Analyser, interpréter un log HijackThis

rebonsoir mike

premierement je te remercie infiniment pour ton aide

voila j ai appliquer tes instructions etape par etape
et j ai reussi cava j ai reussi a voir les video sur youtube a editer le registre et a avoir l option de dossiers dur la rubrique options

j apprecie carrement ton aide

voici le rapport de Malwarebytes:

Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2787
Windows 5.1.2600 Service Pack 2

9/12/2009 2:15:05 PM
mbam-log-2009-09-12 (14-15-00).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 113089
Temps écoulé: 19 minute(s), 3 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 43
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-1 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-10 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-11 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-12 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-13 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-14 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-15 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-16 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-17 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-18 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-19 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-2 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-20 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-21 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-22 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-23 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-24 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-25 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-26 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-27 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-28 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-29 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-3 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-30 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-31 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-4 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-5 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-6 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-7 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-8 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-9 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-12-10 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-12-11 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-12-12 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-12-13 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-12-14 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-12-15 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-12-16 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-12-17 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-12-21 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-12-22 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-12-25 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-12-26 (Worm.Brontok) -> No action taken.

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

re

voici le rapport RSIT


info.txt logfile of random's system information tool 1.06 2009-09-13 04:45:15

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\2.0.172.43\Installer\setup.exe" --uninstall --system-level
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
JustVoip-->"C:\Program Files\JustVoip.com\JustVoip\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee Security Scan-->"C:\Program Files\McAfee Security Scan\uninstall.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Norton Security Scan (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\NSSSetup\{6FF543AB-99B3-4120-902C-70A38314ABD8}_2_0_1\NSSSetup.exe" /X
Norton Security Scan-->MsiExec.exe /X{6FF543AB-99B3-4120-902C-70A38314ABD8}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971032)-->"C:\WINDOWS\$NtUninstallKB971032$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Voipwise-->"C:\Program Files\Voipwise.com\Voipwise\unins000.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

=====HijackThis Backups=====

F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\eksplorasi.exe" [2009-09-11]
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 [2009-09-12]
O1 - Hosts: <tr bgcolor=ccccff><td> [2009-09-13]
O1 - Hosts: </td></tr> [2009-09-13]
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://people.yahoo.com/">People Search</A> · <A [2009-09-13]
O1 - Hosts: <td valign=top width=229 bgcolor=ffffff> [2009-09-13]
O1 - Hosts: </td> [2009-09-13]
O1 - Hosts: </script> [2009-09-13]
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://greetings.yahoo.com/">Greetings</A> · <A [2009-09-13]
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://experts.yahoo.com/">Experts</A> · <A [2009-09-13]
O1 - Hosts: </table> [2009-09-13]
O1 - Hosts: <table cellpadding=0 cellspacing=0 border=0 width=675><tr><td bgcolor=a0b8c8> [2009-09-13]
O1 - Hosts: <tr valign=top bgcolor=ffffff><td align=center> [2009-09-13]
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://mail.yahoo.com/">Mail</A> · <A [2009-09-13]
O1 - Hosts: <tr> [2009-09-13]
O1 - Hosts: </td> [2009-09-13]
O1 - Hosts: vspace=0 frameborder=0 scrolling=no> [2009-09-13]
O1 - Hosts: <tr><td> [2009-09-13]
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://docs.yahoo.com/docs/family/more.html">more...</A> [2009-09-13]
O1 - Hosts: <tr> [2009-09-13]
O1 - Hosts: <noscript> [2009-09-13]
O1 - Hosts: <a href=http://webhosting.yahoo.com/ps/wh/prod/><img align=left src=http://us.i1.yimg.com/us.yimg.com/i/us/wh/gr/j_advan48.gif width=48 height=48 border=0 alt="Yahoo! Web Hosting"></a> [2009-09-13]
O1 - Hosts: </iframe> [2009-09-13]
O1 - Hosts: </tr> [2009-09-13]
O1 - Hosts: </HEAD><BODY BGCOLOR=white vlink=blue> [2009-09-13]
O1 - Hosts: <tr><td align=right> [2009-09-13]
O1 - Hosts: <font face=Arial size=+1 color=white><b>Sorry, the page you requested was not found.</b></font> [2009-09-13]
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://briefcase.yahoo.com/">Briefcase</A> · <A [2009-09-13]
O1 - Hosts: <table border=0 width=675 cellspacing=0 cellpadding=1> [2009-09-13]
O1 - Hosts: </table> [2009-09-13]
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://weather.yahoo.com/">Weather</A> · <A [2009-09-13]
O1 - Hosts: <br> [2009-09-13]
O1 - Hosts: <tr bgcolor=dcdcdc><td><font face=arial><b>Search Yahoo!</b></font></td></tr> [2009-09-13]
O1 - Hosts: <font face=arial size=-2>• <a href="http://search.yahoo.com/search/options?p=">advanced search</a> • <a href="http://buzz.yahoo.com">most popular</a></font> [2009-09-13]
O1 - Hosts: <table cellpadding=1 cellspacing=1 border=0 width="100%"> [2009-09-13]
O1 - Hosts: <form action="http://search.yahoo.com/search"> [2009-09-13]
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://news.yahoo.com/">News</A> · <A [2009-09-13]
O1 - Hosts: </form></td></tr></table> [2009-09-13]
O1 - Hosts: <td bgcolor=003399 colspan=2> [2009-09-13]
O1 - Hosts: <td valign=top align=center width=445> [2009-09-13]
O1 - Hosts: </font></td></tr></table></td></tr></table> [2009-09-13]
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://paydirect.yahoo.com/">PayDirect</A> · <A [2009-09-13]
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://geocities.yahoo.com/">Home Pages</A> · <A [2009-09-13]
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://alerts.yahoo.com/">Alerts</A> · <A [2009-09-13]
O1 - Hosts: <table width="100%" cellpadding=1 cellspacing=0 border=0 bgcolor=dcdcdc><tr> [2009-09-13]
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://www.yahooligans.com/">Yahooligans</A> · <A [2009-09-13]
O1 - Hosts: <tr bgcolor=white><td valign=top align=center> [2009-09-13]
O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE --><center> [2009-09-13]
O1 - Hosts: </td></tr> [2009-09-13]
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://address.yahoo.com/">Address Book</A> · <A [2009-09-13]
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://members.yahoo.com/">Member Directory</A> · <A [2009-09-13]
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://chat.yahoo.com/">Chat</A> · <A [2009-09-13]
O1 - Hosts: <table border=0 width=675 cellspacing=0 cellpadding=3> [2009-09-13]
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://shopping.yahoo.com/">Shopping</A> · <A [2009-09-13]
O1 - Hosts: <FONT face=arial size=+1>Yahoo! Web Hosting</font> [2009-09-13]
O1 - Hosts: <font face=arial size=-2><A [2009-09-13]
O1 - Hosts: </table> [2009-09-13]
O1 - Hosts: width=470 height=580 marginwidth=0 marginheight=0 hspace=0 [2009-09-13]
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://personals.yahoo.com/">Personals</A> · <A [2009-09-13]
O1 - Hosts: </tr> [2009-09-13]
O1 - Hosts: </tr></table> [2009-09-13]
O1 - Hosts: <font face=arial size=-1>Yahoo! Web Hosting has <a href="http://webhosting.yahoo.com/ps/wh/prod/">three affordable plans</a> to meet your needs - starting at just $11.95. [2009-09-13]
O1 - Hosts: <table width=100% border=0 cellspacing=0 cellpadding=3 bgcolor=ffffff> [2009-09-13]
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://yp.yahoo.com/">Yellow Pages</A> · <A [2009-09-13]
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://calendar.yahoo.com/">Calendar</A> · <A [2009-09-13]
O1 - Hosts: <input size="14" name="p" value="">  [2009-09-13]
O1 - Hosts: </noscript> [2009-09-13]
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://auctions.yahoo.com/">Auctions</A> · <A [2009-09-13]
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://sports.yahoo.com/">Sports</A> · <A [2009-09-13]
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://companion.yahoo.com/">Companion</A> · <A [2009-09-13]
O1 - Hosts: <!-- following code added by server. PLEASE REMOVE --> [2009-09-13]
O1 - Hosts: src="http://adserver.yahoo.com/a?f=76001284&p=geocities&l=MON&c=sr"> [2009-09-13]
O1 - Hosts: <script language="JavaScript" type="text/javascript" [2009-09-13]
O1 - Hosts: <input type="SUBMIT" value="Search"> [2009-09-13]
O1 - Hosts: <iframe [2009-09-13]
O1 - Hosts: <table width=675 cellpadding=0 cellspacing=2 border=0> [2009-09-13]
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://billpay.yahoo.com/">Bill Pay</A> · <A [2009-09-13]
O1 - Hosts: </td> [2009-09-13]
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://photos.yahoo.com/">Photos</A> · <A [2009-09-13]
O1 - Hosts: <br> [2009-09-13]
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://invites.yahoo.com/">Invites</A> · <A [2009-09-13]
O1 - Hosts: <tr> [2009-09-13]
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://bookmarks.yahoo.com/">Bookmarks</A> · <A [2009-09-13]
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://broadcast.yahoo.com/">Broadcast</A> · <A [2009-09-13]
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://tv.yahoo.com/">TV</A> · <A [2009-09-13]
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://clubs.yahoo.com/">Clubs</A> · <A [2009-09-13]
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://finance.yahoo.com/">Stock Quotes</A> · <A [2009-09-13]
O1 - Hosts: <td align=right><font face=arial size=-1><a href="/404/*http://www.yahoo.com">Yahoo!</a> - <a href="http://help.yahoo.com">Help</a></font><hr size=1 noshade></td> [2009-09-13]
O1 - Hosts: </td></tr> [2009-09-13]
O1 - Hosts: <td width=1% valign=top><a href="http://www.yahoo.com"><img src=http://us.i1.yimg.com/us.yimg.com/i/yahoo.gif width=147 height=31 border=0 alt="Yahoo"></a></td> [2009-09-13]
O1 - Hosts: <br> [2009-09-13]
O1 - Hosts: src="http://adserver.yahoo.com/a?f=76001284&p=geocities&l=MON&c=sh&bg=ffffff" [2009-09-13]
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://my.yahoo.com/">My Yahoo!</A> · <A [2009-09-13]
O1 - Hosts: </td></tr></table> [2009-09-13]
O1 - Hosts: <td width=1> </td> [2009-09-13]
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://classifieds.yahoo.com/">Classifieds</A> · <A [2009-09-13]
O1 - Hosts: <HTML><HEAD><TITLE>Yahoo!</TITLE> [2009-09-13]
O1 - Hosts: <b><font face=arial size=-1><a href=http://webhosting.yahoo.com/ps/wh/prod/>Learn more...</a></font></b> [2009-09-13]
O1 - Hosts: <td valign=top align=center><table width="100%" cellpadding=3 cellspacing=0 border=0 bgcolor=ffffff> [2009-09-13]
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://travel.yahoo.com/">Travel</A> · <A [2009-09-13]
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://games.yahoo.com/">Games</A> · <A [2009-09-13]
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://maps.yahoo.com/">Maps</A> · <A [2009-09-13]
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://messenger.yahoo.com/">Messenger</A> · <A [2009-09-13]
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab [2009-09-13]
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab [2009-09-13]

======Hosts File======

127.0.0.1 localhost
127.0.0.1 fr.a2dfp.net
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: SOLTANI
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 2015
Source Name: Tcpip
Time Written: 20090820111042.000000-420
Event Type: warning
User:

Computer Name: SOLTANI
Event Code: 29
Message: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Record Number: 2012
Source Name: W32Time
Time Written: 20090820110450.000000-420
Event Type: error
User:

Computer Name: SOLTANI
Event Code: 17
Message: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Record Number: 2011
Source Name: W32Time
Time Written: 20090820110450.000000-420
Event Type: error
User:

Computer Name: SOLTANI
Event Code: 29
Message: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Record Number: 2010
Source Name: W32Time
Time Written: 20090820110435.000000-420
Event Type: error
User:

Computer Name: SOLTANI
Event Code: 17
Message: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Record Number: 2009
Source Name: W32Time
Time Written: 20090820110435.000000-420
Event Type: error
User:

=====Application event log=====

Computer Name: SOLTANI
Event Code: 1517
Message: Windows saved user SOLTANI\Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 1160
Source Name: Userenv
Time Written: 20090911112625.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: SOLTANI
Event Code: 1000
Message: Faulting application zdwlan.exe, version 2.26.3.0, faulting module , version 0.0.0.0, fault address 0x00000000.

Record Number: 1150
Source Name: Application Error
Time Written: 20090911034211.000000-420
Event Type: error
User:

Computer Name: SOLTANI
Event Code: 1517
Message: Windows saved user SOLTANI\Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 1123
Source Name: Userenv
Time Written: 20090828022637.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: SOLTANI
Event Code: 1002
Message: Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 1041
Source Name: Application Hang
Time Written: 20090808064137.000000-420
Event Type: error
User:

Computer Name: SOLTANI
Event Code: 1517
Message: Windows saved user SOLTANI\Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 1025
Source Name: Userenv
Time Written: 20090806165707.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

bonjour kduc

voici le dernier logFile apres avoir suivi tes instructions

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:53 AM, on 9/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\hiij.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.shareware-ne.com/nl/index.php?rvs=hompag
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shareware-ne.com/nl/index.php?rvs=hompag
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: </center>
O1 - Hosts: </body>
O1 - Hosts: </html>
O1 - Hosts: <IMG SRC="http://geo.yahoo.com/serv?s=19190039&t=1236629927&f=us-w57" ALT=1 WIDTH=1 HEIGHT=1>
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [JustVoip] "C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe" -nosplash -minimized
O4 - Global Startup: McAfee Security Scan.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Update Service (gupdate1ca33c984d46cbc) (gupdate1ca33c984d46cbc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

Re

Les fixer ???

ok

je vais le faire tout de suite

merci