Virus Ransomware
Résolu/Fermé
steve15
-
1 mai 2015 à 13:50
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 - 3 mai 2015 à 11:57
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 - 3 mai 2015 à 11:57
A voir également:
- Virus Ransomware
- Svchost.exe virus - Guide
- Faux message virus iphone - Forum iPhone
- Operagxsetup virus ✓ - Forum Virus
- Vérificateur de lien virus - Guide
- Produkey virus ✓ - Forum Windows 10
11 réponses
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 628
1 mai 2015 à 13:50
1 mai 2015 à 13:50
Salut,
Tu as été infecté par un Ransomware chiffreurs de fichiers.
Ces derniers vont essentiellement par des pièces jointes malicieux dans des emails ou des Exploits WEB.
Il n'y a pas vraiment de solution pour récupérer les documents.
Si tu veux vérifier l'ordinateur :
Suis ce tutoriel FRST: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/
Télécharge et lance le scan FRST, cela va générer trois rapports FRST :
Envoie comme expliqué, ces trois rapports sur le site http://pjjoint.malekal.com et donne les trois liens pjjoint de ces rapports afin qu'ils puissent être consultés.
Tu as été infecté par un Ransomware chiffreurs de fichiers.
Ces derniers vont essentiellement par des pièces jointes malicieux dans des emails ou des Exploits WEB.
Il n'y a pas vraiment de solution pour récupérer les documents.
Si tu veux vérifier l'ordinateur :
Suis ce tutoriel FRST: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/
Télécharge et lance le scan FRST, cela va générer trois rapports FRST :
- FRST.txt
- Shortcut.txt
- Additionnal.txt
Envoie comme expliqué, ces trois rapports sur le site http://pjjoint.malekal.com et donne les trois liens pjjoint de ces rapports afin qu'ils puissent être consultés.
Salut
merci pour ta réponse rapide
Vraiment aucun moyen de récupérer les fichiers déjà cryptés ?
J'ai fait tourner le soft en mode sans échec pour éviter que le virus continue à tourner et me bousiller des fichiers
Voici les 3 rapports :
http://pjjoint.malekal.com/files.php?id=20150501_c14w10y6c6v15
http://pjjoint.malekal.com/files.php?id=20150501_b10s12c15q8j11
http://pjjoint.malekal.com/files.php?id=20150501_j13s8f5u11o7
Dans l'attente d'une réponse de ta part
Merci
merci pour ta réponse rapide
Vraiment aucun moyen de récupérer les fichiers déjà cryptés ?
J'ai fait tourner le soft en mode sans échec pour éviter que le virus continue à tourner et me bousiller des fichiers
Voici les 3 rapports :
http://pjjoint.malekal.com/files.php?id=20150501_c14w10y6c6v15
http://pjjoint.malekal.com/files.php?id=20150501_b10s12c15q8j11
http://pjjoint.malekal.com/files.php?id=20150501_j13s8f5u11o7
Dans l'attente d'une réponse de ta part
Merci
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 628
1 mai 2015 à 14:26
1 mai 2015 à 14:26
y a un Trojan Miner qui tourne qui a été téléchargé par des cracks/keygen.
Voici la correction à effectuer avec FRST.
Tu peux t'inspirer de cette note explicative avec des captures d'écran pour t'aider: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/#fix
Ouvre le bloc-notes : Touche Windows + R, dans le champs executer, tape notepad et OK.
Copie/colle dedans ce qui suit :
HKLM\...\Run: [AVSvc] => C:\Users\FABBY\AppData\Roaming\aeymrvb.exe [352768 2015-05-01] ()
HKU\S-1-5-21-1690268873-1756398334-584139300-1001\...\Run: [AVSvc] => C:\Users\FABBY\AppData\Roaming\aeymrvb.exe [352768 2015-05-01] ()
HKU\S-1-5-21-1690268873-1756398334-584139300-1001\...\Run: [BluetoothManager] => rundll32.exe "%appdata%\Microsoft\bstack.dll",bs_init
2015-05-01 12:30 - 2015-05-01 12:45 - 00002678 _____ () C:\Users\FABBY\Downloads\HELP_TO_SAVE_FILES.txt
2015-05-01 12:30 - 2015-05-01 12:45 - 00002678 _____ () C:\Users\FABBY\Documents\HELP_TO_SAVE_FILES.txt
2015-05-01 12:30 - 2015-05-01 12:45 - 00002678 _____ () C:\Users\FABBY\AppData\Roaming\Microsoft\Windows\Start Menu\HELP_TO_SAVE_FILES.txt
2015-05-01 12:30 - 2015-05-01 12:45 - 00002678 _____ () C:\Users\FABBY\AppData\Local\HELP_TO_SAVE_FILES.txt
2015-05-01 12:26 - 2015-05-01 12:45 - 00002678 _____ () C:\Users\FABBY\Desktop\HELP_TO_SAVE_FILES.txt
2015-05-01 12:26 - 2015-05-01 12:45 - 00002678 _____ () C:\Users\FABBY\AppData\Roaming\HELP_TO_SAVE_FILES.txt
2015-05-01 12:26 - 2015-05-01 12:45 - 00002678 _____ () C:\Users\FABBY\AppData\HELP_TO_SAVE_FILES.txt
2015-05-01 12:24 - 2015-05-01 12:44 - 00002678 _____ () C:\Users\Public\Documents\HELP_TO_SAVE_FILES.txt
2015-05-01 12:24 - 2015-05-01 12:44 - 00002678 _____ () C:\ProgramData\HELP_TO_SAVE_FILES.txt
2015-05-01 12:15 - 2015-05-01 12:44 - 00000232 _____ () C:\Users\FABBY\Documents\RECOVERY_FILE.TXT
2015-05-01 12:15 - 2015-05-01 12:15 - 00002678 _____ () C:\Users\HELP_TO_SAVE_FILES.txt
2015-05-01 12:15 - 2015-05-01 12:15 - 00000752 _____ () C:\Users\FABBY\AppData\Roaming\key.dat
2015-05-01 12:14 - 2015-05-01 12:14 - 00352768 _____ () C:\Users\FABBY\AppData\Roaming\aeymrvb.exe
2015-04-30 16:43 - 2015-05-01 12:30 - 00047252 _____ () C:\Users\FABBY\Downloads\HELP_DECRYPT.PNG.ezz
2015-04-30 16:43 - 2015-05-01 12:30 - 00004740 _____ () C:\Users\FABBY\Downloads\HELP_DECRYPT.TXT.ezz
2015-04-30 16:43 - 2015-04-30 16:43 - 00009036 _____ () C:\Users\FABBY\Downloads\HELP_DECRYPT.HTML
2015-04-30 16:43 - 2015-04-30 16:43 - 00000280 _____ () C:\Users\FABBY\Downloads\HELP_DECRYPT.URL
2015-04-30 16:40 - 2015-05-01 12:27 - 00047252 _____ () C:\Users\FABBY\Documents\HELP_DECRYPT.PNG.ezz
2015-04-30 16:40 - 2015-05-01 12:27 - 00004740 _____ () C:\Users\FABBY\Documents\HELP_DECRYPT.TXT.ezz
2015-04-30 16:40 - 2015-04-30 16:40 - 00009036 _____ () C:\Users\FABBY\Documents\HELP_DECRYPT.HTML
2015-04-30 16:40 - 2015-04-30 16:40 - 00000280 _____ () C:\Users\FABBY\Documents\HELP_DECRYPT.URL
2015-04-30 16:33 - 2015-05-01 12:25 - 00047252 _____ () C:\Users\FABBY\AppData\HELP_DECRYPT.PNG.ezz
2015-04-30 16:33 - 2015-05-01 12:25 - 00004740 _____ () C:\Users\FABBY\AppData\HELP_DECRYPT.TXT.ezz
2015-04-30 16:33 - 2015-04-30 16:33 - 00009036 _____ () C:\Users\FABBY\AppData\Roaming\HELP_DECRYPT.HTML
2015-04-30 16:33 - 2015-04-30 16:33 - 00009036 _____ () C:\Users\FABBY\AppData\HELP_DECRYPT.HTML
2015-04-30 16:33 - 2015-04-30 16:33 - 00004706 _____ () C:\Users\FABBY\AppData\Roaming\HELP_DECRYPT.TXT
2015-04-30 16:33 - 2015-04-30 16:33 - 00000280 _____ () C:\Users\FABBY\AppData\Roaming\HELP_DECRYPT.URL
2015-04-30 16:33 - 2015-04-30 16:33 - 00000280 _____ () C:\Users\FABBY\AppData\HELP_DECRYPT.URL
2015-04-30 16:20 - 2015-04-30 16:20 - 00009036 _____ () C:\Users\FABBY\AppData\Local\HELP_DECRYPT.HTML
2015-04-30 16:20 - 2015-04-30 16:20 - 00004706 _____ () C:\Users\FABBY\AppData\Local\HELP_DECRYPT.TXT
2015-04-30 16:20 - 2015-04-30 16:20 - 00000280 _____ () C:\Users\FABBY\AppData\Local\HELP_DECRYPT.URL
2015-04-30 15:46 - 2015-04-30 15:46 - 00009036 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-04-30 15:46 - 2015-04-30 15:46 - 00004706 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-04-30 15:46 - 2015-04-30 15:46 - 00000280 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-05-01 12:14 - 2015-05-01 12:14 - 0352768 _____ () C:\Users\FABBY\AppData\Roaming\aeymrvb.exe
2015-04-30 16:33 - 2015-04-30 16:33 - 0009036 _____ () C:\Users\FABBY\AppData\Roaming\HELP_DECRYPT.HTML
2015-04-30 16:33 - 2015-04-30 16:33 - 0047231 _____ () C:\Users\FABBY\AppData\Roaming\HELP_DECRYPT.PNG
2015-04-30 16:33 - 2015-04-30 16:33 - 0004706 _____ () C:\Users\FABBY\AppData\Roaming\HELP_DECRYPT.TXT
2015-04-30 16:33 - 2015-04-30 16:33 - 0000280 _____ () C:\Users\FABBY\AppData\Roaming\HELP_DECRYPT.URL
2015-05-01 12:26 - 2015-05-01 12:45 - 0002678 _____ () C:\Users\FABBY\AppData\Roaming\HELP_TO_SAVE_FILES.txt
2015-05-01 12:15 - 2015-05-01 12:15 - 0000752 _____ () C:\Users\FABBY\AppData\Roaming\key.dat
2015-05-01 12:15 - 2015-05-01 13:02 - 0721204 _____ () C:\Users\FABBY\AppData\Roaming\log.html
2012-02-04 17:53 - 2012-02-04 17:53 - 0022927 _____ () C:\Users\FABBY\AppData\Roaming\UserTile.png
2015-04-30 16:20 - 2015-04-30 16:20 - 0009036 _____ () C:\Users\FABBY\AppData\Local\HELP_DECRYPT.HTML
2015-04-30 16:20 - 2015-04-30 16:20 - 0047231 _____ () C:\Users\FABBY\AppData\Local\HELP_DECRYPT.PNG
2015-04-30 16:20 - 2015-04-30 16:20 - 0004706 _____ () C:\Users\FABBY\AppData\Local\HELP_DECRYPT.TXT
2015-04-30 16:20 - 2015-04-30 16:20 - 0000280 _____ () C:\Users\FABBY\AppData\Local\HELP_DECRYPT.URL
2015-05-01 12:30 - 2015-05-01 12:45 - 0002678 _____ () C:\Users\FABBY\AppData\Local\HELP_TO_SAVE_FILES.txt
2015-04-29 10:51 - 2015-04-29 10:51 - 0016896 _____ () C:\Users\FABBY\AppData\Local\lopmber.dll
2015-04-30 15:46 - 2015-04-30 15:46 - 0009036 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-04-30 15:46 - 2015-04-30 15:46 - 0047231 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-04-30 15:46 - 2015-04-30 15:46 - 0004706 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-04-30 15:46 - 2015-04-30 15:46 - 0000280 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-05-01 12:24 - 2015-05-01 12:44 - 0002678 _____ () C:\ProgramData\HELP_TO_SAVE_FILES.txt
Task: {84CD9CE9-89B2-4A99-B8A5-70AB56079FC0} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {FBF06D08-BD51-4A88-8715-40161E95A786} - System32\Tasks\4537 => Wscript.exe C:\Users\FABBY\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Une fois, le texte coller dans le bloc-note.
Menu Fichier puis Enregistrer sous.
A gauche, place toi sur le bureau.
Dans le champs en bas, nom du fichier mets : fixlist.txt
Clic sur Enregistrer - cela va créer un fichier fixlist.txt sur le bureau.
Relance FRST qui doit se trouver sur le bureau et clic sur le bouton Fix
Selon comment un redémarrage est nécessaire (pas obligatoire).
Un fichier texte apparaît, copie/colle le contenu ici dans un nouveau message.
Redémarre l'ordinateur
Scan Malwarebytes (temps : environ 40min de scan):
==================================================
Télécharge et installe Malwarebyte : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Mets le à jour puis lance un examen.
A la fin du scan, clic sur "Mettre tout en quarantaine" en bas à gauche.
Redémarre l'ordinateur si besoin.
Après redémarrage, relance Malwarebytes.
Vas chercher le rapport dans l'onglet Historique.
A gauche Journal d'application.
Dans la liste, prends le scan log le plus récent.
Puis en bas Copier dans le presse papier
Vas sur http://pjjoint.malekal.com et en bas, clic droit / coller pour coller le rapport du scan Malwarebytes.
Clic sur envoyer.
Dans un nouveau message ici en réponse, donne le lien pjjoint afin de pouvoir consulter le rapport.
Voici la correction à effectuer avec FRST.
Tu peux t'inspirer de cette note explicative avec des captures d'écran pour t'aider: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/#fix
Ouvre le bloc-notes : Touche Windows + R, dans le champs executer, tape notepad et OK.
Copie/colle dedans ce qui suit :
HKLM\...\Run: [AVSvc] => C:\Users\FABBY\AppData\Roaming\aeymrvb.exe [352768 2015-05-01] ()
HKU\S-1-5-21-1690268873-1756398334-584139300-1001\...\Run: [AVSvc] => C:\Users\FABBY\AppData\Roaming\aeymrvb.exe [352768 2015-05-01] ()
HKU\S-1-5-21-1690268873-1756398334-584139300-1001\...\Run: [BluetoothManager] => rundll32.exe "%appdata%\Microsoft\bstack.dll",bs_init
2015-05-01 12:30 - 2015-05-01 12:45 - 00002678 _____ () C:\Users\FABBY\Downloads\HELP_TO_SAVE_FILES.txt
2015-05-01 12:30 - 2015-05-01 12:45 - 00002678 _____ () C:\Users\FABBY\Documents\HELP_TO_SAVE_FILES.txt
2015-05-01 12:30 - 2015-05-01 12:45 - 00002678 _____ () C:\Users\FABBY\AppData\Roaming\Microsoft\Windows\Start Menu\HELP_TO_SAVE_FILES.txt
2015-05-01 12:30 - 2015-05-01 12:45 - 00002678 _____ () C:\Users\FABBY\AppData\Local\HELP_TO_SAVE_FILES.txt
2015-05-01 12:26 - 2015-05-01 12:45 - 00002678 _____ () C:\Users\FABBY\Desktop\HELP_TO_SAVE_FILES.txt
2015-05-01 12:26 - 2015-05-01 12:45 - 00002678 _____ () C:\Users\FABBY\AppData\Roaming\HELP_TO_SAVE_FILES.txt
2015-05-01 12:26 - 2015-05-01 12:45 - 00002678 _____ () C:\Users\FABBY\AppData\HELP_TO_SAVE_FILES.txt
2015-05-01 12:24 - 2015-05-01 12:44 - 00002678 _____ () C:\Users\Public\Documents\HELP_TO_SAVE_FILES.txt
2015-05-01 12:24 - 2015-05-01 12:44 - 00002678 _____ () C:\ProgramData\HELP_TO_SAVE_FILES.txt
2015-05-01 12:15 - 2015-05-01 12:44 - 00000232 _____ () C:\Users\FABBY\Documents\RECOVERY_FILE.TXT
2015-05-01 12:15 - 2015-05-01 12:15 - 00002678 _____ () C:\Users\HELP_TO_SAVE_FILES.txt
2015-05-01 12:15 - 2015-05-01 12:15 - 00000752 _____ () C:\Users\FABBY\AppData\Roaming\key.dat
2015-05-01 12:14 - 2015-05-01 12:14 - 00352768 _____ () C:\Users\FABBY\AppData\Roaming\aeymrvb.exe
2015-04-30 16:43 - 2015-05-01 12:30 - 00047252 _____ () C:\Users\FABBY\Downloads\HELP_DECRYPT.PNG.ezz
2015-04-30 16:43 - 2015-05-01 12:30 - 00004740 _____ () C:\Users\FABBY\Downloads\HELP_DECRYPT.TXT.ezz
2015-04-30 16:43 - 2015-04-30 16:43 - 00009036 _____ () C:\Users\FABBY\Downloads\HELP_DECRYPT.HTML
2015-04-30 16:43 - 2015-04-30 16:43 - 00000280 _____ () C:\Users\FABBY\Downloads\HELP_DECRYPT.URL
2015-04-30 16:40 - 2015-05-01 12:27 - 00047252 _____ () C:\Users\FABBY\Documents\HELP_DECRYPT.PNG.ezz
2015-04-30 16:40 - 2015-05-01 12:27 - 00004740 _____ () C:\Users\FABBY\Documents\HELP_DECRYPT.TXT.ezz
2015-04-30 16:40 - 2015-04-30 16:40 - 00009036 _____ () C:\Users\FABBY\Documents\HELP_DECRYPT.HTML
2015-04-30 16:40 - 2015-04-30 16:40 - 00000280 _____ () C:\Users\FABBY\Documents\HELP_DECRYPT.URL
2015-04-30 16:33 - 2015-05-01 12:25 - 00047252 _____ () C:\Users\FABBY\AppData\HELP_DECRYPT.PNG.ezz
2015-04-30 16:33 - 2015-05-01 12:25 - 00004740 _____ () C:\Users\FABBY\AppData\HELP_DECRYPT.TXT.ezz
2015-04-30 16:33 - 2015-04-30 16:33 - 00009036 _____ () C:\Users\FABBY\AppData\Roaming\HELP_DECRYPT.HTML
2015-04-30 16:33 - 2015-04-30 16:33 - 00009036 _____ () C:\Users\FABBY\AppData\HELP_DECRYPT.HTML
2015-04-30 16:33 - 2015-04-30 16:33 - 00004706 _____ () C:\Users\FABBY\AppData\Roaming\HELP_DECRYPT.TXT
2015-04-30 16:33 - 2015-04-30 16:33 - 00000280 _____ () C:\Users\FABBY\AppData\Roaming\HELP_DECRYPT.URL
2015-04-30 16:33 - 2015-04-30 16:33 - 00000280 _____ () C:\Users\FABBY\AppData\HELP_DECRYPT.URL
2015-04-30 16:20 - 2015-04-30 16:20 - 00009036 _____ () C:\Users\FABBY\AppData\Local\HELP_DECRYPT.HTML
2015-04-30 16:20 - 2015-04-30 16:20 - 00004706 _____ () C:\Users\FABBY\AppData\Local\HELP_DECRYPT.TXT
2015-04-30 16:20 - 2015-04-30 16:20 - 00000280 _____ () C:\Users\FABBY\AppData\Local\HELP_DECRYPT.URL
2015-04-30 15:46 - 2015-04-30 15:46 - 00009036 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-04-30 15:46 - 2015-04-30 15:46 - 00004706 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-04-30 15:46 - 2015-04-30 15:46 - 00000280 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-05-01 12:14 - 2015-05-01 12:14 - 0352768 _____ () C:\Users\FABBY\AppData\Roaming\aeymrvb.exe
2015-04-30 16:33 - 2015-04-30 16:33 - 0009036 _____ () C:\Users\FABBY\AppData\Roaming\HELP_DECRYPT.HTML
2015-04-30 16:33 - 2015-04-30 16:33 - 0047231 _____ () C:\Users\FABBY\AppData\Roaming\HELP_DECRYPT.PNG
2015-04-30 16:33 - 2015-04-30 16:33 - 0004706 _____ () C:\Users\FABBY\AppData\Roaming\HELP_DECRYPT.TXT
2015-04-30 16:33 - 2015-04-30 16:33 - 0000280 _____ () C:\Users\FABBY\AppData\Roaming\HELP_DECRYPT.URL
2015-05-01 12:26 - 2015-05-01 12:45 - 0002678 _____ () C:\Users\FABBY\AppData\Roaming\HELP_TO_SAVE_FILES.txt
2015-05-01 12:15 - 2015-05-01 12:15 - 0000752 _____ () C:\Users\FABBY\AppData\Roaming\key.dat
2015-05-01 12:15 - 2015-05-01 13:02 - 0721204 _____ () C:\Users\FABBY\AppData\Roaming\log.html
2012-02-04 17:53 - 2012-02-04 17:53 - 0022927 _____ () C:\Users\FABBY\AppData\Roaming\UserTile.png
2015-04-30 16:20 - 2015-04-30 16:20 - 0009036 _____ () C:\Users\FABBY\AppData\Local\HELP_DECRYPT.HTML
2015-04-30 16:20 - 2015-04-30 16:20 - 0047231 _____ () C:\Users\FABBY\AppData\Local\HELP_DECRYPT.PNG
2015-04-30 16:20 - 2015-04-30 16:20 - 0004706 _____ () C:\Users\FABBY\AppData\Local\HELP_DECRYPT.TXT
2015-04-30 16:20 - 2015-04-30 16:20 - 0000280 _____ () C:\Users\FABBY\AppData\Local\HELP_DECRYPT.URL
2015-05-01 12:30 - 2015-05-01 12:45 - 0002678 _____ () C:\Users\FABBY\AppData\Local\HELP_TO_SAVE_FILES.txt
2015-04-29 10:51 - 2015-04-29 10:51 - 0016896 _____ () C:\Users\FABBY\AppData\Local\lopmber.dll
2015-04-30 15:46 - 2015-04-30 15:46 - 0009036 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-04-30 15:46 - 2015-04-30 15:46 - 0047231 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-04-30 15:46 - 2015-04-30 15:46 - 0004706 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-04-30 15:46 - 2015-04-30 15:46 - 0000280 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-05-01 12:24 - 2015-05-01 12:44 - 0002678 _____ () C:\ProgramData\HELP_TO_SAVE_FILES.txt
Task: {84CD9CE9-89B2-4A99-B8A5-70AB56079FC0} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {FBF06D08-BD51-4A88-8715-40161E95A786} - System32\Tasks\4537 => Wscript.exe C:\Users\FABBY\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Une fois, le texte coller dans le bloc-note.
Menu Fichier puis Enregistrer sous.
A gauche, place toi sur le bureau.
Dans le champs en bas, nom du fichier mets : fixlist.txt
Clic sur Enregistrer - cela va créer un fichier fixlist.txt sur le bureau.
Relance FRST qui doit se trouver sur le bureau et clic sur le bouton Fix
Selon comment un redémarrage est nécessaire (pas obligatoire).
Un fichier texte apparaît, copie/colle le contenu ici dans un nouveau message.
Redémarre l'ordinateur
Scan Malwarebytes (temps : environ 40min de scan):
==================================================
Télécharge et installe Malwarebyte : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Mets le à jour puis lance un examen.
A la fin du scan, clic sur "Mettre tout en quarantaine" en bas à gauche.
Redémarre l'ordinateur si besoin.
Après redémarrage, relance Malwarebytes.
Vas chercher le rapport dans l'onglet Historique.
A gauche Journal d'application.
Dans la liste, prends le scan log le plus récent.
Puis en bas Copier dans le presse papier
Vas sur http://pjjoint.malekal.com et en bas, clic droit / coller pour coller le rapport du scan Malwarebytes.
Clic sur envoyer.
Dans un nouveau message ici en réponse, donne le lien pjjoint afin de pouvoir consulter le rapport.
Voila
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 29-04-2015 01
Ran by FABBY at 2015-05-01 15:52:50 Run:1
Running from C:\Users\FABBY\Desktop
Loaded Profiles: FABBY (Available profiles: FABBY)
Boot Mode: Safe Mode (with Networking)
==============================================
Content of fixlist:
HKLM\...\Run: [AVSvc] => C:\Users\FABBY\AppData\Roaming\aeymrvb.exe [352768 2015-05-01] ()
HKU\S-1-5-21-1690268873-1756398334-584139300-1001\...\Run: [AVSvc] => C:\Users\FABBY\AppData\Roaming\aeymrvb.exe [352768 2015-05-01] ()
HKU\S-1-5-21-1690268873-1756398334-584139300-1001\...\Run: [BluetoothManager] => rundll32.exe "%appdata%\Microsoft\bstack.dll",bs_init
2015-05-01 12:30 - 2015-05-01 12:45 - 00002678 _____ () C:\Users\FABBY\Downloads\HELP_TO_SAVE_FILES.txt
2015-05-01 12:30 - 2015-05-01 12:45 - 00002678 _____ () C:\Users\FABBY\Documents\HELP_TO_SAVE_FILES.txt
2015-05-01 12:30 - 2015-05-01 12:45 - 00002678 _____ () C:\Users\FABBY\AppData\Roaming\Microsoft\Windows\Start Menu\HELP_TO_SAVE_FILES.txt
2015-05-01 12:30 - 2015-05-01 12:45 - 00002678 _____ () C:\Users\FABBY\AppData\Local\HELP_TO_SAVE_FILES.txt
2015-05-01 12:26 - 2015-05-01 12:45 - 00002678 _____ () C:\Users\FABBY\Desktop\HELP_TO_SAVE_FILES.txt
2015-05-01 12:26 - 2015-05-01 12:45 - 00002678 _____ () C:\Users\FABBY\AppData\Roaming\HELP_TO_SAVE_FILES.txt
2015-05-01 12:26 - 2015-05-01 12:45 - 00002678 _____ () C:\Users\FABBY\AppData\HELP_TO_SAVE_FILES.txt
2015-05-01 12:24 - 2015-05-01 12:44 - 00002678 _____ () C:\Users\Public\Documents\HELP_TO_SAVE_FILES.txt
2015-05-01 12:24 - 2015-05-01 12:44 - 00002678 _____ () C:\ProgramData\HELP_TO_SAVE_FILES.txt
2015-05-01 12:15 - 2015-05-01 12:44 - 00000232 _____ () C:\Users\FABBY\Documents\RECOVERY_FILE.TXT
2015-05-01 12:15 - 2015-05-01 12:15 - 00002678 _____ () C:\Users\HELP_TO_SAVE_FILES.txt
2015-05-01 12:15 - 2015-05-01 12:15 - 00000752 _____ () C:\Users\FABBY\AppData\Roaming\key.dat
2015-05-01 12:14 - 2015-05-01 12:14 - 00352768 _____ () C:\Users\FABBY\AppData\Roaming\aeymrvb.exe
2015-04-30 16:43 - 2015-05-01 12:30 - 00047252 _____ () C:\Users\FABBY\Downloads\HELP_DECRYPT.PNG.ezz
2015-04-30 16:43 - 2015-05-01 12:30 - 00004740 _____ () C:\Users\FABBY\Downloads\HELP_DECRYPT.TXT.ezz
2015-04-30 16:43 - 2015-04-30 16:43 - 00009036 _____ () C:\Users\FABBY\Downloads\HELP_DECRYPT.HTML
2015-04-30 16:43 - 2015-04-30 16:43 - 00000280 _____ () C:\Users\FABBY\Downloads\HELP_DECRYPT.URL
2015-04-30 16:40 - 2015-05-01 12:27 - 00047252 _____ () C:\Users\FABBY\Documents\HELP_DECRYPT.PNG.ezz
2015-04-30 16:40 - 2015-05-01 12:27 - 00004740 _____ () C:\Users\FABBY\Documents\HELP_DECRYPT.TXT.ezz
2015-04-30 16:40 - 2015-04-30 16:40 - 00009036 _____ () C:\Users\FABBY\Documents\HELP_DECRYPT.HTML
2015-04-30 16:40 - 2015-04-30 16:40 - 00000280 _____ () C:\Users\FABBY\Documents\HELP_DECRYPT.URL
2015-04-30 16:33 - 2015-05-01 12:25 - 00047252 _____ () C:\Users\FABBY\AppData\HELP_DECRYPT.PNG.ezz
2015-04-30 16:33 - 2015-05-01 12:25 - 00004740 _____ () C:\Users\FABBY\AppData\HELP_DECRYPT.TXT.ezz
2015-04-30 16:33 - 2015-04-30 16:33 - 00009036 _____ () C:\Users\FABBY\AppData\Roaming\HELP_DECRYPT.HTML
2015-04-30 16:33 - 2015-04-30 16:33 - 00009036 _____ () C:\Users\FABBY\AppData\HELP_DECRYPT.HTML
2015-04-30 16:33 - 2015-04-30 16:33 - 00004706 _____ () C:\Users\FABBY\AppData\Roaming\HELP_DECRYPT.TXT
2015-04-30 16:33 - 2015-04-30 16:33 - 00000280 _____ () C:\Users\FABBY\AppData\Roaming\HELP_DECRYPT.URL
2015-04-30 16:33 - 2015-04-30 16:33 - 00000280 _____ () C:\Users\FABBY\AppData\HELP_DECRYPT.URL
2015-04-30 16:20 - 2015-04-30 16:20 - 00009036 _____ () C:\Users\FABBY\AppData\Local\HELP_DECRYPT.HTML
2015-04-30 16:20 - 2015-04-30 16:20 - 00004706 _____ () C:\Users\FABBY\AppData\Local\HELP_DECRYPT.TXT
2015-04-30 16:20 - 2015-04-30 16:20 - 00000280 _____ () C:\Users\FABBY\AppData\Local\HELP_DECRYPT.URL
2015-04-30 15:46 - 2015-04-30 15:46 - 00009036 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-04-30 15:46 - 2015-04-30 15:46 - 00004706 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-04-30 15:46 - 2015-04-30 15:46 - 00000280 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-05-01 12:14 - 2015-05-01 12:14 - 0352768 _____ () C:\Users\FABBY\AppData\Roaming\aeymrvb.exe
2015-04-30 16:33 - 2015-04-30 16:33 - 0009036 _____ () C:\Users\FABBY\AppData\Roaming\HELP_DECRYPT.HTML
2015-04-30 16:33 - 2015-04-30 16:33 - 0047231 _____ () C:\Users\FABBY\AppData\Roaming\HELP_DECRYPT.PNG
2015-04-30 16:33 - 2015-04-30 16:33 - 0004706 _____ () C:\Users\FABBY\AppData\Roaming\HELP_DECRYPT.TXT
2015-04-30 16:33 - 2015-04-30 16:33 - 0000280 _____ () C:\Users\FABBY\AppData\Roaming\HELP_DECRYPT.URL
2015-05-01 12:26 - 2015-05-01 12:45 - 0002678 _____ () C:\Users\FABBY\AppData\Roaming\HELP_TO_SAVE_FILES.txt
2015-05-01 12:15 - 2015-05-01 12:15 - 0000752 _____ () C:\Users\FABBY\AppData\Roaming\key.dat
2015-05-01 12:15 - 2015-05-01 13:02 - 0721204 _____ () C:\Users\FABBY\AppData\Roaming\log.html
2012-02-04 17:53 - 2012-02-04 17:53 - 0022927 _____ () C:\Users\FABBY\AppData\Roaming\UserTile.png
2015-04-30 16:20 - 2015-04-30 16:20 - 0009036 _____ () C:\Users\FABBY\AppData\Local\HELP_DECRYPT.HTML
2015-04-30 16:20 - 2015-04-30 16:20 - 0047231 _____ () C:\Users\FABBY\AppData\Local\HELP_DECRYPT.PNG
2015-04-30 16:20 - 2015-04-30 16:20 - 0004706 _____ () C:\Users\FABBY\AppData\Local\HELP_DECRYPT.TXT
2015-04-30 16:20 - 2015-04-30 16:20 - 0000280 _____ () C:\Users\FABBY\AppData\Local\HELP_DECRYPT.URL
2015-05-01 12:30 - 2015-05-01 12:45 - 0002678 _____ () C:\Users\FABBY\AppData\Local\HELP_TO_SAVE_FILES.txt
2015-04-29 10:51 - 2015-04-29 10:51 - 0016896 _____ () C:\Users\FABBY\AppData\Local\lopmber.dll
2015-04-30 15:46 - 2015-04-30 15:46 - 0009036 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-04-30 15:46 - 2015-04-30 15:46 - 0047231 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-04-30 15:46 - 2015-04-30 15:46 - 0004706 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-04-30 15:46 - 2015-04-30 15:46 - 0000280 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-05-01 12:24 - 2015-05-01 12:44 - 0002678 _____ () C:\ProgramData\HELP_TO_SAVE_FILES.txt
Task: {84CD9CE9-89B2-4A99-B8A5-70AB56079FC0} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {FBF06D08-BD51-4A88-8715-40161E95A786} - System32\Tasks\4537 => Wscript.exe C:\Users\FABBY\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AVSvc => value deleted successfully.
HKU\S-1-5-21-1690268873-1756398334-584139300-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AVSvc => value deleted successfully.
HKU\S-1-5-21-1690268873-1756398334-584139300-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BluetoothManager => value deleted successfully.
C:\Users\FABBY\Downloads\HELP_TO_SAVE_FILES.txt => Moved successfully.
C:\Users\FABBY\Documents\HELP_TO_SAVE_FILES.txt => Moved successfully.
C:\Users\FABBY\AppData\Roaming\Microsoft\Windows\Start Menu\HELP_TO_SAVE_FILES.txt => Moved successfully.
C:\Users\FABBY\AppData\Local\HELP_TO_SAVE_FILES.txt => Moved successfully.
C:\Users\FABBY\Desktop\HELP_TO_SAVE_FILES.txt => Moved successfully.
C:\Users\FABBY\AppData\Roaming\HELP_TO_SAVE_FILES.txt => Moved successfully.
C:\Users\FABBY\AppData\HELP_TO_SAVE_FILES.txt => Moved successfully.
C:\Users\Public\Documents\HELP_TO_SAVE_FILES.txt => Moved successfully.
C:\ProgramData\HELP_TO_SAVE_FILES.txt => Moved successfully.
C:\Users\FABBY\Documents\RECOVERY_FILE.TXT => Moved successfully.
C:\Users\HELP_TO_SAVE_FILES.txt => Moved successfully.
C:\Users\FABBY\AppData\Roaming\key.dat => Moved successfully.
C:\Users\FABBY\AppData\Roaming\aeymrvb.exe => Moved successfully.
C:\Users\FABBY\Downloads\HELP_DECRYPT.PNG.ezz => Moved successfully.
C:\Users\FABBY\Downloads\HELP_DECRYPT.TXT.ezz => Moved successfully.
C:\Users\FABBY\Downloads\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\FABBY\Downloads\HELP_DECRYPT.URL => Moved successfully.
C:\Users\FABBY\Documents\HELP_DECRYPT.PNG.ezz => Moved successfully.
C:\Users\FABBY\Documents\HELP_DECRYPT.TXT.ezz => Moved successfully.
C:\Users\FABBY\Documents\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\FABBY\Documents\HELP_DECRYPT.URL => Moved successfully.
C:\Users\FABBY\AppData\HELP_DECRYPT.PNG.ezz => Moved successfully.
C:\Users\FABBY\AppData\HELP_DECRYPT.TXT.ezz => Moved successfully.
C:\Users\FABBY\AppData\Roaming\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\FABBY\AppData\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\FABBY\AppData\Roaming\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\FABBY\AppData\Roaming\HELP_DECRYPT.URL => Moved successfully.
C:\Users\FABBY\AppData\HELP_DECRYPT.URL => Moved successfully.
C:\Users\FABBY\AppData\Local\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\FABBY\AppData\Local\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\FABBY\AppData\Local\HELP_DECRYPT.URL => Moved successfully.
C:\ProgramData\HELP_DECRYPT.HTML => Moved successfully.
C:\ProgramData\HELP_DECRYPT.TXT => Moved successfully.
C:\ProgramData\HELP_DECRYPT.URL => Moved successfully.
"C:\Users\FABBY\AppData\Roaming\aeymrvb.exe" => File/Directory not found.
"C:\Users\FABBY\AppData\Roaming\HELP_DECRYPT.HTML" => File/Directory not found.
C:\Users\FABBY\AppData\Roaming\HELP_DECRYPT.PNG => Moved successfully.
"C:\Users\FABBY\AppData\Roaming\HELP_DECRYPT.TXT" => File/Directory not found.
"C:\Users\FABBY\AppData\Roaming\HELP_DECRYPT.URL" => File/Directory not found.
"C:\Users\FABBY\AppData\Roaming\HELP_TO_SAVE_FILES.txt" => File/Directory not found.
"C:\Users\FABBY\AppData\Roaming\key.dat" => File/Directory not found.
C:\Users\FABBY\AppData\Roaming\log.html => Moved successfully.
C:\Users\FABBY\AppData\Roaming\UserTile.png => Moved successfully.
"C:\Users\FABBY\AppData\Local\HELP_DECRYPT.HTML" => File/Directory not found.
C:\Users\FABBY\AppData\Local\HELP_DECRYPT.PNG => Moved successfully.
"C:\Users\FABBY\AppData\Local\HELP_DECRYPT.TXT" => File/Directory not found.
"C:\Users\FABBY\AppData\Local\HELP_DECRYPT.URL" => File/Directory not found.
"C:\Users\FABBY\AppData\Local\HELP_TO_SAVE_FILES.txt" => File/Directory not found.
C:\Users\FABBY\AppData\Local\lopmber.dll => Moved successfully.
"C:\ProgramData\HELP_DECRYPT.HTML" => File/Directory not found.
C:\ProgramData\HELP_DECRYPT.PNG => Moved successfully.
"C:\ProgramData\HELP_DECRYPT.TXT" => File/Directory not found.
"C:\ProgramData\HELP_DECRYPT.URL" => File/Directory not found.
"C:\ProgramData\HELP_TO_SAVE_FILES.txt" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{84CD9CE9-89B2-4A99-B8A5-70AB56079FC0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84CD9CE9-89B2-4A99-B8A5-70AB56079FC0}" => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FBF06D08-BD51-4A88-8715-40161E95A786}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FBF06D08-BD51-4A88-8715-40161E95A786}" => Key deleted successfully.
C:\Windows\System32\Tasks\4537 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4537" => Key deleted successfully.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 29-04-2015 01
Ran by FABBY at 2015-05-01 15:52:50 Run:1
Running from C:\Users\FABBY\Desktop
Loaded Profiles: FABBY (Available profiles: FABBY)
Boot Mode: Safe Mode (with Networking)
==============================================
Content of fixlist:
HKLM\...\Run: [AVSvc] => C:\Users\FABBY\AppData\Roaming\aeymrvb.exe [352768 2015-05-01] ()
HKU\S-1-5-21-1690268873-1756398334-584139300-1001\...\Run: [AVSvc] => C:\Users\FABBY\AppData\Roaming\aeymrvb.exe [352768 2015-05-01] ()
HKU\S-1-5-21-1690268873-1756398334-584139300-1001\...\Run: [BluetoothManager] => rundll32.exe "%appdata%\Microsoft\bstack.dll",bs_init
2015-05-01 12:30 - 2015-05-01 12:45 - 00002678 _____ () C:\Users\FABBY\Downloads\HELP_TO_SAVE_FILES.txt
2015-05-01 12:30 - 2015-05-01 12:45 - 00002678 _____ () C:\Users\FABBY\Documents\HELP_TO_SAVE_FILES.txt
2015-05-01 12:30 - 2015-05-01 12:45 - 00002678 _____ () C:\Users\FABBY\AppData\Roaming\Microsoft\Windows\Start Menu\HELP_TO_SAVE_FILES.txt
2015-05-01 12:30 - 2015-05-01 12:45 - 00002678 _____ () C:\Users\FABBY\AppData\Local\HELP_TO_SAVE_FILES.txt
2015-05-01 12:26 - 2015-05-01 12:45 - 00002678 _____ () C:\Users\FABBY\Desktop\HELP_TO_SAVE_FILES.txt
2015-05-01 12:26 - 2015-05-01 12:45 - 00002678 _____ () C:\Users\FABBY\AppData\Roaming\HELP_TO_SAVE_FILES.txt
2015-05-01 12:26 - 2015-05-01 12:45 - 00002678 _____ () C:\Users\FABBY\AppData\HELP_TO_SAVE_FILES.txt
2015-05-01 12:24 - 2015-05-01 12:44 - 00002678 _____ () C:\Users\Public\Documents\HELP_TO_SAVE_FILES.txt
2015-05-01 12:24 - 2015-05-01 12:44 - 00002678 _____ () C:\ProgramData\HELP_TO_SAVE_FILES.txt
2015-05-01 12:15 - 2015-05-01 12:44 - 00000232 _____ () C:\Users\FABBY\Documents\RECOVERY_FILE.TXT
2015-05-01 12:15 - 2015-05-01 12:15 - 00002678 _____ () C:\Users\HELP_TO_SAVE_FILES.txt
2015-05-01 12:15 - 2015-05-01 12:15 - 00000752 _____ () C:\Users\FABBY\AppData\Roaming\key.dat
2015-05-01 12:14 - 2015-05-01 12:14 - 00352768 _____ () C:\Users\FABBY\AppData\Roaming\aeymrvb.exe
2015-04-30 16:43 - 2015-05-01 12:30 - 00047252 _____ () C:\Users\FABBY\Downloads\HELP_DECRYPT.PNG.ezz
2015-04-30 16:43 - 2015-05-01 12:30 - 00004740 _____ () C:\Users\FABBY\Downloads\HELP_DECRYPT.TXT.ezz
2015-04-30 16:43 - 2015-04-30 16:43 - 00009036 _____ () C:\Users\FABBY\Downloads\HELP_DECRYPT.HTML
2015-04-30 16:43 - 2015-04-30 16:43 - 00000280 _____ () C:\Users\FABBY\Downloads\HELP_DECRYPT.URL
2015-04-30 16:40 - 2015-05-01 12:27 - 00047252 _____ () C:\Users\FABBY\Documents\HELP_DECRYPT.PNG.ezz
2015-04-30 16:40 - 2015-05-01 12:27 - 00004740 _____ () C:\Users\FABBY\Documents\HELP_DECRYPT.TXT.ezz
2015-04-30 16:40 - 2015-04-30 16:40 - 00009036 _____ () C:\Users\FABBY\Documents\HELP_DECRYPT.HTML
2015-04-30 16:40 - 2015-04-30 16:40 - 00000280 _____ () C:\Users\FABBY\Documents\HELP_DECRYPT.URL
2015-04-30 16:33 - 2015-05-01 12:25 - 00047252 _____ () C:\Users\FABBY\AppData\HELP_DECRYPT.PNG.ezz
2015-04-30 16:33 - 2015-05-01 12:25 - 00004740 _____ () C:\Users\FABBY\AppData\HELP_DECRYPT.TXT.ezz
2015-04-30 16:33 - 2015-04-30 16:33 - 00009036 _____ () C:\Users\FABBY\AppData\Roaming\HELP_DECRYPT.HTML
2015-04-30 16:33 - 2015-04-30 16:33 - 00009036 _____ () C:\Users\FABBY\AppData\HELP_DECRYPT.HTML
2015-04-30 16:33 - 2015-04-30 16:33 - 00004706 _____ () C:\Users\FABBY\AppData\Roaming\HELP_DECRYPT.TXT
2015-04-30 16:33 - 2015-04-30 16:33 - 00000280 _____ () C:\Users\FABBY\AppData\Roaming\HELP_DECRYPT.URL
2015-04-30 16:33 - 2015-04-30 16:33 - 00000280 _____ () C:\Users\FABBY\AppData\HELP_DECRYPT.URL
2015-04-30 16:20 - 2015-04-30 16:20 - 00009036 _____ () C:\Users\FABBY\AppData\Local\HELP_DECRYPT.HTML
2015-04-30 16:20 - 2015-04-30 16:20 - 00004706 _____ () C:\Users\FABBY\AppData\Local\HELP_DECRYPT.TXT
2015-04-30 16:20 - 2015-04-30 16:20 - 00000280 _____ () C:\Users\FABBY\AppData\Local\HELP_DECRYPT.URL
2015-04-30 15:46 - 2015-04-30 15:46 - 00009036 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-04-30 15:46 - 2015-04-30 15:46 - 00004706 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-04-30 15:46 - 2015-04-30 15:46 - 00000280 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-05-01 12:14 - 2015-05-01 12:14 - 0352768 _____ () C:\Users\FABBY\AppData\Roaming\aeymrvb.exe
2015-04-30 16:33 - 2015-04-30 16:33 - 0009036 _____ () C:\Users\FABBY\AppData\Roaming\HELP_DECRYPT.HTML
2015-04-30 16:33 - 2015-04-30 16:33 - 0047231 _____ () C:\Users\FABBY\AppData\Roaming\HELP_DECRYPT.PNG
2015-04-30 16:33 - 2015-04-30 16:33 - 0004706 _____ () C:\Users\FABBY\AppData\Roaming\HELP_DECRYPT.TXT
2015-04-30 16:33 - 2015-04-30 16:33 - 0000280 _____ () C:\Users\FABBY\AppData\Roaming\HELP_DECRYPT.URL
2015-05-01 12:26 - 2015-05-01 12:45 - 0002678 _____ () C:\Users\FABBY\AppData\Roaming\HELP_TO_SAVE_FILES.txt
2015-05-01 12:15 - 2015-05-01 12:15 - 0000752 _____ () C:\Users\FABBY\AppData\Roaming\key.dat
2015-05-01 12:15 - 2015-05-01 13:02 - 0721204 _____ () C:\Users\FABBY\AppData\Roaming\log.html
2012-02-04 17:53 - 2012-02-04 17:53 - 0022927 _____ () C:\Users\FABBY\AppData\Roaming\UserTile.png
2015-04-30 16:20 - 2015-04-30 16:20 - 0009036 _____ () C:\Users\FABBY\AppData\Local\HELP_DECRYPT.HTML
2015-04-30 16:20 - 2015-04-30 16:20 - 0047231 _____ () C:\Users\FABBY\AppData\Local\HELP_DECRYPT.PNG
2015-04-30 16:20 - 2015-04-30 16:20 - 0004706 _____ () C:\Users\FABBY\AppData\Local\HELP_DECRYPT.TXT
2015-04-30 16:20 - 2015-04-30 16:20 - 0000280 _____ () C:\Users\FABBY\AppData\Local\HELP_DECRYPT.URL
2015-05-01 12:30 - 2015-05-01 12:45 - 0002678 _____ () C:\Users\FABBY\AppData\Local\HELP_TO_SAVE_FILES.txt
2015-04-29 10:51 - 2015-04-29 10:51 - 0016896 _____ () C:\Users\FABBY\AppData\Local\lopmber.dll
2015-04-30 15:46 - 2015-04-30 15:46 - 0009036 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-04-30 15:46 - 2015-04-30 15:46 - 0047231 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-04-30 15:46 - 2015-04-30 15:46 - 0004706 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-04-30 15:46 - 2015-04-30 15:46 - 0000280 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-05-01 12:24 - 2015-05-01 12:44 - 0002678 _____ () C:\ProgramData\HELP_TO_SAVE_FILES.txt
Task: {84CD9CE9-89B2-4A99-B8A5-70AB56079FC0} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {FBF06D08-BD51-4A88-8715-40161E95A786} - System32\Tasks\4537 => Wscript.exe C:\Users\FABBY\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AVSvc => value deleted successfully.
HKU\S-1-5-21-1690268873-1756398334-584139300-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AVSvc => value deleted successfully.
HKU\S-1-5-21-1690268873-1756398334-584139300-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BluetoothManager => value deleted successfully.
C:\Users\FABBY\Downloads\HELP_TO_SAVE_FILES.txt => Moved successfully.
C:\Users\FABBY\Documents\HELP_TO_SAVE_FILES.txt => Moved successfully.
C:\Users\FABBY\AppData\Roaming\Microsoft\Windows\Start Menu\HELP_TO_SAVE_FILES.txt => Moved successfully.
C:\Users\FABBY\AppData\Local\HELP_TO_SAVE_FILES.txt => Moved successfully.
C:\Users\FABBY\Desktop\HELP_TO_SAVE_FILES.txt => Moved successfully.
C:\Users\FABBY\AppData\Roaming\HELP_TO_SAVE_FILES.txt => Moved successfully.
C:\Users\FABBY\AppData\HELP_TO_SAVE_FILES.txt => Moved successfully.
C:\Users\Public\Documents\HELP_TO_SAVE_FILES.txt => Moved successfully.
C:\ProgramData\HELP_TO_SAVE_FILES.txt => Moved successfully.
C:\Users\FABBY\Documents\RECOVERY_FILE.TXT => Moved successfully.
C:\Users\HELP_TO_SAVE_FILES.txt => Moved successfully.
C:\Users\FABBY\AppData\Roaming\key.dat => Moved successfully.
C:\Users\FABBY\AppData\Roaming\aeymrvb.exe => Moved successfully.
C:\Users\FABBY\Downloads\HELP_DECRYPT.PNG.ezz => Moved successfully.
C:\Users\FABBY\Downloads\HELP_DECRYPT.TXT.ezz => Moved successfully.
C:\Users\FABBY\Downloads\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\FABBY\Downloads\HELP_DECRYPT.URL => Moved successfully.
C:\Users\FABBY\Documents\HELP_DECRYPT.PNG.ezz => Moved successfully.
C:\Users\FABBY\Documents\HELP_DECRYPT.TXT.ezz => Moved successfully.
C:\Users\FABBY\Documents\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\FABBY\Documents\HELP_DECRYPT.URL => Moved successfully.
C:\Users\FABBY\AppData\HELP_DECRYPT.PNG.ezz => Moved successfully.
C:\Users\FABBY\AppData\HELP_DECRYPT.TXT.ezz => Moved successfully.
C:\Users\FABBY\AppData\Roaming\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\FABBY\AppData\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\FABBY\AppData\Roaming\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\FABBY\AppData\Roaming\HELP_DECRYPT.URL => Moved successfully.
C:\Users\FABBY\AppData\HELP_DECRYPT.URL => Moved successfully.
C:\Users\FABBY\AppData\Local\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\FABBY\AppData\Local\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\FABBY\AppData\Local\HELP_DECRYPT.URL => Moved successfully.
C:\ProgramData\HELP_DECRYPT.HTML => Moved successfully.
C:\ProgramData\HELP_DECRYPT.TXT => Moved successfully.
C:\ProgramData\HELP_DECRYPT.URL => Moved successfully.
"C:\Users\FABBY\AppData\Roaming\aeymrvb.exe" => File/Directory not found.
"C:\Users\FABBY\AppData\Roaming\HELP_DECRYPT.HTML" => File/Directory not found.
C:\Users\FABBY\AppData\Roaming\HELP_DECRYPT.PNG => Moved successfully.
"C:\Users\FABBY\AppData\Roaming\HELP_DECRYPT.TXT" => File/Directory not found.
"C:\Users\FABBY\AppData\Roaming\HELP_DECRYPT.URL" => File/Directory not found.
"C:\Users\FABBY\AppData\Roaming\HELP_TO_SAVE_FILES.txt" => File/Directory not found.
"C:\Users\FABBY\AppData\Roaming\key.dat" => File/Directory not found.
C:\Users\FABBY\AppData\Roaming\log.html => Moved successfully.
C:\Users\FABBY\AppData\Roaming\UserTile.png => Moved successfully.
"C:\Users\FABBY\AppData\Local\HELP_DECRYPT.HTML" => File/Directory not found.
C:\Users\FABBY\AppData\Local\HELP_DECRYPT.PNG => Moved successfully.
"C:\Users\FABBY\AppData\Local\HELP_DECRYPT.TXT" => File/Directory not found.
"C:\Users\FABBY\AppData\Local\HELP_DECRYPT.URL" => File/Directory not found.
"C:\Users\FABBY\AppData\Local\HELP_TO_SAVE_FILES.txt" => File/Directory not found.
C:\Users\FABBY\AppData\Local\lopmber.dll => Moved successfully.
"C:\ProgramData\HELP_DECRYPT.HTML" => File/Directory not found.
C:\ProgramData\HELP_DECRYPT.PNG => Moved successfully.
"C:\ProgramData\HELP_DECRYPT.TXT" => File/Directory not found.
"C:\ProgramData\HELP_DECRYPT.URL" => File/Directory not found.
"C:\ProgramData\HELP_TO_SAVE_FILES.txt" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{84CD9CE9-89B2-4A99-B8A5-70AB56079FC0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84CD9CE9-89B2-4A99-B8A5-70AB56079FC0}" => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FBF06D08-BD51-4A88-8715-40161E95A786}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FBF06D08-BD51-4A88-8715-40161E95A786}" => Key deleted successfully.
C:\Windows\System32\Tasks\4537 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4537" => Key deleted successfully.
End of Fixlog 17:21:22
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 628
1 mai 2015 à 17:37
1 mai 2015 à 17:37
ok, voici la suite :
Scan Malwarebytes (temps : environ 40min de scan):
==================================================
Télécharge et installe Malwarebyte : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Mets le à jour puis lance un examen.
A la fin du scan, clic sur "Mettre tout en quarantaine" en bas à gauche.
Redémarre l'ordinateur si besoin.
Après redémarrage, relance Malwarebytes.
Vas chercher le rapport dans l'onglet Historique.
A gauche Journal d'application.
Dans la liste, prends le scan log le plus récent.
Puis en bas Copier dans le presse papier
Vas sur http://pjjoint.malekal.com et en bas, clic droit / coller pour coller le rapport du scan Malwarebytes.
Clic sur envoyer.
Dans un nouveau message ici en réponse, donne le lien pjjoint afin de pouvoir consulter le rapport.
Scan Malwarebytes (temps : environ 40min de scan):
==================================================
Télécharge et installe Malwarebyte : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Mets le à jour puis lance un examen.
A la fin du scan, clic sur "Mettre tout en quarantaine" en bas à gauche.
Redémarre l'ordinateur si besoin.
Après redémarrage, relance Malwarebytes.
Vas chercher le rapport dans l'onglet Historique.
A gauche Journal d'application.
Dans la liste, prends le scan log le plus récent.
Puis en bas Copier dans le presse papier
Vas sur http://pjjoint.malekal.com et en bas, clic droit / coller pour coller le rapport du scan Malwarebytes.
Clic sur envoyer.
Dans un nouveau message ici en réponse, donne le lien pjjoint afin de pouvoir consulter le rapport.
Voici le rapport Scan Log de Malwarebytes :
http://pjjoint.malekal.com/files.php?id=20150501_e14t11w5u5w10
http://pjjoint.malekal.com/files.php?id=20150501_e14t11w5u5w10
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 628
1 mai 2015 à 17:52
1 mai 2015 à 17:52
fais une recherche de fichiers sur HELP_DECRYPT.TXT
et supprime tout.
Il reste quoi comme problème ?
et supprime tout.
Il reste quoi comme problème ?
Salut
HELP_DECRYPT.TXT je ne trouve pas de fichiers à ce nom
Après je sais pas si il reste des problèmes si ce virus est parti les rapports disent qu ils en restent d autres ??
J aurais souhaiter recuprer mes fichiers aussi ... vraiment aucunes solutions ??
Merci beaucoup pour ton aide
HELP_DECRYPT.TXT je ne trouve pas de fichiers à ce nom
Après je sais pas si il reste des problèmes si ce virus est parti les rapports disent qu ils en restent d autres ??
J aurais souhaiter recuprer mes fichiers aussi ... vraiment aucunes solutions ??
Merci beaucoup pour ton aide
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 628
1 mai 2015 à 18:04
1 mai 2015 à 18:04
Non aucune solution pour les documents.
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 628
1 mai 2015 à 18:12
1 mai 2015 à 18:12
oui,
Fais attention aux emails,
Le reste de la sécurité : http://forum.malekal.com/comment-securiser-son-ordinateur.html
Fais attention aux emails,
Le reste de la sécurité : http://forum.malekal.com/comment-securiser-son-ordinateur.html
Bonjour
Et avec ce type de soft : https://www.technibble.com/panda-ransomware-decrypt-tool-restore-encrypted-files/. Impossible de décrypter les fichiers ?
Merci
Et avec ce type de soft : https://www.technibble.com/panda-ransomware-decrypt-tool-restore-encrypted-files/. Impossible de décrypter les fichiers ?
Merci
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 628
3 mai 2015 à 11:40
3 mai 2015 à 11:40
Ca ne devrait pas fonctionner.
Ok merci
Et sait-on d'ou est venu le virus ?
Je ne telecharge Aucun keygen ni crackk depuis CET ordi je fais tout avec l'autre ..?
Et sait-on d'ou est venu le virus ?
Je ne telecharge Aucun keygen ni crackk depuis CET ordi je fais tout avec l'autre ..?
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 628
3 mai 2015 à 11:57
3 mai 2015 à 11:57
Tout est expliqué dans mon premier message.
