Avast et SVCHOST.exe (ras le bol)

Podh -  
 ad1234 -
Bonjour,
Je suis en galère avec avast qui ne cesse de m'indiquer une infection redondante de SVCHOST.exe
Le message apparait toutes les 10 mn et cela evient plus que barbant.
Le souci est qu'aucune des manipulations faites ne semblent régler le PB.
Le virus va se cacher dans un dossier différent à chaque fois (c:\windows\temp\(XXXX).tmp\svchost.exe);
Comment puis-je résoudre ce problème afin que cela cesse.
Merci d'avance pour vos réponses et Bloavezh Mat.

Pod
Configuration: Windows XP
Firefox 3.5.6

1 réponse

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    scan avec malwarebyte , fais un scan rapide et colle le rapport obtenu et vire ce qui est trouvé:

    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/­

    puis

    Télécharge ici :

    http://images.malwareremoval.com/random/RSIT.exe

    random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

    Double-clique sur RSIT.exe afin de lancer RSIT.

    Clique Continue à l'écran Disclaimer.

    Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

    Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

    NB : Les rapports sont sauvegardés dans le dossier C:\rsit
    0
    1. fcfcfc
       
      Bonjour, j'ai le même souci que podh !
      J'ai suivi avec minutie tes conseil et à la fin je bug un peu.
      Qu'entends-tu par
      "Poste le contenu de log.txt (<<qui sera affiché)
      ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches)."
      merci.

      François.
      0
      1. Phil > fcfcfc
         
        Bonjour,

        J'ai eu le même problème il y a 3 jours.
        Configuration de mon PC: AVAST, XP pro, IE
        Bidouillant un peu mais n'étant pas un amateur eclairé en informatique, j'ai consulté différents forums (y compris en anglais) concernant ce win 32 malware-gen (détection AVAST) qui me créait des fichiers svchost. exe infecté toutes les 10 minutes dans windows\temp.
        La plupart des forums préconise COMBO FIX (logiciel puissant, pouvant créer quelques problèmes si il est mal utilisé).
        Après avoir utilisé Spybot, malewarebytes etc... sans aucun résultat, je suis tombé sur un site en anglais spécifiant que mon virus etait un trojan type TDSS. J'ai téléchargé TDSSKILLER preconisé par ce site sur mon bureau et je l'ai lancé.
        téléchargement et manipulation très simple.
        Il a détecté une infection virale. J'ai appuyé sur le "y" pour yes.
        j'ai nettoyé mon PC avec No trace, CCcleaner, Spybot, malewarebytes et fait un scan complet anti virus.
        Depuis 2 jours plus rien, windows temp n'est plus infecte par des fichiers svchost, google a retrouvé sa précision.
        le problème semble à priori résolu.

        Si quequ'un pouvait me le confirmer ou comment je peux le faire : Merci

        site KAPERSKY pour télécharger TDSSKILLER
        https://support.kaspersky.com/5350

        Pour les spécialiste ci dessous le rapport de TDSSkiller sur l'infection

        TDSS rootkit removing tool 2.2.2 Jan 13 2010 08:42:25
        16:57:28:750 3048 ================================================================================
        16:57:28:750 3048 SystemInfo:

        16:57:28:750 3048 OS Version: 5.1.2600 ServicePack: 3.0
        16:57:28:750 3048 Product type: Workstation
        16:57:28:750 3048 ComputerName: YOUR-D02C3E5880
        16:57:28:750 3048 UserName: Philippe
        16:57:28:750 3048 Windows directory: C:\WINDOWS
        16:57:28:750 3048 Processor architecture: Intel x86
        16:57:28:750 3048 Number of processors: 2
        16:57:28:750 3048 Page size: 0x1000
        16:57:28:750 3048 Boot type: Normal boot
        16:57:28:750 3048 ================================================================================
        16:57:28:750 3048 UnloadDriverW: NtUnloadDriver error 2
        16:57:28:750 3048 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
        16:57:28:750 3048 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
        16:57:28:765 3048 UtilityInit: KLMD drop and load success
        16:57:28:765 3048 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201000)
        16:57:28:765 3048 UtilityInit: KLMD open success
        16:57:28:765 3048 UtilityInit: Initialize success
        16:57:28:765 3048
        16:57:28:765 3048 Scanning Services ...
        16:57:28:765 3048 CreateRegParser: Registry parser init started
        16:57:28:765 3048 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127
        16:57:28:765 3048 CreateRegParser: DisableWow64Redirection error
        16:57:28:765 3048 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
        16:57:28:765 3048 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043
        16:57:28:765 3048 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
        16:57:28:765 3048 wfopen_ex: Trying to KLMD file open
        16:57:28:765 3048 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system
        16:57:28:765 3048 wfopen_ex: File opened ok (Flags 2)
        16:57:28:765 3048 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: 274B28
        16:57:28:765 3048 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
        16:57:28:765 3048 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043
        16:57:28:765 3048 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
        16:57:28:765 3048 wfopen_ex: Trying to KLMD file open
        16:57:28:765 3048 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software
        16:57:28:765 3048 wfopen_ex: File opened ok (Flags 2)
        16:57:28:765 3048 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: 274B90
        16:57:28:765 3048 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127
        16:57:28:765 3048 CreateRegParser: EnableWow64Redirection error
        16:57:28:765 3048 CreateRegParser: RegParser init completed
        16:57:29:062 3048 GetAdvancedServicesInfo: Raw services enum returned 400 services
        16:57:29:078 3048 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
        16:57:29:078 3048 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
        16:57:29:078 3048
        16:57:29:078 3048 Scanning Kernel memory ...
        16:57:29:078 3048 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
        16:57:29:078 3048 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 8A5E4898
        16:57:29:078 3048 DetectCureTDL3: KLMD_GetDeviceObjectList returned 2 DevObjects
        16:57:29:078 3048
        16:57:29:078 3048 DetectCureTDL3: DEVICE_OBJECT: 8A58AC68
        16:57:29:078 3048 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A58AC68
        16:57:29:078 3048 KLMD_ReadMem: Trying to ReadMemory 0x8A58AC68[0x38]
        16:57:29:078 3048 DetectCureTDL3: DRIVER_OBJECT: 8A5E4898
        16:57:29:078 3048 KLMD_ReadMem: Trying to ReadMemory 0x8A5E4898[0xA8]
        16:57:29:078 3048 KLMD_ReadMem: Trying to ReadMemory 0xE169A138[0x18]
        16:57:29:078 3048 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (0) addr: BA10EBB0
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (1) addr: 804F4562
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (2) addr: BA10EBB0
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (3) addr: BA108D1F
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (4) addr: BA108D1F
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (5) addr: 804F4562
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (6) addr: 804F4562
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (7) addr: 804F4562
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (8) addr: 804F4562
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (9) addr: BA1092E2
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (10) addr: 804F4562
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (11) addr: 804F4562
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (12) addr: 804F4562
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (13) addr: 804F4562
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (14) addr: BA1093BB
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (15) addr: BA10CF28
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (16) addr: BA1092E2
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (17) addr: 804F4562
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (18) addr: 804F4562
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (19) addr: 804F4562
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (20) addr: 804F4562
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (21) addr: 804F4562
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (22) addr: BA10AC82
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (23) addr: BA10F99E
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (24) addr: 804F4562
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (25) addr: 804F4562
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (26) addr: 804F4562
        16:57:29:078 3048 TDL3_FileDetect: Processing driver: Disk
        16:57:29:078 3048 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
        16:57:29:078 3048 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
        16:57:29:078 3048 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
        16:57:29:078 3048
        16:57:29:078 3048 DetectCureTDL3: DEVICE_OBJECT: 8A520AB8
        16:57:29:078 3048 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A520AB8
        16:57:29:078 3048 DetectCureTDL3: DEVICE_OBJECT: 8A570030
        16:57:29:078 3048 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A570030
        16:57:29:078 3048 DetectCureTDL3: DEVICE_OBJECT: 8A58C548
        16:57:29:078 3048 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A58C548
        16:57:29:078 3048 DetectCureTDL3: DEVICE_OBJECT: 8A53E030
        16:57:29:078 3048 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A53E030
        16:57:29:078 3048 KLMD_ReadMem: Trying to ReadMemory 0x8A53E030[0x38]
        16:57:29:078 3048 DetectCureTDL3: DRIVER_OBJECT: 89724798
        16:57:29:078 3048 KLMD_ReadMem: Trying to ReadMemory 0x89724798[0xA8]
        16:57:29:078 3048 KLMD_ReadMem: Trying to ReadMemory 0x8A540030[0x38]
        16:57:29:078 3048 KLMD_ReadMem: Trying to ReadMemory 0x8A572428[0xA8]
        16:57:29:078 3048 KLMD_ReadMem: Trying to ReadMemory 0xE1003660[0x1C]
        16:57:29:078 3048 DetectCureTDL3: DRIVER_OBJECT name: \Driver\iaStor, Driver Name: iaStor
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (0) addr: 8A47B841
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (1) addr: 8A47B841
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (2) addr: 8A47B841
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (3) addr: 8A47B841
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (4) addr: 8A47B841
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (5) addr: 8A47B841
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (6) addr: 8A47B841
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (7) addr: 8A47B841
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (8) addr: 8A47B841
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (9) addr: 8A47B841
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (10) addr: 8A47B841
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (11) addr: 8A47B841
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (12) addr: 8A47B841
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (13) addr: 8A47B841
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (14) addr: 8A47B841
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (15) addr: 8A47B841
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (16) addr: 8A47B841
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (17) addr: 8A47B841
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (18) addr: 8A47B841
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (19) addr: 8A47B841
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (20) addr: 8A47B841
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (21) addr: 8A47B841
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (22) addr: 8A47B841
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (23) addr: 8A47B841
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (24) addr: 8A47B841
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (25) addr: 8A47B841
        16:57:29:078 3048 DetectCureTDL3: IrpHandler (26) addr: 8A47B841
        16:57:29:078 3048 DetectCureTDL3: All IRP handlers pointed to one addr: 8A47B841
        16:57:29:078 3048 KLMD_ReadMem: Trying to ReadMemory 0x8A47B841[0x400]
        16:57:29:078 3048 TDL3_IrpHookDetect: CheckParameters: 4, FFDF0308, 333, 121, 3, 109
        16:57:29:078 3048 Driver "iaStor" Irp handler infected by TDSS rootkit ... 16:57:29:078 3048 KLMD_WriteMem: Trying to WriteMemory 0x8A47B8BA[0xD]
        16:57:29:078 3048 cured
        16:57:29:078 3048 KLMD_ReadMem: Trying to ReadMemory 0x8A47B6EC[0x400]
        16:57:29:078 3048 TDL3_StartIoHookDetect: CheckParameters: 9, FFDF0308, 1
        16:57:29:078 3048 Driver "iaStor" StartIo handler infected by TDSS rootkit ... 16:57:29:078 3048 TDL3_StartIoHookCure: Number of patches 1
        16:57:29:078 3048 KLMD_WriteMem: Trying to WriteMemory 0x8A47B7F5[0x6]
        16:57:29:078 3048 cured
        16:57:29:078 3048 TDL3_FileDetect: Processing driver: iaStor
        16:57:29:078 3048 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\iaStor.sys
        16:57:29:078 3048 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\iaStor.sys
        16:57:29:093 3048 TDL3_FileDetect: C:\WINDOWS\system32\drivers\iaStor.sys - Verdict: Infected
        16:57:29:093 3048 File C:\WINDOWS\system32\drivers\iaStor.sys infected by TDSS rootkit ... 16:57:29:093 3048 TDL3_FileCure: Processing driver file: C:\WINDOWS\system32\drivers\iaStor.sys
        16:57:29:093 3048 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3
        16:57:29:109 3048 CABFileCallback: Processing cab-file: C:\WINDOWS\Driver Cache\i386\driver.cab
        16:57:29:171 3048 CABFileCallback: Processing cab-file: C:\WINDOWS\Driver Cache\i386\sp3.cab
        16:57:29:203 3048 FileCallback: Backup candidate found: C:\WINDOWS\OemDir\iaStor.sys:312344, checking..
        16:57:29:218 3048 ValidateDriverFile: Stage 1 passed
        16:57:29:234 3048 ValidateDriverFile: Stage 2 passed
        16:57:29:718 3048 DigitalSignVerifyByHandle: Embedded DS result: 00000000
        16:57:29:718 3048 ValidateDriverFile: Stage 3 passed
        16:57:29:718 3048 FileCallback: File validated successfully, restore information prepared
        16:57:29:718 3048 FindDriverFileBackup: Backup copy found in OemDir
        16:57:29:718 3048 TDL3_FileCure: Backup copy found, using it..
        16:57:29:718 3048 TDL3_FileCure: Dumping cured buffer to file C:\WINDOWS\system32\drivers\tsk15.tmp
        16:57:29:734 3048 TDL3_FileCure: New / Old Image paths: (system32\drivers\tsk15.tmp, system32\drivers\iaStor.sys)
        16:57:29:734 3048 TDL3_FileCure: KLMD jobs schedule success
        16:57:29:734 3048 will be cured on next reboot
        16:57:29:734 3048 UtilityBootReinit: Reboot required for cure complete..
        16:57:29:734 3048 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmdb.sys) returned status 00000000
        16:57:29:734 3048 UtilityBootReinit: KLMD drop success
        16:57:29:734 3048 KLMD_ApplyPendList: Pending buffer(2859_37C3, 608) dropped successfully
        16:57:29:734 3048 UtilityBootReinit: Cure on reboot scheduled successfully
        16:57:29:734 3048
        16:57:29:734 3048 Completed
        16:57:29:734 3048
        16:57:29:734 3048 Results:
        16:57:29:734 3048 Memory objects infected / cured / cured on reboot: 2 / 2 / 0
        16:57:29:734 3048 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
        16:57:29:734 3048 File objects infected / cured / cured on reboot: 1 / 0 / 1
        16:57:29:734 3048
        16:57:29:734 3048 UnloadDriverW: NtUnloadDriver error 1
        16:57:29:734 3048 KLMD_Unload: UnloadDriverW(klmd21) error 1
        16:57:29:734 3048 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
        16:57:29:734 3048 UtilityDeinit: KLMD(ARK) unloaded successfully
        0
      2. ad1234 > Phil
         
        bonsoir ,

        J'ai aussi un problème avec ce fichier et avast , et je craque aussi !

        que faire ? je viens de faire un testa avec HijacThis et cela donne çà :

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 20:54:39, on 16/01/2010
        Platform: Windows XP SP3 (WinNT 5.01.2600)
        MSIE: Internet Explorer v8.00 (8.00.6001.18702)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS.0\System32\smss.exe
        C:\WINDOWS.0\system32\winlogon.exe
        C:\WINDOWS.0\system32\services.exe
        C:\WINDOWS.0\system32\lsass.exe
        C:\WINDOWS.0\system32\svchost.exe
        C:\WINDOWS.0\System32\svchost.exe
        C:\WINDOWS.0\system32\svchost.exe
        C:\WINDOWS.0\System32\WLTRYSVC.EXE
        C:\WINDOWS.0\System32\bcmwltry.exe
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\WINDOWS.0\system32\spoolsv.exe
        C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        C:\Program Files\Bonjour\mDNSResponder.exe
        C:\Program Files\Luidia\eBeam Device Service\eBeamDeviceServiceMain.exe
        C:\PVSW\Bin\WGE_SRV.exe
        C:\Program Files\Luidia\eBeam Device Service\eBeamDeviceServiceUI.exe
        C:\PVSW\BIN\W3dbsmgr.EXE
        C:\WINDOWS.0\Explorer.EXE
        C:\Program Files\Java\jre6\bin\jqs.exe
        C:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe
        C:\WINDOWS.0\system32\lxdicoms.exe
        C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
        C:\WINDOWS.0\system32\svchost.exe
        C:\WINDOWS.0\RTHDCPL.EXE
        C:\WINDOWS.0\system32\igfxtray.exe
        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        C:\WINDOWS.0\system32\hkcmd.exe
        C:\WINDOWS.0\system32\igfxsrvc.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\WINDOWS.0\system32\igfxpers.exe
        C:\WINDOWS.0\system32\WLTRAY.exe
        C:\Program Files\DellTPad\Apoint.exe
        C:\Program Files\Java\jre6\bin\jusched.exe
        C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
        C:\WINDOWS.0\OEM13Mon.exe
        C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
        C:\Program Files\Activ Software\Activdriver\ActivControl2.exe
        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
        C:\Program Files\DellTPad\ApMsgFwd.exe
        C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
        C:\Program Files\DellTPad\HidFind.exe
        C:\Program Files\iTunes\iTunesHelper.exe
        C:\WINDOWS.0\system32\ctfmon.exe
        C:\Program Files\DellTPad\Apntex.exe
        C:\Program Files\OpenOffice.org 3\program\soffice.exe
        C:\Program Files\OpenOffice.org 3\program\soffice.bin
        C:\Program Files\iPod\bin\iPodService.exe
        C:\WINDOWS.0\system32\wuauclt.exe
        C:\Program Files\Java\jre6\bin\jucheck.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\Documents and Settings\Admin\Mes documents\HiJackThis.exe
        C:\Documents and Settings\Admin\Mes documents\HiJackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://y.lo.st
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
        O1 - Hosts: 89.149.210.171 www.google.no
        O1 - Hosts: 89.149.210.171 www.google.nl
        O1 - Hosts: 89.149.210.171 www.google.com
        O1 - Hosts: 89.149.210.171 www.google.se
        O1 - Hosts: 89.149.210.171 uk.search.yahoo.com
        O1 - Hosts: 89.149.210.171 www.google.pt
        O1 - Hosts: 89.149.210.171 www.google.es
        O1 - Hosts: 89.149.210.171 www.google.ca
        O1 - Hosts: 89.149.210.171 www.google.be
        O1 - Hosts: 89.149.210.171 www.google.fi
        O1 - Hosts: 89.149.210.171 www.google.com.br
        O1 - Hosts: 89.149.210.171 www.google.co.uk
        O1 - Hosts: 89.149.210.171 www.google.dk
        O1 - Hosts: 89.149.210.171 www.google.co.jp
        O1 - Hosts: 89.149.210.171 www.google.fr
        O1 - Hosts: 89.149.210.171 www.google.co.za
        O1 - Hosts: 89.149.210.171 www.google.de
        O1 - Hosts: 89.149.210.171 www.google.ch
        O1 - Hosts: 89.149.210.171 www.google.at
        O1 - Hosts: 89.149.210.171 www.google.it
        O1 - Hosts: 89.149.210.171 search.yahoo.com
        O1 - Hosts: 89.149.210.171 www.google.ie
        O1 - Hosts: 89.149.210.171 us.search.yahoo.com
        O1 - Hosts: 89.149.210.171 www.google.gr
        O1 - Hosts: 89.149.210.171 www.google.com.mx
        O1 - Hosts: 89.149.210.171 www.google.com.au
        O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
        O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
        O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
        O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
        O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
        O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
        O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
        O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS.0\system32\igfxtray.exe
        O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS.0\system32\hkcmd.exe
        O4 - HKLM\..\Run: [Persistence] C:\WINDOWS.0\system32\igfxpers.exe
        O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS.0\system32\WLTRAY.exe
        O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
        O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
        O4 - HKLM\..\Run: [OEM13Mon.exe] C:\WINDOWS.0\OEM13Mon.exe
        O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
        O4 - HKLM\..\Run: [ActivControl] C:\Program Files\Activ Software\Activdriver\ActivControl2.exe
        O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
        O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
        O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
        O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe
        O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\ISUSPM.exe" -scheduler
        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SERVICE LOCAL')
        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user')
        O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
        O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
        O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
        O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
        O23 - Service: eBeam Device Service - Luidia, Inc. - C:\Program Files\Luidia\eBeam Device Service\eBeamDeviceServiceMain.exe
        O23 - Service: EBP Pervasive.SQL - Unknown owner - C:\PVSW\Bin\WGE_SRV.exe
        O23 - Service: Service Google Update (gupdate1ca127069781056) (gupdate1ca127069781056) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
        O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
        O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
        O23 - Service: lxdi_device - - C:\WINDOWS.0\system32\lxdicoms.exe
        O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
        O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
        O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS.0\System32\WLTRYSVC.EXE
        0