Avast et SVCHOST.exe (ras le bol)

Podh -
ad1234 - 16 janv. 2010 à 20:57

Bonjour,
Je suis en galère avec avast qui ne cesse de m'indiquer une infection redondante de SVCHOST.exe
Le message apparait toutes les 10 mn et cela evient plus que barbant.
Le souci est qu'aucune des manipulations faites ne semblent régler le PB.
Le virus va se cacher dans un dossier différent à chaque fois (c:\windows\temp\(XXXX).tmp\svchost.exe);
Comment puis-je résoudre ce problème afin que cela cesse.
Merci d'avance pour vos réponses et Bloavezh Mat.

Pod

Afficher la suite

A voir également:

Avast et SVCHOST.exe (ras le bol)
Svchost.exe - Guide
Désinstaller avast - Télécharger - Antivirus & Antimalwares
Avast gratuit - Télécharger - Antivirus & Antimalwares
Sfr bol 3 - Forum Consommation & Internet
Escroquerie chez SFR ✓ - Forum SFR

1 réponse

Réponse 1 / 1

jlpjlp Messages postés 52389 Statut Contributeur sécurité 5 040

slt,

scan avec malwarebyte , fais un scan rapide et colle le rapport obtenu et vire ce qui est trouvé:

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

puis

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit

fcfcfc

Bonjour, j'ai le même souci que podh !
J'ai suivi avec minutie tes conseil et à la fin je bug un peu.
Qu'entends-tu par
"Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches)."
merci.

François.

Phil > fcfcfc

Bonjour,

J'ai eu le même problème il y a 3 jours.
Configuration de mon PC: AVAST, XP pro, IE
Bidouillant un peu mais n'étant pas un amateur eclairé en informatique, j'ai consulté différents forums (y compris en anglais) concernant ce win 32 malware-gen (détection AVAST) qui me créait des fichiers svchost. exe infecté toutes les 10 minutes dans windows\temp.
La plupart des forums préconise COMBO FIX (logiciel puissant, pouvant créer quelques problèmes si il est mal utilisé).
Après avoir utilisé Spybot, malewarebytes etc... sans aucun résultat, je suis tombé sur un site en anglais spécifiant que mon virus etait un trojan type TDSS. J'ai téléchargé TDSSKILLER preconisé par ce site sur mon bureau et je l'ai lancé.
téléchargement et manipulation très simple.
Il a détecté une infection virale. J'ai appuyé sur le "y" pour yes.
j'ai nettoyé mon PC avec No trace, CCcleaner, Spybot, malewarebytes et fait un scan complet anti virus.
Depuis 2 jours plus rien, windows temp n'est plus infecte par des fichiers svchost, google a retrouvé sa précision.
le problème semble à priori résolu.

Si quequ'un pouvait me le confirmer ou comment je peux le faire : Merci

site KAPERSKY pour télécharger TDSSKILLER
https://support.kaspersky.com/5350

Pour les spécialiste ci dessous le rapport de TDSSkiller sur l'infection

TDSS rootkit removing tool 2.2.2 Jan 13 2010 08:42:25
16:57:28:750 3048 ================================================================================
16:57:28:750 3048 SystemInfo:

16:57:28:750 3048 OS Version: 5.1.2600 ServicePack: 3.0
16:57:28:750 3048 Product type: Workstation
16:57:28:750 3048 ComputerName: YOUR-D02C3E5880
16:57:28:750 3048 UserName: Philippe
16:57:28:750 3048 Windows directory: C:\WINDOWS
16:57:28:750 3048 Processor architecture: Intel x86
16:57:28:750 3048 Number of processors: 2
16:57:28:750 3048 Page size: 0x1000
16:57:28:750 3048 Boot type: Normal boot
16:57:28:750 3048 ================================================================================
16:57:28:750 3048 UnloadDriverW: NtUnloadDriver error 2
16:57:28:750 3048 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
16:57:28:750 3048 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
16:57:28:765 3048 UtilityInit: KLMD drop and load success
16:57:28:765 3048 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201000)
16:57:28:765 3048 UtilityInit: KLMD open success
16:57:28:765 3048 UtilityInit: Initialize success
16:57:28:765 3048
16:57:28:765 3048 Scanning Services ...
16:57:28:765 3048 CreateRegParser: Registry parser init started
16:57:28:765 3048 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127
16:57:28:765 3048 CreateRegParser: DisableWow64Redirection error
16:57:28:765 3048 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
16:57:28:765 3048 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043
16:57:28:765 3048 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
16:57:28:765 3048 wfopen_ex: Trying to KLMD file open
16:57:28:765 3048 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system
16:57:28:765 3048 wfopen_ex: File opened ok (Flags 2)
16:57:28:765 3048 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: 274B28
16:57:28:765 3048 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
16:57:28:765 3048 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043
16:57:28:765 3048 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
16:57:28:765 3048 wfopen_ex: Trying to KLMD file open
16:57:28:765 3048 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software
16:57:28:765 3048 wfopen_ex: File opened ok (Flags 2)
16:57:28:765 3048 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: 274B90
16:57:28:765 3048 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127
16:57:28:765 3048 CreateRegParser: EnableWow64Redirection error
16:57:28:765 3048 CreateRegParser: RegParser init completed
16:57:29:062 3048 GetAdvancedServicesInfo: Raw services enum returned 400 services
16:57:29:078 3048 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
16:57:29:078 3048 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
16:57:29:078 3048
16:57:29:078 3048 Scanning Kernel memory ...
16:57:29:078 3048 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
16:57:29:078 3048 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 8A5E4898
16:57:29:078 3048 DetectCureTDL3: KLMD_GetDeviceObjectList returned 2 DevObjects
16:57:29:078 3048
16:57:29:078 3048 DetectCureTDL3: DEVICE_OBJECT: 8A58AC68
16:57:29:078 3048 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A58AC68
16:57:29:078 3048 KLMD_ReadMem: Trying to ReadMemory 0x8A58AC68[0x38]
16:57:29:078 3048 DetectCureTDL3: DRIVER_OBJECT: 8A5E4898
16:57:29:078 3048 KLMD_ReadMem: Trying to ReadMemory 0x8A5E4898[0xA8]
16:57:29:078 3048 KLMD_ReadMem: Trying to ReadMemory 0xE169A138[0x18]
16:57:29:078 3048 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
16:57:29:078 3048 DetectCureTDL3: IrpHandler (0) addr: BA10EBB0
16:57:29:078 3048 DetectCureTDL3: IrpHandler (1) addr: 804F4562
16:57:29:078 3048 DetectCureTDL3: IrpHandler (2) addr: BA10EBB0
16:57:29:078 3048 DetectCureTDL3: IrpHandler (3) addr: BA108D1F
16:57:29:078 3048 DetectCureTDL3: IrpHandler (4) addr: BA108D1F
16:57:29:078 3048 DetectCureTDL3: IrpHandler (5) addr: 804F4562
16:57:29:078 3048 DetectCureTDL3: IrpHandler (6) addr: 804F4562
16:57:29:078 3048 DetectCureTDL3: IrpHandler (7) addr: 804F4562
16:57:29:078 3048 DetectCureTDL3: IrpHandler (8) addr: 804F4562
16:57:29:078 3048 DetectCureTDL3: IrpHandler (9) addr: BA1092E2
16:57:29:078 3048 DetectCureTDL3: IrpHandler (10) addr: 804F4562
16:57:29:078 3048 DetectCureTDL3: IrpHandler (11) addr: 804F4562
16:57:29:078 3048 DetectCureTDL3: IrpHandler (12) addr: 804F4562
16:57:29:078 3048 DetectCureTDL3: IrpHandler (13) addr: 804F4562
16:57:29:078 3048 DetectCureTDL3: IrpHandler (14) addr: BA1093BB
16:57:29:078 3048 DetectCureTDL3: IrpHandler (15) addr: BA10CF28
16:57:29:078 3048 DetectCureTDL3: IrpHandler (16) addr: BA1092E2
16:57:29:078 3048 DetectCureTDL3: IrpHandler (17) addr: 804F4562
16:57:29:078 3048 DetectCureTDL3: IrpHandler (18) addr: 804F4562
16:57:29:078 3048 DetectCureTDL3: IrpHandler (19) addr: 804F4562
16:57:29:078 3048 DetectCureTDL3: IrpHandler (20) addr: 804F4562
16:57:29:078 3048 DetectCureTDL3: IrpHandler (21) addr: 804F4562
16:57:29:078 3048 DetectCureTDL3: IrpHandler (22) addr: BA10AC82
16:57:29:078 3048 DetectCureTDL3: IrpHandler (23) addr: BA10F99E
16:57:29:078 3048 DetectCureTDL3: IrpHandler (24) addr: 804F4562
16:57:29:078 3048 DetectCureTDL3: IrpHandler (25) addr: 804F4562
16:57:29:078 3048 DetectCureTDL3: IrpHandler (26) addr: 804F4562
16:57:29:078 3048 TDL3_FileDetect: Processing driver: Disk
16:57:29:078 3048 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
16:57:29:078 3048 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
16:57:29:078 3048 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
16:57:29:078 3048
16:57:29:078 3048 DetectCureTDL3: DEVICE_OBJECT: 8A520AB8
16:57:29:078 3048 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A520AB8
16:57:29:078 3048 DetectCureTDL3: DEVICE_OBJECT: 8A570030
16:57:29:078 3048 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A570030
16:57:29:078 3048 DetectCureTDL3: DEVICE_OBJECT: 8A58C548
16:57:29:078 3048 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A58C548
16:57:29:078 3048 DetectCureTDL3: DEVICE_OBJECT: 8A53E030
16:57:29:078 3048 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A53E030
16:57:29:078 3048 KLMD_ReadMem: Trying to ReadMemory 0x8A53E030[0x38]
16:57:29:078 3048 DetectCureTDL3: DRIVER_OBJECT: 89724798
16:57:29:078 3048 KLMD_ReadMem: Trying to ReadMemory 0x89724798[0xA8]
16:57:29:078 3048 KLMD_ReadMem: Trying to ReadMemory 0x8A540030[0x38]
16:57:29:078 3048 KLMD_ReadMem: Trying to ReadMemory 0x8A572428[0xA8]
16:57:29:078 3048 KLMD_ReadMem: Trying to ReadMemory 0xE1003660[0x1C]
16:57:29:078 3048 DetectCureTDL3: DRIVER_OBJECT name: \Driver\iaStor, Driver Name: iaStor
16:57:29:078 3048 DetectCureTDL3: IrpHandler (0) addr: 8A47B841
16:57:29:078 3048 DetectCureTDL3: IrpHandler (1) addr: 8A47B841
16:57:29:078 3048 DetectCureTDL3: IrpHandler (2) addr: 8A47B841
16:57:29:078 3048 DetectCureTDL3: IrpHandler (3) addr: 8A47B841
16:57:29:078 3048 DetectCureTDL3: IrpHandler (4) addr: 8A47B841
16:57:29:078 3048 DetectCureTDL3: IrpHandler (5) addr: 8A47B841
16:57:29:078 3048 DetectCureTDL3: IrpHandler (6) addr: 8A47B841
16:57:29:078 3048 DetectCureTDL3: IrpHandler (7) addr: 8A47B841
16:57:29:078 3048 DetectCureTDL3: IrpHandler (8) addr: 8A47B841
16:57:29:078 3048 DetectCureTDL3: IrpHandler (9) addr: 8A47B841
16:57:29:078 3048 DetectCureTDL3: IrpHandler (10) addr: 8A47B841
16:57:29:078 3048 DetectCureTDL3: IrpHandler (11) addr: 8A47B841
16:57:29:078 3048 DetectCureTDL3: IrpHandler (12) addr: 8A47B841
16:57:29:078 3048 DetectCureTDL3: IrpHandler (13) addr: 8A47B841
16:57:29:078 3048 DetectCureTDL3: IrpHandler (14) addr: 8A47B841
16:57:29:078 3048 DetectCureTDL3: IrpHandler (15) addr: 8A47B841
16:57:29:078 3048 DetectCureTDL3: IrpHandler (16) addr: 8A47B841
16:57:29:078 3048 DetectCureTDL3: IrpHandler (17) addr: 8A47B841
16:57:29:078 3048 DetectCureTDL3: IrpHandler (18) addr: 8A47B841
16:57:29:078 3048 DetectCureTDL3: IrpHandler (19) addr: 8A47B841
16:57:29:078 3048 DetectCureTDL3: IrpHandler (20) addr: 8A47B841
16:57:29:078 3048 DetectCureTDL3: IrpHandler (21) addr: 8A47B841
16:57:29:078 3048 DetectCureTDL3: IrpHandler (22) addr: 8A47B841
16:57:29:078 3048 DetectCureTDL3: IrpHandler (23) addr: 8A47B841
16:57:29:078 3048 DetectCureTDL3: IrpHandler (24) addr: 8A47B841
16:57:29:078 3048 DetectCureTDL3: IrpHandler (25) addr: 8A47B841
16:57:29:078 3048 DetectCureTDL3: IrpHandler (26) addr: 8A47B841
16:57:29:078 3048 DetectCureTDL3: All IRP handlers pointed to one addr: 8A47B841
16:57:29:078 3048 KLMD_ReadMem: Trying to ReadMemory 0x8A47B841[0x400]
16:57:29:078 3048 TDL3_IrpHookDetect: CheckParameters: 4, FFDF0308, 333, 121, 3, 109
16:57:29:078 3048 Driver "iaStor" Irp handler infected by TDSS rootkit ... 16:57:29:078 3048 KLMD_WriteMem: Trying to WriteMemory 0x8A47B8BA[0xD]
16:57:29:078 3048 cured
16:57:29:078 3048 KLMD_ReadMem: Trying to ReadMemory 0x8A47B6EC[0x400]
16:57:29:078 3048 TDL3_StartIoHookDetect: CheckParameters: 9, FFDF0308, 1
16:57:29:078 3048 Driver "iaStor" StartIo handler infected by TDSS rootkit ... 16:57:29:078 3048 TDL3_StartIoHookCure: Number of patches 1
16:57:29:078 3048 KLMD_WriteMem: Trying to WriteMemory 0x8A47B7F5[0x6]
16:57:29:078 3048 cured
16:57:29:078 3048 TDL3_FileDetect: Processing driver: iaStor
16:57:29:078 3048 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\iaStor.sys
16:57:29:078 3048 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\iaStor.sys
16:57:29:093 3048 TDL3_FileDetect: C:\WINDOWS\system32\drivers\iaStor.sys - Verdict: Infected
16:57:29:093 3048 File C:\WINDOWS\system32\drivers\iaStor.sys infected by TDSS rootkit ... 16:57:29:093 3048 TDL3_FileCure: Processing driver file: C:\WINDOWS\system32\drivers\iaStor.sys
16:57:29:093 3048 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3
16:57:29:109 3048 CABFileCallback: Processing cab-file: C:\WINDOWS\Driver Cache\i386\driver.cab
16:57:29:171 3048 CABFileCallback: Processing cab-file: C:\WINDOWS\Driver Cache\i386\sp3.cab
16:57:29:203 3048 FileCallback: Backup candidate found: C:\WINDOWS\OemDir\iaStor.sys:312344, checking..
16:57:29:218 3048 ValidateDriverFile: Stage 1 passed
16:57:29:234 3048 ValidateDriverFile: Stage 2 passed
16:57:29:718 3048 DigitalSignVerifyByHandle: Embedded DS result: 00000000
16:57:29:718 3048 ValidateDriverFile: Stage 3 passed
16:57:29:718 3048 FileCallback: File validated successfully, restore information prepared
16:57:29:718 3048 FindDriverFileBackup: Backup copy found in OemDir
16:57:29:718 3048 TDL3_FileCure: Backup copy found, using it..
16:57:29:718 3048 TDL3_FileCure: Dumping cured buffer to file C:\WINDOWS\system32\drivers\tsk15.tmp
16:57:29:734 3048 TDL3_FileCure: New / Old Image paths: (system32\drivers\tsk15.tmp, system32\drivers\iaStor.sys)
16:57:29:734 3048 TDL3_FileCure: KLMD jobs schedule success
16:57:29:734 3048 will be cured on next reboot
16:57:29:734 3048 UtilityBootReinit: Reboot required for cure complete..
16:57:29:734 3048 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmdb.sys) returned status 00000000
16:57:29:734 3048 UtilityBootReinit: KLMD drop success
16:57:29:734 3048 KLMD_ApplyPendList: Pending buffer(2859_37C3, 608) dropped successfully
16:57:29:734 3048 UtilityBootReinit: Cure on reboot scheduled successfully
16:57:29:734 3048
16:57:29:734 3048 Completed
16:57:29:734 3048
16:57:29:734 3048 Results:
16:57:29:734 3048 Memory objects infected / cured / cured on reboot: 2 / 2 / 0
16:57:29:734 3048 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
16:57:29:734 3048 File objects infected / cured / cured on reboot: 1 / 0 / 1
16:57:29:734 3048
16:57:29:734 3048 UnloadDriverW: NtUnloadDriver error 1
16:57:29:734 3048 KLMD_Unload: UnloadDriverW(klmd21) error 1
16:57:29:734 3048 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
16:57:29:734 3048 UtilityDeinit: KLMD(ARK) unloaded successfully

ad1234 > Phil

bonsoir ,

J'ai aussi un problème avec ce fichier et avast , et je craque aussi !

que faire ? je viens de faire un testa avec HijacThis et cela donne çà :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:54:39, on 16/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\WLTRYSVC.EXE
C:\WINDOWS.0\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Luidia\eBeam Device Service\eBeamDeviceServiceMain.exe
C:\PVSW\Bin\WGE_SRV.exe
C:\Program Files\Luidia\eBeam Device Service\eBeamDeviceServiceUI.exe
C:\PVSW\BIN\W3dbsmgr.EXE
C:\WINDOWS.0\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe
C:\WINDOWS.0\system32\lxdicoms.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\RTHDCPL.EXE
C:\WINDOWS.0\system32\igfxtray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS.0\system32\hkcmd.exe
C:\WINDOWS.0\system32\igfxsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS.0\system32\igfxpers.exe
C:\WINDOWS.0\system32\WLTRAY.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\WINDOWS.0\OEM13Mon.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Activ Software\Activdriver\ActivControl2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS.0\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Admin\Mes documents\HiJackThis.exe
C:\Documents and Settings\Admin\Mes documents\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://y.lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 89.149.210.171 www.google.no
O1 - Hosts: 89.149.210.171 www.google.nl
O1 - Hosts: 89.149.210.171 www.google.com
O1 - Hosts: 89.149.210.171 www.google.se
O1 - Hosts: 89.149.210.171 uk.search.yahoo.com
O1 - Hosts: 89.149.210.171 www.google.pt
O1 - Hosts: 89.149.210.171 www.google.es
O1 - Hosts: 89.149.210.171 www.google.ca
O1 - Hosts: 89.149.210.171 www.google.be
O1 - Hosts: 89.149.210.171 www.google.fi
O1 - Hosts: 89.149.210.171 www.google.com.br
O1 - Hosts: 89.149.210.171 www.google.co.uk
O1 - Hosts: 89.149.210.171 www.google.dk
O1 - Hosts: 89.149.210.171 www.google.co.jp
O1 - Hosts: 89.149.210.171 www.google.fr
O1 - Hosts: 89.149.210.171 www.google.co.za
O1 - Hosts: 89.149.210.171 www.google.de
O1 - Hosts: 89.149.210.171 www.google.ch
O1 - Hosts: 89.149.210.171 www.google.at
O1 - Hosts: 89.149.210.171 www.google.it
O1 - Hosts: 89.149.210.171 search.yahoo.com
O1 - Hosts: 89.149.210.171 www.google.ie
O1 - Hosts: 89.149.210.171 us.search.yahoo.com
O1 - Hosts: 89.149.210.171 www.google.gr
O1 - Hosts: 89.149.210.171 www.google.com.mx
O1 - Hosts: 89.149.210.171 www.google.com.au
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS.0\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS.0\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS.0\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS.0\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [OEM13Mon.exe] C:\WINDOWS.0\OEM13Mon.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ActivControl] C:\Program Files\Activ Software\Activdriver\ActivControl2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eBeam Device Service - Luidia, Inc. - C:\Program Files\Luidia\eBeam Device Service\eBeamDeviceServiceMain.exe
O23 - Service: EBP Pervasive.SQL - Unknown owner - C:\PVSW\Bin\WGE_SRV.exe
O23 - Service: Service Google Update (gupdate1ca127069781056) (gupdate1ca127069781056) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS.0\system32\lxdicoms.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS.0\System32\WLTRYSVC.EXE

Discussions similaires

Phishing faux mail d'avast

Prélèvement dri Avast software

Arnaque installation Avast Premium security

arnaque de avast prelevement sans autorisation

arnaque par DRI AVAST

Votre réponse

Discussions similaires