Sujet Précédent Sujet Suivant

Connexion internet squattée grave ????

mimih700 Messages postés 75 Statut Membre -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
ma connexion internet est sans arrete sollicitée mon routeur crepite sans arret ...
j ai lancé "active port" qui m'indique un nombre invraisemblable de connexions inconnues vers des adresses IP non moins inconnues, SVChost provoque egalement pas mal de connexions intempestives ( 30 à 40 !!!!) et internet explorer, que j avais pourtant bloqué, est également de la partie ! j utilise firefox ou opera !!!

mes divers antivirus ( avast, spybot, aaw, a2free, usbfix...) ne trouvent rien !!!!
A voir également:

12 réponses

Réponse 1 / 12
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
Slt,

scan avec malwarebyte , fais un scan rapide et colle le rapport obtenu et vire ce qui est trouvé:

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/­

______________________

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit
0
Réponse 2 / 12
mimih700 Messages postés 75 Statut Membre 1
 
salut merci !

Logfile of random's system information tool 1.06 (written by random/random)
Run by Marc at 2009-05-14 11:55:33
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 49 GB (41%) free of 119 GB
Total RAM: 3454 MB (80% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:55:44, on 14/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Marc\Bureau\RSIT.exe
C:\download\HiJackThis\Marc.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Giganews Accelerator.lnk = C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
0
Réponse 3 / 12
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok fais malwarebyte

vire ad aware 2007 ! on est en 2009 ...

tu as deux antivirus? :

CA\eTrust Antivirus et AVAST ? vire un des deux!
0
Réponse 4 / 12
mimih700 Messages postés 75 Statut Membre 1
 
ok

j ai viré
etrust et ad aware
voici le rapport malwarebyte

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2130
Windows 5.1.2600 Service Pack 2

14/05/2009 12:19:12
mbam-log-2009-05-14 (12-19-12).txt

Type de recherche: Examen rapide
Eléments examinés: 101333
Temps écoulé: 4 minute(s), 26 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\9g2234wesdf3dfgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 12
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok tu as ceci
https://forum.malekal.com/viewtopic.php?f=33&t=14589

il faudrait mettre le sp3 de windows

et
mettre a jour internet explorer
pour XP
http://download.microsoft.com/...

pour VISTA:
http://download.microsoft.com/download/5/9/8/598CDBFA-4C11-45BA-8283-91439C7B8E5B/IE8-WindowsVista-x86-FRA.exe

_____________

mettre à jour adobe reader puis supprimer les anciennes version via le panneau de configuration
https://acrobat.adobe.com/fr/fr/acrobat/pdf-reader.html

ou passer a un navigateur alternatif ce qui évitera les virus circulant via les PDF comme foxit reader (ne pas metre les barres foxit, ask, ebay..)

http://www.commentcamarche.net/telecharger/telechargement 205 foxit reader

_____________

Mettre a jour java:
https://javara.fr.malavida.com/

Télécharge JavaRa.zip de Paul 'Prm753' McLain et Fred de Vries.
Décompresse le fichier sur ton bureau (clique droit > Extraire tout.)
Double-clique sur le répertoire JavaRa obtenu.
Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher)
Clique sur Search For Updates.
Sélectionne Update Using jucheck.exe puis clique sur Search.
Autorise le processus à se connecter s'il te le demande, clique sur Install et suis les instructions d'installation. Cela prendra quelques minutes.
Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Remove Older Versions.
Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.
Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse.
Note : le rapport se trouve aussi à la racine de la partition système, en général C:\ sous le nom JavaRa.log
(c:\JavaRa.log)
Ferme l'application.

si cela ne fonctionne pas

https://www.java.com/fr/download/windows_manual.jsp?locale=fr&host=www.java.com:80

tu peux désinstaller les vieilles versions.
0
Réponse 6 / 12
mimih700 Messages postés 75 Statut Membre 1
 
ok je telecharge la mise a jour sp3
par contre je voudrai ne pas utiliser IE ( je suis avec firefox ou opera ) est ce genant ?

pour l instant mon pb n'est tjrs pas resolu !!!

merci
0
Réponse 7 / 12
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
colle le rapport d'un scan en ligne
avec un des suivants:

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr

rq;

windows n'utilise que internet explorer pour se mettre a jour ...
0
Réponse 8 / 12
mimih700 Messages postés 75 Statut Membre 1
 
re
voici le rapport panda

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-05-14 18:30:23
PROTECTIONS: 1
MALWARE: 29
SUSPECTS: 2
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.8.1335 [VPS 090513-0] 4.8.1335 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00100016 W32/Netsky.AB.worm Virus No 0 Yes No I:\Sauvegarde 15oct08 Documents and Settings\Marc\Application Data\Thunderbird\Profiles\y308u1fl.default\Mail\Local Folders\Dossiers d'archivage.sbd\Éléments supprimés[~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0000000.~][your_picture.pif]
00100016 W32/Netsky.AB.worm Virus No 0 Yes Yes C:\Documents and Settings\Marc\Application Data\Thunderbird\Profiles\y308u1fl.default\Mail\Local Folders\Dossiers d'archivage.sbd\Éléments supprimés[~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0000000.~][your_picture.pif]
00121425 Hacktool/NMap HackTools No 0 No No C:\WINDOWS\Downloaded Installations\{38B83FD2-06C3-44C3-A7DB-0B4653FB6BDF}\NMapWin.msi[unk_0052][CCGNU32.dll1]
00121425 Hacktool/NMap HackTools No 0 Yes No C:\WINDOWS\system32\CCGNU32.dll
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No I:\sauvegarde STOREX\SauvegardeVideo\Marc\Local Settings\Temp\Cookies\marc@doubleclick[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No I:\sauvegarde STOREX\SauvegardeVideo\Marc\Local Settings\Temp\Cookies\marc@tradedoubler[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No I:\sauvegarde STOREX\SauvegardeVideo\Marc\Local Settings\Temp\Cookies\marc@247realmedia[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No I:\sauvegarde STOREX\SauvegardeVideo\Marc\Cookies\marc@247realmedia[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No I:\sauvegarde STOREX\SauvegardeVideo\Marc\Local Settings\Temp\Cookies\marc@mediaplex[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\jyv5fhxi.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No I:\sauvegarde STOREX\SauvegardeVideo\Marc\Cookies\marc@com[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No I:\sauvegarde STOREX\SauvegardeVideo\Marc\Cookies\marc@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No I:\sauvegarde STOREX\SauvegardeVideo\Marc\Local Settings\Temp\Cookies\marc@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\jyv5fhxi.default\cookies.txt[.xiti.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\jyv5fhxi.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\jyv5fhxi.default\cookies.txt[ad.yieldmanager.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No I:\sauvegarde STOREX\SauvegardeVideo\Marc\Cookies\marc@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No I:\sauvegarde STOREX\SauvegardeVideo\Marc\Cookies\marc@bs.serving-sys[2].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No I:\sauvegarde STOREX\SauvegardeVideo\Marc\Local Settings\Temp\Cookies\marc@weborama[2].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\jyv5fhxi.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No I:\sauvegarde STOREX\SauvegardeVideo\Marc\Cookies\marc@weborama[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No I:\sauvegarde STOREX\SauvegardeVideo\Marc\Cookies\marc@adtech[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No I:\sauvegarde STOREX\SauvegardeVideo\Marc\Local Settings\Temp\Cookies\marc@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\jyv5fhxi.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\jyv5fhxi.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\jyv5fhxi.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\jyv5fhxi.default\cookies.txt[.advertising.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Cookies\system@ads.pointroll[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No I:\sauvegarde STOREX\SauvegardeVideo\Marc\Cookies\marc@overture[1].txt
00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No I:\sauvegarde STOREX\SauvegardeVideo\Marc\Cookies\marc@www5.addfreestats[1].txt
00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No I:\sauvegarde STOREX\SauvegardeVideo\Marc\Cookies\marc@metriweb[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\jyv5fhxi.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\jyv5fhxi.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No I:\sauvegarde STOREX\SauvegardeVideo\Marc\Cookies\marc@smartadserver[2].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\jyv5fhxi.default\cookies.txt[.smartadserver.com/]
00366355 W32/Nuwar.D.worm Virus No 1 Yes No I:\Sauvegarde 15oct08 Documents and Settings\Marc\Application Data\Thunderbird\Profiles\y308u1fl.default\Mail\Local Folders\Dossiers d'archivage.sbd\Éléments supprimés[~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0000000.~][Full News.exe]
00366781 Trj/Alanchum.OH Virus/Trojan No 1 Yes Yes C:\Documents and Settings\Marc\Application Data\Thunderbird\Profiles\y308u1fl.default\Mail\Local Folders\Dossiers d'archivage.sbd\Éléments supprimés[~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0000000.~][Full Story.exe]
00366781 Trj/Alanchum.OH Virus/Trojan No 1 Yes No I:\Sauvegarde 15oct08 Documents and Settings\Marc\Application Data\Thunderbird\Profiles\y308u1fl.default\Mail\Local Folders\Dossiers d'archivage.sbd\Éléments supprimés[~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0000000.~][Full Story.exe]
00370527 Trj/Alanchum.PK Virus/Trojan No 0 Yes Yes C:\Documents and Settings\Marc\Application Data\Thunderbird\Profiles\y308u1fl.default\Mail\Local Folders\Dossiers d'archivage.sbd\Éléments supprimés[~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0000000.~][Postcard.exe]
00370527 Trj/Alanchum.PK Virus/Trojan No 0 Yes No I:\Sauvegarde 15oct08 Documents and Settings\Marc\Application Data\Thunderbird\Profiles\y308u1fl.default\Mail\Local Folders\Dossiers d'archivage.sbd\Éléments supprimés[~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0000000.~][Postcard.exe]
00373775 W32/Nurech.A.worm Virus No 1 Yes Yes I:\Sauvegarde 15oct08 Documents and Settings\Marc\Application Data\Thunderbird\Profiles\y308u1fl.default\Mail\Local Folders\Dossiers personnels.sbd\Éléments supprimés[greeting postcard.exe]
00373775 W32/Nurech.A.worm Virus No 1 Yes Yes C:\Documents and Settings\Marc\Application Data\Thunderbird\Profiles\y308u1fl.default\Mail\Local Folders\Dossiers personnels.sbd\Éléments supprimés[greeting postcard.exe]
00378093 W32/Nurech.B.worm Virus No 1 Yes Yes C:\Documents and Settings\Marc\Application Data\Thunderbird\Profiles\y308u1fl.default\Mail\Local Folders\Dossiers personnels.sbd\Éléments supprimés[Postcard.exe]
00378093 W32/Nurech.B.worm Virus No 1 Yes Yes I:\Sauvegarde 15oct08 Documents and Settings\Marc\Application Data\Thunderbird\Profiles\y308u1fl.default\Mail\Local Folders\Dossiers personnels.sbd\Éléments supprimés[Postcard.exe]
00590315 Rootkit/Agent.LNB HackTools No 0 Yes No C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP707\A0088906.sys
01049080 Generic Malware Virus/Trojan Yes 0 Yes No C:\Program Files\NMapWin\bin\nmapserv.exe
01049080 Generic Malware Virus/Trojan No 0 No No C:\WINDOWS\Downloaded Installations\{38B83FD2-06C3-44C3-A7DB-0B4653FB6BDF}\NMapWin.msi[unk_0052][nmapserv.exe]
02097168 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\NMapWin\bin\nmapwin.exe
02097168 Generic Malware Virus/Trojan No 0 No No C:\WINDOWS\Downloaded Installations\{38B83FD2-06C3-44C3-A7DB-0B4653FB6BDF}\NMapWin.msi[unk_0052][nmapwin.exe]
02222180 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\NMapWin\bin\nmap.exe
02222180 Generic Malware Virus/Trojan No 0 No No C:\WINDOWS\Downloaded Installations\{38B83FD2-06C3-44C3-A7DB-0B4653FB6BDF}\NMapWin.msi[unk_0052][nmap.exe]
03074964 Trj/CI.A Virus/Trojan No 0 Yes Yes C:\WINDOWS\system32\dllcache\ndis.sys
03074964 Trj/CI.A Virus/Trojan Yes 0 Yes Yes C:\WINDOWS\system32\Drivers\ndis.sys
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No C:\temp\Hooker.exe
No I:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP674\A0083743.exe
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================
0
Réponse 9 / 12
mimih700 Messages postés 75 Statut Membre 1
 
re
voici le rapport panda

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-05-14 18:30:23
PROTECTIONS: 1
MALWARE: 29
SUSPECTS: 2
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.8.1335 [VPS 090513-0] 4.8.1335 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00100016 W32/Netsky.AB.worm Virus No 0 Yes No I:\Sauvegarde 15oct08 Documents and Settings\Marc\Application Data\Thunderbird\Profiles\y308u1fl.default\Mail\Local Folders\Dossiers d'archivage.sbd\Éléments supprimés[~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0000000.~][your_picture.pif]
00100016 W32/Netsky.AB.worm Virus No 0 Yes Yes C:\Documents and Settings\Marc\Application Data\Thunderbird\Profiles\y308u1fl.default\Mail\Local Folders\Dossiers d'archivage.sbd\Éléments supprimés[~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0000000.~][your_picture.pif]
00121425 Hacktool/NMap HackTools No 0 No No C:\WINDOWS\Downloaded Installations\{38B83FD2-06C3-44C3-A7DB-0B4653FB6BDF}\NMapWin.msi[unk_0052][CCGNU32.dll1]
00121425 Hacktool/NMap HackTools No 0 Yes No C:\WINDOWS\system32\CCGNU32.dll
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No I:\sauvegarde STOREX\SauvegardeVideo\Marc\Local Settings\Temp\Cookies\marc@doubleclick[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No I:\sauvegarde STOREX\SauvegardeVideo\Marc\Local Settings\Temp\Cookies\marc@tradedoubler[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No I:\sauvegarde STOREX\SauvegardeVideo\Marc\Local Settings\Temp\Cookies\marc@247realmedia[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No I:\sauvegarde STOREX\SauvegardeVideo\Marc\Cookies\marc@247realmedia[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No I:\sauvegarde STOREX\SauvegardeVideo\Marc\Local Settings\Temp\Cookies\marc@mediaplex[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\jyv5fhxi.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No I:\sauvegarde STOREX\SauvegardeVideo\Marc\Cookies\marc@com[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No I:\sauvegarde STOREX\SauvegardeVideo\Marc\Cookies\marc@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No I:\sauvegarde STOREX\SauvegardeVideo\Marc\Local Settings\Temp\Cookies\marc@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\jyv5fhxi.default\cookies.txt[.xiti.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\jyv5fhxi.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\jyv5fhxi.default\cookies.txt[ad.yieldmanager.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No I:\sauvegarde STOREX\SauvegardeVideo\Marc\Cookies\marc@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No I:\sauvegarde STOREX\SauvegardeVideo\Marc\Cookies\marc@bs.serving-sys[2].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No I:\sauvegarde STOREX\SauvegardeVideo\Marc\Local Settings\Temp\Cookies\marc@weborama[2].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\jyv5fhxi.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No I:\sauvegarde STOREX\SauvegardeVideo\Marc\Cookies\marc@weborama[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No I:\sauvegarde STOREX\SauvegardeVideo\Marc\Cookies\marc@adtech[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No I:\sauvegarde STOREX\SauvegardeVideo\Marc\Local Settings\Temp\Cookies\marc@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\jyv5fhxi.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\jyv5fhxi.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\jyv5fhxi.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\jyv5fhxi.default\cookies.txt[.advertising.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Cookies\system@ads.pointroll[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No I:\sauvegarde STOREX\SauvegardeVideo\Marc\Cookies\marc@overture[1].txt
00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No I:\sauvegarde STOREX\SauvegardeVideo\Marc\Cookies\marc@www5.addfreestats[1].txt
00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No I:\sauvegarde STOREX\SauvegardeVideo\Marc\Cookies\marc@metriweb[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\jyv5fhxi.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\jyv5fhxi.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No I:\sauvegarde STOREX\SauvegardeVideo\Marc\Cookies\marc@smartadserver[2].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\jyv5fhxi.default\cookies.txt[.smartadserver.com/]
00366355 W32/Nuwar.D.worm Virus No 1 Yes No I:\Sauvegarde 15oct08 Documents and Settings\Marc\Application Data\Thunderbird\Profiles\y308u1fl.default\Mail\Local Folders\Dossiers d'archivage.sbd\Éléments supprimés[~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0000000.~][Full News.exe]
00366781 Trj/Alanchum.OH Virus/Trojan No 1 Yes Yes C:\Documents and Settings\Marc\Application Data\Thunderbird\Profiles\y308u1fl.default\Mail\Local Folders\Dossiers d'archivage.sbd\Éléments supprimés[~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0000000.~][Full Story.exe]
00366781 Trj/Alanchum.OH Virus/Trojan No 1 Yes No I:\Sauvegarde 15oct08 Documents and Settings\Marc\Application Data\Thunderbird\Profiles\y308u1fl.default\Mail\Local Folders\Dossiers d'archivage.sbd\Éléments supprimés[~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0000000.~][Full Story.exe]
00370527 Trj/Alanchum.PK Virus/Trojan No 0 Yes Yes C:\Documents and Settings\Marc\Application Data\Thunderbird\Profiles\y308u1fl.default\Mail\Local Folders\Dossiers d'archivage.sbd\Éléments supprimés[~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0000000.~][Postcard.exe]
00370527 Trj/Alanchum.PK Virus/Trojan No 0 Yes No I:\Sauvegarde 15oct08 Documents and Settings\Marc\Application Data\Thunderbird\Profiles\y308u1fl.default\Mail\Local Folders\Dossiers d'archivage.sbd\Éléments supprimés[~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0000000.~][Postcard.exe]
00373775 W32/Nurech.A.worm Virus No 1 Yes Yes I:\Sauvegarde 15oct08 Documents and Settings\Marc\Application Data\Thunderbird\Profiles\y308u1fl.default\Mail\Local Folders\Dossiers personnels.sbd\Éléments supprimés[greeting postcard.exe]
00373775 W32/Nurech.A.worm Virus No 1 Yes Yes C:\Documents and Settings\Marc\Application Data\Thunderbird\Profiles\y308u1fl.default\Mail\Local Folders\Dossiers personnels.sbd\Éléments supprimés[greeting postcard.exe]
00378093 W32/Nurech.B.worm Virus No 1 Yes Yes C:\Documents and Settings\Marc\Application Data\Thunderbird\Profiles\y308u1fl.default\Mail\Local Folders\Dossiers personnels.sbd\Éléments supprimés[Postcard.exe]
00378093 W32/Nurech.B.worm Virus No 1 Yes Yes I:\Sauvegarde 15oct08 Documents and Settings\Marc\Application Data\Thunderbird\Profiles\y308u1fl.default\Mail\Local Folders\Dossiers personnels.sbd\Éléments supprimés[Postcard.exe]
00590315 Rootkit/Agent.LNB HackTools No 0 Yes No C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP707\A0088906.sys
01049080 Generic Malware Virus/Trojan Yes 0 Yes No C:\Program Files\NMapWin\bin\nmapserv.exe
01049080 Generic Malware Virus/Trojan No 0 No No C:\WINDOWS\Downloaded Installations\{38B83FD2-06C3-44C3-A7DB-0B4653FB6BDF}\NMapWin.msi[unk_0052][nmapserv.exe]
02097168 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\NMapWin\bin\nmapwin.exe
02097168 Generic Malware Virus/Trojan No 0 No No C:\WINDOWS\Downloaded Installations\{38B83FD2-06C3-44C3-A7DB-0B4653FB6BDF}\NMapWin.msi[unk_0052][nmapwin.exe]
02222180 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\NMapWin\bin\nmap.exe
02222180 Generic Malware Virus/Trojan No 0 No No C:\WINDOWS\Downloaded Installations\{38B83FD2-06C3-44C3-A7DB-0B4653FB6BDF}\NMapWin.msi[unk_0052][nmap.exe]
03074964 Trj/CI.A Virus/Trojan No 0 Yes Yes C:\WINDOWS\system32\dllcache\ndis.sys
03074964 Trj/CI.A Virus/Trojan Yes 0 Yes Yes C:\WINDOWS\system32\Drivers\ndis.sys
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No C:\temp\Hooker.exe
No I:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP674\A0083743.exe
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================
0
Réponse 10 / 12
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
lance Thunderbird puis vire ce qui est dans les élements supprimé ce qui virera déjà ceux là:

I:\Sauvegarde 15oct08 Documents and Settings\Marc\Application Data\Thunderbird\Profiles\y308u1fl.default\Mail\Local Folders\Dossiers d'archivage.sbd\Éléments supprimés[~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0­000000.~][~0000000.~][~0000000.~][your_picture.pif]
00100016 W32/Netsky.AB.worm Virus No 0 Yes Yes C:\Documents and Settings\Marc\Application Data\Thunderbird\Profiles\y308u1fl.default\Mail\Local Folders\Dossiers d'archivage.sbd\Éléments supprimés[~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0­000000.~][~0000000.~][~0000000.~][your_picture.pif]
I:\Sauvearde 15oct08 Documents and Settings\Marc\Application Data\Thunderbird\Profiles\y308u1fl.default\Mail\Local Folders\Dossiers d'archivage.sbd\Éléments supprimés[~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0­000000.~][~0000000.~][~0000000.~][Full News.exe]
00366781 Trj/Alanchum.OH Virus/Trojan No 1 Yes Yes C:\Documents and Settings\Marc\Application Data\Thunderbird\Profiles\y308u1fl.default\Mail\Local Folders\Dossiers d'archivage.sbd\Éléments supprimés[~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0­000000.~][~0000000.~][~0000000.~][Full Story.exe]
00366781 Trj/Alanchum.OH Virus/Trojan No 1 Yes No I:\Sauvegarde 15oct08 Documents and Settings\Marc\Application Data\Thunderbird\Profiles\y308u1fl.default\Mail\Local Folders\Dossiers d'archivage.sbd\Éléments supprimés[~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0­000000.~][~0000000.~][~0000000.~][Full Story.exe]
00370527 Trj/Alanchum.PK Virus/Trojan No 0 Yes Yes C:\Documents and Settings\Marc\Application Data\Thunderbird\Profiles\y308u1fl.default\Mail\Local Folders\Dossiers d'archivage.sbd\Éléments supprimés[~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0­000000.~][~0000000.~][~0000000.~][Postcard.exe]
00370527 Trj/Alanchum.PK Virus/Trojan No 0 Yes No I:\Sauvegarde 15oct08 Documents and Settings\Marc\Application Data\Thunderbird\Profiles\y308u1fl.default\Mail\Local Folders\Dossiers d'archivage.sbd\Éléments supprimés[~0000000.~][~0000000.~][~0000000.~][~0000000.~][~0­000000.~][~0000000.~][~0000000.~][Postcard.exe]
00373775 W32/Nurech.A.worm Virus No 1 Yes Yes I:\Sauvegarde 15oct08 Documents and Settings\Marc\Application Data\Thunderbird\Profiles\y308u1fl.default\Mail\Local Folders\Dossiers personnels.sbd\Éléments supprimés[greeting postcard.exe]
00373775 W32/Nurech.A.worm Virus No 1 Yes Yes C:\Documents and Settings\Marc\Application Data\Thunderbird\Profiles\y308u1fl.default\Mail\Local Folders\Dossiers personnels.sbd\Éléments supprimés[greeting postcard.exe]
00378093 W32/Nurech.B.worm Virus No 1 Yes Yes C:\Documents and Settings\Marc\Application Data\Thunderbird\Profiles\y308u1fl.default\Mail\Local Folders\Dossiers personnels.sbd\Éléments supprimés[Postcard.exe]
00378093 W32/Nurech.B.worm Virus No 1 Yes Yes I:\Sauvegarde 15oct08 Documents and Settings\Marc\Application Data\Thunderbird\Profiles\y308u1fl.default\Mail\Local Folders\Dossiers personnels.sbd\Éléments supprimés[Postcard.exe]

________________________

télécharge OTMoveIt
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.

double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
(attention bien mettre :files)

:processes
explorer.exe
:files
C:\WINDOWS\Downloaded Installations\{38B83FD2-06C3-44C3-A7DB-0B4653FB6BDF}\NMapWin­.msi
C:\WINDOWS\system32\CCGNU32.dll
C:\Program Files\NMapWin\bin\nmapserv.exe
C:\WINDOWS\Downloaded Installations\{38B83FD2-06C3-44C3-A7DB-0B4653FB6BDF}\NMapWin­.msi
C:\Program Files\NMapWin\bin\nmapwin.exe
C:\WINDOWS\Downloaded Installations\{38B83FD2-06C3-44C3-A7DB-0B4653FB6BDF}\NMapWin­.msi
C:\Program Files\NMapWin\bin\nmap.exe
C:\WINDOWS\Downloaded Installations\{38B83FD2-06C3-44C3-A7DB-0B4653FB6BDF}\NMapWin­.msi
C:\WINDOWS\system32\dllcache\ndis.sys
C:\WINDOWS\system32\Drivers\ndis.sys
C:\temp\Hooker.exe
:commands
[purity]
[emptytemp]
[start explorer]

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
0
Réponse 11 / 12
mimih700 Messages postés 75 Statut Membre 1
 
ok
voici le rapport

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\WINDOWS\Downloaded Installations\{38B83FD2-06C3-44C3-A7DB-0B4653FB6BDF}\NMapWin.msi moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\CCGNU32.dll
C:\WINDOWS\system32\CCGNU32.dll NOT unregistered.
C:\WINDOWS\system32\CCGNU32.dll moved successfully.
C:\Program Files\NMapWin\bin\nmapserv.exe moved successfully.
File/Folder C:\WINDOWS\Downloaded Installations\{38B83FD2-06C3-44C3-A7DB-0B4653FB6BDF}\NMapWin.msi not found.
C:\Program Files\NMapWin\bin\nmapwin.exe moved successfully.
File/Folder C:\WINDOWS\Downloaded Installations\{38B83FD2-06C3-44C3-A7DB-0B4653FB6BDF}\NMapWin.msi not found.
C:\Program Files\NMapWin\bin\nmap.exe moved successfully.
File/Folder C:\WINDOWS\Downloaded Installations\{38B83FD2-06C3-44C3-A7DB-0B4653FB6BDF}\NMapWin.msi not found.
File move failed. C:\WINDOWS\system32\dllcache\ndis.sys scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\Drivers\ndis.sys scheduled to be moved on reboot.
C:\temp\Hooker.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Marc\LOCALS~1\Temp\WCESLog.log scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5fc.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_664.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0010\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0010\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0010\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0010\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0010\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0009\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0009\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0009\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0009\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0009\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0008\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0008\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0008\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0008\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0008\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0007\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0007\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0007\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0007\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0007\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\adoc.bx-j scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\md.dat-j scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\url.ax-j scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\w.ax-j scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\wb.vx-j scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\wb.vx scheduled to be deleted on reboot.
Opera cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05142009_232921

Files moved on Reboot...
File move failed. C:\WINDOWS\system32\dllcache\ndis.sys scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\Drivers\ndis.sys scheduled to be moved on reboot.
C:\DOCUME~1\Marc\LOCALS~1\Temp\WCESLog.log moved successfully.
File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
C:\WINDOWS\temp\Perflib_Perfdata_5fc.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_664.dat not found!
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0010\adoc.bx moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0010\md.dat moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0010\url.ax moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0010\w.ax moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0010\wb.vx moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0009\adoc.bx moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0009\md.dat moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0009\url.ax moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0009\w.ax moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0009\wb.vx moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0008\adoc.bx moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0008\md.dat moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0008\url.ax moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0008\w.ax moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0008\wb.vx moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0007\adoc.bx moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0007\md.dat moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0007\url.ax moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0007\w.ax moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0007\wb.vx moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\adoc.bx moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\md.dat moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\url.ax moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\w.ax moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\wb.vx moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\adoc.bx moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\md.dat moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\url.ax moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\w.ax moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\wb.vx moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\adoc.bx moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\md.dat moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\url.ax moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\w.ax moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\wb.vx moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\adoc.bx moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\md.dat moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\url.ax moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\w.ax moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\wb.vx moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\adoc.bx moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\md.dat moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\url.ax moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\w.ax moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\wb.vx moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\adoc.bx moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\adoc.bx-j moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\md.dat moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\md.dat-j moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\url.ax moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\url.ax-j moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\w.ax moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\w.ax-j moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\wb.vx moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\wb.vx-j moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\adoc.bx moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\md.dat moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\url.ax moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\w.ax moved successfully.
C:\Documents and Settings\Marc\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\wb.vx moved successfully.
0
Réponse 12 / 12
mimih700 Messages postés 75 Statut Membre 1
 
ok tt a été fait !!!!

mais j ai tjrs mon putain de pb !!!
avec le logiciel "active ports", je visualise tjrs un nombre impressionnant de ports ouverts vers des adresses ip inconnues ( processus inconnu !) en meme temps que svchost déborded activité !!!!!
si je comprnd bien qqun controle ma connexion et l utilise pour envoyer des mails !!!!
mais ça passe par svchost donc pas detecté par les antivirus ????
quelqu un aurait il une solution ????
merci
0
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
vire le dossier moved files en allant dans poste de travail puis c puis otmovit. Colle un scan en ligne de chez kaspersky ou bitdefender
0

Discussions similaires

Formaté mais pas de connexion Internet ?
VissErale -
VissErale -

4 réponses
Plus de connexion internet après formatage
***kiwi*** -
iyadh abdelmoumen -

20 réponses
format internet
hilal03 -
avion-f16 -

5 réponses
Impossible d'ouvrir certains sites (JAVA)
ELISE8000 -
titicris58 -

4 réponses