TR/Crypt.XPACK.Gen3

jalilouz Messages postés 3 Statut Membre -  
Fish66 Messages postés 18337 Statut Contributeur sécurité -
Bonjour,
je suis sous windows vista et depuis hier un message d'erreur d'avira antivir personal me dit :
un virus a été détecté cheval de troie
cela affiche TR/Crypt.XPACK.Gen3
a chaques fois que je m'est supprimer ou placer en quarantaine ... le message réaparait , comment faire pour enlever le virus ?
merci

17 réponses

  1. Fish66 Messages postés 18337 Statut Contributeur sécurité 1 318
     
    Bonsoir,
    On va vérifier s'il est un faux positif..
    ---------------
    [*] Télécharge :Farbar Recovery Scan Tool (FRST) à partir
    ce lien : https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
    [*] Enregistre le sur votre bureau ( Vous devez exécuter la version compatible avec votre système 32 bits ou 64 bits)
    ==> Comment savoir quelle version 32 bits ou 64 bits est exécutée sur mon système ?
    [*] Lance FRST, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
    [*] Sur le menu principal, vérifie que la case "Addition.txt" soit cochée puis clique sur "Scan" et patiente le temps de l'analyse

    [*] Une fois le scan terminé rends toi sur le bureau, deux rapports FRST.txt et Addition.txt ont été créés.
    [*] Héberge les rapports FRST.txt et Addition.txt présent sur ton bureau sur : malekal.com
    [*] Fais copier/coller les liens fournis dans ta prochaine réponse.

    ==> Aide: <<<ICI>>>

    0
  2. Fish66 Messages postés 18337 Statut Contributeur sécurité 1 318
     
    Bonjour,
    1/
    Tu as installé des adwares et programmes indésirables sur ton PC.
    -------------------------------
    Télécharge : AdwCleaner (merci à Xplode)
    Lance AdwCleaner
    Clique sur Scanner puis Nettoyer, et patiente le temps du nettoyage.
    Poste le rapport qui apparait en fin de recherche.
    (Le rapport est sauvegardé aussi sous C:\AdwCleaner\AdwCleaner[x].txt)
    ----------------------------
    Pour éviter d'avoir des publicités et des toolbars, tu peux lire ceci : https://forum.malekal.com/viewtopic.php?t=33776&start=

    2/
    ZHPCleaner
    [*] Télécharge et enregistre ZHPCleaner sur ton bureau à partir ce lien : https://nicolascoolman.eu
    [*] Exécute le en cliquant sur le bouton droit de la souris et en choisissant "Exécuter en tant qu'administrateur"
    [*]Accepte les conditions d'utilisation,
    [*]Clique sur le bouton [Réparer] ( ou [Nettoyer])
    [*]Accepte toutes les réparations proposées
    [*]Un rapport ZHPCleaner.txt sera créé sur le bureau
    [*]Clique sur Rapport si tu ne vois pas le rapport, une copie (%appdata%\ZHP\ZHPCleaner.txt) s'ouvrira,
    [*]Héberge ce rapport sur : http://pjjoint.malekal.com/ ou https://www.cjoint.com/
    [*]Copie/Colle le lien généré dans ta réponse.

    @+

    0
  3. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  4. Fish66 Messages postés 18337 Statut Contributeur sécurité 1 318
     
    Salut,
    Démarre en Mode sans échec avec prise en charge réseau :
    Pour cela, tu tapotes la touche F8 dès le début de l'allumage du pc sans t'arrêter
    Une fenêtre va s'ouvrir tu te déplaces avec les flèches du clavier sur >> démarrer en Mode sans échec avec prise en charge réseau
    puis tape entrée.
    Une fois sur le bureau s'il n'y a pas toutes les couleurs et autres c'est normal !
    (Si F8 ne marche pas utilise la touche F5)
    ----------------------------
    Aide : https://www.commentcamarche.net/informatique/windows/113-demarrer-windows-10-en-mode-sans-echec/
    ===========================
    Dans ce mode tu refais la procédure de ZHPCleaner puis poste le rapport stp
    0
  5. jalilouz
     
    le même message d'erreur en mode sans echec
    0
  6. Fish66 Messages postés 18337 Statut Contributeur sécurité 1 318
     
    Bonsoir,
    1/
    [*] Appuies simultanément sur les touches Windows et R
    [*] Une fenêtre va s'ouvrir, tape ceci : notepad
    [*] Clic sur OK (Le bloc note va s'ouvrir)

    [*] Coller le script en gras ci-dessous dans votre bloc-notes

    start
    CloseProcesses:
    CreateRestorePoint:
    Task: C:\WINDOWS\Tasks\Go for FilesUpdate.job => C:\Program Files\GoforFiles\GFFUpdater.exehttp:/www.goforfiles.com <==== ATTENTION
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:4F636E25
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/... [Pays - 54.83.21.168]
    SearchScopes: HKLM -> DefaultScope {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_tele_14_23_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtB0Fzzzy0B0BtBzyyEyEtCzztN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzzyByC0A0A0DtDtG0Azy0DtCtGtBtCtC0BtGyDzztDyCtGtBtBtA0FtC0ByDyCzzzztD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtA0CtDtBzzzytGtDtAzyyCtGtCtAyBtDtGtC0BtDzytGtByEtD0AyB0FtAyB0A0FtC0A2Q&cr=1035688138&ir= [Pays - 54.83.21.168]
    SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_tele_14_23_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtB0Fzzzy0B0BtBzyyEyEtCzztN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzzyByC0A0A0DtDtG0Azy0DtCtGtBtCtC0BtGyDzztDyCtGtBtBtA0FtC0ByDyCzzzztD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtA0CtDtBzzzytGtDtAzyyCtGtCtAyBtDtGtC0BtDzytGtByEtD0AyB0FtAyB0A0FtC0A2Q&cr=1035688138&ir= [Pays - 54.83.21.168]
    SearchScopes: HKU\S-1-5-21-436374069-2147049855-1417001333-1003 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com?q={searchTerms}&affID=119556&tt=030213_yd&babsrc=SP_ss&mntrId=d80b441800000000000000112f89bb29 [Pays - ]
    SearchScopes: HKU\S-1-5-21-436374069-2147049855-1417001333-1003 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_tele_14_23_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtB0Fzzzy0B0BtBzyyEyEtCzztN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzzyByC0A0A0DtDtG0Azy0DtCtGtBtCtC0BtGyDzztDyCtGtBtBtA0FtC0ByDyCzzzztD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtA0CtDtBzzzytGtDtAzyyCtGtCtAyBtDtGtC0BtDzytGtByEtD0AyB0FtAyB0A0FtC0A2Q&cr=1035688138&ir= [Pays - 54.83.21.168]
    SearchScopes: HKU\S-1-5-21-436374069-2147049855-1417001333-1003 -> {92DFD6BF-EFD4-48FC-9E0C-2402F2AB7956} URL = https://en.softonic.com{searchTerms}&SearchSource=4&cc=&mi=d80b441800000000000000112f89bb29&r=234 [Pays ES - 46.28.209.17]
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/... [Pays - 54.83.21.168]
    SearchScopes: HKLM -> DefaultScope {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_tele_14_23_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtB0Fzzzy0B0BtBzyyEyEtCzztN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzzyByC0A0A0DtDtG0Azy0DtCtGtBtCtC0BtGyDzztDyCtGtBtBtA0FtC0ByDyCzzzztD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtA0CtDtBzzzytGtDtAzyyCtGtCtAyBtDtGtC0BtDzytGtByEtD0AyB0FtAyB0A0FtC0A2Q&cr=1035688138&ir= [Pays - 54.83.21.168]
    SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_tele_14_23_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtB0Fzzzy0B0BtBzyyEyEtCzztN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzzyByC0A0A0DtDtG0Azy0DtCtGtBtCtC0BtGyDzztDyCtGtBtBtA0FtC0ByDyCzzzztD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtA0CtDtBzzzytGtDtAzyyCtGtCtAyBtDtGtC0BtDzytGtByEtD0AyB0FtAyB0A0FtC0A2Q&cr=1035688138&ir= [Pays - 54.83.21.168]
    SearchScopes: HKU\S-1-5-21-436374069-2147049855-1417001333-1003 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com?q={searchTerms}&affID=119556&tt=030213_yd&babsrc=SP_ss&mntrId=d80b441800000000000000112f89bb29 [Pays - ]
    SearchScopes: HKU\S-1-5-21-436374069-2147049855-1417001333-1003 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_tele_14_23_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtB0Fzzzy0B0BtBzyyEyEtCzztN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzzyByC0A0A0DtDtG0Azy0DtCtGtBtCtC0BtGyDzztDyCtGtBtBtA0FtC0ByDyCzzzztD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtA0CtDtBzzzytGtDtAzyyCtGtCtAyBtDtGtC0BtDzytGtByEtD0AyB0FtAyB0A0FtC0A2Q&cr=1035688138&ir= [Pays - 54.83.21.168]
    SearchScopes: HKU\S-1-5-21-436374069-2147049855-1417001333-1003 -> {92DFD6BF-EFD4-48FC-9E0C-2402F2AB7956} URL = https://en.softonic.com{searchTerms}&SearchSource=4&cc=&mi=d80b441800000000000000112f89bb29&r=234 [Pays ES - 46.28.209.17]
    SearchScopes: HKU\S-1-5-21-436374069-2147049855-1417001333-1003 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091 [Pays NL - 195.78.120.88]
    FF Extension: New Tab - C:\Documents and Settings\julie\Application Data\Mozilla\Firefox\Profiles\jh1455ac.default-1385494682671\Extensions\{01145754-47b0-4c4e-8e9d-79a40f737d10}.xpi [2014-11-29]
    FF Extension: Search Tool for Mozilla Firefox - C:\Documents and Settings\julie\Application Data\Mozilla\Firefox\Profiles\jh1455ac.default-1385494682671\Extensions\{74904424-ec46-4d61-bd52-8b528a96f6d1}.xpi [2014-11-25]
    S4 hpt3xx; No ImagePath
    S4 IntelIde; No ImagePath
    2015-06-04 21:06 - 2015-06-04 21:06 - 06420480 _____ C:\Program Files\GUT3F.tmp
    2015-06-04 21:06 - 2015-06-04 21:06 - 00000000 ____D C:\Program Files\GUM3E.tmp
    2015-06-04 16:05 - 2015-06-04 21:06 - 00000000 ____D C:\Program Files\GUM10.tmp
    2015-06-04 16:05 - 2015-06-04 16:05 - 06420480 _____ C:\Program Files\GUT11.tmp
    2015-06-04 16:05 - 2015-06-04 16:05 - 6420480 _____ () C:\Program Files\GUT11.tmp
    2015-06-12 19:05 - 2015-06-12 19:05 - 6420480 _____ () C:\Program Files\GUT2.tmp
    2015-06-04 21:06 - 2015-06-04 21:06 - 6420480 _____ () C:\Program Files\GUT3F.tmp
    2013-11-22 23:00 - 2013-11-22 23:05 - 0001374 _____ () C:\Documents and Settings\julie\Application Data\Bubble Dock.boostrap.log
    2013-11-22 23:00 - 2013-11-24 19:22 - 0018070 _____ () C:\Documents and Settings\julie\Application Data\Bubble Dock.installation.log
    2010-11-09 19:42 - 2010-11-10 21:02 - 0002672 _____ () C:\Documents and Settings\julie\Local Settings\Application Data\AEE80575-7210-41C9-A903-34A875D2B2AB.txt
    2007-01-27 18:04 - 2014-10-01 09:39 - 0144384 _____ () C:\Documents and Settings\julie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2011-05-24 22:50 - 2011-05-24 22:50 - 0000000 ___SH () C:\Documents and Settings\julie\Local Settings\Application Data\elx.exe
    2011-05-24 22:50 - 2011-05-24 22:50 - 0000000 ___SH () C:\Documents and Settings\julie\Local Settings\Application Data\hyw.exe
    2011-05-24 22:50 - 2011-05-24 22:50 - 0000000 ___SH () C:\Documents and Settings\julie\Local Settings\Application Data\jhq.exe
    2011-05-24 22:50 - 2011-05-25 11:07 - 0015704 ___SH () C:\Documents and Settings\julie\Local Settings\Application Data\x5gms0uvt28gf524kf3000vvvhx51pxmcy54c02m0cf8ols
    2011-05-24 22:50 - 2011-05-24 22:50 - 0000000 ___SH () C:\Documents and Settings\julie\Local Settings\Application Data\yxk.exe

    EmptyTemp:
    end


    [*] Une fois, le texte coller dans le bloc-note.
    [*] Cliquez sur "Fichier" puis dans le menu déroulant sur "Enregistrer sous"
    [*] A cette fenêtre cliquez sur "Bureau"
    [*] Dans la zone de "Nom de fichier" tapez : fixlist puis validez en cliquant sur Enregistrer
    [*] Sur votre bureau vous avez le fichier texte (fixlist.txt & FRST.exe)

    [*] Lancez FRST, "exécuter en tant qu'administrateur" sous Windows Vista, Windows Seven et Windows 8/8.1
    [*] Cliquez sur "Fix"

    [*] Un fichier texte apparaît, copie/colle le contenu ici dans un nouveau message.
    [*] Redémarre l'ordinateur.

    [*] ===> Aide : <<<ICI>>>


    2/
    [*] Lance Malwarebytes.
    [*] Mets le à jour puis lance un examen "Menaces".
    [*] coche "Recherche de rootkits" (Paramètres -> Détection et protection)
    [*] A la fin du scan, clic sur "Mettre tous en quarantaine" en bas à gauche.
    [*] Redémarre l'ordinateur si besoin.
    [*] Après redémarrage, relance Malwarebytes.
    [*] Vas chercher le rapport dans l'onglet "Historique".
    [*] Clic à gauche sur l'onglet Journaux de l'application.
    [*] Double-clic sur le journal d'examen pour l'afficher.
    [*] En bas à gauche choisis "Copier dans le presse papier"
    [*] colle le rapport le contenu du journal ici

    Bonne soirée
    0
  7. jalilouz
     
    Fix result of Farbar Recovery Scan Tool (x86) Version: 13-06-2015
    Ran by julie at 2015-06-14 12:03:41 Run:1
    Running from C:\Documents and Settings\julie\Bureau
    Loaded Profiles: julie (Available Profiles: julie)
    Boot Mode: Normal

    ==============================================

    fixlist content:
    start

    CloseProcesses:

    CreateRestorePoint:

    Task: C:\WINDOWS\Tasks\Go for FilesUpdate.job => C:\Program Files\GoforFiles\GFFUpdater.exehttp:/www.goforfiles.com <==== ATTENTION

    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:4F636E25

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/... [Pays - 54.83.21.168]

    SearchScopes: HKLM -> DefaultScope {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_tele_14_23_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtB0Fzzzy0B0BtBzyyEyEtCzztN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzzyByC0A0A0DtDtG0Azy0DtCtGtBtCtC0BtGyDzztDyCtGtBtBtA0FtC0ByDyCzzzztD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtA0CtDtBzzzytGtDtAzyyCtGtCtAyBtDtGtC0BtDzytGtByEtD0AyB0FtAyB0A0FtC0A2Q&cr=1035688138&ir= [Pays - 54.83.21.168]

    SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_tele_14_23_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtB0Fzzzy0B0BtBzyyEyEtCzztN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzzyByC0A0A0DtDtG0Azy0DtCtGtBtCtC0BtGyDzztDyCtGtBtBtA0FtC0ByDyCzzzztD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtA0CtDtBzzzytGtDtAzyyCtGtCtAyBtDtGtC0BtDzytGtByEtD0AyB0FtAyB0A0FtC0A2Q&cr=1035688138&ir= [Pays - 54.83.21.168]

    SearchScopes: HKU\S-1-5-21-436374069-2147049855-1417001333-1003 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.yd.delta-search.com/?q={searchTerms}&affID=119556&tt=030213_yd&babsrc=SP_ss&mntrId=d80b441800000000000000112f89bb29 [Pays - ]

    SearchScopes: HKU\S-1-5-21-436374069-2147049855-1417001333-1003 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_tele_14_23_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtB0Fzzzy0B0BtBzyyEyEtCzztN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzzyByC0A0A0DtDtG0Azy0DtCtGtBtCtC0BtGyDzztDyCtGtBtBtA0FtC0ByDyCzzzztD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtA0CtDtBzzzytGtDtAzyyCtGtCtAyBtDtGtC0BtDzytGtByEtD0AyB0FtAyB0A0FtC0A2Q&cr=1035688138&ir= [Pays - 54.83.21.168]

    SearchScopes: HKU\S-1-5-21-436374069-2147049855-1417001333-1003 -> {92DFD6BF-EFD4-48FC-9E0C-2402F2AB7956} URL = http://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=d80b441800000000000000112f89bb29&r=234 [Pays ES - 46.28.209.17]

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/... [Pays - 54.83.21.168]

    SearchScopes: HKLM -> DefaultScope {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_tele_14_23_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtB0Fzzzy0B0BtBzyyEyEtCzztN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzzyByC0A0A0DtDtG0Azy0DtCtGtBtCtC0BtGyDzztDyCtGtBtBtA0FtC0ByDyCzzzztD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtA0CtDtBzzzytGtDtAzyyCtGtCtAyBtDtGtC0BtDzytGtByEtD0AyB0FtAyB0A0FtC0A2Q&cr=1035688138&ir= [Pays - 54.83.21.168]

    SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_tele_14_23_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtB0Fzzzy0B0BtBzyyEyEtCzztN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzzyByC0A0A0DtDtG0Azy0DtCtGtBtCtC0BtGyDzztDyCtGtBtBtA0FtC0ByDyCzzzztD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtA0CtDtBzzzytGtDtAzyyCtGtCtAyBtDtGtC0BtDzytGtByEtD0AyB0FtAyB0A0FtC0A2Q&cr=1035688138&ir= [Pays - 54.83.21.168]

    SearchScopes: HKU\S-1-5-21-436374069-2147049855-1417001333-1003 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.yd.delta-search.com/?q={searchTerms}&affID=119556&tt=030213_yd&babsrc=SP_ss&mntrId=d80b441800000000000000112f89bb29 [Pays - ]

    SearchScopes: HKU\S-1-5-21-436374069-2147049855-1417001333-1003 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_tele_14_23_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtB0Fzzzy0B0BtBzyyEyEtCzztN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzzyByC0A0A0DtDtG0Azy0DtCtGtBtCtC0BtGyDzztDyCtGtBtBtA0FtC0ByDyCzzzztD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtA0CtDtBzzzytGtDtAzyyCtGtCtAyBtDtGtC0BtDzytGtByEtD0AyB0FtAyB0A0FtC0A2Q&cr=1035688138&ir= [Pays - 54.83.21.168]

    SearchScopes: HKU\S-1-5-21-436374069-2147049855-1417001333-1003 -> {92DFD6BF-EFD4-48FC-9E0C-2402F2AB7956} URL = http://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=d80b441800000000000000112f89bb29&r=234 [Pays ES - 46.28.209.17]

    SearchScopes: HKU\S-1-5-21-436374069-2147049855-1417001333-1003 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091 [Pays NL - 195.78.120.88]

    FF Extension: New Tab - C:\Documents and Settings\julie\Application Data\Mozilla\Firefox\Profiles\jh1455ac.default-1385494682671\Extensions\{01145754-47b0-4c4e-8e9d-79a40f737d10}.xpi [2014-11-29]

    FF Extension: Search Tool for Mozilla Firefox - C:\Documents and Settings\julie\Application Data\Mozilla\Firefox\Profiles\jh1455ac.default-1385494682671\Extensions\{74904424-ec46-4d61-bd52-8b528a96f6d1}.xpi [2014-11-25]

    S4 hpt3xx; No ImagePath

    S4 IntelIde; No ImagePath

    2015-06-04 21:06 - 2015-06-04 21:06 - 06420480 _____ C:\Program Files\GUT3F.tmp

    2015-06-04 21:06 - 2015-06-04 21:06 - 00000000 ____D C:\Program Files\GUM3E.tmp

    2015-06-04 16:05 - 2015-06-04 21:06 - 00000000 ____D C:\Program Files\GUM10.tmp

    2015-06-04 16:05 - 2015-06-04 16:05 - 06420480 _____ C:\Program Files\GUT11.tmp

    2015-06-04 16:05 - 2015-06-04 16:05 - 6420480 _____ () C:\Program Files\GUT11.tmp

    2015-06-12 19:05 - 2015-06-12 19:05 - 6420480 _____ () C:\Program Files\GUT2.tmp

    2015-06-04 21:06 - 2015-06-04 21:06 - 6420480 _____ () C:\Program Files\GUT3F.tmp

    2013-11-22 23:00 - 2013-11-22 23:05 - 0001374 _____ () C:\Documents and Settings\julie\Application Data\Bubble Dock.boostrap.log

    2013-11-22 23:00 - 2013-11-24 19:22 - 0018070 _____ () C:\Documents and Settings\julie\Application Data\Bubble Dock.installation.log

    2010-11-09 19:42 - 2010-11-10 21:02 - 0002672 _____ () C:\Documents and Settings\julie\Local Settings\Application Data\AEE80575-7210-41C9-A903-34A875D2B2AB.txt

    2007-01-27 18:04 - 2014-10-01 09:39 - 0144384 _____ () C:\Documents and Settings\julie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    2011-05-24 22:50 - 2011-05-24 22:50 - 0000000 ___SH () C:\Documents and Settings\julie\Local Settings\Application Data\elx.exe

    2011-05-24 22:50 - 2011-05-24 22:50 - 0000000 ___SH () C:\Documents and Settings\julie\Local Settings\Application Data\hyw.exe

    2011-05-24 22:50 - 2011-05-24 22:50 - 0000000 ___SH () C:\Documents and Settings\julie\Local Settings\Application Data\jhq.exe

    2011-05-24 22:50 - 2011-05-25 11:07 - 0015704 ___SH () C:\Documents and Settings\julie\Local Settings\Application Data\x5gms0uvt28gf524kf3000vvvhx51pxmcy54c02m0cf8ols

    2011-05-24 22:50 - 2011-05-24 22:50 - 0000000 ___SH () C:\Documents and Settings\julie\Local Settings\Application Data\yxk.exe

    EmptyTemp:
    0
  8. jalilouz
     
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Date de l'examen: 14/06/2015
    Heure de l'examen: 13:15:57
    Fichier journal: mal.txt
    Administrateur: Oui

    Version: 2.01.6.1022
    Base de données Malveillants: v2015.06.14.01
    Base de données Rootkits: v2015.06.02.01
    Licence: Essai
    Protection contre les malveillants: Activé(e)
    Protection contre les sites Web malveillants: Activé(e)
    Auto-protection: Désactivé(e)

    Système d'exploitation: Windows XP Service Pack 2
    Processeur: x86
    Système de fichiers: NTFS
    Utilisateur: julie

    Type d'examen: Examen "Menaces"
    Résultat: Terminé
    Objets analysés: 330888
    Temps écoulé: 10 h, 48 min, 37 sec

    Mémoire: Activé(e)
    Démarrage: Activé(e)
    Système de fichiers: Activé(e)
    Archives: Activé(e)
    Rootkits: Activé(e)
    Examen approfondi Rootkits: Activé(e)
    Heuristique: Activé(e)
    PUP: Activé(e)
    PUM: Activé(e)

    Processus: 0
    (Aucun élément malicieux détecté)

    Modules: 0
    (Aucun élément malicieux détecté)

    Clés du Registre: 0
    (Aucun élément malicieux détecté)

    Valeurs du Registre: 0
    (Aucun élément malicieux détecté)

    Données du Registre: 0
    (Aucun élément malicieux détecté)

    Dossiers: 0
    (Aucun élément malicieux détecté)

    Fichiers: 0
    (Aucun élément malicieux détecté)

    Secteurs physiques: 0
    (Aucun élément malicieux détecté)

    (end)

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Protection, 14/06/2015 13:04:11, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Starting,
    Protection, 14/06/2015 13:04:11, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Started,
    Protection, 14/06/2015 13:04:11, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Starting,
    Protection, 14/06/2015 13:05:16, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Started,
    Update, 14/06/2015 13:05:19, SYSTEM, JULIE-QZFCRDUV2, Manual, IP Database, 0.0.0.0, 2015.6.12.1,
    Update, 14/06/2015 13:05:19, SYSTEM, JULIE-QZFCRDUV2, Manual, Remediation Database, 2015.3.9.1, 2015.5.13.1,
    Update, 14/06/2015 13:05:19, SYSTEM, JULIE-QZFCRDUV2, Manual, Domain Database, 0.0.0.0, 2015.6.12.1,
    Update, 14/06/2015 13:05:19, SYSTEM, JULIE-QZFCRDUV2, Manual, Rootkit Database, 2015.2.25.1, 2015.6.2.1,
    Update, 14/06/2015 13:05:30, SYSTEM, JULIE-QZFCRDUV2, Manual, Malware Database, 2015.3.9.5, 2015.6.14.1,
    Protection, 14/06/2015 13:05:30, SYSTEM, JULIE-QZFCRDUV2, Protection, Refresh, Starting,
    Protection, 14/06/2015 13:05:30, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Stopping,
    Protection, 14/06/2015 13:05:31, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Stopped,
    Protection, 14/06/2015 13:06:18, SYSTEM, JULIE-QZFCRDUV2, Protection, Refresh, Success,
    Protection, 14/06/2015 13:06:18, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Starting,
    Protection, 14/06/2015 13:07:25, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Started,
    Update, 14/06/2015 15:07:26, SYSTEM, JULIE-QZFCRDUV2, Scheduler, Malware Database, 2015.6.14.1, 2015.6.14.3,
    Protection, 14/06/2015 15:07:27, SYSTEM, JULIE-QZFCRDUV2, Protection, Refresh, Starting,
    Protection, 14/06/2015 15:07:27, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Stopping,
    Protection, 14/06/2015 15:07:29, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Stopped,
    Protection, 14/06/2015 15:09:08, SYSTEM, JULIE-QZFCRDUV2, Protection, Refresh, Success,
    Protection, 14/06/2015 15:09:09, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Starting,
    Protection, 14/06/2015 15:10:22, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Started,
    Update, 14/06/2015 22:08:06, SYSTEM, JULIE-QZFCRDUV2, Scheduler, Malware Database, 2015.6.14.3, 2015.6.14.5,
    Protection, 14/06/2015 22:08:08, SYSTEM, JULIE-QZFCRDUV2, Protection, Refresh, Starting,
    Protection, 14/06/2015 22:08:08, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Stopping,
    Protection, 14/06/2015 22:08:08, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Stopped,
    Protection, 14/06/2015 22:10:48, SYSTEM, JULIE-QZFCRDUV2, Protection, Refresh, Success,
    Protection, 14/06/2015 22:11:13, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Starting,
    Protection, 14/06/2015 22:12:25, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Started,

    (end)
    0
  9. jalilouz
     
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Date de l'examen: 14/06/2015
    Heure de l'examen: 13:15:57
    Fichier journal: mal2.txt
    Administrateur: Oui

    Version: 2.01.6.1022
    Base de données Malveillants: v2015.06.14.01
    Base de données Rootkits: v2015.06.02.01
    Licence: Essai
    Protection contre les malveillants: Activé(e)
    Protection contre les sites Web malveillants: Activé(e)
    Auto-protection: Désactivé(e)

    Système d'exploitation: Windows XP Service Pack 2
    Processeur: x86
    Système de fichiers: NTFS
    Utilisateur: julie

    Type d'examen: Examen "Menaces"
    Résultat: Terminé
    Objets analysés: 330888
    Temps écoulé: 10 h, 48 min, 37 sec

    Mémoire: Activé(e)
    Démarrage: Activé(e)
    Système de fichiers: Activé(e)
    Archives: Activé(e)
    Rootkits: Activé(e)
    Examen approfondi Rootkits: Activé(e)
    Heuristique: Activé(e)
    PUP: Activé(e)
    PUM: Activé(e)

    Processus: 0
    (Aucun élément malicieux détecté)

    Modules: 0
    (Aucun élément malicieux détecté)

    Clés du Registre: 7
    PUP.Optional.ConduitTB.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{30F9B915-B755-4826-820B-08FBA6BD249D}, Mis en quarantaine, [41581c9e3555d066e9753f30ff04f20e],
    PUP.Optional.ConduitTB.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{30F9B915-B755-4826-820B-08FBA6BD249D}, Mis en quarantaine, [41581c9e3555d066e9753f30ff04f20e],
    PUP.Optional.RockTurner.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Rock Turner, Mis en quarantaine, [c6d3c7f3dbaf0d2941d3649e1ee653ad],
    Trojan.FakeAlert, HKU\S-1-5-18\SOFTWARE\mdnkso81qq2, Mis en quarantaine, [72272199d4b6ba7c9a6098cd19eb40c0],
    Malware.Trace, HKU\S-1-5-18\SOFTWARE\ndo8thb2ikwe, Mis en quarantaine, [722713a7c0ca2d090322353318ec8e72],
    PUP.Optional.ConduitTB.Gen, HKU\S-1-5-18\TOOLBAR\REGISTEREDSOURCES, Mis en quarantaine, [fd9ce3d7d0ba280ec0dfcfbbd431a759],
    PUP.Optional.SmartBar.A, HKU\S-1-5-21-436374069-2147049855-1417001333-1003\SOFTWARE\SMARTBAR, Mis en quarantaine, [7d1cfac0b7d3e6509bae3c4f8283d32d],

    Valeurs du Registre: 2
    PUP.Optional.ConduitTB.Gen, HKU\S-1-5-18\TOOLBAR\REGISTEREDSOURCES|CT2567681, 0, Mis en quarantaine, [fd9ce3d7d0ba280ec0dfcfbbd431a759]
    PUP.Optional.SmartBar.A, HKU\S-1-5-21-436374069-2147049855-1417001333-1003\SOFTWARE\SMARTBAR|GlobalUserId, 97E6205E-626A-402C-9585-A87A07DFC4EA, Mis en quarantaine, [7d1cfac0b7d3e6509bae3c4f8283d32d]

    Données du Registre: 0
    (Aucun élément malicieux détecté)

    Dossiers: 4
    PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
    PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
    PUP.Optional.VuzeRemoteTB.A, C:\Documents and Settings\NetworkService\Local Settings\Application Data\Vuze_Remote, Mis en quarantaine, [54454b6fa5e55fd7874ac70fc2417e82],
    PUP.Optional.VuzeRemoteTB.A, C:\Documents and Settings\NetworkService\Local Settings\Application Data\Vuze_Remote\Logs, Mis en quarantaine, [54454b6fa5e55fd7874ac70fc2417e82],

    Fichiers: 35
    PUP.Optiona.ConduitTB.Gen, C:\Documents and Settings\LocalService\Local Settings\Application Data\Messenger_Plus_Live_France\tbMes0.dll, Mis en quarantaine, [4a4fa416d4b601358c32691312f48977],
    PUP.Optiona.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\Conduit\CT2567681\Messenger_Plus_Live_FranceAutoUpdaterHelper.exe, Mis en quarantaine, [d6c35a603159dc5ad7e72b5151b5f808],
    PUP.Optiona.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\ConduitEngine.dll, Mis en quarantaine, [eaaf26943159ad89bc02215b08feae52],
    PUP.Optiona.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\MessengerPlusLive_France_TB\tbMes2.dll, Mis en quarantaine, [e3b67248503abd79e4dad2aacb3b7b85],
    PUP.Optiona.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\Messenger_Plus_Live_France\tbMes0.dll, Mis en quarantaine, [dfba98226e1ce35328965923d531ac54],
    PUP.Optiona.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\Vuze_Remote\ldrtbVuze.dll, Mis en quarantaine, [2079e0dacfbb6ec80eb06d0fd0367987],
    PUP.Optiona.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\Vuze_Remote\tbVuze.dll, Mis en quarantaine, [693029917a1046f04d712755c34357a9],
    PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\1.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
    PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\a.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
    PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\b.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
    PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\c.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
    PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\d.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
    PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\e.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
    PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\f.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
    PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\g.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
    PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\h.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
    PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\i.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
    PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\J.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
    PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\k.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
    PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\l.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
    PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\m.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
    PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\n.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
    PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\o.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
    PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\p.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
    PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\q.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
    PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\r.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
    PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\s.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
    PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\t.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
    PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\u.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
    PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\v.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
    PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\w.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
    PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\x.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
    PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\y.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
    PUP.Optional.PriceGong.A, C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\z.xml, Mis en quarantaine, [9dfc8634305a7db9fd32c0fb21e25da3],
    PUP.Optional.VuzeRemoteTB.A, C:\Documents and Settings\NetworkService\Local Settings\Application Data\Vuze_Remote\toolbar.cfg, Mis en quarantaine, [54454b6fa5e55fd7874ac70fc2417e82],

    Secteurs physiques: 0
    (Aucun élément malicieux détecté)

    (end)
    0
  10. jalilouz
     
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan, 15/06/2015 00:19:42, SYSTEM, JULIE-QZFCRDUV2, Manual, Départ: 14/06/2015 13:15:57, Durée: 10 hr 48 min 37 sec, Examen "Menaces", Terminé, Détection de malveillants 2, Détection de non-malveillants de 46,
    Protection, 15/06/2015 00:20:08, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Stopping,
    Protection, 15/06/2015 00:20:08, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Stopped,
    Protection, 15/06/2015 00:20:09, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Starting,
    Protection, 15/06/2015 00:21:13, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Started,
    Protection, 15/06/2015 06:30:56, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Starting,
    Protection, 15/06/2015 06:30:56, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Started,
    Protection, 15/06/2015 06:30:56, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Starting,
    Protection, 15/06/2015 06:31:59, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Started,
    Protection, 15/06/2015 06:38:58, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Stopping,
    Protection, 15/06/2015 06:38:59, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Stopped,
    Protection, 15/06/2015 06:38:59, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Stopping,
    Protection, 15/06/2015 06:39:01, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Stopped,
    Update, 15/06/2015 06:40:07, SYSTEM, JULIE-QZFCRDUV2, Manual, Rootkit Database, 2015.2.25.1, 2015.6.2.1,
    Update, 15/06/2015 06:40:09, SYSTEM, JULIE-QZFCRDUV2, Manual, Remediation Database, 2015.3.9.1, 2015.5.13.1,
    Update, 15/06/2015 06:40:09, SYSTEM, JULIE-QZFCRDUV2, Manual, IP Database, 0.0.0.0, 2015.6.12.1,
    Update, 15/06/2015 06:40:09, SYSTEM, JULIE-QZFCRDUV2, Manual, Domain Database, 0.0.0.0, 2015.6.12.1,
    Protection, 15/06/2015 06:40:10, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Starting,
    Protection, 15/06/2015 06:40:11, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Started,
    Protection, 15/06/2015 06:40:11, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Starting,
    Update, 15/06/2015 06:40:33, SYSTEM, JULIE-QZFCRDUV2, Manual, Malware Database, 2015.3.9.5, 2015.4.5.2,
    Protection, 15/06/2015 06:40:34, SYSTEM, JULIE-QZFCRDUV2, Protection, Refresh, Starting,
    Protection, 15/06/2015 06:41:14, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Started,
    Protection, 15/06/2015 06:41:14, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Stopping,
    Protection, 15/06/2015 06:41:15, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Stopped,
    Protection, 15/06/2015 06:42:10, SYSTEM, JULIE-QZFCRDUV2, Protection, Refresh, Success,
    Protection, 15/06/2015 06:42:12, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Starting,
    Protection, 15/06/2015 06:43:18, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Started,
    Protection, 15/06/2015 06:43:18, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Stopping,
    Protection, 15/06/2015 06:43:18, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Stopped,
    Protection, 15/06/2015 06:43:18, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Stopping,
    Protection, 15/06/2015 06:43:20, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Stopped,
    Update, 15/06/2015 06:45:13, SYSTEM, JULIE-QZFCRDUV2, Manual, Remediation Database, 2015.3.9.1, 2015.5.13.1,
    Update, 15/06/2015 06:45:13, SYSTEM, JULIE-QZFCRDUV2, Manual, Rootkit Database, 2015.2.25.1, 2015.6.2.1,
    Update, 15/06/2015 06:45:13, SYSTEM, JULIE-QZFCRDUV2, Manual, Domain Database, 0.0.0.0, 2015.6.12.1,
    Update, 15/06/2015 06:45:14, SYSTEM, JULIE-QZFCRDUV2, Manual, IP Database, 0.0.0.0, 2015.6.12.1,
    Protection, 15/06/2015 06:45:15, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Starting,
    Protection, 15/06/2015 06:45:15, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Started,
    Protection, 15/06/2015 06:45:15, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Starting,
    Update, 15/06/2015 06:45:37, SYSTEM, JULIE-QZFCRDUV2, Manual, Malware Database, 2015.3.9.5, 2015.4.5.2,
    Protection, 15/06/2015 06:45:38, SYSTEM, JULIE-QZFCRDUV2, Protection, Refresh, Starting,
    Protection, 15/06/2015 06:46:15, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Started,
    Protection, 15/06/2015 06:46:15, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Stopping,
    Protection, 15/06/2015 06:46:15, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Stopped,
    Protection, 15/06/2015 06:46:57, SYSTEM, JULIE-QZFCRDUV2, Protection, Refresh, Success,
    Protection, 15/06/2015 06:46:57, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Starting,
    Protection, 15/06/2015 06:47:58, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Started,
    Protection, 15/06/2015 19:01:31, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Starting,
    Protection, 15/06/2015 19:01:32, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Started,
    Protection, 15/06/2015 19:01:32, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Starting,
    Protection, 15/06/2015 19:02:31, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Started,
    Protection, 15/06/2015 19:12:24, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Starting,
    Protection, 15/06/2015 19:12:25, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Started,
    Protection, 15/06/2015 19:12:25, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Starting,
    Protection, 15/06/2015 19:13:38, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Started,
    Protection, 15/06/2015 19:13:40, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Stopping,
    Protection, 15/06/2015 19:13:40, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Stopped,
    Protection, 15/06/2015 19:13:41, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Stopping,
    Protection, 15/06/2015 19:13:43, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Stopped,
    Protection, 15/06/2015 19:15:10, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Starting,
    Protection, 15/06/2015 19:15:10, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Started,
    Protection, 15/06/2015 19:15:10, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Starting,
    Protection, 15/06/2015 19:16:15, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Started,
    Update, 15/06/2015 19:19:12, SYSTEM, JULIE-QZFCRDUV2, Manual, Remediation Database, 2015.3.9.1, 2015.6.15.1,
    Update, 15/06/2015 19:19:13, SYSTEM, JULIE-QZFCRDUV2, Manual, Domain Database, 0.0.0.0, 2015.6.12.1,
    Update, 15/06/2015 19:19:13, SYSTEM, JULIE-QZFCRDUV2, Manual, Rootkit Database, 2015.2.25.1, 2015.6.15.1,
    Update, 15/06/2015 19:19:13, SYSTEM, JULIE-QZFCRDUV2, Manual, IP Database, 0.0.0.0, 2015.6.12.1,
    Protection, 15/06/2015 19:19:51, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Starting,
    Protection, 15/06/2015 19:19:51, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Started,
    Protection, 15/06/2015 19:19:52, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Starting,
    Update, 15/06/2015 19:20:25, SYSTEM, JULIE-QZFCRDUV2, Manual, Malware Database, 2015.3.9.5, 2015.4.5.2,
    Protection, 15/06/2015 19:20:34, SYSTEM, JULIE-QZFCRDUV2, Protection, Refresh, Starting,
    Protection, 15/06/2015 19:21:09, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Started,
    Protection, 15/06/2015 19:21:09, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Stopping,
    Protection, 15/06/2015 19:21:09, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Stopped,
    Protection, 15/06/2015 19:21:58, SYSTEM, JULIE-QZFCRDUV2, Protection, Refresh, Success,
    Protection, 15/06/2015 19:21:58, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Starting,

    (end)
    0
  11. Fish66 Messages postés 18337 Statut Contributeur sécurité 1 318
     
    Bonjour,
    Tu n'as pas effectué la procédure du fix de FRST demandé ici en en 1/
    https://forums.commentcamarche.net/forum/affich-32103391-tr-crypt-xpack-gen3#7
    Refais la procédure puis poste le rapport fixlog.txt (sur le bureau)

    @+
    0
    1. jalilouz
       
      Fix result of Farbar Recovery Scan Tool (x86) Version: 13-06-2015
      Ran by julie at 2015-06-20 20:09:49 Run:2
      Running from C:\Documents and Settings\julie\Bureau
      Loaded Profiles: julie (Available Profiles: julie)
      Boot Mode: Normal

      ==============================================

      fixlist content:

      start
      CloseProcesses:
      CreateRestorePoint:
      Task: C:\WINDOWS\Tasks\Go for FilesUpdate.job => C:\Program Files\GoforFiles\GFFUpdater.exehttp:/www.goforfiles.com <==== ATTENTION
      AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:4F636E25
      HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/... [Pays - 54.83.21.168]
      SearchScopes: HKLM -> DefaultScope {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_tele_14_23_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtB0Fzzzy0B0BtBzyyEyEtCzztN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzzyByC0A0A0DtDtG0Azy0DtCtGtBtCtC0BtGyDzztDyCtGtBtBtA0FtC0ByDyCzzzztD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtA0CtDtBzzzytGtDtAzyyCtGtCtAyBtDtGtC0BtDzytGtByEtD0AyB0FtAyB0A0FtC0A2Q&cr=1035688138&ir= [Pays - 54.83.21.168]
      SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_tele_14_23_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtB0Fzzzy0B0BtBzyyEyEtCzztN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzzyByC0A0A0DtDtG0Azy0DtCtGtBtCtC0BtGyDzztDyCtGtBtBtA0FtC0ByDyCzzzztD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtA0CtDtBzzzytGtDtAzyyCtGtCtAyBtDtGtC0BtDzytGtByEtD0AyB0FtAyB0A0FtC0A2Q&cr=1035688138&ir= [Pays - 54.83.21.168]
      SearchScopes: HKU\S-1-5-21-436374069-2147049855-1417001333-1003 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.yd.delta-search.com/?q={searchTerms}&affID=119556&tt=030213_yd&babsrc=SP_ss&mntrId=d80b441800000000000000112f89bb29 [Pays - ]
      SearchScopes: HKU\S-1-5-21-436374069-2147049855-1417001333-1003 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_tele_14_23_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtB0Fzzzy0B0BtBzyyEyEtCzztN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzzyByC0A0A0DtDtG0Azy0DtCtGtBtCtC0BtGyDzztDyCtGtBtBtA0FtC0ByDyCzzzztD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtA0CtDtBzzzytGtDtAzyyCtGtCtAyBtDtGtC0BtDzytGtByEtD0AyB0FtAyB0A0FtC0A2Q&cr=1035688138&ir= [Pays - 54.83.21.168]
      SearchScopes: HKU\S-1-5-21-436374069-2147049855-1417001333-1003 -> {92DFD6BF-EFD4-48FC-9E0C-2402F2AB7956} URL = http://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=d80b441800000000000000112f89bb29&r=234 [Pays ES - 46.28.209.17]
      HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/... [Pays - 54.83.21.168]
      SearchScopes: HKLM -> DefaultScope {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_tele_14_23_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtB0Fzzzy0B0BtBzyyEyEtCzztN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzzyByC0A0A0DtDtG0Azy0DtCtGtBtCtC0BtGyDzztDyCtGtBtBtA0FtC0ByDyCzzzztD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtA0CtDtBzzzytGtDtAzyyCtGtCtAyBtDtGtC0BtDzytGtByEtD0AyB0FtAyB0A0FtC0A2Q&cr=1035688138&ir= [Pays - 54.83.21.168]
      SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_tele_14_23_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtB0Fzzzy0B0BtBzyyEyEtCzztN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzzyByC0A0A0DtDtG0Azy0DtCtGtBtCtC0BtGyDzztDyCtGtBtBtA0FtC0ByDyCzzzztD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtA0CtDtBzzzytGtDtAzyyCtGtCtAyBtDtGtC0BtDzytGtByEtD0AyB0FtAyB0A0FtC0A2Q&cr=1035688138&ir= [Pays - 54.83.21.168]
      SearchScopes: HKU\S-1-5-21-436374069-2147049855-1417001333-1003 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.yd.delta-search.com/?q={searchTerms}&affID=119556&tt=030213_yd&babsrc=SP_ss&mntrId=d80b441800000000000000112f89bb29 [Pays - ]
      SearchScopes: HKU\S-1-5-21-436374069-2147049855-1417001333-1003 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_tele_14_23_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtB0Fzzzy0B0BtBzyyEyEtCzztN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzzyByC0A0A0DtDtG0Azy0DtCtGtBtCtC0BtGyDzztDyCtGtBtBtA0FtC0ByDyCzzzztD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtA0CtDtBzzzytGtDtAzyyCtGtCtAyBtDtGtC0BtDzytGtByEtD0AyB0FtAyB0A0FtC0A2Q&cr=1035688138&ir= [Pays - 54.83.21.168]
      SearchScopes: HKU\S-1-5-21-436374069-2147049855-1417001333-1003 -> {92DFD6BF-EFD4-48FC-9E0C-2402F2AB7956} URL = http://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=d80b441800000000000000112f89bb29&r=234 [Pays ES - 46.28.209.17]
      SearchScopes: HKU\S-1-5-21-436374069-2147049855-1417001333-1003 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091 [Pays NL - 195.78.120.88]
      FF Extension: New Tab - C:\Documents and Settings\julie\Application Data\Mozilla\Firefox\Profiles\jh1455ac.default-1385494682671\Extensions\{01145754-47b0-4c4e-8e9d-79a40f737d10}.xpi [2014-11-29]
      FF Extension: Search Tool for Mozilla Firefox - C:\Documents and Settings\julie\Application Data\Mozilla\Firefox\Profiles\jh1455ac.default-1385494682671\Extensions\{74904424-ec46-4d61-bd52-8b528a96f6d1}.xpi [2014-11-25]
      S4 hpt3xx; No ImagePath
      S4 IntelIde; No ImagePath
      2015-06-04 21:06 - 2015-06-04 21:06 - 06420480 _____ C:\Program Files\GUT3F.tmp
      2015-06-04 21:06 - 2015-06-04 21:06 - 00000000 ____D C:\Program Files\GUM3E.tmp
      2015-06-04 16:05 - 2015-06-04 21:06 - 00000000 ____D C:\Program Files\GUM10.tmp
      2015-06-04 16:05 - 2015-06-04 16:05 - 06420480 _____ C:\Program Files\GUT11.tmp
      2015-06-04 16:05 - 2015-06-04 16:05 - 6420480 _____ () C:\Program Files\GUT11.tmp
      2015-06-12 19:05 - 2015-06-12 19:05 - 6420480 _____ () C:\Program Files\GUT2.tmp
      2015-06-04 21:06 - 2015-06-04 21:06 - 6420480 _____ () C:\Program Files\GUT3F.tmp
      2013-11-22 23:00 - 2013-11-22 23:05 - 0001374 _____ () C:\Documents and Settings\julie\Application Data\Bubble Dock.boostrap.log
      2013-11-22 23:00 - 2013-11-24 19:22 - 0018070 _____ () C:\Documents and Settings\julie\Application Data\Bubble Dock.installation.log
      2010-11-09 19:42 - 2010-11-10 21:02 - 0002672 _____ () C:\Documents and Settings\julie\Local Settings\Application Data\AEE80575-7210-41C9-A903-34A875D2B2AB.txt
      2007-01-27 18:04 - 2014-10-01 09:39 - 0144384 _____ () C:\Documents and Settings\julie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      2011-05-24 22:50 - 2011-05-24 22:50 - 0000000 ___SH () C:\Documents and Settings\julie\Local Settings\Application Data\elx.exe
      2011-05-24 22:50 - 2011-05-24 22:50 - 0000000 ___SH () C:\Documents and Settings\julie\Local Settings\Application Data\hyw.exe
      2011-05-24 22:50 - 2011-05-24 22:50 - 0000000 ___SH () C:\Documents and Settings\julie\Local Settings\Application Data\jhq.exe
      2011-05-24 22:50 - 2011-05-25 11:07 - 0015704 ___SH () C:\Documents and Settings\julie\Local Settings\Application Data\x5gms0uvt28gf524kf3000vvvhx51pxmcy54c02m0cf8ols
      2011-05-24 22:50 - 2011-05-24 22:50 - 0000000 ___SH () C:\Documents and Settings\julie\Local Settings\Application Data\yxk.exe

      EmptyTemp:
      end


      Processes closed successfully.
      Restore point was successfully created.
      C:\WINDOWS\Tasks\Go for FilesUpdate.job not found.
      "C:\Documents and Settings\All Users\Application Data\TEMP" => ":4F636E25" ADS not found.
      HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
      HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
      HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B} => key not found.
      HKCR\CLSID\{31090377-0740-419E-BEFC-A56E50500D5B} => key not found.
      HKU\S-1-5-21-436374069-2147049855-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => key not found.
      HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => key not found.
      HKU\S-1-5-21-436374069-2147049855-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B} => key not found.
      HKCR\CLSID\{31090377-0740-419E-BEFC-A56E50500D5B} => key not found.
      HKU\S-1-5-21-436374069-2147049855-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{92DFD6BF-EFD4-48FC-9E0C-2402F2AB7956} => key not found.
      HKCR\CLSID\{92DFD6BF-EFD4-48FC-9E0C-2402F2AB7956} => key not found.
      HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
      HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
      HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B} => key not found.
      HKCR\CLSID\{31090377-0740-419E-BEFC-A56E50500D5B} => key not found.
      HKU\S-1-5-21-436374069-2147049855-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => key not found.
      HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => key not found.
      HKU\S-1-5-21-436374069-2147049855-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B} => key not found.
      HKCR\CLSID\{31090377-0740-419E-BEFC-A56E50500D5B} => key not found.
      HKU\S-1-5-21-436374069-2147049855-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{92DFD6BF-EFD4-48FC-9E0C-2402F2AB7956} => key not found.
      HKCR\CLSID\{92DFD6BF-EFD4-48FC-9E0C-2402F2AB7956} => key not found.
      HKU\S-1-5-21-436374069-2147049855-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => key not found.
      HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => key not found.
      C:\Documents and Settings\julie\Application Data\Mozilla\Firefox\Profiles\jh1455ac.default-1385494682671\Extensions\{01145754-47b0-4c4e-8e9d-79a40f737d10}.xpi => not found.
      C:\Documents and Settings\julie\Application Data\Mozilla\Firefox\Profiles\jh1455ac.default-1385494682671\Extensions\{74904424-ec46-4d61-bd52-8b528a96f6d1}.xpi => not found.
      hpt3xx => Service not found.
      IntelIde => Service not found.
      "C:\Program Files\GUT3F.tmp" => File/Folder not found.
      "C:\Program Files\GUM3E.tmp" => File/Folder not found.
      "C:\Program Files\GUM10.tmp" => File/Folder not found.
      "C:\Program Files\GUT11.tmp" => File/Folder not found.
      "C:\Program Files\GUT11.tmp" => File/Folder not found.
      "C:\Program Files\GUT2.tmp" => File/Folder not found.
      "C:\Program Files\GUT3F.tmp" => File/Folder not found.
      "C:\Documents and Settings\julie\Application Data\Bubble Dock.boostrap.log" => File/Folder not found.
      "C:\Documents and Settings\julie\Application Data\Bubble Dock.installation.log" => File/Folder not found.
      "C:\Documents and Settings\julie\Local Settings\Application Data\AEE80575-7210-41C9-A903-34A875D2B2AB.txt" => File/Folder not found.
      "C:\Documents and Settings\julie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini" => File/Folder not found.
      "C:\Documents and Settings\julie\Local Settings\Application Data\elx.exe" => File/Folder not found.
      "C:\Documents and Settings\julie\Local Settings\Application Data\hyw.exe" => File/Folder not found.
      "C:\Documents and Settings\julie\Local Settings\Application Data\jhq.exe" => File/Folder not found.
      "C:\Documents and Settings\julie\Local Settings\Application Data\x5gms0uvt28gf524kf3000vvvhx51pxmcy54c02m0cf8ols" => File/Folder not found.
      "C:\Documents and Settings\julie\Local Settings\Application Data\yxk.exe" => File/Folder not found.
      EmptyTemp: => 48.1 MB temporary data Removed.


      The system needed a reboot.

      End of Fixlog 20:10:45

      désolé pr le retard
      0
  12. Fish66 Messages postés 18337 Statut Contributeur sécurité 1 318
     
    Bonjour,
    1/
    Relance Malwarebytes puis poste le rapport stp

    2/
    Relance Avira pour vérifier s'il détecte encore des infections

    @+
    0
  13. jalilouz
     
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Date de l'examen: 21/06/2015
    Heure de l'examen: 20:54:02
    Fichier journal: m1.txt
    Administrateur: Oui

    Version: 2.01.6.1022
    Base de données Malveillants: v2015.06.18.06
    Base de données Rootkits: v2015.06.15.01
    Licence: Gratuit
    Protection contre les malveillants: Désactivé(e)
    Protection contre les sites Web malveillants: Désactivé(e)
    Auto-protection: Désactivé(e)

    Système d'exploitation: Windows XP Service Pack 2
    Processeur: x86
    Système de fichiers: NTFS
    Utilisateur: julie

    Type d'examen: Examen "Menaces"
    Résultat: Terminé
    Objets analysés: 331497
    Temps écoulé: 1 h, 22 min, 17 sec

    Mémoire: Activé(e)
    Démarrage: Activé(e)
    Système de fichiers: Activé(e)
    Archives: Activé(e)
    Rootkits: Activé(e)
    Examen approfondi Rootkits: Activé(e)
    Heuristique: Activé(e)
    PUP: Activé(e)
    PUM: Activé(e)

    Processus: 0
    (Aucun élément malicieux détecté)

    Modules: 0
    (Aucun élément malicieux détecté)

    Clés du Registre: 0
    (Aucun élément malicieux détecté)

    Valeurs du Registre: 0
    (Aucun élément malicieux détecté)

    Données du Registre: 0
    (Aucun élément malicieux détecté)

    Dossiers: 20
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\CacheIcons, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\AddedAppDialog, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\DefualtImages, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\DetectedAppDialog, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\EngineFirstTimeDialog, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\SearchProtectorDialog, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\ToolbarFirstTimeDialog, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\images, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\ToolbarUntrustedAppsApprovalDialog, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\UntrustedAddedAppDialog, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\UntrustedAppApprovalDialog, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\UntrustedAppPendingDialog, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\ExternalComponent, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Logs, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\MyStuffApps, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Repository, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Repository\conduit_ConduitEngine, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Repository\conduit_ConduitEngine\dynamicDialogs, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],

    Fichiers: 58
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\EngineSettings.json, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\toolbar.cfg, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_MoveLeft_png.png, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_MoveRight_png.png, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Share_png.png, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\DialogsAPI.js, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\excanvas.js, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\generalDialogStyle.css, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\PIE.htc, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\settings.js, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\version.txt, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\AddedAppDialog\app-added.js, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\AddedAppDialog\main.html, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\DefualtImages\icon.png, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\DetectedAppDialog\app-2go.js, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\DetectedAppDialog\main.html, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\EngineFirstTimeDialog\EngineFirstTimeDialog.js, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\EngineFirstTimeDialog\main.html, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\EngineFirstTimeDialog\right-click.gif, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\SearchProtectorDialog\main.html, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\SearchProtectorDialog\SearchProtector.css, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\SearchProtectorDialog\SearchProtector.js, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\main.html, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.css, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.js, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\images\app-store-icon.png, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\images\arrow.png, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\images\divider.png, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\images\emailNotifier.gif, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\images\facebook.png, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\images\radio.GIF, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\images\Thumbs.db, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\images\truste_welcome.GIF, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\images\weather.GIF, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\ToolbarUntrustedAppsApprovalDialog\main.html, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\ToolbarUntrustedAppsApprovalDialog\ToolbarUntrustedAppsApprovalDialog.js, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\UntrustedAddedAppDialog\main.html, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\UntrustedAddedAppDialog\UT-app-dialog-added.js, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\UntrustedAppApprovalDialog\main.html, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\UntrustedAppApprovalDialog\UT-app-dialog-needs-your-approval.js, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\UntrustedAppPendingDialog\main.html, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Dialogs\UntrustedAppPendingDialog\UT-app-dialog-is-waiting.js, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\ExternalComponent\http___contextmenu_app_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=appContextMenu&locale=fr-fr.xml, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\ExternalComponent\http___contextmenu_app_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=appContextMenu2_0&locale=fr-fr.xml, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\ExternalComponent\http___contextmenu_engine_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=engineContextMenu&locale=fr-fr.xml, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\ExternalComponent\http___contextmenu_engine_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=engineContextMenu2_0&locale=fr-fr.xml, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine\Repository\conduit_ConduitEngine\dynamicDialogs\data.txt, Mis en quarantaine, [a08e87355c2edb5b4872d81a63a0ac54],

    Secteurs physiques: 0
    (Aucun élément malicieux détecté)

    (end)
    0
  14. jalilouz
     
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Protection, 21/06/2015 20:26:28, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Starting,
    Protection, 21/06/2015 20:26:29, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Started,
    Protection, 21/06/2015 20:26:38, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Starting,
    Protection, 21/06/2015 20:27:54, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Started,
    Protection, 21/06/2015 20:43:48, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Stopping,
    Protection, 21/06/2015 20:43:56, SYSTEM, JULIE-QZFCRDUV2, Protection, Malicious Website Protection, Stopped,
    Protection, 21/06/2015 20:43:56, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Stopping,
    Protection, 21/06/2015 20:48:16, SYSTEM, JULIE-QZFCRDUV2, Protection, Malware Protection, Stopped,
    Scan, 21/06/2015 20:53:47, SYSTEM, JULIE-QZFCRDUV2, Manual, Départ: 21/06/2015 20:51:41, Durée: 2 minutes 6 secondes, Examen "Menaces", Annulé, Détection de malveillants 0, Détection de non-malveillants de 0,
    Scan, 21/06/2015 22:29:14, SYSTEM, JULIE-QZFCRDUV2, Manual, Départ: 21/06/2015 20:54:02, Durée: 1 hr 22 min 17 sec, Examen "Menaces", Terminé, Détection de malveillants 0, Détection de non-malveillants de 78,

    (end)
    0
  15. jalilouz
     
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Date de l'examen: 21/06/2015
    Heure de l'examen: 20:51:41
    Fichier journal: m3.txt
    Administrateur: Oui

    Version: 2.01.6.1022
    Base de données Malveillants: v2015.06.18.06
    Base de données Rootkits: v2015.06.15.01
    Licence: Gratuit
    Protection contre les malveillants: Désactivé(e)
    Protection contre les sites Web malveillants: Désactivé(e)
    Auto-protection: Désactivé(e)

    Système d'exploitation: Windows XP Service Pack 2
    Processeur: x86
    Système de fichiers: NTFS
    Utilisateur: julie

    Type d'examen: Examen "Menaces"
    Résultat: Annulé
    Objets analysés: 0
    (Aucun élément malicieux détecté)
    Temps écoulé: 2 min, 6 sec

    Mémoire: Activé(e)
    Démarrage: Activé(e)
    Système de fichiers: Activé(e)
    Archives: Activé(e)
    Rootkits: Activé(e)
    Examen approfondi Rootkits: Activé(e)
    Heuristique: Activé(e)
    PUP: Activé(e)
    PUM: Activé(e)

    Processus: 0
    (Aucun élément malicieux détecté)

    Modules: 0
    (Aucun élément malicieux détecté)

    Clés du Registre: 0
    (Aucun élément malicieux détecté)

    Valeurs du Registre: 0
    (Aucun élément malicieux détecté)

    Données du Registre: 0
    (Aucun élément malicieux détecté)

    Dossiers: 0
    (Aucun élément malicieux détecté)

    Fichiers: 0
    (Aucun élément malicieux détecté)

    Secteurs physiques: 0
    (Aucun élément malicieux détecté)

    (end)
    0
  16. jalilouz
     
    je relance dc avira et je vous redis
    0
    1. Fish66 Messages postés 18337 Statut Contributeur sécurité 1 318
       
      Bonjour,
      D'accord, en attendant le rapport Avira..

      @+
      0