Rapport de suppression (en mode Administrateur cette fois
) :
############################## | UsbFix V 7.147 | [Suppression]
Utilisateur: Gregoire (Administrateur) # SEVENCPU
Mis à jour le 30/10/2013 par El Desaparecido - Team SosVirus
Lancé à 19:35:58 | 01/11/2013
Site Web:
Forum :
https://www.sosvirus.net/ Upload Malware:
https://www.sosvirus.net/upload_malware.php Contact:
PC: ASUSTeK Computer INC. (P6T)
CPU: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz
RAM -> [Total : 6134 | Free : 4584]
Bios: American Megatrends Inc.
Boot: Normal boot
OS: Microsoft Windows 7 à‰dition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16721
WB: Google Chrome : 30.0.1599.101
WB: Mozilla Firefox : 24.0
WB: Safari : 534.50
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Avira Desktop [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
AS: Malwarebytes' Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 140 Go (32 Go libre(s) - 23%) [Velociraptor_A] # NTFS
D:\ -> CD-ROM
E:\ -> Disque fixe # 17 Go (10 Go libre(s) - 60%) [] # NTFS
F:\ -> Disque fixe # 144 Go (23 Go libre(s) - 16%) [Sam_2] # NTFS
G:\ -> Disque fixe # 140 Go (9 Go libre(s) - 6%) [Velociraptor_B] # NTFS
H:\ -> Disque fixe # 137 Go (24 Go libre(s) - 17%) [Sam_3] # NTFS
I:\ -> Disque fixe # 466 Go (34 Go libre(s) - 7%) [Samsung F1_A] # NTFS
J:\ -> Disque amovible # 2 Go (791 Mo libre(s) - 40%) [] # FAT
L:\ -> Disque fixe # 466 Go (128 Go libre(s) - 28%) [LaCie Rikiki] # NTFS
################## | Référence de comparaison MD5 |
Md5 : e89028d8068170e606aa0996d457aaa3 -> C:\Users\Public\jusched.exe
################## | Processus Stoppés |
Stoppé! C:\Windows\system32\atiesrxx.exe (ID: 836 |ParentID: 552)
Stoppé! C:\Windows\system32\atieclxx.exe (ID: 1252 |ParentID: 836)
Stoppé! C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (ID: 1356 |ParentID: 552)
Stoppé! C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (ID: 1540 |ParentID: 552)
Stoppé! C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 1572 |ParentID: 552)
Stoppé! C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe (ID: 1668 |ParentID: 552)
Stoppé! C:\Windows\SysWOW64\PnkBstrA.exe (ID: 1692 |ParentID: 552)
Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 1832 |ParentID: 552)
Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 1880 |ParentID: 1832)
Stoppé! C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (ID: 1420 |ParentID: 1540)
Stoppé! C:\Windows\system32\SearchIndexer.exe (ID: 2856 |ParentID: 552)
Stoppé! C:\Windows\system32\taskhost.exe (ID: 2608 |ParentID: 552)
Stoppé! C:\Windows\Explorer.EXE (ID: 2812 |ParentID: 2808)
Stoppé! C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe (ID: 2012 |ParentID: 2884)
Stoppé! C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (ID: 892 |ParentID: 2884)
Stoppé! C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (ID: 2100 |ParentID: 2884)
Stoppé! C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ID: 2288 |ParentID: 2132)
Stoppé! C:\Program Files (x86)\Razer\DeathAdder\razertra.exe (ID: 696 |ParentID: 2012)
Stoppé! C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe (ID: 1968 |ParentID: 2012)
Stoppé! C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ID: 2992 |ParentID: 2288)
Stoppé! C:\Windows\SysWOW64\explorer.exe (ID: 3028 |ParentID: 684)
Stoppé! C:\Users\Gregoire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jusched.exe (ID: 3176 |ParentID: 684)
Stoppé! C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (ID: 3856 |ParentID: 552)
################## | Regedit Run |
HKLM\SOFTWARE | Run : [] -
HKLM\SOFTWARE | Run : [DeathAdder] - C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
HKLM\SOFTWARE | Run : [NUSB3MON] - "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\SOFTWARE | Run : [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
HKLM\SOFTWARE | Run : [jusched7] - C:\Users\Public\jusched.exe
HKLM\SOFTWARE\wow6432Node | Run : [] -
HKLM\SOFTWARE\wow6432Node | Run : [DeathAdder] - C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
HKLM\SOFTWARE\wow6432Node | Run : [NUSB3MON] - "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
HKLM\SOFTWARE\wow6432Node | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\SOFTWARE\wow6432Node | Run : [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
HKLM\SOFTWARE\wow6432Node | Run : [jusched7] - C:\Users\Public\jusched.exe
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKLM\SOFTWARE | Policies\Explorer\run : [jusched9] - C:\Users\Public\jusched.exe
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2841560078-4150325420-3540864128-1001\SOFTWARE | Run : [8jusched] - C:\Users\Public\jusched.exe
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-21-2841560078-4150325420-3540864128-1001\SOFTWARE | Policies\Explorer\run : [jusched9] - C:\Users\Public\jusched.exe
################## | Recherche générique |
Supprimé! C:\Users\Gregoire\AppData\Roaming\04100000\ak.tmp
Supprimé! C:\Users\Gregoire\AppData\Roaming\04100000
Supprimé! C:\Users\Public\jusched.exe
Supprimé! C:\Users\Gregoire\AppData\Roaming\Gregoire-wchelper.dll
Supprimé! C:\Users\Gregoire\AppData\Local\Temp\Gregoire7
Supprimé! C:\Users\Gregoire\AppData\Local\Temp\Gregoire8
(!) Fichiers temporaires supprimés.
################## | Comparaison MD5 |
################## | Registre |
Supprimé! HKU\S-1-5-21-2841560078-4150325420-3540864128-1001\Software\Microsoft\Windows\CurrentVersion\Run|8jusched
################## | Listing |
[31/10/2013 - 19:09:01 | SHD ] C:\$Recycle.Bin
[02/10/2013 - 11:47:28 | D ] C:\ASUS.000
[13/05/2009 - 08:31:56 | D ] C:\ASUS.SYS
[10/11/2009 - 11:37:45 | D ] C:\ATI
[24/03/2011 - 00:29:04 | D ] C:\BigFishGamesCache
[11/08/2011 - 03:39:51 | SHD ] C:\Boot
[20/11/2010 - 13:40:07 | RASH | 383786] C:\bootmgr
[10/11/2009 - 13:21:50 | RASH | 8192] C:\BOOTSECT.BAK
[13/08/2009 - 23:27:40 | D ] C:\CanoScan
[13/02/2012 - 19:43:10 | N | 37735] C:\crossloopservice.log
[14/07/2009 - 06:08:56 | SHD ] C:\Documents and Settings
[29/10/2013 - 13:12:44 | D ] C:\DOWNLOADS
[01/11/2013 - 10:54:20 | D ] C:\Flashgot
[16/02/2012 - 16:22:47 | D ] C:\found.000
[01/11/2013 - 19:17:37 | ASH | 4824064000] C:\hiberfil.sys
[13/05/2009 - 08:09:58 | D ] C:\Intel
[01/11/2013 - 19:17:39 | ASH | 6432088064] C:\pagefile.sys
[14/07/2009 - 04:20:08 | D ] C:\PerfLogs
[31/10/2013 - 19:03:56 | D ] C:\Pre_Scan
[31/10/2013 - 19:03:20 | N | 26117] C:\Pre_Scan_31_10_2013_19_03_20.txt
[04/03/2013 - 10:59:32 | D ] C:\Program Files
[30/10/2013 - 18:38:57 | D ] C:\Program Files (x86)
[30/10/2013 - 23:30:16 | HD ] C:\ProgramData
[13/05/2009 - 08:25:00 | D ] C:\RaidTool
[10/11/2009 - 14:02:11 | SHD ] C:\Recovery
[13/05/2009 - 08:20:00 | N | 473] C:\RHDSetup.log
[13/05/2009 - 08:32:02 | N | 57] C:\splash.idx
[31/10/2013 - 16:19:16 | SHD ] C:\System Volume Information
[22/05/2001 - 09:13:32 | N | 68578] C:\tarawin.bmp
[01/11/2013 - 19:44:02 | D ] C:\UsbFix
[30/10/2013 - 23:31:46 | N | 15558] C:\UsbFix [Clean 1] SEVENCPU.txt
[01/11/2013 - 18:58:55 | N | 16028] C:\UsbFix [Clean 2] SEVENCPU.txt
[01/11/2013 - 19:04:48 | N | 12959] C:\UsbFix [Clean 3] SEVENCPU.txt
[01/11/2013 - 19:45:27 | A | 8192] C:\UsbFix [Clean 4] SEVENCPU.txt
[30/10/2013 - 23:24:32 | N | 10066] C:\UsbFix [Scan 1] SEVENCPU.txt
[31/10/2013 - 20:48:07 | N | 8809] C:\UsbFix [Scan 2] SEVENCPU.txt
[01/11/2013 - 15:16:13 | N | 8940] C:\UsbFix [Scan 3] SEVENCPU.txt
[01/11/2013 - 19:11:38 | N | 5870] C:\UsbFix [Scan 4] SEVENCPU.txt
[12/03/2011 - 13:46:31 | RD ] C:\Users
[18/11/2008 - 09:25:20 | N | 5632] C:\version
[01/11/2013 - 19:17:39 | D ] C:\Windows
[01/01/1995 - 01:00:00 | R | 44] D:\Track01.cda
[01/01/1995 - 01:00:00 | R | 44] D:\Track02.cda
[01/01/1995 - 01:00:00 | R | 44] D:\Track03.cda
[01/01/1995 - 01:00:00 | R | 44] D:\Track04.cda
[01/01/1995 - 01:00:00 | R | 44] D:\Track05.cda
[01/01/1995 - 01:00:00 | R | 44] D:\Track06.cda
[01/01/1995 - 01:00:00 | R | 44] D:\Track07.cda
[01/01/1995 - 01:00:00 | R | 44] D:\Track08.cda
[01/01/1995 - 01:00:00 | R | 44] D:\Track09.cda
[01/01/1995 - 01:00:00 | R | 44] D:\Track10.cda
[12/03/2011 - 13:46:37 | SHD ] E:\$RECYCLE.BIN
[26/10/2009 - 14:30:07 | N | 0] E:\AUTOEXEC.BAT
[31/10/2013 - 18:42:51 | D ] E:\Autorun.inf
[08/01/2010 - 17:17:28 | N | 53] E:\biosinfo
[01/12/2009 - 10:35:38 | N | 216] E:\boot.ini
[22/07/2003 - 17:31:11 | N | 4952] E:\Bootfont.bin
[30/10/2009 - 13:40:34 | D ] E:\CanoScan
[26/10/2009 - 14:30:07 | N | 0] E:\CONFIG.SYS
[26/10/2009 - 14:41:00 | D ] E:\Documents and Settings
[26/10/2009 - 14:30:07 | N | 0] E:\IO.SYS
[26/10/2009 - 14:30:07 | N | 0] E:\MSDOS.SYS
[27/10/2009 - 02:57:35 | N | 47564] E:\NTDETECT.COM
[27/10/2009 - 03:18:19 | N | 252240] E:\ntldr
[24/11/2009 - 06:56:22 | D ] E:\NVIDIA
[15/01/2013 - 18:33:11 | N | 2145386496] E:\pagefile.sys
[18/06/2012 - 18:02:03 | D ] E:\program files
[27/10/2009 - 02:19:24 | SHD ] E:\RECYCLER
[27/10/2009 - 03:02:40 | SHD ] E:\System Volume Information
[18/06/2012 - 18:02:12 | D ] E:\WINDOWS
[12/03/2011 - 13:46:37 | SHD ] F:\$RECYCLE.BIN
[12/03/2010 - 12:16:21 | D ] F:\A VENDRE
[31/10/2013 - 18:42:51 | D ] F:\Autorun.inf
[13/05/2009 - 01:47:34 | D ] F:\eBay
[08/09/2008 - 14:13:27 | D ] F:\img à trier
[30/08/2010 - 21:41:51 | D ] F:\JOUER
[01/03/2009 - 20:30:17 | D ] F:\jv16 PowerTools 2008
[03/11/2009 - 14:07:44 | D ] F:\Outils
[29/10/2010 - 04:10:01 | D ] F:\Program Files
[27/10/2009 - 02:43:11 | SHD ] F:\RECYCLER
[25/09/2009 - 08:30:38 | D ] F:\SAVE
[30/04/2009 - 02:05:12 | SHD ] F:\System Volume Information
[12/03/2010 - 12:16:26 | D ] F:\Utiliser
[07/05/2009 - 09:42:34 | D ] F:\WUTemp
[12/03/2011 - 13:46:37 | SHD ] G:\$RECYCLE.BIN
[31/10/2013 - 18:42:51 | D ] G:\Autorun.inf
[15/02/2012 - 11:11:45 | SD ] G:\Config.Msi
[17/02/2012 - 22:03:57 | N | 1286] G:\dépanner Steam.rtf
[16/02/2012 - 13:51:42 | D ] G:\GAMES
[01/12/2006 - 22:37:14 | N | 904704] G:\msdia80.dll
[16/02/2012 - 13:35:28 | D ] G:\Program files portables
[01/11/2013 - 15:47:18 | D ] G:\Steam
[17/05/2011 - 02:42:29 | SHD ] G:\System Volume Information
[08/02/2013 - 09:55:05 | D ] G:\VOIR
[12/03/2011 - 13:46:38 | SHD ] H:\$RECYCLE.BIN
[27/10/2008 - 02:06:30 | D ] H:\1f6eab4d20980dcf9b217f894da0baa8
[19/09/2010 - 18:12:30 | D ] H:\6948e543256be5e53c65
[31/10/2013 - 18:42:51 | D ] H:\Autorun.inf
[25/05/2011 - 18:07:24 | D ] H:\CREER
[01/11/2013 - 13:14:49 | D ] H:\DOWNLOADS
[13/09/2011 - 20:39:46 | D ] H:\GAMES
[25/10/2011 - 18:04:58 | D ] H:\Intel i920 syst
[27/08/2013 - 22:15:04 | D ] H:\JOUER
[27/03/2013 - 11:33:57 | D ] H:\MSN smileys
[18/06/2012 - 18:35:55 | D ] H:\papiers importants
[23/09/2010 - 09:10:50 | D ] H:\Photos
[27/10/2009 - 02:43:11 | SHD ] H:\RECYCLER
[30/04/2009 - 02:05:12 | SHD ] H:\System Volume Information
[16/02/2012 - 01:56:05 | D ] H:\VIDEO
[28/03/2013 - 01:08:52 | D ] H:\_back up C
[30/03/2011 - 18:28:11 | SHD ] I:\$RECYCLE.BIN
[29/09/2009 - 00:05:41 | D ] I:\903e01d8000148acb3
[19/11/2009 - 03:02:34 | D ] I:\ae117db75bbb846c39f615d03a9745
[31/10/2013 - 18:42:51 | D ] I:\Autorun.inf
[27/10/2009 - 03:27:50 | D ] I:\bb52117c2b2229f0bffb5ffa
[20/07/2011 - 02:54:36 | D ] I:\DOWNLOADS
[12/09/2011 - 01:58:23 | D ] I:\IMAGES
[01/12/2006 - 23:37:14 | N | 904704] I:\msdia80.dll
[02/09/2013 - 23:38:36 | D ] I:\msdownld.tmp
[21/07/2009 - 09:53:58 | D ] I:\MUSIQUE
[22/10/2009 - 18:30:59 | D ] I:\ORBEAT
[23/02/2012 - 05:05:39 | D ] I:\PHOTOS PERSO
[27/10/2009 - 02:43:11 | SHD ] I:\RECYCLER
[31/10/2013 - 13:59:10 | D ] I:\SAVE THE C
[22/10/2009 - 18:32:05 | D ] I:\save the SAM Go
[28/09/2009 - 21:53:09 | SHD ] I:\System Volume Information
[22/10/2009 - 18:30:51 | RASH | 13312] I:\Thumbs.db
[25/10/2011 - 17:38:01 | D ] I:\VIDEO
[11/01/2013 - 20:01:52 | D ] I:\WORK
[08/08/2013 - 10:00:32 | D ] J:\URBA
[19/05/2013 - 02:42:22 | N | 368723] J:\Sans titre.png
[12/06/2013 - 17:04:46 | N | 126056] J:\carte_id.JPG
[30/04/2013 - 00:00:14 | D ] J:\music
[09/05/2013 - 19:19:34 | N | 3378440] J:\Carte id.pdf
[22/05/2013 - 11:35:30 | N | 893] J:\Nouveau document texte.txt
[21/10/2013 - 15:54:46 | N | 2430500] J:\facture_Orange.pdf
[01/11/2013 - 19:04:44 | RASHD ] J:\Autorun.inf
[03/04/2013 - 21:23:49 | SHD ] L:\$RECYCLE.BIN
[02/07/2013 - 09:48:05 | D ] L:\ACTUAL
[28/02/2012 - 15:29:18 | D ] L:\arcade
[31/10/2013 - 18:42:51 | D ] L:\Autorun.inf
[31/10/2013 - 13:52:46 | D ] L:\BUY NIPPON
[04/05/2013 - 18:13:16 | D ] L:\CV
[30/10/2011 - 11:56:47 | | 249221] L:\dragon.pdf
[16/10/2013 - 19:48:54 | D ] L:\films
[13/07/2013 - 15:15:42 | D ] L:\Fonts
[31/10/2013 - 13:30:32 | D ] L:\LACIE
[11/10/2013 - 16:18:04 | D ] L:\licenciement
[04/03/2013 - 11:12:42 | D ] L:\Logiciels à installer
[31/07/2012 - 02:08:05 | D ] L:\LWI
[29/10/2013 - 18:32:09 | D ] L:\MGX
[14/06/2012 - 17:10:41 | D ] L:\music
[27/08/2013 - 17:10:57 | D ] L:\Prvt
[04/03/2012 - 22:31:11 | | 44388] L:\rib mickjeux.jpg
[31/03/2013 - 20:06:49 | SHD ] L:\System Volume Information
[23/05/2013 - 20:22:04 | D ] L:\URBA LINEA
[04/03/2012 - 23:03:53 | | 100903] L:\virement ok.PNG
[02/07/2013 - 09:48:45 | D ] L:\WORK
################## | Vaccin |
J:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
################## | E.O.F |
-
https://www.sosvirus.net |
, voici les deux rapports :
encore pour votre disponibilité et votre expertise grandement appréciée !
