Jojo95

Je viens de redémarrer mon PC2 fois et je n'ai plus de process svchost à 50%. Peux tu me le confirmer via les logs ou est ce juste une accalmie?

Bonsoir, merci bcp pour ta réponse. 1er rapport freefixer-log.txt FreeFixer v0.56 log http://www.freefixer.com/ Operating system: Windows XP Service Pack 2 Log dated 2010-04-21 20:24 Basic Internet Explorer settings HKCU\..\Desktop\General, Wallpaper = C:\Documents and Settings\Jojo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp Registry Startups (4 whitelisted) HKLM\..\Run, StartCCC = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun HKLM\..\Run, SoundMAX = "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray HKLM\..\Run, JMB36X Configure = C:\WINDOWS\system32\JMRaidTool.exe boot HKLM\..\Run, avgnt = "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min HKCU\..\Run, SpybotSD TeaTimer = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe Autostart shortcuts (1 whitelisted) Adobe Reader Speed Launch.lnk, , C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe monxga32.exe, , C:\Documents and Settings\Jojo\Menu Démarrer\Programmes\Démarrage\monxga32.exe An error occurred when trying to open the file for reading. Filename: 'C:\Documents and Settings\Jojo\Menu Démarrer\Programmes\Démarrage\monxga32.exe'. Current Working Directory: 'C:\Program Files\FreeFixer\'. System error message: Accès refusé. Error code: 5. C++ exception: ios_base::failbit set Processes (27 whitelisted) C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\FreeFixer\freefixer.exe Services (37 whitelisted) AntiVirSchedulerService, Avira AntiVir Planificateur, c:\program files\avira\antivir desktop\sched.exe AntiVirService, Avira AntiVir Guard, c:\program files\avira\antivir desktop\avguard.exe ATI Smart, ATI Smart, c:\windows\system32\ati2sgag.exe Svchost.exe Modules (183 whitelisted) C:\WINDOWS\system32\mscoree.dll C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\perfcounter.dll C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_perf.dll Explorer.exe Modules (106 whitelisted) C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll C:\WINDOWS\system32\MSVCR71.dll C:\WINDOWS\system32\dfshim.dll C:\WINDOWS\system32\mscoree.dll C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Shfusion.dll C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Fusion.dll C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\culture.dll C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll Drivers (31 whitelisted) JGOGO, JMicron Hot-Plug Driver, C:\WINDOWS\system32\drivers\jgogo.sys JRAID, , C:\WINDOWS\system32\drivers\jraid.sys Firefox Extensions Adobe DLM (powered by getPlus®), C:\Documents and Settings\Jojo\Application Data\Mozilla\Firefox\Profiles\y45hpugq.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\install.rdf Recently created/modified files (26 whitelisted) 6 minutes, c:\Program Files\FreeFixer\Uninstall.exe 6 minutes, e:\Outils\freefixersetup.exe 6 minutes, c:\Documents and Settings\Jojo\Local Settings\Application Data\Mozilla\Firefox\Profiles\y45hpugq.default\Cache\445D3B07d01 21 hours, c:\Program Files\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll The following errors occurred during the scan: Problems opening folder 'h:\µTorrent\Download\33 ?m Das Monster in Arsch!' to enumerate files. FindFirstFile failed. System error message: Syntaxe du nom de fichier, de répertoire ou de volume incorrecte. Error code: 123. End of FreeFixer log 2e rapport après FIX FreeFixer v0.56 log http://www.freefixer.com/ Operating system: Windows XP Service Pack 2 Log dated 2010-04-21 20:26 Basic Internet Explorer settings HKCU\..\Desktop\General, Wallpaper = C:\Documents and Settings\Jojo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp Registry Startups (4 whitelisted) HKLM\..\Run, StartCCC = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun HKLM\..\Run, SoundMAX = "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray HKLM\..\Run, JMB36X Configure = C:\WINDOWS\system32\JMRaidTool.exe boot HKLM\..\Run, avgnt = "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min HKCU\..\Run, SpybotSD TeaTimer = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe Autostart shortcuts (1 whitelisted) Adobe Reader Speed Launch.lnk, , C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe Processes (27 whitelisted) C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\FreeFixer\freefixer.exe Services (37 whitelisted) AntiVirSchedulerService, Avira AntiVir Planificateur, c:\program files\avira\antivir desktop\sched.exe AntiVirService, Avira AntiVir Guard, c:\program files\avira\antivir desktop\avguard.exe ATI Smart, ATI Smart, c:\windows\system32\ati2sgag.exe Svchost.exe Modules (183 whitelisted) C:\WINDOWS\system32\mscoree.dll C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\perfcounter.dll C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_perf.dll Explorer.exe Modules (103 whitelisted) C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll C:\WINDOWS\system32\MSVCR71.dll C:\WINDOWS\system32\dfshim.dll C:\WINDOWS\system32\mscoree.dll C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Shfusion.dll C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Fusion.dll C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\culture.dll C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamfra.dll C:\Program Files\Avira\AntiVir Desktop\shlext.dll C:\Program Files\WinRAR\rarext.dll Drivers (31 whitelisted) JGOGO, JMicron Hot-Plug Driver, C:\WINDOWS\system32\drivers\jgogo.sys JRAID, , C:\WINDOWS\system32\drivers\jraid.sys Firefox Extensions Adobe DLM (powered by getPlus®), C:\Documents and Settings\Jojo\Application Data\Mozilla\Firefox\Profiles\y45hpugq.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\install.rdf Recently created/modified files (26 whitelisted) 7 minutes, c:\Program Files\FreeFixer\Uninstall.exe 8 minutes, e:\Outils\freefixersetup.exe 8 minutes, c:\Documents and Settings\Jojo\Local Settings\Application Data\Mozilla\Firefox\Profiles\y45hpugq.default\Cache\445D3B07d01 21 hours, c:\Program Files\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll The following errors occurred during the scan: Problems opening folder 'h:\µTorrent\Download\33 ?m Das Monster in Arsch!' to enumerate files. FindFirstFile failed. System error message: Syntaxe du nom de fichier, de répertoire ou de volume incorrecte. Error code: 123. End of FreeFixer log Rapport de Eset: E:\Outils\zlsSetup_70_462_000_fr.exe une variante de Win32/AdInstaller application supprimé - mis en quarantaine E:\Outils\zlsSetup_70_483_000_fr.exe une variante de Win32/AdInstaller application supprimé - mis en quarantaine E:\Outils\Codecs\muskcodec.v5.exe Win32/Adware.Gator.Trickler.F application supprimé - mis en quarantaine Concernant le fichier monxga32.exe, je n'ai pas réussi à le retrouver. Merci d'avance.

Bonjour, je viens de remarquer que j'ai un process svchost qui tourne tjrs à 50%. De plus en faisant un scan via antivir, il a trouve plusieurs Rootkit.Gen dans des fichiers. Bizarrement de temps en temps au démarrage du PC j ai un ecran noir me demandant si je veux démarrer en mode sans echec, normal... Quelqu'un peut il m'aider svp? Merci d'avance. Voila un log de Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:55:24, on 20/04/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Fichiers communs\LogiShrd\KHAL3\KHALMNPR.EXE C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe c:\program files\avira\antivir desktop\avcenter.exe E:\Outils\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: monxga32.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 4407 bytes