Utilisateur "Invité" s'est activé tout seul

[le_jer]

bonsoir,

 

j'ai lancé sino une premiere fois hier soir et il a tourné toute la nuit mais rien ce matin, pas de log et en le fermant il me dit qu'il y a un log de le dossier localsetting\temp..

et dans le log il y a :

Exception in Tkinter callback

Traceback (most recent call last):

File "Tkinter.pyc", line 1403, in __call__

File "SINO.py", line 715, in runScan

File "SINO.py", line 409, in Scan

UnicodeEncodeError: 'ascii' codec can't encode character u'\xbd' in position 82: ordinal not in range(128)

 

 

je l'ai relancé il y a 2 heures mais il ne se passe toujours rien, il est bloqué sur : disk drive info

 

mon firewall est desactivé et je ne suis pas connecté au net

[nardino]

Bonsoir,

Curieux.

Abandonne Sino.

Télécharge DDS.scr de sUBs

Désactive tes protections résidentes un fois l'outil chargé sur le bureau

Il ne nécessite pas d'installation et ne modifie pas le registre.

Clique sur DDS.scr, appuie sur Entrer pour lancer l'outil.

Une barre de progression va s'afficher dans la fenêtre DOS.

A la fin du scan un rapport Attach.txt va s'ouvrir, enregistre-le sous ce nom sur le bureau.

Active le fichier DDS.txt dans la barre des tâches et enregistre-le aussi sous son nom.

Poste DDS.txt par copier-coller dans ta réponse.

 

@+

[le_jer]

voila :

 

 

DDS (Ver_10-03-17.01) - NTFSx86

Run by jer at 22:59:59,62 on 06/07/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1261 [GMT 2:00]

 

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}

 

============== Running Processes ===============

 

D:\WINDOWS\system32\svchost -k DcomLaunch

D:\WINDOWS\system32\svchost -k rpcss

D:\WINDOWS\System32\svchost.exe -k netsvcs

D:\WINDOWS\system32\spoolsv.exe

D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

D:\Program Files\Java\jre6\bin\jqs.exe

D:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe

D:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

D:\PROGRA~1\AVG\AVG8\avgrsx.exe

D:\WINDOWS\system32\svchost.exe -k imgsvc

D:\PROGRA~1\AVG\AVG8\avgemc.exe

D:\Program Files\AVG\AVG8\avgcsrvx.exe

D:\WINDOWS\System32\alg.exe

D:\WINDOWS\Explorer.EXE

D:\PROGRA~1\AVG\AVG8\avgtray.exe

D:\WINDOWS\system32\svchost.exe -k LocalService

D:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe

D:\WINDOWS\RTHDCPL.EXE

D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

D:\Program Files\SuperCopier2\SuperCopier2.exe

D:\Program Files\DAEMON Tools Lite\daemon.exe

D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

D:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe

D:\Program Files\PeerGuardian2\pg2.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

D:\Program Files\AVG\AVG8\avgui.exe

D:\PROGRA~1\AVG\AVG8\avgnsx.exe

D:\WINDOWS\system32\taskmgr.exe

D:\Documents and Settings\jer\Bureau\dds.scr

D:\WINDOWS\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uWindow Title =

uInternet Connection Wizard,ShellNext = hxxp://www.google.fr/

uInternet Settings,ProxyOverride = <local>

mWinlogon: SFCDisable=4 (0x4)

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - d:\program files\avg\avg8\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\progra~1\spybot~1\SDHelper.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - d:\program files\java\jre6\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - d:\program files\daemon tools toolbar\DTToolbar.dll

uRun: [superCopier2.exe] d:\program files\supercopier2\SuperCopier2.exe

uRun: [DAEMON Tools Lite] "d:\program files\daemon tools lite\daemon.exe" -autorun

uRun: [AtiTrayTools] "d:\program files\ray adams\ati tray tools\atitray.exe"

uRun: [spybotSD TeaTimer] d:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [PeerGuardian] d:\program files\peerguardian2\pg2.exe

uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe

mRun: [AVG8_TRAY] d:\progra~1\avg\avg8\avgtray.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [startCCC] "d:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [sunJavaUpdateSched] "d:\program files\java\jre6\bin\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "d:\program files\fichiers communs\adobe\arm\1.0\AdobeARM.exe"

dRunOnce: [Config] %systemroot%\system32\run.cmd

dRunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"

dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe

uPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)

uPolicies-explorer: NoSMBalloonTip = 1 (0x1)

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

uPolicies-explorer: NoWelcomeScreen = 1 (0x1)

uPolicies-explorer: NoStrCmpLogical = 0 (0x0)

uPolicies-explorer: NoInstrumentation = 0 (0x0)

dPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)

dPolicies-explorer: NoSMBalloonTip = 1 (0x1)

dPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

dPolicies-explorer: NoWelcomeScreen = 1 (0x1)

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} - d:\program files\java\jre6\bin\ssv.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - d:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\progra~1\spybot~1\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

TCP: {F3263650-3F9B-4E4D-A009-091E094A1576} = 212.27.40.241,212.27.40.240

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - d:\program files\avg\avg8\avgpp.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: avgrsstarter - avgrsstx.dll

Hosts: 127.0.0.1 www.spywareinfo.com

 

================= FIREFOX ===================

 

FF - ProfilePath - d:\docume~1\jer\applic~1\mozilla\firefox\profiles\49p0ac64.default\

FF - prefs.js: browser.search.selectedEngine - DAEMON Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - component: d:\documents and settings\jer\application data\mozilla\firefox\profiles\49p0ac64.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll

FF - component: d:\program files\avg\avg8\firefox\components\avgssff.dll

FF - component: d:\program files\daemon tools toolbar\firefoxdtt\components\DTToolbarFF.dll

FF - plugin: d:\program files\adsltv\npvlc.dll

FF - plugin: d:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

 

============= SERVICES / DRIVERS ===============

 

R0 AVG Anti-Rootkit;AVG Anti-Rootkit;d:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]

R0 ViBus;ViBus;d:\windows\system32\drivers\ViBus.sys [2008-8-3 16896]

R0 ViPrt;VIA SATA IDE Device Driver;d:\windows\system32\drivers\ViPrt.sys [2008-8-3 53248]

R1 atitray;atitray;d:\program files\ray adams\ati tray tools\atitray.sys [2007-5-22 18088]

R1 AvgArCln;Avg Anti-Rootkit Clean Driver;d:\windows\system32\drivers\AvgArCln.sys [2010-7-1 3968]

R1 AvgLdx86;AVG AVI Loader Driver x86;d:\windows\system32\drivers\avgldx86.sys [2008-8-3 335240]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;d:\windows\system32\drivers\avgmfx86.sys [2008-8-3 27784]

R1 AvgTdiX;AVG8 Network Redirector;d:\windows\system32\drivers\avgtdix.sys [2008-8-3 108552]

R1 SbFw;SbFw;d:\windows\system32\drivers\SbFw.sys [2008-8-3 270888]

R1 sbhips;Sunbelt HIPS Driver;d:\windows\system32\drivers\sbhips.sys [2008-6-21 66600]

R2 avg8emc;AVG8 E-mail Scanner;d:\progra~1\avg\avg8\avgemc.exe [2010-6-8 908056]

R2 avg8wd;AVG8 WatchDog;d:\progra~1\avg\avg8\avgwdsvc.exe [2010-6-8 297752]

R2 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;d:\windows\system32\plcndis5.sys [2003-3-13 17018]

R2 SbPF.Launcher;SbPF.Launcher;d:\program files\sunbelt software\personal firewall\SbPFLnch.exe [2008-10-31 95528]

R2 SPF4;Sunbelt Personal Firewall 4;d:\program files\sunbelt software\personal firewall\SbPFSvc.exe [2008-10-31 1365288]

R3 MBAMSwissArmy;MBAMSwissArmy;d:\windows\system32\drivers\mbamswissarmy.sys [2010-6-24 38224]

R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;d:\windows\system32\drivers\SbFwIm.sys [2008-8-3 65576]

S3 A_USBETHMP;USB PowerPacket Network Adapter;d:\windows\system32\drivers\usbethmp.sys [2008-9-1 14342]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;d:\program files\lavalys\everest ultimate edition\kerneld.wnt [2008-11-16 23152]

 

=============== Created Last 30 ================

 

2010-07-05 19:28:28 0 d-sh--w- d:\documents and settings\jer\IETldCache

2010-07-05 19:21:13 0 dc-h--w- d:\windows\ie8

2010-07-04 23:25:38 0 d-----w- d:\program files\Messenger

2010-07-04 23:24:06 0 d-----w- d:\windows\ServicePackFiles

2010-07-04 22:55:23 411368 ----a-w- d:\windows\system32\deployJava1.dll

2010-07-02 23:12:16 0 d-----w- d:\docume~1\alluse~1\applic~1\SecTaskMan

2010-07-02 23:12:05 0 d-----w- d:\program files\Security Task Manager

2010-06-30 22:03:52 3968 ----a-w- d:\windows\system32\drivers\AvgArCln.sys

2010-06-26 21:46:24 0 d-----w- d:\docume~1\jer\applic~1\PIFreePC

2010-06-24 20:11:29 0 d-----w- d:\docume~1\jer\applic~1\Malwarebytes

2010-06-24 20:11:11 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys

2010-06-24 20:11:10 20952 ----a-w- d:\windows\system32\drivers\mbam.sys

2010-06-24 20:11:10 0 d-----w- d:\program files\Malwarebytes' Anti-Malware

2010-06-24 20:11:10 0 d-----w- d:\docume~1\alluse~1\applic~1\Malwarebytes

2010-06-11 08:19:00 5632 ----a-w- d:\windows\system32\ptpusb.dll

2010-06-11 08:19:00 159232 ----a-w- d:\windows\system32\ptpusd.dll

2010-06-11 08:19:00 15104 ----a-w- d:\windows\system32\drivers\usbscan.sys

2010-06-08 19:23:48 0 d-----w- d:\program files\PeerGuardian2

2010-06-08 19:00:08 0 d-----w- d:\program files\Spybot - Search & Destroy

2010-06-08 19:00:08 0 d-----w- d:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2010-06-08 17:44:13 0 d-----w- d:\windows\pss

 

==================== Find3M ====================

 

2010-07-04 23:34:36 81040 ----a-w- d:\windows\system32\perfc00C.dat

2010-07-04 23:34:36 501312 ----a-w- d:\windows\system32\perfh00C.dat

2010-06-08 17:39:42 335240 ----a-w- d:\windows\system32\drivers\avgldx86.sys

2010-06-08 17:39:42 11952 ----a-w- d:\windows\system32\avgrsstx.dll

2010-06-08 17:39:40 108552 ----a-w- d:\windows\system32\drivers\avgtdix.sys

2010-04-16 06:33:36 3003680 ----a-w- d:\windows\system32\usbaaplrc.dll

2010-04-08 11:20:02 91424 ----a-w- d:\windows\system32\dnssd.dll

2010-04-08 11:20:02 107808 ----a-w- d:\windows\system32\dns-sd.exe

 

============= FINISH: 23:01:09,26 ===============

[nardino]

Bonsoir

Je ne vois rien d'anormal dans ce rapport.

Tu peux le supprimer ainsi que DDS.scr

 

Fais ce qui est proposé sur ce lien

Temps de reboot

Poste le résultat.

@+