lenteur et plantage selectifs

[sunny_a_la_playa]

Bonjour bonjour!

 

J'ai prete mon pc a un ami et depuis son retour (pc) ... j'ai des soucis avec...

il ma dit qu il avait "juste" eu une alerte de troyen avec antivir) :s

 

J'ai rescanner avec antivir et spybot, et ils n'ont rien trouve.

Nettoyage derriere avec ccleaner des temp etc.

 

J'ai aussi fait une defragmentation, que je n'avais pas fait depuis longtemps.

Mais rien ne change...

 

Symptomes:

 

-tres grosses lenteurs d'acces au dossier "mes images", et d'autres parfois aussi.

 

-le contenu de certains fichiers texte .doc ou .txt se modifie en cours de lecture, les caracteres

sont tous melanges/bizarre et donc illisibles...

 

-certains logiciels ne fonctionne plus ( visionneuse powerpoint, notament )

 

- mes preferences d'affichage se modifient, ...

 

-mais le plus embetant de tous : je travaille avec e learning maker, et j'ai du mal malgre ma config...

bien qu'il n'y ai que ce logiciel d'ouvert( car du coup je ferme tous les autres logiciels de lecture son, image,

messagerie instantanee, navigateur, etc) c'est freeze plantage, lenteur, bug...

UC a 100%, et le logiciel se dedouble parfois... (doublon dans le gestionnaire des taches, processus)

 

Est ce un probleme materiel, software, ou viral, selon vous?

 

Je vous poste le log HJT

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:42:27, on 14/06/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\e-doceo\ELM 260\elearning_maker.exe

C:\Documents and Settings\Sand\Mes documents\Programmes_plugins\+Securité nettoyage\HijackThis 2.0.2_zebulon\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Sunny's Internet Explorer

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://sunnyalaplaya.spaces.live.com//Phot...ad/MsnPUpld.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Service d'état ASP.NET (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 7427 bytes

 

voilou merci et bon week end a tous!

[Falkra]

Bonjour, le rapport ne révèle aucune infection active.

Si l'antivirus a fait son boulot, la machine n'est pas infectée.

Pour plus de sécurité, fais un scan complet après avoir mis à jour Antivir, et après un redémarrage, l'infection ne devrait plus être là.

Un rapport de scan est postable en fin de processus.

[sunny_a_la_playa]

Ok, Falkra, merci pour ta reponse!

Je vais refaire ca et vous tiens au jus!

[sunny_a_la_playa]

Re!

Manip effectuee.

Voici le rapport de scan:

Avira AntiVir Personal

Report file date: samedi 14 juin 2008 18:18

 

Scanning for 1331584 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Boot mode: Normally booted

Username: SYSTEM

Computer name: CRAZY44

 

Version information:

BUILD.DAT : 8.1.0.308 16478 Bytes 28/05/2008 17:03:00

AVSCAN.EXE : 8.1.2.12 311553 Bytes 16/04/2008 10:03:00

AVSCAN.DLL : 8.1.1.0 53505 Bytes 16/04/2008 10:03:00

LUKE.DLL : 8.1.2.9 151809 Bytes 16/04/2008 10:03:01

LUKERES.DLL : 8.1.2.1 12033 Bytes 16/04/2008 10:03:01

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:00:40

ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 19:30:02

ANTIVIR2.VDF : 7.0.4.195 2546176 Bytes 14/06/2008 16:14:49

ANTIVIR3.VDF : 7.0.4.196 2048 Bytes 14/06/2008 16:14:54

Engineversion : 8.1.0.55

AEVDF.DLL : 8.1.0.5 102772 Bytes 16/04/2008 10:03:02

AESCRIPT.DLL : 8.1.0.40 266618 Bytes 07/06/2008 14:29:14

AESCN.DLL : 8.1.0.21 119156 Bytes 07/06/2008 14:29:13

AERDL.DLL : 8.1.0.20 418165 Bytes 25/04/2008 13:12:19

AEPACK.DLL : 8.1.1.5 364918 Bytes 16/05/2008 13:16:44

AEOFFICE.DLL : 8.1.0.18 192890 Bytes 20/04/2008 13:15:20

AEHEUR.DLL : 8.1.0.30 1253750 Bytes 07/06/2008 14:29:12

AEHELP.DLL : 8.1.0.15 115063 Bytes 30/05/2008 13:43:22

AEGEN.DLL : 8.1.0.28 307572 Bytes 07/06/2008 14:29:11

AEEMU.DLL : 8.1.0.6 430451 Bytes 08/05/2008 13:13:06

AECORE.DLL : 8.1.0.31 168310 Bytes 07/06/2008 14:29:11

AVWINLL.DLL : 1.0.0.7 14593 Bytes 16/04/2008 10:03:01

AVPREF.DLL : 8.0.0.1 25857 Bytes 16/04/2008 10:03:00

AVREP.DLL : 7.0.0.1 155688 Bytes 19/04/2007 15:13:38

AVREG.DLL : 8.0.0.0 30977 Bytes 16/04/2008 10:03:00

AVARKT.DLL : 1.0.0.23 307457 Bytes 16/04/2008 10:03:00

AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 16/04/2008 10:03:00

SQLITE3.DLL : 3.3.17.1 339968 Bytes 16/04/2008 10:03:01

SMTPLIB.DLL : 1.2.0.19 28929 Bytes 16/04/2008 10:03:01

NETNT.DLL : 8.0.0.1 7937 Bytes 16/04/2008 10:03:01

RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 16/04/2008 10:02:55

RCTEXT.DLL : 8.0.32.0 86273 Bytes 16/04/2008 10:02:56

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:, D:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,

Macro heuristic..................: on

File heuristic...................: medium

Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

 

Start of the scan: samedi 14 juin 2008 18:18

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'usnsvc.exe' - '1' Module(s) have been scanned

Scan process 'winamp.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'a2service.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'zlclient.exe' - '0' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'vsmon.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

21 processes with 21 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '31' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\hiberfil.sys

[WARNING] The file could not be opened!

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\WINDOWS\system32\drivers\sptd.sys

[WARNING] The file could not be opened!

C:\WINDOWS\system32\drivers\sptd1613.sys

[WARNING] The file could not be opened!

Begin scan in 'D:\' <PRESARIO_RP>

 

 

End of the scan: samedi 14 juin 2008 20:05

Used time: 1:47:25 min

 

The scan has been done completely.

 

11273 Scanning directories

391018 Files were scanned

0 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

4 Files cannot be scanned

391018 Files not concerned

7829 Archives were scanned

4 Warnings

0 Notes

 

Bon, si tout semble propre, lenteurs et accros sont toujours la...

Symptomes identiques.

Je comprends pas d'ou ca peut bien venir...

(il me reste de l'espace disque de libre ( 13go)... )

voilou.

[Falkra]

Impeccable, pour ça. Ce n'est sans doute pas infectieux.

 

Tu as peut-être un problème de mémoire ram ou de carte graphique.

 

Je te conseille de tester dans un premier temps la ram avec memtest, voici un tuto :

http://www.vulgarisation-informatique.com/memtest.php

[sunny_a_la_playa]

Salut!

Bon j'ai lu la doc de memtest, mais etant sur un portable, je n'ai pas de lecteur disquette...

et pas de cle usb bootable, enfin je ne sais pas si elle l'est...

je n'ai donc pas tenter le test...

comment puis je faire? ou y a t il un autre moyen?

 

j'aimerais trouver une solution, car ca m'handicape vraiment beaucoup pour travailler ...

 

bon weekend les loulous!

[Falkra]

Tu as un lecteur de CD ?

Tu peux créer un cd UltimateBootCD (bootable) qui contient Memtest :

http://www.ultimatebootcd.com/