Ficher qui essaye de s'ouvrir (.js)

Résolu
Akadol -  
Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   -
Bonjour,
régulièrement un fichier (.js) tente de s'ouvrir
"Comment voulez-vous ouvrir ce type de fichier J.S ?"
j'ai donc fait le tuto Malekal et voici les liens :
http://pjjoint.malekal.com/files.php?id=FRST_20150719_r14l12g8y14y15
http://pjjoint.malekal.com/files.php?id=20150719_f5b9y6n14s7
http://pjjoint.malekal.com/files.php?id=20150719_g11o9r14w12s12
Merci d'avance : )

3 réponses

  1. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    Salut,

    Tu es infecté par des adwares, je te fais passer le fix FRST sou peu.
    0
    1. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
       
      Voici la correction à effectuer avec FRST.
      Tu peux t'inspirer de cette note explicative avec des captures d'écran pour t'aider: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/#fix

      Ouvre le bloc-notes : Touche Windows + R, dans le champs executer, tape notepad et OK.
      Copie/colle dedans ce qui suit :

      Task: {8DC1BD46-6726-4865-BEC1-ED0DBE3E9C46} - System32\Tasks\Dregol niso => C:\ProgramData\{6B2E83ED-3BAC-526B-8A2A-22E95AA8F167}\1.17.0.1\f <==== ATTENTION
      Task: {EEB5D3C4-7FBF-4FB4-8A21-556287576086} - System32\Tasks\MaxComputerCleaner_Start => C:\Program Files (x86)\Max Computer Cleaner\MaxComputerCleaner.exe <==== ATTENTION
      Task: C:\Windows\Tasks\Crossbrowse.job => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe <==== ATTENTION
      Task: {2B8989C4-D272-40F1-9C82-4D5BF93B7FB9} - System32\Tasks\Crossbrowse => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe <==== ATTENTION
      HKU\S-1-5-21-541154533-3994741895-25546961-1002\...\Run: [GoogleChromeAutoLaunch_D18D894BC5ED5599965254F0DA6E50DD] => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe --no-startup-window
      AppInit_DLLs-x32: C:\PROGRA~3\{6B2E8~1\1170~1.1\niso.dll => C:\ProgramData\{6B2E83ED-3BAC-526B-8A2A-22E95AA8F167}\1.17.0.1\niso.dll [778752 2015-05-07] ()
      Startup: C:\Users\felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk [2015-05-21]
      ShortcutTarget: crossbrowse.lnk -> C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (No File)
      R2 gykoruqo; C:\Users\felix\AppData\Roaming\34444335-1432236143-4736-4C53-8CDCD48D0A6F\hnsc85F3.tmp [368640 2015-05-21] () [File not signed]
      R2 Service Mgr GlassBottle; C:\ProgramData\51603d73-31f4-492f-a43e-5b71fef2ce15\plugincontainer.exe [648976 2015-07-19] ()
      S1 cherimoya; system32\drivers\cherimoya.sys [X]
      S1 innfd_1_10_0_14; system32\drivers\innfd_1_10_0_14.sys [X]
      R2 Update Mgr GlassBottle; C:\Program Files (x86)\Common Files\51603d73-31f4-492f-a43e-5b71fef2ce15\updater.exe [573712 2015-07-19] ()
      2015-07-02 15:29 - 2015-07-02 15:29 - 00000000 ____D C:\Users\felix\AppData\Roaming\nBrowser
      2015-07-19 20:28 - 2015-05-07 17:06 - 00000000 ____D C:\ProgramData\51603d73-31f4-492f-a43e-5b71fef2ce15
      2015-07-04 17:27 - 2015-05-15 17:36 - 00000000 ____D C:\Program Files (x86)\WEBZEN
      2015-07-04 17:27 - 2015-05-15 17:27 - 00000000 ____D C:\ProgramData\WEBZEN
      2015-02-01 16:15 - 2015-02-01 16:15 - 0000036 _____ () C:\Users\felix\AppData\Roaming\SuYZkvrV.tmp
      2015-05-21 21:56 - 2015-05-21 21:56 - 0613255 _____ (CMI Limited) C:\Users\felix\AppData\Local\nso989.tmp
      2015-05-21 22:50 - 2015-05-21 22:50 - 0613255 _____ (CMI Limited) C:\Users\felix\AppData\Local\nspD090.tmp
      2015-05-21 22:07 - 2015-05-21 22:06 - 0613255 _____ (CMI Limited) C:\Users\felix\AppData\Local\nsyA1F1.tmp
      2015-05-21 21:40 - 2015-05-21 21:40 - 0613255 _____ (CMI Limited) C:\Users\felix\AppData\Local\nsyE8D7.tmp


      Une fois, le texte coller dans le bloc-note.
      Menu Fichier puis Enregistrer sous.
      A gauche, place toi sur le bureau.F
      Dans le champs en bas, nom du fichier mets : fixlist.txt
      Clic sur Enregistrer - cela va créer un fichier fixlist.txt sur le bureau.

      Relance FRST et clic sur le bouton Fix
      Selon comment un redémarrage est nécessaire (pas obligatoire).
      Un fichier texte apparaît, copie/colle le contenu ici dans un nouveau message.

      Redémarre l'ordinateur


      puis réinitialise tes navigateurs:
      ==================================
      Réinitialise tes navigateurs et ou manuellement reparamètre tes navigateurs WEB (page de démarrage, moteur de recherche etc) mais aussi supprimer/désactiver les extensions inutiles/parasites :
      0
    2. Akadol
       
      Fix result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01
      Ran by felix at 2015-07-20 13:19:32 Run:1
      Running from C:\Users\felix\Downloads
      Loaded Profiles: felix (Available Profiles: felix)
      Boot Mode: Normal
      ==============================================

      fixlist content:

      Task: {8DC1BD46-6726-4865-BEC1-ED0DBE3E9C46} - System32\Tasks\Dregol niso => C:\ProgramData\{6B2E83ED-3BAC-526B-8A2A-22E95AA8F167}\1.17.0.1\f <==== ATTENTION
      Task: {EEB5D3C4-7FBF-4FB4-8A21-556287576086} - System32\Tasks\MaxComputerCleaner_Start => C:\Program Files (x86)\Max Computer Cleaner\MaxComputerCleaner.exe <==== ATTENTION
      Task: C:\Windows\Tasks\Crossbrowse.job => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe <==== ATTENTION
      Task: {2B8989C4-D272-40F1-9C82-4D5BF93B7FB9} - System32\Tasks\Crossbrowse => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe <==== ATTENTION
      HKU\S-1-5-21-541154533-3994741895-25546961-1002\...\Run: [GoogleChromeAutoLaunch_D18D894BC5ED5599965254F0DA6E50DD] => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe --no-startup-window
      AppInit_DLLs-x32: C:\PROGRA~3\{6B2E8~1\1170~1.1\niso.dll => C:\ProgramData\{6B2E83ED-3BAC-526B-8A2A-22E95AA8F167}\1.17.0.1\niso.dll [778752 2015-05-07] ()
      Startup: C:\Users\felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk [2015-05-21]
      ShortcutTarget: crossbrowse.lnk -> C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (No File)
      R2 gykoruqo; C:\Users\felix\AppData\Roaming\34444335-1432236143-4736-4C53-8CDCD48D0A6F\hnsc85F3.tmp [368640 2015-05-21] () [File not signed]
      R2 Service Mgr GlassBottle; C:\ProgramData\51603d73-31f4-492f-a43e-5b71fef2ce15\plugincontainer.exe [648976 2015-07-19] ()
      S1 cherimoya; system32\drivers\cherimoya.sys [X]
      S1 innfd_1_10_0_14; system32\drivers\innfd_1_10_0_14.sys [X]
      R2 Update Mgr GlassBottle; C:\Program Files (x86)\Common Files\51603d73-31f4-492f-a43e-5b71fef2ce15\updater.exe [573712 2015-07-19] ()
      2015-07-02 15:29 - 2015-07-02 15:29 - 00000000 ____D C:\Users\felix\AppData\Roaming\nBrowser
      2015-07-19 20:28 - 2015-05-07 17:06 - 00000000 ____D C:\ProgramData\51603d73-31f4-492f-a43e-5b71fef2ce15
      2015-07-04 17:27 - 2015-05-15 17:36 - 00000000 ____D C:\Program Files (x86)\WEBZEN
      2015-07-04 17:27 - 2015-05-15 17:27 - 00000000 ____D C:\ProgramData\WEBZEN
      2015-02-01 16:15 - 2015-02-01 16:15 - 0000036 _____ () C:\Users\felix\AppData\Roaming\SuYZkvrV.tmp
      2015-05-21 21:56 - 2015-05-21 21:56 - 0613255 _____ (CMI Limited) C:\Users\felix\AppData\Local\nso989.tmp
      2015-05-21 22:50 - 2015-05-21 22:50 - 0613255 _____ (CMI Limited) C:\Users\felix\AppData\Local\nspD090.tmp
      2015-05-21 22:07 - 2015-05-21 22:06 - 0613255 _____ (CMI Limited) C:\Users\felix\AppData\Local\nsyA1F1.tmp
      2015-05-21 21:40 - 2015-05-21 21:40 - 0613255 _____ (CMI Limited) C:\Users\felix\AppData\Local\nsyE8D7.tmp


      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8DC1BD46-6726-4865-BEC1-ED0DBE3E9C46}" => key removed successfully
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DC1BD46-6726-4865-BEC1-ED0DBE3E9C46}" => key removed successfully
      C:\Windows\System32\Tasks\Dregol niso => moved successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dregol niso" => key removed successfully
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EEB5D3C4-7FBF-4FB4-8A21-556287576086}" => key removed successfully
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EEB5D3C4-7FBF-4FB4-8A21-556287576086}" => key removed successfully
      C:\Windows\System32\Tasks\MaxComputerCleaner_Start => moved successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MaxComputerCleaner_Start" => key removed successfully
      C:\Windows\Tasks\Crossbrowse.job => moved successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2B8989C4-D272-40F1-9C82-4D5BF93B7FB9}" => key removed successfully
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B8989C4-D272-40F1-9C82-4D5BF93B7FB9}" => key removed successfully
      C:\Windows\System32\Tasks\Crossbrowse => moved successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Crossbrowse" => key removed successfully
      HKU\S-1-5-21-541154533-3994741895-25546961-1002\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_D18D894BC5ED5599965254F0DA6E50DD => value removed successfully
      "C:\PROGRA~3\{6B2E8~1\1170~1.1\niso.dll" => value data removed successfully.
      C:\Users\felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk => moved successfully.
      C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe not found.
      gykoruqo => Unable to stop service.
      gykoruqo => Service removed successfully
      Service Mgr GlassBottle => Unable to stop service.
      Service Mgr GlassBottle => Service removed successfully
      cherimoya => Service removed successfully
      innfd_1_10_0_14 => Service removed successfully
      Update Mgr GlassBottle => Unable to stop service.
      Update Mgr GlassBottle => Service removed successfully
      C:\Users\felix\AppData\Roaming\nBrowser => moved successfully.

      "C:\ProgramData\51603d73-31f4-492f-a43e-5b71fef2ce15" folder move:

      Could not move "C:\ProgramData\51603d73-31f4-492f-a43e-5b71fef2ce15" folder => Scheduled to move on reboot.

      C:\Program Files (x86)\WEBZEN => moved successfully.
      C:\ProgramData\WEBZEN => moved successfully.
      C:\Users\felix\AppData\Roaming\SuYZkvrV.tmp => moved successfully.
      C:\Users\felix\AppData\Local\nso989.tmp => moved successfully.
      C:\Users\felix\AppData\Local\nspD090.tmp => moved successfully.
      C:\Users\felix\AppData\Local\nsyA1F1.tmp => moved successfully.
      C:\Users\felix\AppData\Local\nsyE8D7.tmp => moved successfully.

      Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-07-20 13:23:02)<=

      C:\ProgramData\51603d73-31f4-492f-a43e-5b71fef2ce15 => Is moved successfully

      End of Fixlog 13:23:02

      0
  2. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    fais le reste t vois ce que cela donne.
    0
    1. Akadol
       
      je pense que c'est réglé
      merci beaucoup :-D
      0
  3. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    =)

    Voila, c'est terminé, tu peux supprimer les programmes utilisés.

    Quelques conseils :

    Pour prévenir les sites malicieux, tu peux installer Blockulicious : https://forum.malekal.com/viewtopic.php?t=46656&start=

    Pour ne plus te faire avoir.
    A lire - Programmes parasites / PUPs : https://www.malekal.com/adwares-pup-protection/
    (Surtout active les détections LPIs pour détecter les programmes parasites et publicitaires)

    Le reste de la sécurité : http://forum.malekal.com/comment-securiser-son-ordinateur.html

    0