A voir également:
- Svchost. probleme
- Svchost - Guide
- Svchost intempestif ✓ - Forum Windows 10
- Svchost dcomlaunch - Forum Virus
- Svchost netsvcs ✓ - Forum Virus
- Svchost c'est quoi - Forum Windows
4 réponses
bonjours,
svchost.exe est un processus important de windows, qui peut être lancés plusieurs fois.
Cependant il arrive que des infections l'utilise à leur bénéfice.
Vérifions cela ..
*********** Recherche d'autre infection avec Malwarebyte's ***********
Téléchargez - Installez Malwarebyte's
* Laissez-vous guider : choix de la langue, acceptation de la licence, dossier par défaut ...
* Cocher la case "Créer une icône sur le Bureau".
* Cochez bien la case Mettre à jour
* Cliquez ensuite sur Terminer.
Utilisation
* Double-cliquez sur le raccourci créé sur votre bureau
* Dans l'onglet Recherche, cliquez sur Exécuter un examen complet puis sur Rechercher.
* Sélectionnez votre ou vos disques durs.
* Cliquez ensuite sur Lancer l'examen. (N'appuyer pas de suite sur "Supprimer la sélection")
* Après le scan, sauvegarder le rapport
* Affichez le rapport de Malwarebyte's dans votre prochaine réponse.
**************** Créer un rapport avec Hijackthis *******************
* Téléchargez - installez HijackThis
* Ouvrez Hijackthis, appuyer sur [Do a system scan safe a Logfile]
* Un rapport va s'ouvrir, affichez ce rapport dans votre prochaine réponse.
svchost.exe est un processus important de windows, qui peut être lancés plusieurs fois.
Cependant il arrive que des infections l'utilise à leur bénéfice.
Vérifions cela ..
*********** Recherche d'autre infection avec Malwarebyte's ***********
Téléchargez - Installez Malwarebyte's
* Laissez-vous guider : choix de la langue, acceptation de la licence, dossier par défaut ...
* Cocher la case "Créer une icône sur le Bureau".
* Cochez bien la case Mettre à jour
* Cliquez ensuite sur Terminer.
Utilisation
* Double-cliquez sur le raccourci créé sur votre bureau
* Dans l'onglet Recherche, cliquez sur Exécuter un examen complet puis sur Rechercher.
* Sélectionnez votre ou vos disques durs.
* Cliquez ensuite sur Lancer l'examen. (N'appuyer pas de suite sur "Supprimer la sélection")
* Après le scan, sauvegarder le rapport
* Affichez le rapport de Malwarebyte's dans votre prochaine réponse.
**************** Créer un rapport avec Hijackthis *******************
* Téléchargez - installez HijackThis
* Ouvrez Hijackthis, appuyer sur [Do a system scan safe a Logfile]
* Un rapport va s'ouvrir, affichez ce rapport dans votre prochaine réponse.
Voila jai utilise malwarebyte et il ya plusieurs fichier infecter le log est la j'ai beau supprimer les fichiers infecter mais il reste toujours pareil
Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2885
Windows 5.1.2600 Service Pack 2 (Safe Mode)
2009-10-02 19:11:09
mbam-log-2009-10-02 (19-11-09).txt
Type de recherche: Examen rapide
Eléments examinés: 117796
Temps écoulé: 26 minute(s), 38 second(s)
Processus mémoire infecté(s): 7
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 16
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 26
Processus mémoire infecté(s):
C:\WINDOWS\system32\5.tmp (Trojan.Dropper) -> Unloaded process successfully.
C:\WINDOWS\system32\B.tmp (Trojan.Dropper) -> Unloaded process successfully.
C:\WINDOWS\system32\81.tmp (Trojan.Dropper) -> Unloaded process successfully.
C:\WINDOWS\system32\8B.tmp (Trojan.Dropper) -> Unloaded process successfully.
C:\WINDOWS\system32\lsm32.sys (Backdoor.Bot) -> Unloaded process successfully.
C:\WINDOWS\system32\6.tmp (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\sc.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\BtwSrv.dll (Trojan.Agent) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\btwsrv (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\servises.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\reader_s.exe (Trojan.Cutwail) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sofatnet (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_BTWSRV (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\servises (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\servises (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\servises (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\servises (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Cutwail) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Cutwail) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\security center (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\protection system (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udso (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Services\del (Malware.Trace) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\servises.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\B.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\81.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\BtwSrv.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\8B.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\reader_s.exe (Trojan.Cutwail) -> Quarantined and deleted successfully.
C:\Documents and Settings\Carl\reader_s.exe (Trojan.Cutwail) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\C5.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sofatnet.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\SystemProfile\reader_s.exe (Trojan.Cutwail) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\VRR86.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\SC.INS (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\Protection System\uninst.exe (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lsm32.sys (Backdoor.Bot) -> Delete on reboot.
C:\Documents and Settings\Carl\restorer32_a.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\restorer32_a.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_id.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msxm192z.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Carl\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\sc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2885
Windows 5.1.2600 Service Pack 2 (Safe Mode)
2009-10-02 19:11:09
mbam-log-2009-10-02 (19-11-09).txt
Type de recherche: Examen rapide
Eléments examinés: 117796
Temps écoulé: 26 minute(s), 38 second(s)
Processus mémoire infecté(s): 7
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 16
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 26
Processus mémoire infecté(s):
C:\WINDOWS\system32\5.tmp (Trojan.Dropper) -> Unloaded process successfully.
C:\WINDOWS\system32\B.tmp (Trojan.Dropper) -> Unloaded process successfully.
C:\WINDOWS\system32\81.tmp (Trojan.Dropper) -> Unloaded process successfully.
C:\WINDOWS\system32\8B.tmp (Trojan.Dropper) -> Unloaded process successfully.
C:\WINDOWS\system32\lsm32.sys (Backdoor.Bot) -> Unloaded process successfully.
C:\WINDOWS\system32\6.tmp (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\sc.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\BtwSrv.dll (Trojan.Agent) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\btwsrv (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\servises.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\reader_s.exe (Trojan.Cutwail) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sofatnet (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_BTWSRV (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\servises (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\servises (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\servises (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\servises (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Cutwail) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Cutwail) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\security center (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\protection system (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udso (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Services\del (Malware.Trace) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\servises.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\B.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\81.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\BtwSrv.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\8B.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\reader_s.exe (Trojan.Cutwail) -> Quarantined and deleted successfully.
C:\Documents and Settings\Carl\reader_s.exe (Trojan.Cutwail) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\C5.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sofatnet.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\SystemProfile\reader_s.exe (Trojan.Cutwail) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\VRR86.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\SC.INS (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\Protection System\uninst.exe (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lsm32.sys (Backdoor.Bot) -> Delete on reboot.
C:\Documents and Settings\Carl\restorer32_a.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\restorer32_a.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_id.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msxm192z.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Carl\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\sc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
De toute évidence c'est une infection importante.
Malwarebytes pour un maximum d'efficacité doit être utilisé en mode normal, du quel selon l'infection, vous lancerez un scan complet !
Et après ça, produisez et postez le rapport Hijackthis.
Malwarebytes pour un maximum d'efficacité doit être utilisé en mode normal, du quel selon l'infection, vous lancerez un scan complet !
Et après ça, produisez et postez le rapport Hijackthis.
Oups.. après plus ample vérification du rapport Malwarebytes, du quel le fichier reader_s.exe apparait.
Il semblerait que vous soyez infecté par Virut.
C'est probablement l'infection la plus dangereuse présentement.
- caractéristique du P2P et logiciel cracké
Si cette infection est toute récente, peut-être pourrez vous supprimer ça complètement.
Par contre si ça date d'au moins une journée, avec lequel quelques redémarrage du PC ont été fait.
Alors ce serait préférable de sauvegarder immédiatement vos données personnelles sur CD-ROM(<-important) et formater le PC avec l'outil de formatage spécialisé fournit au lien suivant. Ensuite vous pourrez lancer la réinstallation de Windows.
Tuto pour désinfecté Virut ou procédure et logiciel nécessaire pour formater le disque dur.
>>>>>> Quoiqu'il en soit, sauvegarder immédiatement vos données sur CD-ROM
Il semblerait que vous soyez infecté par Virut.
C'est probablement l'infection la plus dangereuse présentement.
- caractéristique du P2P et logiciel cracké
Si cette infection est toute récente, peut-être pourrez vous supprimer ça complètement.
Par contre si ça date d'au moins une journée, avec lequel quelques redémarrage du PC ont été fait.
Alors ce serait préférable de sauvegarder immédiatement vos données personnelles sur CD-ROM(<-important) et formater le PC avec l'outil de formatage spécialisé fournit au lien suivant. Ensuite vous pourrez lancer la réinstallation de Windows.
Tuto pour désinfecté Virut ou procédure et logiciel nécessaire pour formater le disque dur.
>>>>>> Quoiqu'il en soit, sauvegarder immédiatement vos données sur CD-ROM
