Search

bonjour,

oui ici ---->http://pjjoint.malekal.com/files.php?id=20161128_s13j10j11e9i8

merci 

Hello, Pelle!

It's sad to say, but all versions of Locky ransomware, including .shit can't be decrypted. The only thing that you can do is to delete the virus from your PC and try to avoid the suchlike infection next time. Of course, you should keep the encrypted files somewhere, to be able to decrypt them when the decryption tool will be released. If you're interested in this - this article m...

Delfix.txt: 

# DelFix v1.013 - Logfile created 26/11/2016 at 21:14:24 # Updated 17/04/2016 by Xplode # Username : M2-1900 - DESKTOP-KCS8S2N # Operating System : Windows 10 Pro  (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST Deleted : C:\AdwCleaner Deleted : C:\Users\M2-1900\Downloads\Addition.txt Deleted : C:\Users\M2-1900\Downloads\adwcleaner_6.000 (1...

Hello,

Thanks!

So, we'll remove the tools we've used:

• Download DelFix from Xplode on your desktop;
• Launch it with administrator rights;
• Select all the option except the one proposing to save the registry;
• Then click on the "Execute" button;
• When everything is finish, the software will close itself;
• Then a report appear on the notepad, please copy paste it's content in your answer.

Final...

Hello,

Fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 23-11-2016 Ran by M2-1900 (26-11-2016 08:42:31) Run:1 Running from C:\Users\M2-1900\Downloads Loaded Profiles: M2-1900 (Available Profiles: M2-1900) Boot Mode: Normal ==============================================

fixlist content: ***************** CloseProcesses: R1 UCGuard; C:\WINDOWS\System32\DRIVERS\ucguard.sys [81792 ...

Hello,

Thanks. So, you can uninstall:

- McAfee,

- AdAware  

Then, we'll use FRST to remove the UCGuard remaining:

Download fixlist.txt file and save it to the Desktop (with the name "fixlist.txt")

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that ...

Voici le rapport et si je comprend bien, ce serait la protection internet de IObit  Surfing Protection qui serait un faux positif? C'est bien celle que je retrouve à chaque nettoyage d'Adwcleaner. 

http://pjjoint.malekal.com/files.php?id=FRST_20161125_j15n6v6i13r8

Hello,

Addition: https://up2sha.re/file?f=cRDLGy2Z1KMQ

FRST: https://up2sha.re/file?f=I7EvDbiQQIp6

Thanks.

Thanks.

To remove the remaining service, can you do the following?

• Download FRST
• Right-click on the file -> "Execute as Administrator"
• Please also check Shortcut.txt
• Click on the "Scan" button
• The logfile is saved as FRST.txt , and additional informations are in Addition.txt.
• Please host them on Up2Share and share the generated link.

Thanks,

Rapport après ZHP Diag;

http://pjjoint.malekal.com/files.php?id=20161125_m8g13t13o15v5