"win 32"
sandocris
Messages postés
1
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
Depuis quelques jours, je ne peux plus ouvrir l'antivirus, ni certains fichiers. l'ordianteur m'affiche invariablement "... n'est pas une application Win 32 valide". je viens de voir un post, qui détaillait les démarches à faire pour supprimer le virus en cause. J'ai fait le test de Findykill, mais rien n'a changé...
Voilà ce que me dit le rapport :
############################## [ FindyKill V4.721 ]
# User : sandocris (Administrateurs) # PC-DE-SANDOCRIS
# Update on 29/03/09 by Chiquitine29
# Start at: 19:26:49 | 01/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/
# Intel(R) Core(TM)2 CPU 4300 @ 1.80GHz
# Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Disabled
# AV : Norton Internet Security 2007 [ Enabled | (!) Outdated ]
# FW : Norton Internet Security[ Enabled ]2007
# C:\ # Disque fixe local # 290,09 Go (52,52 Go free) [HDD] # NTFS
# D:\ # Disque amovible
# E:\ # Disque amovible
# F:\ # Disque amovible
# G:\ # Disque amovible
# H:\ # Disque CD-ROM
# I:\ # Disque amovible # 485,02 Mo (215,07 Mo free) [SANDRINE] # FAT
############################## [ Active Processes ]
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\pspvideo9\pspVideo9.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\sandocris\AppData\Local\uakgmiy.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
################## [ Infected Files / Folders C:\ ]
Deleted ! - C:\InfoSat.txt
################## [ C:\Windows & C:\Windows\prefetch ]
Deleted ! - C:\Windows\prefetch\KEY_GENERATOR.EXE-DE4D8546.pf
Deleted ! - C:\Windows\prefetch\KEY_GENERATOR.EXE-EDB4FB02.pf
Deleted ! - C:\Windows\prefetch\MPCMDRUN.EXE-F401FBB4.pf
Deleted ! - C:\Windows\prefetch\SERIAL.EXE-9325632C.pf
Deleted ! - C:\Windows\prefetch\SERIAL.EXE-AD868DFC.pf
Deleted ! - C:\Windows\prefetch\SERIAL.EXE-F948F880.pf
################## [ C:\Windows\System32 ]
################## [ C:\Windows\System32\drivers ]
################## [ C:\.. Application Data ... ]
Deleted ! - "C:\Users\sandocris\AppData\Roaming\drivers\wfsintwq.sys"
Deleted ! - "C:\Users\sandocris\AppData\Roaming\drivers\winupgro.exe"
Deleted ! - "C:\Users\sandocris\AppData\Roaming\drivers\downld"
Deleted ! - "C:\Users\sandocris\AppData\Roaming\drivers"
################## [ C:\Users\sandocris\.....\Temp Files... ]
Deleted ! - C:\Users\sandocris\Local Settings\Temporary Internet Files\Content.IE5\174IGR9C\b64_3[1].jpg
Deleted ! - C:\Users\sandocris\Local Settings\Temporary Internet Files\Content.IE5\174IGR9C\b64_6[1].jpg
Deleted ! - C:\Users\sandocris\Local Settings\Temporary Internet Files\Content.IE5\385YIHA4\b64_3[1].jpg
Deleted ! - C:\Users\sandocris\Local Settings\Temporary Internet Files\Content.IE5\FVUE5OQ1\b64_1[1].jpg
Deleted ! - C:\Users\sandocris\Local Settings\Temporary Internet Files\Content.IE5\FVUE5OQ1\b64_2[1].jpg
Deleted ! - C:\Users\sandocris\Local Settings\Temporary Internet Files\Content.IE5\FVUE5OQ1\b64_6[1].jpg
Deleted ! - C:\Users\sandocris\Local Settings\Temporary Internet Files\Content.IE5\TZLRPI74\b64_6[1].jpg
Deleted ! - C:\Users\SANDOC~1\AppData\Local\Temp\GDSSetup.exe
Deleted ! - C:\Users\SANDOC~1\AppData\Local\Temp\setup.exe
Deleted ! - C:\Users\SANDOC~1\AppData\Local\Temp\NERB8E9.tmp\Redist\DirectX\dxsetup.exe
Deleted ! - C:\Users\SANDOC~1\AppData\Local\Temp\NERO14409\Data\Redist\DirectX\dxsetup.exe
Deleted ! - C:\Users\SANDOC~1\AppData\Local\Temp\NERO14775\Data\Redist\DirectX\dxsetup.exe
Deleted ! - C:\Users\SANDOC~1\AppData\Local\Temp\Temp1_Tinysoar DVD to PSP Converter 1.6.2.zip\serial.exe
Deleted ! - C:\Users\SANDOC~1\AppData\Local\Temp\Temp1_Topmpx DVD to iPod PSP Suite 1.08.zip\key_generator.exe
Deleted ! - C:\Users\SANDOC~1\AppData\Local\Temp\ztv46D\dpvsetup.exe
Deleted ! - C:\Users\SANDOC~1\AppData\Local\Temp\ztvCE01\dpvsetup.exe
Deleted ! - C:\Users\SANDOC~1\AppData\Local\Temp\_ir_sf7_temp_0\irsetup.exe
################## [ Registry / Infected keys ]
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\key_generator
Deleted ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\serial
Deleted ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UacDisableNotify Value=0x1.
# -> ( Good=0x0 Bad=0x1 ) Value reset successfully !
################## [ Cleaning Removable drives ]
# Deleting Files :
Deleted ! - I:\autorun.inf
################## [ Registry / Mountpoint2 ]
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41c58331-0927-11de-acda-00038a000015}\Shell\AutoRun\command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f9a98ef-4779-11dd-a1a1-00195bebc57a}\Shell\AutoRun\command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c5ff2e8e-5bb1-11dd-970c-00195bebc57a}\Shell\AutoRun\command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc61c89c-5998-11dd-ab09-00195bebc57a}\Shell\AutoRun\command
################## [ States / Restarting of services ]
# Services : [ Auto=2 / Request=3 / Disable=4 ]
# Ndisuio -> # Type of startup =3
# EapHost -> # Type of startup =2
# Wlansvc -> # Type of startup =2
# SharedAccess -> # Type of startup =2
# wuauserv -> # Type of startup =2
# wscsvc -> # Type of startup =2
# WinDefend -> # Type of startup =2
# -> UAC is Enable.
################## [ Searching Other Infections ]
# Références de comparaison Bagle MD5 :
File ... : C:\Users\sandocris\AppData\Roaming\drivers\winupgro.exe
CRC32 .. : 327c343a
MD5 .... : 1f1739af9fca9862ec27b747d6e6c0dd
Deleted ! : C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
# Taille : 798720 # MD5 : 1F1739AF9FCA9862EC27B747D6E6C0DD
################## [ PEH Corrupted ]
C:\Program Files\Alwil Software\Avast4\ashAvast.exe
C:\Program Files\Alwil Software\Avast4\ashChest.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashLogV.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashPopWz.exe
C:\Program Files\Alwil Software\Avast4\ashQuick.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashSimp2.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\ashSkPcc.exe
C:\Program Files\Alwil Software\Avast4\ashSkPck.exe
C:\Program Files\Alwil Software\Avast4\ashUpd.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\aswRegSvr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\sched.exe
C:\Program Files\Alwil Software\Avast4\VisthLic.exe
C:\Program Files\Alwil Software\Avast4\VisthUpd.exe
C:\Program Files\Common Files\aol\uninstaller.exe
C:\Program Files\Common Files\PAC207\Monitor.exe
C:\Program Files\Common Files\PAC207\PXIINST32\Remover.exe
C:\Program Files\Common Files\PAC207\PXIINST64\Remover.exe
C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Audio\Launch.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Flock\uninstall\helper.exe
C:\Program Files\Mozilla Firefox\uninstall\helper.exe
C:\Program Files\Norton Internet Security\isPwdSvc.exe
C:\Program Files\Norton Internet Security\isUAC.exe
C:\Program Files\Norton Internet Security\nisoptui.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShcom.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVStub.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\Navwnt.exe
C:\Program Files\Norton Internet Security\osCheck.exe
C:\Program Files\Red Kawa\Video Converter App\uninstaller.exe
C:\Program Files\Regensoft\Downloader App\uninstaller.exe
C:\Program Files\Spybot - Search & Destroy\blindman.exe
C:\Program Files\Spybot - Search & Destroy\Update.exe
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LUALL.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LUCheck.exe
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
C:\Program Files\Symantec\LiveUpdate\LuConfig.EXE
C:\Program Files\Symantec\LiveUpdate\LUInit.exe
C:\Program Files\Symantec\LiveUpdate\LUUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\NotifyHA.exe
C:\Program Files\Symantec\LiveUpdate\SymantecRootInstaller.exe
C:\Windows\PixArt\PAC207\Monitor.exe
################## [ ! End of Report # FindyKill V4.721 ! ]
Que dois-je faire maintenant, schant que l'antivirus est toujours inaccessible??
Merci d'avance de votre aide!
Depuis quelques jours, je ne peux plus ouvrir l'antivirus, ni certains fichiers. l'ordianteur m'affiche invariablement "... n'est pas une application Win 32 valide". je viens de voir un post, qui détaillait les démarches à faire pour supprimer le virus en cause. J'ai fait le test de Findykill, mais rien n'a changé...
Voilà ce que me dit le rapport :
############################## [ FindyKill V4.721 ]
# User : sandocris (Administrateurs) # PC-DE-SANDOCRIS
# Update on 29/03/09 by Chiquitine29
# Start at: 19:26:49 | 01/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/
# Intel(R) Core(TM)2 CPU 4300 @ 1.80GHz
# Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Disabled
# AV : Norton Internet Security 2007 [ Enabled | (!) Outdated ]
# FW : Norton Internet Security[ Enabled ]2007
# C:\ # Disque fixe local # 290,09 Go (52,52 Go free) [HDD] # NTFS
# D:\ # Disque amovible
# E:\ # Disque amovible
# F:\ # Disque amovible
# G:\ # Disque amovible
# H:\ # Disque CD-ROM
# I:\ # Disque amovible # 485,02 Mo (215,07 Mo free) [SANDRINE] # FAT
############################## [ Active Processes ]
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\pspvideo9\pspVideo9.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\sandocris\AppData\Local\uakgmiy.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
################## [ Infected Files / Folders C:\ ]
Deleted ! - C:\InfoSat.txt
################## [ C:\Windows & C:\Windows\prefetch ]
Deleted ! - C:\Windows\prefetch\KEY_GENERATOR.EXE-DE4D8546.pf
Deleted ! - C:\Windows\prefetch\KEY_GENERATOR.EXE-EDB4FB02.pf
Deleted ! - C:\Windows\prefetch\MPCMDRUN.EXE-F401FBB4.pf
Deleted ! - C:\Windows\prefetch\SERIAL.EXE-9325632C.pf
Deleted ! - C:\Windows\prefetch\SERIAL.EXE-AD868DFC.pf
Deleted ! - C:\Windows\prefetch\SERIAL.EXE-F948F880.pf
################## [ C:\Windows\System32 ]
################## [ C:\Windows\System32\drivers ]
################## [ C:\.. Application Data ... ]
Deleted ! - "C:\Users\sandocris\AppData\Roaming\drivers\wfsintwq.sys"
Deleted ! - "C:\Users\sandocris\AppData\Roaming\drivers\winupgro.exe"
Deleted ! - "C:\Users\sandocris\AppData\Roaming\drivers\downld"
Deleted ! - "C:\Users\sandocris\AppData\Roaming\drivers"
################## [ C:\Users\sandocris\.....\Temp Files... ]
Deleted ! - C:\Users\sandocris\Local Settings\Temporary Internet Files\Content.IE5\174IGR9C\b64_3[1].jpg
Deleted ! - C:\Users\sandocris\Local Settings\Temporary Internet Files\Content.IE5\174IGR9C\b64_6[1].jpg
Deleted ! - C:\Users\sandocris\Local Settings\Temporary Internet Files\Content.IE5\385YIHA4\b64_3[1].jpg
Deleted ! - C:\Users\sandocris\Local Settings\Temporary Internet Files\Content.IE5\FVUE5OQ1\b64_1[1].jpg
Deleted ! - C:\Users\sandocris\Local Settings\Temporary Internet Files\Content.IE5\FVUE5OQ1\b64_2[1].jpg
Deleted ! - C:\Users\sandocris\Local Settings\Temporary Internet Files\Content.IE5\FVUE5OQ1\b64_6[1].jpg
Deleted ! - C:\Users\sandocris\Local Settings\Temporary Internet Files\Content.IE5\TZLRPI74\b64_6[1].jpg
Deleted ! - C:\Users\SANDOC~1\AppData\Local\Temp\GDSSetup.exe
Deleted ! - C:\Users\SANDOC~1\AppData\Local\Temp\setup.exe
Deleted ! - C:\Users\SANDOC~1\AppData\Local\Temp\NERB8E9.tmp\Redist\DirectX\dxsetup.exe
Deleted ! - C:\Users\SANDOC~1\AppData\Local\Temp\NERO14409\Data\Redist\DirectX\dxsetup.exe
Deleted ! - C:\Users\SANDOC~1\AppData\Local\Temp\NERO14775\Data\Redist\DirectX\dxsetup.exe
Deleted ! - C:\Users\SANDOC~1\AppData\Local\Temp\Temp1_Tinysoar DVD to PSP Converter 1.6.2.zip\serial.exe
Deleted ! - C:\Users\SANDOC~1\AppData\Local\Temp\Temp1_Topmpx DVD to iPod PSP Suite 1.08.zip\key_generator.exe
Deleted ! - C:\Users\SANDOC~1\AppData\Local\Temp\ztv46D\dpvsetup.exe
Deleted ! - C:\Users\SANDOC~1\AppData\Local\Temp\ztvCE01\dpvsetup.exe
Deleted ! - C:\Users\SANDOC~1\AppData\Local\Temp\_ir_sf7_temp_0\irsetup.exe
################## [ Registry / Infected keys ]
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\key_generator
Deleted ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\serial
Deleted ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UacDisableNotify Value=0x1.
# -> ( Good=0x0 Bad=0x1 ) Value reset successfully !
################## [ Cleaning Removable drives ]
# Deleting Files :
Deleted ! - I:\autorun.inf
################## [ Registry / Mountpoint2 ]
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41c58331-0927-11de-acda-00038a000015}\Shell\AutoRun\command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f9a98ef-4779-11dd-a1a1-00195bebc57a}\Shell\AutoRun\command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c5ff2e8e-5bb1-11dd-970c-00195bebc57a}\Shell\AutoRun\command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc61c89c-5998-11dd-ab09-00195bebc57a}\Shell\AutoRun\command
################## [ States / Restarting of services ]
# Services : [ Auto=2 / Request=3 / Disable=4 ]
# Ndisuio -> # Type of startup =3
# EapHost -> # Type of startup =2
# Wlansvc -> # Type of startup =2
# SharedAccess -> # Type of startup =2
# wuauserv -> # Type of startup =2
# wscsvc -> # Type of startup =2
# WinDefend -> # Type of startup =2
# -> UAC is Enable.
################## [ Searching Other Infections ]
# Références de comparaison Bagle MD5 :
File ... : C:\Users\sandocris\AppData\Roaming\drivers\winupgro.exe
CRC32 .. : 327c343a
MD5 .... : 1f1739af9fca9862ec27b747d6e6c0dd
Deleted ! : C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
# Taille : 798720 # MD5 : 1F1739AF9FCA9862EC27B747D6E6C0DD
################## [ PEH Corrupted ]
C:\Program Files\Alwil Software\Avast4\ashAvast.exe
C:\Program Files\Alwil Software\Avast4\ashChest.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashLogV.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashPopWz.exe
C:\Program Files\Alwil Software\Avast4\ashQuick.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashSimp2.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\ashSkPcc.exe
C:\Program Files\Alwil Software\Avast4\ashSkPck.exe
C:\Program Files\Alwil Software\Avast4\ashUpd.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\aswRegSvr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\sched.exe
C:\Program Files\Alwil Software\Avast4\VisthLic.exe
C:\Program Files\Alwil Software\Avast4\VisthUpd.exe
C:\Program Files\Common Files\aol\uninstaller.exe
C:\Program Files\Common Files\PAC207\Monitor.exe
C:\Program Files\Common Files\PAC207\PXIINST32\Remover.exe
C:\Program Files\Common Files\PAC207\PXIINST64\Remover.exe
C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Audio\Launch.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Flock\uninstall\helper.exe
C:\Program Files\Mozilla Firefox\uninstall\helper.exe
C:\Program Files\Norton Internet Security\isPwdSvc.exe
C:\Program Files\Norton Internet Security\isUAC.exe
C:\Program Files\Norton Internet Security\nisoptui.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShcom.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVStub.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\Navwnt.exe
C:\Program Files\Norton Internet Security\osCheck.exe
C:\Program Files\Red Kawa\Video Converter App\uninstaller.exe
C:\Program Files\Regensoft\Downloader App\uninstaller.exe
C:\Program Files\Spybot - Search & Destroy\blindman.exe
C:\Program Files\Spybot - Search & Destroy\Update.exe
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LUALL.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LUCheck.exe
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
C:\Program Files\Symantec\LiveUpdate\LuConfig.EXE
C:\Program Files\Symantec\LiveUpdate\LUInit.exe
C:\Program Files\Symantec\LiveUpdate\LUUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\NotifyHA.exe
C:\Program Files\Symantec\LiveUpdate\SymantecRootInstaller.exe
C:\Windows\PixArt\PAC207\Monitor.exe
################## [ ! End of Report # FindyKill V4.721 ! ]
Que dois-je faire maintenant, schant que l'antivirus est toujours inaccessible??
Merci d'avance de votre aide!
A voir également:
- "win 32"
- 32 bits - Guide
- Power iso 32 bit - Télécharger - Gravure
- Win rar - Télécharger - Compression & Décompression
- Télécharger windows 7 32 bits usb - Télécharger - Systèmes d'exploitation
- Clé de produit windows 7 professionnel 32 bits gratuit - Guide
1 réponse
Bonsoir SANDOCRIS
Bagle a shooté tout ca :
C:\Program Files\Alwil Software\Avast4\ashAvast.exe
C:\Program Files\Alwil Software\Avast4\ashChest.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashLogV.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashPopWz.exe
C:\Program Files\Alwil Software\Avast4\ashQuick.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashSimp2.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\ashSkPcc.exe
C:\Program Files\Alwil Software\Avast4\ashSkPck.exe
C:\Program Files\Alwil Software\Avast4\ashUpd.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\aswRegSvr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\sched.exe
C:\Program Files\Alwil Software\Avast4\VisthLic.exe
C:\Program Files\Alwil Software\Avast4\VisthUpd.exe
C:\Program Files\Common Files\aol\uninstaller.exe
C:\Program Files\Common Files\PAC207\Monitor.exe
C:\Program Files\Common Files\PAC207\PXIINST32\Remover.exe
C:\Program Files\Common Files\PAC207\PXIINST64\Remover.exe
C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Audio\Launch.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Flock\uninstall\helper.exe
C:\Program Files\Mozilla Firefox\uninstall\helper.exe
C:\Program Files\Norton Internet Security\isPwdSvc.exe
C:\Program Files\Norton Internet Security\isUAC.exe
C:\Program Files\Norton Internet Security\nisoptui.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShcom.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVStub.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\Navwnt.exe
C:\Program Files\Norton Internet Security\osCheck.exe
C:\Program Files\Red Kawa\Video Converter App\uninstaller.exe
C:\Program Files\Regensoft\Downloader App\uninstaller.exe
C:\Program Files\Spybot - Search & Destroy\blindman.exe
C:\Program Files\Spybot - Search & Destroy\Update.exe
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LUALL.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LUCheck.exe
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
C:\Program Files\Symantec\LiveUpdate\LuConfig.EXE
C:\Program Files\Symantec\LiveUpdate\LUInit.exe
C:\Program Files\Symantec\LiveUpdate\LUUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\NotifyHA.exe
C:\Program Files\Symantec\LiveUpdate\SymantecRootInstaller.exe
C:\Windows\PixArt\PAC207\Monitor.exe
Il te faut donc réinstaller AVAST ainsi que SPYBOT
Avant de le faire lit ceci:
http://forum.telecharger.01net.com/forum/high-tech/SECURITE/Securite/avast-protege-sujet_44722_1.htm
a+
Bagle a shooté tout ca :
C:\Program Files\Alwil Software\Avast4\ashAvast.exe
C:\Program Files\Alwil Software\Avast4\ashChest.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashLogV.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashPopWz.exe
C:\Program Files\Alwil Software\Avast4\ashQuick.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashSimp2.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\ashSkPcc.exe
C:\Program Files\Alwil Software\Avast4\ashSkPck.exe
C:\Program Files\Alwil Software\Avast4\ashUpd.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\aswRegSvr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\sched.exe
C:\Program Files\Alwil Software\Avast4\VisthLic.exe
C:\Program Files\Alwil Software\Avast4\VisthUpd.exe
C:\Program Files\Common Files\aol\uninstaller.exe
C:\Program Files\Common Files\PAC207\Monitor.exe
C:\Program Files\Common Files\PAC207\PXIINST32\Remover.exe
C:\Program Files\Common Files\PAC207\PXIINST64\Remover.exe
C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Audio\Launch.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Flock\uninstall\helper.exe
C:\Program Files\Mozilla Firefox\uninstall\helper.exe
C:\Program Files\Norton Internet Security\isPwdSvc.exe
C:\Program Files\Norton Internet Security\isUAC.exe
C:\Program Files\Norton Internet Security\nisoptui.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShcom.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVStub.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\Navwnt.exe
C:\Program Files\Norton Internet Security\osCheck.exe
C:\Program Files\Red Kawa\Video Converter App\uninstaller.exe
C:\Program Files\Regensoft\Downloader App\uninstaller.exe
C:\Program Files\Spybot - Search & Destroy\blindman.exe
C:\Program Files\Spybot - Search & Destroy\Update.exe
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LUALL.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LUCheck.exe
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
C:\Program Files\Symantec\LiveUpdate\LuConfig.EXE
C:\Program Files\Symantec\LiveUpdate\LUInit.exe
C:\Program Files\Symantec\LiveUpdate\LUUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\NotifyHA.exe
C:\Program Files\Symantec\LiveUpdate\SymantecRootInstaller.exe
C:\Windows\PixArt\PAC207\Monitor.exe
Il te faut donc réinstaller AVAST ainsi que SPYBOT
Avant de le faire lit ceci:
http://forum.telecharger.01net.com/forum/high-tech/SECURITE/Securite/avast-protege-sujet_44722_1.htm
a+
