data\elx.exe" => File/Folder not found.
"C:\Documents and Settings\julie\Local Settings\Application Data\hyw.exe" => File/Folder not found.
"C:\Documents and Settings\julie\Local Settings\Application Data\jhq.exe" => File/Folder not found.
"C:\Documents and Settings\julie\Local Settings\Application Data\x5gms0uvt28gf524kf3000vvvhx51pxmcy54c02m0cf8ols" => File/Folder not found.
"C:\Documents and Settings\julie\Local Settings\Application Data\yxk.exe" => File/Folder not found.
EmptyTemp: => 48.1 MB temporary data Removed.


The system needed a reboot.

End of Fixlog 20:10:45

désolé pr le retard
0
Réponse 13 / 17
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
21 juin 2015 à 10:51
Bonjour,
1/
Relance Malwarebytes puis poste le rapport stp

2/
Relance Avira pour vérifier s'il détecte encore des infections

@+
0
Réponse 14 / 17
jalilouz
21 juin 2015 à 22:43
Malwarebytes Anti-Malware
www.malwarebytes.org

Date de l'examen: 21/06/2015
Heure de l'examen: 20:54:02
Fichier journal: m1.txt
Administrateur: Oui

Version: 2.01.6.1022
Base de données Malveillants: v2015.06.18.06
Base de données Rootkits: v2015.06.15.01
Licence: Gratuit
Protection contre les malveillants: Désactivé(e)
Protection contre les sites Web malveillants: Désactivé(e)
Auto-protection: Désactivé(e)

Système d'exploitation: Windows XP Service Pack 2
Processeur: x86
Système de fichiers: NTFS
Utilisateur: julie

Type d'examen: Examen "Menaces"
Résultat: Terminé
Objets analysés: 331497
Temps écoulé: 1 h, 22 min, 17 sec

Mémoire: Activé(e)
Démarrage: Activé(e)
Système de fichiers: Activé(e)
Archives: Activé(e)
Rootkits: Activé(e)
Examen approfondi Rootkits: Activé(e)
Heuristique: Activé(e)
PUP: Activé(e)
PUM: Activé(e)

Processus: 0
(Aucun élément malicieux détecté)

Modules: 0
(Aucun élément malicieux détecté)

Clés du Registre: 0
(Aucun élément malicieux détecté)

Valeurs du Registre: 0
(Aucun élément malicieux détecté)

Données du Registre: 0
(Aucun élément malicieux détecté)

Dossiers: 20
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\CacheIcons, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\AddedAppDialog, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\DefualtImages, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\DetectedAppDialog, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\EngineFirstTimeDialog, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\SearchProtectorDialog, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\ToolbarFirstTimeDialog, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\images, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\ToolbarUntrustedAppsApprovalDialog, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\UntrustedAddedAppDialog, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\UntrustedAppApprovalDialog, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\UntrustedAppPendingDialog, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\ExternalComponent, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Logs, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\MyStuffApps, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Repository, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Repository\conduit_ConduitEngine, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Repository\conduit_ConduitEngine\dynamicDialogs, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],

Fichiers: 58
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\EngineSettings.json, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\toolbar.cfg, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_MoveLeft_png.png, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_MoveRight_png.png, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Share_png.png, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\DialogsAPI.js, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\excanvas.js, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\generalDialogStyle.css, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\PIE.htc, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\settings.js, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\version.txt, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\AddedAppDialog\app-added.js, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\AddedAppDialog\main.html, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\DefualtImages\icon.png, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\DetectedAppDialog\app-2go.js, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\DetectedAppDialog\main.html, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\EngineFirstTimeDialog\EngineFirstTimeDialog.js, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\EngineFirstTimeDialog\main.html, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\EngineFirstTimeDialog\right-click.gif, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\SearchProtectorDialog\main.html, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\SearchProtectorDialog\SearchProtector.css, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\SearchProtectorDialog\SearchProtector.js, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\main.html, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.css, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.js, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\images\app-store-icon.png, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\images\arrow.png, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\images\divider.png, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\images\emailNotifier.gif, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\images\facebook.png, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\images\radio.GIF, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\images\Thumbs.db, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\images\truste_welcome.GIF, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\images\weather.GIF, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\ToolbarUntrustedAppsApprovalDialog\main.html, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\ToolbarUntrustedAppsApprovalDialog\ToolbarUntrustedAppsApprovalDialog.js, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\UntrustedAddedAppDialog\main.html, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\UntrustedAddedAppDialog\UT-app-dialog-added.js, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\UntrustedAppApprovalDialog\main.html, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\UntrustedAppApprovalDialog\UT-app-dialog-needs-your-approval.js, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\UntrustedAppPendingDialog\main.html, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\UntrustedAppPendingDialog\UT-app-dialog-is-waiting.js, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\ExternalComponent\http___contextmenu_app_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=appContextMenu&locale=fr-fr.xml, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\ExternalComponent\http___contextmenu_app_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=appContextMenu2_0&locale=fr-fr.xml, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\ExternalComponent\http___contextmenu_engine_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=engineContextMenu&locale=fr-fr.xml, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\ExternalComponent\http___contextmenu_engine_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=engineContextMenu2_0&locale=fr-fr.xml, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Repository\conduit_ConduitEngine\dynamicDialogs\data.txt, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],

Secteurs physiques: 0
(Aucun élément malicieux détecté)


(end)
0
Réponse 15 / 17
jalilouz
21 juin 2015 à 22:43
Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 21/06/2015 20:26:28, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Starting,
Protection, 21/06/2015 20:26:29, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Started,
Protection, 21/06/2015 20:26:38, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Starting,
Protection, 21/06/2015 20:27:54, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Started,
Protection, 21/06/2015 20:43:48, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Stopping,
Protection, 21/06/2015 20:43:56, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Stopped,
Protection, 21/06/2015 20:43:56, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Stopping,
Protection, 21/06/2015 20:48:16, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Stopped,
Scan, 21/06/2015 20:53:47, SYSTEM, JULIE-QZFCRDUV2, Manual, Départ: 21/06/2015 20:51:41, Durée: 2 minutes 6 secondes, Examen "Menaces", Annulé, Détection de malveillants 0, Détection de non-malveillants de 0,
Scan, 21/06/2015 22:29:14, SYSTEM, JULIE-QZFCRDUV2, Manual, Départ: 21/06/2015 20:54:02, Durée: 1 hr 22 min 17 sec, Examen "Menaces", Terminé, Détection de malveillants 0, Détection de non-malveillants de 78,

(end)
0
Réponse 16 / 17
jalilouz
21 juin 2015 à 22:44
Malwarebytes Anti-Malware
www.malwarebytes.org

Date de l'examen: 21/06/2015
Heure de l'examen: 20:51:41
Fichier journal: m3.txt
Administrateur: Oui

Version: 2.01.6.1022
Base de données Malveillants: v2015.06.18.06
Base de données Rootkits: v2015.06.15.01
Licence: Gratuit
Protection contre les malveillants: Désactivé(e)
Protection contre les sites Web malveillants: Désactivé(e)
Auto-protection: Désactivé(e)

Système d'exploitation: Windows XP Service Pack 2
Processeur: x86
Système de fichiers: NTFS
Utilisateur: julie

Type d'examen: Examen "Menaces"
Résultat: Annulé
Objets analysés: 0
(Aucun élément malicieux détecté)
Temps écoulé: 2 min, 6 sec

Mémoire: Activé(e)
Démarrage: Activé(e)
Système de fichiers: Activé(e)
Archives: Activé(e)
Rootkits: Activé(e)
Examen approfondi Rootkits: Activé(e)
Heuristique: Activé(e)
PUP: Activé(e)
PUM: Activé(e)

Processus: 0
(Aucun élément malicieux détecté)

Modules: 0
(Aucun élément malicieux détecté)

Clés du Registre: 0
(Aucun élément malicieux détecté)

Valeurs du Registre: 0
(Aucun élément malicieux détecté)

Données du Registre: 0
(Aucun élément malicieux détecté)

Dossiers: 0
(Aucun élément malicieux détecté)

Fichiers: 0
(Aucun élément malicieux détecté)

Secteurs physiques: 0
(Aucun élément malicieux détecté)


(end)
0
Réponse 17 / 17
jalilouz
21 juin 2015 à 22:45
je relance dc avira et je vous redis
0
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
22 juin 2015 à 09:52
Bonjour,
D'accord, en attendant le rapport Avira..

@+
0

Discussions similaires

Sa veux dire koi??Subject: FW: Tr :FW: TR: TR
france22 -
ghano0666545160 -

12 réponses
casque sans fil Sennheiser TR 4200 ne fonctionne plus
jcb83400 -
DIY -

3 réponses
Signification "TR"
andromeid -
matrix4422 -

3 réponses
Signification des abréviations RE: et TR:
La Salamandre -
Iolose -

19 réponses
Casque sans fil senheiser TR 120
Thiet78 -
baladur13 -

2 réponses