mais envoyées je ne sais où en fait car dans la panique j'ai suivi la procédure en mode débile avec "personne" en face.
Si quelqu'un peut m'aider.
cryptowall. FRST installé et copies (3) envoyées
Modérateurs : Mods Windows, Helper
- Messages : 31842
- Inscription : 28 févr. 2008 13:58
- Localisation : Breizhilienne
Re: cryptowall. FRST installé et copies (3) envoyées
Utilise le site http://pjjoint.malekal.com/ pour envoyer ton rapport, et poste le lien dans ta prochaine réponse pour analyse.
Avec Gnu_Linux t'as un Noyau ... avec Ѡindows t'as que les pépins
https://helicium.altervista.org/
Supprimer les "virus" gratuitement http://www.supprimer-trojan.com/
Un p'tit Don à Angélique
Merci.
https://helicium.altervista.org/
Supprimer les "virus" gratuitement http://www.supprimer-trojan.com/
Un p'tit Don à Angélique
Merci.Re: cryptowall. FRST installé et copies (3) envoyées
merci Angélique de me répondre à nouveau.
J'ai suivi la procédure d'inscription, puis téléchargé FRST, puis envoyé les 3 rapports sur le lien (le même que tu m'a gentillement redonné). Mais je comprends pas "où" il sont arrivés ni comment un helper va les trouver.
Il faut que je les renvoie ? puis "où" trouver l'analyse. Un lien pour les retours d'analyse peut-être ?
Merci
J'ai suivi la procédure d'inscription, puis téléchargé FRST, puis envoyé les 3 rapports sur le lien (le même que tu m'a gentillement redonné). Mais je comprends pas "où" il sont arrivés ni comment un helper va les trouver.
Il faut que je les renvoie ? puis "où" trouver l'analyse. Un lien pour les retours d'analyse peut-être ?
Merci
- Messages : 31842
- Inscription : 28 févr. 2008 13:58
- Localisation : Breizhilienne
Re: cryptowall. FRST installé et copies (3) envoyées
il faut que tu donnes dans ta réponse les liens crées de tes rapports sur pjjoint
Avec Gnu_Linux t'as un Noyau ... avec Ѡindows t'as que les pépins
https://helicium.altervista.org/
Supprimer les "virus" gratuitement http://www.supprimer-trojan.com/
Un p'tit Don à Angélique Merci.
https://helicium.altervista.org/
Supprimer les "virus" gratuitement http://www.supprimer-trojan.com/
Un p'tit Don à Angélique
Merci.Re: cryptowall. FRST installé et copies (3) envoyées
bonjour Angélique,
j 'espère avoir fait la manip correctement.
Milles mercis.
Dans l'attente de te lire.
j 'espère avoir fait la manip correctement.
Milles mercis.
Dans l'attente de te lire.
- Messages : 31842
- Inscription : 28 févr. 2008 13:58
- Localisation : Breizhilienne
Re: cryptowall. FRST installé et copies (3) envoyées
- Ouvre le bloc-notes : Menu Démarrer / Tous les programmes / Accessoires et Bloc-Notes. (ou executer---> notepad)
Copie/colle dedans ce qui suit :
R2 Hydrup; C:\Program Files\Common Files\Hydrup\hydrup.exe [266536 2015-03-27] (Software)
R2 SProtection; C:\Program Files\Common Files\Umbrella\Umbrella212.exe [3789960 2015-03-26] (Iminent)
Task: {143EEE4D-F9AC-4CA6-9E1B-0BE6D34170D7} - System32\Tasks\{ED9B0577-4B12-4977-9EF4-E248B53952AE} => pcalua.exe -a "C:\Program Files\Pricora 12.0\Uninstall.exe" -c /fcp=1
Task: {80FD652D-E432-4AB2-9726-874BEC6102E4} - System32\Tasks\TaskUserUpdate_wp => C:\Users\Administrateur\AppData\Roaming\~dbcqtjx.exe
C:\Users\Administrateur\AppData\Roaming\~dbcqtjx.exe
Task: {A506B5CB-AF82-47E5-92EF-E286EAB2B95A} - System32\Tasks\{31B4BC0E-354C-46DF-82D3-5CD0A0703FE0} => pcalua.exe -a "C:\Program Files\Pricora 12.0\Uninstall.exe" -c /fcp=1
Task: {A822A3C2-7033-430F-91FF-DE4D6EC791E5} - System32\Tasks\wp_update => C:\Users\Administrateur\AppData\Roaming\~wyexsfg.exe <==== ATTENTION
C:\Users\Administrateur\AppData\Roaming\~wyexsfg.exe
CHR StartupUrls: Default -> "hxxp://start.iminent.com/?appId=00000000-0000-0000-0000-000000000000"
FF SelectedSearchEngine: StartWeb
FF Homepage: hxxp://search.iminent.com/?appId=70569917-A242-4BA5-ABCC-0C38AB0525D6
FF SelectedSearchEngine: SearchTheWeb
2015-03-23 09:58 - 2015-03-23 09:58 - 00009064 _____ () C:\Users\Default\HELP_DECRYPT.HTML
2015-03-23 09:58 - 2015-03-23 09:58 - 00009064 _____ () C:\Users\Default\AppData\Roaming\HELP_DECRYPT.HTML
2015-03-23 09:58 - 2015-03-23 09:58 - 00009064 _____ () C:\Users\Default\AppData\HELP_DECRYPT.HTML
2015-03-23 09:58 - 2015-03-23 09:58 - 00009064 _____ () C:\Users\Default User\AppData\Roaming\HELP_DECRYPT.HTML
2015-03-23 09:58 - 2015-03-23 09:58 - 00009064 _____ () C:\Users\Default User\AppData\HELP_DECRYPT.HTML
2015-03-23 09:58 - 2015-03-23 09:58 - 00009064 _____ () C:\HELP_DECRYPT.HTML
2015-03-23 09:58 - 2015-03-23 09:58 - 00004720 _____ () C:\Users\Default\AppData\Roaming\HELP_DECRYPT.TXT
2015-03-23 09:58 - 2015-03-23 09:58 - 00004720 _____ () C:\Users\Default\AppData\HELP_DECRYPT.TXT
2015-03-23 09:58 - 2015-03-23 09:58 - 00004720 _____ () C:\Users\Default User\AppData\Roaming\HELP_DECRYPT.TXT
2015-03-23 09:58 - 2015-03-23 09:58 - 00004720 _____ () C:\Users\Default User\AppData\HELP_DECRYPT.TXT
2015-03-23 09:58 - 2015-03-23 09:58 - 00004720 _____ () C:\HELP_DECRYPT.TXT
2015-03-23 09:58 - 2015-03-23 09:58 - 00000292 _____ () C:\Users\HELP_DECRYPT.URL
2015-03-23 09:58 - 2015-03-23 09:58 - 00000292 _____ () C:\Users\Default\HELP_DECRYPT.URL
2015-03-23 09:58 - 2015-03-23 09:58 - 00000292 _____ () C:\Users\Default\AppData\Roaming\HELP_DECRYPT.URL
2015-03-23 09:58 - 2015-03-23 09:58 - 00000292 _____ () C:\Users\Default\AppData\HELP_DECRYPT.URL
2015-03-23 09:58 - 2015-03-23 09:58 - 00000292 _____ () C:\Users\Default User\AppData\Roaming\HELP_DECRYPT.URL
2015-03-23 09:58 - 2015-03-23 09:58 - 00000292 _____ () C:\Users\Default User\AppData\HELP_DECRYPT.URL
2015-03-23 09:58 - 2015-03-23 09:58 - 00000292 _____ () C:\HELP_DECRYPT.URL
2015-03-23 09:57 - 2015-03-23 09:57 - 00009064 _____ () C:\Users\Default\AppData\Local\HELP_DECRYPT.HTML
2015-03-23 09:57 - 2015-03-23 09:57 - 00009064 _____ () C:\Users\Default User\AppData\Local\HELP_DECRYPT.HTML
2015-03-23 09:57 - 2015-03-23 09:57 - 00009064 _____ () C:\Users\Administrateur\HELP_DECRYPT.HTML
2015-03-23 09:57 - 2015-03-23 09:57 - 00009064 _____ () C:\Users\Administrateur\Downloads\HELP_DECRYPT.HTML
2015-03-23 09:57 - 2015-03-23 09:57 - 00004720 _____ () C:\Users\Default\AppData\Local\HELP_DECRYPT.TXT
2015-03-23 09:57 - 2015-03-23 09:57 - 00004720 _____ () C:\Users\Default User\AppData\Local\HELP_DECRYPT.TXT
2015-03-23 09:57 - 2015-03-23 09:57 - 00000292 _____ () C:\Users\Default\AppData\Local\HELP_DECRYPT.URL
2015-03-23 09:57 - 2015-03-23 09:57 - 00000292 _____ () C:\Users\Default User\AppData\Local\HELP_DECRYPT.URL
2015-03-23 09:57 - 2015-03-23 09:57 - 00000292 _____ () C:\Users\Administrateur\HELP_DECRYPT.URL
2015-03-23 09:57 - 2015-03-23 09:57 - 00000292 _____ () C:\Users\Administrateur\Downloads\HELP_DECRYPT.URL
2015-03-23 09:56 - 2015-03-23 09:56 - 00009064 _____ () C:\Users\Administrateur\Documents\HELP_DECRYPT.HTML
2015-03-23 09:56 - 2015-03-23 09:56 - 00004720 _____ () C:\Users\Administrateur\Documents\HELP_DECRYPT.TXT
2015-03-23 09:56 - 2015-03-23 09:56 - 00000292 _____ () C:\Users\Administrateur\Documents\HELP_DECRYPT.URL
2015-03-23 09:52 - 2015-03-23 09:52 - 00009064 _____ () C:\Users\Administrateur\AppData\Roaming\HELP_DECRYPT.HTML
2015-03-23 09:52 - 2015-03-23 09:52 - 00009064 _____ () C:\Users\Administrateur\AppData\Local\HELP_DECRYPT.HTML
2015-03-23 09:52 - 2015-03-23 09:52 - 00009064 _____ () C:\Users\Administrateur\AppData\HELP_DECRYPT.HTML
2015-03-23 09:52 - 2015-03-23 09:52 - 00009064 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-03-23 09:52 - 2015-03-23 09:52 - 00004720 _____ () C:\Users\Administrateur\AppData\Roaming\HELP_DECRYPT.TXT
2015-03-23 09:52 - 2015-03-23 09:52 - 00004720 _____ () C:\Users\Administrateur\AppData\Local\HELP_DECRYPT.TXT
2015-03-23 09:52 - 2015-03-23 09:52 - 00004720 _____ () C:\Users\Administrateur\AppData\HELP_DECRYPT.TXT
2015-03-23 09:52 - 2015-03-23 09:52 - 00004720 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-03-23 09:52 - 2015-03-23 09:52 - 00000292 _____ () C:\Users\Administrateur\AppData\Roaming\HELP_DECRYPT.URL
2015-03-23 09:52 - 2015-03-23 09:52 - 00000292 _____ () C:\Users\Administrateur\AppData\Local\HELP_DECRYPT.URL
2015-03-23 09:52 - 2015-03-23 09:52 - 00000292 _____ () C:\Users\Administrateur\AppData\HELP_DECRYPT.URL
2015-03-23 09:52 - 2015-03-23 09:52 - 00000292 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-03-27 09:09 - 2014-03-22 21:40 - 00000000 ____D () C:\Program Files\Common Files\Umbrella
2015-03-23 09:52 - 2015-03-23 09:52 - 0009064 _____ () C:\Users\Administrateur\AppData\Roaming\HELP_DECRYPT.HTML
2015-03-23 09:52 - 2015-03-23 09:52 - 0047899 _____ () C:\Users\Administrateur\AppData\Roaming\HELP_DECRYPT.PNG
2015-03-23 09:52 - 2015-03-23 09:52 - 0004720 _____ () C:\Users\Administrateur\AppData\Roaming\HELP_DECRYPT.TXT
2015-03-23 09:52 - 2015-03-23 09:52 - 0000292 _____ () C:\Users\Administrateur\AppData\Roaming\HELP_DECRYPT.URL
2015-03-23 09:52 - 2015-03-23 09:52 - 0009064 _____ () C:\Users\Administrateur\AppData\Local\HELP_DECRYPT.HTML
2015-03-23 09:52 - 2015-03-23 09:52 - 0047899 _____ () C:\Users\Administrateur\AppData\Local\HELP_DECRYPT.PNG
2015-03-23 09:52 - 2015-03-23 09:52 - 0004720 _____ () C:\Users\Administrateur\AppData\Local\HELP_DECRYPT.TXT
2015-03-23 09:52 - 2015-03-23 09:52 - 0000292 _____ () C:\Users\Administrateur\AppData\Local\HELP_DECRYPT.URL
2015-03-23 09:52 - 2015-03-23 09:52 - 0009064 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-03-23 09:52 - 2015-03-23 09:52 - 0047899 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-03-23 09:52 - 2015-03-23 09:52 - 0004720 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-03-23 09:52 - 2015-03-23 09:52 - 0000292 _____ () C:\ProgramData\HELP_DECRYPT.URL
EmptyTemp:
- Menu Fichier / Enregistrer-sous
Place toi sur le bureau.
Dans le champs en bas, nom du fichier mets : fixlist.txt
Clic sur Enregistrer - cela va créer un fichier fixlist.txt sur le bureau. - Ferme toutes les applications, y compris ton navigateur
- Double-clique sur FRST.exe
/!\ Sous Vista, Windows 7 et 8, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
Sur le menu principal, clique une seule fois sur Fix et patiente le temps de la correction
Un redémarrage peut être nécessaire (pas obligatoire). - L'outil va créer un rapport de correction Fixlog.txt. Poste ce rapport dans ta réponse.
- desinstalle Pricora 12.0 (HKLM\...\Pricora 12.0) (Version: 1.34.5.22 - Corporate Inc) <==== ATTENTION
- pour les fichiers_dossiers cryptés , il n'ya pas malheureusement pas de solution hormis si toujours fonctionnel la version précédente des fichiers et dossiers avec http://www.shadowexplorer.com/uploads/S ... rtable.zip , expliqué là > http://forum.malekal.com/windows-versio ... 46739.html
Avec Gnu_Linux t'as un Noyau ... avec Ѡindows t'as que les pépins
https://helicium.altervista.org/
Supprimer les "virus" gratuitement http://www.supprimer-trojan.com/
Un p'tit Don à Angélique Merci.
https://helicium.altervista.org/
Supprimer les "virus" gratuitement http://www.supprimer-trojan.com/
Un p'tit Don à Angélique
Merci.Re: cryptowall. FRST installé et copies (3) envoyées
Angélique....où êtes-vous mon amie-helper ?
Re: cryptowall. FRST installé et copies (3) envoyées
désolé je n avais vu votre réponse. XXXXmerci.
- Messages : 31842
- Inscription : 28 févr. 2008 13:58
- Localisation : Breizhilienne
Re: cryptowall. FRST installé et copies (3) envoyées
Theodor a écrit :Angélique....où êtes-vous mon amie-helper ?
Pas loin , cependant ne t'attend pas à un miracle avec cette infection !certes elle sera supprimée mais la récup de données outre shadowexplorer , y'a pas d'autres solutions, donc vu que tu es un utilisateur averti , tu sais bien qu'il faut sauver ses données à intervalles régulieres sur un support autre que ton PC
Avec Gnu_Linux t'as un Noyau ... avec Ѡindows t'as que les pépins
https://helicium.altervista.org/
Supprimer les "virus" gratuitement http://www.supprimer-trojan.com/
Un p'tit Don à Angélique Merci.
https://helicium.altervista.org/
Supprimer les "virus" gratuitement http://www.supprimer-trojan.com/
Un p'tit Don à Angélique
Merci.Re: cryptowall. FRST installé et copies (3) envoyées
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Administrateur at 2015-03-28 16:25:04 Run:1
Running from C:\Users\Administrateur\Desktop
Loaded Profiles: Administrateur (Available profiles: Administrateur)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
R2 Hydrup; C:\Program Files\Common Files\Hydrup\hydrup.exe [266536 2015-03-27] (Software)
R2 SProtection; C:\Program Files\Common Files\Umbrella\Umbrella212.exe [3789960 2015-03-26] (Iminent)
Task: {143EEE4D-F9AC-4CA6-9E1B-0BE6D34170D7} - System32\Tasks\{ED9B0577-4B12-4977-9EF4-E248B53952AE} => pcalua.exe -a "C:\Program Files\Pricora 12.0\Uninstall.exe" -c /fcp=1
Task: {80FD652D-E432-4AB2-9726-874BEC6102E4} - System32\Tasks\TaskUserUpdate_wp => C:\Users\Administrateur\AppData\Roaming\~dbcqtjx.exe
C:\Users\Administrateur\AppData\Roaming\~dbcqtjx.exe
Task: {A506B5CB-AF82-47E5-92EF-E286EAB2B95A} - System32\Tasks\{31B4BC0E-354C-46DF-82D3-5CD0A0703FE0} => pcalua.exe -a "C:\Program Files\Pricora 12.0\Uninstall.exe" -c /fcp=1
Task: {A822A3C2-7033-430F-91FF-DE4D6EC791E5} - System32\Tasks\wp_update => C:\Users\Administrateur\AppData\Roaming\~wyexsfg.exe <==== ATTENTION
C:\Users\Administrateur\AppData\Roaming\~wyexsfg.exe
CHR StartupUrls: Default -> "hxxp://start.iminent.com/?appId=00000000-0000-0000-0000-000000000000"
FF SelectedSearchEngine: StartWeb
FF Homepage: hxxp://search.iminent.com/?appId=705699 ... 38AB0525D6
FF SelectedSearchEngine: SearchTheWeb
2015-03-23 09:58 - 2015-03-23 09:58 - 00009064 _____ () C:\Users\Default\HELP_DECRYPT.HTML
2015-03-23 09:58 - 2015-03-23 09:58 - 00009064 _____ () C:\Users\Default\AppData\Roaming\HELP_DECRYPT.HTML
2015-03-23 09:58 - 2015-03-23 09:58 - 00009064 _____ () C:\Users\Default\AppData\HELP_DECRYPT.HTML
2015-03-23 09:58 - 2015-03-23 09:58 - 00009064 _____ () C:\Users\Default User\AppData\Roaming\HELP_DECRYPT.HTML
2015-03-23 09:58 - 2015-03-23 09:58 - 00009064 _____ () C:\Users\Default User\AppData\HELP_DECRYPT.HTML
2015-03-23 09:58 - 2015-03-23 09:58 - 00009064 _____ () C:\HELP_DECRYPT.HTML
2015-03-23 09:58 - 2015-03-23 09:58 - 00004720 _____ () C:\Users\Default\AppData\Roaming\HELP_DECRYPT.TXT
2015-03-23 09:58 - 2015-03-23 09:58 - 00004720 _____ () C:\Users\Default\AppData\HELP_DECRYPT.TXT
2015-03-23 09:58 - 2015-03-23 09:58 - 00004720 _____ () C:\Users\Default User\AppData\Roaming\HELP_DECRYPT.TXT
2015-03-23 09:58 - 2015-03-23 09:58 - 00004720 _____ () C:\Users\Default User\AppData\HELP_DECRYPT.TXT
2015-03-23 09:58 - 2015-03-23 09:58 - 00004720 _____ () C:\HELP_DECRYPT.TXT
2015-03-23 09:58 - 2015-03-23 09:58 - 00000292 _____ () C:\Users\HELP_DECRYPT.URL
2015-03-23 09:58 - 2015-03-23 09:58 - 00000292 _____ () C:\Users\Default\HELP_DECRYPT.URL
2015-03-23 09:58 - 2015-03-23 09:58 - 00000292 _____ () C:\Users\Default\AppData\Roaming\HELP_DECRYPT.URL
2015-03-23 09:58 - 2015-03-23 09:58 - 00000292 _____ () C:\Users\Default\AppData\HELP_DECRYPT.URL
2015-03-23 09:58 - 2015-03-23 09:58 - 00000292 _____ () C:\Users\Default User\AppData\Roaming\HELP_DECRYPT.URL
2015-03-23 09:58 - 2015-03-23 09:58 - 00000292 _____ () C:\Users\Default User\AppData\HELP_DECRYPT.URL
2015-03-23 09:58 - 2015-03-23 09:58 - 00000292 _____ () C:\HELP_DECRYPT.URL
2015-03-23 09:57 - 2015-03-23 09:57 - 00009064 _____ () C:\Users\Default\AppData\Local\HELP_DECRYPT.HTML
2015-03-23 09:57 - 2015-03-23 09:57 - 00009064 _____ () C:\Users\Default User\AppData\Local\HELP_DECRYPT.HTML
2015-03-23 09:57 - 2015-03-23 09:57 - 00009064 _____ () C:\Users\Administrateur\HELP_DECRYPT.HTML
2015-03-23 09:57 - 2015-03-23 09:57 - 00009064 _____ () C:\Users\Administrateur\Downloads\HELP_DECRYPT.HTML
2015-03-23 09:57 - 2015-03-23 09:57 - 00004720 _____ () C:\Users\Default\AppData\Local\HELP_DECRYPT.TXT
2015-03-23 09:57 - 2015-03-23 09:57 - 00004720 _____ () C:\Users\Default User\AppData\Local\HELP_DECRYPT.TXT
2015-03-23 09:57 - 2015-03-23 09:57 - 00000292 _____ () C:\Users\Default\AppData\Local\HELP_DECRYPT.URL
2015-03-23 09:57 - 2015-03-23 09:57 - 00000292 _____ () C:\Users\Default User\AppData\Local\HELP_DECRYPT.URL
2015-03-23 09:57 - 2015-03-23 09:57 - 00000292 _____ () C:\Users\Administrateur\HELP_DECRYPT.URL
2015-03-23 09:57 - 2015-03-23 09:57 - 00000292 _____ () C:\Users\Administrateur\Downloads\HELP_DECRYPT.URL
2015-03-23 09:56 - 2015-03-23 09:56 - 00009064 _____ () C:\Users\Administrateur\Documents\HELP_DECRYPT.HTML
2015-03-23 09:56 - 2015-03-23 09:56 - 00004720 _____ () C:\Users\Administrateur\Documents\HELP_DECRYPT.TXT
2015-03-23 09:56 - 2015-03-23 09:56 - 00000292 _____ () C:\Users\Administrateur\Documents\HELP_DECRYPT.URL
2015-03-23 09:52 - 2015-03-23 09:52 - 00009064 _____ () C:\Users\Administrateur\AppData\Roaming\HELP_DECRYPT.HTML
2015-03-23 09:52 - 2015-03-23 09:52 - 00009064 _____ () C:\Users\Administrateur\AppData\Local\HELP_DECRYPT.HTML
2015-03-23 09:52 - 2015-03-23 09:52 - 00009064 _____ () C:\Users\Administrateur\AppData\HELP_DECRYPT.HTML
2015-03-23 09:52 - 2015-03-23 09:52 - 00009064 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-03-23 09:52 - 2015-03-23 09:52 - 00004720 _____ () C:\Users\Administrateur\AppData\Roaming\HELP_DECRYPT.TXT
2015-03-23 09:52 - 2015-03-23 09:52 - 00004720 _____ () C:\Users\Administrateur\AppData\Local\HELP_DECRYPT.TXT
2015-03-23 09:52 - 2015-03-23 09:52 - 00004720 _____ () C:\Users\Administrateur\AppData\HELP_DECRYPT.TXT
2015-03-23 09:52 - 2015-03-23 09:52 - 00004720 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-03-23 09:52 - 2015-03-23 09:52 - 00000292 _____ () C:\Users\Administrateur\AppData\Roaming\HELP_DECRYPT.URL
2015-03-23 09:52 - 2015-03-23 09:52 - 00000292 _____ () C:\Users\Administrateur\AppData\Local\HELP_DECRYPT.URL
2015-03-23 09:52 - 2015-03-23 09:52 - 00000292 _____ () C:\Users\Administrateur\AppData\HELP_DECRYPT.URL
2015-03-23 09:52 - 2015-03-23 09:52 - 00000292 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-03-27 09:09 - 2014-03-22 21:40 - 00000000 ____D () C:\Program Files\Common Files\Umbrella
2015-03-23 09:52 - 2015-03-23 09:52 - 0009064 _____ () C:\Users\Administrateur\AppData\Roaming\HELP_DECRYPT.HTML
2015-03-23 09:52 - 2015-03-23 09:52 - 0047899 _____ () C:\Users\Administrateur\AppData\Roaming\HELP_DECRYPT.PNG
2015-03-23 09:52 - 2015-03-23 09:52 - 0004720 _____ () C:\Users\Administrateur\AppData\Roaming\HELP_DECRYPT.TXT
2015-03-23 09:52 - 2015-03-23 09:52 - 0000292 _____ () C:\Users\Administrateur\AppData\Roaming\HELP_DECRYPT.URL
2015-03-23 09:52 - 2015-03-23 09:52 - 0009064 _____ () C:\Users\Administrateur\AppData\Local\HELP_DECRYPT.HTML
2015-03-23 09:52 - 2015-03-23 09:52 - 0047899 _____ () C:\Users\Administrateur\AppData\Local\HELP_DECRYPT.PNG
2015-03-23 09:52 - 2015-03-23 09:52 - 0004720 _____ () C:\Users\Administrateur\AppData\Local\HELP_DECRYPT.TXT
2015-03-23 09:52 - 2015-03-23 09:52 - 0000292 _____ () C:\Users\Administrateur\AppData\Local\HELP_DECRYPT.URL
2015-03-23 09:52 - 2015-03-23 09:52 - 0009064 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-03-23 09:52 - 2015-03-23 09:52 - 0047899 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-03-23 09:52 - 2015-03-23 09:52 - 0004720 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-03-23 09:52 - 2015-03-23 09:52 - 0000292 _____ () C:\ProgramData\HELP_DECRYPT.URL
EmptyTemp:
*****************
Hydrup => Service stopped successfully.
Hydrup => Service deleted successfully.
SProtection => Service stopped successfully.
SProtection => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{143EEE4D-F9AC-4CA6-9E1B-0BE6D34170D7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{143EEE4D-F9AC-4CA6-9E1B-0BE6D34170D7}" => Key deleted successfully.
C:\Windows\System32\Tasks\{ED9B0577-4B12-4977-9EF4-E248B53952AE} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{ED9B0577-4B12-4977-9EF4-E248B53952AE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{80FD652D-E432-4AB2-9726-874BEC6102E4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80FD652D-E432-4AB2-9726-874BEC6102E4}" => Key deleted successfully.
C:\Windows\System32\Tasks\TaskUserUpdate_wp => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TaskUserUpdate_wp" => Key deleted successfully.
"C:\Users\Administrateur\AppData\Roaming\~dbcqtjx.exe" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A506B5CB-AF82-47E5-92EF-E286EAB2B95A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A506B5CB-AF82-47E5-92EF-E286EAB2B95A}" => Key deleted successfully.
C:\Windows\System32\Tasks\{31B4BC0E-354C-46DF-82D3-5CD0A0703FE0} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{31B4BC0E-354C-46DF-82D3-5CD0A0703FE0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A822A3C2-7033-430F-91FF-DE4D6EC791E5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A822A3C2-7033-430F-91FF-DE4D6EC791E5}" => Key deleted successfully.
C:\Windows\System32\Tasks\wp_update => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\wp_update" => Key deleted successfully.
"C:\Users\Administrateur\AppData\Roaming\~wyexsfg.exe" => File/Directory not found.
Chrome StartupUrls deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
C:\Users\Default\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Default\AppData\Roaming\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Default\AppData\HELP_DECRYPT.HTML => Moved successfully.
"C:\Users\Default User\AppData\Roaming\HELP_DECRYPT.HTML" => File/Directory not found.
"C:\Users\Default User\AppData\HELP_DECRYPT.HTML" => File/Directory not found.
C:\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Default\AppData\Roaming\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Default\AppData\HELP_DECRYPT.TXT => Moved successfully.
"C:\Users\Default User\AppData\Roaming\HELP_DECRYPT.TXT" => File/Directory not found.
"C:\Users\Default User\AppData\HELP_DECRYPT.TXT" => File/Directory not found.
C:\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\HELP_DECRYPT.URL => Moved successfully.
C:\Users\Default\HELP_DECRYPT.URL => Moved successfully.
C:\Users\Default\AppData\Roaming\HELP_DECRYPT.URL => Moved successfully.
C:\Users\Default\AppData\HELP_DECRYPT.URL => Moved successfully.
"C:\Users\Default User\AppData\Roaming\HELP_DECRYPT.URL" => File/Directory not found.
"C:\Users\Default User\AppData\HELP_DECRYPT.URL" => File/Directory not found.
C:\HELP_DECRYPT.URL => Moved successfully.
C:\Users\Default\AppData\Local\HELP_DECRYPT.HTML => Moved successfully.
"C:\Users\Default User\AppData\Local\HELP_DECRYPT.HTML" => File/Directory not found.
C:\Users\Administrateur\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Administrateur\Downloads\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Default\AppData\Local\HELP_DECRYPT.TXT => Moved successfully.
"C:\Users\Default User\AppData\Local\HELP_DECRYPT.TXT" => File/Directory not found.
C:\Users\Default\AppData\Local\HELP_DECRYPT.URL => Moved successfully.
"C:\Users\Default User\AppData\Local\HELP_DECRYPT.URL" => File/Directory not found.
C:\Users\Administrateur\HELP_DECRYPT.URL => Moved successfully.
C:\Users\Administrateur\Downloads\HELP_DECRYPT.URL => Moved successfully.
C:\Users\Administrateur\Documents\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Administrateur\Documents\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Administrateur\Documents\HELP_DECRYPT.URL => Moved successfully.
C:\Users\Administrateur\AppData\Roaming\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Administrateur\AppData\Local\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Administrateur\AppData\HELP_DECRYPT.HTML => Moved successfully.
C:\ProgramData\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Administrateur\AppData\Roaming\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Administrateur\AppData\Local\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Administrateur\AppData\HELP_DECRYPT.TXT => Moved successfully.
C:\ProgramData\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Administrateur\AppData\Roaming\HELP_DECRYPT.URL => Moved successfully.
C:\Users\Administrateur\AppData\Local\HELP_DECRYPT.URL => Moved successfully.
C:\Users\Administrateur\AppData\HELP_DECRYPT.URL => Moved successfully.
C:\ProgramData\HELP_DECRYPT.URL => Moved successfully.
C:\Program Files\Common Files\Umbrella => Moved successfully.
"C:\Users\Administrateur\AppData\Roaming\HELP_DECRYPT.HTML" => File/Directory not found.
C:\Users\Administrateur\AppData\Roaming\HELP_DECRYPT.PNG => Moved successfully.
"C:\Users\Administrateur\AppData\Roaming\HELP_DECRYPT.TXT" => File/Directory not found.
"C:\Users\Administrateur\AppData\Roaming\HELP_DECRYPT.URL" => File/Directory not found.
"C:\Users\Administrateur\AppData\Local\HELP_DECRYPT.HTML" => File/Directory not found.
C:\Users\Administrateur\AppData\Local\HELP_DECRYPT.PNG => Moved successfully.
"C:\Users\Administrateur\AppData\Local\HELP_DECRYPT.TXT" => File/Directory not found.
"C:\Users\Administrateur\AppData\Local\HELP_DECRYPT.URL" => File/Directory not found.
"C:\ProgramData\HELP_DECRYPT.HTML" => File/Directory not found.
C:\ProgramData\HELP_DECRYPT.PNG => Moved successfully.
"C:\ProgramData\HELP_DECRYPT.TXT" => File/Directory not found.
"C:\ProgramData\HELP_DECRYPT.URL" => File/Directory not found.
EmptyTemp: => Removed 151.3 MB temporary data.
The system needed a reboot.
==== End of Fixlog 16:25:43 ====
Ran by Administrateur at 2015-03-28 16:25:04 Run:1
Running from C:\Users\Administrateur\Desktop
Loaded Profiles: Administrateur (Available profiles: Administrateur)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
R2 Hydrup; C:\Program Files\Common Files\Hydrup\hydrup.exe [266536 2015-03-27] (Software)
R2 SProtection; C:\Program Files\Common Files\Umbrella\Umbrella212.exe [3789960 2015-03-26] (Iminent)
Task: {143EEE4D-F9AC-4CA6-9E1B-0BE6D34170D7} - System32\Tasks\{ED9B0577-4B12-4977-9EF4-E248B53952AE} => pcalua.exe -a "C:\Program Files\Pricora 12.0\Uninstall.exe" -c /fcp=1
Task: {80FD652D-E432-4AB2-9726-874BEC6102E4} - System32\Tasks\TaskUserUpdate_wp => C:\Users\Administrateur\AppData\Roaming\~dbcqtjx.exe
C:\Users\Administrateur\AppData\Roaming\~dbcqtjx.exe
Task: {A506B5CB-AF82-47E5-92EF-E286EAB2B95A} - System32\Tasks\{31B4BC0E-354C-46DF-82D3-5CD0A0703FE0} => pcalua.exe -a "C:\Program Files\Pricora 12.0\Uninstall.exe" -c /fcp=1
Task: {A822A3C2-7033-430F-91FF-DE4D6EC791E5} - System32\Tasks\wp_update => C:\Users\Administrateur\AppData\Roaming\~wyexsfg.exe <==== ATTENTION
C:\Users\Administrateur\AppData\Roaming\~wyexsfg.exe
CHR StartupUrls: Default -> "hxxp://start.iminent.com/?appId=00000000-0000-0000-0000-000000000000"
FF SelectedSearchEngine: StartWeb
FF Homepage: hxxp://search.iminent.com/?appId=705699 ... 38AB0525D6
FF SelectedSearchEngine: SearchTheWeb
2015-03-23 09:58 - 2015-03-23 09:58 - 00009064 _____ () C:\Users\Default\HELP_DECRYPT.HTML
2015-03-23 09:58 - 2015-03-23 09:58 - 00009064 _____ () C:\Users\Default\AppData\Roaming\HELP_DECRYPT.HTML
2015-03-23 09:58 - 2015-03-23 09:58 - 00009064 _____ () C:\Users\Default\AppData\HELP_DECRYPT.HTML
2015-03-23 09:58 - 2015-03-23 09:58 - 00009064 _____ () C:\Users\Default User\AppData\Roaming\HELP_DECRYPT.HTML
2015-03-23 09:58 - 2015-03-23 09:58 - 00009064 _____ () C:\Users\Default User\AppData\HELP_DECRYPT.HTML
2015-03-23 09:58 - 2015-03-23 09:58 - 00009064 _____ () C:\HELP_DECRYPT.HTML
2015-03-23 09:58 - 2015-03-23 09:58 - 00004720 _____ () C:\Users\Default\AppData\Roaming\HELP_DECRYPT.TXT
2015-03-23 09:58 - 2015-03-23 09:58 - 00004720 _____ () C:\Users\Default\AppData\HELP_DECRYPT.TXT
2015-03-23 09:58 - 2015-03-23 09:58 - 00004720 _____ () C:\Users\Default User\AppData\Roaming\HELP_DECRYPT.TXT
2015-03-23 09:58 - 2015-03-23 09:58 - 00004720 _____ () C:\Users\Default User\AppData\HELP_DECRYPT.TXT
2015-03-23 09:58 - 2015-03-23 09:58 - 00004720 _____ () C:\HELP_DECRYPT.TXT
2015-03-23 09:58 - 2015-03-23 09:58 - 00000292 _____ () C:\Users\HELP_DECRYPT.URL
2015-03-23 09:58 - 2015-03-23 09:58 - 00000292 _____ () C:\Users\Default\HELP_DECRYPT.URL
2015-03-23 09:58 - 2015-03-23 09:58 - 00000292 _____ () C:\Users\Default\AppData\Roaming\HELP_DECRYPT.URL
2015-03-23 09:58 - 2015-03-23 09:58 - 00000292 _____ () C:\Users\Default\AppData\HELP_DECRYPT.URL
2015-03-23 09:58 - 2015-03-23 09:58 - 00000292 _____ () C:\Users\Default User\AppData\Roaming\HELP_DECRYPT.URL
2015-03-23 09:58 - 2015-03-23 09:58 - 00000292 _____ () C:\Users\Default User\AppData\HELP_DECRYPT.URL
2015-03-23 09:58 - 2015-03-23 09:58 - 00000292 _____ () C:\HELP_DECRYPT.URL
2015-03-23 09:57 - 2015-03-23 09:57 - 00009064 _____ () C:\Users\Default\AppData\Local\HELP_DECRYPT.HTML
2015-03-23 09:57 - 2015-03-23 09:57 - 00009064 _____ () C:\Users\Default User\AppData\Local\HELP_DECRYPT.HTML
2015-03-23 09:57 - 2015-03-23 09:57 - 00009064 _____ () C:\Users\Administrateur\HELP_DECRYPT.HTML
2015-03-23 09:57 - 2015-03-23 09:57 - 00009064 _____ () C:\Users\Administrateur\Downloads\HELP_DECRYPT.HTML
2015-03-23 09:57 - 2015-03-23 09:57 - 00004720 _____ () C:\Users\Default\AppData\Local\HELP_DECRYPT.TXT
2015-03-23 09:57 - 2015-03-23 09:57 - 00004720 _____ () C:\Users\Default User\AppData\Local\HELP_DECRYPT.TXT
2015-03-23 09:57 - 2015-03-23 09:57 - 00000292 _____ () C:\Users\Default\AppData\Local\HELP_DECRYPT.URL
2015-03-23 09:57 - 2015-03-23 09:57 - 00000292 _____ () C:\Users\Default User\AppData\Local\HELP_DECRYPT.URL
2015-03-23 09:57 - 2015-03-23 09:57 - 00000292 _____ () C:\Users\Administrateur\HELP_DECRYPT.URL
2015-03-23 09:57 - 2015-03-23 09:57 - 00000292 _____ () C:\Users\Administrateur\Downloads\HELP_DECRYPT.URL
2015-03-23 09:56 - 2015-03-23 09:56 - 00009064 _____ () C:\Users\Administrateur\Documents\HELP_DECRYPT.HTML
2015-03-23 09:56 - 2015-03-23 09:56 - 00004720 _____ () C:\Users\Administrateur\Documents\HELP_DECRYPT.TXT
2015-03-23 09:56 - 2015-03-23 09:56 - 00000292 _____ () C:\Users\Administrateur\Documents\HELP_DECRYPT.URL
2015-03-23 09:52 - 2015-03-23 09:52 - 00009064 _____ () C:\Users\Administrateur\AppData\Roaming\HELP_DECRYPT.HTML
2015-03-23 09:52 - 2015-03-23 09:52 - 00009064 _____ () C:\Users\Administrateur\AppData\Local\HELP_DECRYPT.HTML
2015-03-23 09:52 - 2015-03-23 09:52 - 00009064 _____ () C:\Users\Administrateur\AppData\HELP_DECRYPT.HTML
2015-03-23 09:52 - 2015-03-23 09:52 - 00009064 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-03-23 09:52 - 2015-03-23 09:52 - 00004720 _____ () C:\Users\Administrateur\AppData\Roaming\HELP_DECRYPT.TXT
2015-03-23 09:52 - 2015-03-23 09:52 - 00004720 _____ () C:\Users\Administrateur\AppData\Local\HELP_DECRYPT.TXT
2015-03-23 09:52 - 2015-03-23 09:52 - 00004720 _____ () C:\Users\Administrateur\AppData\HELP_DECRYPT.TXT
2015-03-23 09:52 - 2015-03-23 09:52 - 00004720 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-03-23 09:52 - 2015-03-23 09:52 - 00000292 _____ () C:\Users\Administrateur\AppData\Roaming\HELP_DECRYPT.URL
2015-03-23 09:52 - 2015-03-23 09:52 - 00000292 _____ () C:\Users\Administrateur\AppData\Local\HELP_DECRYPT.URL
2015-03-23 09:52 - 2015-03-23 09:52 - 00000292 _____ () C:\Users\Administrateur\AppData\HELP_DECRYPT.URL
2015-03-23 09:52 - 2015-03-23 09:52 - 00000292 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-03-27 09:09 - 2014-03-22 21:40 - 00000000 ____D () C:\Program Files\Common Files\Umbrella
2015-03-23 09:52 - 2015-03-23 09:52 - 0009064 _____ () C:\Users\Administrateur\AppData\Roaming\HELP_DECRYPT.HTML
2015-03-23 09:52 - 2015-03-23 09:52 - 0047899 _____ () C:\Users\Administrateur\AppData\Roaming\HELP_DECRYPT.PNG
2015-03-23 09:52 - 2015-03-23 09:52 - 0004720 _____ () C:\Users\Administrateur\AppData\Roaming\HELP_DECRYPT.TXT
2015-03-23 09:52 - 2015-03-23 09:52 - 0000292 _____ () C:\Users\Administrateur\AppData\Roaming\HELP_DECRYPT.URL
2015-03-23 09:52 - 2015-03-23 09:52 - 0009064 _____ () C:\Users\Administrateur\AppData\Local\HELP_DECRYPT.HTML
2015-03-23 09:52 - 2015-03-23 09:52 - 0047899 _____ () C:\Users\Administrateur\AppData\Local\HELP_DECRYPT.PNG
2015-03-23 09:52 - 2015-03-23 09:52 - 0004720 _____ () C:\Users\Administrateur\AppData\Local\HELP_DECRYPT.TXT
2015-03-23 09:52 - 2015-03-23 09:52 - 0000292 _____ () C:\Users\Administrateur\AppData\Local\HELP_DECRYPT.URL
2015-03-23 09:52 - 2015-03-23 09:52 - 0009064 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-03-23 09:52 - 2015-03-23 09:52 - 0047899 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-03-23 09:52 - 2015-03-23 09:52 - 0004720 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-03-23 09:52 - 2015-03-23 09:52 - 0000292 _____ () C:\ProgramData\HELP_DECRYPT.URL
EmptyTemp:
*****************
Hydrup => Service stopped successfully.
Hydrup => Service deleted successfully.
SProtection => Service stopped successfully.
SProtection => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{143EEE4D-F9AC-4CA6-9E1B-0BE6D34170D7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{143EEE4D-F9AC-4CA6-9E1B-0BE6D34170D7}" => Key deleted successfully.
C:\Windows\System32\Tasks\{ED9B0577-4B12-4977-9EF4-E248B53952AE} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{ED9B0577-4B12-4977-9EF4-E248B53952AE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{80FD652D-E432-4AB2-9726-874BEC6102E4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80FD652D-E432-4AB2-9726-874BEC6102E4}" => Key deleted successfully.
C:\Windows\System32\Tasks\TaskUserUpdate_wp => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TaskUserUpdate_wp" => Key deleted successfully.
"C:\Users\Administrateur\AppData\Roaming\~dbcqtjx.exe" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A506B5CB-AF82-47E5-92EF-E286EAB2B95A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A506B5CB-AF82-47E5-92EF-E286EAB2B95A}" => Key deleted successfully.
C:\Windows\System32\Tasks\{31B4BC0E-354C-46DF-82D3-5CD0A0703FE0} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{31B4BC0E-354C-46DF-82D3-5CD0A0703FE0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A822A3C2-7033-430F-91FF-DE4D6EC791E5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A822A3C2-7033-430F-91FF-DE4D6EC791E5}" => Key deleted successfully.
C:\Windows\System32\Tasks\wp_update => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\wp_update" => Key deleted successfully.
"C:\Users\Administrateur\AppData\Roaming\~wyexsfg.exe" => File/Directory not found.
Chrome StartupUrls deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
C:\Users\Default\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Default\AppData\Roaming\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Default\AppData\HELP_DECRYPT.HTML => Moved successfully.
"C:\Users\Default User\AppData\Roaming\HELP_DECRYPT.HTML" => File/Directory not found.
"C:\Users\Default User\AppData\HELP_DECRYPT.HTML" => File/Directory not found.
C:\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Default\AppData\Roaming\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Default\AppData\HELP_DECRYPT.TXT => Moved successfully.
"C:\Users\Default User\AppData\Roaming\HELP_DECRYPT.TXT" => File/Directory not found.
"C:\Users\Default User\AppData\HELP_DECRYPT.TXT" => File/Directory not found.
C:\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\HELP_DECRYPT.URL => Moved successfully.
C:\Users\Default\HELP_DECRYPT.URL => Moved successfully.
C:\Users\Default\AppData\Roaming\HELP_DECRYPT.URL => Moved successfully.
C:\Users\Default\AppData\HELP_DECRYPT.URL => Moved successfully.
"C:\Users\Default User\AppData\Roaming\HELP_DECRYPT.URL" => File/Directory not found.
"C:\Users\Default User\AppData\HELP_DECRYPT.URL" => File/Directory not found.
C:\HELP_DECRYPT.URL => Moved successfully.
C:\Users\Default\AppData\Local\HELP_DECRYPT.HTML => Moved successfully.
"C:\Users\Default User\AppData\Local\HELP_DECRYPT.HTML" => File/Directory not found.
C:\Users\Administrateur\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Administrateur\Downloads\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Default\AppData\Local\HELP_DECRYPT.TXT => Moved successfully.
"C:\Users\Default User\AppData\Local\HELP_DECRYPT.TXT" => File/Directory not found.
C:\Users\Default\AppData\Local\HELP_DECRYPT.URL => Moved successfully.
"C:\Users\Default User\AppData\Local\HELP_DECRYPT.URL" => File/Directory not found.
C:\Users\Administrateur\HELP_DECRYPT.URL => Moved successfully.
C:\Users\Administrateur\Downloads\HELP_DECRYPT.URL => Moved successfully.
C:\Users\Administrateur\Documents\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Administrateur\Documents\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Administrateur\Documents\HELP_DECRYPT.URL => Moved successfully.
C:\Users\Administrateur\AppData\Roaming\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Administrateur\AppData\Local\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Administrateur\AppData\HELP_DECRYPT.HTML => Moved successfully.
C:\ProgramData\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Administrateur\AppData\Roaming\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Administrateur\AppData\Local\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Administrateur\AppData\HELP_DECRYPT.TXT => Moved successfully.
C:\ProgramData\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Administrateur\AppData\Roaming\HELP_DECRYPT.URL => Moved successfully.
C:\Users\Administrateur\AppData\Local\HELP_DECRYPT.URL => Moved successfully.
C:\Users\Administrateur\AppData\HELP_DECRYPT.URL => Moved successfully.
C:\ProgramData\HELP_DECRYPT.URL => Moved successfully.
C:\Program Files\Common Files\Umbrella => Moved successfully.
"C:\Users\Administrateur\AppData\Roaming\HELP_DECRYPT.HTML" => File/Directory not found.
C:\Users\Administrateur\AppData\Roaming\HELP_DECRYPT.PNG => Moved successfully.
"C:\Users\Administrateur\AppData\Roaming\HELP_DECRYPT.TXT" => File/Directory not found.
"C:\Users\Administrateur\AppData\Roaming\HELP_DECRYPT.URL" => File/Directory not found.
"C:\Users\Administrateur\AppData\Local\HELP_DECRYPT.HTML" => File/Directory not found.
C:\Users\Administrateur\AppData\Local\HELP_DECRYPT.PNG => Moved successfully.
"C:\Users\Administrateur\AppData\Local\HELP_DECRYPT.TXT" => File/Directory not found.
"C:\Users\Administrateur\AppData\Local\HELP_DECRYPT.URL" => File/Directory not found.
"C:\ProgramData\HELP_DECRYPT.HTML" => File/Directory not found.
C:\ProgramData\HELP_DECRYPT.PNG => Moved successfully.
"C:\ProgramData\HELP_DECRYPT.TXT" => File/Directory not found.
"C:\ProgramData\HELP_DECRYPT.URL" => File/Directory not found.
EmptyTemp: => Removed 151.3 MB temporary data.
The system needed a reboot.
==== End of Fixlog 16:25:43 ====
Re: cryptowall. FRST installé et copies (3) envoyées
bonjour Angélique, je viens envoyer ici le rapport.
Merci de ton aide
Merci de ton aide
- Messages : 31842
- Inscription : 28 févr. 2008 13:58
- Localisation : Breizhilienne
Re: cryptowall. FRST installé et copies (3) envoyées
OK si toujours fonctionnel la version précédente des fichiers et dossiers à voir.
Avec Gnu_Linux t'as un Noyau ... avec Ѡindows t'as que les pépins
https://helicium.altervista.org/
Supprimer les "virus" gratuitement http://www.supprimer-trojan.com/
Un p'tit Don à Angélique Merci.
https://helicium.altervista.org/
Supprimer les "virus" gratuitement http://www.supprimer-trojan.com/
Un p'tit Don à Angélique
Merci.-
- Sujets similaires
- Réponses
- Vues
- Dernier message
-
- 12 Réponses
- 380 Vues
-
Dernier message par Parisien_entraide
-
- 6 Réponses
- 126 Vues
-
Dernier message par angelique
-
- 2 Réponses
- 120 Vues
-
Dernier message par Malekal_morte
-
- 5 Réponses
- 190 Vues
-
Dernier message par Malekal_morte
-
- 1 Réponses
- 73 Vues
-
Dernier message par Malekal_morte