Problèmes pop up a gogo

Bonjour,

Commençons par Vundo.

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

Double-clique VundoFix.exe afin de le lancer

Clique sur le bouton Scan for Vundo

Lorsque le scan est complété, clique sur le bouton Remove Vundo

Une invite te demandera si tu veux supprimer les fichiers, clique YES

Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers

Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK

Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

Vundo :



VundoFix V6.3.21

Checking Java version...

Sun Java not detected
Scan started at 13:13:01 30/04/2007

Listing files found while scanning....

C:\WINDOWS\system32\evpnuqwy.dll
C:\WINDOWS\system32\gebawwv.dll
C:\WINDOWS\system32\pmnnnlk.dll
C:\WINDOWS\system32\pnndtffs.ini
C:\WINDOWS\system32\sfftdnnp.dll
C:\WINDOWS\system32\vtutu.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\evpnuqwy.dll
C:\WINDOWS\system32\evpnuqwy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebawwv.dll
C:\WINDOWS\system32\gebawwv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnnnlk.dll
C:\WINDOWS\system32\pmnnnlk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pnndtffs.ini
C:\WINDOWS\system32\pnndtffs.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\sfftdnnp.dll
C:\WINDOWS\system32\sfftdnnp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtutu.dll
C:\WINDOWS\system32\vtutu.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.21

Checking Java version...

Sun Java not detected
Scan started at 13:38:35 30/04/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...


HijackThis :

Logfile of HijackThis v1.99.1
Scan saved at 13:51:59, on 30/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\LVComS.exe
C:\PROGRA~1\SECURI~1\av_fw\backweb\6588780\Program\SERVIC~1.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\backweb\6588780\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\Program Files\Securitoo\av_fw\backweb\6588780\Program\fspex.exe
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsrw.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
C:\PROGRA~1\SECURI~1\av_fw\ANTI-S~1\fsaw.exe
C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Pando Networks\Pando\pando.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\PSYCHO~1\LOCALS~1\Temp\Rar$EX00.829\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {BC924FF7-402B-435A-B650-A49AC8BBD471} - C:\WINDOWS\system32\vtutu.dll (file missing)
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\WINDOWS\NEWDOT~1.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\sfftdnnp.dll",realset
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\Securitoo\av_fw\backweb\6588780\Program\fspex.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Yahoo! Poker - http://download2.games.yahoo.com/games/clients/y/pt3_x....
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x...
O16 - DPF: Yahoo! Reversi - http://download2.games.yahoo.com/games/clients/y/rt0_x....
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/Dj...
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.c...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\SECURI~1\av_fw\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Re,

Télécharge combofix.exe (par sUBs) sur ton Bureau

Double clique combofix.exe.

Tape sur la touche Y (Yes) pour démarrer le scan.

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

07-01-27 14:27      104    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\PSYCHO~1\Bureau\Internet.lnk.vir

07-04-30 13:58      10582    --a------    C:\Qoobox\Quarantine\Registry_backups\services_nm.reg.cf

07-04-30 13:58      1202    --a------    C:\Qoobox\Quarantine\Registry_backups\LEGACY_NM.reg.cf

 
 
Structure du dossier

Le num‚ro de s‚rie du volume est 380A-FC7C

C:\QOOBOX

\---Quarantine

    +---C

    |   \---DOCUME~1

    |       \---PSYCHO~1

    |           \---Bureau

    |                   Internet.lnk.vir

    |                   

    \---Registry_backups

            LEGACY_NM.reg.cf

            services_nm.reg.cf

Ce n'est pas le rapport.
Il se trouve dans C:\

Oui trompé désolé , voilà :

"Psychoyos" - 07-04-30 13:55:39 Service Pack 2
ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Psychoyos\Bureau\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\PSYCHO~1\Bureau\internet.lnk


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\nm
-------\LEGACY_NM


((((((((((((((((((((((((((((((( Files Created from 2007-03-28 to 2007-04-30 ))))))))))))))))))))))))))))))))))


2007-04-30 13:13 <REP> d-------- C:\VundoFix Backups
2007-04-29 20:31 <REP> d-------- C:\Program Files\CCleaner
2007-04-29 12:48 <REP> d-------- C:\Program Files\Common Files
2007-04-29 12:46 <REP> d-------- C:\WINDOWS\cache
2007-04-29 12:36 <REP> d-------- C:\Program Files\WC3Banlist
2007-04-29 12:36 <REP> d-------- C:\Program Files\Google
2007-04-29 12:36 <REP> d-------- C:\DOCUME~1\PSYCHO~1\APPLIC~1\vlc
2007-04-28 18:25 519,886 ---hs---- C:\WINDOWS\system32\ututv.bak2
2007-04-27 18:25 565,614 ---hs---- C:\WINDOWS\system32\ututv.bak1
2007-04-25 21:31 <REP> d-------- C:\Program Files\Trickster Online
2007-04-18 14:07 <REP> d-------- C:\Program Files\MaxTV
2007-04-18 14:05 <REP> d-------- C:\WINDOWS\MaxTV
2007-04-17 14:11 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-04-17 14:11 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-04-17 14:11 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-04-17 14:11 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-04-17 14:11 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-04-17 14:11 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-04-17 14:11 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-04-17 14:11 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-04-17 14:11 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-04-17 14:11 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-04-17 14:11 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-04-17 14:11 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-04-17 14:11 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-04-17 14:10 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-04-16 16:11 153,925 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc.sys
2007-04-16 15:35 <REP> d-------- C:\Program Files\Lineage II
2007-04-15 14:05 <REP> d-------- C:\DOCUME~1\PSYCHO~1\APPLIC~1\IGN_DLM
2007-04-14 16:45 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-04-14 16:45 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-04-14 16:45 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-04-14 16:45 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-04-14 16:45 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-04-14 16:45 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-04-05 15:31 <REP> d-------- C:\DOCUME~1\PSYCHO~1\APPLIC~1\Google
2007-04-01 16:44 90,112 --a------ C:\WINDOWS\system32\TG_SYNC.DLL
2007-04-01 16:44 90,112 --a------ C:\WINDOWS\system32\TG_DUMP0611.DLL
2007-04-01 16:44 90,112 --a------ C:\WINDOWS\system32\SMIIMG.DLL
2007-04-01 16:44 110,592 --a------ C:\WINDOWS\system32\TG_VIEW0607.DLL
2007-03-30 21:39 <REP> d-------- C:\Program Files\LizardTech
2007-03-30 20:25 921,600 --a------ C:\WINDOWS\system32\vorbisenc.dll
2007-03-30 20:25 57,344 --a------ C:\WINDOWS\system32\MTXSYNCICON.dll
2007-03-30 20:25 471,040 --a------ C:\WINDOWS\system32\muzapp.dll
2007-03-30 20:25 45,056 --a------ C:\WINDOWS\system32\Ogg.dll
2007-03-30 20:25 245,408 --a------ C:\WINDOWS\system32\unicows.dll
2007-03-30 20:25 237,568 --a------ C:\WINDOWS\system32\OggDS.dll
2007-03-30 20:25 200,704 --a------ C:\WINDOWS\system32\muzwmts.dll
2007-03-30 20:25 188,416 --a------ C:\WINDOWS\system32\vorbis.dll
2007-03-30 20:25 167,936 --a------ C:\WINDOWS\system32\muzapp.exe
2007-03-30 20:25 135,168 --a------ C:\WINDOWS\system32\muzaf1.dll
2007-03-30 20:25 110,592 --a------ C:\WINDOWS\system32\tg_dump.dll
2007-03-30 20:25 <REP> d-------- C:\Program Files\Lame MP3 Codec


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-30 13:37 -------- d-------- C:\DOCUME~1\PSYCHO~1\APPLIC~1\skype
2007-04-30 01:01 -------- d-------- C:\Program Files\warcraft iii
2007-04-29 12:48 -------- d-------- C:\Program Files\yahoo!
2007-04-29 12:36 -------- d--h----- C:\Program Files\installshield installation information
2007-04-29 12:36 -------- d-------- C:\Program Files\interactual
2007-04-29 12:36 -------- d-------- C:\Program Files\dial-messenger
2007-04-29 12:10 -------- d-------- C:\Program Files\videolan
2007-04-28 10:13 -------- d-------- C:\Program Files\diablo 2
2007-04-27 18:27 -------- d-------- C:\Program Files\msn messenger
2007-04-24 16:49 -------- d-------- C:\Program Files\morpheus
2007-04-19 13:33 75266 --a------ C:\WINDOWS\system32\perfc00c.dat
2007-04-19 13:33 468072 --a------ C:\WINDOWS\system32\perfh00c.dat
2007-03-30 20:25 65024 --a------ C:\WINDOWS\ifinst26.exe
2007-03-27 21:56 -------- d-------- C:\Program Files\xvid
2007-03-27 21:55 -------- d-------- C:\Program Files\markany
2007-03-27 21:54 -------- d-------- C:\Program Files\samsung
2007-03-27 21:40 -------- d-------- C:\Program Files\windows media connect 2
2007-03-22 19:10 -------- d-------- C:\DOCUME~1\PSYCHO~1\APPLIC~1\media player classic
2007-03-21 21:36 -------- d-------- C:\Program Files\k-lite codec pack
2007-03-21 20:28 -------- d-------- C:\DOCUME~1\PSYCHO~1\APPLIC~1\dvdcss
2007-03-19 18:52 -------- d-------- C:\DOCUME~1\PSYCHO~1\APPLIC~1\screenshot sender
2007-03-17 15:44 293376 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-17 10:50 -------- d-------- C:\Program Files\messenger plus! live
2007-03-10 18:30 -------- d-------- C:\Program Files\microsoft picture it! 7
2007-03-10 18:23 -------- d-------- C:\Program Files\microsoft works
2007-03-10 18:15 -------- d-------- C:\Program Files\microsoft works suite 2003
2007-03-08 17:37 578560 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 17:37 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:37 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 17:33 1843712 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-21 22:00 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-02-09 19:46 43520 --a------ C:\WINDOWS\system32\cmdlineext03.dll
2007-02-05 22:19 185344 --a------ C:\WINDOWS\system32\upnphost.dll
2007-02-01 19:03 8464 --a------ C:\WINDOWS\system32\sporder.dll
2007-02-01 19:03 118784 --a------ C:\WINDOWS\newdotnet3_36.dll
2007-01-30 14:13 21840 --a----t- C:\WINDOWS\system32\sintfnt.dll
2007-01-30 14:13 17212 --a----t- C:\WINDOWS\system32\sintf32.dll
2007-01-30 14:13 12067 --a----t- C:\WINDOWS\system32\sintf16.dll
2007-01-27 00:42 62 --ahs---- C:\DOCUME~1\PSYCHO~1\APPLIC~1\desktop.ini


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
{38D3FE60-3D53-4F37-BB0E-C7A97A26A156} C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
{3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
{BC924FF7-402B-435A-B650-A49AC8BBD471} C:\WINDOWS\system32\vtutu.dll [x]
{D73F49B1-B51B-4d32-A3B7-BD04B8342F53} C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="C:\\ATI-CPanel\\atiptaxx.exe"
"SoundMan"="SOUNDMAN.EXE"
"F-Secure Manager"="\"C:\\Program Files\\Securitoo\\av_fw\\Common\\FSM32.EXE\" /splash"
"F-Secure TNB"="\"C:\\Program Files\\Securitoo\\av_fw\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
"F-Secure Startup Wizard"="\"C:\\Program Files\\Securitoo\\av_fw\\FSGUI\\FSSW.EXE\" /reboot"
"News Service"="\"C:\\Program Files\\Securitoo\\av_fw\\FSGUI\\ispnews.exe\""
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Microsoft Works Update Detection"="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"SMSTray"="C:\\Program Files\\Samsung\\Samsung Media Studio 5\\SMSTray.exe"
"MAAgent"="C:\\Program Files\\MarkAny\\ContentSafer\\MAAgent.exe"
"InfoData"="rundll32.exe \"C:\\WINDOWS\\system32\\sfftdnnp.dll\",realset"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"WOOKIT"="C:\\PROGRA~1\\Wanadoo\\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM="
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"WhenUSave"="\"C:\\Program Files\\Save\\Save.exe\""
"Pando"="\"C:\\Program Files\\Pando Networks\\Pando\\Pando.exe\" /Minimized"
@=""
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A2E49E61-7F19-4337-8620-60FF0538866B}"=""

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-30 13:59:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-04-30 13:59:59
C:\ComboFix-quarantined-files.txt ... 07-04-30 13:59

Re,

Télécharge Clean.zip (de Malekal),
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.

30/04/2007 a 14:14:24,51

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32

*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\MSN Messenger\msrr.exe" FOUND
*** Fin du rapport !

Re,

Désinstalle via Ajout/Suppression de Programmes :
Morpheus Toolbar
WhenUSave
NewDotNet

Reposte un rapport Hijackthis.

Re,

Je n'ai pu supr que Morpheu Toolbar , les autres n'y figurent pas.

Logfile of HijackThis v1.99.1
Scan saved at 19:50:38, on 30/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SECURI~1\av_fw\backweb\6588780\Program\SERVIC~1.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\Program Files\Securitoo\av_fw\backweb\6588780\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsrw.exe
C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
C:\PROGRA~1\SECURI~1\av_fw\ANTI-S~1\fsaw.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Securitoo\av_fw\backweb\6588780\Program\fspex.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\DOCUME~1\PSYCHO~1\LOCALS~1\Temp\Rar$EX01.469\MyBackPack11\MyBackPack1.1.exe
C:\Documents and Settings\Psychoyos\Mes documents\Irene PSYCHOYOS\W3XMapHack12102.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Pando Networks\Pando\pando.exe
C:\DOCUME~1\PSYCHO~1\LOCALS~1\Temp\Rar$EX00.765\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {BC924FF7-402B-435A-B650-A49AC8BBD471} - C:\WINDOWS\system32\vtutu.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\sfftdnnp.dll",realset
O4 - HKLM\..\RunOnce: [MorpheusToolbar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\Securitoo\av_fw\backweb\6588780\Program\fspex.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Yahoo! Poker - http://download2.games.yahoo.com/games/clients/y/pt3_x....
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x...
O16 - DPF: Yahoo! Reversi - http://download2.games.yahoo.com/games/clients/y/rt0_x....
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/Dj...
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.c...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\SECURI~1\av_fw\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Tu as bien désinstallé ce que j'ai dit ?

J'avais pas lu ta première ligne, la procédure arrive...

Désolé pour le triple post  

- Lance Hijackthis ->Do a system scan only
->Coche les lignes ci-dessous :

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {BC924FF7-402B-435A-B650-A49AC8BBD471} - C:\WINDOWS\system32\vtutu.dll (file missing)
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\sfftdnnp.dll",realset
O4 - HKLM\..\RunOnce: [MorpheusToolbar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"

Clique sur Fix checked (en bas à gauche)

-- Télécharge LSPfix
-- Lance LSPfix
-- Déconnecte-toi d'Internet et ferme toutes les fenêtres d'Internet Explorer.
-- Coche la case "I know what I'm doing"
-- Sélectionne toutes les instances des dll suivantes (s'il y en a, sinon ferme LSPfix) :
newdotnetX_XX (X=des chiffres)
Clique sur le bouton "Finish".

Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
Sélectionne TOUS les emplacements en gras ci-dessous :

C:\WINDOWS\system32\sfftdnnp.dll
C:\Program Files\Save
C:\Program Files\NewDotNet

---> Clique-droit puis Copier

Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller.
Clique maintenant sur [#ff0000]MoveIt![/#f]

[#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.[/#f]

Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport est la date de sa création.

Pour LSPfix

j'ai cette instance : NEWDOT~1.DLL
Je la met dans REMOVE et clic sur Finish ?

Ouaip  

Un message dit :
Cannot create file C:\_OTMoveIt\MovedFiles\04302007_205545.log.

ce qui fait que le raport n'y est po  

Reposte un rapport Hijackthis.

Logfile of HijackThis v1.99.1
Scan saved at 21:12:50, on 30/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\SECURI~1\av_fw\backweb\6588780\Program\SERVIC~1.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\backweb\6588780\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Securitoo\av_fw\backweb\6588780\Program\fspex.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsrw.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
C:\PROGRA~1\SECURI~1\av_fw\ANTI-S~1\fsaw.exe
C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Pando Networks\Pando\pando.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\DOCUME~1\PSYCHO~1\LOCALS~1\Temp\Rar$EX00.953\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\Securitoo\av_fw\backweb\6588780\Program\fspex.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Yahoo! Poker - http://download2.games.yahoo.com/games/clients/y/pt3_x....
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x...
O16 - DPF: Yahoo! Reversi - http://download2.games.yahoo.com/games/clients/y/rt0_x....
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/Dj...
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.c...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\SECURI~1\av_fw\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Ton pc se comporte mieux ?

Télécharge puis installe AVG Anti-Spyware (AVG AS)
Fais les mises à jour mais ne lance pas de scan pour le moment.
AIDE : Tuto sur AVG Anti-Spyware (Malekal)

Redémarre en mode sans échec

Relance AVG AS :
- Choisis l'onglet "Analyse"
- Puis l'onglet "Paramètres"
- Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
- Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

[#ff0000]Si un fichier est infecté en fin d'analyse, clique sur "Appliquer toutes les actions"[/#f]

Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
Enregistre ce fichier texte sur ton bureau.

Redémarre normalement
Poste le rapport AVG AS ainsi qu'un rapport Hijackthis.

Oui mon pc se comporte beaucoup mieu , 0 pop up de la journée ^^

C'est long sinon a ouvrir la page pour dl AVG Anti-Spyware (AVG AS)  

T'es sur que le lien marche tjr ?

Le site est peut être surchargé.

Bonjour

erf c'est relou  

http://www.01net.com/outils/telecharger/windows/Securit...
Fonctionne ?

a yes ça marche , bon je re-suit les tuto.

Ok  

Erf ils me disent de ré-essayer plutard car le server "is not ready to serve"


Est-ce vraiment nécessaire le smise a jours ?

Continue.

geralde connecte toi a msn

bonsoir
je confirme, ewido est en surchage. (j'ai le même problème sur une autre désinfection)
Il faut patienter...

Re , désolé c'etait long le scan .

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 23:56:01 30/04/2007

+ Résultat de l'analyse:



C:\Program Files\GDiVX Player\SuperBarInstall.exe -> Adware.GigatechSuperBar : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Psychoyos\Mes documents\Irene PSYCHOYOS\GDiVX1.9.9.5.exe -> Adware.NewDotNet : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\newdotnet3_36.dll -> Adware.NewDotNet : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Psychoyos\Menu Démarrer\Programmes\WeatherCast -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Psychoyos\Menu Démarrer\Programmes\WeatherCast\WeatherCast.lnk -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Psychoyos\Menu Démarrer\Programmes\WhenU -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Psychoyos\Menu Démarrer\Programmes\WhenU\Customer Support.lnk -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Psychoyos\Menu Démarrer\Programmes\WhenU\Learn More About WhenU Save.url -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Psychoyos\Menu Démarrer\Programmes\WhenU\Learn More About WhenU SaveNow.url -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Psychoyos\Menu Démarrer\Programmes\WhenU\Uninstall Instructions.lnk -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Psychoyos\Menu Démarrer\Programmes\WhenU\WhenU.com Website.url -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{2DF86429-7572-402D-98FC-2B51BB5D9B7D}\RP23\A0006584.exe/Save.exe -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{2DF86429-7572-402D-98FC-2B51BB5D9B7D}\RP23\A0006584.exe/SaveUninst.exe -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{2DF86429-7572-402D-98FC-2B51BB5D9B7D}\RP23\A0006584.exe/Uninst.exe -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{2DF86429-7572-402D-98FC-2B51BB5D9B7D}\RP23\A0006584.exe/Weather.exe -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\WhenUSave -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\WhenUSave\Partners -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\WhenUSave\Partners\CAST -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\WhenUSave\Partners\VIDG -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\superbar -> Adware.SuperBar : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Psychoyos\Cookies\psychoyos@www.adobe[1].txt -> TrackingCookie.Adobe : Nettoyé.
C:\Documents and Settings\Psychoyos\Cookies\psychoyos@burstnet[2].txt -> TrackingCookie.Burstnet : Nettoyé.
C:\Documents and Settings\Psychoyos\Cookies\psychoyos@www.burstnet[1].txt -> TrackingCookie.Burstnet : Nettoyé.
C:\Documents and Settings\Psychoyos\Cookies\psychoyos@com[1].txt -> TrackingCookie.Com : Nettoyé.
C:\Documents and Settings\Psychoyos\Cookies\psychoyos@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Nettoyé.
C:\Documents and Settings\Psychoyos\Cookies\psychoyos@ads.gamershell[1].txt -> TrackingCookie.Gamershell : Nettoyé.
C:\Documents and Settings\Psychoyos\Cookies\psychoyos@gamershell[1].txt -> TrackingCookie.Gamershell : Nettoyé.
C:\Documents and Settings\Psychoyos\Cookies\psychoyos@www.gamershell[1].txt -> TrackingCookie.Gamershell : Nettoyé.
C:\Documents and Settings\Psychoyos\Cookies\psychoyos@goldenpalace[2].txt -> TrackingCookie.Goldenpalace : Nettoyé.
C:\Documents and Settings\Psychoyos\Cookies\psychoyos@intelli-direct[1].txt -> TrackingCookie.Intelli-direct : Nettoyé.
C:\Documents and Settings\Psychoyos\Cookies\psychoyos@search.live[3].txt -> TrackingCookie.Live : Nettoyé.
C:\Documents and Settings\Psychoyos\Cookies\psychoyos@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Nettoyé.
C:\Documents and Settings\Psychoyos\Cookies\psychoyos@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Nettoyé.
C:\Documents and Settings\Psychoyos\Cookies\psychoyos@skype[1].txt -> TrackingCookie.Skype : Nettoyé.
C:\Documents and Settings\Psychoyos\Cookies\psychoyos@toplist[1].txt -> TrackingCookie.Toplist : Nettoyé.
C:\Documents and Settings\Psychoyos\Cookies\psychoyos@m.webtrends[1].txt -> TrackingCookie.Webtrends : Nettoyé.
C:\Documents and Settings\Psychoyos\Cookies\psychoyos@yadro[1].txt -> TrackingCookie.Yadro : Nettoyé.


Fin du rapport

et HijackThis :

Logfile of HijackThis v1.99.1
Scan saved at 00:08:27, on 01/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\SECURI~1\av_fw\backweb\6588780\Program\SERVIC~1.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\Program Files\Securitoo\av_fw\backweb\6588780\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\Program Files\Securitoo\av_fw\backweb\6588780\Program\fspex.exe
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsrw.exe
C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
C:\PROGRA~1\SECURI~1\av_fw\ANTI-S~1\fsaw.exe
C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Pando Networks\Pando\pando.exe
C:\DOCUME~1\PSYCHO~1\LOCALS~1\Temp\Rar$EX00.422\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\Securitoo\av_fw\backweb\6588780\Program\fspex.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Yahoo! Poker - http://download2.games.yahoo.com/games/clients/y/pt3_x....
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x...
O16 - DPF: Yahoo! Reversi - http://download2.games.yahoo.com/games/clients/y/rt0_x....
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/Dj...
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.c...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\SECURI~1\av_fw\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Ton pc se comporte mieux ?

Oui 0 pop up depuuis hier ^^

Tu as des questions ?

Eu non merci beaucoup  D

ah si , les programmes installés puis-je les désinstaller ??

Garde unqiuement AVG.