Plus rient ne s'afice du mon bureau
kass806
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
je vous fais part du raporte du fichier log.txt et celui de info.txt
Logfile of random's system information tool 1.06 (written by random/random)
Run by KOITA at 2009-07-04 17:23:51
WIN_XP Service Pack 2
System drive C: has 470 MB (2%) free of 19 GB
Total RAM: 254 MB (20% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:25:23, on 04/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS1\Explorer.EXE
C:\WINDOWS1\system32\hkcmd.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS1\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\KOITA.JEROME\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Luxor\luxor.exe
C:\Documents and Settings\KOITA.JEROME\Mes documents\RSIT.exe
C:\Program Files\trend micro\KOITA.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://lstard.stormcorp.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS1\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS1\system32\hkcmd.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS1\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS1\system32\olhrwef.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User '?')
O4 - HKUS\S-1-5-21-1844237615-1580818891-682003330-1003\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O4 - S-1-5-21-1844237615-1580818891-682003330-1003 Startup: Dos Optimizer.pif = ? (User '?')
O4 - Startup: Dos Optimizer.pif = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
--
End of file - 4815 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"IgfxTray"=C:\WINDOWS1\system32\igfxtray.exe [2004-02-10 155648]
"HotKeysCmds"=C:\WINDOWS1\system32\hkcmd.exe [2004-02-10 118784]
"MSConfig"=C:\WINDOWS1\PCHealth\HelpCtr\Binaries\MSConfig.exe [2004-08-04 160768]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"FrameWorkService"= []
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS1\system32\ctfmon.exe [2004-08-04 15360]
"cdoosoft"=C:\WINDOWS1\system32\olhrwef.exe []
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2006-10-24 4662776]
"FrameWorkService"= []
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
C:\Program Files\Ares\Ares.exe [2009-02-03 1004544]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cybera Client]
C:\Program Files\Cybera Client\cybcli.exe [2006-12-09 1101824]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS1\system32\dumprep 0 -k []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
C:\WINDOWS1\lclock.exe [2004-12-08 65536]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2006-10-24 4662776]
C:\Documents and Settings\KOITA.JEROME\Menu Démarrer\Programmes\Démarrage
Dos Optimizer.pif
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS1\system32\igfxsrvc.dll [2004-02-10 339968]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1
"NoSMBalloonTip"=0
"DisallowRun"=0
"NoFolderOptions"=0
"NoRun"=0
"NoFind"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Cybera Client\cybcli.exe"="C:\Program Files\Cybera Client\cybcli.exe:*:Enabled:Cyber Café administration - Workstation control "
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b2b46d8-6702-11de-a403-000874330696}]
shell\AutoRun\command - E:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\ConfDriver.exe
shell\open\command - E:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\ConfDriver.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2ca54c2-421e-11dd-8ee3-000874330696}]
shell\AutoRun\command - E:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\ConfDriver.exe
shell\open\command - E:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\ConfDriver.exe
======List of files/folders created in the last 1 months======
2009-07-04 17:23:51 ----D---- C:\rsit
2009-07-04 17:23:51 ----D---- C:\Program Files\trend micro
2009-07-03 00:15:05 ----A---- C:\WINDOWS1\IE4 Error Log.txt
2009-07-02 23:41:19 ----D---- C:\Documents and Settings\KOITA.JEROME\Application Data\Help
2009-07-02 20:59:07 ----SHD---- C:\Config.Msi
2009-06-30 21:33:58 ----A---- C:\Documents and Settings\KOITA.JEROME\Application Data\lsass.exe
2009-06-30 18:42:07 ----A---- C:\Documents and Settings\KOITA.JEROME\Application Data\svchost.exe
2009-06-30 08:48:38 ----A---- C:\Documents and Settings\KOITA.JEROME\Application Data\smss.exe
2009-06-26 19:18:09 ----D---- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Yahoo!
2009-06-26 19:17:31 ----D---- C:\Documents and Settings\KOITA.JEROME\Application Data\Adobe
2009-06-26 16:56:21 ----D---- C:\Documents and Settings\KOITA.JEROME\Application Data\Mozilla
2009-06-26 16:56:13 ----D---- C:\Program Files\Mozilla Firefox
2009-06-26 16:46:16 ----D---- C:\Program Files\Luxor
2009-06-25 23:29:40 ----D---- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Adobe
2009-06-25 23:29:10 ----D---- C:\Program Files\Adobe
2009-06-25 23:15:11 ----D---- C:\WINDOWS1\pss
2009-06-25 23:15:11 ----D---- C:\Program Files\Yahoo!
2009-06-25 22:44:02 ----A---- C:\~GLHTTP1.TMP
2009-06-15 19:13:04 ----D---- C:\Program Files\Fichiers communs\SWF Studio
======List of files/folders modified in the last 1 months======
2009-07-04 17:23:51 ----D---- C:\Program Files
2009-07-04 17:16:01 ----A---- C:\WINDOWS1\win.ini
2009-07-04 15:54:20 ----D---- C:\WINDOWS1\Temp
2009-07-04 15:53:55 ----A---- C:\WINDOWS1\SchedLgU.Txt
2009-07-04 15:52:38 ----D---- C:\WINDOWS1\system32\CatRoot2
2009-07-03 21:02:11 ----ASH---- C:\boot.ini
2009-07-03 21:02:11 ----A---- C:\WINDOWS1\system.ini
2009-07-03 16:48:25 ----D---- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Cybera Client
2009-07-03 00:15:05 ----D---- C:\WINDOWS1
2009-07-02 23:41:19 ----D---- C:\WINDOWS1\Help
2009-07-02 20:59:15 ----SHD---- C:\WINDOWS1\Installer
2009-07-02 20:59:08 ----D---- C:\Program Files\MSN Messenger
2009-07-02 20:50:34 ----D---- C:\WINDOWS1\pchealth
2009-07-02 17:21:07 ----SD---- C:\Documents and Settings\KOITA.JEROME\Application Data\Microsoft
2009-06-30 16:09:58 ----SHD---- C:\System Volume Information
2009-06-30 16:09:58 ----D---- C:\WINDOWS1\system32\Restore
2009-06-30 08:48:38 ----HD---- C:\WINDOWS1\inf
2009-06-30 08:48:38 ----D---- C:\WINDOWS1\system32
2009-06-29 20:47:36 ----D---- C:\WINDOWS1\system32\drivers
2009-06-26 16:47:22 ----D---- C:\Downloads
2009-06-26 16:47:09 ----D---- C:\Documents and Settings
2009-06-26 09:46:07 ----D---- C:\WINDOWS1\system32\wbem
2009-06-26 09:46:07 ----A---- C:\WINDOWS1\system32\PerfStringBackup.INI
2009-06-25 23:29:56 ----D---- C:\Program Files\Fichiers communs\Adobe
2009-06-25 23:29:48 ----D---- C:\WINDOWS1\WinSxS
2009-06-19 23:19:14 ----D---- C:\Program Files\FlashGet
2009-06-15 19:13:04 ----D---- C:\Program Files\Fichiers communs
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS1\system32\DRIVERS\avipbb.sys [2009-06-30 75096]
R1 ssmdrv;ssmdrv; C:\WINDOWS1\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 E1000;Intel(R) PRO/1000 Network Connection Driver; C:\WINDOWS1\system32\DRIVERS\e1000325.sys [2006-10-29 163840]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS1\system32\DRIVERS\hidusb.sys [2002-12-22 9600]
R3 ialm;ialm; C:\WINDOWS1\system32\DRIVERS\ialmnt5.sys [2004-02-10 681469]
R3 mouhid;Pilote HID de souris; C:\WINDOWS1\system32\DRIVERS\mouhid.sys [2002-12-22 12288]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS1\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS1\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS1\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS1\system32\drivers\cmuda.sys [2006-10-29 815296]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS1\system32\DRIVERS\usbccgp.sys [2002-12-22 31616]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS1\system32\DRIVERS\USBSTOR.SYS [2002-12-22 26496]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2009-07-04 17:25:29
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS1\INF\PCHealth.inf
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
C-Media WDM Audio Driver-->C:\WINDOWS1\system32\cmirmdrv.exe
Cybera Client-->C:\Program Files\Cybera Client\uninst.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS1\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
Luxor-->C:\Program Files\Luxor\UNWISE.EXE C:\Program Files\Luxor\INSTALL.LOG
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Mozilla Firefox (2.0.0.20)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
======Hosts File======
127.0.0.1 localhost
127.0.0.1 downloads.aaa1screensavers.com #[Bargin Buddy]
127.0.0.1 china.dalexcars.com
127.0.0.1 dl.aaascreensavers.com
127.0.0.1 abcsearch.com
127.0.0.1 admin.abcsearch.com
127.0.0.1 www3.abcsearch.com #[Browseraid]
127.0.0.1 www.abcsearch.com
127.0.0.1 abc517.net #[Trojan.Mitglieder.H]
127.0.0.1 absoluagency.com #[Trojan.StartPage.H]
Securitycenter WMI appears to be broken
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 1 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0103
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"DEVMGR_SHOW_DETAILS"=1
-----------------EOF-----------------
je vous fais part du raporte du fichier log.txt et celui de info.txt
Logfile of random's system information tool 1.06 (written by random/random)
Run by KOITA at 2009-07-04 17:23:51
WIN_XP Service Pack 2
System drive C: has 470 MB (2%) free of 19 GB
Total RAM: 254 MB (20% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:25:23, on 04/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS1\Explorer.EXE
C:\WINDOWS1\system32\hkcmd.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS1\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\KOITA.JEROME\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Luxor\luxor.exe
C:\Documents and Settings\KOITA.JEROME\Mes documents\RSIT.exe
C:\Program Files\trend micro\KOITA.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://lstard.stormcorp.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS1\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS1\system32\hkcmd.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS1\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS1\system32\olhrwef.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User '?')
O4 - HKUS\S-1-5-21-1844237615-1580818891-682003330-1003\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O4 - S-1-5-21-1844237615-1580818891-682003330-1003 Startup: Dos Optimizer.pif = ? (User '?')
O4 - Startup: Dos Optimizer.pif = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
--
End of file - 4815 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"IgfxTray"=C:\WINDOWS1\system32\igfxtray.exe [2004-02-10 155648]
"HotKeysCmds"=C:\WINDOWS1\system32\hkcmd.exe [2004-02-10 118784]
"MSConfig"=C:\WINDOWS1\PCHealth\HelpCtr\Binaries\MSConfig.exe [2004-08-04 160768]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"FrameWorkService"= []
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS1\system32\ctfmon.exe [2004-08-04 15360]
"cdoosoft"=C:\WINDOWS1\system32\olhrwef.exe []
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2006-10-24 4662776]
"FrameWorkService"= []
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
C:\Program Files\Ares\Ares.exe [2009-02-03 1004544]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cybera Client]
C:\Program Files\Cybera Client\cybcli.exe [2006-12-09 1101824]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS1\system32\dumprep 0 -k []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
C:\WINDOWS1\lclock.exe [2004-12-08 65536]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2006-10-24 4662776]
C:\Documents and Settings\KOITA.JEROME\Menu Démarrer\Programmes\Démarrage
Dos Optimizer.pif
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS1\system32\igfxsrvc.dll [2004-02-10 339968]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1
"NoSMBalloonTip"=0
"DisallowRun"=0
"NoFolderOptions"=0
"NoRun"=0
"NoFind"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Cybera Client\cybcli.exe"="C:\Program Files\Cybera Client\cybcli.exe:*:Enabled:Cyber Café administration - Workstation control "
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b2b46d8-6702-11de-a403-000874330696}]
shell\AutoRun\command - E:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\ConfDriver.exe
shell\open\command - E:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\ConfDriver.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2ca54c2-421e-11dd-8ee3-000874330696}]
shell\AutoRun\command - E:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\ConfDriver.exe
shell\open\command - E:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\ConfDriver.exe
======List of files/folders created in the last 1 months======
2009-07-04 17:23:51 ----D---- C:\rsit
2009-07-04 17:23:51 ----D---- C:\Program Files\trend micro
2009-07-03 00:15:05 ----A---- C:\WINDOWS1\IE4 Error Log.txt
2009-07-02 23:41:19 ----D---- C:\Documents and Settings\KOITA.JEROME\Application Data\Help
2009-07-02 20:59:07 ----SHD---- C:\Config.Msi
2009-06-30 21:33:58 ----A---- C:\Documents and Settings\KOITA.JEROME\Application Data\lsass.exe
2009-06-30 18:42:07 ----A---- C:\Documents and Settings\KOITA.JEROME\Application Data\svchost.exe
2009-06-30 08:48:38 ----A---- C:\Documents and Settings\KOITA.JEROME\Application Data\smss.exe
2009-06-26 19:18:09 ----D---- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Yahoo!
2009-06-26 19:17:31 ----D---- C:\Documents and Settings\KOITA.JEROME\Application Data\Adobe
2009-06-26 16:56:21 ----D---- C:\Documents and Settings\KOITA.JEROME\Application Data\Mozilla
2009-06-26 16:56:13 ----D---- C:\Program Files\Mozilla Firefox
2009-06-26 16:46:16 ----D---- C:\Program Files\Luxor
2009-06-25 23:29:40 ----D---- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Adobe
2009-06-25 23:29:10 ----D---- C:\Program Files\Adobe
2009-06-25 23:15:11 ----D---- C:\WINDOWS1\pss
2009-06-25 23:15:11 ----D---- C:\Program Files\Yahoo!
2009-06-25 22:44:02 ----A---- C:\~GLHTTP1.TMP
2009-06-15 19:13:04 ----D---- C:\Program Files\Fichiers communs\SWF Studio
======List of files/folders modified in the last 1 months======
2009-07-04 17:23:51 ----D---- C:\Program Files
2009-07-04 17:16:01 ----A---- C:\WINDOWS1\win.ini
2009-07-04 15:54:20 ----D---- C:\WINDOWS1\Temp
2009-07-04 15:53:55 ----A---- C:\WINDOWS1\SchedLgU.Txt
2009-07-04 15:52:38 ----D---- C:\WINDOWS1\system32\CatRoot2
2009-07-03 21:02:11 ----ASH---- C:\boot.ini
2009-07-03 21:02:11 ----A---- C:\WINDOWS1\system.ini
2009-07-03 16:48:25 ----D---- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Cybera Client
2009-07-03 00:15:05 ----D---- C:\WINDOWS1
2009-07-02 23:41:19 ----D---- C:\WINDOWS1\Help
2009-07-02 20:59:15 ----SHD---- C:\WINDOWS1\Installer
2009-07-02 20:59:08 ----D---- C:\Program Files\MSN Messenger
2009-07-02 20:50:34 ----D---- C:\WINDOWS1\pchealth
2009-07-02 17:21:07 ----SD---- C:\Documents and Settings\KOITA.JEROME\Application Data\Microsoft
2009-06-30 16:09:58 ----SHD---- C:\System Volume Information
2009-06-30 16:09:58 ----D---- C:\WINDOWS1\system32\Restore
2009-06-30 08:48:38 ----HD---- C:\WINDOWS1\inf
2009-06-30 08:48:38 ----D---- C:\WINDOWS1\system32
2009-06-29 20:47:36 ----D---- C:\WINDOWS1\system32\drivers
2009-06-26 16:47:22 ----D---- C:\Downloads
2009-06-26 16:47:09 ----D---- C:\Documents and Settings
2009-06-26 09:46:07 ----D---- C:\WINDOWS1\system32\wbem
2009-06-26 09:46:07 ----A---- C:\WINDOWS1\system32\PerfStringBackup.INI
2009-06-25 23:29:56 ----D---- C:\Program Files\Fichiers communs\Adobe
2009-06-25 23:29:48 ----D---- C:\WINDOWS1\WinSxS
2009-06-19 23:19:14 ----D---- C:\Program Files\FlashGet
2009-06-15 19:13:04 ----D---- C:\Program Files\Fichiers communs
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS1\system32\DRIVERS\avipbb.sys [2009-06-30 75096]
R1 ssmdrv;ssmdrv; C:\WINDOWS1\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 E1000;Intel(R) PRO/1000 Network Connection Driver; C:\WINDOWS1\system32\DRIVERS\e1000325.sys [2006-10-29 163840]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS1\system32\DRIVERS\hidusb.sys [2002-12-22 9600]
R3 ialm;ialm; C:\WINDOWS1\system32\DRIVERS\ialmnt5.sys [2004-02-10 681469]
R3 mouhid;Pilote HID de souris; C:\WINDOWS1\system32\DRIVERS\mouhid.sys [2002-12-22 12288]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS1\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS1\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS1\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS1\system32\drivers\cmuda.sys [2006-10-29 815296]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS1\system32\DRIVERS\usbccgp.sys [2002-12-22 31616]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS1\system32\DRIVERS\USBSTOR.SYS [2002-12-22 26496]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2009-07-04 17:25:29
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS1\INF\PCHealth.inf
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
C-Media WDM Audio Driver-->C:\WINDOWS1\system32\cmirmdrv.exe
Cybera Client-->C:\Program Files\Cybera Client\uninst.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS1\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
Luxor-->C:\Program Files\Luxor\UNWISE.EXE C:\Program Files\Luxor\INSTALL.LOG
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Mozilla Firefox (2.0.0.20)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
======Hosts File======
127.0.0.1 localhost
127.0.0.1 downloads.aaa1screensavers.com #[Bargin Buddy]
127.0.0.1 china.dalexcars.com
127.0.0.1 dl.aaascreensavers.com
127.0.0.1 abcsearch.com
127.0.0.1 admin.abcsearch.com
127.0.0.1 www3.abcsearch.com #[Browseraid]
127.0.0.1 www.abcsearch.com
127.0.0.1 abc517.net #[Trojan.Mitglieder.H]
127.0.0.1 absoluagency.com #[Trojan.StartPage.H]
Securitycenter WMI appears to be broken
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 1 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0103
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"DEVMGR_SHOW_DETAILS"=1
-----------------EOF-----------------
Configuration: Windows XP Internet Explorer 6.0
A voir également:
- Plus rient ne s'afice du mon bureau
- Changer les icones du bureau - Guide
- Mac de bureau - Guide
- Bureau virtuel windows 10 - Guide
- Pourquoi les icones du bureau sont blanches - Guide
- Ordinateur de bureau - Guide
1 réponse
salut avec un windows cracké c'est deja logique que ca parte en live
le LSDIII est tellement allégé qu'il lui lmanque des morceaux
*****************************************************
************** Option 1 (Recherche) **************
*****************************************************
Télécharge FindyKill (de Chiquitine29 , C_XX , et Chimay8) sur ton bureau :
! Déconnecte toi et ferme toutes applications en cours !
* Double clique sur "FindyKill.exe" pour lancer l'installation et laisse les paramètres d'instalation par défaut .
* Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)
* Double-clique sur le raccourci FindyKill qui est sur ton bureau pour lancer l'outil .
* Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
* Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]
Laisse travailler l'outil et ne touche à rien ...
--> Poste le rapport qui apparait à la fin , sur le forum ...
( le rapport est sauvegardé aussi sous C:\FindyKill.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
le LSDIII est tellement allégé qu'il lui lmanque des morceaux
*****************************************************
************** Option 1 (Recherche) **************
*****************************************************
Télécharge FindyKill (de Chiquitine29 , C_XX , et Chimay8) sur ton bureau :
! Déconnecte toi et ferme toutes applications en cours !
* Double clique sur "FindyKill.exe" pour lancer l'installation et laisse les paramètres d'instalation par défaut .
* Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)
* Double-clique sur le raccourci FindyKill qui est sur ton bureau pour lancer l'outil .
* Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
* Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]
Laisse travailler l'outil et ne touche à rien ...
--> Poste le rapport qui apparait à la fin , sur le forum ...
( le rapport est sauvegardé aussi sous C:\FindyKill.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
