Ntsb investigation / winupgro

Bonjour,

voila comme de personnes pour noel je me suis chopé un virus en cliquan sur un crack depui g une fenetre ntsb qui saffiche psq tt le tem qd jallume mon ordi.

de plus je .exe winupgro.exe qui me fai rammer lordi. mai le reste marche.

g donc utiliser FindyKill:

le rapport



----------------- FindyKill V4.710 ------------------

* User : beuns - YOUR-2E74ME1N01
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 21/12/08 par Chiquitine29
* Recherche effectuée à 20:35:19 le 28/12/2008
* Windows XP - Internet Explorer 6.0.2900.5512

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Elantech\ETDCtrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:


»»»» Presence des fichiers dans C:\WINDOWS


»»»» Presence des fichiers dans C:\WINDOWS\Prefetch

Found ! - C:\WINDOWS\prefetch\188453.EXE-1C7C9299.pf
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-2259362E.pf

»»»» Presence des fichiers dans C:\WINDOWS\system32

Found ! [28/12/2008 19:07] - C:\WINDOWS\system32\mdelk.exe
Found ! [28/12/2008 19:07] - C:\WINDOWS\system32\wintems.exe
Found ! [28/12/2008 20:08] - C:\WINDOWS\system32\ban_list.txt

»»»» Presence des fichiers dans C:\WINDOWS\system32\config\systemprofile\AppData\Roaming


»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers


»»»» Presence des fichiers dans C:\Documents and Settings\beuns\Application Data

Found ! [28/12/2008 19:09] - "C:\Documents and Settings\beuns\Application Data\m\flec006.exe"
Found ! [28/12/2008 19:09] - "C:\Documents and Settings\beuns\Application Data\m\list.oct"
Found ! [28/12/2008 19:10] - "C:\Documents and Settings\beuns\Application Data\m\data.oct"
Found ! [28/12/2008 19:10] - "C:\Documents and Settings\beuns\Application Data\m\srvlist.oct"
Found ! [28/12/2008 19:13] - "C:\Documents and Settings\beuns\Application Data\m\shared"
Found ! [28/12/2008 19:10] - "C:\Documents and Settings\beuns\Application Data\m"
Found ! [28/12/2008 19:07] - "C:\Documents and Settings\beuns\Application Data\drivers"
Found ! [28/12/2008 19:07] - "C:\Documents and Settings\beuns\Application Data\drivers\srosa.sys"
Found ! [28/12/2008 19:07] - "C:\Documents and Settings\beuns\Application Data\drivers\srosa2.sys"
Found ! [15/09/2004 02:01] - "C:\Documents and Settings\beuns\Application Data\drivers\winupgro.exe"
Found ! [28/12/2008 19:11] - "C:\Documents and Settings\beuns\Application Data\drivers\downld"
Found ! [28/12/2008 19:11] - C:\Documents and Settings\beuns\Application Data\drivers\downld\188453.exe
Found ! [28/12/2008 19:11] - C:\Documents and Settings\beuns\Application Data\drivers\downld\227187.exe
Found ! [28/12/2008 19:11] - C:\Documents and Settings\beuns\Application Data\drivers\downld\227890.exe
Found ! [28/12/2008 19:11] - C:\Documents and Settings\beuns\Application Data\drivers\downld\227921.exe
Found ! [28/12/2008 19:11] - C:\Documents and Settings\beuns\Application Data\drivers\downld\240609.exe
Found ! [28/12/2008 19:11] - C:\Documents and Settings\beuns\Application Data\drivers\downld\241812.exe
Found ! [28/12/2008 19:11] - C:\Documents and Settings\beuns\Application Data\drivers\downld\242281.exe
Found ! [28/12/2008 19:11] - C:\Documents and Settings\beuns\Application Data\drivers\downld\243078.exe
Found ! [28/12/2008 19:11] - C:\Documents and Settings\beuns\Application Data\drivers\downld\266421.exe
Found ! [28/12/2008 19:11] - C:\Documents and Settings\beuns\Application Data\drivers\downld\267843.exe
Found ! [28/12/2008 19:11] - C:\Documents and Settings\beuns\Application Data\drivers\downld\290812.exe
Found ! [28/12/2008 19:11] - C:\Documents and Settings\beuns\Application Data\drivers\downld\291437.exe
Found ! [28/12/2008 19:11] - C:\Documents and Settings\beuns\Application Data\drivers\downld\291812.exe
Found ! [28/12/2008 19:11] - C:\Documents and Settings\beuns\Application Data\drivers\downld\311421.exe
Found ! [28/12/2008 19:11] - C:\Documents and Settings\beuns\Application Data\drivers\downld\318453.exe
Found ! [28/12/2008 19:11] - C:\Documents and Settings\beuns\Application Data\drivers\downld\319125.exe
Found ! [28/12/2008 19:11] - C:\Documents and Settings\beuns\Application Data\drivers\downld\319500.exe
Found ! [28/12/2008 19:11] - C:\Documents and Settings\beuns\Application Data\drivers\downld\45968.exe
Found ! [28/12/2008 19:11] - C:\Documents and Settings\beuns\Application Data\drivers\downld\46765.exe
Found ! [28/12/2008 19:11] - C:\Documents and Settings\beuns\Application Data\drivers\downld\46796.exe
Found ! [28/12/2008 19:11] - C:\Documents and Settings\beuns\Application Data\drivers\downld\50531.exe
Found ! [28/12/2008 19:11] - C:\Documents and Settings\beuns\Application Data\drivers\downld\78546.exe
Found ! [28/12/2008 19:11] - C:\Documents and Settings\beuns\Application Data\drivers\downld\79343.exe
Found ! [28/12/2008 19:11] - C:\Documents and Settings\beuns\Application Data\drivers\downld\79687.exe

»»»» Presence des fichiers dans C:\DOCUME~1\beuns\LOCALS~1\Temp


»»»» Presence des fichiers dans C:\Documents and Settings\beuns\Local Settings\Temporary Internet Files\Content.IE5


--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
IgfxTray=C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds=C:\WINDOWS\system32\hkcmd.exe
Persistence=C:\WINDOWS\system32\igfxpers.exe
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
RTHDCPL=RTHDCPL.EXE
Alcmtr=ALCMTR.EXE
ETDWare=C:\Program Files\Elantech\ETDCtrl.exe
AsusTray=C:\Program Files\EeePC\ACPI\AsTray.exe
AsusACPIServer=C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
AsusEPCMonitor=C:\Program Files\EeePC\ACPI\AsEPCMon.exe
AppleSyncNotifier=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

[HKEY_CURRENT_USER\software\local appwizard-generated applications\jusched]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

--------------- [ Registre / Clés infectieuses ] ----------------


Found ! - HKEY_USERS\S-1-5-21-4103202431-2998208343-1831945772-1006\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-4103202431-2998208343-1831945772-1006\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-4103202431-2998208343-1831945772-1006\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-4103202431-2998208343-1831945772-1006\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4

--------------- [ Etat / Services ] ----------------

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

- sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

- sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

- sans echec non fonctionnel !!



+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

EapHost - Type de démarrage = 2

/!\ Ip6Fw - Type de démarrage = 4

/!\ SharedAccess - Type de démarrage = 4

/!\ wuauserv - Type de démarrage = 4

/!\ wscsvc - Type de démarrage = 4



--------------- [ Recherche dans supports amovibles] ----------------


+- Informations :

C: - Lecteur fixe

D: - Lecteur fixe


+- presence des fichiers :



--------------- [ Registre / Mountpoint2 ] ----------------


-> Not found !


------------------- ! Fin du rapport ! --------------------





apres sa la fenetre napparaissait plus comme le .exe mai la touche fn de mon ordi ne marchait plus donc jai telecharger le driver sur le site d'asus la touche fn remarchait nikel.

pui g redemarrai lordi et le .exe et la fenetre apparaiisait.

c ki es bizarre c que qd je demarre lordi la fenetre ntsb apparai mai mon ordi marche nikel mai 2 minutes appres lordi seteint tou seul et redemarre. et la plu de fenetre mai winupgro ki fai ramer mon ordi.

Donc si une âme charitable voudrai bien maider

merci d'avance et bonne fete de fin dannée a tous

PS: jai un ASUS Eeepc 1000H