ordinateur infecté par des virus

[louye]

bonjour, mon ordinateur est infecté par smartsaver+3 et continue live installation, je n'arrive pas à les supprimer pour smartsaver je ne peux pas du tout le désinstaller des programmes et pour continue live installation il réapparait sur mon bureau sans arrêt malgré toutes mes tentatives (ccleaner, avast, malwarebytes..., nettoyage, réinitialisation firefox, explorer...) tout ce que j'ai pu trouver sur les forums en fait... :( pouvez vous m'aider?
voici les liens
SHORTCUT
http://pjjoint.malekal.com/files.php?id ... j11o7d13z6
ADDITION
http://pjjoint.malekal.com/files.php?id ... s14t11v9v9
FRST
http://pjjoint.malekal.com/files.php?id ... 4o105w15q9

[angelique]

Les rapports frst.txt et addition.txt sont incomplets !

[louye]

ok j'ai recommencé le scan je renvoi les liens merci de m'aider.)
SHORTCUT
http://pjjoint.malekal.com/files.php?id ... 11i12x11c8
ADDITION
http://pjjoint.malekal.com/files.php?id ... 11x14o1113
FRST
http://pjjoint.malekal.com/files.php?id ... v7g13g9n14

[Malekal_morte]

Désinstalle McAfee Security Scan
Désinstalle aussi Microsoft Security Essentials, tu as déjà Avast!

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

Voici la correction à effectuer avec FRST.
Tu peux t'inspirer de cette note explicative avec des captures d'écran pour t'aider: https://www.malekal.com/tutorial-farbar ... -frst/#fix

Ouvre le bloc-notes : Touche Windows + R, dans le champs executer, tape notepad et OK.
Copie/colle dedans ce qui suit :

R2 cybusyro; C:\Users\Erica\AppData\Roaming\DEFF9240-1433584127-11E1-AA37-047D7B02F85C\jnskC64B.tmp [223232 2015-06-06] () [File not signed]
R2 dequzody; C:\Users\Erica\AppData\Roaming\DEFF9240-1433584127-11E1-AA37-047D7B02F85C\hnspDFB6.tmp [167424 2015-06-06] () [File not signed]
2015-06-08 23:56 - 2015-06-08 23:56 - 00001101 _____ C:\Users\Erica\Desktop\Continue Live Installation.lnk
2015-06-06 23:44 - 2015-06-09 00:27 - 00000000 ____D C:\Program Files (x86)\Bin
2015-06-06 23:43 - 2015-06-09 00:27 - 00000000 ____D C:\Windows\Provider32
2015-06-06 23:43 - 2015-06-07 09:46 - 00173056 _____ C:\Windows\Provider20150607104727.dll
2015-06-06 23:43 - 2015-06-07 08:46 - 00173056 _____ C:\Windows\Provider20150607094651.dll
2015-06-06 23:43 - 2015-06-07 07:45 - 00173056 _____ C:\Windows\Provider20150607084612.dll
2015-06-06 23:43 - 2015-06-07 06:45 - 00173056 _____ C:\Windows\Provider20150607074536.dll
2015-06-06 23:43 - 2015-06-07 05:45 - 00173056 _____ C:\Windows\Provider20150607064529.dll
2015-06-06 23:43 - 2015-06-07 04:44 - 00173056 _____ C:\Windows\Provider20150607054514.dll
2015-06-06 23:43 - 2015-06-07 03:44 - 00173056 _____ C:\Windows\Provider20150607044453.dll
2015-06-06 23:43 - 2015-06-07 02:44 - 00173056 _____ C:\Windows\Provider20150607034431.dll
2015-06-06 23:43 - 2015-06-07 01:44 - 00173056 _____ C:\Windows\Provider20150607024427.dll
2015-06-06 23:43 - 2015-06-07 00:44 - 00173056 _____ C:\Windows\Provider20150607014424.dll
2015-06-06 23:43 - 2015-06-06 23:43 - 00000012 _____ C:\Windows\SysWOW64\0
2015-06-06 23:43 - 2015-06-06 23:43 - 00000000 ____D C:\Windows\Provider
2015-06-06 23:43 - 2015-06-02 18:30 - 00173056 _____ C:\Windows\Provider20150607004421.dll
2015-06-06 23:01 - 2015-06-06 23:01 - 00000000 ____D C:\Users\Erica\AppData\Roaming\DEFF9240-1433624464-11E1-AA37-047D7B02F85C
2015-06-06 22:37 - 2015-06-06 22:37 - 00000000 ____D C:\Users\Erica\AppData\Roaming\DEFF9240-1433623035-11E1-AA37-047D7B02F85C
2015-06-06 14:00 - 2015-06-08 14:40 - 00001002 _____ C:\Windows\Tasks\FVEqJAdAUlg9U4t.job
2015-06-06 13:59 - 2015-06-08 15:21 - 00000000 ____D C:\Program Files (x86)\SmartSaver+ 3
2015-06-06 13:43 - 2015-06-08 23:35 - 00002984 _____ C:\Windows\System32\Tasks\AutoKMS
2015-06-06 13:43 - 2015-06-08 23:35 - 00000294 _____ C:\Windows\Tasks\AutoKMS.job
2015-06-06 13:21 - 2015-06-06 13:21 - 00000000 ____D C:\Users\Erica\AppData\Roaming\DEFF9240-1433589717-11E1-AA37-047D7B02F85C
2015-06-06 13:11 - 2015-06-06 13:11 - 00003148 _____ C:\Windows\System32\Tasks\{936A8F7B-71F9-47DC-A8AD-5870C4CF69F5}
2015-06-06 12:06 - 2015-06-09 00:27 - 00000000 ____D C:\ProgramData\Isereohaca
2015-06-06 11:49 - 2015-06-08 14:40 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-06-06 11:49 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-06-06 11:48 - 2015-06-07 11:11 - 00000000 ____D C:\Users\Erica\AppData\Roaming\DEFF9240-1433584127-11E1-AA37-047D7B02F85C
Task: C:\Windows\Tasks\AffiliatedUpdate.job => C:\Users\Erica\AppData\Roaming\AFFILI~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\Cmw90023EIEMrwnKB5XyChC.job => C:\Users\Erica\AppData\Roaming\Cmw90023EIEMrwnKB5XyChC.exe <==== ATTENTION
Task: C:\Windows\Tasks\FVEqJAdAUlg9U4t.job => C:\Users\Erica\AppData\Roaming\FVEqJAdAUlg9U4t.exe <==== ATTENTION
Task: C:\Windows\Tasks\mzoNvb5bAx0fSyKiZmMR2.job => C:\Users\Erica\AppData\Roaming\mzoNvb5bAx0fSyKiZmMR2.exe <==== ATTENTION
Task: {44D0C24F-782B-45F4-9F0D-35B6763B8C63} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {779E8B60-E9CE-4E20-AD3F-5BA5454613B2} - System32\Tasks\4665 => Wscript.exe C:\Users\Erica\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION


Une fois, le texte coller dans le bloc-note.
Menu Fichier puis Enregistrer sous.
A gauche, place toi sur le bureau.
Dans le champs en bas, nom du fichier mets : fixlist.txt
Clic sur Enregistrer - cela va créer un fichier fixlist.txt sur le bureau.

Relance FRST et clic sur le bouton Fix
Selon comment un redémarrage est nécessaire (pas obligatoire).
Un fichier texte apparaît, copie/colle le contenu ici dans un nouveau message.

Redémarre l'ordinateur



puis réinitialise tes navigateurs:
==================================
Réinitialise tes navigateurs et ou manuellement reparamètre tes navigateurs WEB (page de démarrage, moteur de recherche etc) mais aussi supprimer/désactiver les extensions inutiles/parasites :
* Firefox : http://forum.malekal.com/firefox-extens ... 36057.html
* Google Chrome : http://forum.malekal.com/google-chrome- ... 35837.html
* Internet Explorer et modules complémentaires / moteurs de recherche : http://forum.malekal.com/

[louye]

merci pour ta réponse et voilà le message:

Fix result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by Erica at 2015-06-09 19:22:40 Run:1
Running from C:\Users\Erica\Desktop
Loaded Profiles: Erica (Available Profiles: Erica)
Boot Mode: Normal
==============================================

fixlist content:
*****************
R2 cybusyro; C:\Users\Erica\AppData\Roaming\DEFF9240-1433584127-11E1-AA37-047D7B02F85C\jnskC64B.tmp [223232 2015-06-06] () [File not signed]
R2 dequzody; C:\Users\Erica\AppData\Roaming\DEFF9240-1433584127-11E1-AA37-047D7B02F85C\hnspDFB6.tmp [167424 2015-06-06] () [File not signed]
2015-06-08 23:56 - 2015-06-08 23:56 - 00001101 _____ C:\Users\Erica\Desktop\Continue Live Installation.lnk
2015-06-06 23:44 - 2015-06-09 00:27 - 00000000 ____D C:\Program Files (x86)\Bin
2015-06-06 23:43 - 2015-06-09 00:27 - 00000000 ____D C:\Windows\Provider32
2015-06-06 23:43 - 2015-06-07 09:46 - 00173056 _____ C:\Windows\Provider20150607104727.dll
2015-06-06 23:43 - 2015-06-07 08:46 - 00173056 _____ C:\Windows\Provider20150607094651.dll
2015-06-06 23:43 - 2015-06-07 07:45 - 00173056 _____ C:\Windows\Provider20150607084612.dll
2015-06-06 23:43 - 2015-06-07 06:45 - 00173056 _____ C:\Windows\Provider20150607074536.dll
2015-06-06 23:43 - 2015-06-07 05:45 - 00173056 _____ C:\Windows\Provider20150607064529.dll
2015-06-06 23:43 - 2015-06-07 04:44 - 00173056 _____ C:\Windows\Provider20150607054514.dll
2015-06-06 23:43 - 2015-06-07 03:44 - 00173056 _____ C:\Windows\Provider20150607044453.dll
2015-06-06 23:43 - 2015-06-07 02:44 - 00173056 _____ C:\Windows\Provider20150607034431.dll
2015-06-06 23:43 - 2015-06-07 01:44 - 00173056 _____ C:\Windows\Provider20150607024427.dll
2015-06-06 23:43 - 2015-06-07 00:44 - 00173056 _____ C:\Windows\Provider20150607014424.dll
2015-06-06 23:43 - 2015-06-06 23:43 - 00000012 _____ C:\Windows\SysWOW64\0
2015-06-06 23:43 - 2015-06-06 23:43 - 00000000 ____D C:\Windows\Provider
2015-06-06 23:43 - 2015-06-02 18:30 - 00173056 _____ C:\Windows\Provider20150607004421.dll
2015-06-06 23:01 - 2015-06-06 23:01 - 00000000 ____D C:\Users\Erica\AppData\Roaming\DEFF9240-1433624464-11E1-AA37-047D7B02F85C
2015-06-06 22:37 - 2015-06-06 22:37 - 00000000 ____D C:\Users\Erica\AppData\Roaming\DEFF9240-1433623035-11E1-AA37-047D7B02F85C
2015-06-06 14:00 - 2015-06-08 14:40 - 00001002 _____ C:\Windows\Tasks\FVEqJAdAUlg9U4t.job
2015-06-06 13:59 - 2015-06-08 15:21 - 00000000 ____D C:\Program Files (x86)\SmartSaver+ 3
2015-06-06 13:43 - 2015-06-08 23:35 - 00002984 _____ C:\Windows\System32\Tasks\AutoKMS
2015-06-06 13:43 - 2015-06-08 23:35 - 00000294 _____ C:\Windows\Tasks\AutoKMS.job
2015-06-06 13:21 - 2015-06-06 13:21 - 00000000 ____D C:\Users\Erica\AppData\Roaming\DEFF9240-1433589717-11E1-AA37-047D7B02F85C
2015-06-06 13:11 - 2015-06-06 13:11 - 00003148 _____ C:\Windows\System32\Tasks\{936A8F7B-71F9-47DC-A8AD-5870C4CF69F5}
2015-06-06 12:06 - 2015-06-09 00:27 - 00000000 ____D C:\ProgramData\Isereohaca
2015-06-06 11:49 - 2015-06-08 14:40 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-06-06 11:49 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-06-06 11:48 - 2015-06-07 11:11 - 00000000 ____D C:\Users\Erica\AppData\Roaming\DEFF9240-1433584127-11E1-AA37-047D7B02F85C
Task: C:\Windows\Tasks\AffiliatedUpdate.job => C:\Users\Erica\AppData\Roaming\AFFILI~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\Cmw90023EIEMrwnKB5XyChC.job => C:\Users\Erica\AppData\Roaming\Cmw90023EIEMrwnKB5XyChC.exe <==== ATTENTION
Task: C:\Windows\Tasks\FVEqJAdAUlg9U4t.job => C:\Users\Erica\AppData\Roaming\FVEqJAdAUlg9U4t.exe <==== ATTENTION
Task: C:\Windows\Tasks\mzoNvb5bAx0fSyKiZmMR2.job => C:\Users\Erica\AppData\Roaming\mzoNvb5bAx0fSyKiZmMR2.exe <==== ATTENTION
Task: {44D0C24F-782B-45F4-9F0D-35B6763B8C63} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {779E8B60-E9CE-4E20-AD3F-5BA5454613B2} - System32\Tasks\4665 => Wscript.exe C:\Users\Erica\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION

*****************

cybusyro => Service stopped successfully.
cybusyro => Service removed successfully
dequzody => Service stopped successfully.
dequzody => Service removed successfully
C:\Users\Erica\Desktop\Continue Live Installation.lnk => moved successfully.
C:\Program Files (x86)\Bin => moved successfully.
C:\Windows\Provider32 => moved successfully.
C:\Windows\Provider20150607104727.dll => moved successfully.
C:\Windows\Provider20150607094651.dll => moved successfully.
C:\Windows\Provider20150607084612.dll => moved successfully.
C:\Windows\Provider20150607074536.dll => moved successfully.
C:\Windows\Provider20150607064529.dll => moved successfully.
C:\Windows\Provider20150607054514.dll => moved successfully.
C:\Windows\Provider20150607044453.dll => moved successfully.
C:\Windows\Provider20150607034431.dll => moved successfully.
C:\Windows\Provider20150607024427.dll => moved successfully.
C:\Windows\Provider20150607014424.dll => moved successfully.
C:\Windows\SysWOW64\0 => moved successfully.

"C:\Windows\Provider" folder move:

Could not move "C:\Windows\Provider" folder => Scheduled to move on reboot.

C:\Windows\Provider20150607004421.dll => moved successfully.
C:\Users\Erica\AppData\Roaming\DEFF9240-1433624464-11E1-AA37-047D7B02F85C => moved successfully.
C:\Users\Erica\AppData\Roaming\DEFF9240-1433623035-11E1-AA37-047D7B02F85C => moved successfully.
C:\Windows\Tasks\FVEqJAdAUlg9U4t.job => moved successfully.
C:\Program Files (x86)\SmartSaver+ 3 => moved successfully.
C:\Windows\System32\Tasks\AutoKMS => moved successfully.
C:\Windows\Tasks\AutoKMS.job => moved successfully.
C:\Users\Erica\AppData\Roaming\DEFF9240-1433589717-11E1-AA37-047D7B02F85C => moved successfully.
C:\Windows\System32\Tasks\{936A8F7B-71F9-47DC-A8AD-5870C4CF69F5} => moved successfully.
C:\ProgramData\Isereohaca => moved successfully.
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 => moved successfully.
C:\Windows\system32\Drivers\etc\hp.bak => moved successfully.
C:\Users\Erica\AppData\Roaming\DEFF9240-1433584127-11E1-AA37-047D7B02F85C => moved successfully.
C:\Windows\Tasks\AffiliatedUpdate.job => moved successfully.
C:\Windows\Tasks\Cmw90023EIEMrwnKB5XyChC.job => moved successfully.
C:\Windows\Tasks\FVEqJAdAUlg9U4t.job not found.
C:\Windows\Tasks\mzoNvb5bAx0fSyKiZmMR2.job => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{44D0C24F-782B-45F4-9F0D-35B6763B8C63}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44D0C24F-782B-45F4-9F0D-35B6763B8C63}" => key removed successfully
C:\Windows\System32\Tasks\0 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{779E8B60-E9CE-4E20-AD3F-5BA5454613B2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{779E8B60-E9CE-4E20-AD3F-5BA5454613B2}" => key removed successfully
C:\Windows\System32\Tasks\4665 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4665" => key removed successfully

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-06-09 19:26:54)<=

C:\Windows\Provider => Is moved successfully

==== End of Fixlog 19:26:54 ====

[Malekal_morte]

ok, voici la suite :

Malwarebytes (temps : environ 40min de scan):
==================================================
Télécharge et installe Malwarebyte : https://www.malekal.com/malwarebyte-ant ... les-virus/
Mets le à jour puis lance un examen.

A la fin du scan, clic sur "Supprimer Selection" en bas à gauche.
Redémarre l'ordinateur si besoin.
Après redémarrage, relance Malwarebytes.
Vas chercher le rapport dans l'onglet Historique.
A gauche Journal des examens.
Doube-clic sur l'examen dans la liste.
Puis en bas Copier dans le presse papier
Vas sur http://pjjoint.malekal.com et en bas, clic droit / coller pour coller le rapport du scan Malwarebytes.
Clic sur envoyer.
Dans un nouveau message ici en réponse, donne le lien pjjoint afin de pouvoir consulter le rapport.