Sujet Précédent Sujet Suivant

Winupgro

Fermé
KAT - 12 janv. 2009 à 20:26
 KAT - 12 janv. 2009 à 21:04
Bonjour,
j'ai chopé le virus winupgro.
comment m'en débarasser..?
est ce à cause de lui que je n'ai plus de son..?
merci

2 réponses

Réponse 1 / 2
crapoulou Messages postés 28158 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 16 avril 2024 7 990
12 janv. 2009 à 20:26
Salut,
Télécharge FindyKill (Merci à Chiquitine29 !!)
= = = = >>> En cliquant ici <<< = = = =

Fais un clic droit sur le lien, Enregistrer la cible sous (Internet Explorer) ou Enregistrer la cible du lien sous (Firefox) …
Choisis d’enregistrer le fichier sur le bureau.

Double clique sur FindyKill.exe
Choisis l’option 1 (Recherche)
Un rapport va s’ouvrir, poste le dans ta prochaine réponse.

Note :
Le rapport FindyKill.txt est sauvegardé à la racine du disque (C:\FindyKill.txt)
0
KAT
12 janv. 2009 à 20:39
voilà le rapport.
merci

----------------- FindyKill V4.711 ------------------

* User : kat - KAT-LOQ1XM5AGZF
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 05/01/09 par Chiquitine29
* Recherche effectuée à 20:34:57 le 12/01/2009
* Windows XP - Internet Explorer 7.0.5730.13

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
C:\Documents and Settings\kat\Application Data\drivers\winupgro.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe

--------------- [ Processus infectieux stoppés ] ----------------


"C:\Documents and Settings\kat\Application Data\drivers\winupgro.exe" (1584)


--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:


»»»» Presence des fichiers dans C:\WINDOWS


»»»» Presence des fichiers dans C:\WINDOWS\Prefetch

Found ! - C:\WINDOWS\prefetch\149234.EXE-14B0A66B.pf
Found ! - C:\WINDOWS\prefetch\185453.EXE-149BA829.pf
Found ! - C:\WINDOWS\prefetch\265890.EXE-216CAEEC.pf
Found ! - C:\WINDOWS\prefetch\269296.EXE-2B84C6A9.pf
Found ! - C:\WINDOWS\prefetch\284859.EXE-20B2D5E6.pf
Found ! - C:\WINDOWS\prefetch\340000.EXE-0266386D.pf
Found ! - C:\WINDOWS\prefetch\374156.EXE-17673661.pf
Found ! - C:\WINDOWS\prefetch\474984.EXE-0A757197.pf
Found ! - C:\WINDOWS\prefetch\624500.EXE-37AE8149.pf
Found ! - C:\WINDOWS\prefetch\893656.EXE-2D6B42DE.pf
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-1ACBF2A8.pf
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
Found ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-101AF362.pf
Found ! - C:\WINDOWS\Prefetch\INSTALL_PATCH.EXE-241B4894.pf

»»»» Presence des fichiers dans C:\WINDOWS\system32

Found ! [12/01/2009 18:10] - C:\WINDOWS\system32\mdelk.exe
Found ! [12/01/2009 18:10] - C:\WINDOWS\system32\wintems.exe
Found ! [12/01/2009 20:01] - C:\WINDOWS\system32\ban_list.txt

»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers


»»»» Presence des fichiers dans C:\Documents and Settings\kat\Application Data

Found ! [12/01/2009 18:12] - "C:\Documents and Settings\kat\Application Data\m\flec006.exe"
Found ! [12/01/2009 18:12] - "C:\Documents and Settings\kat\Application Data\m\list.oct"
Found ! [12/01/2009 18:13] - "C:\Documents and Settings\kat\Application Data\m\data.oct"
Found ! [12/01/2009 18:13] - "C:\Documents and Settings\kat\Application Data\m\srvlist.oct"
Found ! [12/01/2009 19:05] - "C:\Documents and Settings\kat\Application Data\m\shared"
Found ! [11/01/2009 14:41] - "C:\Documents and Settings\kat\Application Data\m"
Found ! [11/01/2009 14:27] - "C:\Documents and Settings\kat\Application Data\drivers"
Found ! [12/01/2009 18:59] - "C:\Documents and Settings\kat\Application Data\drivers\srosa.sys"
Found ! [12/01/2009 18:59] - "C:\Documents and Settings\kat\Application Data\drivers\srosa2.sys"
Found ! [02/10/2004 05:04] - "C:\Documents and Settings\kat\Application Data\drivers\winupgro.exe"
Found ! [12/01/2009 19:51] - "C:\Documents and Settings\kat\Application Data\drivers\downld"

»»»» Presence des fichiers dans C:\DOCUME~1\kat\LOCALS~1\Temp


»»»» Presence des fichiers dans C:\Documents and Settings\kat\Local Settings\Temporary Internet Files\Content.IE5

Found ! [11/01/2009 19:06] - C:\Documents and Settings\kat\Local Settings\Temporary Internet Files\Content.IE5\90UYFLWV\b64[1].jpg
Found ! [11/01/2009 20:07] - C:\Documents and Settings\kat\Local Settings\Temporary Internet Files\Content.IE5\90UYFLWV\b64[2].jpg
Found ! [11/01/2009 20:20] - C:\Documents and Settings\kat\Local Settings\Temporary Internet Files\Content.IE5\90UYFLWV\b64[3].jpg
Found ! [11/01/2009 14:40] - C:\Documents and Settings\kat\Local Settings\Temporary Internet Files\Content.IE5\90UYFLWV\b64_1[1].jpg
Found ! [11/01/2009 15:01] - C:\Documents and Settings\kat\Local Settings\Temporary Internet Files\Content.IE5\90UYFLWV\b64_1[2].jpg
Found ! [11/01/2009 19:09] - C:\Documents and Settings\kat\Local Settings\Temporary Internet Files\Content.IE5\90UYFLWV\b64_1[3].jpg
Found ! [12/01/2009 18:50] - C:\Documents and Settings\kat\Local Settings\Temporary Internet Files\Content.IE5\90UYFLWV\b64_1[4].jpg
Found ! [12/01/2009 19:07] - C:\Documents and Settings\kat\Local Settings\Temporary Internet Files\Content.IE5\90UYFLWV\b64_1[5].jpg
Found ! [11/01/2009 15:04] - C:\Documents and Settings\kat\Local Settings\Temporary Internet Files\Content.IE5\90UYFLWV\b64_2[1].jpg
Found ! [11/01/2009 14:38] - C:\Documents and Settings\kat\Local Settings\Temporary Internet Files\Content.IE5\90UYFLWV\b64_3[1].jpg
Found ! [11/01/2009 14:56] - C:\Documents and Settings\kat\Local Settings\Temporary Internet Files\Content.IE5\90UYFLWV\b64_3[2].jpg
Found ! [11/01/2009 19:07] - C:\Documents and Settings\kat\Local Settings\Temporary Internet Files\Content.IE5\90UYFLWV\file[1].txt
Found ! [12/01/2009 18:13] - C:\Documents and Settings\kat\Local Settings\Temporary Internet Files\Content.IE5\90UYFLWV\servernames[1].htm
Found ! [12/01/2009 11:46] - C:\Documents and Settings\kat\Local Settings\Temporary Internet Files\Content.IE5\H5QUC2HR\b64_1[1].jpg
Found ! [12/01/2009 11:48] - C:\Documents and Settings\kat\Local Settings\Temporary Internet Files\Content.IE5\H5QUC2HR\b64_1[2].jpg
Found ! [11/01/2009 19:05] - C:\Documents and Settings\kat\Local Settings\Temporary Internet Files\Content.IE5\H5QUC2HR\b64_3[1].jpg
Found ! [11/01/2009 14:39] - C:\Documents and Settings\kat\Local Settings\Temporary Internet Files\Content.IE5\H5QUC2HR\file[1].txt
Found ! [11/01/2009 19:09] - C:\Documents and Settings\kat\Local Settings\Temporary Internet Files\Content.IE5\H5QUC2HR\servernames[1].htm
Found ! [11/01/2009 15:01] - C:\Documents and Settings\kat\Local Settings\Temporary Internet Files\Content.IE5\Q4U4PO47\b64[1].jpg
Found ! [12/01/2009 11:46] - C:\Documents and Settings\kat\Local Settings\Temporary Internet Files\Content.IE5\Q4U4PO47\b64[2].jpg
Found ! [11/01/2009 14:34] - C:\Documents and Settings\kat\Local Settings\Temporary Internet Files\Content.IE5\Q4U4PO47\b64_1[1].jpg
Found ! [11/01/2009 14:46] - C:\Documents and Settings\kat\Local Settings\Temporary Internet Files\Content.IE5\Q4U4PO47\b64_1[2].jpg
Found ! [11/01/2009 20:07] - C:\Documents and Settings\kat\Local Settings\Temporary Internet Files\Content.IE5\Q4U4PO47\b64_1[3].jpg
Found ! [11/01/2009 20:22] - C:\Documents and Settings\kat\Local Settings\Temporary Internet Files\Content.IE5\Q4U4PO47\b64_1[4].jpg
Found ! [12/01/2009 18:15] - C:\Documents and Settings\kat\Local Settings\Temporary Internet Files\Content.IE5\Q4U4PO47\b64_1[5].jpg
Found ! [11/01/2009 19:09] - C:\Documents and Settings\kat\Local Settings\Temporary Internet Files\Content.IE5\Q4U4PO47\b64_2[1].jpg
Found ! [12/01/2009 19:49] - C:\Documents and Settings\kat\Local Settings\Temporary Internet Files\Content.IE5\Q4U4PO47\b64_2[2].jpg
Found ! [11/01/2009 20:18] - C:\Documents and Settings\kat\Local Settings\Temporary Internet Files\Content.IE5\Q4U4PO47\b64_3[1].jpg
Found ! [12/01/2009 20:01] - C:\Documents and Settings\kat\Local Settings\Temporary Internet Files\Content.IE5\Q4U4PO47\file[1].txt
Found ! [11/01/2009 14:34] - C:\Documents and Settings\kat\Local Settings\Temporary Internet Files\Content.IE5\UNP43JX3\b64[1].jpg
Found ! [11/01/2009 14:41] - C:\Documents and Settings\kat\Local Settings\Temporary Internet Files\Content.IE5\UNP43JX3\b64[2].jpg
Found ! [12/01/2009 18:12] - C:\Documents and Settings\kat\Local Settings\Temporary Internet Files\Content.IE5\UNP43JX3\b64[3].jpg
Found ! [12/01/2009 19:07] - C:\Documents and Settings\kat\Local Settings\Temporary Internet Files\Content.IE5\UNP43JX3\b64[4].jpg
Found ! [11/01/2009 15:04] - C:\Documents and Settings\kat\Local Settings\Temporary Internet Files\Content.IE5\UNP43JX3\b64_1[1].jpg
Found ! [11/01/2009 20:20] - C:\Documents and Settings\kat\Local Settings\Temporary Internet Files\Content.IE5\UNP43JX3\b64_1[2].jpg
Found ! [12/01/2009 19:48] - C:\Documents and Settings\kat\Local Settings\Temporary Internet Files\Content.IE5\UNP43JX3\b64_1[3].jpg
Found ! [11/01/2009 14:50] - C:\Documents and Settings\kat\Local Settings\Temporary Internet Files\Content.IE5\UNP43JX3\b64_2[1].jpg
Found ! [11/01/2009 20:10] - C:\Documents and Settings\kat\Local Settings\Temporary Internet Files\Content.IE5\UNP43JX3\b64_2[2].jpg
Found ! [12/01/2009 11:49] - C:\Documents and Settings\kat\Local Settings\Temporary Internet Files\Content.IE5\UNP43JX3\b64_2[3].jpg
Found ! [12/01/2009 18:16] - C:\Documents and Settings\kat\Local Settings\Temporary Internet Files\Content.IE5\UNP43JX3\b64_2[4].jpg
Found ! [12/01/2009 11:45] - C:\Documents and Settings\kat\Local Settings\Temporary Internet Files\Content.IE5\UNP43JX3\b64_3[1].jpg
Found ! [12/01/2009 18:10] - C:\Documents and Settings\kat\Local Settings\Temporary Internet Files\Content.IE5\UNP43JX3\b64_3[2].jpg
Found ! [11/01/2009 14:32] - C:\Documents and Settings\kat\Local Settings\Temporary Internet Files\Content.IE5\UNP43JX3\b64_5[1].jpg
Found ! [11/01/2009 14:56] - C:\Documents and Settings\kat\Local Settings\Temporary Internet Files\Content.IE5\UNP43JX3\file[1].txt
Found ! [12/01/2009 18:13] - C:\Documents and Settings\kat\Local Settings\Temporary Internet Files\Content.IE5\UNP43JX3\mxd[1].jpg
Found ! [11/01/2009 14:41] - C:\Documents and Settings\kat\Local Settings\Temporary Internet Files\Content.IE5\UNP43JX3\servernames[1].htm
Found ! [26/01/2001 10:23] - C:\Documents and Settings\kat\Mes documents\office 2003\FILES\OSP\1033\FILES\WINDOWS\HELP\PSS10.TXT
Found ! [22/02/1999 18:29] - C:\Documents and Settings\kat\Mes documents\office 2003\FILES\PFILES\MSOFFICE\OFFICE10\1033\FILTERS.TXT

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
EPSON Stylus DX4400 Series=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S9A.tmp" /EF "HKCU"
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Netlog Music Tool="C:\Program Files\Netlog Music Tool\NetlogMusicTool.exe"
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
geiko="c:\documents and settings\kat\local settings\application data\geiko.exe" geiko
98206738360933301361063565652608=C:\Program Files\Antivirus 2009\av2009.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
NWEReboot=
NeroFilterCheck=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
KMConfig="C:\Program Files\Multimedia Mouse Driver\V5\StartAutorun.exe" KMConfig.exe
ac4b1d28=rundll32.exe "C:\WINDOWS\system32\liopdekn.dll",b
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
Installed=1
NoChange=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

[HKEY_CURRENT_USER\software\local appwizard-generated applications\GoogleToolbarNotifier]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\install_patch]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

--------------- [ Registre / Clés infectieuses ] ----------------


Found ! - HKEY_USERS\S-1-5-21-1454471165-1580818891-1417001333-1004\Software\Local AppWizard-Generated Applications\install_patch
Found ! - HKEY_USERS\S-1-5-21-1454471165-1580818891-1417001333-1004\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-1454471165-1580818891-1417001333-1004\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-1454471165-1580818891-1417001333-1004\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-1454471165-1580818891-1417001333-1004\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-1454471165-1580818891-1417001333-1004\Software\FirtR
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\install_patch
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR

/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
/!\ Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1

--------------- [ Etat / Services ] ----------------

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

/!\ Mode sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

/!\ Mode sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

/!\ Mode sans echec non fonctionnel !!



+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

EapHost - Type de démarrage = 3

/!\ Ip6Fw - Type de démarrage = 4

/!\ SharedAccess - Type de démarrage = 4

/!\ wuauserv - Type de démarrage = 4

/!\ wscsvc - Type de démarrage = 4


--------------- [ Recherche dans supports amovibles] ----------------


+- Informations :

C: - Lecteur fixe


+- presence des fichiers :



--------------- [ Registre / Mountpoint2 ] ----------------


-> Not found !


------------------- ! Fin du rapport ! --------------------
0
Réponse 2 / 2
crapoulou Messages postés 28158 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 16 avril 2024 7 990
12 janv. 2009 à 20:41
Nettoyage :

--> Double clic sur le raccourci FindyKill sur ton bureau
--> Au menu principal, choisis l’option 2 (Suppression)


/!\ Il y aura deux redémarrages, laisse travailler l’outil jusqu’à l’apparition du message "nettoyage effectué" /!\

/!\ Ne te sert pas du pc durant la suppression, ton bureau ne sera pas accessible, c’est normal ! /!\

Ensuite poste le rapport FindyKill.txt

Notes :
* Le rapport FindyKill.txt est sauvegardé à la racine du disque (C:\ FindyKill.txt)
* Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide
0