Répondre à : Virus WGO.EXE 2016-09-08T13:33:48+00:00
Loopyng
Participant
Nombre d'articles : 5

Me revoilou :hello: :hello:

Voici le rapport

############################## | UsbFix V 7.168 | [Suppression]

Utilisateur: Papy Kay (Administrateur) # PAPYKAY-PC
Mis à jour le 28/03/2014 par El Desaparecido – Team SosVirus
Lancé à 20:53:32 | 10/04/2014

Site Web : http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Changelog : http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;
Support : forum-virus-securite.html
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: ASUSTeK Computer Inc. (K53BR)
CPU: AMD E-450 APU with Radeon(tm) HD Graphics
RAM -> [Total : 5740 Mo| Free : 4055 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16866

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: Norton Internet Security [(!) Disabled | Updated]
AS: Norton Internet Security [Enabled | Updated]
FW: Norton Internet Security [Enabled]
FW: Windows FireWall [(!) Disabled]

C: (%systemdrive%) -> Disque fixe # 195 Go (146 Go libre(s) – 75%) [OS] # NTFS
D: -> Disque fixe # 245 Go (245 Go libre(s) – 100%) [Data] # NTFS
E: -> CD-ROM
F: -> Disque amovible # 8 Go (6 Go libre(s) – 81%) [] # FAT32

################## | Processus Actif |

C:Windowssystem32csrss.exe (ID: 408 |ParentID: 400)
C:Windowssystem32wininit.exe (ID: 516 |ParentID: 400)
C:Windowssystem32csrss.exe (ID: 532 |ParentID: 508)
C:Windowssystem32services.exe (ID: 576 |ParentID: 516)
C:Windowssystem32winlogon.exe (ID: 620 |ParentID: 508)
C:Windowssystem32lsass.exe (ID: 648 |ParentID: 516)
C:Windowssystem32lsm.exe (ID: 656 |ParentID: 516)
C:Windowssystem32svchost.exe (ID: 752 |ParentID: 576)
C:Windowssystem32svchost.exe (ID: 832 |ParentID: 576)
C:Windowssystem32atiesrxx.exe (ID: 884 |ParentID: 576)
C:WindowsSystem32svchost.exe (ID: 956 |ParentID: 576)
C:WindowsSystem32svchost.exe (ID: 1004 |ParentID: 576)
C:Windowssystem32svchost.exe (ID: 240 |ParentID: 576)
C:Windowssystem32svchost.exe (ID: 328 |ParentID: 576)
C:Windowssystem32svchost.exe (ID: 308 |ParentID: 576)
C:Windowssystem32svchost.exe (ID: 1096 |ParentID: 576)
C:Windowssystem32atieclxx.exe (ID: 1128 |ParentID: 884)
C:Windowssystem32FBAgent.exe (ID: 1216 |ParentID: 576)
C:Windowssystem32WLANExt.exe (ID: 1228 |ParentID: 1004)
C:Windowssystem32conhost.exe (ID: 1236 |ParentID: 408)
C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe (ID: 1268 |ParentID: 576)
C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe (ID: 1320 |ParentID: 576)
C:WindowsSystem32spoolsv.exe (ID: 1468 |ParentID: 576)
C:Windowssystem32svchost.exe (ID: 1528 |ParentID: 576)
C:Program Files (x86)ASUSATK PackageATK HotkeyHControl.exe (ID: 1576 |ParentID: 1268)
C:Windowssystem32Dwm.exe (ID: 1628 |ParentID: 1004)
C:WindowsExplorer.EXE (ID: 1664 |ParentID: 1620)
C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe (ID: 1912 |ParentID: 576)
C:Program Files (x86)Canal+CANAL+ CANALSAT A LA DEMANDEVODCanalPlus.VOD.exe (ID: 1948 |ParentID: 576)
C:Windowssystem32taskhost.exe (ID: 1988 |ParentID: 576)
C:WindowsAsScrPro.exe (ID: 1080 |ParentID: 1216)
C:Windowssystem32taskeng.exe (ID: 1760 |ParentID: 328)
C:Program FilesASUSP4GBatteryLife.exe (ID: 1876 |ParentID: 1760)
C:Windowssystem32taskeng.exe (ID: 1796 |ParentID: 328)
C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe (ID: 2064 |ParentID: 1796)
C:Program Files (x86)CyberLinkPower2GoCLMLSvc.exe (ID: 2080 |ParentID: 1216)
C:Program Files (x86)ASUSFaceLogonsensorsrv.exe (ID: 2164 |ParentID: 1760)
C:Program FilesRealtekAudioHDARAVCpl64.exe (ID: 2200 |ParentID: 1216)
C:Windowssystem32svchost.exe (ID: 2232 |ParentID: 576)
C:Program Files (x86)Norton Internet SecurityEngine21.2.0.38NIS.exe (ID: 2328 |ParentID: 576)
C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe (ID: 2676 |ParentID: 576)
C:Windowssystem32svchost.exe (ID: 2696 |ParentID: 576)
C:Program Files (x86)TeamViewerVersion9TeamViewer_Service.exe (ID: 2724 |ParentID: 576)
C:Program Files (x86)Norton Internet SecurityEngine21.2.0.38NIS.exe (ID: 2748 |ParentID: 2328)
C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe (ID: 2860 |ParentID: 576)
C:Program Files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE (ID: 2216 |ParentID: 576)
C:Program FilesRealtekAudioHDARAVBg64.exe (ID: 3524 |ParentID: 1664)
C:Program FilesElantechETDCtrl.exe (ID: 3532 |ParentID: 1664)
C:Program Files (x86)ASUSASUS Sonic FocusSonicFocusTray.exe (ID: 3812 |ParentID: 3556)
C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe (ID: 3836 |ParentID: 3556)
C:Program Files (x86)ASUSATK PackageATK HotkeyHControlUser.exe (ID: 3880 |ParentID: 3556)
C:Program Files (x86)ASUSWireless Console 3wcourier.exe (ID: 3904 |ParentID: 3556)
C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (ID: 3916 |ParentID: 3556)
C:Windowssystem32wbemwmiprvse.exe (ID: 3560 |ParentID: 752)
C:Windowssystem32SearchIndexer.exe (ID: 3540 |ParentID: 576)
C:Program FilesElantechETDCtrlHelper.exe (ID: 1700 |ParentID: 3532)
C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 704 |ParentID: 576)
C:Program Files (x86)ASUSATK PackageATK HotkeyATKOSD.exe (ID: 4168 |ParentID: 1576)
C:Program Files (x86)ASUSATK PackageATK HotkeyKBFiltr.exe (ID: 4404 |ParentID: 1576)
C:Program Files (x86)ASUSATK PackageATK HotkeyWDC.exe (ID: 4412 |ParentID: 1576)
C:WindowsSystem32svchost.exe (ID: 4612 |ParentID: 576)
C:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe (ID: 4856 |ParentID: 576)
C:WindowsSystem32WUDFHost.exe (ID: 5032 |ParentID: 1004)
C:Windowssystem32svchost.exe (ID: 2956 |ParentID: 576)
C:UsersPAPYKA~1AppDataLocalTempWGo.exe (ID: 2928 |ParentID: 4216)
C:Windowssystem32wbemwmiprvse.exe (ID: 2000 |ParentID: 752)
C:UsersPapy KayAppDataLocalGoogleChromeApplicationchrome.exe (ID: 5024 |ParentID: 1664)
C:UsersPapy KayAppDataLocalGoogleChromeApplicationchrome.exe (ID: 912 |ParentID: 5024)
C:UsersPapy KayAppDataLocalGoogleChromeApplicationchrome.exe (ID: 3844 |ParentID: 5024)
C:Windowssystem32SearchProtocolHost.exe (ID: 392 |ParentID: 3540)
C:Windowssystem32SearchFilterHost.exe (ID: 5112 |ParentID: 3540)

################## | Recherche générique |

Supprimé! C:UsersPapy KayAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupWGo.exe
Supprimé! F:WGo.exe
Supprimé! F:47R.zone-telechargement.com.avi
Supprimé! C:UsersPAPYKA~1AppDataLocalTempWGo.exe
Supprimé! F:Caisse Régionale Nord De France_fichiers.lnk
Supprimé! F:My Pictures.lnk
Supprimé! F:Photos famille.lnk
Supprimé! F:Nini.lnk
Supprimé! F:Lettre motivation.lnk
Supprimé! F:CV.lnk
Supprimé! F:Vilogia.lnk
Supprimé! F:Projet sam.lnk
Supprimé! F:Caisse Régionale Nord De France.htm.lnk
Supprimé! F:BP DARRY.doc.lnk
Supprimé! F:Résiliation numéricable.doc.lnk
Supprimé! F:WGo.exe.lnk
Supprimé! F:47R.zone-telechargement.com.avi.lnk
Supprimé! C:UsersPapy KayAppDataLocalnst598E.tmp
Supprimé! C:UsersPAPYKA~1AppDataLocalTempWGo.exe.ini

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKUS-1-5-21-4126837669-3840164496-1811669690-1001SoftwareMicrosoftWindowsCurrentVersionRun|WGo.exe

################## | Regedit Run |

F2 – HKLM..Winlogon : [Shell] explorer.exe
F2 – [x64] HKLM..Winlogon : [Shell] explorer.exe
F2 – HKLM..Winlogon : [Userinit] userinit.exe,
F2 – [x64] HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
04 – HKCU..Run : [Google Update] “C:UsersPapy KayAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
04 – HKLM..Run : [Nuance PDF Reader-reminder] “C:Program Files (x86)NuancePDF ReaderEregEreg.exe” -r “C:ProgramDataNuancePDF ReaderEregEreg.ini”
04 – HKLM..Run : [ASUSPRP] “C:Program Files (x86)ASUSAPRPAPRP.EXE”
04 – HKLM..Run : [ASUSWebStorage] C:Program Files (x86)ASUSASUS WebStorage3.0.108.222AsusWSPanel.exe /S
04 – HKLM..Run : [SonicMasterTray] C:Program Files (x86)ASUSASUS Sonic FocusSonicFocusTray.exe
04 – HKLM..Run : [ATKOSD2] C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe
04 – HKLM..Run : [ATKMEDIA] C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe
04 – HKLM..Run : [HControlUser] C:Program Files (x86)ASUSATK PackageATK HotkeyHControlUser.exe
04 – HKLM..Run : [Wireless Console 3] C:Program Files (x86)ASUSWireless Console 3wcourier.exe
04 – HKLM..Run : [SunJavaUpdateSched] “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLM..Run : [WebInternetSecurity] “C:Program Files (x86)WebinternetsecurityWebInternetSecurity.exe”
04 – HKLM..Run : [CANAL+ CANALSAT A LA DEMANDE] “C:Program Files (x86)Canal+CANAL+ CANALSAT A LA DEMANDELauncher.exe”
04 – HKLM..RunOnce : []
04 – [x64] HKLM..Run : [RtHDVBg] C:Program FilesRealtekAudioHDARAVBg64.exe /SF3
04 – [x64] HKLM..Run : [ETDCtrl] %ProgramFiles%ElantechETDCtrl.exe
04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-4126837669-3840164496-1811669690-1001..Run : [Google Update] “C:UsersPapy KayAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

################## | Listing |

[30/12/2013 – 18:48:53 | SD] – C:$Recycle.Bin
[10/04/2014 – 17:05:56 | D] – C:AdwCleaner
[11/10/2011 – 13:18:45 | N | 0 Ko] – C:ASUS.md5
[19/10/2011 – 06:34:37 | D] – C:AsusVibeData
[18/01/2014 – 22:52:43 | A | 0 Ko] – C:autoexec.bat
[29/07/2009 – 08:03:34 | SHD] – C:Boot
[14/07/2009 – 03:38:58 | RASH | 375 Ko] – C:bootmgr
[29/07/2009 – 08:03:37 | RASH | 8 Ko] – C:BOOTSECT.BAK
[31/12/2013 – 02:35:13 | N | 15 Ko | 5CBB836B3B47D4F4E28B01DAAA009AD7] – C:devlist.txt
[14/07/2009 – 07:08:56 | SHD] – C:Documents and Settings
[31/12/2013 – 02:13:24 | D] – C:eSupport
[31/12/2013 – 02:35:13 | N | 0 Ko] – C:Finish.log
[10/04/2014 – 18:16:49 | ASH | 4408056 Ko] – C:hiberfil.sys
[10/11/2011 – 15:06:24 | N | 2048 Ko] – C:K43BR.BIN
[14/12/2011 – 09:01:50 | N | 0 Ko] – C:K43BR_K53BR_K73BR_WIN7.40
[10/04/2014 – 18:16:51 | ASH | 5877408 Ko] – C:pagefile.sys
[17/04/2013 – 01:00:48 | N | 0 Ko | 1E12179C738E630A44ACA439C8C0DCA9] – C:Pass.txt
[14/07/2009 – 05:20:08 | D] – C:PerfLogs
[18/01/2014 – 22:51:36 | D] – C:Program Files
[10/04/2014 – 17:47:10 | D] – C:Program Files (x86)
[10/04/2014 – 17:05:32 | HD] – C:ProgramData
[30/12/2013 – 18:46:19 | SHD] – C:Recovery
[14/12/2011 – 09:01:50 | N | 0 Ko] – C:RECOVERY.DAT
[31/12/2013 – 02:01:37 | N | 2 Ko] – C:RHDSetup.log
[31/12/2013 – 02:03:40 | N | 0 Ko] – C:setup.log
[10/04/2014 – 18:20:30 | SHD] – C:System Volume Information
[10/04/2014 – 18:21:39 | D] – C:UsbFix
[10/04/2014 – 20:58:00 | A | 11 Ko | C306FBCF4D576C7C64CFDE1AE1B1A83C] – C:UsbFix [Clean 2] PAPYKAY-PC.txt
[10/04/2014 – 18:27:53 | N | 9 Ko | 98F251809DDB89A13E25386737B2CCF4] – C:UsbFix [Scan 1] PAPYKAY-PC.txt
[10/04/2014 – 20:45:18 | N | 6 Ko | BACAA52EF0D7D067D3048D2C1B7C570C] – C:UsbFix [Scan 2] PAPYKAY-PC.txt
[10/04/2014 – 20:46:48 | N | 6 Ko | 0D0D8A28056FBD7520342CA8AD92D44A] – C:UsbFix [Scan 3] PAPYKAY-PC.txt
[10/04/2014 – 20:51:17 | N | 10 Ko | E87620065A8A478AE28BB0544DDADAFE] – C:UsbFix [Scan 4] PAPYKAY-PC.txt
[30/12/2013 – 18:48:15 | D] – C:Users
[10/04/2014 – 18:16:50 | D] – C:Windows
[30/12/2013 – 18:48:54 | SD] – D:$RECYCLE.BIN
[10/04/2014 – 17:43:59 | SHD] – D:System Volume Information
[09/04/2014 – 17:19:22 | N | 65 Ko] – F:Caisse Régionale Nord De France.htm
[09/04/2014 – 17:19:22 | D] – F:Caisse Régionale Nord De France_fichiers
[09/04/2014 – 17:36:02 | N | 631 Ko] – F:BP DARRY.doc
[10/04/2014 – 08:44:06 | D] – F:My Pictures
[09/04/2014 – 18:09:22 | N | 33 Ko] – F:Résiliation numéricable.doc
[22/07/2013 – 15:39:10 | D] – F:Photos famille
[26/03/2014 – 10:24:26 | D] – F:Nini
[26/03/2014 – 10:33:52 | D] – F:Lettre motivation
[26/03/2014 – 10:33:50 | D] – F:CV
[03/03/2014 – 07:50:50 | D] – F:Vilogia
[30/03/2014 – 20:06:38 | D] – F:Projet sam

################## | Vaccin |

D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net/” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |