Procssus a 100%

mignon -  
 mignon -
Bonjour qui a deja vu sa !!! mon processus tourne a 100 % lors de l'apparition de" insidepollmeet.exe " dans les processus , il revient toujours meme apres suppression . rien ne semble pouvoir l'enlever nis les anti virus , nis ad aware, nis spy sweeper. j'ai fais un scan avec hijackthis voila le resultat!!! qui peut me renseigner merci . ps le scann a etait fait lorsque insidepollmeet n'etais pas encore apparut sinon c impossible
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMOne\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\COMOne\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Antipub\antipub.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\marco-pc\LOCALS~1\Temp\Rar$EX00.782\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bzdhgillotazgzvqcfmipvwla.info/xUvK5GOV1Wq/NjT7oxRkrINXlAOZiy3HyLEm9YtrBnVSc/S28/ONLI/lJoXBBPP5.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.braijyqwuauexadwiveyws.com/xUvK5GOV1WoDtDInSdSF4AGC//s/JCcT/8Xcz7VVGfY.jpg
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program Files\Starware\bin\Starware.dll
O2 - BHO: (no name) - {F77EAAC7-C867-7A16-95FF-E61DBBEBA914} - C:\WINDOWS\system32\config\SYSTEM~1\APPLIC~1\TITLEF~1\Trust Dash.exe (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware\bin\Starware.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [BUILDCASTHOLDCLOCK] C:\Documents and Settings\All Users\Application Data\32 drv build cast\Slowsoft.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Bodyeachsectmp3] C:\Documents and Settings\All Users\Application Data\Axis log body each\Show Copy.exe
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\regclean.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [Transfirst] C:\DOCUME~1\marco-pc\APPLIC~1\SAFEPI~1\ford heck size.exe
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O4 - Global Startup: BTTray.lnk = ?
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\COMOne\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\COMOne\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: Interface Chat Wanadoo - http://chat10.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123024435609
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Environnement d'exécution Java 1.4.0_03) -
O16 - DPF: {CA356D79-679B-4B4C-8E49-5AF97014F4C1} (Starware) - http://files-pl.starware.com/installs/3.1.3.200506101259/323/Starware_323.cab
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.0_03) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{766667E6-5839-4FD4-9DE3-6C9960599482}: NameServer = 80.10.246.130 80.10.246.3
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\COMOne\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

3 réponses

  1. jean38 Messages postés 2534 Date d'inscription   Statut Contributeur Dernière intervention   47
     
    salut,

    en effet pas mal de boulot sur ta machine.
    un conseil, imprime ce post pour ne rien oublier.

    A/ si tu ne les as pas, telecharge:

    Ad-Aware SE 1.06
    http://www.lavasoftusa.com/software/adaware/
    Spybot S&D 1.4
    http://www.safer-networking.org/fr/index.html
    -aide en image:(merci a Balltrap34)
    http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

    puis Clean Up 40 :
    http://pageperso.aol.fr/balltrap34/CleanUp40.exe
    -aide en image:(merci a Balltrap34)
    http://pageperso.aol.fr/balltrap34/democleanup.htm
    ne les utilise pas tout de suite

    idem si tu ne l’as pas A2 free sur http://www.emsisoft.net/fr/software/download/

    met à jour spybot, ad aware et a2 free sur internet (tu trouves l’option dans les menus) mais ne lance pas les scan.

    1) clic droit sur poste de travail
    propriété
    restauration systeme
    coche desactivé puis appliquer

    2) demarrer
    panneau de configuration
    outil
    option des dossiers
    affichage,
    coche afficher dossier cachés
    decoche : masquer extension des fichiers dont le type est connu
    masquer les fichiers protégés du systeme d'exploitation.

    3) demarre en mode sans echec.
    Soit tu tapotte sur la touche F8 alancement de Windows et tu choisi sans echec (pas d’inquiétude pour l’aspect de l’ecran)

    4) lance hijack, ferme le bloc note et coche les cases devant les lignes, à la fin valide à l’aide du bouton fix checked:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bzdhgillotazgzvqcfmipvwla.info/xUvK5GOV1Wq/NjT7oxRkrINXlAOZiy3HyLEm9YtrBnVSc/S28/ONLI/lJoXBBPP5.html

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.braijyqwuauexadwiveyws.com/xUvK5GOV1WoDtDInSdSF4AGC//s/JCcT/8Xcz7VVGfY.jpg

    R3 - Default URLSearchHook is missing

    O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program Files\Starware\bin\Starware.dll

    O2 - BHO: (no name) - {F77EAAC7-C867-7A16-95FF-E61DBBEBA914} - C:\WINDOWS\system32\config\SYSTEM~1\APPLIC~1\TITLEF~1\Trust Dash.exe (file missing)

    O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware\bin\Starware.dll

    O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123024435609

    O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab

    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Environnement d'exécution Java 1.4.0_03) -

    O16 - DPF: {CA356D79-679B-4B4C-8E49-5AF97014F4C1} (Starware) - http://files-pl.starware.com/installs/3.1.3.200506101259/323/Starware_323.cab

    O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.0_03) -

    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

    5) Dans le menu Demarrer>Executer >tape: Services.msc
    recherche le service avec cette orthographe exacte:
    France Telecom Routing Table Service
    Double clic dessus (FTRTSVC) et clic sur arreter puis dans type de demarrage selectionne désactivé

    6)supprime les fichiers

    C:\Program Files\Starware <<-- le dossier
    C:\WINDOWS\System32\FTRTSVC.exe
    c:\ex.cab
    c:\eied_s7.cab

    7) execute cleanup40.exe

    8) tu relances tes scan ad aware
    puis spy boot
    puis a2 free
    et vire tout ce qu'ils trouvent (c'est un peu long mais tu devrais t'en sortir).

    vide ta poubelle et redemarre en mode normal, c'est à dire avant de redemarrer, tu refais les manip de départ (1) et (2) mais en recochant ... pour retrouver la config de départ.

    redemarrerefait un log hijack

    A+

    Jean
    0
    1. mignon
       
      Salut, merci jean38 pour ton aide, je te tiens au courrent sur l'evolution de ma machine apres avoir effectué les taches que tu me recommande .
      0
    2. mignon
       
      salut!! voila je viens de faire les manips que tu ma expliquées mé mon pb persiste. j'ai refais un scan avec hijakthis lorsque mon prosessus tournée a 100 % je te le fé parvenir si tu peus encore m'aider je te remerci d'avance. c 'est bizard mon pb vient apparement de "insidepollmeet.exe" , il n'apparet pas sur le running processes de hijack.. ?
      Scan saved at 18:06:09, on 18/08/2005
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\System32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\COMOne\Logiciel Bluetooth\bin\btwdins.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
      C:\Program Files\Norton AntiVirus\navapsvc.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
      C:\WINDOWS\system32\RunDll32.exe
      C:\Program Files\MessengerPlus! 3\MsgPlus.exe
      C:\WINDOWS\Mixer.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\COMOne\Logiciel Bluetooth\BTTray.exe
      C:\Program Files\Antipub\antipub.exe
      C:\Program Files\SpeedFan\speedfan.exe
      c:\progra~1\intern~1\iexplore.exe
      C:\Program Files\Wanadoo\EspaceWanadoo.exe
      C:\Program Files\Wanadoo\ComComp.exe
      C:\PROGRA~1\Wanadoo\Toaster.exe
      C:\PROGRA~1\Wanadoo\Inactivity.exe
      C:\PROGRA~1\Wanadoo\PollingModule.exe
      C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
      C:\Program Files\Wanadoo\Watch.exe
      C:\DOCUME~1\marco-pc\LOCALS~1\Temp\Rar$EX00.844\HijackThis.exe
      C:\Program Files\eMule\emule.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      c:\progra~1\intern~1\iexplore.exe
      C:\WINDOWS\system32\taskmgr.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ukecliasrxxnugu.net/xUvK5GOV1Wq/NjT7oxRkrINXlAOZiy3HyLEm9YtrBnWeouN0gJMB7Y/lJoXBBPP5.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: (no name) - {ACBD5F61-55B9-7E4E-C3C6-FDFB7F3E31D8} - C:\WINDOWS\system32\config\SYSTEM~1\APPLIC~1\TITLEF~1\Trust Dash.exe
      O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
      O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
      O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
      O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
      O4 - HKLM\..\Run: [BUILDCASTHOLDCLOCK] C:\Documents and Settings\All Users\Application Data\32 drv build cast\Slowsoft.exe
      O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
      O4 - HKLM\..\Run: [Bodyeachsectmp3] C:\Documents and Settings\All Users\Application Data\Axis log body each\Show Copy.exe
      O4 - HKLM\..\Run: [sect more plan frag] C:\Documents and Settings\All Users\Application Data\Hope Great Sect More\bits road.exe
      O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\regclean.exe"
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
      O4 - HKCU\..\Run: [Transfirst] C:\DOCUME~1\marco-pc\APPLIC~1\SAFEPI~1\ford heck size.exe
      O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
      O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
      O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
      O4 - Global Startup: BTTray.lnk = ?
      O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\COMOne\Logiciel Bluetooth\btsendto_ie.htm
      O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\COMOne\Logiciel Bluetooth\btsendto_ie.htm
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
      O16 - DPF: Interface Chat Wanadoo - http://chat10.x-echo.com/version6/Applet/wchatsign.cab
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
      O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{766667E6-5839-4FD4-9DE3-6C9960599482}: NameServer = 80.10.246.130 80.10.246.3
      O20 - AppInit_DLLs: MsgPlusLoader.dll
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\COMOne\Logiciel Bluetooth\bin\btwdins.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
      O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
      O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
      O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
      0
  2. jean38 Messages postés 2534 Date d'inscription   Statut Contributeur Dernière intervention   47
     
    ou en sont tes pbs??

    pourrais tu tester ce fichier
    C:\Documents and Settings\All Users\Application Data\32 drv build cast\Slowsoft.exe

    sur

    http://virusscan.jotti.org

    et coller le rapport

    si tu ne le trouves pas il faudra afficher les dossier cachés,
    0
  3. mignon
     
    mon pb et que mon procésseur tour a 100 % lorsque j'ai plusieur programme "insidepollmeet qui tourne ds les processus , je les supprimes mé il reviennent. 5 min apres g fé ton scan voila le resultat comment faire pour en venir a bout . Jotti's malware scan 2.99-TRANSITION_TO_3.00

    File to upload & scan:
    Service
    Service load: 0% 100%

    File: Slowsoft.exe
    Status: INFECTED/MALWARE (Note: only non-destructive malware has been found. Considering the non-destructive nature of samples like these - although they can be a pain -, results will not be stored in the database.)
    MD5 4a7e9f7840531b4744e5ebc09ed4eca3
    Packers detected: PE_PATCH.UPC, UPC
    Scanner results
    AntiVir Found nothing
    ArcaVir Found nothing
    Avast Found nothing
    AVG Antivirus Found nothing
    BitDefender Found nothing
    ClamAV Found nothing
    Dr.Web Found Trojan.Swizzor
    F-Prot Antivirus Found nothing
    Fortinet Found nothing
    Kaspersky Anti-Virus Found not-a-virus:AdWare.Lop.z
    NOD32 Found Win32/TrojanDownloader.Swizzor
    Norman Virus Control Found nothing
    UNA Found nothing
    VBA32 Found AdWare.Lop.p

    Powered by

    Disclaimer
    This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, I cannot and will not be held responsible for any damage caused by results presented by this non-profit online service.

    Also, I am aware of the implications of a setup like this. I am sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). I am aware, in spite of efforts to proactively counter these, false positives might occur, for example. I do not consider this a very big issue, so please do not e-mail me about it. This is a simple online scan service, not the university of Wichita.

    Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware.

    Virus definitions are updated every hour. There is a 15Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample.

    Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception.

    Sponsored by donations (in random order) from: Stormbyte Technologies LLC, The ClamAV project, James Love, Gideon Pertzov, Malcolm Murray, Nigel Thomas, Wendy Dickerson, Anthony Midmore, "ethereal", Mark Rubins, Steve S., Eric Johansen, Eric Schechter, Paul Bokel, Wilders Security, Wilfried Lilie, Prevx, SonicWALL, and some people who prefer to remain anonymous... many thanks to all!

    Statistics
    Last file scanned at least one scanner reported something about: mesiah.exe, detected by:

    Scanner Malware name
    AntiVir X
    ArcaVir X
    Avast X
    AVG Antivirus X
    BitDefender X
    ClamAV Trojan.Killav-21
    Dr.Web BackDoor.Generic.909
    F-Prot Antivirus X
    Fortinet W32/NotiBoy.B-tr
    Kaspersky Anti-Virus Backdoor.Win32.VB.gen
    NOD32 probably unknown NewHeur_PE
    Norman Virus Control X
    UNA X
    VBA32 X

    You're free to (mis)interpret these automated, flawed statistics at your own discretion.

    Frequently asked questions - Feedback

    Page generated by JTPL

    Copyright © 2004-2005 Jordi Bosveld <jotti@jotti.org> en venir a bout merci
    0