Il restait quelques traces du cryptoware mais non actives, Avira l'a bien dégagé.
Le malware a créé beaucoup de fichiers HELP_DECRYPT sur le PC. Ils sont sans danger mais tu peux les supprimer en faisant une recherche sur le terme dans l'explorateur de fichier.
Dans un premier temps, désinstalle les programmes suivants:
- Boxore Client
- LookThisUp
- McAfee Security Scan Plus
Puis applique ce qui suit:
==> FRST Correction
- Appuyer simultanément sur les touches du clavier Windows et R
- Une fenêtre va s'ouvrir, taper ceci : notepad
- Cliquer sur OK
Note : Le bloc-notes va s'ouvrir
- Copier toutes les lignes en gras ci dessous :
Start
EmptyTemp:
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
HKLM\...\Run: [ROC_roc_dec12] => "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
C:\Program Files\AVG Secure Search
HKU\S-1-5-21-993196116-623392384-1018098341-1000\...\Run: [vznpoat] => rundll32 ",vznpoat
HKU\S-1-5-21-993196116-623392384-1018098341-1000\...\Run: [bunmima] => C:\Windows\system32\rundll32.exe ",bunmima
HKU\S-1-5-21-993196116-623392384-1018098341-1000\...\Run: [ujkbvnr] => rundll32 ",ujkbvnr
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2010-04-12]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Laure\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\42A37BDB8.lnk [2015-04-17]
ShortcutTarget: 42A37BDB8.lnk -> C:\ProgramData\8BDB73A24.cpp ()
HKU\S-1-5-21-993196116-623392384-1018098341-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-993196116-623392384-1018098341-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://kogoa.com
URLSearchHook: [S-1-5-21-993196116-623392384-1018098341-1000] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> DefaultScope {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKU\S-1-5-21-993196116-623392384-1018098341-1000 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKU\S-1-5-21-993196116-623392384-1018098341-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKU\S-1-5-21-993196116-623392384-1018098341-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-993196116-623392384-1018098341-1000 -> No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012-03-15]
FF Extension: Boxore - C:\Users\Laure\AppData\Roaming\Mozilla\Firefox\Profiles\f0hc44yd.default\Extensions\{E77F341C-F32E-40AA-8829-AA785C7D9316}.xpi [2014-11-19]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
CHR Extension: (McAfee Security Scan+) - C:\Users\Laure\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-02-25]
CHR Extension: (No Name) - C:\Users\Laure\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba [2014-11-23]
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
2015-05-08 09:00 - 2015-05-08 09:00 - 00000000 ____D C:\Program Files\Boxore
2015-06-02 16:51 - 2014-11-19 15:41 - 00000000 ____D C:\Users\Laure\AppData\Local\Boxore
2015-06-02 16:51 - 2014-11-16 19:20 - 00000000 ____D C:\Users\Arnaud\AppData\Local\Boxore
2015-04-25 19:31 - 2015-04-25 19:31 - 0000223 _____ () C:\Users\Laure\AppData\Roaming\6453jueywq121aaa
2014-10-02 14:06 - 2014-10-02 14:08 - 0000322 _____ () C:\Users\Laure\AppData\Roaming\aps.uninstall.scan.results
2015-04-17 15:17 - 2015-04-17 15:17 - 0000374 _____ () C:\Users\Laure\AppData\Roaming\hbkai01iajah1
2015-04-17 18:44 - 2015-04-17 18:44 - 0009084 _____ () C:\Users\Laure\AppData\Roaming\HELP_DECRYPT.HTML
2015-04-17 18:44 - 2015-04-17 18:44 - 0047121 _____ () C:\Users\Laure\AppData\Roaming\HELP_DECRYPT.PNG
2015-04-17 18:44 - 2015-04-17 18:44 - 0004730 _____ () C:\Users\Laure\AppData\Roaming\HELP_DECRYPT.TXT
2015-04-17 18:44 - 2015-04-17 18:44 - 0000292 _____ () C:\Users\Laure\AppData\Roaming\HELP_DECRYPT.URL
2014-10-02 15:04 - 2014-11-12 19:04 - 0000125 _____ () C:\Users\Laure\AppData\Roaming\WB.CFG
2008-12-22 23:08 - 2015-04-26 09:00 - 0015504 _____ () C:\Users\Laure\AppData\Local\d3d9caps.dat
2015-04-17 18:43 - 2015-04-17 18:43 - 0009084 _____ () C:\Users\Laure\AppData\Local\HELP_DECRYPT.HTML
2015-04-17 18:43 - 2015-04-17 18:43 - 0047121 _____ () C:\Users\Laure\AppData\Local\HELP_DECRYPT.PNG
2015-04-17 18:43 - 2015-04-17 18:43 - 0004730 _____ () C:\Users\Laure\AppData\Local\HELP_DECRYPT.TXT
2015-04-17 18:43 - 2015-04-17 18:43 - 0000292 _____ () C:\Users\Laure\AppData\Local\HELP_DECRYPT.URL
2014-10-02 14:05 - 2014-10-02 14:05 - 0612125 _____ (ClickMeIn Limited) C:\Users\Laure\AppData\Local\nsw24D0.tmp
2015-04-17 18:43 - 2015-04-17 18:43 - 0009084 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-04-17 18:43 - 2015-04-17 18:43 - 0047121 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-04-17 18:43 - 2015-04-17 18:43 - 0004730 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-04-17 18:43 - 2015-04-17 18:43 - 0000292 _____ () C:\ProgramData\HELP_DECRYPT.URL
C:\Users\Arnaud\AppData\Local\Temp\AskSLib.dll
Task: {0245AA14-416E-4026-AFCA-93B609E8C540} - \SoftwareUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {0B6BA7B9-53E6-4023-B2A8-9B539E77EB7D} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
C:\Program Files\MyPC Backup\Signup Wizard.exe
Task: {0D5DD64F-7747-48A0-91DE-C326A350693E} - \WSE_Astromenda No Task File <==== ATTENTION
Task: {247BF467-B219-4683-BD75-89AAB96E5E95} - \APSnotifierPP3 No Task File <==== ATTENTION
Task: {4D15DA31-78B8-4CFF-898B-968267CD52AD} - System32\Tasks\0914avtUpdateInfo => C:\ProgramData\Avg_Update_0914avt\0914avt_AVG-Secure-Search-Update.exe [2014-09-14] ()
C:\ProgramData\Avg_Update_0914avt\0914avt_AVG-Secure-Search-Update.exe
Task: {7387B9BE-7804-41A2-979C-2E57613F35EA} - \APSnotifierPP1 No Task File <==== ATTENTION
Task: {8C8F6B54-FDA4-47CF-A44F-D6687064CCB3} - \APSnotifierPP2 No Task File <==== ATTENTION
Task: {91671854-7F8B-4454-AAA9-AD5A9E1E4C83} - \BlockAndSurf Update No Task File <==== ATTENTION
Task: {C278C5AA-600A-4EC6-A89D-758A803AF502} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files\RCP\RegCleanPro.exe <==== ATTENTION
C:\Program Files\RCP\RegCleanPro.exe
Task: {D8F82EDB-900A-4616-ABDC-A75A68672880} - \ASP No Task File <==== ATTENTION
Task: C:\Windows\Tasks\0914avtUpdateInfo.job => C:\ProgramData\Avg_Update_0914avt\0914avt_AVG-Secure-Search-Update.exe
FirewallRules: [{AA80FF1F-8D80-49C7-8B78-0FEBFB0BE739}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{4E77FAF3-2056-42DC-BFD3-C5702A09EB20}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
C:\Program Files\AVG\AVG2015\avgmfapx.exe
End
- Retourner dans le bloc note puis coller les lignes copiées.
- Cliquer sur la rubrique Fichier du bloc note, puis Enregistrer sous ..., nommer le rapport fixlist et enregistrer le sur le bureau.
- A partir du bureau, lancer FRST par un clique droit puis "Exécuter en tant qu'administrateur"
- Cliquer sur Fix
Note : Patienter le temps de la suppression
- Une fois le scan terminé, un rapport Fixlog.txt a été créé sur le bureau.
- Héberge le rapport sur www.Cjoint.com, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum.