emails envoyés intempestivement

kormick1 · le 21 mars 2010

Bonjour à tous!

J'ai quelques problèmes... mon FireFox rame pas mal, et ma boite mail envoie de messages intempestivement... avec le lien: [suppression du lien par la modération]

je sais pas ce que c'est.. ?!

que dois-je faire pour cleaner le tout!?

Tibonhomme · le 21 mars 2010

Bonjour kormick1,

Il va falloir en savoir un peu plus.

Si tu es sous OS en 32 bits :

Télécharge Random's System Information Tool (RSIT) de random/random : http://images.malwareremoval.com/random/RSIT.exe

Double-clique sur RSIT.exe afin de lancer RSIT.
A l'écran Disclaimer, clique sur Continuer
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera. Accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Copie-colle le contenu de log.txt (affiché à l'écran) puis celui de info.txt (réduit dans la Barre des Tâches) dans ton prochain message. Si ces fichiers sont trop longs, mets-les dans 2 messages successifs.
Si tu ne vois pas ces deux rapports, tu les trouveras dans le dossier C:\rsit

Important : pour sélectionner tout le texte une fois dans le rapport texte, appuie sur les touches [Ctrl] + [A], puis clic droit / copier. une fois dans ton nouveau message sur le forum, clic droit puis coller à l'endroit où tu veux coller l'intégralité du texte.

Au cas où - tutoriel installation et génération des rapports RSIT : http://aide-malware.forumactif.net/tutorie...ol-rsit-t29.htm

Si l'OS est en 64 bits, utiliser ZHPDiag de Nicolas Coolman :

Télécharger l'archive .zip ZHPDiag de Nicolas Coolman : http://telechargement.zebulon.fr/zhpdiag.html

Le programme ne nécessite pas d'installation.

Extraire les fichiers. Double-cliquer sur ZHPDiag.exe pour lancer l'application
Cliquer sur l'icône "Tournevis" et cliquer sur le bouton Tous pour tout cocher
Cliquer sur l'icône "Loupe" pour lancer l'analyse
Si une fenêtre "Accepter Sysinternal" apparaît, accepter
A la fin de l'analyse (qui peut être longue), cliquer sur l'icône Appareil photo" pour copier le rapport
Coller ce rapport dans le message.

Cordialement

kormick1 · le 21 mars 2010

comment je fais pour savoir en quel OS je suis??

J'ai Windows 7.

Tibonhomme · le 21 mars 2010

Pour connaître ta version de windows 7 :

Menu Démarrer / clic droit sur Ordinateur / Propriétés

ou

Touche Windows (avec le logo) + [R] / dans la fenêtre qui s'ouvre tape winver puis valide par OK ou la touche [Entrée]

Je te remet un tutoriel pour RSIT (si c'est Windows 7 32 bits) :

Télécharge Random's System Information Tool (RSIT) de random/random : http://images.malwareremoval.com/random/RSIT.exe

------

Sous Windows 7 :

Clic droit sur l'icône de RSIT / Propriétés
Onglet Compatibilité, cocher Executer ce programme en mode de compatibilité pour
Dans la liste déroulante, choisir Windows Vista SP2
Dans Niveau de privilèges, cocher la case Exécuter en tant qu'administrateur
Cliquer sur Appliquer puis Ok.

------

Double-clique sur RSIT.exe afin de lancer RSIT.
A l'écran Disclaimer, clique sur Continuer
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera. Accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Copie-colle le contenu de log.txt (affiché à l'écran) puis celui de info.txt (réduit dans la Barre des Tâches) dans ton prochain message. Si ces fichiers sont trop longs, mets-les dans 2 messages successifs.
Si tu ne vois pas ces deux rapports, tu les trouveras dans le dossier C:\rsit

Important : pour sélectionner tout le texte une fois dans le rapport texte, appuie sur les touches [Ctrl] + [A], puis clic droit / copier. une fois dans ton nouveau message sur le forum, clic droit puis coller à l'endroit où tu veux coller l'intégralité du texte.

Au cas où - tutoriel installation et génération des rapports RSIT : http://aide-malware.forumactif.net/tutorie...ol-rsit-t29.htm

Si c'est Windows 7 64 bits, utiliser ZHPDiag de Nicolas Coolman (voir mon précédent message)

@+

kormick1 · le 21 mars 2010

VOICI LE LOG:

Logfile of random's system information tool 1.06 (written by random/random)

Run by CABELUDO at 2010-03-21 17:26:35

Microsoft Windows 7 Professional Service Pack 2

System drive C: has 9 GB (34%) free of 27 GB

Total RAM: 2046 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:26:49, on 21.03.2010

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Cobian Backup 9\cbInterface.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE

D:\Downloads\RSIT.exe

C:\Program Files\trend micro\CABELUDO.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Cobian Backup 9 interface] "C:\Program Files\Cobian Backup 9\cbInterface.exe" -service

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Cobian Backup 9 service (CobianBackupAmanita) - Luis Cobian - C:\Program Files\Cobian Backup 9\cbService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\Windows\system32\lkcitdl.exe

O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\Windows\system32\lkads.exe

O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\Windows\system32\lktsrv.exe

O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe

O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe

O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\Windows\system32\nisvcloc.exe

O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: OpcEnum - OPC Foundation - C:\Windows\system32\OpcEnum.exe

O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--

End of file - 6017 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2009-09-20 1172280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]

SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2009-09-20 158008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2009-09-20 1172280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-08-19 13793824]

"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]

"Cobian Backup 9 interface"=C:\Program Files\Cobian Backup 9\cbInterface.exe [2009-01-22 2749952]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=0

"ConsentPromptBehaviorUser"=3

"EnableLUA"=0

"EnableUIADesktopToggle"=0

"PromptOnSecureDesktop"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4e147ad-f2b8-11de-8faa-001060d10eab}]

shell\AutoRun\command - F:\LaunchU3.exe -a

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-03-21 17:26:36 ----D---- C:\Program Files\trend micro

2010-03-21 17:26:35 ----D---- C:\rsit

2010-03-20 11:42:10 ----D---- C:\ProgramData\Spybot - Search & Destroy

2010-03-20 11:42:10 ----D---- C:\Program Files\Spybot - Search & Destroy

2010-03-17 21:53:26 ----D---- C:\strawberry

2010-03-17 21:23:27 ----D---- C:\Program Files\FileZilla FTP Client

2010-03-10 15:12:26 ----D---- C:\Program Files\Common Files\Merge Modules

2010-03-10 15:12:01 ----D---- C:\ProgramData\National Instruments

2010-03-10 15:10:40 ----D---- C:\Program Files\National Instruments

2010-03-10 15:09:40 ----D---- C:\National Instruments Downloads

2010-03-02 23:30:42 ----A---- C:\Windows\iun6002.exe

2010-03-02 23:30:29 ----D---- C:\Program Files\Perl Express

2010-03-02 23:30:15 ----A---- C:\Windows\Perl Express Setup Log.txt

2010-02-24 20:47:10 ----A---- C:\Windows\system32\decdll.dll

2010-02-24 20:47:08 ----D---- C:\Users\CABELUDO\AppData\Roaming\FreeVideoConverter

2010-02-24 20:47:08 ----D---- C:\Program Files\Free Video Converter

2010-02-24 20:22:47 ----D---- C:\Users\CABELUDO\AppData\Roaming\Apowersoft

2010-02-23 13:38:46 ----A---- C:\Windows\system32\d3dx9_32.dll

2010-02-23 13:38:41 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition

======List of files/folders modified in the last 1 months======

2010-03-21 17:26:47 ----D---- C:\Windows\Prefetch

2010-03-21 17:26:37 ----D---- C:\Windows\Temp

2010-03-21 17:26:36 ----RD---- C:\Program Files

2010-03-21 17:14:36 ----D---- C:\Users\CABELUDO\AppData\Roaming\Skype

2010-03-21 16:01:30 ----D---- C:\Users\CABELUDO\AppData\Roaming\skypePM

2010-03-21 15:11:47 ----D---- C:\Windows\System32

2010-03-21 15:11:47 ----D---- C:\Windows\inf

2010-03-21 15:11:47 ----A---- C:\Windows\system32\PerfStringBackup.INI

2010-03-20 11:42:10 ----HD---- C:\ProgramData

2010-03-18 11:34:48 ----D---- C:\Program Files\Mozilla Firefox

2010-03-17 22:07:22 ----D---- C:\Users\CABELUDO\AppData\Roaming\FileZilla

2010-03-17 21:54:02 ----SHD---- C:\Windows\Installer

2010-03-17 21:54:01 ----HD---- C:\Config.Msi

2010-03-17 21:54:00 ----SD---- C:\Users\CABELUDO\AppData\Roaming\Microsoft

2010-03-10 15:12:45 ----D---- C:\Windows\system32\drivers

2010-03-10 15:12:26 ----D---- C:\Program Files\Common Files

2010-03-10 15:11:14 ----D---- C:\Windows\winsxs

2010-03-10 15:10:56 ----D---- C:\Windows\system32\config

2010-03-04 17:56:24 ----D---- C:\Windows\system32\catroot2

2010-03-02 23:30:42 ----D---- C:\Windows

2010-02-27 13:53:24 ----D---- C:\Users\CABELUDO\AppData\Roaming\vlc

2010-02-27 11:50:38 ----A---- C:\Windows\win.ini

2010-02-24 20:54:54 ----D---- C:\Users\CABELUDO\AppData\Roaming\dvdcss

2010-02-24 17:15:03 ----D---- C:\Users\CABELUDO\AppData\Roaming\gtk-2.0

2010-02-23 13:39:18 ----D---- C:\Program Files\Windows Live

2010-02-23 13:38:42 ----RSD---- C:\Windows\assembly

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]

R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]

R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]

R1 discache;@%systemroot%\system32\drivers\discache.sys,-102; C:\Windows\System32\drivers\discache.sys [2009-07-14 32256]

R1 RDPREFMP;@%systemroot%\system32\drivers\RdpRefMp.sys,-101; C:\Windows\system32\drivers\rdprefmp.sys [2009-07-14 7168]

R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]

R1 WfpLwf;WFP Lightweight Filter; C:\Windows\system32\DRIVERS\wfplwf.sys [2009-07-14 9728]

R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-10 56816]

R2 cvintdrv;cvintdrv; C:\Windows\system32\drivers\cvintdrv.sys [2007-08-02 4096]

R3 1394ohci;1394 OHCI Compliant Host Controller; C:\Windows\system32\DRIVERS\1394ohci.sys [2009-07-14 163328]

R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]

R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]

R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]

R3 Cam5603D;WebCam; C:\Windows\System32\Drivers\BisonCam.sys [2007-06-01 753456]

R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2009-07-14 14080]

R3 CompositeBus;Composite Bus Enumerator Driver; C:\Windows\system32\DRIVERS\CompositeBus.sys [2009-07-14 31232]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]

R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-07-14 304128]

R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [2009-03-09 56320]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-08-19 9787488]

R3 RasAgileVpn;WAN Miniport (IKEv2); C:\Windows\system32\DRIVERS\AgileVpn.sys [2009-07-14 49152]

R3 rdpbus;Remote Desktop Device Redirector Bus Driver; C:\Windows\system32\DRIVERS\rdpbus.sys [2009-07-14 18944]

R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]

R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2009-07-13 1068032]

R3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-14 9216]

R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2009-07-14 11264]

R3 WSDPrintDevice;WSD Print Support via UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]

R3 WudfPf;User Mode Driver Frameworks Platform Driver; C:\Windows\system32\drivers\WudfPf.sys [2009-07-14 92672]

S3 AcpiPmi;ACPI Power Meter Driver; C:\Windows\system32\DRIVERS\acpipmi.sys [2009-07-14 9728]

S3 AmdPPM;AMD Processor Driver; C:\Windows\system32\DRIVERS\amdppm.sys [2009-07-14 52736]

S3 amdsata;amdsata; C:\Windows\system32\DRIVERS\amdsata.sys [2009-07-14 79952]

S3 amdsbs;amdsbs; C:\Windows\system32\DRIVERS\amdsbs.sys [2009-07-14 159312]

S3 AppID;@%systemroot%\system32\appidsvc.dll,-102; C:\Windows\system32\drivers\appid.sys [2009-07-14 50176]

S3 b06bdrv;Broadcom NetXtreme II VBD; C:\Windows\system32\DRIVERS\bxvbdx.sys [2009-07-13 430080]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]

S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]

S3 drmkaud;Microsoft Trusted Audio Drivers; C:\Windows\system32\drivers\drmkaud.sys [2009-07-14 5120]

S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD; C:\Windows\system32\DRIVERS\evbdx.sys [2009-07-13 3100160]

S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\DRIVERS\errdev.sys [2009-07-14 7168]

S3 FsDepends;@%SystemRoot%\system32\drivers\fsdepends.sys,-10001; C:\Windows\System32\drivers\FsDepends.sys [2009-07-14 46160]

S3 hcw85cir;Hauppauge Consumer Infrared Receiver; C:\Windows\system32\drivers\hcw85cir.sys [2009-07-13 26624]

S3 HidBatt;HID UPS Battery Driver; C:\Windows\system32\DRIVERS\HidBatt.sys [2009-07-14 21504]

S3 HpSAMD;HpSAMD; C:\Windows\system32\DRIVERS\HpSAMD.sys [2009-07-14 67152]

S3 LSI_SAS2;LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [2009-07-14 54864]

S3 MegaSR;MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [2009-07-14 235584]

S3 mshidkmdf;@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100; C:\Windows\System32\drivers\mshidkmdf.sys [2009-07-14 4096]

S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2009-07-14 8320]

S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2009-07-14 5888]

S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2009-07-14 5504]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2009-07-14 6144]

S3 MTConfig;Microsoft Input Configuration Driver; C:\Windows\system32\DRIVERS\MTConfig.sys [2009-07-14 12288]

S3 NdisCap;NDIS Capture LightWeight Filter; C:\Windows\system32\DRIVERS\ndiscap.sys [2009-07-14 27136]

S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]

S3 scfilter;@%SystemRoot%\System32\drivers\scfilter.sys,-11; C:\Windows\System32\DRIVERS\scfilter.sys [2009-07-14 26624]

S3 stexstor;stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [2009-07-14 21072]

S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]

S3 UmPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2009-07-14 8192]

S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]

S3 vhdmp;vhdmp; C:\Windows\system32\DRIVERS\vhdmp.sys [2009-07-14 159824]

S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]

S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]

S3 vpnva;Cisco AnyConnect VPN Virtual Miniport Adapter for Windows; C:\Windows\system32\DRIVERS\vpnva.sys [2009-06-17 20152]

S3 vwifibus;@%SystemRoot%\System32\drivers\vwifibus.sys,-257; C:\Windows\System32\drivers\vwifibus.sys [2009-07-14 19968]

S3 WIMMount;WIMMount; C:\Windows\system32\drivers\wimmount.sys [2009-07-14 19008]

S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2009-07-14 132224]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]

R2 CobianBackupAmanita;Cobian Backup 9 service; C:\Program Files\Cobian Backup 9\cbService.exe [2009-01-22 583168]

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]

R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 20992]

R2 LkCitadelServer;Lookout Citadel Server; C:\Windows\system32\lkcitdl.exe [2007-03-21 695136]

R2 lkClassAds;National Instruments PSP Server Locator; C:\Windows\system32\lkads.exe [2007-07-16 40488]

R2 lkTimeSync;National Instruments Time Synchronization; C:\Windows\system32\lktsrv.exe [2007-07-16 50736]

R2 mxssvr;NI Configuration Manager; C:\Program Files\National Instruments\MAX\nimxs.exe [2007-03-08 12696]

R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]

R2 NIDomainService;National Instruments Domain Service; C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe [2007-07-16 213040]

R2 niSvcLoc;NI Service Locator; C:\Windows\system32\nisvcloc.exe [2007-07-19 48704]

R2 NITaggerService;National Instruments Variable Engine; C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe [2007-07-23 609384]

R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-08-19 211488]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]

R2 Power;@%SystemRoot%\system32\umpo.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]

R2 RpcEptMapper;@%windir%\system32\RpcEpMap.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-14 20992]

R2 sppsvc;@%SystemRoot%\system32\sppsvc.exe,-101; C:\Windows\system32\sppsvc.exe [2009-07-14 3179520]

R2 vpnagent;Cisco AnyConnect VPN Agent; C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-12-17 497856]

R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]

R3 bthserv;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 20992]

R3 HomeGroupListener;@%SystemRoot%\System32\ListSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]

R3 HomeGroupProvider;@%SystemRoot%\System32\provsvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]

R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]

S3 AppIDSvc;@%systemroot%\system32\appidsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S3 AxInstSV;@%SystemRoot%\system32\AxInstSV.dll,-103; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S3 BDESVC;@%SystemRoot%\system32\bdesvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]

S3 defragsvc;@%SystemRoot%\system32\defragsvc.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S3 EFS;@%SystemRoot%\system32\efssvc.dll,-100; C:\Windows\System32\lsass.exe [2009-07-14 22528]

S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2009-07-14 522752]

S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S3 OpcEnum;OpcEnum; C:\Windows\system32\OpcEnum.exe [2007-05-09 98304]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

S3 SensrSvc;@%SystemRoot%\System32\sensrsvc.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S3 sppuinotify;@%SystemRoot%\system32\sppuinotify.dll,-103; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]

S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

S3 VaultSvc;@%SystemRoot%\system32\vaultsvc.dll,-1003; C:\Windows\system32\lsass.exe [2009-07-14 22528]

S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2009-07-14 1202688]

S3 WbioSrvc;@%systemroot%\system32\wbiosrvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S3 WwanSvc;@%SystemRoot%\System32\wwansvc.dll,-257; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S4 NILM License Manager;NILM License Manager; C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe [2007-01-29 1007616]

-----------------EOF-----------------

ET LE INFO

info.txt logfile of random's system information tool 1.06 2010-03-21 17:27:01

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

-->MsiExec /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}

32 Bit HP CIO Components Installer-->MsiExec.exe /I{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}

7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"

Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe

Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}

Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}

Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE

Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}

Cisco AnyConnect VPN Client-->MsiExec.exe /X{92083A9A-549D-4057-88E8-223EA08563FA}

Cobian Backup 9-->C:\Program Files\Cobian Backup 9\cbUninstall.exe

CutePDF Writer 2.8-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe

Default-->MsiExec.exe /I{7930EE08-E04D-4586-9FA7-7AD453B14E49}

DiskAid 3.11-->"C:\Program Files\DigiDNA\DiskAid\unins000.exe"

DivX Plus Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN

DNADynamo 1.0-->"C:\Program Files\DNADynamo\unins000.exe"

Free Video Converter V 2.5-->"C:\Program Files\Free Video Converter\unins000.exe"

Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}

GIMP 2.6.7-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"

GTA San Andreas-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x40c -removeonly

HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall

HP Photosmart Wireless B109n-z All-In-One Driver 13.0 Rel .6-->C:\Program Files\HP\Digital Imaging\{722B4A13-F24D-43AE-8813-5DB82C0B23C2}\setup\hpzscr01.exe -datfile hposcr39.dat -onestop -forcereboot

Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe

Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}

iTunes-->MsiExec.exe /I{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}

Java 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}

Logiciels National Instruments-->"C:\Program Files\National Instruments\Shared\NIUninstaller\uninst.exe"

Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}

Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Mozilla Firefox (3.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI

NVIDIA PhysX-->MsiExec.exe /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}

Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

Perl Express 2.5-->C:\Windows\iun6002.exe "C:\Program Files\Perl Express\irunin25.ini"

QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}

Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}

Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}

SopCast 3.2.4-->C:\Program Files\SopCast\uninst.exe

Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

Strawberry Perl-->MsiExec.exe /X{25668C6A-4ECB-3842-B85F-6F663B4E3A38}

SumatraPDF-->"C:\Program Files\SumatraPDF\uninstall.exe"

VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}

VLC media player 1.0.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe

WebCam-->C:\Program Files\InstallShield Installation Information\{4A57592C-FF92-4083-97A9-92783BD5AFB4}\setup.exe -runfromtemp -l0x040c -removeonly

Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}

Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}

Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA}

Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}

Windows Live Movie Maker-->MsiExec.exe /X{53B20C18-D8D4-4588-8737-9BBFE303C354}

Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE

Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Hosts File======

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

======Security center information======

AV: AntiVir Desktop (disabled) (outdated)

======System event log======

Computer Name: CABELUDO-PC

Event Code: 4001

Message: WLAN AutoConfig service has successfully stopped.

Record Number: 763

Source Name: Microsoft-Windows-WLAN-AutoConfig

Time Written: 20090923213730.684086-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: CABELUDO-PC

Event Code: 37

Message: The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 0 seconds since the last report.

Record Number: 668

Source Name: Microsoft-Windows-Kernel-Processor-Power

Time Written: 20090923194333.093332-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: CABELUDO-PC

Event Code: 37

Message: The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 83 seconds since the last report.

Record Number: 658

Source Name: Microsoft-Windows-Kernel-Processor-Power

Time Written: 20090923194221.515600-000

Event Type: Warning

User:

Computer Name: CABELUDO-PC

Event Code: 12

Message: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

Record Number: 656

Source Name: Microsoft-Windows-HAL

Time Written: 20090923194112.021556-000

Event Type: Error

User:

Computer Name: CABELUDO-PC

Event Code: 4001

Message: WLAN AutoConfig service has successfully stopped.

Record Number: 549

Source Name: Microsoft-Windows-WLAN-AutoConfig

Time Written: 20090923193509.631856-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: CABELUDO-PC

Event Code: 33

Message: Activation context generation failed for "C:\Users\CABELUDO\AppData\Local\Temp\RarSFX0\basic\setup.exe". Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1" could not be found. Please use sxstrace.exe for detailed diagnosis.

Record Number: 297

Source Name: SideBySide

Time Written: 20090923204756.000000-000

Event Type: Error

User:

Computer Name: CABELUDO-PC

Event Code: 1000

Message: Faulting application name: firefox.exe, version: 1.9.1.3523, time stamp: 0x4a92de61

Faulting module name: np_gp.dll_unloaded, version: 0.0.0.0, time stamp: 0x4a55b8e9

Exception code: 0xc0000005

Fault offset: 0x04d53aa2

Faulting process id: 0xfb0

Faulting application start time: 0x01ca3c8d9370aa4f

Faulting application path: C:\Program Files\Mozilla Firefox\firefox.exe

Faulting module path: np_gp.dll

Report Id: b07fa607-a881-11de-9fb1-001060d10eab

Record Number: 278

Source Name: Application Error

Time Written: 20090923204304.000000-000

Event Type: Error

User:

Computer Name: CABELUDO-PC

Event Code: 1000

Message: Faulting application name: firefox.exe, version: 1.9.1.3523, time stamp: 0x4a92de61

Faulting module name: np_gp.dll_unloaded, version: 0.0.0.0, time stamp: 0x4a55b8e9

Exception code: 0xc0000005

Fault offset: 0x04d55d1e

Faulting process id: 0xfb0

Faulting application start time: 0x01ca3c8d9370aa4f

Faulting application path: C:\Program Files\Mozilla Firefox\firefox.exe

Faulting module path: np_gp.dll

Report Id: aa89d3f7-a881-11de-9fb1-001060d10eab

Record Number: 276

Source Name: Application Error

Time Written: 20090923204254.000000-000

Event Type: Error

User:

Computer Name: CABELUDO-PC

Event Code: 1530

Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -

1 user registry handles leaked from \Registry\User\S-1-5-21-199176115-3079699529-260366623-1000:

Process 400 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-199176115-3079699529-260366623-1000

Record Number: 240

Source Name: Microsoft-Windows-User Profiles Service

Time Written: 20090923193506.823851-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: CABELUDO-PC

Event Code: 1008

Message:

Record Number: 129

Source Name: Microsoft-Windows-Search

Time Written: 20090923190841.000000-000

Event Type: Warning

User:

=====Security event log=====

Computer Name: 37L4247D28-05

Event Code: 4735

Message: A security-enabled local group was changed.

Subject:

Security ID: S-1-5-18

Account Name: 37L4247D28-05$

Account Domain: WORKGROUP

Logon ID: 0x3e7

Group:

Security ID: S-1-5-32-551

Group Name: Backup Operators

Group Domain: Builtin

Changed Attributes:

SAM Account Name: -

SID History: -

Additional Information:

Privileges: -

Record Number: 5

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090924040014.190882-000

Event Type: Audit Success

User:

Computer Name: 37L4247D28-05

Event Code: 4731

Message: A security-enabled local group was created.

Subject:

Security ID: S-1-5-18

Account Name: 37L4247D28-05$

Account Domain: WORKGROUP

Logon ID: 0x3e7

New Group:

Security ID: S-1-5-32-551

Group Name: Backup Operators

Group Domain: Builtin

Attributes:

SAM Account Name: Backup Operators

SID History: -

Additional Information:

Privileges: -

Record Number: 4

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090924040014.175282-000

Event Type: Audit Success

User:

Computer Name: 37L4247D28-05

Event Code: 4902

Message: The Per-user audit policy table was created.

Number of Elements: 0

Policy ID: 0x2525b

Record Number: 3

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090924040013.738481-000

Event Type: Audit Success

User:

Computer Name: 37L4247D28-05

Event Code: 4624

Message: An account was successfully logged on.

Subject:

Security ID: S-1-0-0

Account Name: -

Account Domain: -

Logon ID: 0x0

Logon Type: 0

New Logon:

Security ID: S-1-5-18

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon ID: 0x3e7

Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:

Process ID: 0x4

Process Name:

Network Information:

Workstation Name: -

Source Network Address: -

Source Port: -

Detailed Authentication Information:

Logon Process: -

Authentication Package: -

Transited Services: -

Package Name (NTLM only): -

Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.

- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.

- Transited services indicate which intermediate services have participated in this logon request.

- Package name indicates which sub-protocol was used among the NTLM protocols.

- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Record Number: 2

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090924040011.757277-000

Event Type: Audit Success

User:

Computer Name: 37L4247D28-05

Event Code: 4608

Message: Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.

Record Number: 1

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090924040011.632477-000

Event Type: Audit Success

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\QuickTime\QTSystem\;C:\strawberry\c\bin;C:\strawberry\perl\bin

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=x86

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

"NUMBER_OF_PROCESSORS"=2

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel

"PROCESSOR_REVISION"=0f0d

"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip

"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

"KMP_DUPLICATE_LIB_OK"=TRUE

"MKL_SERIAL"=YES

"TERM"=dumb

"FTP_PASSIVE"=1

-----------------EOF-----------------

Tibonhomme · le 21 mars 2010

Bonsoir kormick1,

Il y a plusieurs choses curieuses (je regarde cela en détail et me renseigne).

Ce qui m'a d'abord interpellé :

======Security center information======

AV: AntiVir Desktop (disabled) (outdated)

Ton antivirus est-il bien actif et à jour?

Fais s'il te plaît ce scan de vérification :

Télécharge Malwarebytes' Anti-Malware (MBAM) en version gratuite (Download free version) : http://www.malwarebytes.org/mbam.php

Si tu possèdes déjà le logiciel, passe à la mise à jour.

Si le téléchargement, l'installation ou l'analyse ne fonctionne pas, dis-le moi.

Ce logiciel, très efficace en analyse à la demande, est à garder. La version payante apporte en plus un module résident avec protection contre des IP malveillantes, et les mises à jours automatiques.

En cas de problème de mise à jour au paragraphe suivant, télécharger directement les mises à jour ici : http://mbam.malwarebytes.org/database/mbam-rules.exe

Connecter tous les supports amovibles utilisés (clés usb, disques durs externes etc.) avant de lancer l'analyse.

La mise à jour est à effectuer systématiquement avant chaque analyse avec la version gratuite.

Double clique sur le fichier téléchargé pour lancer le processus d'installation (sous Vista -Windows 7, lancer MBAM par clic droit / Exécuter en tant qu'administrateur)
Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour, si le pare-feu demande l'autorisation à MBAM de se connecter, accepte
Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche
Sélectionne Exécuter un examen complet
Clique sur Rechercher
L'analyse démarre, elle peut demander du temps, cela est normal
A la fin de l'analyse, un message s'affiche :
L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.
Clique sur Ok pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse. Au cas ou tu fermes MBAM trop rapidement, le rapport se trouve dans l'onglet Rapports/Logs, nommé par la date et l'heure.

Si MBAM demande à redémarrer le pc, fais-le.

Ne pas vider la quarantaine de MBAM sans avis (des faux-positifs peuvent y avoir été placés).

@+

kormick1 · le 21 mars 2010

voilà le rapport, apparement rien trouvé:

Malwarebytes' Anti-Malware 1.44

Version de la base de données: 3892

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

21.03.2010 19:58:20

mbam-log-2010-03-21 (19-58-20).txt

Type de recherche: Examen complet (C:\|D:\|)

Eléments examinés: 212407

Temps écoulé: 51 minute(s), 10 second(s)

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

Processus mémoire infecté(s):