Sujet Précédent Sujet Suivant

Virus ?

Fermé
bidou19 - 5 nov. 2009 à 14:16
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 15 nov. 2009 à 19:46
Bonjour,
tout d'abord merci de votre aide .
J'ai eu quelques probleme avec ma connexion WIFI livebox ces derniers jours a mise en route de ordi je me connectai pas et un message s'affichait "erreur systeme conflit adresse ip" apres avoir modifier mon adresse ip cela refonctionne (d'ailleur dans connexion reseau un nouvelle icone est apparut "passerelle reseau") mais meme si cela refonctionne je voudrai savoir pourquoi sa a deco... alors que tout fonctionnait correctement jusque la est ce que quelqu'un a peu ce connecter a mon reseau ? ou est ce juste un conflit IP du au hasard ?
merci de votre aide qui mais precieuse en esperant que vous pourrez repondre a mes questions !

32 réponses

Précédent
  • 1
  • 2
Réponse 21 / 32
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
8 nov. 2009 à 20:31
télécharge OTM
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/ (de Old_Timer) sur ton Bureau.

double-clique sur OTM.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTM :Paste instruction for items to be moved.



:processes
explorer.exe
:services
Service
:files
C:\WINDOWS\System32\Service.exe
C:\WINDOWS\System32\afu630qf.exe
C:\WINDOWS\System32\dmlwd.exe
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\afu630qf]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmlwd.exe]
:commands
[purity]
[emptytemp]
[start explorer]


clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTM\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.



________________________


hijackthis

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

lance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".


R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O23 - Service: Service - Unknown owner - C:\WINDOWS\System32\Service.exe

___________________________

utilise pour supprimer tes traces

CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo
(dans les options puis avancé :désactive la case: effacer les fichiers de plus de 48 heures)
https://www.malekal.com/tutoriel-ccleaner/
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
___________________________



colle le rapport d'un scan en ligne
avec un des suivants:


bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr

Eset (Nod32) en ligne
https://www.eset.com/
0
Réponse 22 / 32
bidou19
9 nov. 2009 à 11:57
rapport OTM :
All processes killed
Error: Unable to interpret <processes > in the current context!
Error: Unable to interpret <explorer.exe > in the current context!
========== SERVICES/DRIVERS ==========

Service\Driver Service deleted successfully.
========== FILES ==========
C:\WINDOWS\System32\Service.exe moved successfully.
File/Folder C:\WINDOWS\System32\afu630qf.exe not found.
File/Folder C:\WINDOWS\System32\dmlwd.exe not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi­on\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\afu630qf\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmlwd.exe\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 23819786 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: pro
->Temp folder emptied: -820370228 bytes
->Temporary Internet Files folder emptied: 443735215 bytes
->Java cache emptied: 2366 bytes

User: Propriétaire

User: SARINA
File delete failed. C:\Documents and Settings\SARINA\Local Settings\Temp\Temporary Internet Files\Content.IE5\GZARIHQX\DVD-Cinema__doomsday_W0QQQ5ftrkparmsZ72Q253A1526Q257C66Q253A2Q257C65Q253A12Q257C39Q253A1QQ_dmptZFRQ5fSKQ5fDVDetCinemaQ5fdvdQQ_fromfsbZQQ_sacatZ11232QQ_sopZ1QQ_trksidZp3286[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\SARINA\Local Settings\Temp\Temporary Internet Files\Content.IE5\RER5L1B3\CAM30VLM._callback1&request=layout%3D2%26page%3D3907%26emitStyle%3D2%26minResult%3D10%26promotypes%3D75031%26promoStyles%3D48%26results%3D32%26query%3Dtelemark&7030 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\SARINA\Local Settings\Temp\Temporary Internet Files\Content.IE5\RER5L1B3\Jeux__W0QQPlateformeeaa20aebZSonyPlayStation3fab3fc3aQQ_catrefZ1QQ_dmptZFRQ5fSKQ5fJeuxvideoQ5fGamesQ5fVideoGamesQQ_flnZ1QQ_sacatZ35103QQ_ssovZ1QQ_trksidZp3286Q2ec0Q2em282[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\SARINA\Local Settings\Temp\Temporary Internet Files\Content.IE5\RER5L1B3\;var1=;var2=1;var3=89140;var4=;var7=50;var7=televisionsharp;var7=televisionsoft;var7=truetarget;var8=0;var9=0;var10=0;var11=;var14=;sz=300x250;ord=4201052656957383[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\SARINA\Local Settings\Temp\Temporary Internet Files\Content.IE5\MAJPXRXJ\;bp=OK;var1=;var2=1;var3=89140;var4=;var7=50;var7=televisionsharp;var7=televisionsoft;var7=truetarget;var8=0;var9=0;var10=0;var11=;var14=;tile=1;sz=300x250;ord=1665984155323[2].5 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\SARINA\Local Settings\Temp\Temporary Internet Files\Content.IE5\MAJPXRXJ\adlink%7C516%7C1525342%7C0%7C170%7CAdId%3D2208378%3BBnId%3D1%3Bitime%3D102847060%3Blink%3Dhttp%3A%2F%2Ffr%2Eebayobjects%2Ecom%2F6k%3Bh%3Dv8%2F37e5%2F3%2F0%2F%2a%2Ft%3B2056[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\SARINA\Local Settings\Temp\Temporary Internet Files\Content.IE5\JPWK4FB7\__motor-storm_W0QQQ5ftrkparmsZ72Q253A1526Q257C66Q253A2Q257C65Q253A12Q257C39Q253A1QQ_dmptZFRQ5fSKQ5fJeuxvideoQ5fGamesQ5fVideoGamesQQ_sopZ1QQ_trksidZp3286Q2ec0Q2em14[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\SARINA\Local Settings\Temp\Temporary Internet Files\Content.IE5\JPWK4FB7\cgv-zapline_W0QQa10244ZQ2d24QQa15961ZQ2d24QQa15962ZQ2d24QQa15964ZQ2d24QQa40086ZQ2d24QQalistZa15961Q2ca18894Q2ca15964Q2ca15965Q2ca10154Q2ca15962Q2ca40086Q2ca44811Q2ca10244Q[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\SARINA\Local Settings\Temp\Temporary Internet Files\Content.IE5\2N056DCN\CAKDKHGN._callback1&request=layout%3D2%26page%3D3907%26emitStyle%3D2%26minResult%3D10%26promotypes%3D75031%26promoStyles%3D48%26results%3D32%26query%3Dtelemark&8634 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\SARINA\Local Settings\Temp\Temporary Internet Files\Content.IE5\2N056DCN\;bp=OK;var1=;var2=1;var3=89140;var4=;var7=50;var7=televisionsharp;var7=televisionsoft;var7=truetarget;var8=0;var9=0;var10=0;var11=;var14=;tile=1;sz=300x250;ord=85922654268[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\SARINA\Local Settings\Temp\Temporary Internet Files\Content.IE5\KV172AZT\adlink%7C516%7C1525342%7C0%7C170%7CAdId%3D2208378%3BBnId%3D1%3Bitime%3D102726804%3Blink%3Dhttp%3A%2F%2Ffr%2Eebayobjects%2Ecom%2F6k%3Bh%3Dv8%2F37e5%2F3%2F0%2F%2a%2Ft%3B2056[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\SARINA\Local Settings\Temp\Temporary Internet Files\Content.IE5\KV172AZT\adlink%7C516%7C1686893%7C0%7C154%7CAdId%3D2208356%3BBnId%3D1%3Bitime%3D106322715%3Blink%3Dhttp%3A%2F%2Ffr%2Eebayobjects%2Ecom%2F6k%3Bh%3Dv8%2F37e5%2F3%2F0%2F%2a%2Fp%3B2084[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\SARINA\Local Settings\Temp\Temporary Internet Files\Content.IE5\1V3Z550A\adlink%7C516%7C1548062%7C0%7C225%7CAdId%3D2208347%3BBnId%3D1%3Bitime%3D106322703%3Blink%3Dhttp%3A%2F%2Ffr%2Eebayobjects%2Ecom%2F6k%3Bh%3Dv8%2F37e5%2F3%2F0%2F%2a%2Fa%3B2056[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\SARINA\Local Settings\Temp\Temporary Internet Files\Content.IE5\1V3Z550A\;bp=OK;var1=;var2=1;var3=89140;var4=;var21=3;var22=1;var23=1;var24=1;var25=1;var26=89302;var7=;var8=0;var9=1;var10=3;var11=;var14=45;tile=1;sz=300x250;ord=9764138615267556[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\SARINA\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTAZ4XMR\;bp=OK;var1=;var2=1;var3=89140;var4=;var21=3;var22=1;var23=1;var24=1;var25=1;var26=89302;var7=;var8=0;var9=0;var10=0;var11=;var14=;tile=1;sz=300x250;ord=300403220863783[2].56 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\SARINA\Local Settings\Temp\Temporary Internet Files\Content.IE5\O1QRCD2Z\;bp=OK;var1=;var2=1;var3=89140;var4=;var7=50;var7=televisionsharp;var7=televisionsoft;var7=truetarget;var8=0;var9=0;var10=0;var11=;var14=;tile=1;sz=300x250;ord=46350571515[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\SARINA\Local Settings\Temp\Temporary Internet Files\Content.IE5\6PGHSVCT\tv;var1=;var2=1;var3=89140;var4=;var7=50;var7=televisionsharp;var7=televisionsoft;var7=truetarget;var8=0;var9=0;var10=0;var11=;var14=;sz=1x1;ord=1530623705667426[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\SARINA\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q88DOHSO\;bp=OK;var1=;var2=1;var3=89140;var4=;var21=3;var22=1;var23=1;var24=1;var25=1;var26=89302;var7=;var8=0;var9=1;var10=3;var11=;var14=45;tile=1;sz=300x250;ord=457513904329391[2].9 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\SARINA\Local Settings\Temp\in233.tmp scheduled to be deleted on reboot.
->Temp folder emptied: -1807482271 bytes
File delete failed. C:\Documents and Settings\SARINA\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 311047950 bytes
->Java cache emptied: 2831799 bytes
->FireFox cache emptied: 3693301 bytes

User: Administrateur
->Temp folder emptied: 23994363 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 20522 bytes
%systemroot%\System32 .tmp files removed: 5664768 bytes
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5dc.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 28318851 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = -1701,86 mb


OTM by OldTimer - Version 3.0.0.6 log created on 11092009_111649

Files moved on Reboot...
File C:\Documents and Settings\SARINA\Local Settings\Temp\Temporary Internet Files\Content.IE5\GZARIHQX\DVD-Cinema__doomsday_W0QQQ5ftrkparmsZ72Q253A1526Q257C66Q253A2Q257C65Q253A12Q257C39Q253A1QQ_dmptZFRQ5fSKQ5fDVDetCinemaQ5fdvdQQ_fromfsbZQQ_sacatZ11232QQ_sopZ1QQ_trksidZp3286[1].htm not found!
File C:\Documents and Settings\SARINA\Local Settings\Temp\Temporary Internet Files\Content.IE5\RER5L1B3\CAM30VLM._callback1&request=layout%3D2%26page%3D3907%26emitStyle%3D2%26minResult%3D10%26promotypes%3D75031%26promoStyles%3D48%26results%3D32%26query%3Dtelemark&7030 not found!
File C:\Documents and Settings\SARINA\Local Settings\Temp\Temporary Internet Files\Content.IE5\RER5L1B3\Jeux__W0QQPlateformeeaa20aebZSonyPlayStation3fab3fc3aQQ_catrefZ1QQ_dmptZFRQ5fSKQ5fJeuxvideoQ5fGamesQ5fVideoGamesQQ_flnZ1QQ_sacatZ35103QQ_ssovZ1QQ_trksidZp3286Q2ec0Q2em282[1].htm not found!
File C:\Documents and Settings\SARINA\Local Settings\Temp\Temporary Internet Files\Content.IE5\RER5L1B3\;var1=;var2=1;var3=89140;var4=;var7=50;var7=televisionsharp;var7=televisionsoft;var7=truetarget;var8=0;var9=0;var10=0;var11=;var14=;sz=300x250;ord=4201052656957383[2] not found!
File C:\Documents and Settings\SARINA\Local Settings\Temp\Temporary Internet Files\Content.IE5\MAJPXRXJ\;bp=OK;var1=;var2=1;var3=89140;var4=;var7=50;var7=televisionsharp;var7=televisionsoft;var7=truetarget;var8=0;var9=0;var10=0;var11=;var14=;tile=1;sz=300x250;ord=1665984155323[2].5 not found!
File C:\Documents and Settings\SARINA\Local Settings\Temp\Temporary Internet Files\Content.IE5\MAJPXRXJ\adlink%7C516%7C1525342%7C0%7C170%7CAdId%3D2208378%3BBnId%3D1%3Bitime%3D102847060%3Blink%3Dhttp%3A%2F%2Ffr%2Eebayobjects%2Ecom%2F6k%3Bh%3Dv8%2F37e5%2F3%2F0%2F%2a%2Ft%3B2056[2] not found!
File C:\Documents and Settings\SARINA\Local Settings\Temp\Temporary Internet Files\Content.IE5\JPWK4FB7\__motor-storm_W0QQQ5ftrkparmsZ72Q253A1526Q257C66Q253A2Q257C65Q253A12Q257C39Q253A1QQ_dmptZFRQ5fSKQ5fJeuxvideoQ5fGamesQ5fVideoGamesQQ_sopZ1QQ_trksidZp3286Q2ec0Q2em14[1].htm not found!
File C:\Documents and Settings\SARINA\Local Settings\Temp\Temporary Internet Files\Content.IE5\JPWK4FB7\cgv-zapline_W0QQa10244ZQ2d24QQa15961ZQ2d24QQa15962ZQ2d24QQa15964ZQ2d24QQa40086ZQ2d24QQalistZa15961Q2ca18894Q2ca15964Q2ca15965Q2ca10154Q2ca15962Q2ca40086Q2ca44811Q2ca10244Q[1].htm not found!
File C:\Documents and Settings\SARINA\Local Settings\Temp\Temporary Internet Files\Content.IE5\2N056DCN\CAKDKHGN._callback1&request=layout%3D2%26page%3D3907%26emitStyle%3D2%26minResult%3D10%26promotypes%3D75031%26promoStyles%3D48%26results%3D32%26query%3Dtelemark&8634 not found!
File C:\Documents and Settings\SARINA\Local Settings\Temp\Temporary Internet Files\Content.IE5\2N056DCN\;bp=OK;var1=;var2=1;var3=89140;var4=;var7=50;var7=televisionsharp;var7=televisionsoft;var7=truetarget;var8=0;var9=0;var10=0;var11=;var14=;tile=1;sz=300x250;ord=85922654268[2] not found!
File C:\Documents and Settings\SARINA\Local Settings\Temp\Temporary Internet Files\Content.IE5\KV172AZT\adlink%7C516%7C1525342%7C0%7C170%7CAdId%3D2208378%3BBnId%3D1%3Bitime%3D102726804%3Blink%3Dhttp%3A%2F%2Ffr%2Eebayobjects%2Ecom%2F6k%3Bh%3Dv8%2F37e5%2F3%2F0%2F%2a%2Ft%3B2056[2] not found!
File C:\Documents and Settings\SARINA\Local Settings\Temp\Temporary Internet Files\Content.IE5\KV172AZT\adlink%7C516%7C1686893%7C0%7C154%7CAdId%3D2208356%3BBnId%3D1%3Bitime%3D106322715%3Blink%3Dhttp%3A%2F%2Ffr%2Eebayobjects%2Ecom%2F6k%3Bh%3Dv8%2F37e5%2F3%2F0%2F%2a%2Fp%3B2084[2] not found!
File C:\Documents and Settings\SARINA\Local Settings\Temp\Temporary Internet Files\Content.IE5\1V3Z550A\adlink%7C516%7C1548062%7C0%7C225%7CAdId%3D2208347%3BBnId%3D1%3Bitime%3D106322703%3Blink%3Dhttp%3A%2F%2Ffr%2Eebayobjects%2Ecom%2F6k%3Bh%3Dv8%2F37e5%2F3%2F0%2F%2a%2Fa%3B2056[2] not found!
File C:\Documents and Settings\SARINA\Local Settings\Temp\Temporary Internet Files\Content.IE5\1V3Z550A\;bp=OK;var1=;var2=1;var3=89140;var4=;var21=3;var22=1;var23=1;var24=1;var25=1;var26=89302;var7=;var8=0;var9=1;var10=3;var11=;var14=45;tile=1;sz=300x250;ord=9764138615267556[1] not found!
File C:\Documents and Settings\SARINA\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTAZ4XMR\;bp=OK;var1=;var2=1;var3=89140;var4=;var21=3;var22=1;var23=1;var24=1;var25=1;var26=89302;var7=;var8=0;var9=0;var10=0;var11=;var14=;tile=1;sz=300x250;ord=300403220863783[2].56 not found!
File C:\Documents and Settings\SARINA\Local Settings\Temp\Temporary Internet Files\Content.IE5\O1QRCD2Z\;bp=OK;var1=;var2=1;var3=89140;var4=;var7=50;var7=televisionsharp;var7=televisionsoft;var7=truetarget;var8=0;var9=0;var10=0;var11=;var14=;tile=1;sz=300x250;ord=46350571515[2] not found!
File C:\Documents and Settings\SARINA\Local Settings\Temp\Temporary Internet Files\Content.IE5\6PGHSVCT\tv;var1=;var2=1;var3=89140;var4=;var7=50;var7=televisionsharp;var7=televisionsoft;var7=truetarget;var8=0;var9=0;var10=0;var11=;var14=;sz=1x1;ord=1530623705667426[2] not found!
File C:\Documents and Settings\SARINA\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q88DOHSO\;bp=OK;var1=;var2=1;var3=89140;var4=;var21=3;var22=1;var23=1;var24=1;var25=1;var26=89302;var7=;var8=0;var9=1;var10=3;var11=;var14=45;tile=1;sz=300x250;ord=457513904329391[2].9 not found!
C:\Documents and Settings\SARINA\Local Settings\Temp\in233.tmp moved successfully.
File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File C:\WINDOWS\temp\Perflib_Perfdata_5dc.dat not found!

Registry entries deleted on Reboot...
0
Réponse 23 / 32
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
10 nov. 2009 à 08:36
ok fais le reste

a plus

et remets aussi à la fin un rapport rsit
et dis comment va ton pc et quels sont tes soucis actuels

a plus
0
Réponse 24 / 32
bidou19
10 nov. 2009 à 11:16
pandasecurité :

ANALYSIS: 2009-11-10 11:14:15
PROTECTIONS: 1
MALWARE: 35
SUSPECTS: 2
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.8.1201 [VPS 080531-1] 4.8.1201 Yes No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00020302 adware/ncase Adware No 0 Yes No c:\temp\fleok
00034463 adware/wupd Adware No 0 Yes No c:\program files\adtools service
00064632 Dialer.ABR Dialers No 0 Yes No c:\program files\trend micro\hijackthis\backups\backup-20091109-174846-485.inf
00132710 dialer.xd Dialers No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\shellserviceobjectdelayload\systemcheck2
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\sarina\cookies\sarina@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\pro\cookies\pro@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\sarina\cookies\sarina@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\pro\cookies\pro@atdmt[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No c:\documents and settings\sarina\cookies\sarina@tradedoubler[2].txt
00145792 Cookie/SexList TrackingCookie No 0 Yes No c:\found.014\file0001.chk
00162730 Cookie/Belnk TrackingCookie No 0 Yes No c:\documents and settings\pro\cookies\pro@dist.belnk[2].txt
00162730 Cookie/Belnk TrackingCookie No 0 Yes No c:\documents and settings\pro\cookies\pro@dist.belnk[1].txt
00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No c:\documents and settings\pro\cookies\pro@www.myaffiliateprogram[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\documents and settings\pro\cookies\pro@xiti[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\documents and settings\sarina\cookies\sarina@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\documents and settings\pro\cookies\pro@xiti[1].txt
00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No c:\documents and settings\pro\cookies\pro@fe.lea.lycos[2].txt
00167761 Cookie/Sextracker TrackingCookie No 0 Yes No c:\found.014\file0005.chk
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\pro\cookies\pro@ad.yieldmanager[2].txt
00168095 Cookie/888 TrackingCookie No 0 Yes No c:\documents and settings\pro\cookies\pro@888[2].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No c:\documents and settings\pro\cookies\pro@weborama[2].txt
00168113 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No c:\documents and settings\pro\cookies\pro@fe.lea.lycos[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\lop sd\backup-lop\docume~1\sarina\cookies\sarina@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\lop sd\backup-lop\docume~1\sarina\cookies\sarina@advertising[6].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\lop sd\backup-lop\docume~1\sarina\cookies\sarina@advertising[3].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\lop sd\backup-lop\docume~1\sarina\cookies\sarina@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\sarina\cookies\sarina@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\lop sd\backup-lop\docume~1\sarina\cookies\sarina@advertising[4].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\lop sd\backup-lop\docume~1\sarina\cookies\sarina@advertising[7].txt
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No c:\found.014\file0004.chk
00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\documents and settings\pro\cookies\pro@overture[1].txt
00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No c:\documents and settings\pro\cookies\pro@metriweb[1].txt
00172483 Cookie/888 TrackingCookie No 0 Yes No c:\documents and settings\pro\cookies\pro@888[1].txt
00172484 Cookie/Cassava TrackingCookie No 0 Yes No c:\documents and settings\pro\cookies\pro@cassava[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No c:\documents and settings\pro\cookies\pro@bluestreak[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No c:\documents and settings\sarina\cookies\sarina@bluestreak[2].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No c:\lop sd\backup-lop\docume~1\sarina\cookies\sarina@adultfriendfinder[2].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No c:\lop sd\backup-lop\docume~1\sarina\cookies\sarina@adultfriendfinder[6].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No c:\lop sd\backup-lop\docume~1\sarina\cookies\sarina@adultfriendfinder[5].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No c:\lop sd\backup-lop\docume~1\sarina\cookies\sarina@adultfriendfinder[7].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No c:\documents and settings\pro\cookies\pro@adultfriendfinder[1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No c:\documents and settings\pro\cookies\pro@adultfriendfinder[3].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No c:\lop sd\backup-lop\docume~1\sarina\cookies\sarina@adultfriendfinder[3].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No c:\lop sd\backup-lop\docume~1\sarina\cookies\sarina@adultfriendfinder[1].txt
00199482 Dialer.XD Dialers No 0 Yes No c:\program files\trend micro\hijackthis\backups\backup-20091109-174847-742.inf
00257406 trj/haxdoor.hy Virus/Trojan No 1 Yes No c:\windows\system32\tick48.bin
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No c:\documents and settings\pro\cookies\pro@smartadserver[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No c:\documents and settings\sarina\cookies\sarina@smartadserver[2].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No c:\found.022\file0029.chk
00296582 Cookie/DriveCleaner TrackingCookie No 0 Yes No c:\documents and settings\pro\cookies\pro@www.drivecleaner[2].txt
00296583 Cookie/DriveCleaner TrackingCookie No 0 Yes No c:\documents and settings\pro\cookies\pro@stats.drivecleaner[2].txt
00296584 Cookie/DriveCleaner TrackingCookie No 0 Yes No c:\documents and settings\pro\cookies\pro@drivecleaner[2].txt
00472802 Adware/Beginto Adware No 0 No No c:\program files\vdcodecpack3.5\divx6.4-installer.exe[²üç\googletoolbarfirefox.msi][unk_0020][xpi][components/googletoolbar.dll]
00530382 Cookie/DriveCleaner TrackingCookie No 0 Yes No c:\lop sd\backup-lop\docume~1\sarina\cookies\sarina@klik.klikadvertising[1].txt
02112488 Generic Malware Virus/Trojan No 0 Yes No c:\program files\common files\companion wizard\compwiz.exe
05165834 Trj/Downloader.MDW Virus/Trojan No 1 Yes No c:\windows\system32\userinit.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No c:\documents and settings\sarina\bureau\usbfix.exe
No c:\program files\orange hss\connectivity\corecom\autodial.dll
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
214076 HIGH MS09-059
971486 HIGH MS09-058
214074 HIGH MS09-057
214073 HIGH MS09-056
214072 HIGH MS09-055
213109 HIGH MS09-046
212494 HIGH MS09-042
212493 HIGH MS09-041
212490 HIGH MS09-038
120815 HIGH MS06-022
;===================================================================================================================================================================================
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 32
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
10 nov. 2009 à 13:17
télécharge OTM
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/ (de Old_Timer) sur ton Bureau.

double-clique sur OTM.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTM :Paste instruction for items to be moved.


:processes
explorer.exe
:files
c:\temp\fleok
c:\program files\adtools service
c:\program files\trend micro\hijackthis
c:\documents and settings\sarina\bureau\usbfix.exe
:reg
hkey_local_machine\software\microsoft\windows\currentversion­\shellserviceobjectdelayload\systemcheck2

:commands
[purity]
[emptytemp]
[start explorer]

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTM\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.



___________________

analyse ces fichiers sur virus total et colle les rapports https://www.virustotal.com/gui/

c:\program files\common files\companion wizard\compwiz.exe
c:\windows\system32\userinit.exe
0
Réponse 26 / 32
bidou19
10 nov. 2009 à 15:11
PROBLEME : a chaque fois que je lance la suppression avec OTM il commence se bloque et marque "ne repond pas" ! et je suis obliger de redemarrer la session pour le debloquer !!!!
0
Réponse 27 / 32
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
10 nov. 2009 à 22:25
ok alors

fais dèjà ceci:


analyse ces fichiers sur virus total et colle les rapports https://www.virustotal.com/gui/

c:\program files\common files\companion wizard\compwiz.exe
c:\windows\system32\userinit.exe
0
Réponse 28 / 32
bidou19
11 nov. 2009 à 11:47
pour le 1er il me marque fichier introuvable malgré que je le trouve bien sous C
0
Réponse 29 / 32
bidou19
11 nov. 2009 à 11:49
pour le 2eme :

a-squared 4.5.0.41 2009.11.11 -
AhnLab-V3 5.0.0.2 2009.11.11 -
AntiVir 7.9.1.61 2009.11.11 -
Antiy-AVL 2.0.3.7 2009.11.11 -
Authentium 5.2.0.5 2009.11.11 -
Avast 4.8.1351.0 2009.11.10 -
AVG 8.5.0.423 2009.11.11 -
BitDefender 7.2 2009.11.11 -
CAT-QuickHeal 10.00 2009.11.11 -
ClamAV 0.94.1 2009.11.10 -
Comodo 2915 2009.11.11 -
DrWeb 5.0.0.12182 2009.11.10 -
eSafe 7.0.17.0 2009.11.10 -
eTrust-Vet 35.1.7113 2009.11.10 -
F-Prot 4.5.1.85 2009.11.10 -
F-Secure 9.0.15370.0 2009.11.09 -
Fortinet 3.120.0.0 2009.11.10 -
GData 19 2009.11.11 -
Ikarus T3.1.1.74.0 2009.11.11 -
Jiangmin 11.0.800 2009.11.11 -
K7AntiVirus 7.10.893 2009.11.10 -
Kaspersky 7.0.0.125 2009.11.11 -
McAfee 5798 2009.11.10 -
McAfee+Artemis 5798 2009.11.10 -
McAfee-GW-Edition 6.8.5 2009.11.11 -
Microsoft 1.5202 2009.11.11 -
NOD32 4594 2009.11.11 -
Norman 6.03.02 2009.11.10 -
nProtect 2009.1.8.0 2009.11.11 -
Panda 10.0.2.2 2009.11.10 -
PCTools 7.0.3.5 2009.11.11 -
Prevx 3.0 2009.11.11 -
Rising 22.21.02.05 2009.11.11 -
Sophos 4.47.0 2009.11.11 -
Sunbelt 3.2.1858.2 2009.11.11 -
Symantec 1.4.4.12 2009.11.11 -
TheHacker 6.5.0.2.065 2009.11.11 -
TrendMicro 9.0.0.1003 2009.11.11 -
VBA32 3.12.10.11 2009.11.10 -
ViRobot 2009.11.11.2031 2009.11.11 -
VirusBuster 4.6.5.0 2009.11.10 -
Information additionnelle
File size: 25088 bytes
MD5 : 84717891f0734c611721f56c60b5fbc3
SHA1 : f5cf87a4b5145f69d04597bee0f93b99fa0293fd
SHA256: c3abbb85699fd1629eafa331ba1673a6fb178868721856d2bf4fe0ad7d29def9
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x50E5
timedatestamp.....: 0x41107B78 (Wed Aug 4 08:00:24 2004)
machinetype.......: 0x14C (Intel I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x4DB8 0x4E00 6.01 28bb30acf8de6ab97244272748e6d31f
.data 0x6000 0x14C 0x200 1.86 cbb599f9267bf53209039d14a3574eb1
.rsrc 0x7000 0xD74 0xE00 3.62 fb3de6f4736007e3cd67ad42d5ed9eda

( 7 imports )

> advapi32.dll: RegOpenKeyExA, ReportEventW, RegisterEventSourceW, DeregisterEventSource, OpenProcessToken, RegCreateKeyExW, RegSetValueExW, GetUserNameW, RegQueryValueExW, RegOpenKeyExW, RegQueryInfoKeyW, RegCloseKey, RegQueryValueExA
> crypt32.dll: CryptProtectData
> kernel32.dll: GetVersionExW, LocalFree, LocalAlloc, GetEnvironmentVariableW, SetEnvironmentVariableW, lstrlenW, lstrcpyW, FreeLibrary, GetProcAddress, LoadLibraryW, CompareFileTime, CloseHandle, lstrcatW, WaitForSingleObject, DelayLoadFailureHook, GetStartupInfoA, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, LoadLibraryA, InterlockedCompareExchange, LocalReAlloc, GetSystemTime, lstrcmpW, GetCurrentThread, SetThreadPriority, CreateThread, GetFileAttributesExW, GetSystemDirectoryW, SetCurrentDirectoryW, FormatMessageW, lstrcmpiW, GetCurrentProcess, GetUserDefaultLangID, GetCurrentProcessId, ExpandEnvironmentStringsW, SetEvent, OpenEventW, Sleep, GetLastError, SearchPathW, CreateProcessW
> msvcrt.dll: _controlfp, _except_handler3, __set_app_type, __p__fmode, __p__commode, __setusermatherr, __getmainargs, _acmdln, exit, _cexit, _XcptFilter, _exit, _c_exit, _initterm, _adjust_fdiv
> ntdll.dll: RtlLengthSid, RtlCopySid, _itow, RtlFreeUnicodeString, DbgPrint, wcslen, wcscpy, wcscat, wcscmp, RtlInitUnicodeString, NtOpenKey, NtClose, _wcsicmp, memmove, NtQueryInformationToken, RtlConvertSidToUnicodeString
> user32.dll: CreateWindowExW, DestroyWindow, RegisterClassExW, DefWindowProcW, LoadRemoteFonts, wsprintfW, GetSystemMetrics, GetKeyboardLayout, SystemParametersInfoW, GetDesktopWindow, LoadStringW, MessageBoxW, ExitWindowsEx, CharNextW
> winspool.drv: SpoolerInit

( 0 exports )

TrID : File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
ssdeep: 384:p+oGB/JD1CzaxzOV6s9cKmdPGFQ273eLXVBYkkjuv1hkNLdbaLa4CwUJuUCSFjj9:AxJDUaxgu5YEVBxkjuv7wbaLa4PU4HPO
PEiD : -
RDS : NSRL Reference Data Set
-
0
Réponse 30 / 32
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
11 nov. 2009 à 16:52
Pour fusionner:

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

_______________

telecharge combofix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

_________________

Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :





File::
c:\temp\fleok
c:\program files\adtools service
c:\program files\trend micro\hijackthis
c:\documents and settings\sarina\bureau\usbfix.exe




Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

______________________


Télécharge Tools Cleaner sur ton bureau.
--> https://www.commentcamarche.net/telecharger/securite/22061-toolscleaner/

# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

_______________________

comment va ton pc?
0
Réponse 31 / 32
bidou19
15 nov. 2009 à 19:22
GROS PROBLEME ! apres avoir lancer le scan combifix jai redemarer mon pc et la il ce bloque sur la page bleu de demarage "microsft xp" impossible d'atteindre le bureau il est totalement bloque la je suis un peu paniquer!!!!!!!!
0
Réponse 32 / 32
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
15 nov. 2009 à 19:46
répare windows

http://www.informatruc.com/reparer-windows-xp/
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
problême Opéra est ce un virus??
sand2504 -
sand2504 -

85 réponses
Comment savoir si j'ai attrapé un virus sur mon téléphone ?
Infolock -
bell -

66 réponses