Virus wait while the connection is being
triwin
Messages postés
6
Statut
Membre
-
Malekal_morte- Messages postés 184347 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention -
Malekal_morte- Messages postés 184347 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention -
Bonjour,
j'ai un pb avec se virus j'ai fait un cd et lancé OTL voici donc mon fichier de config
https://pjjoint.malekal.com/files.php?id=20120628_i8f7r9q128
je le dépose ici pour qu'une âme charitable m'aide sur ce sujet .j'abuserais même a lui demander la méthode pour déterminer ou se trouve le virus.
merci de votre aide.
PS je m'y connais pas mal en infos en informatique
et j'aimerais vraiment savoir comment vous déterminez l'emplacement du virus grâce au fichier de log je vois bien une ou deux entree dans la base de registre qui sont louches mais c'est tout
merci de votre aide
j'ai un pb avec se virus j'ai fait un cd et lancé OTL voici donc mon fichier de config
https://pjjoint.malekal.com/files.php?id=20120628_i8f7r9q128
je le dépose ici pour qu'une âme charitable m'aide sur ce sujet .j'abuserais même a lui demander la méthode pour déterminer ou se trouve le virus.
merci de votre aide.
PS je m'y connais pas mal en infos en informatique
et j'aimerais vraiment savoir comment vous déterminez l'emplacement du virus grâce au fichier de log je vois bien une ou deux entree dans la base de registre qui sont louches mais c'est tout
merci de votre aide
A voir également:
- Virus wait while the connection is being
- What is my movie français - Télécharger - Divers TV & Vidéo
- Gmail connection - Guide
- Virus mcafee - Accueil - Piratage
- Who is on my wifi - Télécharger - Outils Internet
- The system bios is being updated - Forum BIOS
8 réponses
Salut,
Relance OTL.
o sous Personnalisation (Custom Scan), copie_colle le contenu du cadre ci dessous (bien prendre :OTL en début).
Clic Correction (Fix), un rapport apparraitra, copie/colle le contenu ici:
:OTL
O4 - HKLM..\Run: [EBna3b8YWnMKP0e] C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe ()
O4 - HKU\Gérard_ON_C..\Run: [EBna3b8YWnMKP0e] C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe ()
O20 - HKLM Winlogon: Shell - (C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe) - C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe ()
O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe) - C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe ()
O20 - HKU\Gérard_ON_C Winlogon: Shell - (C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe) - C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe ()
O20 - HKU\Gérard_ON_C Winlogon: UserInit - (C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe) - C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe ()
[2012/04/23 08:16:16 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-OfpsvrSfsSq5Nwr
[2012/04/23 08:16:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-OfpsvrSfsSq5Nw
[2012/04/23 08:16:09 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\OfpsvrSfsSq5Nw
[2012/04/23 08:16:08 | 000,221,184 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\OfpsvrSfsSq5Nw.exe
[2008/07/07 16:08:29 | 000,441,342 | ---- | C] () -- C:\Documents and Settings\Gérard\Local Settings\Application Data\ekwamas_nav.dat
[2008/07/07 16:08:29 | 000,004,853 | ---- | C] () -- C:\Documents and Settings\Gérard\Local Settings\Application Data\ekwamas.dat
[2008/07/07 16:08:29 | 000,002,119 | ---- | C] () -- C:\Documents and Settings\Gérard\Local Settings\Application Data\ekwamas_navps.dat
[2008/07/20 16:11:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\live 64 math does
[2008/07/20 16:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gérard\Application Data\date comp test
[2008/03/08 16:15:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gérard\Application Data\EoRezo
:reg
[HKLM\SOFTWARE_ON_C\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"Shell"="explorer.exe"
* redemarre le pc sous windows et poste le rapport ici
Relance OTL.
o sous Personnalisation (Custom Scan), copie_colle le contenu du cadre ci dessous (bien prendre :OTL en début).
Clic Correction (Fix), un rapport apparraitra, copie/colle le contenu ici:
:OTL
O4 - HKLM..\Run: [EBna3b8YWnMKP0e] C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe ()
O4 - HKU\Gérard_ON_C..\Run: [EBna3b8YWnMKP0e] C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe ()
O20 - HKLM Winlogon: Shell - (C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe) - C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe ()
O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe) - C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe ()
O20 - HKU\Gérard_ON_C Winlogon: Shell - (C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe) - C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe ()
O20 - HKU\Gérard_ON_C Winlogon: UserInit - (C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe) - C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe ()
[2012/04/23 08:16:16 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-OfpsvrSfsSq5Nwr
[2012/04/23 08:16:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-OfpsvrSfsSq5Nw
[2012/04/23 08:16:09 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\OfpsvrSfsSq5Nw
[2012/04/23 08:16:08 | 000,221,184 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\OfpsvrSfsSq5Nw.exe
[2008/07/07 16:08:29 | 000,441,342 | ---- | C] () -- C:\Documents and Settings\Gérard\Local Settings\Application Data\ekwamas_nav.dat
[2008/07/07 16:08:29 | 000,004,853 | ---- | C] () -- C:\Documents and Settings\Gérard\Local Settings\Application Data\ekwamas.dat
[2008/07/07 16:08:29 | 000,002,119 | ---- | C] () -- C:\Documents and Settings\Gérard\Local Settings\Application Data\ekwamas_navps.dat
[2008/07/20 16:11:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\live 64 math does
[2008/07/20 16:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gérard\Application Data\date comp test
[2008/03/08 16:15:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gérard\Application Data\EoRezo
:reg
[HKLM\SOFTWARE_ON_C\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"Shell"="explorer.exe"
* redemarre le pc sous windows et poste le rapport ici
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\EBna3b8YWnMKP0e deleted successfully.
C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe moved successfully.
Registry value HKEY_USERS\Gérard_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\EBna3b8YWnMKP0e deleted successfully.
File C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe deleted successfully.
File C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe deleted successfully.
File C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe not found.
Registry value HKEY_USERS\Gérard_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe deleted successfully.
File C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe not found.
Registry value HKEY_USERS\Gérard_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe deleted successfully.
File C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe not found.
C:\Documents and Settings\All Users\Application Data\-OfpsvrSfsSq5Nwr moved successfully.
C:\Documents and Settings\All Users\Application Data\-OfpsvrSfsSq5Nw moved successfully.
C:\Documents and Settings\All Users\Application Data\OfpsvrSfsSq5Nw moved successfully.
C:\Documents and Settings\All Users\Application Data\OfpsvrSfsSq5Nw.exe moved successfully.
C:\Documents and Settings\Gérard\Local Settings\Application Data\ekwamas_nav.dat moved successfully.
C:\Documents and Settings\Gérard\Local Settings\Application Data\ekwamas.dat moved successfully.
C:\Documents and Settings\Gérard\Local Settings\Application Data\ekwamas_navps.dat moved successfully.
C:\Documents and Settings\All Users\Application Data\live 64 math does folder moved successfully.
C:\Documents and Settings\Gérard\Application Data\date comp test folder moved successfully.
C:\Documents and Settings\Gérard\Application Data\EoRezo\EoWeather\images_station_meteo folder moved successfully.
C:\Documents and Settings\Gérard\Application Data\EoRezo\EoWeather\images_classic folder moved successfully.
C:\Documents and Settings\Gérard\Application Data\EoRezo\EoWeather\images folder moved successfully.
C:\Documents and Settings\Gérard\Application Data\EoRezo\EoWeather folder moved successfully.
C:\Documents and Settings\Gérard\Application Data\EoRezo\eoStats folder moved successfully.
C:\Documents and Settings\Gérard\Application Data\EoRezo\eoDesktop folder moved successfully.
C:\Documents and Settings\Gérard\Application Data\EoRezo\db folder moved successfully.
C:\Documents and Settings\Gérard\Application Data\EoRezo folder moved successfully.
========== REGISTRY ==========
HKLM\SOFTWARE_ON_C\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Userinit"|"C:\\WINDOWS\\system32\\userinit.exe," /E : value set successfully!
HKLM\SOFTWARE_ON_C\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Shell"|"explorer.exe" /E : value set successfully!
OTLPE by OldTimer - Version 3.1.48.0 log created on 06292012_050401
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\EBna3b8YWnMKP0e deleted successfully.
C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe moved successfully.
Registry value HKEY_USERS\Gérard_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\EBna3b8YWnMKP0e deleted successfully.
File C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe deleted successfully.
File C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe deleted successfully.
File C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe not found.
Registry value HKEY_USERS\Gérard_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe deleted successfully.
File C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe not found.
Registry value HKEY_USERS\Gérard_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe deleted successfully.
File C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe not found.
C:\Documents and Settings\All Users\Application Data\-OfpsvrSfsSq5Nwr moved successfully.
C:\Documents and Settings\All Users\Application Data\-OfpsvrSfsSq5Nw moved successfully.
C:\Documents and Settings\All Users\Application Data\OfpsvrSfsSq5Nw moved successfully.
C:\Documents and Settings\All Users\Application Data\OfpsvrSfsSq5Nw.exe moved successfully.
C:\Documents and Settings\Gérard\Local Settings\Application Data\ekwamas_nav.dat moved successfully.
C:\Documents and Settings\Gérard\Local Settings\Application Data\ekwamas.dat moved successfully.
C:\Documents and Settings\Gérard\Local Settings\Application Data\ekwamas_navps.dat moved successfully.
C:\Documents and Settings\All Users\Application Data\live 64 math does folder moved successfully.
C:\Documents and Settings\Gérard\Application Data\date comp test folder moved successfully.
C:\Documents and Settings\Gérard\Application Data\EoRezo\EoWeather\images_station_meteo folder moved successfully.
C:\Documents and Settings\Gérard\Application Data\EoRezo\EoWeather\images_classic folder moved successfully.
C:\Documents and Settings\Gérard\Application Data\EoRezo\EoWeather\images folder moved successfully.
C:\Documents and Settings\Gérard\Application Data\EoRezo\EoWeather folder moved successfully.
C:\Documents and Settings\Gérard\Application Data\EoRezo\eoStats folder moved successfully.
C:\Documents and Settings\Gérard\Application Data\EoRezo\eoDesktop folder moved successfully.
C:\Documents and Settings\Gérard\Application Data\EoRezo\db folder moved successfully.
C:\Documents and Settings\Gérard\Application Data\EoRezo folder moved successfully.
========== REGISTRY ==========
HKLM\SOFTWARE_ON_C\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Userinit"|"C:\\WINDOWS\\system32\\userinit.exe," /E : value set successfully!
HKLM\SOFTWARE_ON_C\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Shell"|"explorer.exe" /E : value set successfully!
OTLPE by OldTimer - Version 3.1.48.0 log created on 06292012_050401
petit soucis le pc ne demarre plus maintenant "No boot device where found"
la j'ai peur...
une idée
merci
la j'ai peur...
une idée
merci
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
