Répondre à : Usbfix ne se lance pas et virus itunesHelper.vbe 2016-09-08T13:14:20+00:00
tritinh
Participant
Nombre d'articles : 5

Parfait j’ai désactiver ma protection en temps en réel et usbfix c’est lancé correctement :p Maintenant je vais lancé la suppression. Mais voila déjà le rapport pour la recherche par Usbfix :p

[spoiler:17hvdger]############################## | UsbFix V 7.149 | [Recherche]

Utilisateur: Tinh (Administrateur) # TINH-PC
Mis à jour le 03/11/2013 par El Desaparecido – Team SosVirus
Lancé à 11:30:31 | 06/11/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: ASUSTeK Computer Inc. (K73SV)
CPU: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz
RAM -> [Total : 8104 | Free : 5315]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16721
WB: Google Chrome : 30.0.1599.101
WB: Mozilla Firefox : 24.0

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Trend Micro Titanium Internet Security [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
AS: Malwarebytes' Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 195 Go (79 Go libre(s) – 41%) [OS] # NTFS
D: -> Disque fixe # 233 Go (216 Go libre(s) – 93%) [SDATA1] # NTFS
E: -> Disque fixe # 245 Go (146 Go libre(s) – 59%) [Data] # NTFS
F: -> Disque fixe # 233 Go (13 Go libre(s) – 5%) [SDATA2] # NTFS
G: -> Disque amovible # 30 Go (18 Go libre(s) – 59%) [USB DISK] # NTFS
J: -> Disque amovible # 7 Go (5 Go libre(s) – 67%) [LEXAR] # FAT32

################## | Référence de comparaison MD5 |

Md5 : 3278a76dec52931adccff421edbb9aeb -> C:UsersTinhAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Md5 : DENIED -> C:UsersTinhAppDataLocalTempiTunesHelper.vbe
Md5 : b5e7bfbbac3b4e9db51960169132e9fd -> C:UsersTinhAppDataLocalTempKt8fd6s3.vbs
Md5 : b5e7bfbbac3b4e9db51960169132e9fd -> C:UsersTinhAppDataLocalTempU8KzuGnM.vbs
Md5 : b5e7bfbbac3b4e9db51960169132e9fd -> C:UsersTinhAppDataLocalTempVHJ9q0nK.vbs
Md5 : 3278a76dec52931adccff421edbb9aeb -> G:iTunesHelper.vbe
Md5 : 3278a76dec52931adccff421edbb9aeb -> J:iTunesHelper.vbe

################## | Processus Actif |

C:Windowssystem32csrss.exe (ID: 504 |ParentID: 496)
C:Windowssystem32wininit.exe (ID: 600 |ParentID: 496)
C:Windowssystem32csrss.exe (ID: 624 |ParentID: 612)
C:Windowssystem32services.exe (ID: 660 |ParentID: 600)
C:Windowssystem32lsass.exe (ID: 684 |ParentID: 600)
C:Windowssystem32lsm.exe (ID: 692 |ParentID: 600)
C:Windowssystem32winlogon.exe (ID: 772 |ParentID: 612)
C:Windowssystem32svchost.exe (ID: 836 |ParentID: 660)
C:Windowssystem32nvvsvc.exe (ID: 908 |ParentID: 660)
C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe (ID: 932 |ParentID: 660)
C:Windowssystem32svchost.exe (ID: 976 |ParentID: 660)
C:WindowsSystem32svchost.exe (ID: 420 |ParentID: 660)
C:WindowsSystem32svchost.exe (ID: 528 |ParentID: 660)
C:Windowssystem32svchost.exe (ID: 444 |ParentID: 660)
C:Windowssystem32svchost.exe (ID: 852 |ParentID: 660)
C:Windowssystem32svchost.exe (ID: 1184 |ParentID: 660)
C:Windowssystem32FBAgent.exe (ID: 1292 |ParentID: 660)
C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe (ID: 1316 |ParentID: 660)
C:Windowssystem32WLANExt.exe (ID: 1332 |ParentID: 528)
C:Windowssystem32conhost.exe (ID: 1348 |ParentID: 504)
C:WindowsSystem32spoolsv.exe (ID: 1608 |ParentID: 660)
C:Program Files (x86)AviraAntiVir Desktopsched.exe (ID: 1636 |ParentID: 660)
C:Program FilesNVIDIA CorporationDisplaynvxdsync.exe (ID: 1676 |ParentID: 908)
C:Windowssystem32nvvsvc.exe (ID: 1684 |ParentID: 908)
C:Windowssystem32svchost.exe (ID: 1852 |ParentID: 660)
C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID: 1788 |ParentID: 660)
C:Program Files (x86)AviraAntiVir Desktopavguard.exe (ID: 1744 |ParentID: 660)
C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 1916 |ParentID: 660)
C:Program FilesBonjourmDNSResponder.exe (ID: 2180 |ParentID: 660)
C:Windowssystem32svchost.exe (ID: 2228 |ParentID: 660)
C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamsvc.exe (ID: 2292 |ParentID: 660)
C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe (ID: 2488 |ParentID: 660)
C:Program Files (x86)PDF ArchitectHelperService.exe (ID: 2520 |ParentID: 660)
C:Windowssystem32rundll32.exe (ID: 2560 |ParentID: 2536)
C:Program Files (x86)PDF ArchitectConversionService.exe (ID: 2584 |ParentID: 660)
C:Windowssystem32svchost.exe (ID: 2744 |ParentID: 660)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 2784 |ParentID: 660)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 2964 |ParentID: 2784)
C:Program Files (x86)AviraAntiVir Desktopavshadow.exe (ID: 3572 |ParentID: 1744)
C:Windowssystem32svchost.exe (ID: 3820 |ParentID: 660)
C:Windowssystem32taskhost.exe (ID: 3080 |ParentID: 660)
C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamsvc.exe (ID: 3248 |ParentID: 2292)
C:Windowssystem32conhost.exe (ID: 3328 |ParentID: 624)
C:Windowssystem32taskeng.exe (ID: 3388 |ParentID: 852)
C:Windowssystem32Dwm.exe (ID: 2472 |ParentID: 528)
C:WindowsExplorer.EXE (ID: 2468 |ParentID: 4056)
C:Program Files (x86)ASUSASUS Live UpdateALU.exe (ID: 3316 |ParentID: 3388)
C:Windowssystem32taskeng.exe (ID: 2072 |ParentID: 852)
C:Program Files (x86)ASUSSplendidACMON.exe (ID: 3428 |ParentID: 3388)
C:Program Files (x86)ASUSATK PackageATK HotkeyHControl.exe (ID: 3324 |ParentID: 1316)
C:Program FilesP4GBatteryLife.exe (ID: 3968 |ParentID: 3388)
C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe (ID: 3716 |ParentID: 2072)
C:Windowssystem32wbemwmiprvse.exe (ID: 1448 |ParentID: 836)
C:WindowsAsScrPro.exe (ID: 200 |ParentID: 1292)
C:Program Files (x86)CyberLinkPower2GoCLMLSvc.exe (ID: 3452 |ParentID: 1292)
C:Program FilesRealtekAudioHDARAVCpl64.exe (ID: 2200 |ParentID: 1292)
C:Program Files (x86)ASUSATK PackageATK HotkeyATKOSD.exe (ID: 788 |ParentID: 3324)
C:Program Files (x86)ASUSATK PackageATK HotkeyKBFiltr.exe (ID: 3920 |ParentID: 3324)
C:Program Files (x86)ASUSATK PackageATK HotkeyWDC.exe (ID: 3856 |ParentID: 3324)
C:Program FilesRealtekAudioHDARAVBg64.exe (ID: 804 |ParentID: 2468)
C:Program Files (x86)AmIcoSingLunAmIcoSinglun64.exe (ID: 3804 |ParentID: 2468)
C:Program FilesElantechETDCtrl.exe (ID: 816 |ParentID: 2468)
C:Program FilesMicrosoft IntelliPointipoint.exe (ID: 3996 |ParentID: 2468)
C:WindowsSystem32igfxtray.exe (ID: 2684 |ParentID: 2468)
C:WindowsSystem32hkcmd.exe (ID: 616 |ParentID: 2468)
C:WindowsSystem32igfxpers.exe (ID: 3980 |ParentID: 2468)
C:Program Files (x86)NVIDIA CorporationNVIDIA Update CoreNvTmru.exe (ID: 3392 |ParentID: 2468)
C:Program FilesWindows Sidebarsidebar.exe (ID: 1572 |ParentID: 2468)
C:WindowsSysWOW64ACEngSvr.exe (ID: 3728 |ParentID: 836)
C:Program Files (x86)Pando NetworksMedia BoosterPMB.exe (ID: 2288 |ParentID: 2468)
C:Program FilesNVIDIA CorporationDisplaynvtray.exe (ID: 2432 |ParentID: 1676)
C:Program FilesMicrosoft IntelliPointdpupdchk.exe (ID: 3724 |ParentID: 3996)
C:Program Files (x86)syncablessyncables desktopsyncables.exe (ID: 396 |ParentID: 2468)
C:Program Files (x86)syncablessyncables desktopjrebinjavaw.exe (ID: 4108 |ParentID: 396)
C:Windowssystem32wbemwmiprvse.exe (ID: 4148 |ParentID: 836)
C:Program Files (x86)SkypePhoneSkype.exe (ID: 4308 |ParentID: 2468)
C:WindowsSystem32StikyNot.exe (ID: 4408 |ParentID: 2468)
C:Windowssystem32SearchIndexer.exe (ID: 4592 |ParentID: 660)
C:WindowsSystem32wscript.exe (ID: 4672 |ParentID: 2468)
C:Program FilesElantechETDCtrlHelper.exe (ID: 4904 |ParentID: 816)
C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe (ID: 5032 |ParentID: 4760)
C:Program Files (x86)ASUSATK PackageATK HotkeyHControlUser.exe (ID: 4892 |ParentID: 4760)
C:Program Files (x86)ASUSWireless Console 3wcourier.exe (ID: 1924 |ParentID: 4760)
C:Program Files (x86)AviraAntiVir Desktopavgnt.exe (ID: 4928 |ParentID: 4760)
C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (ID: 5040 |ParentID: 4760)
C:Program Files (x86)OpenOffice.org 3programsoffice.exe (ID: 2376 |ParentID: 3680)
C:Program FilesTrend MicroUniClientUiFrmWrkuiWatchDog.exe (ID: 4184 |ParentID: 4452)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 5456 |ParentID: 660)
C:Program Files (x86)OpenOffice.org 3programsoffice.bin (ID: 5636 |ParentID: 2376)
C:WindowsSystem32svchost.exe (ID: 5672 |ParentID: 660)
C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 5192 |ParentID: 660)
C:Windowssystem32DllHost.exe (ID: 6372 |ParentID: 836)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID: 6140 |ParentID: 660)
C:Program Files (x86)AviraAntiVir Desktopavcenter.exe (ID: 4712 |ParentID: 2468)
C:UsbFixGo.exe (ID: 2120 |ParentID: 7120)
C:Windowssystem32svchost.exe (ID: 4272 |ParentID: 660)
C:WindowsSystem32WUDFHost.exe (ID: 6588 |ParentID: 528)
\?C:Windowssystem32wbemWMIADAP.EXE (ID: 5808 |ParentID: 852)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 5564 |ParentID: 2468)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 4500 |ParentID: 5564)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 6452 |ParentID: 5564)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 5940 |ParentID: 5564)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 5540 |ParentID: 5564)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 2164 |ParentID: 5564)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 1752 |ParentID: 5564)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [Nuance PDF Reader-reminder] – “C:Program Files (x86)NuancePDF ReaderEregEreg.exe” -r “C:ProgramDataNuancePDF ReaderEregEreg.ini”
04 – HKLMSOFTWARE | Run : [ASUSPRP] – “C:Program Files (x86)ASUSAPRPAPRP.EXE”
04 – HKLMSOFTWARE | Run : [ASUSWebStorage] – C:Program Files (x86)ASUSASUS WebStorage3.0.84.161AsusWSPanel.exe /S
04 – HKLMSOFTWARE | Run : [ATKOSD2] – C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe
04 – HKLMSOFTWARE | Run : [ATKMEDIA] – C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe
04 – HKLMSOFTWARE | Run : [HControlUser] – C:Program Files (x86)ASUSATK PackageATK HotkeyHControlUser.exe
04 – HKLMSOFTWARE | Run : [Wireless Console 3] – C:Program Files (x86)ASUSWireless Console 3wcourier.exe
04 – HKLMSOFTWARE | Run : [UpdateLBPShortCut] – “C:Program Files (x86)CyberLinkLabelPrintMUITransferMUIStartMenu.exe” “C:Program Files (x86)CyberLinkLabelPrint” UpdateWithCreateOnce “SoftwareCyberLinkLabelPrint2.5”
04 – HKLMSOFTWARE | Run : [UpdateP2GoShortCut] – “C:Program Files (x86)CyberLinkPower2GoMUITransferMUIStartMenu.exe” “C:Program Files (x86)CyberLinkPower2Go” UpdateWithCreateOnce “SOFTWARECyberLinkPower2Go6.0”
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [BCSSync] – “C:Program Files (x86)Microsoft OfficeOffice14BCSSync.exe” /DelayServices
04 – HKLMSOFTWARE | Run : [avgnt] – “C:Program Files (x86)AviraAntiVir Desktopavgnt.exe” /min
04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [Nuance PDF Reader-reminder] – “C:Program Files (x86)NuancePDF ReaderEregEreg.exe” -r “C:ProgramDataNuancePDF ReaderEregEreg.ini”
04 – HKLMSOFTWAREwow6432Node | Run : [ASUSPRP] – “C:Program Files (x86)ASUSAPRPAPRP.EXE”
04 – HKLMSOFTWAREwow6432Node | Run : [ASUSWebStorage] – C:Program Files (x86)ASUSASUS WebStorage3.0.84.161AsusWSPanel.exe /S
04 – HKLMSOFTWAREwow6432Node | Run : [ATKOSD2] – C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe
04 – HKLMSOFTWAREwow6432Node | Run : [ATKMEDIA] – C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe
04 – HKLMSOFTWAREwow6432Node | Run : [HControlUser] – C:Program Files (x86)ASUSATK PackageATK HotkeyHControlUser.exe
04 – HKLMSOFTWAREwow6432Node | Run : [Wireless Console 3] – C:Program Files (x86)ASUSWireless Console 3wcourier.exe
04 – HKLMSOFTWAREwow6432Node | Run : [UpdateLBPShortCut] – “C:Program Files (x86)CyberLinkLabelPrintMUITransferMUIStartMenu.exe” “C:Program Files (x86)CyberLinkLabelPrint” UpdateWithCreateOnce “SoftwareCyberLinkLabelPrint2.5”
04 – HKLMSOFTWAREwow6432Node | Run : [UpdateP2GoShortCut] – “C:Program Files (x86)CyberLinkPower2GoMUITransferMUIStartMenu.exe” “C:Program Files (x86)CyberLinkPower2Go” UpdateWithCreateOnce “SOFTWARECyberLinkPower2Go6.0”
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [BCSSync] – “C:Program Files (x86)Microsoft OfficeOffice14BCSSync.exe” /DelayServices
04 – HKLMSOFTWAREwow6432Node | Run : [avgnt] – “C:Program Files (x86)AviraAntiVir Desktopavgnt.exe” /min
04 – HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-1651985070-3558631432-2182452226-1000SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-1651985070-3558631432-2182452226-1000SOFTWARE | Run : [ISUSPM] – C:ProgramDataFLEXnetConnect11ISUSPM.exe -scheduler
04 – HKUS-1-5-21-1651985070-3558631432-2182452226-1001SOFTWARE | Run : [Sidebar] – C:Program FilesWindows Sidebarsidebar.exe /autoRun
04 – HKUS-1-5-21-1651985070-3558631432-2182452226-1001SOFTWARE | Run : [Pando Media Booster] – C:Program Files (x86)Pando NetworksMedia BoosterPMB.exe
04 – HKUS-1-5-21-1651985070-3558631432-2182452226-1001SOFTWARE | Run : [Akamai NetSession Interface] – “C:UsersTinhAppDataLocalAkamainetsession_win.exe”
04 – HKUS-1-5-21-1651985070-3558631432-2182452226-1001SOFTWARE | Run : [Steam] – “C:Program Files (x86)Steamsteam.exe” -silent
04 – HKUS-1-5-21-1651985070-3558631432-2182452226-1001SOFTWARE | Run : [Syncables] – C:Program Files (x86)syncablessyncables desktopSyncables.exe
04 – HKUS-1-5-21-1651985070-3558631432-2182452226-1001SOFTWARE | Run : [DAEMON Tools Pro Agent] – “C:Program Files (x86)DAEMON Tools ProDTAgent.exe” -autorun
04 – HKUS-1-5-21-1651985070-3558631432-2182452226-1001SOFTWARE | Run : [Skype] – “C:Program Files (x86)SkypePhoneSkype.exe” /minimized /regrun
04 – HKUS-1-5-21-1651985070-3558631432-2182452226-1001SOFTWARE | Run : [RESTART_STICKY_NOTES] – C:WindowsSystem32StikyNot.exe
04 – HKUS-1-5-21-1651985070-3558631432-2182452226-1001SOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UsersTinhAppDataLocalTempiTunesHelper.vbe”
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-21-1651985070-3558631432-2182452226-1000SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

Présent! C:UsersTinhAppDataLocalTempiTunesHelper.vbe
Présent! C:UsersTinhAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Présent! G:iTunesHelper.vbe
Présent! J:iTunesHelper.vbe
Présent! G:casting Revue 2013.lnk
Présent! G:syncguid.lnk
Présent! J:syncguid.lnk
Présent! J:Mon film.lnk
Présent! J:photocopies.lnk
Présent! J:Photos.lnk
Présent! C:UsersTinhAppDataLocalTemputt20D9.tmp.exe
Présent! C:UsersTinhAppDataLocalTemputt2925.tmp.exe
Présent! C:UsersTinhAppDataLocalTemputtAB78.tmp.exe
Présent! C:UsersTinhAppDataLocalTemputtDCF6.tmp.exe
Présent! C:UsersTinhAppDataLocalTempKt8fd6s3.vbs
Présent! C:UsersTinhAppDataLocalTempU8KzuGnM.vbs
Présent! C:UsersTinhAppDataLocalTempVHJ9q0nK.vbs
Présent! C:UsersTinhAppDataLocalTempf5fd.hta
Présent! C:UsersTinhAppDataLocalTempfdfs0fds.hta
Présent! C:UsersTinhAppDataLocalTempGenial_O1.hta
Présent! C:UsersTinhAppDataLocalTempWindowsInstaller-KB893803-v2-x86.exe
Présent! G:syncguid.dat
Présent! J:syncguid.dat

################## | Comparaison MD5 |

Présent! Md5 : B5E7BFBBAC3B4E9DB51960169132E9FD -> C:UsersTinhAppDataLocalTempKt8fd6s3.vbs
Présent! Md5 : B5E7BFBBAC3B4E9DB51960169132E9FD -> C:UsersTinhAppDataLocalTempU8KzuGnM.vbs
Présent! Md5 : B5E7BFBBAC3B4E9DB51960169132E9FD -> C:UsersTinhAppDataLocalTempVHJ9q0nK.vbs

################## | Registre |

Présent! HKUS-1-5-21-1651985070-3558631432-2182452226-1001SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper

################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné!

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:17hvdger]