Répondre à : TROJAN et divers virus 2016-09-08T13:13:07+00:00
scrollkidd
Participant
Nombre d'articles : 17

Rapport de suppression (en mode Administrateur cette fois :beaten: ) :

############################## | UsbFix V 7.147 | [Suppression]

Utilisateur: Gregoire (Administrateur) # SEVENCPU
Mis à jour le 30/10/2013 par El Desaparecido – Team SosVirus
Lancé à 19:35:58 | 01/11/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: ASUSTeK Computer INC. (P6T)
CPU: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz
RAM -> [Total : 6134 | Free : 4584]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16721
WB: Google Chrome : 30.0.1599.101
WB: Mozilla Firefox : 24.0
WB: Safari : 534.50

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Avira Desktop [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
AS: Malwarebytes’ Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 140 Go (32 Go libre(s) – 23%) [Velociraptor_A] # NTFS
D: -> CD-ROM
E: -> Disque fixe # 17 Go (10 Go libre(s) – 60%) [] # NTFS
F: -> Disque fixe # 144 Go (23 Go libre(s) – 16%) [Sam_2] # NTFS
G: -> Disque fixe # 140 Go (9 Go libre(s) – 6%) [Velociraptor_B] # NTFS
H: -> Disque fixe # 137 Go (24 Go libre(s) – 17%) [Sam_3] # NTFS
I: -> Disque fixe # 466 Go (34 Go libre(s) – 7%) [Samsung F1_A] # NTFS
J: -> Disque amovible # 2 Go (791 Mo libre(s) – 40%) [] # FAT
L: -> Disque fixe # 466 Go (128 Go libre(s) – 28%) [LaCie Rikiki] # NTFS

################## | Référence de comparaison MD5 |

Md5 : e89028d8068170e606aa0996d457aaa3 -> C:UsersPublicjusched.exe

################## | Processus Stoppés |

Stoppé! C:Windowssystem32atiesrxx.exe (ID: 836 |ParentID: 552)
Stoppé! C:Windowssystem32atieclxx.exe (ID: 1252 |ParentID: 836)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopsched.exe (ID: 1356 |ParentID: 552)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopavguard.exe (ID: 1540 |ParentID: 552)
Stoppé! C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 1572 |ParentID: 552)
Stoppé! C:Program Files (x86)CDBurnerXPNMSAccessU.exe (ID: 1668 |ParentID: 552)
Stoppé! C:WindowsSysWOW64PnkBstrA.exe (ID: 1692 |ParentID: 552)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 1832 |ParentID: 552)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 1880 |ParentID: 1832)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopavshadow.exe (ID: 1420 |ParentID: 1540)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 2856 |ParentID: 552)
Stoppé! C:Windowssystem32taskhost.exe (ID: 2608 |ParentID: 552)
Stoppé! C:WindowsExplorer.EXE (ID: 2812 |ParentID: 2808)
Stoppé! C:Program Files (x86)RazerDeathAdderrazerhid.exe (ID: 2012 |ParentID: 2884)
Stoppé! C:Program Files (x86)NEC ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe (ID: 892 |ParentID: 2884)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopavgnt.exe (ID: 2100 |ParentID: 2884)
Stoppé! C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe (ID: 2288 |ParentID: 2132)
Stoppé! C:Program Files (x86)RazerDeathAdderrazertra.exe (ID: 696 |ParentID: 2012)
Stoppé! C:Program Files (x86)RazerDeathAdderrazerofa.exe (ID: 1968 |ParentID: 2012)
Stoppé! C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe (ID: 2992 |ParentID: 2288)
Stoppé! C:WindowsSysWOW64explorer.exe (ID: 3028 |ParentID: 684)
Stoppé! C:UsersGregoireAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupjusched.exe (ID: 3176 |ParentID: 684)
Stoppé! C:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe (ID: 3856 |ParentID: 552)

################## | Regedit Run |

HKLMSOFTWARE | Run : [] –
HKLMSOFTWARE | Run : [DeathAdder] – C:Program Files (x86)RazerDeathAdderrazerhid.exe
HKLMSOFTWARE | Run : [NUSB3MON] – “C:Program Files (x86)NEC ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe”
HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
HKLMSOFTWARE | Run : [avgnt] – “C:Program Files (x86)AviraAntiVir Desktopavgnt.exe” /min
HKLMSOFTWARE | Run : [jusched7] – C:UsersPublicjusched.exe
HKLMSOFTWAREwow6432Node | Run : [] –
HKLMSOFTWAREwow6432Node | Run : [DeathAdder] – C:Program Files (x86)RazerDeathAdderrazerhid.exe
HKLMSOFTWAREwow6432Node | Run : [NUSB3MON] – “C:Program Files (x86)NEC ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe”
HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
HKLMSOFTWAREwow6432Node | Run : [avgnt] – “C:Program Files (x86)AviraAntiVir Desktopavgnt.exe” /min
HKLMSOFTWAREwow6432Node | Run : [jusched7] – C:UsersPublicjusched.exe
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKLMSOFTWARE | PoliciesExplorerrun : [jusched9] – C:UsersPublicjusched.exe
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-21-2841560078-4150325420-3540864128-1001SOFTWARE | Run : [8jusched] – C:UsersPublicjusched.exe
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-21-2841560078-4150325420-3540864128-1001SOFTWARE | PoliciesExplorerrun : [jusched9] – C:UsersPublicjusched.exe

################## | Recherche générique |

Supprimé! C:UsersGregoireAppDataRoaming4100000ak.tmp
Supprimé! C:UsersGregoireAppDataRoaming4100000
Supprimé! C:UsersPublicjusched.exe
Supprimé! C:UsersGregoireAppDataRoamingGregoire-wchelper.dll
Supprimé! C:UsersGregoireAppDataLocalTempGregoire7
Supprimé! C:UsersGregoireAppDataLocalTempGregoire8

(!) Fichiers temporaires supprimés.
################## | Comparaison MD5 |

################## | Registre |

Supprimé! HKUS-1-5-21-2841560078-4150325420-3540864128-1001SoftwareMicrosoftWindowsCurrentVersionRun|8jusched

################## | Listing |

[31/10/2013 – 19:09:01 | SHD ] C:$Recycle.Bin
[02/10/2013 – 11:47:28 | D ] C:ASUS.000
[13/05/2009 – 08:31:56 | D ] C:ASUS.SYS
[10/11/2009 – 11:37:45 | D ] C:ATI
[24/03/2011 – 00:29:04 | D ] C:BigFishGamesCache
[11/08/2011 – 03:39:51 | SHD ] C:Boot
[20/11/2010 – 13:40:07 | RASH | 383786] C:bootmgr
[10/11/2009 – 13:21:50 | RASH | 8192] C:BOOTSECT.BAK
[13/08/2009 – 23:27:40 | D ] C:CanoScan
[13/02/2012 – 19:43:10 | N | 37735] C:crossloopservice.log
[14/07/2009 – 06:08:56 | SHD ] C:Documents and Settings
[29/10/2013 – 13:12:44 | D ] C:DOWNLOADS
[01/11/2013 – 10:54:20 | D ] C:Flashgot
[16/02/2012 – 16:22:47 | D ] C:found.000
[01/11/2013 – 19:17:37 | ASH | 4824064000] C:hiberfil.sys
[13/05/2009 – 08:09:58 | D ] C:Intel
[01/11/2013 – 19:17:39 | ASH | 6432088064] C:pagefile.sys
[14/07/2009 – 04:20:08 | D ] C:PerfLogs
[31/10/2013 – 19:03:56 | D ] C:Pre_Scan
[31/10/2013 – 19:03:20 | N | 26117] C:Pre_Scan_31_10_2013_19_03_20.txt
[04/03/2013 – 10:59:32 | D ] C:Program Files
[30/10/2013 – 18:38:57 | D ] C:Program Files (x86)
[30/10/2013 – 23:30:16 | HD ] C:ProgramData
[13/05/2009 – 08:25:00 | D ] C:RaidTool
[10/11/2009 – 14:02:11 | SHD ] C:Recovery
[13/05/2009 – 08:20:00 | N | 473] C:RHDSetup.log
[13/05/2009 – 08:32:02 | N | 57] C:splash.idx
[31/10/2013 – 16:19:16 | SHD ] C:System Volume Information
[22/05/2001 – 09:13:32 | N | 68578] C:tarawin.bmp
[01/11/2013 – 19:44:02 | D ] C:UsbFix
[30/10/2013 – 23:31:46 | N | 15558] C:UsbFix [Clean 1] SEVENCPU.txt
[01/11/2013 – 18:58:55 | N | 16028] C:UsbFix [Clean 2] SEVENCPU.txt
[01/11/2013 – 19:04:48 | N | 12959] C:UsbFix [Clean 3] SEVENCPU.txt
[01/11/2013 – 19:45:27 | A | 8192] C:UsbFix [Clean 4] SEVENCPU.txt
[30/10/2013 – 23:24:32 | N | 10066] C:UsbFix [Scan 1] SEVENCPU.txt
[31/10/2013 – 20:48:07 | N | 8809] C:UsbFix [Scan 2] SEVENCPU.txt
[01/11/2013 – 15:16:13 | N | 8940] C:UsbFix [Scan 3] SEVENCPU.txt
[01/11/2013 – 19:11:38 | N | 5870] C:UsbFix [Scan 4] SEVENCPU.txt
[12/03/2011 – 13:46:31 | RD ] C:Users
[18/11/2008 – 09:25:20 | N | 5632] C:version
[01/11/2013 – 19:17:39 | D ] C:Windows
[01/01/1995 – 01:00:00 | R | 44] D:Track01.cda
[01/01/1995 – 01:00:00 | R | 44] D:Track02.cda
[01/01/1995 – 01:00:00 | R | 44] D:Track03.cda
[01/01/1995 – 01:00:00 | R | 44] D:Track04.cda
[01/01/1995 – 01:00:00 | R | 44] D:Track05.cda
[01/01/1995 – 01:00:00 | R | 44] D:Track06.cda
[01/01/1995 – 01:00:00 | R | 44] D:Track07.cda
[01/01/1995 – 01:00:00 | R | 44] D:Track08.cda
[01/01/1995 – 01:00:00 | R | 44] D:Track09.cda
[01/01/1995 – 01:00:00 | R | 44] D:Track10.cda
[12/03/2011 – 13:46:37 | SHD ] E:$RECYCLE.BIN
[26/10/2009 – 14:30:07 | N | 0] E:AUTOEXEC.BAT
[31/10/2013 – 18:42:51 | D ] E:Autorun.inf
[08/01/2010 – 17:17:28 | N | 53] E:biosinfo
[01/12/2009 – 10:35:38 | N | 216] E:boot.ini
[22/07/2003 – 17:31:11 | N | 4952] E:Bootfont.bin
[30/10/2009 – 13:40:34 | D ] E:CanoScan
[26/10/2009 – 14:30:07 | N | 0] E:CONFIG.SYS
[26/10/2009 – 14:41:00 | D ] E:Documents and Settings
[26/10/2009 – 14:30:07 | N | 0] E:IO.SYS
[26/10/2009 – 14:30:07 | N | 0] E:MSDOS.SYS
[27/10/2009 – 02:57:35 | N | 47564] E:NTDETECT.COM
[27/10/2009 – 03:18:19 | N | 252240] E:ntldr
[24/11/2009 – 06:56:22 | D ] E:NVIDIA
[15/01/2013 – 18:33:11 | N | 2145386496] E:pagefile.sys
[18/06/2012 – 18:02:03 | D ] E:program files
[27/10/2009 – 02:19:24 | SHD ] E:RECYCLER
[27/10/2009 – 03:02:40 | SHD ] E:System Volume Information
[18/06/2012 – 18:02:12 | D ] E:WINDOWS
[12/03/2011 – 13:46:37 | SHD ] F:$RECYCLE.BIN
[12/03/2010 – 12:16:21 | D ] F:A VENDRE
[31/10/2013 – 18:42:51 | D ] F:Autorun.inf
[13/05/2009 – 01:47:34 | D ] F:eBay
[08/09/2008 – 14:13:27 | D ] F:img à trier
[30/08/2010 – 21:41:51 | D ] F:JOUER
[01/03/2009 – 20:30:17 | D ] F:jv16 PowerTools 2008
[03/11/2009 – 14:07:44 | D ] F:Outils
[29/10/2010 – 04:10:01 | D ] F:Program Files
[27/10/2009 – 02:43:11 | SHD ] F:RECYCLER
[25/09/2009 – 08:30:38 | D ] F:SAVE
[30/04/2009 – 02:05:12 | SHD ] F:System Volume Information
[12/03/2010 – 12:16:26 | D ] F:Utiliser
[07/05/2009 – 09:42:34 | D ] F:WUTemp
[12/03/2011 – 13:46:37 | SHD ] G:$RECYCLE.BIN
[31/10/2013 – 18:42:51 | D ] G:Autorun.inf
[15/02/2012 – 11:11:45 | SD ] G:Config.Msi
[17/02/2012 – 22:03:57 | N | 1286] G:dépanner Steam.rtf
[16/02/2012 – 13:51:42 | D ] G:GAMES
[01/12/2006 – 22:37:14 | N | 904704] G:msdia80.dll
[16/02/2012 – 13:35:28 | D ] G:Program files portables
[01/11/2013 – 15:47:18 | D ] G:Steam
[17/05/2011 – 02:42:29 | SHD ] G:System Volume Information
[08/02/2013 – 09:55:05 | D ] G:VOIR
[12/03/2011 – 13:46:38 | SHD ] H:$RECYCLE.BIN
[27/10/2008 – 02:06:30 | D ] H:1f6eab4d20980dcf9b217f894da0baa8
[19/09/2010 – 18:12:30 | D ] H:6948e543256be5e53c65
[31/10/2013 – 18:42:51 | D ] H:Autorun.inf
[25/05/2011 – 18:07:24 | D ] H:CREER
[01/11/2013 – 13:14:49 | D ] H:DOWNLOADS
[13/09/2011 – 20:39:46 | D ] H:GAMES
[25/10/2011 – 18:04:58 | D ] H:Intel i920 syst
[27/08/2013 – 22:15:04 | D ] H:JOUER
[27/03/2013 – 11:33:57 | D ] H:MSN smileys
[18/06/2012 – 18:35:55 | D ] H:papiers importants
[23/09/2010 – 09:10:50 | D ] H:Photos
[27/10/2009 – 02:43:11 | SHD ] H:RECYCLER
[30/04/2009 – 02:05:12 | SHD ] H:System Volume Information
[16/02/2012 – 01:56:05 | D ] H:VIDEO
[28/03/2013 – 01:08:52 | D ] H:_back up C
[30/03/2011 – 18:28:11 | SHD ] I:$RECYCLE.BIN
[29/09/2009 – 00:05:41 | D ] I:903e01d8000148acb3
[19/11/2009 – 03:02:34 | D ] I:ae117db75bbb846c39f615d03a9745
[31/10/2013 – 18:42:51 | D ] I:Autorun.inf
[27/10/2009 – 03:27:50 | D ] I:bb52117c2b2229f0bffb5ffa
[20/07/2011 – 02:54:36 | D ] I:DOWNLOADS
[12/09/2011 – 01:58:23 | D ] I:IMAGES
[01/12/2006 – 23:37:14 | N | 904704] I:msdia80.dll
[02/09/2013 – 23:38:36 | D ] I:msdownld.tmp
[21/07/2009 – 09:53:58 | D ] I:MUSIQUE
[22/10/2009 – 18:30:59 | D ] I:ORBEAT
[23/02/2012 – 05:05:39 | D ] I:PHOTOS PERSO
[27/10/2009 – 02:43:11 | SHD ] I:RECYCLER
[31/10/2013 – 13:59:10 | D ] I:SAVE THE C
[22/10/2009 – 18:32:05 | D ] I:save the SAM Go
[28/09/2009 – 21:53:09 | SHD ] I:System Volume Information
[22/10/2009 – 18:30:51 | RASH | 13312] I:Thumbs.db
[25/10/2011 – 17:38:01 | D ] I:VIDEO
[11/01/2013 – 20:01:52 | D ] I:WORK
[08/08/2013 – 10:00:32 | D ] J:URBA
[19/05/2013 – 02:42:22 | N | 368723] J:Sans titre.png
[12/06/2013 – 17:04:46 | N | 126056] J:carte_id.JPG
[30/04/2013 – 00:00:14 | D ] J:music
[09/05/2013 – 19:19:34 | N | 3378440] J:Carte id.pdf
[22/05/2013 – 11:35:30 | N | 893] J:Nouveau document texte.txt
[21/10/2013 – 15:54:46 | N | 2430500] J:facture_Orange.pdf
[01/11/2013 – 19:04:44 | RASHD ] J:Autorun.inf
[03/04/2013 – 21:23:49 | SHD ] L:$RECYCLE.BIN
[02/07/2013 – 09:48:05 | D ] L:ACTUAL
[28/02/2012 – 15:29:18 | D ] L:arcade
[31/10/2013 – 18:42:51 | D ] L:Autorun.inf
[31/10/2013 – 13:52:46 | D ] L:BUY NIPPON
[04/05/2013 – 18:13:16 | D ] L:CV
[30/10/2011 – 11:56:47 | | 249221] L:dragon.pdf
[16/10/2013 – 19:48:54 | D ] L:films
[13/07/2013 – 15:15:42 | D ] L:Fonts
[31/10/2013 – 13:30:32 | D ] L:LACIE
[11/10/2013 – 16:18:04 | D ] L:licenciement
[04/03/2013 – 11:12:42 | D ] L:Logiciels à installer
[31/07/2012 – 02:08:05 | D ] L:LWI
[29/10/2013 – 18:32:09 | D ] L:MGX
[14/06/2012 – 17:10:41 | D ] L:music
[27/08/2013 – 17:10:57 | D ] L:Prvt
[04/03/2012 – 22:31:11 | | 44388] L:rib mickjeux.jpg
[31/03/2013 – 20:06:49 | SHD ] L:System Volume Information
[23/05/2013 – 20:22:04 | D ] L:URBA LINEA
[04/03/2012 – 23:03:53 | | 100903] L:virement ok.PNG
[02/07/2013 – 09:48:45 | D ] L:WORK

################## | Vaccin |

J:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |