Infecté par GandCrab 5.1 Le sujet est résolu

Aide à la désinfection pour supprimer les virus, adwares, ransomwares, trojans.

Modérateurs : Mods Windows, Helper

Raromelie
Messages : 4
Inscription : 17 févr. 2019 12:00

Infecté par GandCrab 5.1

Message par Raromelie » 17 févr. 2019 12:05

Bonjour
Comme mentionné dans le titre, mon pc est infecté par ce virus ou ransomware plus précisément.J'ai déjà fait la desifection et je crois qu'il n'est plus présent mais mon problème maintenant c’est comment récupérer mes fichiers cryptés. Aidez moi svp car je désespérè un peu là.Je vous remercie d'avance




Avatar de l’utilisateur
Malekal_morte
Site Admin
Site Admin
Messages : 95074
Inscription : 10 sept. 2005 13:57
Contact :

Re: Infecté par GandCrab 5.1

Message par Malekal_morte » 17 févr. 2019 12:13

Salut,

Windows a été infecté par un ransomware / rançongiciel chiffreur de fichiers. Ces rançongiciels s'attrapent essentiellement par l'ouverture d'une pièce jointe malicieuse dans un e-mail ou par la visite d'une page internet piégée par des exploits WEB.

A l'heure actuelle, il n'y a pas vraiment de méthode pour récupérer les documents chiffrés. Si les données sont très importantes, les stocker temporairement à l'abri car peut-être qu'il y aura dans le futur une solution pour les récupérer.
Tente de récupérer les fichiers avec Shadow Explorer - versions précédentes
sinon il faudra attendre une solution donnée sur le page : Decrypt Tools pour les ransomwares

Il faut d'abord vérifier qu'aucune menace ne soit encore active.
Par précaution, pense aussi à changer tous tes mots de passe.

1°) FRST
Suis le tutoriel FRST. ( prends le temps de lire attentivement - tout y est bien expliqué ).

Télécharge et lance le scan FRST, 3 rapports FRST seront générés :
* FRST.txt
* Shortcut.txt
* Additionnal.txt

Envoie ces 3 rapports sur le site https://pjjoint.malekal.com/ et en retour donne les 3 liens pjjoint qui mènent aux rapports ici dans une nouvelle réponse afin que l'on puisse les consulter.
Première règle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas

Sécuriser son ordinateur (version courte)

Tutoriels Logiciels - Tutoriel Windows - Windows 10

Stop publicités - popups intempestives
supprimer-trojan.com : guide de suppression de malwares

Partagez malekal.com : n'hésitez pas à partager sur Facebook et GooglePlus les articles qui vous plaisent.

Raromelie
Messages : 4
Inscription : 17 févr. 2019 12:00

Re: Infecté par GandCrab 5.1

Message par Raromelie » 17 févr. 2019 12:18

Merci pour la rapidité de la réponse. Donc a l'heure actuelle il n’y a rien a faire.Je vais cependant faire c'est que vous avez mentionné ci dessus et posterais par la suite les résultats.merci

Edit: voici les liens
https://pjjoint.malekal.com/files.php?i ... 5l14z6j5i5
https://pjjoint.malekal.com/files.php?i ... x13e8p5q12
https://pjjoint.malekal.com/files.php?i ... 1z8n5w10k7

Avatar de l’utilisateur
Malekal_morte
Site Admin
Site Admin
Messages : 95074
Inscription : 10 sept. 2005 13:57
Contact :

Re: Infecté par GandCrab 5.1

Message par Malekal_morte » 17 févr. 2019 12:41

Windscribe et SoftEther VPN Client utiles ?

Tu as très probablement choppé cela après avoir téléchargé un crack.




Voici la correction à effectuer avec FRST. Tu peux t'aider de cette Voici la correction à effectuer avec FRST. Tu peux t'aider de cette #fix note explicative avec des captures d'écran.
Relance FRST puis sur ton clavier appuyer sur la touche CTRL + Y.
Le bloc-note va s'ouvrir, copie/colle ceci.

Code : Tout sélectionner

Start
CloseProcesses:
CreateRestorePoint:
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ () C:\Program Files\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ () C:\Program Files (x86)\DXXVAUL-DECRYPT.txt
2019-02-11 18:54 - 2019-02-11 18:54 - 006860752 _____ (NeoSoft Tools                                               ) C:\Users\Elie PC\AppData\Roaming\cbargat.exe
2019-02-11 18:54 - 2019-02-11 19:06 - 006861292 _____ () C:\Users\Elie PC\AppData\Roaming\cbargat.exe.E.dxxvaul
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ () C:\Users\Elie PC\AppData\Roaming\DXXVAUL-DECRYPT.txt
2019-02-11 18:54 - 2019-02-11 19:06 - 000124956 _____ () C:\Users\Elie PC\AppData\Roaming\lakric.exe.E.dxxvaul
2018-12-22 10:35 - 2019-02-17 11:43 - 000000201 _____ () C:\Users\Elie PC\AppData\Roaming\sp_data.sys
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ () C:\Users\Elie PC\AppData\Roaming\Microsoft\DXXVAUL-DECRYPT.txt
2019-02-11 19:53 - 2019-02-11 19:53 - 000000000 ____D C:\ProgramData\SecuritySuite
2019-02-11 19:50 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\eiawbb2hsa1
2019-02-11 19:50 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\ctagflcb2ti
2019-02-11 19:40 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\4yocag12la3
2019-02-11 19:40 - 2019-02-11 20:30 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\gdqskxcxwqh
2019-02-11 19:39 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\vk5523cjybb
2019-02-11 19:39 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\1wveizqpsph
2019-02-11 19:38 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\qfutd0mgb1r
2019-02-11 19:38 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\pmwxe23xzv2
2019-02-11 19:35 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\mty1jlatrnx
2019-02-11 19:35 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\ctlh1pu15dx
2019-02-11 19:34 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\uy4c3ptmwq5
2019-02-11 19:34 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\lxqpklivfl1
2019-02-11 19:26 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\l24ppenmaea
2019-02-11 19:26 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\kuyhm2bce3m
2019-02-11 19:26 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\fb5wf4dyj0s
2019-02-11 19:26 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\5fegbiy11pv
2019-02-11 19:26 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\4x32ktdxegb
2019-02-11 19:26 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\1tqhsrjudn3
2019-02-11 19:26 - 2019-02-11 19:26 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2019-02-11 19:25 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\ovrsk1jmh5b
2019-02-11 19:25 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\lmykgn4tm3u
2019-02-11 19:25 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\i2q4mgwqkxd
2019-02-11 19:25 - 2019-02-11 19:25 - 000000020 ___SH C:\Users\Elie PC\ntuser.ini
2019-02-11 19:20 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\rlsdp1sfkah
2019-02-11 19:20 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\omgzf1n5itw
2019-02-11 19:20 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\oljwz535qnv
2019-02-11 19:19 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\jtht0chnru3
2019-02-11 19:14 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\rdcjzf0gonr
2019-02-11 19:14 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\qy2blvtunc5
2019-02-11 19:14 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\grtyx1cvaee
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Public\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Public\Downloads\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Public\Documents\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Elie PC\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Elie PC\Downloads\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Elie PC\Documents\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Elie PC\AppData\Roaming\Microsoft\Windows\Start Menu\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Elie PC\AppData\Roaming\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Elie PC\AppData\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Default\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Default\Downloads\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Default\Documents\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Default\Desktop\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Default\AppData\Roaming\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Default\AppData\Local\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Default\AppData\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Default User\Downloads\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Default User\Documents\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Default User\Desktop\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Default User\AppData\Roaming\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Default User\AppData\Local\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Default User\AppData\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Administrator\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Administrator\Downloads\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Administrator\Documents\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Administrator\Desktop\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Administrator\AppData\Roaming\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Administrator\AppData\LocalLow\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Administrator\AppData\Local\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Administrator\AppData\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Program Files\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Program Files (x86)\DXXVAUL-DECRYPT.txt
2019-02-11 19:05 - 2019-02-11 19:05 - 000008946 _____ C:\Users\DXXVAUL-DECRYPT.txt
2019-02-11 19:05 - 2019-02-11 19:05 - 000008946 _____ C:\DXXVAUL-DECRYPT.txt
2019-02-11 19:04 - 2019-02-11 19:04 - 000000000 ____D C:\Program Files (x86)\PCCSoftware
2019-02-11 19:03 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\kclqcnndac4
2019-02-11 19:03 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\f0blmqsoao4
2019-02-11 19:03 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\bwlguixrltm
2019-02-11 19:03 - 2019-02-11 19:26 - 000000000 ____D C:\Users\Administrator
2019-02-11 19:03 - 2019-02-11 19:06 - 000000560 ___SH C:\Users\Administrator\ntuser.ini.dxxvaul
2019-02-11 19:03 - 2018-09-15 08:29 - 000001105 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-11 19:02 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\l1rwvoeyhlo
2019-02-11 19:02 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\jlkmsuufpgz
2019-02-11 18:55 - 2019-02-11 18:55 - 000000290 __RSH C:\Users\Elie PC\ntuser.pol
2019-02-11 18:54 - 2019-02-17 12:20 - 000002464 _____ C:\WINDOWS\System32\Tasks\Chameleon Folder-Elie PC
2019-02-11 18:54 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\ydt1fbih3xe
2019-02-11 18:54 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\qmmse2s3fo1
2019-02-11 18:54 - 2019-02-11 20:31 - 000000000 ____D C:\Program Files (x86)\SmartData
2019-02-11 18:54 - 2019-02-11 20:29 - 000000000 ____D C:\Users\Elie PC\AppData\Local\{01801827-6513-4a10-9443-a405dbafb4d3}
2019-02-11 18:54 - 2019-02-11 19:06 - 006861292 _____ C:\Users\Elie PC\AppData\Roaming\cbargat.exe.E.dxxvaul
2019-02-11 18:54 - 2019-02-11 19:06 - 000124956 _____ C:\Users\Elie PC\AppData\Roaming\lakric.exe.E.dxxvaul
2019-02-11 18:54 - 2019-02-11 19:06 - 000000000 ____D C:\Users\Elie PC\Documents\Chameleon files
2019-02-11 18:54 - 2019-02-11 18:54 - 006860752 _____ (NeoSoft Tools ) C:\Users\Elie PC\AppData\Roaming\cbargat.exe
2019-02-11 18:54 - 2019-02-11 18:54 - 001136176 _____ (Google Inc.) C:\Users\Elie PC\AppData\Local\ChromeSetup.exe
2019-02-11 18:53 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\vse1rvxjs3a
2019-02-11 18:53 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\cui4jw2dbt1
2019-02-11 18:53 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\btqto3t5oin
2019-02-11 18:53 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\30ch10jvwrc
2019-02-11 18:53 - 2019-02-11 20:29 - 000000000 ____D C:\Program Files (x86)\WoolooMooLoo
2019-02-11 18:53 - 2019-02-11 18:53 - 000000000 ____D C:\Users\Elie PC\AppData\Local\Macromedia
2019-02-11 18:51 - 2019-02-11 20:31 - 000000000 ___HD C:\Program Files (x86)\whittier
2019-02-11 18:51 - 2019-02-11 20:30 - 000000000 ____D C:\Program Files (x86)\Plasmodia
2019-02-11 18:51 - 2019-02-11 20:29 - 000000000 ___HD C:\Program Files (x86)\Romanticizing
2019-02-11 18:51 - 2019-02-11 20:29 - 000000000 ____D C:\Program Files (x86)\ruths
2019-02-11 18:51 - 2019-02-11 20:29 - 000000000 ____D C:\Program Files (x86)\londoners
2019-02-11 18:51 - 2019-02-11 19:09 - 000722944 _____ C:\Users\Elie PC\AppData\Local\sha.db
2019-02-11 18:51 - 2019-02-11 18:52 - 000000000 ____D C:\Program Files (x86)\Vitiate
2019-02-11 18:51 - 2019-02-11 18:51 - 000140800 _____ C:\Users\Elie PC\AppData\Local\installer.dat
2019-02-11 18:51 - 2019-02-11 18:51 - 000000012 _____ C:\WINDOWS\b86220058
2019-02-11 18:50 - 2019-02-11 19:26 - 000000000 ____D C:\ProgramData\boost_interprocess
2019-02-11 18:50 - 2019-02-11 18:50 - 000000000 ____D C:\ProgramData\{82F3A786-C669-C711-11DB-924B113CCB1A}
2019-02-11 18:50 - 2019-02-11 18:50 - 000000000 ____D C:\ProgramData\{2C9E1B14-7AFB-697C-8367-FFE58380A6B4}
2019-02-11 18:49 - 2019-02-11 18:49 - 000000000 ____D C:\Users\Elie PC\AppData\Local\AdvinstAnalytics
 EmptyTemp:
Hosts:
RemoveProxy:
Reboot:
End
Ferme le bloc-note, retourne sur FRST et clique sur le bouton "Corriger / Fix"
Un redémarrage sera peut-être nécessaire et automatique.
Un fichier texte apparaît, copie/colle le contenu ici dans un nouveau message.

Redémarre l'ordinateur.
(L'ordinateur peut redémarrer tout seul, si le rapport de correction ne s'ouvre pas, cherche un fichier fixlog.txt qui se trouve dans le même dossier que FRST)

2) réinitialiser les navigateurs:
==================================
Réinitialise tes navigateurs et/ou re-paramètre manuellement tes navigateurs WEB ( page de démarrage, moteur de recherche, etc ) mais aussi supprimer/désactiver les extensions inutiles/parasites.
Pour t'aider à effectuer ce ménage, clique ci-dessous sur le nom du navigateur WEB que tu utilises :
* Réinitialiser et réparer Mozilla Firefox
* Réinitialiser et réparer Google Chrome
Première règle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas

Sécuriser son ordinateur (version courte)

Tutoriels Logiciels - Tutoriel Windows - Windows 10

Stop publicités - popups intempestives
supprimer-trojan.com : guide de suppression de malwares

Partagez malekal.com : n'hésitez pas à partager sur Facebook et GooglePlus les articles qui vous plaisent.

Raromelie
Messages : 4
Inscription : 17 févr. 2019 12:00

Re: Infecté par GandCrab 5.1

Message par Raromelie » 17 févr. 2019 15:56

merci de ta reponse.Voici la copie de fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 16.02.2019 01
Ran by Elie PC (17-02-2019 15:48:58) Run:3
Running from C:\Users\Elie PC\Desktop
Loaded Profiles: Elie PC (Available Profiles: Elie PC & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ () C:\Program Files\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ () C:\Program Files (x86)\DXXVAUL-DECRYPT.txt
2019-02-11 18:54 - 2019-02-11 18:54 - 006860752 _____ (NeoSoft Tools ) C:\Users\Elie PC\AppData\Roaming\cbargat.exe
2019-02-11 18:54 - 2019-02-11 19:06 - 006861292 _____ () C:\Users\Elie PC\AppData\Roaming\cbargat.exe.E.dxxvaul
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ () C:\Users\Elie PC\AppData\Roaming\DXXVAUL-DECRYPT.txt
2019-02-11 18:54 - 2019-02-11 19:06 - 000124956 _____ () C:\Users\Elie PC\AppData\Roaming\lakric.exe.E.dxxvaul
2018-12-22 10:35 - 2019-02-17 11:43 - 000000201 _____ () C:\Users\Elie PC\AppData\Roaming\sp_data.sys
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ () C:\Users\Elie PC\AppData\Roaming\Microsoft\DXXVAUL-DECRYPT.txt
2019-02-11 19:53 - 2019-02-11 19:53 - 000000000 ____D C:\ProgramData\SecuritySuite
2019-02-11 19:50 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\eiawbb2hsa1
2019-02-11 19:50 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\ctagflcb2ti
2019-02-11 19:40 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\4yocag12la3
2019-02-11 19:40 - 2019-02-11 20:30 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\gdqskxcxwqh
2019-02-11 19:39 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\vk5523cjybb
2019-02-11 19:39 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\1wveizqpsph
2019-02-11 19:38 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\qfutd0mgb1r
2019-02-11 19:38 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\pmwxe23xzv2
2019-02-11 19:35 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\mty1jlatrnx
2019-02-11 19:35 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\ctlh1pu15dx
2019-02-11 19:34 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\uy4c3ptmwq5
2019-02-11 19:34 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\lxqpklivfl1
2019-02-11 19:26 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\l24ppenmaea
2019-02-11 19:26 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\kuyhm2bce3m
2019-02-11 19:26 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\fb5wf4dyj0s
2019-02-11 19:26 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\5fegbiy11pv
2019-02-11 19:26 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\4x32ktdxegb
2019-02-11 19:26 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\1tqhsrjudn3
2019-02-11 19:26 - 2019-02-11 19:26 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2019-02-11 19:25 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\ovrsk1jmh5b
2019-02-11 19:25 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\lmykgn4tm3u
2019-02-11 19:25 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\i2q4mgwqkxd
2019-02-11 19:25 - 2019-02-11 19:25 - 000000020 ___SH C:\Users\Elie PC\ntuser.ini
2019-02-11 19:20 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\rlsdp1sfkah
2019-02-11 19:20 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\omgzf1n5itw
2019-02-11 19:20 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\oljwz535qnv
2019-02-11 19:19 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\jtht0chnru3
2019-02-11 19:14 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\rdcjzf0gonr
2019-02-11 19:14 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\qy2blvtunc5
2019-02-11 19:14 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\grtyx1cvaee
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Public\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Public\Downloads\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Public\Documents\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Elie PC\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Elie PC\Downloads\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Elie PC\Documents\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Elie PC\AppData\Roaming\Microsoft\Windows\Start Menu\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Elie PC\AppData\Roaming\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Elie PC\AppData\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Default\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Default\Downloads\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Default\Documents\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Default\Desktop\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Default\AppData\Roaming\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Default\AppData\Local\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Default\AppData\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Default User\Downloads\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Default User\Documents\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Default User\Desktop\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Default User\AppData\Roaming\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Default User\AppData\Local\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Default User\AppData\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Administrator\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Administrator\Downloads\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Administrator\Documents\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Administrator\Desktop\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Administrator\AppData\Roaming\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Administrator\AppData\LocalLow\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Administrator\AppData\Local\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Users\Administrator\AppData\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Program Files\DXXVAUL-DECRYPT.txt
2019-02-11 19:06 - 2019-02-11 19:06 - 000008946 _____ C:\Program Files (x86)\DXXVAUL-DECRYPT.txt
2019-02-11 19:05 - 2019-02-11 19:05 - 000008946 _____ C:\Users\DXXVAUL-DECRYPT.txt
2019-02-11 19:05 - 2019-02-11 19:05 - 000008946 _____ C:\DXXVAUL-DECRYPT.txt
2019-02-11 19:04 - 2019-02-11 19:04 - 000000000 ____D C:\Program Files (x86)\PCCSoftware
2019-02-11 19:03 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\kclqcnndac4
2019-02-11 19:03 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\f0blmqsoao4
2019-02-11 19:03 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\bwlguixrltm
2019-02-11 19:03 - 2019-02-11 19:26 - 000000000 ____D C:\Users\Administrator
2019-02-11 19:03 - 2019-02-11 19:06 - 000000560 ___SH C:\Users\Administrator\ntuser.ini.dxxvaul
2019-02-11 19:03 - 2018-09-15 08:29 - 000001105 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-11 19:02 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\l1rwvoeyhlo
2019-02-11 19:02 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\jlkmsuufpgz
2019-02-11 18:55 - 2019-02-11 18:55 - 000000290 __RSH C:\Users\Elie PC\ntuser.pol
2019-02-11 18:54 - 2019-02-17 12:20 - 000002464 _____ C:\WINDOWS\System32\Tasks\Chameleon Folder-Elie PC
2019-02-11 18:54 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\ydt1fbih3xe
2019-02-11 18:54 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\qmmse2s3fo1
2019-02-11 18:54 - 2019-02-11 20:31 - 000000000 ____D C:\Program Files (x86)\SmartData
2019-02-11 18:54 - 2019-02-11 20:29 - 000000000 ____D C:\Users\Elie PC\AppData\Local\{01801827-6513-4a10-9443-a405dbafb4d3}
2019-02-11 18:54 - 2019-02-11 19:06 - 006861292 _____ C:\Users\Elie PC\AppData\Roaming\cbargat.exe.E.dxxvaul
2019-02-11 18:54 - 2019-02-11 19:06 - 000124956 _____ C:\Users\Elie PC\AppData\Roaming\lakric.exe.E.dxxvaul
2019-02-11 18:54 - 2019-02-11 19:06 - 000000000 ____D C:\Users\Elie PC\Documents\Chameleon files
2019-02-11 18:54 - 2019-02-11 18:54 - 006860752 _____ (NeoSoft Tools ) C:\Users\Elie PC\AppData\Roaming\cbargat.exe
2019-02-11 18:54 - 2019-02-11 18:54 - 001136176 _____ (Google Inc.) C:\Users\Elie PC\AppData\Local\ChromeSetup.exe
2019-02-11 18:53 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\vse1rvxjs3a
2019-02-11 18:53 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\cui4jw2dbt1
2019-02-11 18:53 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\btqto3t5oin
2019-02-11 18:53 - 2019-02-11 20:31 - 000000000 ____D C:\Users\Elie PC\AppData\Roaming\30ch10jvwrc
2019-02-11 18:53 - 2019-02-11 20:29 - 000000000 ____D C:\Program Files (x86)\WoolooMooLoo
2019-02-11 18:53 - 2019-02-11 18:53 - 000000000 ____D C:\Users\Elie PC\AppData\Local\Macromedia
2019-02-11 18:51 - 2019-02-11 20:31 - 000000000 ___HD C:\Program Files (x86)\whittier
2019-02-11 18:51 - 2019-02-11 20:30 - 000000000 ____D C:\Program Files (x86)\Plasmodia
2019-02-11 18:51 - 2019-02-11 20:29 - 000000000 ___HD C:\Program Files (x86)\Romanticizing
2019-02-11 18:51 - 2019-02-11 20:29 - 000000000 ____D C:\Program Files (x86)\ruths
2019-02-11 18:51 - 2019-02-11 20:29 - 000000000 ____D C:\Program Files (x86)\londoners
2019-02-11 18:51 - 2019-02-11 19:09 - 000722944 _____ C:\Users\Elie PC\AppData\Local\sha.db
2019-02-11 18:51 - 2019-02-11 18:52 - 000000000 ____D C:\Program Files (x86)\Vitiate
2019-02-11 18:51 - 2019-02-11 18:51 - 000140800 _____ C:\Users\Elie PC\AppData\Local\installer.dat
2019-02-11 18:51 - 2019-02-11 18:51 - 000000012 _____ C:\WINDOWS\b86220058
2019-02-11 18:50 - 2019-02-11 19:26 - 000000000 ____D C:\ProgramData\boost_interprocess
2019-02-11 18:50 - 2019-02-11 18:50 - 000000000 ____D C:\ProgramData\{82F3A786-C669-C711-11DB-924B113CCB1A}
2019-02-11 18:50 - 2019-02-11 18:50 - 000000000 ____D C:\ProgramData\{2C9E1B14-7AFB-697C-8367-FFE58380A6B4}
2019-02-11 18:49 - 2019-02-11 18:49 - 000000000 ____D C:\Users\Elie PC\AppData\Local\AdvinstAnalytics
EmptyTemp:
Hosts:
RemoveProxy:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
"C:\Program Files\DXXVAUL-DECRYPT.txt" => not found
"C:\Program Files (x86)\DXXVAUL-DECRYPT.txt" => not found
"C:\Users\Elie PC\AppData\Roaming\cbargat.exe" => not found
"C:\Users\Elie PC\AppData\Roaming\cbargat.exe.E.dxxvaul" => not found
"C:\Users\Elie PC\AppData\Roaming\DXXVAUL-DECRYPT.txt" => not found
"C:\Users\Elie PC\AppData\Roaming\lakric.exe.E.dxxvaul" => not found
C:\Users\Elie PC\AppData\Roaming\sp_data.sys => moved successfully
"C:\Users\Elie PC\AppData\Roaming\Microsoft\DXXVAUL-DECRYPT.txt" => not found
"C:\ProgramData\SecuritySuite" => not found
"C:\Users\Elie PC\AppData\Roaming\eiawbb2hsa1" => not found
"C:\Users\Elie PC\AppData\Roaming\ctagflcb2ti" => not found
"C:\Users\Elie PC\AppData\Roaming\4yocag12la3" => not found
"C:\Users\Elie PC\AppData\Roaming\gdqskxcxwqh" => not found
"C:\Users\Elie PC\AppData\Roaming\vk5523cjybb" => not found
"C:\Users\Elie PC\AppData\Roaming\1wveizqpsph" => not found
"C:\Users\Elie PC\AppData\Roaming\qfutd0mgb1r" => not found
"C:\Users\Elie PC\AppData\Roaming\pmwxe23xzv2" => not found
"C:\Users\Elie PC\AppData\Roaming\mty1jlatrnx" => not found
"C:\Users\Elie PC\AppData\Roaming\ctlh1pu15dx" => not found
"C:\Users\Elie PC\AppData\Roaming\uy4c3ptmwq5" => not found
"C:\Users\Elie PC\AppData\Roaming\lxqpklivfl1" => not found
"C:\Users\Elie PC\AppData\Roaming\l24ppenmaea" => not found
"C:\Users\Elie PC\AppData\Roaming\kuyhm2bce3m" => not found
"C:\Users\Elie PC\AppData\Roaming\fb5wf4dyj0s" => not found
"C:\Users\Elie PC\AppData\Roaming\5fegbiy11pv" => not found
"C:\Users\Elie PC\AppData\Roaming\4x32ktdxegb" => not found
"C:\Users\Elie PC\AppData\Roaming\1tqhsrjudn3" => not found
"C:\Users\Administrator\ntuser.ini" => not found
"C:\Users\Elie PC\AppData\Roaming\ovrsk1jmh5b" => not found
"C:\Users\Elie PC\AppData\Roaming\lmykgn4tm3u" => not found
"C:\Users\Elie PC\AppData\Roaming\i2q4mgwqkxd" => not found
C:\Users\Elie PC\ntuser.ini => moved successfully
"C:\Users\Elie PC\AppData\Roaming\rlsdp1sfkah" => not found
"C:\Users\Elie PC\AppData\Roaming\omgzf1n5itw" => not found
"C:\Users\Elie PC\AppData\Roaming\oljwz535qnv" => not found
"C:\Users\Elie PC\AppData\Roaming\jtht0chnru3" => not found
"C:\Users\Elie PC\AppData\Roaming\rdcjzf0gonr" => not found
"C:\Users\Elie PC\AppData\Roaming\qy2blvtunc5" => not found
"C:\Users\Elie PC\AppData\Roaming\grtyx1cvaee" => not found
"C:\Users\Public\DXXVAUL-DECRYPT.txt" => not found
"C:\Users\Public\Downloads\DXXVAUL-DECRYPT.txt" => not found
"C:\Users\Public\Documents\DXXVAUL-DECRYPT.txt" => not found
"C:\Users\Elie PC\DXXVAUL-DECRYPT.txt" => not found
"C:\Users\Elie PC\Downloads\DXXVAUL-DECRYPT.txt" => not found
"C:\Users\Elie PC\Documents\DXXVAUL-DECRYPT.txt" => not found
"C:\Users\Elie PC\AppData\Roaming\Microsoft\Windows\Start Menu\DXXVAUL-DECRYPT.txt" => not found
"C:\Users\Elie PC\AppData\Roaming\DXXVAUL-DECRYPT.txt" => not found
"C:\Users\Elie PC\AppData\DXXVAUL-DECRYPT.txt" => not found
"C:\Users\Default\DXXVAUL-DECRYPT.txt" => not found
"C:\Users\Default\Downloads\DXXVAUL-DECRYPT.txt" => not found
"C:\Users\Default\Documents\DXXVAUL-DECRYPT.txt" => not found
"C:\Users\Default\Desktop\DXXVAUL-DECRYPT.txt" => not found
"C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\DXXVAUL-DECRYPT.txt" => not found
"C:\Users\Default\AppData\Roaming\DXXVAUL-DECRYPT.txt" => not found
"C:\Users\Default\AppData\Local\DXXVAUL-DECRYPT.txt" => not found
"C:\Users\Default\AppData\DXXVAUL-DECRYPT.txt" => not found
"C:\Users\Default User\Downloads\DXXVAUL-DECRYPT.txt" => not found
"C:\Users\Default User\Documents\DXXVAUL-DECRYPT.txt" => not found
"C:\Users\Default User\Desktop\DXXVAUL-DECRYPT.txt" => not found
"C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\DXXVAUL-DECRYPT.txt" => not found
"C:\Users\Default User\AppData\Roaming\DXXVAUL-DECRYPT.txt" => not found
"C:\Users\Default User\AppData\Local\DXXVAUL-DECRYPT.txt" => not found
"C:\Users\Default User\AppData\DXXVAUL-DECRYPT.txt" => not found
"C:\Users\Administrator\DXXVAUL-DECRYPT.txt" => not found
"C:\Users\Administrator\Downloads\DXXVAUL-DECRYPT.txt" => not found
"C:\Users\Administrator\Documents\DXXVAUL-DECRYPT.txt" => not found
"C:\Users\Administrator\Desktop\DXXVAUL-DECRYPT.txt" => not found
"C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\DXXVAUL-DECRYPT.txt" => not found
"C:\Users\Administrator\AppData\Roaming\DXXVAUL-DECRYPT.txt" => not found
"C:\Users\Administrator\AppData\LocalLow\DXXVAUL-DECRYPT.txt" => not found
"C:\Users\Administrator\AppData\Local\DXXVAUL-DECRYPT.txt" => not found
"C:\Users\Administrator\AppData\DXXVAUL-DECRYPT.txt" => not found
"C:\Program Files\DXXVAUL-DECRYPT.txt" => not found
"C:\Program Files (x86)\DXXVAUL-DECRYPT.txt" => not found
"C:\Users\DXXVAUL-DECRYPT.txt" => not found
"C:\DXXVAUL-DECRYPT.txt" => not found
"C:\Program Files (x86)\PCCSoftware" => not found
"C:\Users\Elie PC\AppData\Roaming\kclqcnndac4" => not found
"C:\Users\Elie PC\AppData\Roaming\f0blmqsoao4" => not found
"C:\Users\Elie PC\AppData\Roaming\bwlguixrltm" => not found
"C:\Users\Administrator" => not found
"C:\Users\Administrator\ntuser.ini.dxxvaul" => not found
"C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk" => not found
"C:\Users\Elie PC\AppData\Roaming\l1rwvoeyhlo" => not found
"C:\Users\Elie PC\AppData\Roaming\jlkmsuufpgz" => not found
"C:\Users\Elie PC\ntuser.pol" => not found
"C:\WINDOWS\System32\Tasks\Chameleon Folder-Elie PC" => not found
"C:\Users\Elie PC\AppData\Roaming\ydt1fbih3xe" => not found
"C:\Users\Elie PC\AppData\Roaming\qmmse2s3fo1" => not found
"C:\Program Files (x86)\SmartData" => not found
"C:\Users\Elie PC\AppData\Local\{01801827-6513-4a10-9443-a405dbafb4d3}" => not found
"C:\Users\Elie PC\AppData\Roaming\cbargat.exe.E.dxxvaul" => not found
"C:\Users\Elie PC\AppData\Roaming\lakric.exe.E.dxxvaul" => not found
"C:\Users\Elie PC\Documents\Chameleon files" => not found
"C:\Users\Elie PC\AppData\Roaming\cbargat.exe" => not found
"C:\Users\Elie PC\AppData\Local\ChromeSetup.exe" => not found
"C:\Users\Elie PC\AppData\Roaming\vse1rvxjs3a" => not found
"C:\Users\Elie PC\AppData\Roaming\cui4jw2dbt1" => not found
"C:\Users\Elie PC\AppData\Roaming\btqto3t5oin" => not found
"C:\Users\Elie PC\AppData\Roaming\30ch10jvwrc" => not found
"C:\Program Files (x86)\WoolooMooLoo" => not found
"C:\Users\Elie PC\AppData\Local\Macromedia" => not found
"C:\Program Files (x86)\whittier" => not found
"C:\Program Files (x86)\Plasmodia" => not found
"C:\Program Files (x86)\Romanticizing" => not found
"C:\Program Files (x86)\ruths" => not found
"C:\Program Files (x86)\londoners" => not found
"C:\Users\Elie PC\AppData\Local\sha.db" => not found
"C:\Program Files (x86)\Vitiate" => not found
"C:\Users\Elie PC\AppData\Local\installer.dat" => not found
"C:\WINDOWS\b86220058" => not found
"C:\ProgramData\boost_interprocess" => not found
"C:\ProgramData\{82F3A786-C669-C711-11DB-924B113CCB1A}" => not found
"C:\ProgramData\{2C9E1B14-7AFB-697C-8367-FFE58380A6B4}" => not found
"C:\Users\Elie PC\AppData\Local\AdvinstAnalytics" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2537705118-3678183070-2612574250-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2537705118-3678183070-2612574250-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


=========== EmptyTemp: ==========

BITS transfer queue => 11034624 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7472421 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 1433893 B
Chrome => 0 B
Firefox => 26824079 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 2720 B
LocalService => 0 B
NetworkService => 0 B
NetworkService => 0 B
Elie PC => 7475970 B
Administrator => 0 B

RecycleBin => 0 B
EmptyTemp: => 51.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:49:15 ====


Avatar de l’utilisateur
Malekal_morte
Site Admin
Site Admin
Messages : 95074
Inscription : 10 sept. 2005 13:57
Contact :

Re: Infecté par GandCrab 5.1

Message par Malekal_morte » 17 févr. 2019 16:11

Voila,

Supprime le dossier C:\FRST

Par sécurité, change les mots de passe.
Suis les pages du forum ou vas faire un tour de temps en temps sur nomore-ransom
mais bon faut pas trop y compter.
Première règle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas

Sécuriser son ordinateur (version courte)

Tutoriels Logiciels - Tutoriel Windows - Windows 10

Stop publicités - popups intempestives
supprimer-trojan.com : guide de suppression de malwares

Partagez malekal.com : n'hésitez pas à partager sur Facebook et GooglePlus les articles qui vous plaisent.

Raromelie
Messages : 4
Inscription : 17 févr. 2019 12:00

Re: Infecté par GandCrab 5.1

Message par Raromelie » 17 févr. 2019 17:37

Merci encore. L'extension dxxvaul n'est plus present sur le disque c. N'est il pas possible d'avoir le même résultat sur mes autres partitions?
Edit;j'ai parlé trop vite en fait.Il est encore bel et ben present dans tout les dossiers et sous dossiers où sont installés mes jeux

Avatar de l’utilisateur
Parisien_entraide
Geek à longue barbe
Geek à longue barbe
Messages : 1786
Inscription : 02 juin 2012 20:48

Re: Infecté par GandCrab 5.1

Message par Parisien_entraide » 22 févr. 2019 18:56

Bonsoir

Peut être une solution (voir le dernier message)

viewtopic.php?f=11&t=60816
Only Amiga... was possible !


Répondre

Revenir vers « VIRUS : Supprimer/Desinfecter (Trojan, Adwares, Ransomwares, Backdoor, Spywares) »