Windows Vista a été infecté par Crytowall 3.0

Aide à la désinfection pour supprimer les virus, adwares, ransomwares, trojans.

Modérateurs : Mods Windows, Helper

Malekal_morte
Messages : 112084
Inscription : 10 sept. 2005 13:57

Re: crytowall 3.0

par Malekal_morte »

Salut,

Y a du boulot,

Tu as été infecté par un Ransomware chiffreurs de fichiers.

Ces derniers vont essentiellement par des pièces jointes malicieux dans des emails ou des Exploits WEB.

Il n'y a pas vraiment de solution pour récupérer les documents.

Il faudra vérifier qu'aucun malware ne soit actif puis changer tous tes mots de passe.

Pour désinfecter l'ordinateur :

~~


Deux antivirus, ça fait ramer et planter les ordinateurs.
Désinstalle celui en trop...
Désinstalle aussi McAfee Security Scan Plus, c'est un programme marketting pour te refiler l'antivirus que tu as déjà.
AV: McAfee Anti-Virus y Anti-Spyware (Enabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: avast! Antivirus (Disabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
Ensuite ton PC est bourré d'adwares.

Voici la correction à  effectuer avec FRST.
Tu peux t'inspirer de cette note explicative avec des captures d'écran pour t'aider: https://www.malekal.com/tutorial-farbar ... -frst/#fix

Ouvre le bloc-notes : Touche Windows + R, dans le champs executer, tape notepad et OK.
Copie/colle dedans ce qui suit :

HKU\S-1-5-21-2049595731-2703424260-2257613587-1003\...\Run: [BoBrowser] => C:\Users\hamid\AppData\Local\BoBrowser\Application\bobrowser.exe [642696 2015-02-18] (The BoBrowser Authors)
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [549008 2014-05-09] (Cherished Technololgy LIMITED)
S2 Update Fortunitas; C:\Program Files\Fortunitas\updateFortunitas.exe [X]
S2 Update Kozaka; C:\Program Files\Kozaka\updateKozaka.exe [X]
S2 Util Fortunitas; C:\Program Files\Fortunitas\bin\utilFortunitas.exe [X]
S2 Util Kozaka; C:\Program Files\Kozaka\bin\utilKozaka.exe [X]
C:\Users\hamid\AppData\Local\Google\Chrome\User Data\Default
2015-07-31 13:13 - 2014-02-23 14:13 - 00002376 _____ C:\Windows\Tasks\Plus-HD-7.5-updater.job
2015-07-31 13:13 - 2014-02-23 14:13 - 00002302 _____ C:\Windows\Tasks\Plus-HD-7.5-firefoxinstaller.job
2015-07-31 13:13 - 2014-02-23 14:13 - 00001452 _____ C:\Windows\Tasks\Plus-HD-7.5-codedownloader.job
Task: {28A5AE3C-2C27-4966-98AB-891082CC4627} - System32\Tasks\Plus-HD-7.5-codedownloader => C:\Program Files\Plus-HD-7.5\Plus-HD-7.5-codedownloader.exe [2014-02-23] (Plus HD) <==== ATTENTION
Task: {29F0556E-4F5E-460C-B3A3-63DDD9FD4C95} - System32\Tasks\SONY\Me&My VAIO\Me&My VAIO => C:\Program Files\Sony\Me&My VAIO\QLGuide.exe [2008-11-17] (Sony Corporation)
Task: {2C3745A8-8CF2-4AE7-9033-141FFDFFF67B} - \LaunchApp No Task File <==== ATTENTION
Task: {36CE91C7-29B0-42A7-B14F-6A0B93C67497} - System32\Tasks\bench-Updater removing
Task: {43BA3275-8D2B-4EAE-8350-819CE11F3B8C} - System32\Tasks\c8470bad-6418-48e6-9c78-c736c9cf9191-5 => C:\Program Files\video MediaPlayer\c8470bad-6418-48e6-9c78-c736c9cf9191-5.exe [2014-06-26] (enter) <==== ATTENTION
Task: {476466F8-5A3A-4B43-B45C-3418E165034D} - System32\Tasks\Update Service SimpleFiles => C:\Program Files\SimpleFilesUpdater\SimpleFilesUpdater.exe
Task: {4F70AC81-E71E-47C2-8C54-08162E5148EE} - \bench-sys No Task File <==== ATTENTION
Task: {534F0564-692E-4FCC-B0E9-31972BEFC61E} - System32\Tasks\Run_Bobby_Browser => C:\Users\hamid\AppData\Local\BoBrowser\Application\bobrowser.exe [2015-02-18] (The BoBrowser Authors) <==== ATTENTION
Task: {A273E2A6-C046-42CA-832E-7F2B5D9DC548} - System32\Tasks\Plus-HD-7.5-updater => C:\Program Files\Plus-HD-7.5\Plus-HD-7.5-updater.exe [2014-02-23] (Plus HD) <==== ATTENTION
Task: {A49A17FC-E1CF-436E-B769-3B511C8A3636} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation)
Task: {A935E59D-192D-429C-94C7-5093D0357D76} - System32\Tasks\c8470bad-6418-48e6-9c78-c736c9cf9191-4 => C:\Program Files\video MediaPlayer\c8470bad-6418-48e6-9c78-c736c9cf9191-4.exe [2014-06-26] (enter) <==== ATTENTION
Task: {ADA5FE1B-F06E-429F-BB38-0D07562D2A0C} - System32\Tasks\c8470bad-6418-48e6-9c78-c736c9cf9191-11 => C:\Program Files\video MediaPlayer\c8470bad-6418-48e6-9c78-c736c9cf9191-11.exe [2014-06-26] (enter) <==== ATTENTION
Task: {B115326F-55C1-4B7D-9877-F65173C904E9} - \Plus-HD-7.5-enabler No Task File <==== ATTENTION
Task: {B8396053-D587-4ECA-B0D3-8E585BE4259C} - System32\Tasks\Plus-HD-7.5-firefoxinstaller => C:\Program Files\Plus-HD-7.5\Plus-HD-7.5-firefoxinstaller.exe [2014-02-23] (Plus HD) <==== ATTENTION
Task: {C13D309F-042F-418D-8E6F-CD74AD95F7EA} - \c8470bad-6418-48e6-9c78-c736c9cf9191-2 No Task File <==== ATTENTION
Task: {C1AD9EEE-8226-4CDC-A3E1-3D5E6DB806B9} - \Express FilesUpdate No Task File <==== ATTENTION
Task: {C7936837-A053-48ED-96DE-043EF7E44CB2} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-06-26] (globalUpdate) <==== ATTENTION
Task: {D4C96F61-1A0E-4AC6-A10B-9E077DFD2E01} - System32\Tasks\c8470bad-6418-48e6-9c78-c736c9cf9191-5_user => C:\Program Files\video MediaPlayer\c8470bad-6418-48e6-9c78-c736c9cf9191-5.exe [2014-06-26] (enter) <==== ATTENTION
Task: {DF1602C3-0C56-431E-B6DD-1251F04BF9EB} - \GoforFilesUpdate No Task File <==== ATTENTION
Task: {F947F174-A6C8-4257-933B-59484754368E} - System32\Tasks\c8470bad-6418-48e6-9c78-c736c9cf9191-1 => C:\Program Files\video MediaPlayer\video MediaPlayer-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\bench-Updater removing.job => /verysilent SYSTEM This will uninstall Updater <==== ATTENTION
Task: C:\Windows\Tasks\c8470bad-6418-48e6-9c78-c736c9cf9191-11.job => C:\Program Files\video MediaPlayer\c8470bad-6418-48e6-9c78-c736c9cf9191-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\c8470bad-6418-48e6-9c78-c736c9cf9191-4.job => C:\Program Files\video MediaPlayer\c8470bad-6418-48e6-9c78-c736c9cf9191-4.exeΡ/TmhtKPN /noqykM='video MediaPlayer' /CifKwBNnn C:\Program Files\video MediaPlayer\59599.xpi' /ZAlRU=59599 /ZHGQrKuK='001673' /LcdbGBXTT='verticals-' /qTjwk='0' /UJDIC=1DF4F45AC8A04024A3D036105B487755IE /szJxt=716388fe78393c91231157e380d1bfb5 /vMEOwUh=1_34_06_10 /esqVHur=1.34.6.10 /pDfQT=1403806379 /JQAQPnReH=http:/stats.democlientnet.com /oQuRB=http:/errors.democlientnet.com /KLGUPqK=300 /NXqQQyd=[email protected]be5605617.com /QHCLsF=0.94 /tgIEoa=aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599 /HWEyaaKMT=https:/w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/59599.rdf /UebQPe='video MediaPlayer' /zWSqTh='MediaPlayerEnhance Extension' /frCHg='enter' /XPOUAOsgr=ch /KUpywzsbU='{asw:[16777218, 1086328833, 0]}' /RyKbZPT /lfikBPPbX /DPrlAn /KqRmhxGnJ='http:/update.democlientnet.com/ff_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\Windows\Tasks\c8470bad-6418-48e6-9c78-c736c9cf9191-5.job => C:\Program Files\video MediaPlayer\c8470bad-6418-48e6-9c78-c736c9cf9191-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\c8470bad-6418-48e6-9c78-c736c9cf9191-5_user.job => C:\Program Files\video MediaPlayer\c8470bad-6418-48e6-9c78-c736c9cf9191-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-7.5-codedownloader.job => C:\Program Files\Plus-HD-7.5\Plus-HD-7.5-codedownloader.exeȵ/reinstallapp /runfrom=task /agentregpath='Plus-HD-7.5' /appid=50776 /srcid='000994' /subid='0' /zdata='0' /bic=EB3399A71E454E7183D47F631879D164IE /verifier=eeafa3ad780dfcd3a07fc31c56bfd5fb /installerversion=1_34_1_29 /installerfullversion=1.34.1.29 /installationtime=1393157558 /statsdomain=http:/stats.srvstatsdata.com /errorsdomain=http:/errors.srvstatsdata.com /codedownloaddomain=http:/app-static.crossrider.com /defbro=ch /allusers /autoupdateulr='http:/update.srvstatsdata.com/ie_code_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-7.5-firefoxinstaller.job => C:\Program Files\Plus-HD-7.5\Plus-HD-7.5-firefoxinstaller.exeϜ/installxpi /agentregpath='Plus-HD-7.5' /extensionfilepath C:\Program Files\Plus-HD-7.5\50776.xpi' /appid=50776 /srcid='000994' /subid='0' /zdata='0' /bic=EB3399A71E454E7183D47F631879D164IE /verifier=eeafa3ad780dfcd3a07fc31c56bfd5fb /installerversion=1_34_1_29 /installerfullversion=1.34.1.29 /installationtime=1393157558 /statsdomain=http:/stats.srvstatsdata.com /errorsdomain=http:/errors.srvstatsdata.com /waitforbrowser=300 /extensionid=[email protected]8abef45e2.com /extensionversion=0.93 /prefsbranch=a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776 /updateurl=https:/w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/50776.rdf /extensionname='Plus-HD-7.5' /extensiondesc='Turn YouTube videos to High Definition by default' /publishername='Plus HD' /defbro=ch /allusers /allprofiles /checkfflist /autoupdateulr='http:/update.srvstatsdata.com/ff_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-7.5-updater.job => C:\Program Files\Plus-HD-7.5\Plus-HD-7.5-updater.exe <==== ATTENTION
2013-06-19 17:46 - 2013-12-18 23:18 - 0002543 _____ () C:\Users\hamid\AppData\Roaming\Bubble Dock.boostrap.log
2013-06-19 17:47 - 2013-12-18 23:18 - 0025729 _____ () C:\Users\hamid\AppData\Roaming\Bubble Dock.installation.log
2015-04-03 13:25 - 2015-04-03 13:25 - 0008836 _____ () C:\Users\hamid\AppData\Roaming\HELP_DECRYPT.HTML
2015-04-03 13:25 - 2015-04-03 13:25 - 0047315 _____ () C:\Users\hamid\AppData\Roaming\HELP_DECRYPT.PNG
2015-04-03 13:25 - 2015-04-03 13:25 - 0004462 _____ () C:\Users\hamid\AppData\Roaming\HELP_DECRYPT.TXT
2015-04-03 13:25 - 2015-04-03 13:25 - 0000276 _____ () C:\Users\hamid\AppData\Roaming\HELP_DECRYPT.URL
2013-10-04 12:09 - 2013-10-06 02:07 - 0101712 _____ () C:\Users\hamid\AppData\Roaming\LiveSupport.exe_log.txt
2013-10-04 12:09 - 2013-10-06 02:07 - 0000368 _____ () C:\Users\hamid\AppData\Roaming\regsvr32.exe_log.txt
2013-10-10 19:33 - 2015-06-22 16:27 - 0000231 _____ () C:\Users\hamid\AppData\Roaming\Rim.Desktop.Exception.log
2013-10-10 19:32 - 2014-12-18 23:39 - 0002009 _____ () C:\Users\hamid\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2013-10-10 19:33 - 2015-06-22 16:26 - 0000231 _____ () C:\Users\hamid\AppData\Roaming\Rim.DesktopHelper.Exception.log
2013-05-02 21:53 - 2013-05-02 21:55 - 0025773 _____ () C:\Users\hamid\AppData\Roaming\UserTile.png
2015-04-08 15:30 - 2015-04-08 15:30 - 0000000 _____ () C:\Users\hamid\AppData\Local\BITC9D4.tmp
2013-04-27 18:30 - 2015-04-15 21:50 - 0002032 _____ () C:\Users\hamid\AppData\Local\d3d9caps.dat
2015-07-23 13:53 - 2015-07-23 13:53 - 0003584 _____ () C:\Users\hamid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-03 13:24 - 2015-04-03 13:24 - 0008836 _____ () C:\Users\hamid\AppData\Local\HELP_DECRYPT.HTML
2015-04-03 13:24 - 2015-04-03 13:24 - 0047315 _____ () C:\Users\hamid\AppData\Local\HELP_DECRYPT.PNG
2015-04-03 13:24 - 2015-04-03 13:24 - 0004462 _____ () C:\Users\hamid\AppData\Local\HELP_DECRYPT.TXT
2015-04-03 13:24 - 2015-04-03 13:24 - 0000276 _____ () C:\Users\hamid\AppData\Local\HELP_DECRYPT.URL
2013-12-21 18:13 - 2013-12-21 18:13 - 0000218 _____ () C:\Users\hamid\AppData\Local\recently-used.xbel
2015-04-08 15:28 - 2015-04-08 15:28 - 0000000 _____ () C:\Users\hamid\AppData\Local\{04511379-594C-4A40-9FDF-08D6BF1C1729}
2015-03-03 21:16 - 2015-03-03 21:16 - 0000000 _____ () C:\Users\hamid\AppData\Local\{301EFB8C-7873-4A4D-AAF1-05EF65115E26}
2015-04-13 21:38 - 2015-04-13 21:38 - 0000000 _____ () C:\Users\hamid\AppData\Local\{39F9664D-CBB1-49CF-B744-FD4BCC31C9E2}
2015-03-10 19:11 - 2015-03-10 19:11 - 0000000 _____ () C:\Users\hamid\AppData\Local\{6DF471EE-10A3-4A5C-853A-75A2418D51CE}


Relance FRST et clic sur le bouton Fix
Selon comment un redémarrage est nécessaire (pas obligatoire).
Un fichier texte apparaît, copie/colle le contenu ici dans un nouveau message.

Redémarre l'ordinateur


puis réinitialise tes navigateurs:
==================================
Réinitialise tes navigateurs et ou manuellement reparamètre tes navigateurs WEB (page de démarrage, moteur de recherche etc) mais aussi supprimer/désactiver les extensions inutiles/parasites :
* Internet Explorer et modules complémentaires / moteurs de recherche : http://forum.malekal.com/
* Firefox : http://forum.malekal.com/firefox-extens ... 36057.html
* Google Chrome : http://forum.malekal.com/google-chrome- ... 35837.html

~~

Fais une recherche de fichiers sur HELP_DECRYPT et supprime tout.

~~


Enfin pour terminer :

Télécharge et installe Malwarebyte : https://www.malekal.com/malwarebyte-ant ... les-virus/
Mets le à  jour puis lance un examen.

A la fin du scan, clic sur "Supprimer Selection" en bas à  gauche.
Redémarre l'ordinateur si besoin.
Après redémarrage, relance Malwarebytes.
Vas chercher le rapport dans l'onglet Historique.
A gauche Journal des examens.
Doube-clic sur l'examen dans la liste.
Puis en bas Copier dans le presse papier
Vas sur http://pjjoint.malekal.com et en bas, clic droit / coller pour coller le rapport du scan Malwarebytes.
Clic sur envoyer.
Dans un nouveau message ici en réponse, donne le lien pjjoint afin de pouvoir consulter le rapport.
Première règle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas !
Comment protéger son PC des virus
Windows 11 : Compatibilité, Configuration minimale requise, télécharger ISO et installer Windows 11

Comment demander de l'aide sur le forum
Partagez malekal.com : n'hésitez pas à partager les articles qui vous plaisent sur la page Facebook du site.
barabiri

Re: Windows Vista a été infecté par Crytowall 3.0

par barabiri »

Fix result of Farbar Recovery Scan Tool (x86) Version:02-08-2015 01
Ran by hamid (2015-08-03 13:59:37) Run:1
Running from C:\Users\hamid\Desktop
Loaded Profiles: hamid (Available Profiles: hamid)
Boot Mode: Normal

==============================================

fixlist content:
*****************
HKU\S-1-5-21-2049595731-2703424260-2257613587-1003\...\Run: [BoBrowser] => C:\Users\hamid\AppData\Local\BoBrowser\Application\bobrowser.exe [642696 2015-02-18] (The BoBrowser Authors)
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [549008 2014-05-09] (Cherished Technololgy LIMITED)
S2 Update Fortunitas; C:\Program Files\Fortunitas\updateFortunitas.exe [X]
S2 Update Kozaka; C:\Program Files\Kozaka\updateKozaka.exe [X]
S2 Util Fortunitas; C:\Program Files\Fortunitas\bin\utilFortunitas.exe [X]
S2 Util Kozaka; C:\Program Files\Kozaka\bin\utilKozaka.exe [X]
C:\Users\hamid\AppData\Local\Google\Chrome\User Data\Default
2015-07-31 13:13 - 2014-02-23 14:13 - 00002376 _____ C:\Windows\Tasks\Plus-HD-7.5-updater.job
2015-07-31 13:13 - 2014-02-23 14:13 - 00002302 _____ C:\Windows\Tasks\Plus-HD-7.5-firefoxinstaller.job
2015-07-31 13:13 - 2014-02-23 14:13 - 00001452 _____ C:\Windows\Tasks\Plus-HD-7.5-codedownloader.job
Task: {28A5AE3C-2C27-4966-98AB-891082CC4627} - System32\Tasks\Plus-HD-7.5-codedownloader => C:\Program Files\Plus-HD-7.5\Plus-HD-7.5-codedownloader.exe [2014-02-23] (Plus HD) <==== ATTENTION
Task: {29F0556E-4F5E-460C-B3A3-63DDD9FD4C95} - System32\Tasks\SONY\Me&My VAIO\Me&My VAIO => C:\Program Files\Sony\Me&My VAIO\QLGuide.exe [2008-11-17] (Sony Corporation)
Task: {2C3745A8-8CF2-4AE7-9033-141FFDFFF67B} - \LaunchApp No Task File <==== ATTENTION
Task: {36CE91C7-29B0-42A7-B14F-6A0B93C67497} - System32\Tasks\bench-Updater removing
Task: {43BA3275-8D2B-4EAE-8350-819CE11F3B8C} - System32\Tasks\c8470bad-6418-48e6-9c78-c736c9cf9191-5 => C:\Program Files\video MediaPlayer\c8470bad-6418-48e6-9c78-c736c9cf9191-5.exe [2014-06-26] (enter) <==== ATTENTION
Task: {476466F8-5A3A-4B43-B45C-3418E165034D} - System32\Tasks\Update Service SimpleFiles => C:\Program Files\SimpleFilesUpdater\SimpleFilesUpdater.exe
Task: {4F70AC81-E71E-47C2-8C54-08162E5148EE} - \bench-sys No Task File <==== ATTENTION
Task: {534F0564-692E-4FCC-B0E9-31972BEFC61E} - System32\Tasks\Run_Bobby_Browser => C:\Users\hamid\AppData\Local\BoBrowser\Application\bobrowser.exe [2015-02-18] (The BoBrowser Authors) <==== ATTENTION
Task: {A273E2A6-C046-42CA-832E-7F2B5D9DC548} - System32\Tasks\Plus-HD-7.5-updater => C:\Program Files\Plus-HD-7.5\Plus-HD-7.5-updater.exe [2014-02-23] (Plus HD) <==== ATTENTION
Task: {A49A17FC-E1CF-436E-B769-3B511C8A3636} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation)
Task: {A935E59D-192D-429C-94C7-5093D0357D76} - System32\Tasks\c8470bad-6418-48e6-9c78-c736c9cf9191-4 => C:\Program Files\video MediaPlayer\c8470bad-6418-48e6-9c78-c736c9cf9191-4.exe [2014-06-26] (enter) <==== ATTENTION
Task: {ADA5FE1B-F06E-429F-BB38-0D07562D2A0C} - System32\Tasks\c8470bad-6418-48e6-9c78-c736c9cf9191-11 => C:\Program Files\video MediaPlayer\c8470bad-6418-48e6-9c78-c736c9cf9191-11.exe [2014-06-26] (enter) <==== ATTENTION
Task: {B115326F-55C1-4B7D-9877-F65173C904E9} - \Plus-HD-7.5-enabler No Task File <==== ATTENTION
Task: {B8396053-D587-4ECA-B0D3-8E585BE4259C} - System32\Tasks\Plus-HD-7.5-firefoxinstaller => C:\Program Files\Plus-HD-7.5\Plus-HD-7.5-firefoxinstaller.exe [2014-02-23] (Plus HD) <==== ATTENTION
Task: {C13D309F-042F-418D-8E6F-CD74AD95F7EA} - \c8470bad-6418-48e6-9c78-c736c9cf9191-2 No Task File <==== ATTENTION
Task: {C1AD9EEE-8226-4CDC-A3E1-3D5E6DB806B9} - \Express FilesUpdate No Task File <==== ATTENTION
Task: {C7936837-A053-48ED-96DE-043EF7E44CB2} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-06-26] (globalUpdate) <==== ATTENTION
Task: {D4C96F61-1A0E-4AC6-A10B-9E077DFD2E01} - System32\Tasks\c8470bad-6418-48e6-9c78-c736c9cf9191-5_user => C:\Program Files\video MediaPlayer\c8470bad-6418-48e6-9c78-c736c9cf9191-5.exe [2014-06-26] (enter) <==== ATTENTION
Task: {DF1602C3-0C56-431E-B6DD-1251F04BF9EB} - \GoforFilesUpdate No Task File <==== ATTENTION
Task: {F947F174-A6C8-4257-933B-59484754368E} - System32\Tasks\c8470bad-6418-48e6-9c78-c736c9cf9191-1 => C:\Program Files\video MediaPlayer\video MediaPlayer-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\bench-Updater removing.job => /verysilent SYSTEM This will uninstall Updater <==== ATTENTION
Task: C:\Windows\Tasks\c8470bad-6418-48e6-9c78-c736c9cf9191-11.job => C:\Program Files\video MediaPlayer\c8470bad-6418-48e6-9c78-c736c9cf9191-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\c8470bad-6418-48e6-9c78-c736c9cf9191-4.job => C:\Program Files\video MediaPlayer\c8470bad-6418-48e6-9c78-c736c9cf9191-4.exe?/TmhtKPN /noqykM='video MediaPlayer' /CifKwBNnn C:\Program Files\video MediaPlayer\59599.xpi' /ZAlRU=59599 /ZHGQrKuK='001673' /LcdbGBXTT='verticals-' /qTjwk='0' /UJDIC=1DF4F45AC8A04024A3D036105B487755IE /szJxt=716388fe78393c91231157e380d1bfb5 /vMEOwUh=1_34_06_10 /esqVHur=1.34.6.10 /pDfQT=1403806379 /JQAQPnReH=http:/stats.democlientnet.com /oQuRB=http:/errors.democlientnet.com /KLGUPqK=300 /NXqQQyd=ff806580-6db3-4c09-ba06-d6caf0 ... 605617.com /QHCLsF=0.94 /tgIEoa=aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599 /HWEyaaKMT=https:/w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/59599.rdf /UebQPe='video MediaPlayer' /zWSqTh='MediaPlayerEnhance Extension' /frCHg='enter' /XPOUAOsgr=ch /KUpywzsbU='{asw:[16777218, 1086328833, 0]}' /RyKbZPT /lfikBPPbX /DPrlAn /KqRmhxGnJ='http:/update.democlientnet.com/ff_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\Windows\Tasks\c8470bad-6418-48e6-9c78-c736c9cf9191-5.job => C:\Program Files\video MediaPlayer\c8470bad-6418-48e6-9c78-c736c9cf9191-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\c8470bad-6418-48e6-9c78-c736c9cf9191-5_user.job => C:\Program Files\video MediaPlayer\c8470bad-6418-48e6-9c78-c736c9cf9191-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-7.5-codedownloader.job => C:\Program Files\Plus-HD-7.5\Plus-HD-7.5-codedownloader.exe?/reinstallapp /runfrom=task /agentregpath='Plus-HD-7.5' /appid=50776 /srcid='000994' /subid='0' /zdata='0' /bic=EB3399A71E454E7183D47F631879D164IE /verifier=eeafa3ad780dfcd3a07fc31c56bfd5fb /installerversion=1_34_1_29 /installerfullversion=1.34.1.29 /installationtime=1393157558 /statsdomain=http:/stats.srvstatsdata.com /errorsdomain=http:/errors.srvstatsdata.com /codedownloaddomain=http:/app-static.crossrider.com /defbro=ch /allusers /autoupdateulr='http:/update.srvstatsdata.com/ie_code_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-7.5-firefoxinstaller.job => C:\Program Files\Plus-HD-7.5\Plus-HD-7.5-firefoxinstaller.exe?/installxpi /agentregpath='Plus-HD-7.5' /extensionfilepath C:\Program Files\Plus-HD-7.5\50776.xpi' /appid=50776 /srcid='000994' /subid='0' /zdata='0' /bic=EB3399A71E454E7183D47F631879D164IE /verifier=eeafa3ad780dfcd3a07fc31c56bfd5fb /installerversion=1_34_1_29 /installerfullversion=1.34.1.29 /installationtime=1393157558 /statsdomain=http:/stats.srvstatsdata.com /errorsdomain=http:/errors.srvstatsdata.com /waitforbrowser=300 /extensionid=18c66c1d-05d8-4e58-8b16-c4 ... ef45e2.com /extensionversion=0.93 /prefsbranch=a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776 /updateurl=https:/w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/50776.rdf /extensionname='Plus-HD-7.5' /extensiondesc='Turn YouTube videos to High Definition by default' /publishername='Plus HD' /defbro=ch /allusers /allprofiles /checkfflist /autoupdateulr='http:/update.srvstatsdata.com/ff_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-7.5-updater.job => C:\Program Files\Plus-HD-7.5\Plus-HD-7.5-updater.exe <==== ATTENTION
2013-06-19 17:46 - 2013-12-18 23:18 - 0002543 _____ () C:\Users\hamid\AppData\Roaming\Bubble Dock.boostrap.log
2013-06-19 17:47 - 2013-12-18 23:18 - 0025729 _____ () C:\Users\hamid\AppData\Roaming\Bubble Dock.installation.log
2015-04-03 13:25 - 2015-04-03 13:25 - 0008836 _____ () C:\Users\hamid\AppData\Roaming\HELP_DECRYPT.HTML
2015-04-03 13:25 - 2015-04-03 13:25 - 0047315 _____ () C:\Users\hamid\AppData\Roaming\HELP_DECRYPT.PNG
2015-04-03 13:25 - 2015-04-03 13:25 - 0004462 _____ () C:\Users\hamid\AppData\Roaming\HELP_DECRYPT.TXT
2015-04-03 13:25 - 2015-04-03 13:25 - 0000276 _____ () C:\Users\hamid\AppData\Roaming\HELP_DECRYPT.URL
2013-10-04 12:09 - 2013-10-06 02:07 - 0101712 _____ () C:\Users\hamid\AppData\Roaming\LiveSupport.exe_log.txt
2013-10-04 12:09 - 2013-10-06 02:07 - 0000368 _____ () C:\Users\hamid\AppData\Roaming\regsvr32.exe_log.txt
2013-10-10 19:33 - 2015-06-22 16:27 - 0000231 _____ () C:\Users\hamid\AppData\Roaming\Rim.Desktop.Exception.log
2013-10-10 19:32 - 2014-12-18 23:39 - 0002009 _____ () C:\Users\hamid\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2013-10-10 19:33 - 2015-06-22 16:26 - 0000231 _____ () C:\Users\hamid\AppData\Roaming\Rim.DesktopHelper.Exception.log
2013-05-02 21:53 - 2013-05-02 21:55 - 0025773 _____ () C:\Users\hamid\AppData\Roaming\UserTile.png
2015-04-08 15:30 - 2015-04-08 15:30 - 0000000 _____ () C:\Users\hamid\AppData\Local\BITC9D4.tmp
2013-04-27 18:30 - 2015-04-15 21:50 - 0002032 _____ () C:\Users\hamid\AppData\Local\d3d9caps.dat
2015-07-23 13:53 - 2015-07-23 13:53 - 0003584 _____ () C:\Users\hamid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-03 13:24 - 2015-04-03 13:24 - 0008836 _____ () C:\Users\hamid\AppData\Local\HELP_DECRYPT.HTML
2015-04-03 13:24 - 2015-04-03 13:24 - 0047315 _____ () C:\Users\hamid\AppData\Local\HELP_DECRYPT.PNG
2015-04-03 13:24 - 2015-04-03 13:24 - 0004462 _____ () C:\Users\hamid\AppData\Local\HELP_DECRYPT.TXT
2015-04-03 13:24 - 2015-04-03 13:24 - 0000276 _____ () C:\Users\hamid\AppData\Local\HELP_DECRYPT.URL
2013-12-21 18:13 - 2013-12-21 18:13 - 0000218 _____ () C:\Users\hamid\AppData\Local\recently-used.xbel
2015-04-08 15:28 - 2015-04-08 15:28 - 0000000 _____ () C:\Users\hamid\AppData\Local\{04511379-594C-4A40-9FDF-08D6BF1C1729}
2015-03-03 21:16 - 2015-03-03 21:16 - 0000000 _____ () C:\Users\hamid\AppData\Local\{301EFB8C-7873-4A4D-AAF1-05EF65115E26}
2015-04-13 21:38 - 2015-04-13 21:38 - 0000000 _____ () C:\Users\hamid\AppData\Local\{39F9664D-CBB1-49CF-B744-FD4BCC31C9E2}
2015-03-10 19:11 - 2015-03-10 19:11 - 0000000 _____ () C:\Users\hamid\AppData\Local\{6DF471EE-10A3-4A5C-853A-75A2418D51CE}

*****************

HKU\S-1-5-21-2049595731-2703424260-2257613587-1003\Software\Microsoft\Windows\CurrentVersion\Run\\BoBrowser => value removed successfully.
Wpm => Service stopped successfully.
Wpm => service removed successfully.
Update Fortunitas => service removed successfully.
Update Kozaka => service removed successfully.
Util Fortunitas => service removed successfully.
Util Kozaka => service removed successfully.
C:\Users\hamid\AppData\Local\Google\Chrome\User Data\Default => moved successfully.
C:\Windows\Tasks\Plus-HD-7.5-updater.job => moved successfully.
C:\Windows\Tasks\Plus-HD-7.5-firefoxinstaller.job => moved successfully.
C:\Windows\Tasks\Plus-HD-7.5-codedownloader.job => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{28A5AE3C-2C27-4966-98AB-891082CC4627}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28A5AE3C-2C27-4966-98AB-891082CC4627}" => key removed successfully.
C:\Windows\System32\Tasks\Plus-HD-7.5-codedownloader => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-7.5-codedownloader" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{29F0556E-4F5E-460C-B3A3-63DDD9FD4C95}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29F0556E-4F5E-460C-B3A3-63DDD9FD4C95}" => key removed successfully.
C:\Windows\System32\Tasks\SONY\Me&My VAIO\Me&My VAIO => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SONY\Me&My VAIO\Me&My VAIO" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2C3745A8-8CF2-4AE7-9033-141FFDFFF67B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C3745A8-8CF2-4AE7-9033-141FFDFFF67B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchApp" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{36CE91C7-29B0-42A7-B14F-6A0B93C67497}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36CE91C7-29B0-42A7-B14F-6A0B93C67497}" => key removed successfully.
C:\Windows\System32\Tasks\bench-Updater removing => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bench-Updater removing" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{43BA3275-8D2B-4EAE-8350-819CE11F3B8C}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43BA3275-8D2B-4EAE-8350-819CE11F3B8C}" => key removed successfully.
C:\Windows\System32\Tasks\c8470bad-6418-48e6-9c78-c736c9cf9191-5 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c8470bad-6418-48e6-9c78-c736c9cf9191-5" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{476466F8-5A3A-4B43-B45C-3418E165034D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{476466F8-5A3A-4B43-B45C-3418E165034D}" => key removed successfully.
C:\Windows\System32\Tasks\Update Service SimpleFiles => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update Service SimpleFiles" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F70AC81-E71E-47C2-8C54-08162E5148EE}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F70AC81-E71E-47C2-8C54-08162E5148EE}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bench-sys" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{534F0564-692E-4FCC-B0E9-31972BEFC61E}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{534F0564-692E-4FCC-B0E9-31972BEFC61E}" => key removed successfully.
C:\Windows\System32\Tasks\Run_Bobby_Browser => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Run_Bobby_Browser" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A273E2A6-C046-42CA-832E-7F2B5D9DC548}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A273E2A6-C046-42CA-832E-7F2B5D9DC548}" => key removed successfully.
C:\Windows\System32\Tasks\Plus-HD-7.5-updater => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-7.5-updater" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A49A17FC-E1CF-436E-B769-3B511C8A3636} => key not found.
C:\Windows\System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Sony Corporation\VAIO Update\VAIO Update" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A935E59D-192D-429C-94C7-5093D0357D76}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A935E59D-192D-429C-94C7-5093D0357D76}" => key removed successfully.
C:\Windows\System32\Tasks\c8470bad-6418-48e6-9c78-c736c9cf9191-4 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c8470bad-6418-48e6-9c78-c736c9cf9191-4" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ADA5FE1B-F06E-429F-BB38-0D07562D2A0C}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADA5FE1B-F06E-429F-BB38-0D07562D2A0C}" => key removed successfully.
C:\Windows\System32\Tasks\c8470bad-6418-48e6-9c78-c736c9cf9191-11 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c8470bad-6418-48e6-9c78-c736c9cf9191-11" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B115326F-55C1-4B7D-9877-F65173C904E9}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B115326F-55C1-4B7D-9877-F65173C904E9}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-7.5-enabler" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B8396053-D587-4ECA-B0D3-8E585BE4259C}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8396053-D587-4ECA-B0D3-8E585BE4259C}" => key removed successfully.
C:\Windows\System32\Tasks\Plus-HD-7.5-firefoxinstaller => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-7.5-firefoxinstaller" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C13D309F-042F-418D-8E6F-CD74AD95F7EA}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C13D309F-042F-418D-8E6F-CD74AD95F7EA}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c8470bad-6418-48e6-9c78-c736c9cf9191-2" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C1AD9EEE-8226-4CDC-A3E1-3D5E6DB806B9}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1AD9EEE-8226-4CDC-A3E1-3D5E6DB806B9}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Express FilesUpdate" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C7936837-A053-48ED-96DE-043EF7E44CB2}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7936837-A053-48ED-96DE-043EF7E44CB2}" => key removed successfully.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D4C96F61-1A0E-4AC6-A10B-9E077DFD2E01}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4C96F61-1A0E-4AC6-A10B-9E077DFD2E01}" => key removed successfully.
C:\Windows\System32\Tasks\c8470bad-6418-48e6-9c78-c736c9cf9191-5_user => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c8470bad-6418-48e6-9c78-c736c9cf9191-5_user" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DF1602C3-0C56-431E-B6DD-1251F04BF9EB}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF1602C3-0C56-431E-B6DD-1251F04BF9EB}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoforFilesUpdate" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F947F174-A6C8-4257-933B-59484754368E}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F947F174-A6C8-4257-933B-59484754368E}" => key removed successfully.
C:\Windows\System32\Tasks\c8470bad-6418-48e6-9c78-c736c9cf9191-1 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c8470bad-6418-48e6-9c78-c736c9cf9191-1" => key removed successfully.
C:\Windows\Tasks\bench-Updater removing.job => moved successfully.
C:\Windows\Tasks\c8470bad-6418-48e6-9c78-c736c9cf9191-11.job => moved successfully.
C:\Windows\Tasks\c8470bad-6418-48e6-9c78-c736c9cf9191-4.job => moved successfully.
C:\Windows\Tasks\c8470bad-6418-48e6-9c78-c736c9cf9191-5.job => moved successfully.
C:\Windows\Tasks\c8470bad-6418-48e6-9c78-c736c9cf9191-5_user.job => moved successfully.
C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => moved successfully.
C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => moved successfully.
C:\Windows\Tasks\Plus-HD-7.5-codedownloader.job not found.
C:\Windows\Tasks\Plus-HD-7.5-firefoxinstaller.job not found.
C:\Windows\Tasks\Plus-HD-7.5-updater.job not found.
C:\Users\hamid\AppData\Roaming\Bubble Dock.boostrap.log => moved successfully.
C:\Users\hamid\AppData\Roaming\Bubble Dock.installation.log => moved successfully.
C:\Users\hamid\AppData\Roaming\HELP_DECRYPT.HTML => moved successfully.
C:\Users\hamid\AppData\Roaming\HELP_DECRYPT.PNG => moved successfully.
C:\Users\hamid\AppData\Roaming\HELP_DECRYPT.TXT => moved successfully.
C:\Users\hamid\AppData\Roaming\HELP_DECRYPT.URL => moved successfully.
C:\Users\hamid\AppData\Roaming\LiveSupport.exe_log.txt => moved successfully.
C:\Users\hamid\AppData\Roaming\regsvr32.exe_log.txt => moved successfully.
C:\Users\hamid\AppData\Roaming\Rim.Desktop.Exception.log => moved successfully.
C:\Users\hamid\AppData\Roaming\Rim.Desktop.HttpServerSetup.log => moved successfully.
C:\Users\hamid\AppData\Roaming\Rim.DesktopHelper.Exception.log => moved successfully.
C:\Users\hamid\AppData\Roaming\UserTile.png => moved successfully.
C:\Users\hamid\AppData\Local\BITC9D4.tmp => moved successfully.
C:\Users\hamid\AppData\Local\d3d9caps.dat => moved successfully.
C:\Users\hamid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully.
C:\Users\hamid\AppData\Local\HELP_DECRYPT.HTML => moved successfully.
C:\Users\hamid\AppData\Local\HELP_DECRYPT.PNG => moved successfully.
C:\Users\hamid\AppData\Local\HELP_DECRYPT.TXT => moved successfully.
C:\Users\hamid\AppData\Local\HELP_DECRYPT.URL => moved successfully.
C:\Users\hamid\AppData\Local\recently-used.xbel => moved successfully.
C:\Users\hamid\AppData\Local\{04511379-594C-4A40-9FDF-08D6BF1C1729} => moved successfully.
C:\Users\hamid\AppData\Local\{301EFB8C-7873-4A4D-AAF1-05EF65115E26} => moved successfully.
C:\Users\hamid\AppData\Local\{39F9664D-CBB1-49CF-B744-FD4BCC31C9E2} => moved successfully.
C:\Users\hamid\AppData\Local\{6DF471EE-10A3-4A5C-853A-75A2418D51CE} => moved successfully.

==== End of Fixlog 14:00:58 ====
Malekal_morte
Messages : 112084
Inscription : 10 sept. 2005 13:57

Re: Windows Vista a été infecté par Crytowall 3.0

par Malekal_morte »

ok, voici la suite :

Malwarebytes (temps : environ 40min de scan):
==================================================
Télécharge et installe Malwarebyte : https://www.malekal.com/malwarebyte-ant ... les-virus/
Mets le à  jour puis lance un examen.

A la fin du scan, clic sur "Supprimer Selection" en bas à  gauche.
Redémarre l'ordinateur si besoin.
Après redémarrage, relance Malwarebytes.
Vas chercher le rapport dans l'onglet Historique.
A gauche Journal des examens.
Doube-clic sur l'examen dans la liste.
Puis en bas Copier dans le presse papier
Vas sur http://pjjoint.malekal.com et en bas, clic droit / coller pour coller le rapport du scan Malwarebytes.
Clic sur envoyer.
Dans un nouveau message ici en réponse, donne le lien pjjoint afin de pouvoir consulter le rapport.
Première règle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas !
Comment protéger son PC des virus
Windows 11 : Compatibilité, Configuration minimale requise, télécharger ISO et installer Windows 11

Comment demander de l'aide sur le forum
Partagez malekal.com : n'hésitez pas à partager les articles qui vous plaisent sur la page Facebook du site.
  • Sujets similaires
    Réponses
    Vues
    Dernier message

Revenir à « Supprimer/Desinfecter les virus (Trojan, Adwares, Ransomwares, Backdoor, Spywares) »