Avast n'est plus une application Win32 Valide

Question

Bonjour,
J'utilise actuellement un ordinateur doté de Windows XP relié par ethernet. 
Suite au dézippage d'un fichier contenant ce que je suppose être un virus, Avast à été désactivé de mon ordinateur. lorsque je double-clique sur l'icône Avast sur mon bureau (qui prouve que logiquement, Avast est toujours installé ), un message d'erreur s'affiche. Avast"n'est pas une application win32 valide."
Avast ne se trouve plus dans la Barre des tâches, mais dans ajouts et suppressions de programme, il est détecté. 
J'ai essayé de désinstaller puis réinstaller Avast, rien ne se passe, même après 20 minutes d'attente.
Que faire ? 
Merci pour votre aide. 
Adeline

CréaMen · Answer

Oula !
Ca m'était arriver, mais je suis passer à AntiVir...
Mais je vais essayer de t'aider. Essaye de rentrer dans C:/Programes Files/ , et cherche ou se trouve le dossier  Avast! rentre dedans, et cherche Avast.exe ou le fichier executable qui te ferrais entrer dedans. Si sa marche pas, je n'ai qu'un conseille à te donner passe à Antivir ! Il est l'antivirus qui detecte le plus de Virus.
---
PS.: Le dossier avast peut se trouver dans autre dossier comme ALWIL.
---
@+
CréaMen

Utilisateur anonyme · Answer

Bonjour houna93

Télécharge FindyKill ( de El Desaparecido) sur ton bureau  et installe le : 
 
http://findykill.changelog.fr/Setup.exe 
ou 
http://pagesperso-orange.fr/NosTools/Chiquitine29/Setup.exe 

! Déconnecte toi et ferme toutes applications en cours ! 

 
* Double clique sur "FindyKill.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut. 
 
 * Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)
 
* Double-clique sur le raccourci FindyKill qui est sur ton bureau pour lancer l’outil.
* Au menu principal choisis l'option " F " pour français et tape sur [entrée] . 
 
* Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée] 
 
Laisse travailler l'outil et ne touche à rien ... 
 
--> Poste le rapport qui apparaît à la fin , sur le forum ...
 
( le rapport est sauvegardé aussi sous C:\FindyKill.txt ) 
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller ) 
 
 Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. 
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. 
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus. 

@+

houna93 · Answer

> Créamen : Même résultat, ceci n'est pas une application win32 valide 

>Guillaume :    Voici le rapport obtenu :

############################## | FindyKill V5.037 |

# User : Schatz (Administrateurs) # HOUNA
# Update on 18/02/2010 by El Desaparecido
# Start at: 15:28:47 | 26/02/2010
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com

# AMD Athlon(tm) XP 2800+
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1296 [VPS 100226-0] 4.8.1296 [ Enabled | Updated ]

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 17,49 Go (1,95 Go free) # NTFS
# D:\ # Disque fixe local # 94,29 Go (32,51 Go free) # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque CD-ROM
# G:\ # Disque amovible
# I:\ # Disque CD-ROM

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft Hardware\Keyboard	ype32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\vsnp2uvc.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Documents and Settings\Schatz\Application Data\drivers\winupgro.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\wintems.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
 
############################## | Processus infectieux stoppés  | 

"C:\Documents and Settings\Schatz\Application Data\drivers\winupgro.exe"  (1992)
"C:\WINDOWS\wintems.exe"  (4056)

################## | C: |


################## | C:\WINDOWS |

C:\WINDOWS\ban_list.txt  
C:\WINDOWS\mdelk.exe  
C:\WINDOWS\wintems.exe  

################## | C:\WINDOWS\Prefetch |

C:\WINDOWS\Prefetch\103109.EXE-2E311A48.pf  
C:\WINDOWS\Prefetch\115421.EXE-3062BBD8.pf  
C:\WINDOWS\Prefetch\122578.EXE-309C25C4.pf  
C:\WINDOWS\Prefetch\135437.EXE-043B2BFA.pf  
C:\WINDOWS\Prefetch\171812.EXE-277FC73A.pf  
C:\WINDOWS\Prefetch\191125.EXE-0803FD4E.pf  
C:\WINDOWS\Prefetch\478875.EXE-086B5AC8.pf  
C:\WINDOWS\Prefetch\499765.EXE-1D9866D6.pf  
C:\WINDOWS\Prefetch\KEY_GENERATOR.EXE-0EFFFCDB.pf  
C:\WINDOWS\Prefetch\MDELK.EXE-087EF2B4.pf  
C:\WINDOWS\Prefetch\WINTEMS.EXE-127B61D4.pf  

################## | C:\WINDOWS\system32 |

C:\WINDOWS\system32\srosa2.sys  
C:\WINDOWS\system32\wfsintwq.sys  

################## | C:\WINDOWS\system32\drivers |


################## | C:\Documents and Settings\Schatz\Application Data |

C:\Documents and Settings\Schatz\Application Data\drivers  
C:\Documents and Settings\Schatz\Application Data\drivers\downld  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\476921.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\477703.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\478031.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\478875.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\498609.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\499031.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\499765.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\509921.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\510140.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\510343.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\510500.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\510671.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\510859.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\511046.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\511687.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\512328.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\512609.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\512906.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\514171.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\515718.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\516359.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\516968.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\517250.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\517437.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\517671.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\517906.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\518828.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\519781.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\519968.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\520171.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\520328.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\520515.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\521078.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\521500.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\521687.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\521875.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\522078.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\522296.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\522953.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\523343.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\523531.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\523750.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\524171.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\524593.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\525203.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\525812.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\526234.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\526593.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\526765.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\526953.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\527312.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\527703.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\529062.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\530031.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\530218.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\530437.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\530921.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\531187.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\531343.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\531500.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\532718.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\532968.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\533328.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\534031.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\534390.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\534765.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\535140.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\535468.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\539187.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\540812.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\541046.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\541281.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\541531.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\541765.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\542000.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\542156.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\542328.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\542500.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\542750.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\542953.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\543328.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\543625.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\543984.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\544375.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\565796.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\587171.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\587781.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\588406.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\589312.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\589984.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\590343.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\590562.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\590875.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\591250.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\591656.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\591984.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\592375.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\592781.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\593734.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\594687.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\594859.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\595031.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\595265.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\595515.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\596609.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\597781.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\607343.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\608015.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\608312.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\608593.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\612000.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\612453.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\612875.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\613265.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\613765.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\614234.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\615250.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\615921.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\616312.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\616703.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\616890.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\617062.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\618640.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\620203.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\620906.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\653140.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\653875.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\654390.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\654578.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\654734.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\654937.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\655156.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\655390.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\655625.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\655765.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\655937.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\656093.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\656281.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\657765.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\659218.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\659687.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\660171.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\660406.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\660640.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\661078.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\662281.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\662531.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\662781.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\663703.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\664406.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\664859.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\665218.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\667281.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\670203.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\670625.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\671031.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\671171.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\671343.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\671796.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\672281.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\672421.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\672593.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\675859.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\676296.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\676578.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\676937.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\677125.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\677343.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\downld\677546.exe  
C:\Documents and Settings\Schatz\Application Data\drivers\winupgro.exe  

################## | Temporary Internet Files |


################## | Registre |

[HKLM\SYSTEM\CurrentControlSet\Services\sK9Ou0s]  
[HKLM\SYSTEM\ControlSet001\Services\sK9Ou0s]  
[HKLM\SYSTEM\ControlSet003\Services\sK9Ou0s]  
[HKLM\SYSTEM\CurrentControlSet\Services\srosa]  
[HKLM\SYSTEM\ControlSet001\Services\srosa]  
[HKLM\SYSTEM\ControlSet003\Services\srosa]  
[HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S]  
[HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S]  
[HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S]  
[HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA]  
[HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA]  
[HKCU\Software\bisoft]  
[HKCU\Software\DateTime4]  
[HKCU\Software\WS4001]  
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"  
[HKU\S-1-5-21-842925246-308236825-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"  
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "german.exe"  
[HKU\S-1-5-21-842925246-308236825-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run] "german.exe"  
[HKU\S-1-5-21-842925246-308236825-839522115-1003\Software\bisoft]  
[HKU\S-1-5-21-842925246-308236825-839522115-1003\Software\DateTime4]  
[HKCU\Software\Local AppWizard-Generated Applications\key_generator]  
[HKCU\Software\Local AppWizard-Generated Applications\winupgro]  
[HKU\S-1-5-21-842925246-308236825-839522115-1003\Software\Local AppWizard-Generated Applications\key_generator]  
[HKU\S-1-5-21-842925246-308236825-839522115-1003\Software\Local AppWizard-Generated Applications\winupgro]  

################## | Etat |

# Affichage des fichiers cachés : OK
 
Clé manquante : HKLM\...\SafeBoot | Mode sans echec non fonctionnel !  
 
# (!) Ndisuio -> Start = 4 ( Good = 3 | Bad = 4 )  
# (!) Ip6Fw -> Start = 4 ( Good = 2 | Bad = 4 )  
# (!) SharedAccess -> Start = 4 ( Good = 2 | Bad = 4 )  
# (!) wuauserv -> Start = 4 ( Good = 2 | Bad = 4 )  
# (!) wscsvc -> Start = 4 ( Good = 2 | Bad = 4 )  

################## | ! Fin du rapport # FindyKill V5.037 ! |

houna93 · Answer

L'ordinateur vient de terminer l'analyse ( le premier, 2-Suppression ) comme je n'avais pas de barre des tâche, j'ai fait ce que vous m'avez dit ctrl supp', fichier, explorer.exe  , seulement rien ne se passe, je n'ai rien sur mon bureau, à part l'analyse. ?

houna93 · Answer

non, j'ai un PC portable à côté, connecté en wifi

houna93 · Answer

voici le premier rapport : 

############################## | FindyKill V5.037 |

# User : Schatz (Administrateurs) # HOUNA
# Update on 18/02/2010 by El Desaparecido
# Start at: 16:19:11 | 26/02/2010
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com

# AMD Athlon(tm) XP 2800+
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1296 [VPS 100226-0] 4.8.1296 [ Enabled | Updated ]

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 17,49 Go (1,95 Go free) # NTFS
# D:\ # Disque fixe local # 94,29 Go (32,47 Go free) # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque CD-ROM
# G:\ # Disque amovible
# I:\ # Disque CD-ROM

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | C: |


################## | C:\WINDOWS |

Supprimé ! C:\WINDOWS\ban_list.txt 
Supprimé ! C:\WINDOWS\mdelk.exe 
Supprimé ! C:\WINDOWS\wintems.exe 

################## | C:\WINDOWS\Prefetch |

Supprimé ! C:\WINDOWS\prefetch\103109.EXE-2E311A48.pf 
Supprimé ! C:\WINDOWS\prefetch\115421.EXE-3062BBD8.pf 
Supprimé ! C:\WINDOWS\prefetch\122578.EXE-309C25C4.pf 
Supprimé ! C:\WINDOWS\prefetch\135437.EXE-043B2BFA.pf 
Supprimé ! C:\WINDOWS\prefetch\171812.EXE-277FC73A.pf 
Supprimé ! C:\WINDOWS\prefetch\191125.EXE-0803FD4E.pf 
Supprimé ! C:\WINDOWS\prefetch\478875.EXE-086B5AC8.pf 
Supprimé ! C:\WINDOWS\prefetch\499765.EXE-1D9866D6.pf 
Supprimé ! C:\WINDOWS\prefetch\KEY_GENERATOR.EXE-0EFFFCDB.pf 
Supprimé ! C:\WINDOWS\prefetch\MDELK.EXE-087EF2B4.pf 
Supprimé ! C:\WINDOWS\prefetch\WINTEMS.EXE-127B61D4.pf 
Supprimé ! C:\WINDOWS\prefetch\WINUPGRO.EXE-2D513C93.pf 

################## | C:\WINDOWS\system32 |

Supprimé ! C:\WINDOWS\system32\srosa2.sys 
Supprimé ! C:\WINDOWS\system32\wfsintwq.sys 

################## | C:\WINDOWS\system32\drivers |


################## | C:\Documents and Settings\Schatz\Application Data |

Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\476921.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\477703.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\478031.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\478875.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\498609.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\499031.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\499765.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\509921.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\510140.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\510343.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\510500.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\510671.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\510859.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\511046.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\511687.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\512328.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\512609.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\512906.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\514171.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\515718.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\516359.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\516968.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\517250.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\517437.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\517671.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\517906.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\518828.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\519781.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\519968.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\520171.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\520328.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\520515.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\521078.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\521500.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\521687.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\521875.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\522078.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\522296.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\522953.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\523343.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\523531.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\523750.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\524171.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\524593.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\525203.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\525812.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\526234.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\526593.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\526765.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\526953.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\527312.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\527703.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\529062.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\530031.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\530218.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\530437.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\530921.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\531187.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\531343.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\531500.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\532718.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\532968.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\533328.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\534031.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\534390.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\534765.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\535140.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\535468.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\539187.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\540812.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\541046.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\541281.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\541531.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\541765.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\542000.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\542156.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\542328.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\542500.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\542750.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\542953.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\543328.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\543625.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\543984.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\544375.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\565796.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\587171.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\587781.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\588406.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\589312.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\589984.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\590343.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\590562.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\590875.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\591250.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\591656.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\591984.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\592375.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\592781.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\593734.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\594687.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\594859.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\595031.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\595265.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\595515.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\596609.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\597781.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\607343.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\608015.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\608312.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\608593.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\612000.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\612453.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\612875.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\613265.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\613765.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\614234.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\615250.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\615921.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\616312.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\616703.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\616890.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\617062.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\618640.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\620203.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\620906.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\653140.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\653875.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\654390.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\654578.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\654734.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\654937.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\655156.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\655390.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\655625.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\655765.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\655937.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\656093.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\656281.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\657765.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\659218.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\659687.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\660171.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\660406.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\660640.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\661078.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\662281.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\662531.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\662781.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\663703.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\664406.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\664859.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\665218.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\667281.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\670203.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\670625.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\671031.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\671171.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\671343.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\671796.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\672281.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\672421.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\672593.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\675859.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\676296.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\676578.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\676937.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\677125.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\677343.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld\677546.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\downld 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers\winupgro.exe 
Supprimé ! C:\Documents and Settings\Schatz\Application Data\drivers 

################## | Références de comparaison Bagle MD5 : |

File : C:\Documents and Settings\Schatz\Application Data\drivers\winupgro.exe 
-> Crc32 : 0f7dd4ec | Md5 : 341b1a905e2837c68c22894830819ad2  
 

################## | MD5 ... |

Supprimé ! "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" 
-> Size : 868864 | Crc32 : 0f7dd4ec | Md5 : 341b1a905e2837c68c22894830819ad2 

Supprimé ! "C:\System Volume Information\_restore{3195272F-68AD-40C9-96C2-AAE3427112E1}\RP584\A0058509.exe" 
-> Size : 868864 | Crc32 : 0f7dd4ec | Md5 : 341b1a905e2837c68c22894830819ad2 

Supprimé ! "D:\System Volume Information\_restore{3195272F-68AD-40C9-96C2-AAE3427112E1}\RP580\A0057138.exe" 
-> Size : 868864 | Crc32 : 0f7dd4ec | Md5 : 341b1a905e2837c68c22894830819ad2 


################## | CRC32 ... |

################## | Temporary Internet Files |

Supprimé ! C:\DOCUME~1\Schatz\LOCALS~1\Temp\AutoRun.exe  

################## | Registre | 

Supprimé ! [HKLM\SYSTEM\ControlSet003\Services\sK9Ou0s]  
Supprimé ! [HKLM\SYSTEM\ControlSet003\Services\srosa]  
Supprimé ! [HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S]  
Supprimé ! [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA]  
Supprimé ! [HKCU\Software\bisoft]  
Supprimé ! [HKCU\Software\DateTime4]  
Supprimé ! [HKCU\Software\WS4001]  
Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"  
Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "german.exe"  
Supprimé ! [HKCU\Software\Local AppWizard-Generated Applications\key_generator]  
Supprimé ! [HKCU\Software\Local AppWizard-Generated Applications\winupgro]  

################## | Etat |

# Mode sans echec restauré ! 

# Affichage des fichiers cachés : OK

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 ) 
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 ) 
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 ) 
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 ) 
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 ) 

################## | Fichiers corrompus # Réinstallation requise  |

Corrompu : C:\Program Files\Samsung\Samsung PC Studio 3\LiveUpdate.exe
[Offset = 00000124 - Valeur = 0x0001]

Corrompu : C:\Program Files\Samsung\Samsung PC Studio 3\Update\LiveUpdate.exe
[Offset = 0000010C - Valeur = 0x0001]

Corrompu : D:\Program Files\Alwil Software\Avast4\ashAvast.exe
[Offset = 0000011C - Valeur = 0x0001]

Corrompu : D:\Program Files\Alwil Software\Avast4\ashChest.exe
[Offset = 0000010C - Valeur = 0x0001]

Corrompu : D:\Program Files\Alwil Software\Avast4\ashDisp.exe
[Offset = 00000124 - Valeur = 0x0001]

Corrompu : D:\Program Files\Alwil Software\Avast4\ashLogV.exe
[Offset = 0000010C - Valeur = 0x0001]

Corrompu : D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
[Offset = 0000010C - Valeur = 0x0001]

Corrompu : D:\Program Files\Alwil Software\Avast4\ashPopWz.exe
[Offset = 0000011C - Valeur = 0x0001]

Corrompu : D:\Program Files\Alwil Software\Avast4\ashQuick.exe
[Offset = 0000011C - Valeur = 0x0001]

Corrompu : D:\Program Files\Alwil Software\Avast4\ashServ.exe
[Offset = 00000124 - Valeur = 0x0001]

Corrompu : D:\Program Files\Alwil Software\Avast4\ashSimp2.exe
[Offset = 0000011C - Valeur = 0x0001]

Corrompu : D:\Program Files\Alwil Software\Avast4\ashSimpl.exe
[Offset = 0000011C - Valeur = 0x0001]

Corrompu : D:\Program Files\Alwil Software\Avast4\ashSkPcc.exe
[Offset = 00000104 - Valeur = 0x0001]

Corrompu : D:\Program Files\Alwil Software\Avast4\ashSkPck.exe
[Offset = 00000114 - Valeur = 0x0001]

Corrompu : D:\Program Files\Alwil Software\Avast4\ashUpd.exe
[Offset = 00000104 - Valeur = 0x0001]

Corrompu : D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
[Offset = 00000114 - Valeur = 0x0001]

Corrompu : D:\Program Files\Alwil Software\Avast4\aswRegSvr.exe
[Offset = 000000D4 - Valeur = 0x0001]

Corrompu : D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[Offset = 00000114 - Valeur = 0x0001]

Corrompu : D:\Program Files\Alwil Software\Avast4\copyx64.exe
[Offset = 000000CC - Valeur = 0x0001]

Corrompu : D:\Program Files\Alwil Software\Avast4\sched.exe
[Offset = 000000FC - Valeur = 0x0001]

Corrompu : D:\Program Files\Alwil Software\Avast4\VisthLic.exe
[Offset = 0000010C - Valeur = 0x0001]

Corrompu : D:\Program Files\Alwil Software\Avast4\VisthUpd.exe
[Offset = 000000F4 - Valeur = 0x0001]


################## | Upload |

Veuillez envoyer le fichier : C:\FindyKill_Upload_Me_HOUNA.zip : https://www.ionos.fr/?affiliate_id=77097 
Merci pour votre contribution . 

################## | ! Fin du rapport # FindyKill V5.037 ! |

houna93 · Answer

voici le rapport de log.txt  : 

Logfile of random's system information tool 1.06 (written by random/random)
Run by Schatz at 2010-02-26 16:57:45
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 2 GB (12%) free of 18 GB
Total RAM: 511 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:57:48, on 26/02/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft Hardware\Keyboard	ype32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\vsnp2uvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Documents and Settings\Schatz\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Schatz.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard	ype32.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Audio Web Cam 31
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar	oolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mappy.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FC6ACDB-C9DA-4C9B-B1C3-90B8FDF08EFC}: NameServer = 192.168.1.1
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TomTomHOMEService - TomTom - D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

houna93 · Answer

info.txt : 

User: 

Computer Name: HOUNA
Event Code: 1003
Message: Échec de l'installation.  code = 0x800704c7, erreur = L'opération a été annulée par l'utilisateur.


Record Number: 12352
Source Name: WgaSetup
Time Written: 20090825154601.000000+120
Event Type: Informations
User: 

Computer Name: HOUNA
Event Code: 1005
Message: L'utilisateur a refusé le CLUF.

Record Number: 12351
Source Name: WgaSetup
Time Written: 20090825154601.000000+120
Event Type: Informations
User: 

Computer Name: HOUNA
Event Code: 0
Message: 
Record Number: 12350
Source Name: iPod Service
Time Written: 20090825142323.000000+120
Event Type: Informations
User: 

Computer Name: HOUNA
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 12349
Source Name: SecurityCenter
Time Written: 20090825142312.000000+120
Event Type: Informations
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

houna93 · Answer

le premier second ou dernier rapport ?

houna93 · Answer

je vous l'envoi dès que l'analyse malwarebytes est terminé :S

houna93 · Answer

Apparemment, l'analyse va durer un bout de temps (au bout de 2o minutes, il n'en est qu'au premier lecteur...)
SI celà ne vous dérange pas et que vous avez le temps, pourriez vous m'expliquer ce que ces analyses signifient ?

houna93 · Answer

où s'enregistre le fichier  "info.txt"  ?ou faut-il que je relance Hijack ? 
je vous envoi le résultat de malwarebytes dans le prochain post

houna93 · Answer

Malwarebytes : 

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3510
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

26/02/2010 18:39:27
mbam-log-2010-02-26 (18-39-27).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 187973
Temps écoulé: 1 hour(s), 11 minute(s), 24 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\PI.EXE (Trojan.Agent) -> Quarantined and deleted successfully.

Avast n'est plus une application Win32 Valide

13 réponses

Votre réponse

Discussions similaires

Newsletters