Pc lent virus ou pas
jtp62
Messages postés
288
Statut
Membre
-
jtp62 Messages postés 288 Statut Membre -
jtp62 Messages postés 288 Statut Membre -
Bonjour, j'ai mon pc que je trouve très lent mise a jour régulier analyse avec ccleaner malwarebytes rien trouver anti virus agv rien je me demande si j'ai pas un probleme de memores ou carte graphique ou virus boite de message tres long a ouvrir
au point de vue reseau j'ai 4 mb pas de probleme avec d'autre pc une aide svp merci
au point de vue reseau j'ai 4 mb pas de probleme avec d'autre pc une aide svp merci
A voir également:
- Pc lent virus ou pas
- Pc lent - Guide
- Reinitialiser pc - Guide
- Test performance pc - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Forcer demarrage pc - Guide
73 réponses
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
▶ Relance List_Kill'em,avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'Option Clean
▶▶▶ Ne clique qu'une seule fois sur le bouton !!
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
▶ colle le contenu dans ta reponse
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
▶ Relance List_Kill'em,avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'Option Clean
▶▶▶ Ne clique qu'une seule fois sur le bouton !!
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
▶ colle le contenu dans ta reponse
¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.1.3.2 ¤¤¤¤¤¤¤¤¤¤
User : jean (Administrateurs)
Update on 12/01/2011 by g3n-h@ckm@n ::::: 20.20
Start at: 19:28:16 | 14/01/2011
AMD Athlon(tm) 64 X2 Dual Core Processor 4000+
Microsoft Windows 7 Édition Intégrale (6.1.7600 32-bit) #
Internet Explorer 8.0.7600.16385
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 290,15 Go (181,83 Go free) | NTFS
D:\ -> Disque fixe local | 7,94 Go (435,18 Mo free) [Recovery] | NTFS
E:\ -> Disque CD-ROM
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
K:\ -> Disque CD-ROM
Killed : PID 288 'Firefox.exe'
Killed : PID 1692 'explorer.exe'
Killed : PID 1692 'explorer.exe'
Killed : PID 1692 'explorer.exe'
Killed : PID 1692 'explorer.exe'
Killed : PID 1692 'explorer.exe'
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\Users\jean\AppData\Roaming\app
Quarantined & Deleted !! : C:\Users\jean\AppData\Local\GDIPFONTCACHEV1.DAT
Quarantined & Deleted !! : C:\Users\jean\AppData\Local\prvlcl.dat
¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤
127.0.0.1 localhost
¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤
Deleted : HKCU\software\QUAD Utilities
Deleted : HKCR\CLSID\{0d37433c-8c73-458e-a7d6-15de1cec0f91}
Deleted : HKCR\CLSID\{11921be2-a0a6-4532-b708-76537c9bb86d}
Deleted : HKCR\CLSID\{37f08bce-c7b2-48e8-88b0-666bc1c58c36}
Deleted : HKCR\CLSID\{5b2f6a77-8a7e-4aa7-b6d7-fac7657f58bd}
Deleted : HKCR\CLSID\{5e395ec3-30f4-4a0e-a7f6-8878c60e8eb1}
Deleted : HKCR\CLSID\{6126a5f4-a096-4f8a-a272-c54fd7f63c17}
Deleted : HKCR\CLSID\{69f34ba8-7ed4-4911-97f4-4b88adf25441}
Deleted : HKCR\CLSID\{7aa18156-1945-45af-9ac6-f1a9787ace06}
Deleted : HKCR\CLSID\{841643d5-d102-4b24-917c-0caf6d9dfbf1}
Deleted : HKCR\CLSID\{b359b6ea-e892-4018-8cd2-4ecc9bd477a2}
Deleted : HKCR\CLSID\{cbabf241-9875-46c8-bb0b-6f90cc8d12fe}
Deleted : HKCR\CLSID\{e8cd244f-1836-4ffe-af58-1776580d1622}
Deleted : HKCR\CLSID\{f39659cf-699b-47ef-bb19-c15a84bbb143}
Deleted : HKCR\CLSID\{fa150b05-7510-471d-9afb-467b94462fde}
Deleted : HKCR\interface\{039b7df6-3103-48f0-bd6f-24291bc7e637}
Deleted : HKCR\interface\{1bd69f2f-96b4-41b3-accf-c46ed55e3a58}
Deleted : HKCR\interface\{2194682f-acb0-45ce-b900-3fcd2d13bfb5}
Deleted : HKCR\interface\{24d4e9fc-5097-483b-b0fe-6e3ef28bff4a}
Deleted : HKCR\interface\{382be372-d636-451d-8fa8-54c51569ad88}
Deleted : HKCR\interface\{3a60359d-0eb2-4437-ad15-a08bee794c14}
Deleted : HKCR\interface\{46902815-1008-40c8-ba07-4f3d2276e6d2}
Deleted : HKCR\interface\{777421f7-878b-426e-b7f7-593cbe6b543d}
Deleted : HKCR\interface\{777421f7-878b-426e-b7f7-593cbe6b543f}
Deleted : HKCR\interface\{7876dc2b-dd2e-48d3-b182-6e261698aadb}
Deleted : HKCR\interface\{9b7984e0-1b06-434d-a233-5323ab08f05f}
Deleted : HKCR\interface\{a0f36689-35ea-4b9b-8b16-2236b0581557}
Deleted : HKCR\interface\{b1ce34ce-dfa2-4a5e-a99a-5fdef5021994}
Deleted : HKCR\interface\{ce9cc21b-4f0c-4da5-9a2b-cb4d6a631228}
Deleted : HKCR\interface\{e0778c77-10e3-4ab3-9077-fe845de401b4}
Deleted : HKCR\interface\{e5b630a9-c1e3-42f3-b58b-9afa3662c010}
¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr/?ocid=iehp
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.google.com/?gws_rd=ssl
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
¤¤¤¤¤¤¤¤¤¤ Security Center ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval = 1 (0x1)
FirstRunDisabled = 1 (0x1)
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 0 (0x0)
FirewallOverride = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤
Ndisuio : Start = 3
EapHost : Start = 2
Wlansvc : Start = 2
SharedAccess : Start = 2
windefend : Start = 3
wuauserv : Start = 2
wscsvc : Start = 2
¤¤¤¤¤¤¤¤¤¤ Winlogon
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell = 1 (0x1)
Shell = explorer.exe
Userinit = C:\Windows\System32\userinit.exe,
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Disk Cleaned
Prefetch cleaned
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
FEATURE_BROWSER_EMULATION | svchost :
====================================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: SAMSUNG_ rev.CP10 -> Harddisk0\DR0 -> \Device\0000005e
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x84E931F8]<<
1 ntkrnlpa!IofCallDriver[0x82C7B458] -> \Device\Harddisk0\DR0[0x85EFF510]
3 CLASSPNP[0x894AD59E] -> ntkrnlpa!IofCallDriver[0x82C7B458] -> [0x84ECD700]
5 ACPI[0x88D2F3B2] -> ntkrnlpa!IofCallDriver[0x82C7B458] -> \Device\0000005e[0x85BB2770]
\Driver\nvstor[0x84ED55B0] -> IRP_MJ_CREATE -> 0x84E931F8
kernel: MBR read successfully
user & kernel MBR OK
End of Scan : 19:28:54
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
User : jean (Administrateurs)
Update on 12/01/2011 by g3n-h@ckm@n ::::: 20.20
Start at: 19:28:16 | 14/01/2011
AMD Athlon(tm) 64 X2 Dual Core Processor 4000+
Microsoft Windows 7 Édition Intégrale (6.1.7600 32-bit) #
Internet Explorer 8.0.7600.16385
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 290,15 Go (181,83 Go free) | NTFS
D:\ -> Disque fixe local | 7,94 Go (435,18 Mo free) [Recovery] | NTFS
E:\ -> Disque CD-ROM
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
K:\ -> Disque CD-ROM
Killed : PID 288 'Firefox.exe'
Killed : PID 1692 'explorer.exe'
Killed : PID 1692 'explorer.exe'
Killed : PID 1692 'explorer.exe'
Killed : PID 1692 'explorer.exe'
Killed : PID 1692 'explorer.exe'
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\Users\jean\AppData\Roaming\app
Quarantined & Deleted !! : C:\Users\jean\AppData\Local\GDIPFONTCACHEV1.DAT
Quarantined & Deleted !! : C:\Users\jean\AppData\Local\prvlcl.dat
¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤
127.0.0.1 localhost
¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤
Deleted : HKCU\software\QUAD Utilities
Deleted : HKCR\CLSID\{0d37433c-8c73-458e-a7d6-15de1cec0f91}
Deleted : HKCR\CLSID\{11921be2-a0a6-4532-b708-76537c9bb86d}
Deleted : HKCR\CLSID\{37f08bce-c7b2-48e8-88b0-666bc1c58c36}
Deleted : HKCR\CLSID\{5b2f6a77-8a7e-4aa7-b6d7-fac7657f58bd}
Deleted : HKCR\CLSID\{5e395ec3-30f4-4a0e-a7f6-8878c60e8eb1}
Deleted : HKCR\CLSID\{6126a5f4-a096-4f8a-a272-c54fd7f63c17}
Deleted : HKCR\CLSID\{69f34ba8-7ed4-4911-97f4-4b88adf25441}
Deleted : HKCR\CLSID\{7aa18156-1945-45af-9ac6-f1a9787ace06}
Deleted : HKCR\CLSID\{841643d5-d102-4b24-917c-0caf6d9dfbf1}
Deleted : HKCR\CLSID\{b359b6ea-e892-4018-8cd2-4ecc9bd477a2}
Deleted : HKCR\CLSID\{cbabf241-9875-46c8-bb0b-6f90cc8d12fe}
Deleted : HKCR\CLSID\{e8cd244f-1836-4ffe-af58-1776580d1622}
Deleted : HKCR\CLSID\{f39659cf-699b-47ef-bb19-c15a84bbb143}
Deleted : HKCR\CLSID\{fa150b05-7510-471d-9afb-467b94462fde}
Deleted : HKCR\interface\{039b7df6-3103-48f0-bd6f-24291bc7e637}
Deleted : HKCR\interface\{1bd69f2f-96b4-41b3-accf-c46ed55e3a58}
Deleted : HKCR\interface\{2194682f-acb0-45ce-b900-3fcd2d13bfb5}
Deleted : HKCR\interface\{24d4e9fc-5097-483b-b0fe-6e3ef28bff4a}
Deleted : HKCR\interface\{382be372-d636-451d-8fa8-54c51569ad88}
Deleted : HKCR\interface\{3a60359d-0eb2-4437-ad15-a08bee794c14}
Deleted : HKCR\interface\{46902815-1008-40c8-ba07-4f3d2276e6d2}
Deleted : HKCR\interface\{777421f7-878b-426e-b7f7-593cbe6b543d}
Deleted : HKCR\interface\{777421f7-878b-426e-b7f7-593cbe6b543f}
Deleted : HKCR\interface\{7876dc2b-dd2e-48d3-b182-6e261698aadb}
Deleted : HKCR\interface\{9b7984e0-1b06-434d-a233-5323ab08f05f}
Deleted : HKCR\interface\{a0f36689-35ea-4b9b-8b16-2236b0581557}
Deleted : HKCR\interface\{b1ce34ce-dfa2-4a5e-a99a-5fdef5021994}
Deleted : HKCR\interface\{ce9cc21b-4f0c-4da5-9a2b-cb4d6a631228}
Deleted : HKCR\interface\{e0778c77-10e3-4ab3-9077-fe845de401b4}
Deleted : HKCR\interface\{e5b630a9-c1e3-42f3-b58b-9afa3662c010}
¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr/?ocid=iehp
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.google.com/?gws_rd=ssl
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
¤¤¤¤¤¤¤¤¤¤ Security Center ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval = 1 (0x1)
FirstRunDisabled = 1 (0x1)
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 0 (0x0)
FirewallOverride = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤
Ndisuio : Start = 3
EapHost : Start = 2
Wlansvc : Start = 2
SharedAccess : Start = 2
windefend : Start = 3
wuauserv : Start = 2
wscsvc : Start = 2
¤¤¤¤¤¤¤¤¤¤ Winlogon
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell = 1 (0x1)
Shell = explorer.exe
Userinit = C:\Windows\System32\userinit.exe,
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Disk Cleaned
Prefetch cleaned
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
FEATURE_BROWSER_EMULATION | svchost :
====================================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: SAMSUNG_ rev.CP10 -> Harddisk0\DR0 -> \Device\0000005e
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x84E931F8]<<
1 ntkrnlpa!IofCallDriver[0x82C7B458] -> \Device\Harddisk0\DR0[0x85EFF510]
3 CLASSPNP[0x894AD59E] -> ntkrnlpa!IofCallDriver[0x82C7B458] -> [0x84ECD700]
5 ACPI[0x88D2F3B2] -> ntkrnlpa!IofCallDriver[0x82C7B458] -> \Device\0000005e[0x85BB2770]
\Driver\nvstor[0x84ED55B0] -> IRP_MJ_CREATE -> 0x84E931F8
kernel: MBR read successfully
user & kernel MBR OK
End of Scan : 19:28:54
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
ok
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
* * Colle directement le chemin des fichiers , un par un , dans l'espace "Parcourir" apres chaque analyse :
C:\Windows\system32\Syncreg.dll
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée colle le lien de(s)( la) page(s) dans ta prochaine réponse.
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
* * Colle directement le chemin des fichiers , un par un , dans l'espace "Parcourir" apres chaque analyse :
C:\Windows\system32\Syncreg.dll
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée colle le lien de(s)( la) page(s) dans ta prochaine réponse.
le already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
MD5: 856cffcd835528136367bb1a8fe1db87
Date first seen: 2009-07-19 02:11:07 (UTC)
Date last seen: 2010-11-23 13:00:57 (UTC)
Detection ratio: 0/42
What do you wish to do?
MD5: 856cffcd835528136367bb1a8fe1db87
Date first seen: 2009-07-19 02:11:07 (UTC)
Date last seen: 2010-11-23 13:00:57 (UTC)
Detection ratio: 0/42
What do you wish to do?
MD5 : 856cffcd835528136367bb1a8fe1db87
SHA1 : f5c2fde5284566e5d42361c0550e483665c1fc46
SHA256: 97ee0b243f460be737d18b634559bc6389064ba013890e69b650e5152ab873c8
ssdeep: 768:JxYueU5GSWIDJHSpSSz0N6RIhWSxjfgdBFr8k+mHeXrZ3wT2BrdRNv6KHe:PdHSpS3jWSDy
7NL+7B1RNC
File size : 55296 bytes
First seen: 2009-07-19 02:11:07
Last seen : 2011-01-14 19:38:22
TrID:
DirectShow filter (52.6%)
Windows OCX File (32.2%)
Win32 Executable MS Visual C++ (generic) (9.8%)
Win32 Executable Generic (2.2%)
Win32 Dynamic Link Library (generic) (1.9%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft Synchronization Framework
description..: Microsoft Synchronization Framework Registration
original name: SYNCREG.DLL
internal name: SYNCREG
file version.: 6.1.7600.16385 (win7_rtm.090713-1255)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0x39B3
timedatestamp....: 0x4A5BDB1E (Tue Jul 14 01:10:54 2009)
machinetype......: 0x14c (I386)
[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0xBD04, 0xBE00, 6.62, 97d9691336310db5a760907b224a3968
.data, 0xD000, 0x39C, 0x200, 0.38, e8e806c4634503e83f7e88c92a6f41c5
.rsrc, 0xE000, 0x538, 0x600, 3.08, 027b48b375a5fe8f23b9bb09ad8e3d10
.reloc, 0xF000, 0xC6C, 0xE00, 6.10, d933d48e6f6e9e92a8d184d08274392f
[[ 6 import(s) ]]
msvcrt.dll: memset, _ftol2, _except_handler4_common, _amsg_exit, _initterm, free, malloc, _XcptFilter, _vsnwprintf
PROPSYS.dll: PSCreateMemoryPropertyStore, InitPropVariantFromCLSID
ole32.dll: CoTaskMemFree, IIDFromString, CoCreateGuid, StringFromGUID2, CoCreateFreeThreadedMarshaler, CoCreateInstance
OLEAUT32.dll: -, -, -
KERNEL32.dll: GetUserDefaultUILanguage, LCIDToLocaleName, GetFullPathNameW, InterlockedIncrement, InterlockedDecrement, lstrlenW, GetModuleFileNameW, InterlockedExchange, Sleep, InterlockedCompareExchange, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetProcessHeap, HeapSetInformation, HeapCreate, HeapDestroy, HeapAlloc, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, EnterCriticalSection, LeaveCriticalSection, GetLastError, CloseHandle, CreateEventW, WaitForSingleObject, ResetEvent, FormatMessageW, LoadLibraryW, FreeLibrary, FindClose, FindFirstFileW, SetLastError, HeapFree
ADVAPI32.dll: GetTraceEnableLevel, GetTraceEnableFlags, RegSetValueW, RegNotifyChangeKeyValue, RegOpenCurrentUser, RegGetValueW, RegQueryInfoKeyW, RegEnumKeyExW, RegOpenKeyExW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, TraceMessage, RegCreateKeyExW, RegSetValueExW, RegDeleteKeyW, RegCloseKey, UnregisterTraceGuids, RegisterTraceGuidsW, GetTraceLoggerHandle
[[ 4 export(s) ]]
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 48640
CompanyName: Microsoft Corporation
EntryPoint: 0x39b3
FileDescription: Microsoft Synchronization Framework Registration
FileFlagsMask: 0x003f
FileOS: Windows NT 32-bit
FileSize: 54 kB
FileSubtype: 0
FileType: Win32 DLL
FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
FileVersionNumber: 2007.94.7600.16385
ImageVersion: 6.1
InitializedDataSize: 6144
InternalName: SYNCREG
LanguageCode: English (U.S.)
LegalCopyright: Microsoft Corporation. All rights reserved.
LinkerVersion: 9.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 6.1
ObjectFileType: Dynamic link library
OriginalFilename: SYNCREG.DLL
PEType: PE32
ProductName: Microsoft Synchronization Framework
ProductVersion: 6.1.7600.16385
ProductVersionNumber: 6.1.7600.16385
Subsystem: Windows command line
SubsystemVersion: 6.1
TimeStamp: 2009:07:14 03:10:54+02:00
UninitializedDataSize: 0
SHA1 : f5c2fde5284566e5d42361c0550e483665c1fc46
SHA256: 97ee0b243f460be737d18b634559bc6389064ba013890e69b650e5152ab873c8
ssdeep: 768:JxYueU5GSWIDJHSpSSz0N6RIhWSxjfgdBFr8k+mHeXrZ3wT2BrdRNv6KHe:PdHSpS3jWSDy
7NL+7B1RNC
File size : 55296 bytes
First seen: 2009-07-19 02:11:07
Last seen : 2011-01-14 19:38:22
TrID:
DirectShow filter (52.6%)
Windows OCX File (32.2%)
Win32 Executable MS Visual C++ (generic) (9.8%)
Win32 Executable Generic (2.2%)
Win32 Dynamic Link Library (generic) (1.9%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft Synchronization Framework
description..: Microsoft Synchronization Framework Registration
original name: SYNCREG.DLL
internal name: SYNCREG
file version.: 6.1.7600.16385 (win7_rtm.090713-1255)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0x39B3
timedatestamp....: 0x4A5BDB1E (Tue Jul 14 01:10:54 2009)
machinetype......: 0x14c (I386)
[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0xBD04, 0xBE00, 6.62, 97d9691336310db5a760907b224a3968
.data, 0xD000, 0x39C, 0x200, 0.38, e8e806c4634503e83f7e88c92a6f41c5
.rsrc, 0xE000, 0x538, 0x600, 3.08, 027b48b375a5fe8f23b9bb09ad8e3d10
.reloc, 0xF000, 0xC6C, 0xE00, 6.10, d933d48e6f6e9e92a8d184d08274392f
[[ 6 import(s) ]]
msvcrt.dll: memset, _ftol2, _except_handler4_common, _amsg_exit, _initterm, free, malloc, _XcptFilter, _vsnwprintf
PROPSYS.dll: PSCreateMemoryPropertyStore, InitPropVariantFromCLSID
ole32.dll: CoTaskMemFree, IIDFromString, CoCreateGuid, StringFromGUID2, CoCreateFreeThreadedMarshaler, CoCreateInstance
OLEAUT32.dll: -, -, -
KERNEL32.dll: GetUserDefaultUILanguage, LCIDToLocaleName, GetFullPathNameW, InterlockedIncrement, InterlockedDecrement, lstrlenW, GetModuleFileNameW, InterlockedExchange, Sleep, InterlockedCompareExchange, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetProcessHeap, HeapSetInformation, HeapCreate, HeapDestroy, HeapAlloc, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, EnterCriticalSection, LeaveCriticalSection, GetLastError, CloseHandle, CreateEventW, WaitForSingleObject, ResetEvent, FormatMessageW, LoadLibraryW, FreeLibrary, FindClose, FindFirstFileW, SetLastError, HeapFree
ADVAPI32.dll: GetTraceEnableLevel, GetTraceEnableFlags, RegSetValueW, RegNotifyChangeKeyValue, RegOpenCurrentUser, RegGetValueW, RegQueryInfoKeyW, RegEnumKeyExW, RegOpenKeyExW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, TraceMessage, RegCreateKeyExW, RegSetValueExW, RegDeleteKeyW, RegCloseKey, UnregisterTraceGuids, RegisterTraceGuidsW, GetTraceLoggerHandle
[[ 4 export(s) ]]
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 48640
CompanyName: Microsoft Corporation
EntryPoint: 0x39b3
FileDescription: Microsoft Synchronization Framework Registration
FileFlagsMask: 0x003f
FileOS: Windows NT 32-bit
FileSize: 54 kB
FileSubtype: 0
FileType: Win32 DLL
FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
FileVersionNumber: 2007.94.7600.16385
ImageVersion: 6.1
InitializedDataSize: 6144
InternalName: SYNCREG
LanguageCode: English (U.S.)
LegalCopyright: Microsoft Corporation. All rights reserved.
LinkerVersion: 9.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 6.1
ObjectFileType: Dynamic link library
OriginalFilename: SYNCREG.DLL
PEType: PE32
ProductName: Microsoft Synchronization Framework
ProductVersion: 6.1.7600.16385
ProductVersionNumber: 6.1.7600.16385
Subsystem: Windows command line
SubsystemVersion: 6.1
TimeStamp: 2009:07:14 03:10:54+02:00
UninitializedDataSize: 0
pêux-tu poster ceci via cijoint.fr ? :
C:\Users\jean\Desktop\Upload_jean_List_Kill'em.zip
========================================
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur OTL.exe pour le lancer.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous "Personnalisation" :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:OTL
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.defaultthis.engineName: "Elf 1 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2856415&SearchSource=3&q={searchTerms}"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
O4 - HKLM\..\Run: [NPSStartup] File not found
:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"iTunesHelper"=-
"SunJavaUpdateSched"=-
"TkBellExe"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
:Files
C:\61180fe2e56de1805437
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:E6433F27
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:5925E400
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:98AE08EA
C:\Users\jean\AppData\Roaming\QUAD Utilities
:commands
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur "Correction" pour lancer la suppression.
▶ Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail appres le redemarrage.
C:\Users\jean\Desktop\Upload_jean_List_Kill'em.zip
========================================
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur OTL.exe pour le lancer.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous "Personnalisation" :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:OTL
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.defaultthis.engineName: "Elf 1 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2856415&SearchSource=3&q={searchTerms}"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
O4 - HKLM\..\Run: [NPSStartup] File not found
:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"iTunesHelper"=-
"SunJavaUpdateSched"=-
"TkBellExe"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
:Files
C:\61180fe2e56de1805437
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:E6433F27
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:5925E400
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:98AE08EA
C:\Users\jean\AppData\Roaming\QUAD Utilities
:commands
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur "Correction" pour lancer la suppression.
▶ Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail appres le redemarrage.
