Bonsoir

telecharge hijackthis et colle le resultat ici :

http://www.infos-du-net.com/telecharger/HijackThis.html
demo :
http://perso.orange.fr/rginformatique/section%20virus/demohi­jack.htm


a+++

Merci pour ta réponse rapide salwa

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:55:34, on 27/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\WINDOWS\retadpu1000272.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Swap Machine\SwapWnd.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\STEVE\Local Settings\Temporary Internet Files\Content.IE5\KZ6V2HAD\HiJackThis_v2[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/search?sourceid=navclient&hl=fr&ie=UTF-8&oe=UTF-8&q=salut
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: ScriptInocUI Class - - (no file)
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\winmgd.win
F1 - win.ini: run=C:\WINDOWS\system32\mouse_configurator.win
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C890A9E-D020-46AE-BF8A-4E427CBA53D9} - C:\WINDOWS\system32\jkhhf.dll
O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - C:\WINDOWS\system32\pldtgtid.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {8071E65A-3F56-4426-8372-8667CD213057} - C:\WINDOWS\system32\rqrrspn.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\blydhncn.dll",realset
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [second deaf] C:\DOCUME~1\STEVE\APPLIC~1\BATJUG~1\popfourhtm.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [SwapWndStartup] "C:\Program Files\Swap Machine\SwapWnd.exe" -interactive=0
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [qservices] C:\WINDOWS\qservice.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk879YYFR
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O16 - DPF: {0878F049-D33E-45E0-A157-C36A6683CF25} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1063_XP.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/...
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: jkhhf - C:\WINDOWS\system32\jkhhf.dll
O20 - Winlogon Notify: rqrrspn - C:\WINDOWS\SYSTEM32\rqrrspn.dll
O20 - Winlogon Notify: winexz32 - C:\WINDOWS\SYSTEM32\winexz32.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
End of file - 10502 bytes

Bonjour 1/Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

http://www.atribune.org/ccount/click.php?id=4

>Double-clique VundoFix.exe afin de le lancer.
>Clique sur le bouton Scan for Vundo.
>Lorsque le scan est complété, clique sur le bouton Remove Vundo.
>Une invite te demandera si tu veux supprimer les fichiers, clique YES
>Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
>Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
>Démarre ton PC à nouveau.
>Copie/colle le contenu du rapport situé dans C:\vundofix.txt dans ta prochaine réponse.


a++++

Oups désolé du post, comment supprime t-on un post ?

Je ne sais pas désolé

Bonjour cousin_avi je pense que c impossible de supprimer un poste :p tu peu seulement l'editer

a+++

Bonjour salwa comme tu me la demandé je te copie le rapport
Je ne sais pas si tu la vu =)
Merci

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:55:34, on 27/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\WINDOWS\retadpu1000272.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Swap Machine\SwapWnd.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\STEVE\Local Settings\Temporary Internet Files\Content.IE5\KZ6V2HAD\HiJackThis_v2[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/search?sourceid=navclient&hl=fr&ie=UTF-8&oe=UTF-8&q=salut
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: ScriptInocUI Class - - (no file)
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\winmgd.win
F1 - win.ini: run=C:\WINDOWS\system32\mouse_configurator.win
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C890A9E-D020-46AE-BF8A-4E427CBA53D9} - C:\WINDOWS\system32\jkhhf.dll
O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - C:\WINDOWS\system32\pldtgtid.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {8071E65A-3F56-4426-8372-8667CD213057} - C:\WINDOWS\system32\rqrrspn.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\blydhncn.dll",realset
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [second deaf] C:\DOCUME~1\STEVE\APPLIC~1\BATJUG~1\popfourhtm.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [SwapWndStartup] "C:\Program Files\Swap Machine\SwapWnd.exe" -interactive=0
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [qservices] C:\WINDOWS\qservice.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk879YYFR
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O16 - DPF: {0878F049-D33E-45E0-A157-C36A6683CF25} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1063_XP.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/...
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: jkhhf - C:\WINDOWS\system32\jkhhf.dll
O20 - Winlogon Notify: rqrrspn - C:\WINDOWS\SYSTEM32\rqrrspn.dll
O20 - Winlogon Notify: winexz32 - C:\WINDOWS\SYSTEM32\winexz32.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 10502 bytes

Bonjour ce n'est pas ce que je t'ai demandé ..

lis le message numero 3 stp

a+++

A okaay désolé j'avais pas vu je le fait et quand j'ai fini je te le dit

Ok pas de probleme :)

a+++

Re
Voila le résultat:


VundoFix V6.4.1

Checking Java version...

Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 14:13:18 27/05/2007

Listing files found while scanning....

C:\WINDOWS\system32\blydhncn.dll
C:\WINDOWS\system32\fhhkj.bak1
C:\WINDOWS\system32\fhhkj.ini
C:\WINDOWS\system32\hjkkj.ini
C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\jkkjh.dll
C:\WINDOWS\system32\ncnhdylb.ini
C:\WINDOWS\system32\rqrrspn.dll
C:\WINDOWS\system32\tuvwwww.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\blydhncn.dll
C:\WINDOWS\system32\blydhncn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fhhkj.bak1
C:\WINDOWS\system32\fhhkj.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\fhhkj.ini
C:\WINDOWS\system32\fhhkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjkkj.ini
C:\WINDOWS\system32\hjkkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\jkhhf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkjh.dll
C:\WINDOWS\system32\jkkjh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ncnhdylb.ini
C:\WINDOWS\system32\ncnhdylb.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqrrspn.dll
C:\WINDOWS\system32\rqrrspn.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\tuvwwww.dll
C:\WINDOWS\system32\tuvwwww.dll Has been deleted!

Performing Repairs to the registry.
Done!

Postes un nouveau raport hijacthis stp

a+++

Ok :)

pour commencer - Va dans le Panneau de Configuration >> Ajout/Suppression de programmes, et désinstalle/supprime celui-ci :

mywebsearch ( c'est un spyware)

ensuite telecharge

VirtumundoBegone
Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe"
target=_blank
>http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Double clique ensuite sur VirtumundoBeGone.exe et suis les
instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le
bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale",
c'est normal et attendu.


ensuite telecharge et executes

AVG anti spyware
http://www.01net.com/...

(n'oublie pas de le mettre a jour avant de lancer le scan)


Relance AVG AS puis choisis l'onglet "Analyse"
Puis l'onglet "Paramètres"
Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

/!\ Si un fichier est infecté en fin d'analyse /!\
Clique sur "Appliquer toutes les actions "

Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
Enregistre ce fichier texte sur ton bureau ensuite colle le raport ici

supprime les fichiers inutiles (fichiers temporaire , cookies .. ect avec ceci

Ccleaner
http://www.malekal.com/tutorial_CCleaner.html



bon courage :)

a+++

Voici le rapport VGB :

[05/27/2007, 15:13:16] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\STEVE\Local Settings\Temporary Internet Files\Content.IE5\8HQV89A7\VirtumundoBeGone[1].exe" )
[05/27/2007, 15:13:31] - Detected System Information:
[05/27/2007, 15:13:31] - Windows Version: 5.1.2600, Service Pack 2
[05/27/2007, 15:13:31] - Current Username: STEVE (Admin)
[05/27/2007, 15:13:31] - Windows is in NORMAL mode.
[05/27/2007, 15:13:31] - Searching for Browser Helper Objects:
[05/27/2007, 15:13:31] - BHO 1: AutorunsDisabled ()
[05/27/2007, 15:13:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/27/2007, 15:13:31] - No filename found. Continuing.
[05/27/2007, 15:13:31] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[05/27/2007, 15:13:32] - BHO 3: {1C890A9E-D020-46AE-BF8A-4E427CBA53D9} ()
[05/27/2007, 15:13:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/27/2007, 15:13:32] - Checking for HKLM\...\Winlogon\Notify\jkhhf
[05/27/2007, 15:13:32] - Key not found: HKLM\...\Winlogon\Notify\jkhhf, continuing.
[05/27/2007, 15:13:32] - BHO 4: {4B646AFB-9341-4330-8FD1-C32485AEE619} ()
[05/27/2007, 15:13:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/27/2007, 15:13:32] - Checking for HKLM\...\Winlogon\Notify\pldtgtid
[05/27/2007, 15:13:32] - Key not found: HKLM\...\Winlogon\Notify\pldtgtid, continuing.
[05/27/2007, 15:13:32] - BHO 5: {549B5CA7-4A86-11D7-A4DF-000874180BB3} ()
[05/27/2007, 15:13:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/27/2007, 15:13:32] - No filename found. Continuing.
[05/27/2007, 15:13:32] - BHO 6: {8071E65A-3F56-4426-8372-8667CD213057} ()
[05/27/2007, 15:13:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/27/2007, 15:13:32] - Checking for HKLM\...\Winlogon\Notify\rqrrspn
[05/27/2007, 15:13:32] - Key not found: HKLM\...\Winlogon\Notify\rqrrspn, continuing.
[05/27/2007, 15:13:32] - BHO 7: {E9E28489-27B7-430F-A7A1-46A0F537F144} ()
[05/27/2007, 15:13:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/27/2007, 15:13:32] - Checking for HKLM\...\Winlogon\Notify\mljjj
[05/27/2007, 15:13:32] - Found: HKLM\...\Winlogon\Notify\mljjj - This is probably Virtumundo.
[05/27/2007, 15:13:32] - Assigning {E9E28489-27B7-430F-A7A1-46A0F537F144} MSEvents Object
[05/27/2007, 15:13:32] - BHO list has been changed! Starting over...
[05/27/2007, 15:13:32] - BHO 1: AutorunsDisabled ()
[05/27/2007, 15:13:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/27/2007, 15:13:32] - No filename found. Continuing.
[05/27/2007, 15:13:32] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[05/27/2007, 15:13:32] - BHO 3: {1C890A9E-D020-46AE-BF8A-4E427CBA53D9} ()
[05/27/2007, 15:13:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/27/2007, 15:13:32] - Checking for HKLM\...\Winlogon\Notify\jkhhf
[05/27/2007, 15:13:32] - Key not found: HKLM\...\Winlogon\Notify\jkhhf, continuing.
[05/27/2007, 15:13:32] - BHO 4: {4B646AFB-9341-4330-8FD1-C32485AEE619} ()
[05/27/2007, 15:13:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/27/2007, 15:13:32] - Checking for HKLM\...\Winlogon\Notify\pldtgtid
[05/27/2007, 15:13:32] - Key not found: HKLM\...\Winlogon\Notify\pldtgtid, continuing.
[05/27/2007, 15:13:32] - BHO 5: {549B5CA7-4A86-11D7-A4DF-000874180BB3} ()
[05/27/2007, 15:13:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/27/2007, 15:13:32] - No filename found. Continuing.
[05/27/2007, 15:13:32] - BHO 6: {8071E65A-3F56-4426-8372-8667CD213057} ()
[05/27/2007, 15:13:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/27/2007, 15:13:32] - Checking for HKLM\...\Winlogon\Notify\rqrrspn
[05/27/2007, 15:13:32] - Key not found: HKLM\...\Winlogon\Notify\rqrrspn, continuing.
[05/27/2007, 15:13:32] - BHO 7: {E9E28489-27B7-430F-A7A1-46A0F537F144} (MSEvents Object)
[05/27/2007, 15:13:32] - ALERT: Found MSEvents Object!
[05/27/2007, 15:13:32] - BHO 8: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} ()
[05/27/2007, 15:13:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/27/2007, 15:13:32] - No filename found. Continuing.
[05/27/2007, 15:13:32] - Finished Searching Browser Helper Objects
[05/27/2007, 15:13:32] - *** Detected MSEvents Object
[05/27/2007, 15:13:32] - Trying to remove MSEvents Object...
[05/27/2007, 15:13:33] - Terminating Process: IEXPLORE.EXE
[05/27/2007, 15:13:34] - Terminating Process: RUNDLL32.EXE
[05/27/2007, 15:13:34] - Disabling Automatic Shell Restart
[05/27/2007, 15:13:34] - Terminating Process: EXPLORER.EXE
[05/27/2007, 15:13:35] - Suspending the NT Session Manager System Service
[05/27/2007, 15:13:35] - Terminating Windows NT Logon/Logoff Manager
[05/27/2007, 15:13:35] - Re-enabling Automatic Shell Restart
[05/27/2007, 15:13:35] - File to disable: C:\WINDOWS\system32\mljjj.dll
[05/27/2007, 15:13:35] - Renaming C:\WINDOWS\system32\mljjj.dll -> C:\WINDOWS\system32\mljjj.dll.vir
[05/27/2007, 15:13:35] - File successfully renamed!
[05/27/2007, 15:13:35] - Removing HKLM\...\Browser Helper Objects\{E9E28489-27B7-430F-A7A1-46A0F537F144}
[05/27/2007, 15:13:35] - Removing HKCR\CLSID\{E9E28489-27B7-430F-A7A1-46A0F537F144}
[05/27/2007, 15:13:35] - Adding Kill Bit for ActiveX for GUID: {E9E28489-27B7-430F-A7A1-46A0F537F144}
[05/27/2007, 15:13:35] - Deleting ATLEvents/MSEvents Registry entries
[05/27/2007, 15:13:35] - Removing HKLM\...\Winlogon\Notify\mljjj
[05/27/2007, 15:13:35] - Searching for Browser Helper Objects:
[05/27/2007, 15:13:35] - BHO 1: AutorunsDisabled ()
[05/27/2007, 15:13:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/27/2007, 15:13:35] - No filename found. Continuing.
[05/27/2007, 15:13:35] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[05/27/2007, 15:13:35] - BHO 3: {1C890A9E-D020-46AE-BF8A-4E427CBA53D9} ()
[05/27/2007, 15:13:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/27/2007, 15:13:35] - Checking for HKLM\...\Winlogon\Notify\jkhhf
[05/27/2007, 15:13:35] - Key not found: HKLM\...\Winlogon\Notify\jkhhf, continuing.
[05/27/2007, 15:13:35] - BHO 4: {4B646AFB-9341-4330-8FD1-C32485AEE619} ()
[05/27/2007, 15:13:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/27/2007, 15:13:35] - Checking for HKLM\...\Winlogon\Notify\pldtgtid
[05/27/2007, 15:13:35] - Key not found: HKLM\...\Winlogon\Notify\pldtgtid, continuing.
[05/27/2007, 15:13:35] - BHO 5: {549B5CA7-4A86-11D7-A4DF-000874180BB3} ()
[05/27/2007, 15:13:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/27/2007, 15:13:35] - No filename found. Continuing.
[05/27/2007, 15:13:35] - BHO 6: {8071E65A-3F56-4426-8372-8667CD213057} ()
[05/27/2007, 15:13:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/27/2007, 15:13:35] - Checking for HKLM\...\Winlogon\Notify\rqrrspn
[05/27/2007, 15:13:35] - Key not found: HKLM\...\Winlogon\Notify\rqrrspn, continuing.
[05/27/2007, 15:13:35] - BHO 7: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} ()
[05/27/2007, 15:13:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/27/2007, 15:13:36] - No filename found. Continuing.
[05/27/2007, 15:13:36] - Finished Searching Browser Helper Objects
[05/27/2007, 15:13:36] - Finishing up...
[05/27/2007, 15:13:36] - A restart is needed.
[05/27/2007, 15:13:37] - Attempting to Restart via STOP error (Blue Screen!)

Et le nouveau rapport hijackthis :

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15:19:31, on 27/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\retadpu1000272.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Swap Machine\SwapWnd.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
c:\progra~1\intern~1\iexplore.exe
C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\STEVE\Local Settings\Temporary Internet Files\Content.IE5\KZ6V2HAD\HiJackThis_v2[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/search?sourceid=navclient&hl=fr&ie=UTF-8&oe=UTF-8&q=salut
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: ScriptInocUI Class - - (no file)
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\winmgd.win
F1 - win.ini: run=C:\WINDOWS\system32\mouse_configurator.win
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C890A9E-D020-46AE-BF8A-4E427CBA53D9} - C:\WINDOWS\system32\jkhhf.dll (file missing)
O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - C:\WINDOWS\system32\pldtgtid.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {8071E65A-3F56-4426-8372-8667CD213057} - C:\WINDOWS\system32\rqrrspn.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\txauuchu.dll",realset
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [second deaf] C:\DOCUME~1\STEVE\APPLIC~1\BATJUG~1\popfourhtm.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [SwapWndStartup] "C:\Program Files\Swap Machine\SwapWnd.exe" -interactive=0
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [qservices] C:\WINDOWS\qservice.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O16 - DPF: {0878F049-D33E-45E0-A157-C36A6683CF25} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1063_XP.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/...
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: winexz32 - C:\WINDOWS\SYSTEM32\winexz32.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
End of file - 9657 bytes

Je continue la suite de ce que tu ma dit de faire merci

J'ai fais ce que tu ma dit mais aux trois quarts sa me marque sa :

AVG Anti-Spyware 7.5 Exception

/!\ Something bad happened in the application. Error diagnostic file saved to 'C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.err'

:s

Il y a aussi un des logiciels qui ma supprimé un truk de msn qui fait que je ne peu plus voir les couleurs

Ok c'est pas grave on va supprimer les spywares a la main :p

tout d'abord desinstalle le sponsor d'msn plus ensuivant les indications de ce site


http://www.astwinds.com/...



ensuite ouvre hijackthis coches ces lignes puis clic sur fix checked


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.imesh.com/sidebar.html?src=ssb


R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb


R3 - URLSearchHook: ScriptInocUI Class - - (no file)

F1 - win.ini: run=C:\WINDOWS\system32\mouse_configurator.win

O2 - BHO: (no name) - {1C890A9E-D020-46AE-BF8A-4E427CBA53D9} - C:\WINDOWS\system32\jkhhf.dll (file missing)
O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - C:\WINDOWS\system32\pldtgtid.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {8071E65A-3F56-4426-8372-8667CD213057} - C:\WINDOWS\system32\rqrrspn.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D6­7C56389B284534F310
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\txauuchu.dll",realset
O4 - HKCU\..\Run: [second deaf] C:\DOCUME~1\STEVE\APPLIC~1\BATJUG~1\popfourhtm.exe
O4 - HKCU\..\Run: [SwapWndStartup] "C:\Program Files\Swap Machine\SwapWnd.exe" -interactive=0
O4 - HKCU\..\Run: [qservices] C:\WINDOWS\qservice.exe
O9 - Extra button: (no name) - AutorunsDisabled - (no file)

O16 - DPF: {0878F049-D33E-45E0-A157-C36A6683CF25} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1063_XP.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/...
O20 - Winlogon Notify: winexz32 - C:\WINDOWS\SYSTEM32\winexz32.dll



1.redemarre en mode sans echec (redemarage + tapotte sans arret sur F8 desque l'ordi s'allume)


2. cherches et supprime les fichier en gras

C:\WINDOWS\retadpu1000272.exe
C:\WINDOWS\system32\txauuchu.dll

C:\Documents and Settings\STEVE\Application\ DataBATJUG~1
C:\Program Files\Swap Machine
C:\WINDOWS\qservice.exe
C:\WINDOWS\SYSTEM32\winexz32.dll


vide la corbeille

lance ccleaner ensuite poste un nouveau raport hijacthis

bon courage

a++++

J'ai redémarré en mode sans echec mais je n'ai pas réussi a trouver les fichiers à supprimer
Peus-tu me dire ou ils se trouvent ?
Merci beaucoup pour ton aide
++