Virus wait while the connection is being Fermé

Question

Bonjour, 

j'ai un pb avec se virus j'ai fait un cd et lancé OTL voici donc mon fichier de config 

https://pjjoint.malekal.com/files.php?id=20120628_i8f7r9q128
je le dépose ici pour qu'une âme charitable m'aide sur ce sujet .j'abuserais même a lui demander la méthode pour déterminer ou se trouve le virus.

merci de votre aide.
PS je m'y connais pas mal en infos en informatique
et j'aimerais vraiment savoir comment vous déterminez l'emplacement du  virus grâce au fichier de log je vois bien une ou deux entree dans la base de registre qui sont louches mais c'est tout
merci de votre aide
Configuration: Windows 7 / Chrome

Malekal_morte- · Answer

Salut,

Relance OTL. 
o sous Personnalisation (Custom Scan), copie_colle le contenu du cadre ci dessous (bien prendre :OTL en début).
Clic Correction (Fix), un rapport apparraitra, copie/colle le contenu ici:  

:OTL
O4 - HKLM..\Run: [EBna3b8YWnMKP0e] C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe ()
O4 - HKU\Gérard_ON_C..\Run: [EBna3b8YWnMKP0e] C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe ()
O20 - HKLM Winlogon: Shell - (C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe) - C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe ()
O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe) - C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe ()
O20 - HKU\Gérard_ON_C Winlogon: Shell - (C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe) - C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe ()
O20 - HKU\Gérard_ON_C Winlogon: UserInit - (C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe) - C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe ()
[2012/04/23 08:16:16 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-OfpsvrSfsSq5Nwr
[2012/04/23 08:16:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-OfpsvrSfsSq5Nw
[2012/04/23 08:16:09 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\OfpsvrSfsSq5Nw
[2012/04/23 08:16:08 | 000,221,184 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\OfpsvrSfsSq5Nw.exe
[2008/07/07 16:08:29 | 000,441,342 | ---- | C] () -- C:\Documents and Settings\Gérard\Local Settings\Application Data\ekwamas_nav.dat
[2008/07/07 16:08:29 | 000,004,853 | ---- | C] () -- C:\Documents and Settings\Gérard\Local Settings\Application Data\ekwamas.dat
[2008/07/07 16:08:29 | 000,002,119 | ---- | C] () -- C:\Documents and Settings\Gérard\Local Settings\Application Data\ekwamas_navps.dat
[2008/07/20 16:11:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\live 64 math does
[2008/07/20 16:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gérard\Application Data\date comp test
[2008/03/08 16:15:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gérard\Application Data\EoRezo
:reg
[HKLM\SOFTWARE_ON_C\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"Shell"="explorer.exe" 

* redemarre le pc sous windows et poste le rapport ici

triwin · Answer

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\EBna3b8YWnMKP0e deleted successfully.
C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe moved successfully.
Registry value HKEY_USERS\Gérard_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\EBna3b8YWnMKP0e deleted successfully.
File C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell:C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe deleted successfully.
File C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit:C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe deleted successfully.
File C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe not found.
Registry value HKEY_USERS\Gérard_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell:C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe deleted successfully.
File C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe not found.
Registry value HKEY_USERS\Gérard_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit:C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe deleted successfully.
File C:\Documents and Settings\Gérard\Application Data\syncservicex86.exe not found.
C:\Documents and Settings\All Users\Application Data\-OfpsvrSfsSq5Nwr moved successfully.
C:\Documents and Settings\All Users\Application Data\-OfpsvrSfsSq5Nw moved successfully.
C:\Documents and Settings\All Users\Application Data\OfpsvrSfsSq5Nw moved successfully.
C:\Documents and Settings\All Users\Application Data\OfpsvrSfsSq5Nw.exe moved successfully.
C:\Documents and Settings\Gérard\Local Settings\Application Data\ekwamas_nav.dat moved successfully.
C:\Documents and Settings\Gérard\Local Settings\Application Data\ekwamas.dat moved successfully.
C:\Documents and Settings\Gérard\Local Settings\Application Data\ekwamas_navps.dat moved successfully.
C:\Documents and Settings\All Users\Application Data\live 64 math does folder moved successfully.
C:\Documents and Settings\Gérard\Application Data\date comp test folder moved successfully.
C:\Documents and Settings\Gérard\Application Data\EoRezo\EoWeather\images_station_meteo folder moved successfully.
C:\Documents and Settings\Gérard\Application Data\EoRezo\EoWeather\images_classic folder moved successfully.
C:\Documents and Settings\Gérard\Application Data\EoRezo\EoWeather\images folder moved successfully.
C:\Documents and Settings\Gérard\Application Data\EoRezo\EoWeather folder moved successfully.
C:\Documents and Settings\Gérard\Application Data\EoRezo\eoStats folder moved successfully.
C:\Documents and Settings\Gérard\Application Data\EoRezo\eoDesktop folder moved successfully.
C:\Documents and Settings\Gérard\Application Data\EoRezo\db folder moved successfully.
C:\Documents and Settings\Gérard\Application Data\EoRezo folder moved successfully.
========== REGISTRY ==========
HKLM\SOFTWARE_ON_C\Microsoft\Windows NT\CurrentVersion\Winlogon\"Userinit"|"C:\WINDOWS\system32\userinit.exe," /E : value set successfully!
HKLM\SOFTWARE_ON_C\Microsoft\Windows NT\CurrentVersion\Winlogon\"Shell"|"explorer.exe" /E : value set successfully!
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 06292012_050401

triwin · Answer

petit soucis le pc ne demarre plus maintenant "No boot device where found"
la j'ai peur...
une idée
merci

Malekal_morte- · Answer

?
C'est quoi le premier lecteur à démarrer ?
Le disque ?

triwin · Answer

disquette puis hdd puis cd

triwin · Answer

ca change rien

triwin · Answer

pas d'autre idée
svp
merci

Malekal_morte- · Answer

Non retire le CD. 
Sinon y a eu un prb mais ça me paraît bizarre. 
Là à part réinstaller Windows

Like the angel you are, you laugh creating a lightness in my chest, 
Your eyes they penetrate me, 
(Your answer's always 'maybe') 
That's when I got up and left

Virus wait while the connection is being

8 réponses

Discussions similaires