Analyser, interpréter un log HijackThis

amall -  
 Mike -
Bonjour,

voici mon log file HijackThis
j arrive pas a voir les video sur youtube et l option de dossier est diparu de mon menu

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:26:25 PM, on 9/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\hiij.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.shareware-ne.com/nl/index.php?rvs=hompag
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shareware-ne.com/nl/index.php?rvs=hompag
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\eksplorasi.exe"
O1 - Hosts: <HTML><HEAD><TITLE>Yahoo!</TITLE>
O1 - Hosts: </HEAD><BODY BGCOLOR=white vlink=blue>
O1 - Hosts: <!-- following code added by server. PLEASE REMOVE -->
O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE --><center>
O1 - Hosts: <table width=675 cellpadding=0 cellspacing=2 border=0>
O1 - Hosts: <tr>
O1 - Hosts: <td width=1% valign=top><a href="https://fr.yahoo.com/?p=us"><img src=http://us.i1.yimg.com/us.yimg.com/i/yahoo.gif width=147 height=31 border=0 alt="Yahoo"></a></td>
O1 - Hosts: <td align=right><font face=arial size=-1><a href="/404/*https://fr.yahoo.com/?p=us">Yahoo!</a> - <a href="https://help.yahoo.com/kb/account">Help</a></font><hr size=1 noshade></td>
O1 - Hosts: </tr>
O1 - Hosts: </table>
O1 - Hosts: <br>
O1 - Hosts: <table border=0 width=675 cellspacing=0 cellpadding=3>
O1 - Hosts: <tr>
O1 - Hosts: <td bgcolor=003399 colspan=2>
O1 - Hosts: <font face=Arial size=+1 color=white><b>Sorry, the page you requested was not found.</b></font>
O1 - Hosts: </td>
O1 - Hosts: </tr></table>
O1 - Hosts: <br>
O1 - Hosts: <table border=0 width=675 cellspacing=0 cellpadding=1>
O1 - Hosts: <tr>
O1 - Hosts: <td valign=top width=229 bgcolor=ffffff>
O1 - Hosts: <table width="100%" cellpadding=1 cellspacing=0 border=0 bgcolor=dcdcdc><tr>
O1 - Hosts: <td valign=top align=center><table width="100%" cellpadding=3 cellspacing=0 border=0 bgcolor=ffffff>
O1 - Hosts: <tr bgcolor=dcdcdc><td><font face=arial><b>Search Yahoo!</b></font></td></tr>
O1 - Hosts: <tr bgcolor=white><td valign=top align=center>
O1 - Hosts: <form action="https://search.yahoo.com/web">
O1 - Hosts: <input size="14" name="p" value=""> 
O1 - Hosts: <input type="SUBMIT" value="Search">
O1 - Hosts: <font face=arial size=-2>• <a href="http://search.yahoo.com/search/options?p=">advanced search</a> • <a href="http://buzz.yahoo.com">most popular</a></font>
O1 - Hosts: </form></td></tr></table>
O1 - Hosts: <table width=100% border=0 cellspacing=0 cellpadding=3 bgcolor=ffffff>
O1 - Hosts: <tr bgcolor=ccccff><td>
O1 - Hosts: <FONT face=arial size=+1>Yahoo! Web Hosting</font>
O1 - Hosts: </td></tr>
O1 - Hosts: <tr><td>
O1 - Hosts: <a href=https://smallbusiness.yahoo.com/hosting align=left src=http://us.i1.yimg.com/us.yimg.com/i/us/wh/gr/j_advan48.gif width=48 height=48 border=0 alt="Yahoo! Web Hosting"></a>
O1 - Hosts: <font face=arial size=-1>Yahoo! Web Hosting has <a href="https://smallbusiness.yahoo.com/hosting">three affordable plans</a> to meet your needs - starting at just $11.95.
O1 - Hosts: </td></tr>
O1 - Hosts: <tr><td align=right>
O1 - Hosts: <b><font face=arial size=-1><a href=https://smallbusiness.yahoo.com/hosting more...</a></font></b>
O1 - Hosts: </td></tr>
O1 - Hosts: </table>
O1 - Hosts: </td></tr></table>
O1 - Hosts: </td>
O1 - Hosts: <td width=1> </td>
O1 - Hosts: <td valign=top align=center width=445>
O1 - Hosts: <script language="JavaScript" type="text/javascript"
O1 - Hosts: src="http://adserver.yahoo.com/a?f=76001284&p=geocities&l=MON&c=sr">
O1 - Hosts: </script>
O1 - Hosts: <noscript>
O1 - Hosts: <iframe
O1 - Hosts: src="http://adserver.yahoo.com/a?f=76001284&p=geocities&l=MON&c=sh&bg=ffffff"
O1 - Hosts: width=470 height=580 marginwidth=0 marginheight=0 hspace=0
O1 - Hosts: vspace=0 frameborder=0 scrolling=no>
O1 - Hosts: </iframe>
O1 - Hosts: </noscript>
O1 - Hosts: </td>
O1 - Hosts: </tr>
O1 - Hosts: </table>
O1 - Hosts: <br>
O1 - Hosts: <table cellpadding=0 cellspacing=0 border=0 width=675><tr><td bgcolor=a0b8c8>
O1 - Hosts: <table cellpadding=1 cellspacing=1 border=0 width="100%">
O1 - Hosts: <tr valign=top bgcolor=ffffff><td align=center>
O1 - Hosts: <font face=arial size=-2><A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://address.yahoo.com/">Address Book</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://alerts.yahoo.com/">Alerts</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://auctions.yahoo.com/">Auctions</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://billpay.yahoo.com/">Bill Pay</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://bookmarks.yahoo.com/">Bookmarks</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://briefcase.yahoo.com/">Briefcase</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://broadcast.yahoo.com/">Broadcast</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://calendar.yahoo.com/">Calendar</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://chat.yahoo.com/">Chat</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://classifieds.yahoo.com/">Classifieds</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://clubs.yahoo.com/">Clubs</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://companion.yahoo.com/">Companion</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://experts.yahoo.com/">Experts</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://games.yahoo.com/">Games</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://greetings.yahoo.com/">Greetings</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://geocities.yahoo.com/">Home Pages</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://invites.yahoo.com/">Invites</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://mail.yahoo.com/">Mail</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://maps.yahoo.com/">Maps</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://members.yahoo.com/">Member Directory</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://messenger.yahoo.com/">Messenger</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://my.yahoo.com/">My Yahoo!</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://news.yahoo.com/">News</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://paydirect.yahoo.com/">PayDirect</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://people.yahoo.com/">People Search</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://personals.yahoo.com/">Personals</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://photos.yahoo.com/">Photos</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://shopping.yahoo.com/">Shopping</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://sports.yahoo.com/">Sports</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://finance.yahoo.com/">Stock Quotes</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://tv.yahoo.com/">TV</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://travel.yahoo.com/">Travel</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://weather.yahoo.com/">Weather</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://www.yahooligans.com/">Yahooligans</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://yp.yahoo.com/">Yellow Pages</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://docs.yahoo.com/docs/family/more.html">more...</A>
O1 - Hosts: </font></td></tr></table></td></tr></table>
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
--
End of file - 10442 bytes
Configuration: Windows XP Internet Explorer 7.0

8 réponses

  1. Mike
     
    bonjours,

    Relancez HijackThis,
    • Appuyer sur [Do a scan system only]
    • Fermer les navigateurs et autre applications,
    • Cochez toutes les lignes suivantes
    • Et appuyer sur [Fix Checked]

    F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\eksplorasi.exe"
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

    ______________________________________________________________

    Ouvrez le Gestionnaire de tâches (Ctrl-Alt-Supp.) et aller dans [Processus]
    • Sélectionner par un clic-droit "eksplorasi.exe" et appuyer [Terminer le processus]

    Afficher les fichiers & répertoires cachés

    Et allez supprimer ce fichier : C:\WINDOWS\eksplorasi.exe
    _______________________________________________________________

    CCleaner - Nettoyage des fichiers temporaires, Cookies..

    Téléchargez CCleaner version Slim
    • Installer et lancer CCleaner,
    • Décochez la mise à jour automatique,
    •.Lancez Ccleaner avec l'icône créé sur le bureau,

    • Cliquez sur Option et --> Avancé et Décochez >> Effacer uniquement les fichiers temporaire .. de plus de 48 heures,
    • Sélectionnez "Nettoyeur" et cliquez sur -->"Windows", allez à la section "Avancé",
    • Et cochez uniquement la première case "Vieilles données du perfetch",
    • Sélectionnez le bouton [Analyse]..
    • Lorsque complété, cliquer sur [Nettoyage] aussi souvent..que nécessaire, jusqu’à ce que la fenêtre soit vidée.

    Lorsque ce nettoyage est complété.
    Remettre les options standard, pour une utilisation au quotidien.
    • Allez Recocher les dans les Options --> "Avancé" : Effacer uniquement les fichiers temporaire .. de plus de 48 heures
    • Et Décocher "Vieilles données du perfetch" dans Nettoyeur --> Windows

    Utiliser CCleaner après chaque session sur le net, installation de logiciels et/ou avant de fermer le PC.

    _______________________________________________________________

    Téléchargez Malwarebytes
    • Lancez l'installation,
    • Dans [Settings] vous pouvez mettre en Français.
    • Faites la [Mise à jours] de Malwarebytes.
    • Dans [Recherche] sélectionnez [Exécuter un examen Complet],
    • Après le scan, appuyer sur >>>>> [Supprimer la sélection].
    >> Redémarrer si nécessaire..
    Postez le rapport de Malwarebytes.

    _______________________________________________________________

    À vous de décidez.
    Serait préférable de changer d'antivirus.

    Téléchargez Antivir
    • Désinstaller Avast avec ceci
    • Installer Antivir 9.0.0.67,
    • Faites la màj comme cela
    • Paramétrez Antivir efficacement
    • Redémarrer en mode sans échec
    • Lancer un scan "Complet"
    Postez le rapport.
    _______________________________________________________________

    Téléchargez RSIT (de random/random) sur votre bureau.
    • Double cliquez sur RSIT.exe,
    • Appuyez sur [Continue] à l'écran « Disclaimer »,
    • RSIT téléchargera HijackThis (s’il n’est pas installé) -> acceptez la licence,
    >> le rapport Log.txt va s'ouvrir à l'écran..

    Postez ce rapport, aussi disponible dans C:\RSIT\.
    1
    1. amall
       
      rebonsoir mike

      premierement je te remercie infiniment pour ton aide

      voila j ai appliquer tes instructions etape par etape
      et j ai reussi cava j ai reussi a voir les video sur youtube a editer le registre et a avoir l option de dossiers dur la rubrique options

      j apprecie carrement ton aide

      voici le rapport de Malwarebytes:

      Malwarebytes' Anti-Malware 1.41
      Version de la base de données: 2787
      Windows 5.1.2600 Service Pack 2

      9/12/2009 2:15:05 PM
      mbam-log-2009-09-12 (14-15-00).txt

      Type de recherche: Examen complet (C:\|)
      Eléments examinés: 113089
      Temps écoulé: 19 minute(s), 3 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 0
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 1
      Dossier(s) infecté(s): 43
      Fichier(s) infecté(s): 0

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> No action taken.

      Dossier(s) infecté(s):
      C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-1 (Worm.Brontok) -> No action taken.
      C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-10 (Worm.Brontok) -> No action taken.
      C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-11 (Worm.Brontok) -> No action taken.
      C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-12 (Worm.Brontok) -> No action taken.
      C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-13 (Worm.Brontok) -> No action taken.
      C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-14 (Worm.Brontok) -> No action taken.
      C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-15 (Worm.Brontok) -> No action taken.
      C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-16 (Worm.Brontok) -> No action taken.
      C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-17 (Worm.Brontok) -> No action taken.
      C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-18 (Worm.Brontok) -> No action taken.
      C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-19 (Worm.Brontok) -> No action taken.
      C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-2 (Worm.Brontok) -> No action taken.
      C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-20 (Worm.Brontok) -> No action taken.
      C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-21 (Worm.Brontok) -> No action taken.
      C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-22 (Worm.Brontok) -> No action taken.
      C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-23 (Worm.Brontok) -> No action taken.
      C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-24 (Worm.Brontok) -> No action taken.
      C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-25 (Worm.Brontok) -> No action taken.
      C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-26 (Worm.Brontok) -> No action taken.
      C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-27 (Worm.Brontok) -> No action taken.
      C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-28 (Worm.Brontok) -> No action taken.
      C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-29 (Worm.Brontok) -> No action taken.
      C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-3 (Worm.Brontok) -> No action taken.
      C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-30 (Worm.Brontok) -> No action taken.
      C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-31 (Worm.Brontok) -> No action taken.
      C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-4 (Worm.Brontok) -> No action taken.
      C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-5 (Worm.Brontok) -> No action taken.
      C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-6 (Worm.Brontok) -> No action taken.
      C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-7 (Worm.Brontok) -> No action taken.
      C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-8 (Worm.Brontok) -> No action taken.
      C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-12-9 (Worm.Brontok) -> No action taken.
      C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-12-10 (Worm.Brontok) -> No action taken.
      C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-12-11 (Worm.Brontok) -> No action taken.
      C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-12-12 (Worm.Brontok) -> No action taken.
      C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-12-13 (Worm.Brontok) -> No action taken.
      C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-12-14 (Worm.Brontok) -> No action taken.
      C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-12-15 (Worm.Brontok) -> No action taken.
      C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-12-16 (Worm.Brontok) -> No action taken.
      C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-12-17 (Worm.Brontok) -> No action taken.
      C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-12-21 (Worm.Brontok) -> No action taken.
      C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-12-22 (Worm.Brontok) -> No action taken.
      C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-12-25 (Worm.Brontok) -> No action taken.
      C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-12-26 (Worm.Brontok) -> No action taken.

      Fichier(s) infecté(s):
      (Aucun élément nuisible détecté)
      0
    2. amall
       
      re

      voici le rapport RSIT


      info.txt logfile of random's system information tool 1.06 2009-09-13 04:45:15

      ======Uninstall list======

      -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
      Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
      Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
      ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
      Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
      CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
      Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
      Google Chrome-->"C:\Program Files\Google\Chrome\Application\2.0.172.43\Installer\setup.exe" --uninstall --system-level
      Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
      Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
      Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
      High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
      HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
      Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
      Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
      Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
      Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
      Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
      JustVoip-->"C:\Program Files\JustVoip.com\JustVoip\unins000.exe"
      Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
      McAfee Security Scan-->"C:\Program Files\McAfee Security Scan\uninstall.exe"
      Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
      Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
      Norton Security Scan (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\NSSSetup\{6FF543AB-99B3-4120-902C-70A38314ABD8}_2_0_1\NSSSetup.exe" /X
      Norton Security Scan-->MsiExec.exe /X{6FF543AB-99B3-4120-902C-70A38314ABD8}
      RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
      Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
      Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
      Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
      Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
      Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB971032)-->"C:\WINDOWS\$NtUninstallKB971032$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
      Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
      Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
      Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
      Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
      Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
      Voipwise-->"C:\Program Files\Voipwise.com\Voipwise\unins000.exe"
      Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
      Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
      Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
      Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
      Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
      WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

      =====HijackThis Backups=====

      F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\eksplorasi.exe" [2009-09-11]
      O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 [2009-09-12]
      O1 - Hosts: <tr bgcolor=ccccff><td> [2009-09-13]
      O1 - Hosts: </td></tr> [2009-09-13]
      O1 - Hosts: href="http://rd.yahoo.com/footer/?http://people.yahoo.com/">People Search</A> · <A [2009-09-13]
      O1 - Hosts: <td valign=top width=229 bgcolor=ffffff> [2009-09-13]
      O1 - Hosts: </td> [2009-09-13]
      O1 - Hosts: </script> [2009-09-13]
      O1 - Hosts: href="http://rd.yahoo.com/footer/?http://greetings.yahoo.com/">Greetings</A> · <A [2009-09-13]
      O1 - Hosts: href="http://rd.yahoo.com/footer/?http://experts.yahoo.com/">Experts</A> · <A [2009-09-13]
      O1 - Hosts: </table> [2009-09-13]
      O1 - Hosts: <table cellpadding=0 cellspacing=0 border=0 width=675><tr><td bgcolor=a0b8c8> [2009-09-13]
      O1 - Hosts: <tr valign=top bgcolor=ffffff><td align=center> [2009-09-13]
      O1 - Hosts: href="http://rd.yahoo.com/footer/?http://mail.yahoo.com/">Mail</A> · <A [2009-09-13]
      O1 - Hosts: <tr> [2009-09-13]
      O1 - Hosts: </td> [2009-09-13]
      O1 - Hosts: vspace=0 frameborder=0 scrolling=no> [2009-09-13]
      O1 - Hosts: <tr><td> [2009-09-13]
      O1 - Hosts: href="http://rd.yahoo.com/footer/?http://docs.yahoo.com/docs/family/more.html">more...</A> [2009-09-13]
      O1 - Hosts: <tr> [2009-09-13]
      O1 - Hosts: <noscript> [2009-09-13]
      O1 - Hosts: <a href=https://smallbusiness.yahoo.com/hosting align=left src=http://us.i1.yimg.com/us.yimg.com/i/us/wh/gr/j_advan48.gif width=48 height=48 border=0 alt="Yahoo! Web Hosting"></a> [2009-09-13]
      O1 - Hosts: </iframe> [2009-09-13]
      O1 - Hosts: </tr> [2009-09-13]
      O1 - Hosts: </HEAD><BODY BGCOLOR=white vlink=blue> [2009-09-13]
      O1 - Hosts: <tr><td align=right> [2009-09-13]
      O1 - Hosts: <font face=Arial size=+1 color=white><b>Sorry, the page you requested was not found.</b></font> [2009-09-13]
      O1 - Hosts: href="http://rd.yahoo.com/footer/?http://briefcase.yahoo.com/">Briefcase</A> · <A [2009-09-13]
      O1 - Hosts: <table border=0 width=675 cellspacing=0 cellpadding=1> [2009-09-13]
      O1 - Hosts: </table> [2009-09-13]
      O1 - Hosts: href="http://rd.yahoo.com/footer/?http://weather.yahoo.com/">Weather</A> · <A [2009-09-13]
      O1 - Hosts: <br> [2009-09-13]
      O1 - Hosts: <tr bgcolor=dcdcdc><td><font face=arial><b>Search Yahoo!</b></font></td></tr> [2009-09-13]
      O1 - Hosts: <font face=arial size=-2>• <a href="http://search.yahoo.com/search/options?p=">advanced search</a> • <a href="http://buzz.yahoo.com">most popular</a></font> [2009-09-13]
      O1 - Hosts: <table cellpadding=1 cellspacing=1 border=0 width="100%"> [2009-09-13]
      O1 - Hosts: <form action="https://search.yahoo.com/web"> [2009-09-13]
      O1 - Hosts: href="http://rd.yahoo.com/footer/?http://news.yahoo.com/">News</A> · <A [2009-09-13]
      O1 - Hosts: </form></td></tr></table> [2009-09-13]
      O1 - Hosts: <td bgcolor=003399 colspan=2> [2009-09-13]
      O1 - Hosts: <td valign=top align=center width=445> [2009-09-13]
      O1 - Hosts: </font></td></tr></table></td></tr></table> [2009-09-13]
      O1 - Hosts: href="http://rd.yahoo.com/footer/?http://paydirect.yahoo.com/">PayDirect</A> · <A [2009-09-13]
      O1 - Hosts: href="http://rd.yahoo.com/footer/?http://geocities.yahoo.com/">Home Pages</A> · <A [2009-09-13]
      O1 - Hosts: href="http://rd.yahoo.com/footer/?http://alerts.yahoo.com/">Alerts</A> · <A [2009-09-13]
      O1 - Hosts: <table width="100%" cellpadding=1 cellspacing=0 border=0 bgcolor=dcdcdc><tr> [2009-09-13]
      O1 - Hosts: href="http://rd.yahoo.com/footer/?http://www.yahooligans.com/">Yahooligans</A> · <A [2009-09-13]
      O1 - Hosts: <tr bgcolor=white><td valign=top align=center> [2009-09-13]
      O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE --><center> [2009-09-13]
      O1 - Hosts: </td></tr> [2009-09-13]
      O1 - Hosts: href="http://rd.yahoo.com/footer/?http://address.yahoo.com/">Address Book</A> · <A [2009-09-13]
      O1 - Hosts: href="http://rd.yahoo.com/footer/?http://members.yahoo.com/">Member Directory</A> · <A [2009-09-13]
      O1 - Hosts: href="http://rd.yahoo.com/footer/?http://chat.yahoo.com/">Chat</A> · <A [2009-09-13]
      O1 - Hosts: <table border=0 width=675 cellspacing=0 cellpadding=3> [2009-09-13]
      O1 - Hosts: href="http://rd.yahoo.com/footer/?http://shopping.yahoo.com/">Shopping</A> · <A [2009-09-13]
      O1 - Hosts: <FONT face=arial size=+1>Yahoo! Web Hosting</font> [2009-09-13]
      O1 - Hosts: <font face=arial size=-2><A [2009-09-13]
      O1 - Hosts: </table> [2009-09-13]
      O1 - Hosts: width=470 height=580 marginwidth=0 marginheight=0 hspace=0 [2009-09-13]
      O1 - Hosts: href="http://rd.yahoo.com/footer/?http://personals.yahoo.com/">Personals</A> · <A [2009-09-13]
      O1 - Hosts: </tr> [2009-09-13]
      O1 - Hosts: </tr></table> [2009-09-13]
      O1 - Hosts: <font face=arial size=-1>Yahoo! Web Hosting has <a href="https://smallbusiness.yahoo.com/hosting">three affordable plans</a> to meet your needs - starting at just $11.95. [2009-09-13]
      O1 - Hosts: <table width=100% border=0 cellspacing=0 cellpadding=3 bgcolor=ffffff> [2009-09-13]
      O1 - Hosts: href="http://rd.yahoo.com/footer/?http://yp.yahoo.com/">Yellow Pages</A> · <A [2009-09-13]
      O1 - Hosts: href="http://rd.yahoo.com/footer/?http://calendar.yahoo.com/">Calendar</A> · <A [2009-09-13]
      O1 - Hosts: <input size="14" name="p" value="">  [2009-09-13]
      O1 - Hosts: </noscript> [2009-09-13]
      O1 - Hosts: href="http://rd.yahoo.com/footer/?http://auctions.yahoo.com/">Auctions</A> · <A [2009-09-13]
      O1 - Hosts: href="http://rd.yahoo.com/footer/?http://sports.yahoo.com/">Sports</A> · <A [2009-09-13]
      O1 - Hosts: href="http://rd.yahoo.com/footer/?http://companion.yahoo.com/">Companion</A> · <A [2009-09-13]
      O1 - Hosts: <!-- following code added by server. PLEASE REMOVE --> [2009-09-13]
      O1 - Hosts: src="http://adserver.yahoo.com/a?f=76001284&p=geocities&l=MON&c=sr"> [2009-09-13]
      O1 - Hosts: <script language="JavaScript" type="text/javascript" [2009-09-13]
      O1 - Hosts: <input type="SUBMIT" value="Search"> [2009-09-13]
      O1 - Hosts: <iframe [2009-09-13]
      O1 - Hosts: <table width=675 cellpadding=0 cellspacing=2 border=0> [2009-09-13]
      O1 - Hosts: href="http://rd.yahoo.com/footer/?http://billpay.yahoo.com/">Bill Pay</A> · <A [2009-09-13]
      O1 - Hosts: </td> [2009-09-13]
      O1 - Hosts: href="http://rd.yahoo.com/footer/?http://photos.yahoo.com/">Photos</A> · <A [2009-09-13]
      O1 - Hosts: <br> [2009-09-13]
      O1 - Hosts: href="http://rd.yahoo.com/footer/?http://invites.yahoo.com/">Invites</A> · <A [2009-09-13]
      O1 - Hosts: <tr> [2009-09-13]
      O1 - Hosts: href="http://rd.yahoo.com/footer/?http://bookmarks.yahoo.com/">Bookmarks</A> · <A [2009-09-13]
      O1 - Hosts: href="http://rd.yahoo.com/footer/?http://broadcast.yahoo.com/">Broadcast</A> · <A [2009-09-13]
      O1 - Hosts: href="http://rd.yahoo.com/footer/?http://tv.yahoo.com/">TV</A> · <A [2009-09-13]
      O1 - Hosts: href="http://rd.yahoo.com/footer/?http://clubs.yahoo.com/">Clubs</A> · <A [2009-09-13]
      O1 - Hosts: href="http://rd.yahoo.com/footer/?http://finance.yahoo.com/">Stock Quotes</A> · <A [2009-09-13]
      O1 - Hosts: <td align=right><font face=arial size=-1><a href="/404/*https://fr.yahoo.com/?p=us">Yahoo!</a> - <a href="https://help.yahoo.com/kb/account">Help</a></font><hr size=1 noshade></td> [2009-09-13]
      O1 - Hosts: </td></tr> [2009-09-13]
      O1 - Hosts: <td width=1% valign=top><a href="https://fr.yahoo.com/?p=us"><img src=http://us.i1.yimg.com/us.yimg.com/i/yahoo.gif width=147 height=31 border=0 alt="Yahoo"></a></td> [2009-09-13]
      O1 - Hosts: <br> [2009-09-13]
      O1 - Hosts: src="http://adserver.yahoo.com/a?f=76001284&p=geocities&l=MON&c=sh&bg=ffffff" [2009-09-13]
      O1 - Hosts: href="http://rd.yahoo.com/footer/?http://my.yahoo.com/">My Yahoo!</A> · <A [2009-09-13]
      O1 - Hosts: </td></tr></table> [2009-09-13]
      O1 - Hosts: <td width=1> </td> [2009-09-13]
      O1 - Hosts: href="http://rd.yahoo.com/footer/?http://classifieds.yahoo.com/">Classifieds</A> · <A [2009-09-13]
      O1 - Hosts: <HTML><HEAD><TITLE>Yahoo!</TITLE> [2009-09-13]
      O1 - Hosts: <b><font face=arial size=-1><a href=https://smallbusiness.yahoo.com/hosting more...</a></font></b> [2009-09-13]
      O1 - Hosts: <td valign=top align=center><table width="100%" cellpadding=3 cellspacing=0 border=0 bgcolor=ffffff> [2009-09-13]
      O1 - Hosts: href="http://rd.yahoo.com/footer/?http://travel.yahoo.com/">Travel</A> · <A [2009-09-13]
      O1 - Hosts: href="http://rd.yahoo.com/footer/?http://games.yahoo.com/">Games</A> · <A [2009-09-13]
      O1 - Hosts: href="http://rd.yahoo.com/footer/?http://maps.yahoo.com/">Maps</A> · <A [2009-09-13]
      O1 - Hosts: href="http://rd.yahoo.com/footer/?http://messenger.yahoo.com/">Messenger</A> · <A [2009-09-13]
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab [2009-09-13]
      O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab [2009-09-13]

      ======Hosts File======

      127.0.0.1 localhost
      127.0.0.1 fr.a2dfp.net
      127.0.0.1 m.fr.a2dfp.net
      127.0.0.1 ad.a8.net
      127.0.0.1 asy.a8ww.net
      127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
      127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
      127.0.0.1 phpadsnew.abac.com
      127.0.0.1 a.abnad.net
      127.0.0.1 b.abnad.net

      ======Security center information======

      AV: AntiVir Desktop

      ======System event log======

      Computer Name: SOLTANI
      Event Code: 4226
      Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

      Record Number: 2015
      Source Name: Tcpip
      Time Written: 20090820111042.000000-420
      Event Type: warning
      User:

      Computer Name: SOLTANI
      Event Code: 29
      Message: The time provider NtpClient is configured to acquire time from one or more
      time sources, however none of the sources are currently accessible.
      No attempt to contact a source will be made for 14 minutes.
      NtpClient has no source of accurate time.

      Record Number: 2012
      Source Name: W32Time
      Time Written: 20090820110450.000000-420
      Event Type: error
      User:

      Computer Name: SOLTANI
      Event Code: 17
      Message: Time Provider NtpClient: An error occurred during DNS lookup of the manually
      configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
      minutes.
      The error was: A socket operation was attempted to an unreachable host. (0x80072751)

      Record Number: 2011
      Source Name: W32Time
      Time Written: 20090820110450.000000-420
      Event Type: error
      User:

      Computer Name: SOLTANI
      Event Code: 29
      Message: The time provider NtpClient is configured to acquire time from one or more
      time sources, however none of the sources are currently accessible.
      No attempt to contact a source will be made for 14 minutes.
      NtpClient has no source of accurate time.

      Record Number: 2010
      Source Name: W32Time
      Time Written: 20090820110435.000000-420
      Event Type: error
      User:

      Computer Name: SOLTANI
      Event Code: 17
      Message: Time Provider NtpClient: An error occurred during DNS lookup of the manually
      configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
      minutes.
      The error was: A socket operation was attempted to an unreachable host. (0x80072751)

      Record Number: 2009
      Source Name: W32Time
      Time Written: 20090820110435.000000-420
      Event Type: error
      User:

      =====Application event log=====

      Computer Name: SOLTANI
      Event Code: 1517
      Message: Windows saved user SOLTANI\Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


      This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

      Record Number: 1160
      Source Name: Userenv
      Time Written: 20090911112625.000000-420
      Event Type: warning
      User: NT AUTHORITY\SYSTEM

      Computer Name: SOLTANI
      Event Code: 1000
      Message: Faulting application zdwlan.exe, version 2.26.3.0, faulting module , version 0.0.0.0, fault address 0x00000000.

      Record Number: 1150
      Source Name: Application Error
      Time Written: 20090911034211.000000-420
      Event Type: error
      User:

      Computer Name: SOLTANI
      Event Code: 1517
      Message: Windows saved user SOLTANI\Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


      This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

      Record Number: 1123
      Source Name: Userenv
      Time Written: 20090828022637.000000-420
      Event Type: warning
      User: NT AUTHORITY\SYSTEM

      Computer Name: SOLTANI
      Event Code: 1002
      Message: Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

      Record Number: 1041
      Source Name: Application Hang
      Time Written: 20090808064137.000000-420
      Event Type: error
      User:

      Computer Name: SOLTANI
      Event Code: 1517
      Message: Windows saved user SOLTANI\Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


      This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

      Record Number: 1025
      Source Name: Userenv
      Time Written: 20090806165707.000000-420
      Event Type: warning
      User: NT AUTHORITY\SYSTEM

      ======Environment variables======

      "ComSpec"=%SystemRoot%\system32\cmd.exe
      "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
      "windir"=%SystemRoot%
      "FP_NO_HOST_CHECK"=NO
      "OS"=Windows_NT
      "PROCESSOR_ARCHITECTURE"=x86
      "PROCESSOR_LEVEL"=15
      "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
      "PROCESSOR_REVISION"=0401
      "NUMBER_OF_PROCESSORS"=1
      "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
      "TEMP"=%SystemRoot%\TEMP
      "TMP"=%SystemRoot%\TEMP

      -----------------EOF-----------------
      0
  2. kduc Messages postés 1537 Statut Membre 133
     
    Salut,

    (si ce n’ est déjà fait) Télécharge CCleaner :
    http://www.filehippo.com/download_ccleaner.html
    ("Download Latest Version", sur la droite) et laisse-toi guider.
    A un moment, il te sera demandé de cocher :
    "Ajouter la barre d' outils Yahoo". Refuse et …
    Laisse-le s’ installer tel que …

    -------
    Redémarre le PC en mode sans échec ...
    https://www.pcastuces.com/pratique/windows/mode_sans_echec/page2.html
    (méthode F8 de préférence)

    --------------------------------------------
    Tu n' auras pas accès à Internet pendant le "mode sans échec".
    Aussi, copie/colle la procédure dans un fichier texte (word) et mets-la
    sur le "bureau" pour l' avoir à ta disposition.
    --------------------------------------------

    Ferme toutes les fenêtres et applications.
    Relance HijackThis et clique sur > Do a system scan only puis, coche
    les cases devant les lignes qui suivent (et uniquement ces lignes), si tjrs présentes :

    F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\eksplorasi.exe"
    O1 - Hosts: Yahoo!
    O1 - Hosts:
    ... ainsi que toutes les lignes 01 commençant par Hosts
    + cette ligne ...
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

    Ensuite, clique sur > Fix checked et valide par "Yes". Referme HijackThis.

    Lance CCleaner ...
    Clique sur > Analyser > Nettoyer, puis sur OK dans la fenêtre qui s' affiche.
    (re)Lance le nettoyage et (re)confirme par OK.

    Redémarre le PC en mode normal ...

    Relance un scan HijackThis et poste le rapport.

    ---
    PS : si tu as des restes de Norton/Symantec, il faut les upprimer ...

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab


    Pour cela, utilise cet outil : http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924
    0
    1. amall
       
      bonjour kduc

      voici le dernier logFile apres avoir suivi tes instructions

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 12:29:53 AM, on 9/13/2009
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\SOUNDMAN.EXE
      C:\WINDOWS\ALCWZRD.EXE
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe
      C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
      C:\WINDOWS\system32\slserv.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Trend Micro\HijackThis\hiij.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.shareware-ne.com/nl/index.php?rvs=hompag
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shareware-ne.com/nl/index.php?rvs=hompag
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      O1 - Hosts: </center>
      O1 - Hosts: </body>
      O1 - Hosts: </html>
      O1 - Hosts: <IMG SRC="http://geo.yahoo.com/serv?s=19190039&t=1236629927&f=us-w57" ALT=1 WIDTH=1 HEIGHT=1>
      O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
      O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
      O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
      O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - HKCU\..\Run: [JustVoip] "C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe" -nosplash -minimized
      O4 - Global Startup: McAfee Security Scan.lnk = ?
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
      O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: Google Update Service (gupdate1ca33c984d46cbc) (gupdate1ca33c984d46cbc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
      O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
      0
  3. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Bonjour

    Pour suivre.
    0
  4. Mike
     
    re,

    Commencez par réinitialiser votre fichier Hosts, qui a été altéré.
    • Télécharger la liste Hosts Mvps
    • Décompressez et double-cliquer sur le fichier Mvps.bat

    Info sur le fichier Hosts.
    ________________________________________

    Pour le rapport Hijackthis.
    Hijackthis n'a pas été mis à jours depuis 2007, alors que les infections ce sont adaptées depuis.

    Le rapport produit avec RSIT, est plus élaboré et moins aisément contournable par les infections !

    • Allez au >> message 1 << suivre la procédure RSIT et postez le rapport Log.txt !
    .
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. kduc Messages postés 1537 Statut Membre 133
     
    Salut à tous

    amall,

    Relancer HijackThis pour "fixer" ...

    O1 - Hosts: </center>
    O1 - Hosts: </body>
    O1 - Hosts: </html>
    O1 - Hosts: <IMG SRC="http://geo.yahoo.com/serv?s=19190039&t=1236629927&f=us-w57" ALT=1 WIDTH=1 HEIGHT=1>


    Puis, nettoyage avec CCleaner.

    Ensuite, continuer avec RSIT.
    0
    1. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
       
      Re

      Les fixer ???

      0
  7. Mike
     
    re,

    Ah.., ça ben de l'allure..
    Les risque d'aller sur le net avec un fichier Host altéré, sont à prendre en considération, avant quelques téléchargements que ce soit, même le téléchargement d'une liste Hosts.

    Donc préférable, avant de ré-ouvrir une connexion au net, de soit ;
    - Dans Hijackthis > [Do a system scan only], cocher et [Fix Checker] les lignes 01,
    - ou, au moins, réinitialiser le fichier Hosts à : 127.0.0.1 localhost

    amall,
    Faites cela, si vous avez eu ce message avant de suivre les procédures du message précédent.
    0
    1. amall
       
      ok

      je vais le faire tout de suite

      merci
      0
  8. amall
     
    re

    voici mon log apres avoir suivi la procédure RSIT

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Administrator at 2009-09-13 05:02:49
    Microsoft Windows XP Professional Service Pack 2
    System drive C: has 182 GB (96%) free of 191 GB
    Total RAM: 511 MB (49% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:02:50 AM, on 9/13/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe
    C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Administrator\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Administrator.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.shareware-ne.com/nl/index.php?rvs=hompag
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shareware-ne.com/nl/index.php?rvs=hompag
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [JustVoip] "C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe" -nosplash -minimized
    O4 - Global Startup: McAfee Security Scan.lnk = ?
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Google Update Service (gupdate1ca33c984d46cbc) (gupdate1ca33c984d46cbc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
    0
  9. Mike
     
    re,

    Dans Malwarebytes -> [Quarantaine] -> [Supprimer tout]

    Désinstaller traces d'installation précédentes d'antivirus : McAfee avec ceci et Norton avec cela.
    ___________________________________________

    Afficher les fichiers & répertoires cachés
    • Et aller supprimer : C:\WINDOWS\tasks\At1.job

    Faites un scan complet en mode sans échec avec Antivir.
    • En suivant la procédure de ce message.
    >> Et postez le rapport.
    ___________________________________________

    Vous avez plusieurs objets installés de Google.
    Si comme plusieurs internautes, vous n'utilisez jamais ces choses.
    • De les désinstaller, ajouteraient en ressources aux performances du PC.

    ___________________________________________

    Optimisation des ressources système.
    Plusieurs modules de programmes placés à l'installation de leurs logiciels, sont lancés automatiquement au démarrage du PC. Lorsqu'ils y en a plusieurs, cela peut altérer les performances d'un PC. Ces objets lancés inutilement au démarrage du PC, peuvent très bien être désactivés/ supprimés au démarrage du PC. De ces suppressions faites avec HijackThis, quelque unes pourraient aussi être faites(que pour les lignes 04-) avec MsConfig dans [Démarrage] où il y aurait qu'à Décocher les processus (qui seraient toujours Recochable si nécessaire), à vérifier..

    Dans le cas où un objet supprimé est utilisé fréquemment.
    Il est alors possible de lui créer un raccourci, placé sur le bureau pour une utilisation au besoin.

    Relancez HijackThis,
    • Appuyer sur [Do a scan system only]
    • Fermer les navigateurs et autre applications,
    • Cochez toutes les lignes suivantes
    • Et appuyer sur [Fix Checked]

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

    Redémarrer le PC.
    ___________________________________________

    Mises à jours logiciel.
    • Java : https://www.java.com/fr/download/manual.jsp
    • Adobe : https://get2.adobe.com/reader/otherversions/

    Faites les mises à jours proposées par Sumo Lite et/ou Secunia

    ► À utiliser/vérifier aux 30jours.

    Important pour prévenir les failles de sécurités des logiciels ayant un accès à Internet.
    0