Pc lent virus ou pas - Page 1

Précédent
  • 1
  • 2
  • 3
  • 4
Réponse 21 / 73
Utilisateur anonyme
 
https://support.avg.com/answers#!/feedtype=RECENT_REPLY&dc=All&criteria=ALLQUESTIONS
0
Réponse 22 / 73
jtp62 Messages postés 288 Statut Membre 2
 
j'ai fermer les pare feu windows je demarre list kell em
0
Réponse 23 / 73
Utilisateur anonyme
 
ok :p)
0
Réponse 24 / 73
jtp62 Messages postés 288 Statut Membre 2
 
http://www.cijoint.fr/cjlink.php?file=cj201101/cijAhaMgVS.txt
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 73
jtp62 Messages postés 288 Statut Membre 2
 
http://www.cijoint.fr/cjlink.php?file=cj201101/cijznvHMI3.txt
0
Réponse 26 / 73
Utilisateur anonyme
 
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."

▶ Relance List_Kill'em,avec le raccourci sur ton bureau.

mais cette fois-ci :

▶ choisis l'Option Clean

▶▶▶ Ne clique qu'une seule fois sur le bouton !!

laisse travailler l'outil.

en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,

▶ colle le contenu dans ta reponse
0
Réponse 27 / 73
jtp62 Messages postés 288 Statut Membre 2
 
¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.1.3.2 ¤¤¤¤¤¤¤¤¤¤

User : jean (Administrateurs)
Update on 12/01/2011 by g3n-h@ckm@n ::::: 20.20
Start at: 19:28:16 | 14/01/2011

AMD Athlon(tm) 64 X2 Dual Core Processor 4000+
Microsoft Windows 7 Édition Intégrale (6.1.7600 32-bit) #
Internet Explorer 8.0.7600.16385
Windows Firewall Status : Disabled

C:\ -> Disque fixe local | 290,15 Go (181,83 Go free) | NTFS
D:\ -> Disque fixe local | 7,94 Go (435,18 Mo free) [Recovery] | NTFS
E:\ -> Disque CD-ROM
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
K:\ -> Disque CD-ROM

Killed : PID 288 'Firefox.exe'
Killed : PID 1692 'explorer.exe'
Killed : PID 1692 'explorer.exe'
Killed : PID 1692 'explorer.exe'
Killed : PID 1692 'explorer.exe'
Killed : PID 1692 'explorer.exe'

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Quarantined & Deleted !! : C:\Users\jean\AppData\Roaming\app
Quarantined & Deleted !! : C:\Users\jean\AppData\Local\GDIPFONTCACHEV1.DAT
Quarantined & Deleted !! : C:\Users\jean\AppData\Local\prvlcl.dat

¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤

127.0.0.1 localhost

¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤

Deleted : HKCU\software\QUAD Utilities
Deleted : HKCR\CLSID\{0d37433c-8c73-458e-a7d6-15de1cec0f91}
Deleted : HKCR\CLSID\{11921be2-a0a6-4532-b708-76537c9bb86d}
Deleted : HKCR\CLSID\{37f08bce-c7b2-48e8-88b0-666bc1c58c36}
Deleted : HKCR\CLSID\{5b2f6a77-8a7e-4aa7-b6d7-fac7657f58bd}
Deleted : HKCR\CLSID\{5e395ec3-30f4-4a0e-a7f6-8878c60e8eb1}
Deleted : HKCR\CLSID\{6126a5f4-a096-4f8a-a272-c54fd7f63c17}
Deleted : HKCR\CLSID\{69f34ba8-7ed4-4911-97f4-4b88adf25441}
Deleted : HKCR\CLSID\{7aa18156-1945-45af-9ac6-f1a9787ace06}
Deleted : HKCR\CLSID\{841643d5-d102-4b24-917c-0caf6d9dfbf1}
Deleted : HKCR\CLSID\{b359b6ea-e892-4018-8cd2-4ecc9bd477a2}
Deleted : HKCR\CLSID\{cbabf241-9875-46c8-bb0b-6f90cc8d12fe}
Deleted : HKCR\CLSID\{e8cd244f-1836-4ffe-af58-1776580d1622}
Deleted : HKCR\CLSID\{f39659cf-699b-47ef-bb19-c15a84bbb143}
Deleted : HKCR\CLSID\{fa150b05-7510-471d-9afb-467b94462fde}
Deleted : HKCR\interface\{039b7df6-3103-48f0-bd6f-24291bc7e637}
Deleted : HKCR\interface\{1bd69f2f-96b4-41b3-accf-c46ed55e3a58}
Deleted : HKCR\interface\{2194682f-acb0-45ce-b900-3fcd2d13bfb5}
Deleted : HKCR\interface\{24d4e9fc-5097-483b-b0fe-6e3ef28bff4a}
Deleted : HKCR\interface\{382be372-d636-451d-8fa8-54c51569ad88}
Deleted : HKCR\interface\{3a60359d-0eb2-4437-ad15-a08bee794c14}
Deleted : HKCR\interface\{46902815-1008-40c8-ba07-4f3d2276e6d2}
Deleted : HKCR\interface\{777421f7-878b-426e-b7f7-593cbe6b543d}
Deleted : HKCR\interface\{777421f7-878b-426e-b7f7-593cbe6b543f}
Deleted : HKCR\interface\{7876dc2b-dd2e-48d3-b182-6e261698aadb}
Deleted : HKCR\interface\{9b7984e0-1b06-434d-a233-5323ab08f05f}
Deleted : HKCR\interface\{a0f36689-35ea-4b9b-8b16-2236b0581557}
Deleted : HKCR\interface\{b1ce34ce-dfa2-4a5e-a99a-5fdef5021994}
Deleted : HKCR\interface\{ce9cc21b-4f0c-4da5-9a2b-cb4d6a631228}
Deleted : HKCR\interface\{e0778c77-10e3-4ab3-9077-fe845de401b4}
Deleted : HKCR\interface\{e5b630a9-c1e3-42f3-b58b-9afa3662c010}

¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr/?ocid=iehp
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.google.com/?gws_rd=ssl
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

¤¤¤¤¤¤¤¤¤¤ Security Center ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval = 1 (0x1)
FirstRunDisabled = 1 (0x1)
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 0 (0x0)
FirewallOverride = 0 (0x0)

¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤

Ndisuio : Start = 3
EapHost : Start = 2
Wlansvc : Start = 2
SharedAccess : Start = 2
windefend : Start = 3
wuauserv : Start = 2
wscsvc : Start = 2

¤¤¤¤¤¤¤¤¤¤ Winlogon

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell = 1 (0x1)
Shell = explorer.exe
Userinit = C:\Windows\System32\userinit.exe,

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Disk Cleaned
Prefetch cleaned
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

FEATURE_BROWSER_EMULATION | svchost :
====================================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: SAMSUNG_ rev.CP10 -> Harddisk0\DR0 -> \Device\0000005e

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x84E931F8]<<
1 ntkrnlpa!IofCallDriver[0x82C7B458] -> \Device\Harddisk0\DR0[0x85EFF510]
3 CLASSPNP[0x894AD59E] -> ntkrnlpa!IofCallDriver[0x82C7B458] -> [0x84ECD700]
5 ACPI[0x88D2F3B2] -> ntkrnlpa!IofCallDriver[0x82C7B458] -> \Device\0000005e[0x85BB2770]
\Driver\nvstor[0x84ED55B0] -> IRP_MJ_CREATE -> 0x84E931F8
kernel: MBR read successfully
user & kernel MBR OK

End of Scan : 19:28:54

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 28 / 73
Utilisateur anonyme
 
2mn je controle More.txt
0
Réponse 29 / 73
Utilisateur anonyme
 
ok

Fais analyser le(s) fichier(s) suivants sur Virustotal :

Virus Total

* * Colle directement le chemin des fichiers , un par un , dans l'espace "Parcourir" apres chaque analyse :

C:\Windows\system32\Syncreg.dll


* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée colle le lien de(s)( la) page(s) dans ta prochaine réponse.
0
Réponse 30 / 73
jtp62 Messages postés 288 Statut Membre 2
 
quel fichier qu'il faut analyser
0
Réponse 31 / 73
Utilisateur anonyme
 
?? ben ce qui est ecrit en gras...!
0
Réponse 32 / 73
jtp62 Messages postés 288 Statut Membre 2
 
le already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
MD5: 856cffcd835528136367bb1a8fe1db87
Date first seen: 2009-07-19 02:11:07 (UTC)
Date last seen: 2010-11-23 13:00:57 (UTC)
Detection ratio: 0/42

What do you wish to do?
0
Réponse 33 / 73
jtp62 Messages postés 288 Statut Membre 2
 
je ne sait pas si c'est ça
0
Réponse 34 / 73
jtp62 Messages postés 288 Statut Membre 2
 
MD5 : 856cffcd835528136367bb1a8fe1db87
SHA1 : f5c2fde5284566e5d42361c0550e483665c1fc46
SHA256: 97ee0b243f460be737d18b634559bc6389064ba013890e69b650e5152ab873c8
ssdeep: 768:JxYueU5GSWIDJHSpSSz0N6RIhWSxjfgdBFr8k+mHeXrZ3wT2BrdRNv6KHe:PdHSpS3jWSDy
7NL+7B1RNC
File size : 55296 bytes
First seen: 2009-07-19 02:11:07
Last seen : 2011-01-14 19:38:22
TrID:
DirectShow filter (52.6%)
Windows OCX File (32.2%)
Win32 Executable MS Visual C++ (generic) (9.8%)
Win32 Executable Generic (2.2%)
Win32 Dynamic Link Library (generic) (1.9%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft Synchronization Framework
description..: Microsoft Synchronization Framework Registration
original name: SYNCREG.DLL
internal name: SYNCREG
file version.: 6.1.7600.16385 (win7_rtm.090713-1255)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x39B3
timedatestamp....: 0x4A5BDB1E (Tue Jul 14 01:10:54 2009)
machinetype......: 0x14c (I386)

[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0xBD04, 0xBE00, 6.62, 97d9691336310db5a760907b224a3968
.data, 0xD000, 0x39C, 0x200, 0.38, e8e806c4634503e83f7e88c92a6f41c5
.rsrc, 0xE000, 0x538, 0x600, 3.08, 027b48b375a5fe8f23b9bb09ad8e3d10
.reloc, 0xF000, 0xC6C, 0xE00, 6.10, d933d48e6f6e9e92a8d184d08274392f

[[ 6 import(s) ]]
msvcrt.dll: memset, _ftol2, _except_handler4_common, _amsg_exit, _initterm, free, malloc, _XcptFilter, _vsnwprintf
PROPSYS.dll: PSCreateMemoryPropertyStore, InitPropVariantFromCLSID
ole32.dll: CoTaskMemFree, IIDFromString, CoCreateGuid, StringFromGUID2, CoCreateFreeThreadedMarshaler, CoCreateInstance
OLEAUT32.dll: -, -, -
KERNEL32.dll: GetUserDefaultUILanguage, LCIDToLocaleName, GetFullPathNameW, InterlockedIncrement, InterlockedDecrement, lstrlenW, GetModuleFileNameW, InterlockedExchange, Sleep, InterlockedCompareExchange, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetProcessHeap, HeapSetInformation, HeapCreate, HeapDestroy, HeapAlloc, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, EnterCriticalSection, LeaveCriticalSection, GetLastError, CloseHandle, CreateEventW, WaitForSingleObject, ResetEvent, FormatMessageW, LoadLibraryW, FreeLibrary, FindClose, FindFirstFileW, SetLastError, HeapFree
ADVAPI32.dll: GetTraceEnableLevel, GetTraceEnableFlags, RegSetValueW, RegNotifyChangeKeyValue, RegOpenCurrentUser, RegGetValueW, RegQueryInfoKeyW, RegEnumKeyExW, RegOpenKeyExW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, TraceMessage, RegCreateKeyExW, RegSetValueExW, RegDeleteKeyW, RegCloseKey, UnregisterTraceGuids, RegisterTraceGuidsW, GetTraceLoggerHandle

[[ 4 export(s) ]]
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 48640
CompanyName: Microsoft Corporation
EntryPoint: 0x39b3
FileDescription: Microsoft Synchronization Framework Registration
FileFlagsMask: 0x003f
FileOS: Windows NT 32-bit
FileSize: 54 kB
FileSubtype: 0
FileType: Win32 DLL
FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
FileVersionNumber: 2007.94.7600.16385
ImageVersion: 6.1
InitializedDataSize: 6144
InternalName: SYNCREG
LanguageCode: English (U.S.)
LegalCopyright: Microsoft Corporation. All rights reserved.
LinkerVersion: 9.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 6.1
ObjectFileType: Dynamic link library
OriginalFilename: SYNCREG.DLL
PEType: PE32
ProductName: Microsoft Synchronization Framework
ProductVersion: 6.1.7600.16385
ProductVersionNumber: 6.1.7600.16385
Subsystem: Windows command line
SubsystemVersion: 6.1
TimeStamp: 2009:07:14 03:10:54+02:00
UninitializedDataSize: 0
0
Réponse 35 / 73
Utilisateur anonyme
 
ok refais otl stp
0
Réponse 36 / 73
jtp62 Messages postés 288 Statut Membre 2
 
http://www.cijoint.fr/cjlink.php?file=cj201101/cijbMxRacv.txt
0
Réponse 37 / 73
Utilisateur anonyme
 
pêux-tu poster ceci via cijoint.fr ? :

C:\Users\jean\Desktop\Upload_jean_List_Kill'em.zip

========================================

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."

sur OTL.exe pour le lancer.

▶Copie la liste qui se trouve en gras ci-dessous,

▶ colle-la dans la zone sous "Personnalisation" :


:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe

:OTL
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.defaultthis.engineName: "Elf 1 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2856415&SearchSource=3&q={searchTerms}"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
O4 - HKLM\..\Run: [NPSStartup] File not found

:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"iTunesHelper"=-
"SunJavaUpdateSched"=-
"TkBellExe"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

:Files
C:\61180fe2e56de1805437
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:E6433F27
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:5925E400
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:98AE08EA
C:\Users\jean\AppData\Roaming\QUAD Utilities

:commands
[emptytemp]
[start explorer]
[reboot]


▶ Clique sur "Correction" pour lancer la suppression.

▶ Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail appres le redemarrage.
0
Réponse 38 / 73
jtp62 Messages postés 288 Statut Membre 2
 
http://www.cijoint.fr/cjlink.php?file=cj201101/cijSo7xiBn.zip
0
Réponse 39 / 73
Utilisateur anonyme
 
ok j attends la suite ;)
0
Réponse 40 / 73
jtp62 Messages postés 288 Statut Membre 2
 
je me suis perdu j'ai fait analyse je trouve plus faut que je remets otl
0
Précédent
  • 1
  • 2
  • 3
  • 4