[Infection] GPU à 90/92% sous le bureau

[remi_ariege]

Salut les gens,

J'ai remarqué depuis 2/3 jours que m'a carte graphique était utilisée à 90/92% sous le bureau sans que rien ne tourne en arrière plan.

Ça débute 10 minutes après le démarrage du pc.

J'ai fait un scan avec OTL (suite à un post trouver sur comment ça marche http://www.commentcamarche.net/forum/af ... 90-en-idle), et j'ai posté le rapport (http://pjjoint.malekal.com/files.php?id ... 13i11y6m11).

Je ne trouve rien dans le rapport d'alarmant, a moins de n'avoir pas bien ouvert mes yeux !!!!!

Y'a t'il des mineur fantôme???? Je ne vois que cela.

D'avance merci pour votre aide

[Malekal_morte]

Salut,

OTL est abandonné, fais plutôt une analyse FRST.

Suis ce tutoriel FRST: https://www.malekal.com/tutorial-farbar ... tool-frst/
Télécharge et lance le scan FRST, cela va générer trois rapports FRST :
* FRST.txt
* Shortcut.txt
* Additionnal.txt

Envoie comme expliqué, ces trois rapports sur le site http://pjjoint.malekal.com et donne les trois liens pjjoint de ces rapports afin qu'ils puissent être consultés.

[remi_ariege]

Mince, ou est donc passé mon post !!!!!


Je le refais alors :

FRST.txt http://pjjoint.malekal.com/files.php?id ... 14u7b9e9n5
SORTCUT.txt http://pjjoint.malekal.com/files.php?id ... 9l12t10r11
ADDITION.txt http://pjjoint.malekal.com/files.php?id ... 2m13z12y12

Et voila chef !!!!

[Malekal_morte]

Le Client Bitcoin est là : C:\Users\Remi\AppData\Roaming\Rainmeter\CODEXi\Steam
http://www.herdprotect.com/steam-4047da ... 05dba.aspx

Scanner detections: 5 / 68
Status:Malware
Explanation:The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.
Analysis date:12/24/2014 6:51:46 PM UTC (one month ago)

Scan engineDetectionEngine version
Baidu AntivirusHacktool.Win32.BitCoinMiner4.0.3.141224
ESET NOD32Win32/BitCoinMiner.BY (variant)8.10923
McAfeeArtemis!F9E9386140565600.6906
McAfee Web GatewayBehavesLike.Win32.BadFile.th7.6906
Trend Micro House CallSuspicious_GEN.F47V12197.2.358

Voici la correction à effectuer avec FRST.
Tu peux t'inspirer de cette note explicative avec des captures d'écran pour t'aider: https://www.malekal.com/tutorial-farbar ... -frst/#fix

Ouvre le bloc-notes : Touche Windows + R, dans le champs executer, tape notepad et OK.
Copie/colle dedans ce qui suit :

Task: {CB993620-F62C-4BBB-98B9-44B9B6E1DF72} - System32\Tasks\Steam_x64-S-2-106-91 => C:\Users\Remi\AppData\Roaming\Rainmeter\CODEXi\Steam [2015-02-03] () <==== ATTENTION
C:\Users\Remi\AppData\Roaming\Rainmeter

Une fois, le texte coller dans le bloc-note.
Menu Fichier puis Enregistrer sous.
A gauche, place toi sur le bureau.
Dans le champs en bas, nom du fichier mets : fixlist.txt
Clic sur Enregistrer - cela va créer un fichier fixlist.txt sur le bureau.

Relance FRST et clic sur le bouton Fix
Selon comment un redémarrage est nécessaire (pas obligatoire).
Un fichier texte apparaît, copie/colle le contenu ici dans un nouveau message.

Redémarre l'ordinateur

[remi_ariege]

Voili voilou

Code : Tout sélectionner

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-02-2015
Ran by Remi at 2015-02-08 11:29:48 Run:1
Running from C:\Users\Remi\Desktop
Loaded Profiles: Remi (Available profiles: Remi)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {CB993620-F62C-4BBB-98B9-44B9B6E1DF72} - System32\Tasks\Steam_x64-S-2-106-91 => C:\Users\Remi\AppData\Roaming\Rainmeter\CODEXi\Steam [2015-02-03] () <==== ATTENTION
C:\Users\Remi\AppData\Roaming\Rainmeter
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CB993620-F62C-4BBB-98B9-44B9B6E1DF72}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB993620-F62C-4BBB-98B9-44B9B6E1DF72}" => Key deleted successfully.
C:\Windows\System32\Tasks\Steam_x64-S-2-106-91 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Steam_x64-S-2-106-91" => Key deleted successfully.

"C:\Users\Remi\AppData\Roaming\Rainmeter" directory move:

C:\Users\Remi\AppData\Roaming\Rainmeter\Rainmeter.ini => Moved successfully.
C:\Users\Remi\AppData\Roaming\Rainmeter\Rainmeter.stats => Moved successfully.
C:\Users\Remi\AppData\Roaming\Rainmeter\CODEXi\aes_helper.cl => Moved successfully.
C:\Users\Remi\AppData\Roaming\Rainmeter\CODEXi\alexkarnew.cl => Moved successfully.
C:\Users\Remi\AppData\Roaming\Rainmeter\CODEXi\alexkarold.cl => Moved successfully.
C:\Users\Remi\AppData\Roaming\Rainmeter\CODEXi\animecoin.cl => Moved successfully.
C:\Users\Remi\AppData\Roaming\Rainmeter\CODEXi\blake.cl => Moved successfully.
C:\Users\Remi\AppData\Roaming\Rainmeter\CODEXi\bmw.cl => Moved successfully.
C:\Users\Remi\AppData\Roaming\Rainmeter\CODEXi\ckolivas.cl => Moved successfully.
C:\Users\Remi\AppData\Roaming\Rainmeter\CODEXi\config.xml => Moved successfully.
C:\Users\Remi\AppData\Roaming\Rainmeter\CODEXi\cubehash.cl => Moved successfully.
C:\Users\Remi\AppData\Roaming\Rainmeter\CODEXi\darkcoin.cl => Moved successfully.
C:\Users\Remi\AppData\Roaming\Rainmeter\CODEXi\echo.cl => Moved successfully.
C:\Users\Remi\AppData\Roaming\Rainmeter\CODEXi\fugue.cl => Moved successfully.
C:\Users\Remi\AppData\Roaming\Rainmeter\CODEXi\fuguecoin.cl => Moved successfully.
C:\Users\Remi\AppData\Roaming\Rainmeter\CODEXi\groestl.cl => Moved successfully.
C:\Users\Remi\AppData\Roaming\Rainmeter\CODEXi\groestlcoin.cl => Moved successfully.
C:\Users\Remi\AppData\Roaming\Rainmeter\CODEXi\hamsi.cl => Moved successfully.
C:\Users\Remi\AppData\Roaming\Rainmeter\CODEXi\hamsi_helper.cl => Moved successfully.
C:\Users\Remi\AppData\Roaming\Rainmeter\CODEXi\inkcoin.cl => Moved successfully.
C:\Users\Remi\AppData\Roaming\Rainmeter\CODEXi\jh.cl => Moved successfully.
C:\Users\Remi\AppData\Roaming\Rainmeter\CODEXi\keccak.cl => Moved successfully.
C:\Users\Remi\AppData\Roaming\Rainmeter\CODEXi\libcurl.dll => Moved successfully.
C:\Users\Remi\AppData\Roaming\Rainmeter\CODEXi\libeay32.dll => Moved successfully.
C:\Users\Remi\AppData\Roaming\Rainmeter\CODEXi\libgcc_s_dw2-1.dll => Moved successfully.
C:\Users\Remi\AppData\Roaming\Rainmeter\CODEXi\libidn-11.dll => Moved successfully.
C:\Users\Remi\AppData\Roaming\Rainmeter\CODEXi\luffa.cl => Moved successfully.
C:\Users\Remi\AppData\Roaming\Rainmeter\CODEXi\marucoin.cl => Moved successfully.
C:\Users\Remi\AppData\Roaming\Rainmeter\CODEXi\myriadcoin-groestl.cl => Moved successfully.
C:\Users\Remi\AppData\Roaming\Rainmeter\CODEXi\panama.cl => Moved successfully.
C:\Users\Remi\AppData\Roaming\Rainmeter\CODEXi\psw.cl => Moved successfully.
C:\Users\Remi\AppData\Roaming\Rainmeter\CODEXi\pthreadGC2.dll => Moved successfully.
C:\Users\Remi\AppData\Roaming\Rainmeter\CODEXi\quarkcoin.cl => Moved successfully.
C:\Users\Remi\AppData\Roaming\Rainmeter\CODEXi\qubitcoin.cl => Moved successfully.
C:\Users\Remi\AppData\Roaming\Rainmeter\CODEXi\shavite.cl => Moved successfully.
C:\Users\Remi\AppData\Roaming\Rainmeter\CODEXi\sifcoin.cl => Moved successfully.
C:\Users\Remi\AppData\Roaming\Rainmeter\CODEXi\simd.cl => Moved successfully.
C:\Users\Remi\AppData\Roaming\Rainmeter\CODEXi\skein.cl => Moved successfully.
C:\Users\Remi\AppData\Roaming\Rainmeter\CODEXi\ssleay32.dll => Moved successfully.
C:\Users\Remi\AppData\Roaming\Rainmeter\CODEXi\Steam => Moved successfully.
C:\Users\Remi\AppData\Roaming\Rainmeter\CODEXi\steam.comp => Moved successfully.
C:\Users\Remi\AppData\Roaming\Rainmeter\CODEXi\twecoin.cl => Moved successfully.
C:\Users\Remi\AppData\Roaming\Rainmeter\CODEXi\x11mod.cl => Moved successfully.
C:\Users\Remi\AppData\Roaming\Rainmeter\CODEXi\x11modTahitiglg2tc14208w256l4.bin => Moved successfully.
C:\Users\Remi\AppData\Roaming\Rainmeter\CODEXi\x13mod.cl => Moved successfully.
C:\Users\Remi\AppData\Roaming\Rainmeter\CODEXi\zlib1.dll => Moved successfully.
C:\Users\Remi\AppData\Roaming\Rainmeter\CODEXi\zuikkis.cl => Moved successfully.
Could not move "C:\Users\Remi\AppData\Roaming\Rainmeter" directory. => Scheduled to move on reboot.


=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-02-08 11:31:36)<=

C:\Users\Remi\AppData\Roaming\Rainmeter => Is moved successfully.

==== End of Fixlog 11:31:36 ====

J'ai perdu Rainmeter du coup !!!!! mais c'est pas grave !!!!

Je l'ai récupérer, il fallait juste le relancer et lui dire quel "skin" afficher.

Pour l'instant le gpu est à 0%, je laisse tourner le pc pendant le repas et je te dis si c'est ok.

[Malekal_morte]

Tu avais téléchargé un version crackée non ?