Probleme avec SVCHOST.EXE
Fermé
BARMOU
Messages postés
2
Date d'inscription
mercredi 16 janvier 2008
Statut
Membre
Dernière intervention
17 janvier 2008
-
17 janv. 2008 à 15:50
BARMOU - 18 janv. 2008 à 10:09
BARMOU - 18 janv. 2008 à 10:09
A voir également:
- Probleme avec SVCHOST.EXE
- Svchost.exe - Guide
- Svchost.exe -k aarsvcgroup -p ✓ - Forum Virus
- Svchost.exe (secsvcs) - Forum Virus
- Svchost.exe microphone ✓ - Forum Virus
- Supprimer svchost.exe virus ✓ - Forum Virus
2 réponses
winin
Messages postés
372
Date d'inscription
mercredi 16 janvier 2008
Statut
Membre
Dernière intervention
31 décembre 2008
12
17 janv. 2008 à 16:33
17 janv. 2008 à 16:33
On va faire un dernier scan :
- Télécharge combofix.exe (de sUBs) :
http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/
* Double clique combofix.exe tape 1 valide par Entrée pour lancer le scan
* Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
*** Combofix est détecté par certains antivirus comme une infection, il s'agit d'un "faux positif"
*** N'en tiens pas compte continue la procédure52 message(s) posté(s) depuis le mercredi 16 janvier 2008
--------------------------------------------------------------------------------
Ne jamais laisser tombé !
- Télécharge combofix.exe (de sUBs) :
http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/
* Double clique combofix.exe tape 1 valide par Entrée pour lancer le scan
* Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
*** Combofix est détecté par certains antivirus comme une infection, il s'agit d'un "faux positif"
*** N'en tiens pas compte continue la procédure52 message(s) posté(s) depuis le mercredi 16 janvier 2008
--------------------------------------------------------------------------------
Ne jamais laisser tombé !
Salut winin !!
Merci pour ton aide !!!
Voici le rapport généré par ComboFix
ComboFix 08-01-18.4 - user 2008-01-18 8:57:52.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.0.1252.1.1036.18.116 [GMT 0:00]
Running from: C:\Documents and Settings\user\Mes documents\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-18 to 2008-01-18 ))))))))))))))))))))))))))))))))))))
.
2008-01-18 08:56 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-16 14:18 . 2008-01-16 14:18 <REP> d-------- C:\HiJackThis
2008-01-08 14:06 . 2008-01-08 14:06 0 --a------ C:\WINDOWS\VPC32.INI
2008-01-08 14:00 . 2004-03-04 23:46 83,168 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-08 14:00 . 2004-03-04 23:46 82,832 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-08 13:59 . 2008-01-08 13:59 <REP> d-------- C:\Program Files\Symantec AntiVirus
2008-01-08 11:53 . 2008-01-08 11:53 <REP> d-------- C:\QUARANTINE
2008-01-08 09:46 . 2008-01-08 09:46 <REP> d-------- C:\Program Files\Fichiers communs\Cisco Systems
2008-01-08 09:46 . 2006-12-19 15:06 1,495,552 --a------ C:\WINDOWS\system32\epoPGPsdk.dll
2007-12-30 21:12 . 2007-12-30 21:12 <REP> d-------- C:\Documents and Settings\user\Application Data\U3
2007-12-24 13:18 . 2007-12-24 13:18 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\NCH Swift Sound
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-08 09:33 44,032 ----a-w C:\WINDOWS\system32\ftp.exe
2008-01-08 09:33 17,920 ----a-w C:\WINDOWS\system32\tftp.exe
2007-12-13 15:47 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\NCH Swift Sound
2007-12-13 15:39 --------- d-----w C:\Documents and Settings\user\Application Data\Recordpad
2007-12-13 15:38 --------- d-----w C:\Program Files\NCH Software
2007-12-13 15:37 --------- d-----w C:\Documents and Settings\user\Application Data\NCH Swift Sound
2007-12-13 15:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2007-12-13 15:36 --------- d-----w C:\Program Files\NCH Swift Sound
2007-12-13 15:32 724,992 ----a-w C:\WINDOWS\iun6002.exe
2007-12-13 15:32 --------- d-----w C:\Program Files\Cubemaster Gold
2007-12-13 15:22 45,632 ----a-w C:\8e9w3l6u1g1.exe
2007-12-13 15:06 134,656 ----a-w C:\WINDOWS\system32\sfc_os.dll
2007-12-13 13:58 --------- d-----w C:\Program Files\Ares
2007-12-05 17:47 --------- d-----w C:\Program Files\MyXOFT
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-28 14:00 13312]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-05-23 12:15 1462544]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-04-20 15:33 67128]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-03-20 01:21 947200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" []
"nwiz"="nwiz.exe" [2002-04-19 15:13 364544 C:\WINDOWS\system32\nwiz.exe]
"00THotkey"="C:\WINDOWS\System32\[u]0[/u]0THotkey.exe" [2002-05-13 10:45 245760]
"000StTHK"="000StTHK.exe" [2001-06-23 20:28 24576 C:\WINDOWS\system32\[u]0[/u]00StTHK.exe]
"Tpwrtray"="TPWRTRAY.EXE" [2002-07-31 13:42 188416 C:\WINDOWS\system32\TPWRTRAY.EXE]
"TFncKy"="TFncKy.exe" []
"TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2002-01-22 18:20 49152]
"TFNF5"="TFNF5.exe" [2001-09-04 11:31 69632 C:\WINDOWS\system32\TFNF5.exe]
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2002-08-09 12:07 122880]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-07-03 15:17 40960]
"Drag'n Drop CD"="C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe" [2002-07-24 19:44 790528]
"Logitech Utility"="Logi_MwX.Exe" [2003-03-04 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2002-05-20 19:51 90112]
"HI-SPEED USB DEVICE Coinstaller"="PL15Co2K.exe" [2003-07-10 16:59 86016 C:\WINDOWS\PL15Co2K.exe]
"EasyPHP"="C:\Program Files\EasyPHP\easyphp.exe" [2002-04-15 10:52 122880]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-05-10 15:27 180269]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-12-09 15:56 241152]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2004-02-29 16:44 66680]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-12 15:18 124128]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 14:00 13312]
C:\Documents and Settings\user\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-10-09 21:22:22]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Raccourci vers easyphp.lnk - C:\Program Files\EasyPHP\easyphp.exe [2002-04-15 10:52:07]
Printkey2000.lnk - C:\Program Files\PrintKey2000\Printkey2000.exe [2004-04-11 22:38:23]
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2004-05-22 17:04:17]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56]
Assistant d'Acrobat.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-04-20 15:33:11]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
R0 TVALG;Toshiba Value Added Logical and General Purpose Device Driver;C:\WINDOWS\System32\DRIVERS\TVALG.SYS [2001-09-13 19:53]
R2 PLQ0306270;Prolific HotFix Q0306270;C:\WINDOWS\System32\HotFixQ0306270.exe [2003-07-02 22:20]
R3 TOSHIBASoftModem;TOSHIBA Software Modem;C:\WINDOWS\System32\DRIVERS\LTSM.sys [2001-09-26 19:34]
S3 NUVision;NUVision II Video Service;C:\WINDOWS\System32\DRIVERS\nuvvid2.sys [2001-10-28 21:34]
S3 pciSd;pciSd;C:\WINDOWS\System32\DRIVERS\tossdpci.sys [2002-01-07 19:16]
S3 tsdhd;TOSHIBA SD Card Host Controller Driver;C:\WINDOWS\System32\DRIVERS\tsdhd.sys [2002-04-04 19:12]
*Newly Created Service* - PROCEXP90
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 09:00:35
Windows 5.1.2600 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
MMTray = C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe?w???g????V??g????SOFTWARE\MusicMatch\MusicMatch Jukebox\4.0\TrayApp???%X??????????????????>?w0 ?w????3??w???g?{?????????g?RY??QY??????-?s????2???????D???8???? @??%X??%X?????????????????x?Y?????^?Q?????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-18 9:01:18
Merci pour ton aide !!!
Voici le rapport généré par ComboFix
ComboFix 08-01-18.4 - user 2008-01-18 8:57:52.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.0.1252.1.1036.18.116 [GMT 0:00]
Running from: C:\Documents and Settings\user\Mes documents\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-18 to 2008-01-18 ))))))))))))))))))))))))))))))))))))
.
2008-01-18 08:56 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-16 14:18 . 2008-01-16 14:18 <REP> d-------- C:\HiJackThis
2008-01-08 14:06 . 2008-01-08 14:06 0 --a------ C:\WINDOWS\VPC32.INI
2008-01-08 14:00 . 2004-03-04 23:46 83,168 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-08 14:00 . 2004-03-04 23:46 82,832 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-08 13:59 . 2008-01-08 13:59 <REP> d-------- C:\Program Files\Symantec AntiVirus
2008-01-08 11:53 . 2008-01-08 11:53 <REP> d-------- C:\QUARANTINE
2008-01-08 09:46 . 2008-01-08 09:46 <REP> d-------- C:\Program Files\Fichiers communs\Cisco Systems
2008-01-08 09:46 . 2006-12-19 15:06 1,495,552 --a------ C:\WINDOWS\system32\epoPGPsdk.dll
2007-12-30 21:12 . 2007-12-30 21:12 <REP> d-------- C:\Documents and Settings\user\Application Data\U3
2007-12-24 13:18 . 2007-12-24 13:18 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\NCH Swift Sound
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-08 09:33 44,032 ----a-w C:\WINDOWS\system32\ftp.exe
2008-01-08 09:33 17,920 ----a-w C:\WINDOWS\system32\tftp.exe
2007-12-13 15:47 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\NCH Swift Sound
2007-12-13 15:39 --------- d-----w C:\Documents and Settings\user\Application Data\Recordpad
2007-12-13 15:38 --------- d-----w C:\Program Files\NCH Software
2007-12-13 15:37 --------- d-----w C:\Documents and Settings\user\Application Data\NCH Swift Sound
2007-12-13 15:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2007-12-13 15:36 --------- d-----w C:\Program Files\NCH Swift Sound
2007-12-13 15:32 724,992 ----a-w C:\WINDOWS\iun6002.exe
2007-12-13 15:32 --------- d-----w C:\Program Files\Cubemaster Gold
2007-12-13 15:22 45,632 ----a-w C:\8e9w3l6u1g1.exe
2007-12-13 15:06 134,656 ----a-w C:\WINDOWS\system32\sfc_os.dll
2007-12-13 13:58 --------- d-----w C:\Program Files\Ares
2007-12-05 17:47 --------- d-----w C:\Program Files\MyXOFT
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-28 14:00 13312]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-05-23 12:15 1462544]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-04-20 15:33 67128]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-03-20 01:21 947200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" []
"nwiz"="nwiz.exe" [2002-04-19 15:13 364544 C:\WINDOWS\system32\nwiz.exe]
"00THotkey"="C:\WINDOWS\System32\[u]0[/u]0THotkey.exe" [2002-05-13 10:45 245760]
"000StTHK"="000StTHK.exe" [2001-06-23 20:28 24576 C:\WINDOWS\system32\[u]0[/u]00StTHK.exe]
"Tpwrtray"="TPWRTRAY.EXE" [2002-07-31 13:42 188416 C:\WINDOWS\system32\TPWRTRAY.EXE]
"TFncKy"="TFncKy.exe" []
"TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2002-01-22 18:20 49152]
"TFNF5"="TFNF5.exe" [2001-09-04 11:31 69632 C:\WINDOWS\system32\TFNF5.exe]
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2002-08-09 12:07 122880]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-07-03 15:17 40960]
"Drag'n Drop CD"="C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe" [2002-07-24 19:44 790528]
"Logitech Utility"="Logi_MwX.Exe" [2003-03-04 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2002-05-20 19:51 90112]
"HI-SPEED USB DEVICE Coinstaller"="PL15Co2K.exe" [2003-07-10 16:59 86016 C:\WINDOWS\PL15Co2K.exe]
"EasyPHP"="C:\Program Files\EasyPHP\easyphp.exe" [2002-04-15 10:52 122880]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-05-10 15:27 180269]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-12-09 15:56 241152]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2004-02-29 16:44 66680]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-12 15:18 124128]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 14:00 13312]
C:\Documents and Settings\user\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-10-09 21:22:22]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Raccourci vers easyphp.lnk - C:\Program Files\EasyPHP\easyphp.exe [2002-04-15 10:52:07]
Printkey2000.lnk - C:\Program Files\PrintKey2000\Printkey2000.exe [2004-04-11 22:38:23]
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2004-05-22 17:04:17]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56]
Assistant d'Acrobat.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-04-20 15:33:11]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
R0 TVALG;Toshiba Value Added Logical and General Purpose Device Driver;C:\WINDOWS\System32\DRIVERS\TVALG.SYS [2001-09-13 19:53]
R2 PLQ0306270;Prolific HotFix Q0306270;C:\WINDOWS\System32\HotFixQ0306270.exe [2003-07-02 22:20]
R3 TOSHIBASoftModem;TOSHIBA Software Modem;C:\WINDOWS\System32\DRIVERS\LTSM.sys [2001-09-26 19:34]
S3 NUVision;NUVision II Video Service;C:\WINDOWS\System32\DRIVERS\nuvvid2.sys [2001-10-28 21:34]
S3 pciSd;pciSd;C:\WINDOWS\System32\DRIVERS\tossdpci.sys [2002-01-07 19:16]
S3 tsdhd;TOSHIBA SD Card Host Controller Driver;C:\WINDOWS\System32\DRIVERS\tsdhd.sys [2002-04-04 19:12]
*Newly Created Service* - PROCEXP90
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 09:00:35
Windows 5.1.2600 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
MMTray = C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe?w???g????V??g????SOFTWARE\MusicMatch\MusicMatch Jukebox\4.0\TrayApp???%X??????????????????>?w0 ?w????3??w???g?{?????????g?RY??QY??????-?s????2???????D???8???? @??%X??%X?????????????????x?Y?????^?Q?????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-18 9:01:18