Répondre à : Pc infecté ! iTunesHelper.vbe 2016-09-08T13:59:21+00:00
Photo du profil de CelineCeline
Participant
Nombre d'articles : 15

Je devais scanner des choses mais je suppose que connecter une imprimante en USB c’est l’infecter aussi… ? Pareil pour les souris ?

Voici le rapport après suppression :

[spoiler:dhsvg6hw]############################## | UsbFix V 7.151 | [Suppression]

Utilisateur: Céline (Administrateur) # CÉLINE-PC
Mis à jour le 19/11/2013 par El Desaparecido – Team SosVirus
Lancé à 10:48:06 | 20/11/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Dell Inc. (0M9XW4)
CPU: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz
RAM -> [Total : 3957 | Free : 1733]
Bios: Dell Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16736
WB: Google Chrome : 31.0.1650.57

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
AS: Malwarebytes' Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 931 Go (649 Go libre(s) – 70%) [] # NTFS
D: -> CD-ROM
E: -> Disque amovible # 7 Go (2 Go libre(s) – 22%) [NIKON 1 J1] # FAT32
F: -> Disque amovible # 4 Go (4 Go libre(s) – 97%) [] # FAT

################## | Processus Stoppés |

Stoppé! C:Windowssystem32atiesrxx.exe (ID: 856 |ParentID: 588)
Stoppé! C:Windowssystem32atieclxx.exe (ID: 1176 |ParentID: 856)
Stoppé! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1204 |ParentID: 588)
Stoppé! C:WindowsSystem32spoolsv.exe (ID: 1436 |ParentID: 588)
Stoppé! C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID: 1628 |ParentID: 588)
Stoppé! C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 1660 |ParentID: 588)
Stoppé! C:Program FilesBonjourmDNSResponder.exe (ID: 1724 |ParentID: 588)
Stoppé! C:Program Files (x86)PDF ArchitectHelperService.exe (ID: 1816 |ParentID: 588)
Stoppé! C:Program Files (x86)PDF ArchitectConversionService.exe (ID: 1256 |ParentID: 588)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 2112 |ParentID: 588)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 2256 |ParentID: 2112)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 2720 |ParentID: 972)
Stoppé! C:Windowssystem32taskhost.exe (ID: 2908 |ParentID: 588)
Stoppé! C:Windowssystem32taskeng.exe (ID: 916 |ParentID: 296)
Stoppé! C:WindowsExplorer.EXE (ID: 2464 |ParentID: 1128)
Stoppé! C:Program FilesDellTPadApoint.exe (ID: 3112 |ParentID: 2464)
Stoppé! C:Program Files (x86)SamsungKiesKies.exe (ID: 3172 |ParentID: 2464)
Stoppé! C:Program FilesDellTPadApMsgFwd.exe (ID: 3276 |ParentID: 3112)
Stoppé! C:Program FilesDellTPadApntex.exe (ID: 3300 |ParentID: 3292)
Stoppé! C:Windowssystem32conhost.exe (ID: 3316 |ParentID: 548)
Stoppé! C:Program FilesDellTPadHidFind.exe (ID: 3340 |ParentID: 3112)
Stoppé! C:WindowsSystem32StikyNot.exe (ID: 3432 |ParentID: 2464)
Stoppé! C:WindowsSystem32wscript.exe (ID: 3448 |ParentID: 2464)
Stoppé! C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 3548 |ParentID: 3456)
Stoppé! C:Program Files (x86)SamsungKiesKiesTrayAgent.exe (ID: 3580 |ParentID: 3456)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 3664 |ParentID: 588)
Stoppé! C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (ID: 3844 |ParentID: 3456)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 3852 |ParentID: 2464)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 3936 |ParentID: 588)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 3168 |ParentID: 3852)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 3920 |ParentID: 3852)
Stoppé! C:Windowssystem32sppsvc.exe (ID: 2912 |ParentID: 588)
Stoppé! C:Windowssystem32DllHost.exe (ID: 4576 |ParentID: 716)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE (ID: 4168 |ParentID: 588)
Stoppé! C:WindowssysWow64SearchProtocolHost.exe (ID: 2488 |ParentID: 3664)
Stoppé! C:Windowssystem32SearchProtocolHost.exe (ID: 1612 |ParentID: 3664)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWARE | Run : [BCSSync] – “C:Program Files (x86)Microsoft OfficeOffice14BCSSync.exe” /DelayServices
04 – HKLMSOFTWARE | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
04 – HKLMSOFTWARE | Run : [KiesTrayAgent] – C:Program Files (x86)SamsungKiesKiesTrayAgent.exe
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [BCSSync] – “C:Program Files (x86)Microsoft OfficeOffice14BCSSync.exe” /DelayServices
04 – HKLMSOFTWAREwow6432Node | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
04 – HKLMSOFTWAREwow6432Node | Run : [KiesTrayAgent] – C:Program Files (x86)SamsungKiesKiesTrayAgent.exe
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
04 – HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-2717460488-4200943521-90261795-1001SOFTWARE | Run : [KiesPreload] – C:Program Files (x86)SamsungKiesKies.exe /preload
04 – HKUS-1-5-21-2717460488-4200943521-90261795-1001SOFTWARE | Run : [KiesAirMessage] – C:Program Files (x86)SamsungKiesKiesAirMessage.exe -startup
04 – HKUS-1-5-21-2717460488-4200943521-90261795-1001SOFTWARE | Run : [] – C:Program Files (x86)SamsungKiesExternalFirmwareUpdateKiesPDLR.exe
04 – HKUS-1-5-21-2717460488-4200943521-90261795-1001SOFTWARE | Run : [Facebook Update] – “C:UsersCélineAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
04 – HKUS-1-5-21-2717460488-4200943521-90261795-1001SOFTWARE | Run : [msnmsgr] – “C:Program Files (x86)Windows LiveMessengermsnmsgr.exe” /background
04 – HKUS-1-5-21-2717460488-4200943521-90261795-1001SOFTWARE | Run : [RESTART_STICKY_NOTES] – C:WindowsSystem32StikyNot.exe
04 – HKUS-1-5-21-2717460488-4200943521-90261795-1001SOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UsersCLINE~1AppDataLocalTempiTunesHelper.vbe”
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

Supprimé! C:UsersCLINE~1AppDataLocalTempiTunesHelper.vbe
Supprimé! C:UsersCélineAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Supprimé! E:iTunesHelper.vbe
Supprimé! F:iTunesHelper.vbe
Supprimé! E:NIKON001.lnk
Supprimé! E:_disk_id.lnk
Supprimé! E:DCIM.lnk
Supprimé! E:NCFL.lnk
Supprimé! E:_522400_.lnk
Supprimé! E:Autorun.inf.lnk
Supprimé! F:nBHfBEux.lnk
Supprimé! F:Corrigés TPs 01-08 (N Wilmet).lnk
Supprimé! F:GdM – table des matières.lnk
Supprimé! F:RDM corr 6.lnk
Supprimé! F:RDM corr 4.lnk
Supprimé! F:RDM corr 5.lnk
Supprimé! F:labo 4.lnk
Supprimé! F:labo 4 – A.lnk
Supprimé! F:labo 5.lnk
Supprimé! F:labo 5 -A.lnk
Supprimé! F:labo 5 – B.lnk
Supprimé! F:labo 6 – A.lnk
Supprimé! F:labo 6.lnk
Supprimé! F:séminaire IV – Corrigé – chimie orga.lnk
Supprimé! F:Corrigés TP7.lnk
Supprimé! F:Corrigés TP8.lnk
Supprimé! F:MCC2.lnk
Supprimé! F:MAS2.lnk
Supprimé! F:ELEC-H-302_transpas_CHAP_5_2013.lnk
Supprimé! F:.Trash-131496.lnk
Supprimé! F:TP_HELP.lnk
Supprimé! F:Autorun.inf.lnk
Supprimé! F:AdobeReader.lnk
Supprimé! F:AdobeReader

(!) Fichiers temporaires supprimés.

################## | Référence de comparaison MD5 |

Md5 : 2BCBCF86077A7E0F77BDB82F331F2957 -> C:UsersCélineAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Md5 : 2BCBCF86077A7E0F77BDB82F331F2957 -> C:UsersCLINE~1AppDataLocalTempiTunesHelper.vbe
Md5 : 2BCBCF86077A7E0F77BDB82F331F2957 -> E:iTunesHelper.vbe
Md5 : 090FBE18C30E197B1EB62F7723C636DC -> F:iTunesHelper.vbe
Md5 : 2BCBCF86077A7E0F77BDB82F331F2957 -> C:UsersCélineAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe

################## | Comparaison MD5 |

################## | Registre |

Réparé ! HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktop -> 0
Réparé ! HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktopChanges -> 0
Supprimé! HKUS-1-5-21-2717460488-4200943521-90261795-1001SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper

################## | Listing |

[11/05/2013 – 10:59:05 | SHD ] C:$Recycle.Bin
[08/05/2013 – 09:27:58 | D ] C:93657b674f2059276f715ef2
[29/10/2013 – 12:18:42 | RASHD ] C:Autorun.inf
[15/11/2013 – 21:59:18 | SHD ] C:Config.Msi
[07/05/2013 – 12:49:25 | D ] C:d42f9bd92bb12a88940c86a18c
[29/10/2013 – 13:27:09 | N | 2174] C:DelFix.txt
[04/05/2013 – 07:54:46 | D ] C:dell
[14/07/2009 – 06:08:56 | SHD ] C:Documents and Settings
[20/11/2013 – 10:42:07 | ASH | 3111534592] C:hiberfil.sys
[03/05/2013 – 19:38:12 | RHD ] C:MSOCache
[20/11/2013 – 10:42:08 | ASH | 4148715520] C:pagefile.sys
[14/07/2009 – 04:20:08 | D ] C:PerfLogs
[05/09/2013 – 13:33:04 | D ] C:Photos
[28/10/2013 – 13:35:17 | D ] C:Program Files
[29/10/2013 – 13:26:11 | D ] C:Program Files (x86)
[28/10/2013 – 22:52:08 | HD ] C:ProgramData
[03/05/2013 – 19:09:28 | SHD ] C:Recovery
[17/11/2013 – 23:13:09 | SHD ] C:System Volume Information
[20/11/2013 – 10:53:05 | D ] C:UsbFix
[20/11/2013 – 10:53:11 | A | 10602] C:UsbFix [Clean 1] CÉLINE-PC.txt
[19/11/2013 – 22:29:17 | N | 11927] C:UsbFix [Scan 1] CÉLINE-PC.txt
[19/11/2013 – 22:34:39 | N | 9573] C:UsbFix [Scan 2] CÉLINE-PC.txt
[19/11/2013 – 22:37:43 | N | 10034] C:UsbFix [Scan 3] CÉLINE-PC.txt
[10/08/2013 – 10:23:34 | RD ] C:Users
[26/10/2013 – 14:53:20 | D ] C:Windows
[22/08/2012 – 21:35:20 | N | 512] E:NIKON001.DSC
[26/06/2013 – 17:46:50 | D ] E:DCIM
[30/07/2013 – 18:03:48 | D ] E:NCFL
[23/04/2013 – 21:09:24 | D ] E:_522400_
[28/10/2013 – 09:06:34 | SHD ] E:Autorun.inf
[05/11/2013 – 21:37:46 | N | 4] E:_disk_id.pod
[06/11/2013 – 09:33:58 | D ] F:.Trash-131496
[06/11/2013 – 09:36:08 | N | 8087446] F:Corrigés TPs 01-08 (N Wilmet).pdf
[08/11/2013 – 12:27:24 | N | 20805] F:GdM – table des matières.odt
[08/11/2013 – 12:36:42 | D ] F:TP_HELP
[29/10/2013 – 12:18:44 | SHD ] F:Autorun.inf
[22/12/2012 – 23:26:50 | N | 1789283] F:RDM corr 6.pdf
[22/12/2012 – 23:26:10 | N | 1179565] F:RDM corr 4.pdf
[22/12/2012 – 23:26:50 | N | 3171567] F:RDM corr 5.pdf
[17/11/2013 – 23:04:16 | N | 183902] F:labo 4.pdf
[17/11/2013 – 23:04:42 | N | 266944] F:labo 4 – A.pdf
[17/11/2013 – 23:05:14 | N | 78754] F:labo 5.pdf
[17/11/2013 – 23:05:28 | N | 56922] F:labo 5 -A.pdf
[17/11/2013 – 23:05:42 | N | 114364] F:labo 5 – B.pdf
[17/11/2013 – 23:05:58 | N | 71399] F:labo 6 – A.pdf
[17/11/2013 – 23:06:18 | N | 547454] F:labo 6.pdf
[17/11/2013 – 23:06:46 | N | 173864] F:séminaire IV – Corrigé – chimie orga.pdf
[17/11/2013 – 23:08:12 | N | 340430] F:Corrigés TP7.pdf
[17/11/2013 – 23:08:44 | N | 763597] F:Corrigés TP8.pdf
[17/11/2013 – 23:11:46 | N | 54160] F:MCC2.pdf
[17/11/2013 – 23:11:56 | N | 36906] F:MAS2.pdf
[18/11/2013 – 20:47:54 | N | 6227922] F:ELEC-H-302_transpas_CHAP_5_2013.pdf

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:dhsvg6hw]