 |
||
| ||
| |||||
| Dernière réponse | ||
|---|---|---|
| Sujet : Upload à 100% sans rien de connecté | ||
| darxmurf |
|
|
| Aperçu |
|---|
| Vue Rapide de la discussion |
|---|
| darxmurf |
|
| Yellow-Sky | sinon il existe netlimiter pour savoir quels programmes se connectent au web et up ou d/l |
| Deadlock | Change aussi d'anti-virus pour qque chose de plus ... "propre".
Norton est un peu aux anti-virus ce qu'AOL est aux FAI. |
| darxmurf |
|
| gegebast | Met à jour ton windows et tu n'auras plus de problèmes!!!!!! (sauf avec norton mais bon là je n'y peu rien.....) |
| fresh |
|
| jolebarjo |
|
| Mattusud13 | Ce topic a le mérite de montrer que Norton (même a jour) c'est de la merde [:spamafote] |
| ndi76 | Bon ok t'as visiblement aussi ramassé Sasser...
Va faire un tour sur le site de Symantec tu auras la procédure de désinfection ainsi que le fix pour Sasser à télécharger. Ensuite tu installeras le patch MS anti Sasser (fais une recherche sur le forum, il y avait un topic officiel à ce sujet) ;) Bon courage EDIT : voici ce que je trouve de suspect, à contrôler mais tout n'est pas clair là : C:\WINDOWS\System32\Isass.exe C:\WINDOWS\temp\u3spwd.exe O4 - HKLM\..\Run: [Windows Service Pack2] svchhost.exe O4 - HKLM\..\Run: [MicroSoft IE Sasser] Isass.exe O4 - HKLM\..\Run: [Microsoft Windows Update] mswin135.exe O4 - HKLM\..\Run: [Microsofts Updates] wuamgrd.exe O4 - HKLM\..\RunServices: [Windows Service Pack2] win43.exe O4 - HKLM\..\RunServices: [MicroSoft IE Sasser] Isass.exe O4 - HKLM\..\RunServices: [Microsoft Windows Update] mswin135.exe O4 - HKLM\..\RunServices: [Microsofts Updates] wuamgrd.exe O4 - HKCU\..\Run: [Windows Service Pack2] win43.exe O4 - HKCU\..\Run: [MicroSoft IE Sasser] Isass.exe O4 - HKCU\..\Run: [Microsofts Updates] wuamgrd.exe |
| jolebarjo | En gros passe un coup d'ad-aware ou de spybot.
Pour plus d'infos, il y'a un topic unique spyware. |
| Beginner75 | Tiens j'ai récupéré ça sur internet, cela correspond au fameux .exe qui se lance dans ton dossier temp :
CoolWebSearch is a very tenacious hijack program that has gone through a lot of changes since it was first released. Each change is designed to make it harder to detect and remove, and the more recent versions have a backup system to keep you from deleting it completely. Some of the variants even use methods of hiding and running themselves that have never been used before in any other spyware. CWS uses two different processes that look for each other. If one process is stopped, the other one restarts it. Since it is also set up to load only when Internet Explorer is started, it is very hard to find the program in the 'usual' places (using msconfig.exe, regedit.exe, etc.) in order to remove it. Fortunately, there is a fix for this problem; CWShredder is available from SpywareInfo.com at http://www.spywareinfo.com/~merijn/downloads.html. (If you can't get to the site that way, try http://216.180.233.153/~merijn/downloads.html. Some CWS variants block the DNS for SpywareInfo). There are a couple of download formats available - as a zip file or an executable, and there is a link for the Microsoft VB6 runtime files if you need to install them (they are required to run the program, but chances are good that you already have them on your system). The author of CWShredder did not write the CWS hijack program. He even includes the following on the site: I did not create the Coolwebsearch trojan, nor did I hijack your homepage. It seems some sleazebags over at CWS think it's funny to redirect all complaints about their trojan to me. To get your homepage back, get my CWShredder. You have my word it will cure your computer and not install more junk. As someone who has used CWShredder on several computers, I highly recommend it to you if you have a hijacked home page, lots of new bookmarks added to your Favorites list, a problem with search engines being redirected to other search sites, and a host of other IE problems. But to prevent reinfection, you will need to get rid of the Microsoft Java Virtual Machine (MSJVM), which is being exploited by the CWS program. Microsoft will drop support for MSJVM as of September, 2004 , so it is a security risk just waiting for an exploit to hit it. You can uninstall MSJVM by following the directions at http://www.windows-help.net/WindowsXP/howto-21.html. After you have uninstalled the MS version, you will need to install the Sun Java software to replace MSJVM, and a free and painless download is available from http://www.java.com/en/index.jsp. If the uninstall does not work, or the entries mentioned are not there, you can install the Sun Java and then cekck to see that it is the default for Internet Explorer. Directions for this are on the Java setup page. Even if you do not have problems with hijacked homepages, et al, you should uninstall the Microsoft version and install the Sun Java software. A Meg of prevention is worth a Gig of cure! |
| jolebarjo | C:\WINDOWS\temp\u3spwd.exe bizarre ça! |
| fresh |
|
| fresh | oki:
Logfile of HijackThis v1.97.7 Scan saved at 15:05:23, on 02/08/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\WINDOWS\System32\Isass.exe D:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\ctfmon.exe C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINDOWS\System32\taskmgr.exe C:\WINDOWS\temp\u3spwd.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\System32\cmd.exe C:\Documents and Settings\Fresh\Bureau\hijackthis\HijackThis.exe C:\Program Files\Messenger\msmsgs.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [Windows Service Pack2] svchhost.exe O4 - HKLM\..\Run: [MicroSoft IE Sasser] Isass.exe O4 - HKLM\..\Run: [Microsoft Windows Update] mswin135.exe O4 - HKLM\..\Run: [Ad-watch] "D:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe" O4 - HKLM\..\Run: [Microsofts Updates] wuamgrd.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\RunServices: [Windows Service Pack2] win43.exe O4 - HKLM\..\RunServices: [MicroSoft IE Sasser] Isass.exe O4 - HKLM\..\RunServices: [Microsoft Windows Update] mswin135.exe O4 - HKLM\..\RunServices: [Microsofts Updates] wuamgrd.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Windows Service Pack2] win43.exe O4 - HKCU\..\Run: [MicroSoft IE Sasser] Isass.exe O4 - HKCU\..\Run: [Microsofts Updates] wuamgrd.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft. [...] 2374189815 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub [...] wflash.cab :jap: |
| Beginner75 |
|
| ndi76 | tu peux aussi poster un rapport d'HijackThis : lance hijackthis, puis click sur save log puis copie colle le log ici. |
| fresh |
|
| fresh | Quand je débranche le cable du modem et qu'il se réinitialise
tout retombe normalement. Donc la je suis en upload à 10 % meme pas, donc je posterai les stats quand le probleme se reproduira : :jap: |
| jolebarjo | Tu as surement choppé une saloperie. |
| ndi76 | démarrer > éxecuter > tape cmd puis entrée
Ensuite tu tapes netstat et tu nous décris ce que tu vois, sachant que si tu est connecté et que tu es uniquement sur ce forum tu ne devrais avoir que quelques lignes en réponses à la commande netstat ;) |
| fresh | Bonjour,
J'écris parceque j'ai un big probleme Je suis chez free et j'ai l'upload tout le temps à toc meme quand j'ai rien d'ouvert. Au début ça fonctionne et les minutes passant je me retrouve avec mon diagnostic de modem qui indique je suis à toc ! J'ai norton 2004, j'ai tout scanné ce matin, il a rien trouvé j'ai ad-aware j'ai tout scanné aussi. Help :) |
