Se connecter / S'enregistrer
Votre question

Problèmes pop up a gogo

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
30 Avril 2007 12:55:47

Bonjour,

Voilà j'ai le même problème que plusieurs internautes , cad
des fenêtres Internet qui s'ourent sans arrêt.
Bref voila mon scan HijackThis . En espérant que quelqu'un
puisse m'aider.

Logfile of HijackThis v1.99.1
Scan saved at 12:51:48, on 30/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SECURI~1\av_fw\backweb\6588780\Program\SERVIC~1.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\backweb\6588780\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsrw.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
C:\PROGRA~1\SECURI~1\av_fw\ANTI-S~1\fsaw.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Securitoo\av_fw\backweb\6588780\Program\fspex.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Pando Networks\Pando\pando.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\PSYCHO~1\LOCALS~1\Temp\Rar$EX00.625\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\WINDOWS\NEWDOT~1.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\sfftdnnp.dll",realset
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\Securitoo\av_fw\backweb\6588780\Program\fspex.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Yahoo! Poker - http://download2.games.yahoo.com/games/clients/y/pt3_x....
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x...
O16 - DPF: Yahoo! Reversi - http://download2.games.yahoo.com/games/clients/y/rt0_x....
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/Dj...
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.c...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\SECURI~1\av_fw\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Autres pages sur : problemes pop gogo

a b 8 Sécurité
30 Avril 2007 13:10:08

Bonjour,

Commençons par Vundo.

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
  • Double-clique VundoFix.exe afin de le lancer
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse

    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
    30 Avril 2007 13:52:05

    Vundo :



    VundoFix V6.3.21

    Checking Java version...

    Sun Java not detected
    Scan started at 13:13:01 30/04/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\evpnuqwy.dll
    C:\WINDOWS\system32\gebawwv.dll
    C:\WINDOWS\system32\pmnnnlk.dll
    C:\WINDOWS\system32\pnndtffs.ini
    C:\WINDOWS\system32\sfftdnnp.dll
    C:\WINDOWS\system32\vtutu.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\evpnuqwy.dll
    C:\WINDOWS\system32\evpnuqwy.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gebawwv.dll
    C:\WINDOWS\system32\gebawwv.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmnnnlk.dll
    C:\WINDOWS\system32\pmnnnlk.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pnndtffs.ini
    C:\WINDOWS\system32\pnndtffs.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\sfftdnnp.dll
    C:\WINDOWS\system32\sfftdnnp.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vtutu.dll
    C:\WINDOWS\system32\vtutu.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.3.21

    Checking Java version...

    Sun Java not detected
    Scan started at 13:38:35 30/04/2007

    Listing files found while scanning....

    No infected files were found.


    Beginning removal...


    HijackThis :

    Logfile of HijackThis v1.99.1
    Scan saved at 13:51:59, on 30/04/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\ATI-CPanel\atiptaxx.exe
    C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\LVComS.exe
    C:\PROGRA~1\SECURI~1\av_fw\backweb\6588780\Program\SERVIC~1.EXE
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
    C:\Program Files\Securitoo\av_fw\backweb\6588780\program\fsbwsys.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
    C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
    C:\Program Files\Securitoo\av_fw\backweb\6588780\Program\fspex.exe
    C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
    C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsrw.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
    C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
    C:\PROGRA~1\SECURI~1\av_fw\ANTI-S~1\fsaw.exe
    C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Pando Networks\Pando\pando.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\PSYCHO~1\LOCALS~1\Temp\Rar$EX00.829\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
    O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {BC924FF7-402B-435A-B650-A49AC8BBD471} - C:\WINDOWS\system32\vtutu.dll (file missing)
    O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
    O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\WINDOWS\NEWDOT~1.DLL,NewDotNetStartup
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
    O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
    O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\sfftdnnp.dll",realset
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
    O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\Securitoo\av_fw\backweb\6588780\Program\fspex.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm
    O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: Yahoo! Poker - http://download2.games.yahoo.com/games/clients/y/pt3_x....
    O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x...
    O16 - DPF: Yahoo! Reversi - http://download2.games.yahoo.com/games/clients/y/rt0_x....
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/Dj...
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.c...
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\SECURI~1\av_fw\backweb\6588780\Program\SERVIC~1.EXE
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\6588780\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)




    Contenus similaires
    a b 8 Sécurité
    30 Avril 2007 13:52:52

    Re,

  • Télécharge combofix.exe (par sUBs) sur ton Bureau
  • Double clique combofix.exe.
  • Tape sur la touche Y (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt
    30 Avril 2007 14:01:31

    1. 07-01-27 14:27 104 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\PSYCHO~1\Bureau\Internet.lnk.vir
    2. 07-04-30 13:58 10582 --a------ C:\Qoobox\Quarantine\Registry_backups\services_nm.reg.cf
    3. 07-04-30 13:58 1202 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_NM.reg.cf
    4.  
    5.  
    6. Structure du dossier
    7. Le num‚ro de s‚rie du volume est 380A-FC7C
    8. C:\QOOBOX
    9. \---Quarantine
    10. +---C
    11. | \---DOCUME~1
    12. | \---PSYCHO~1
    13. | \---Bureau
    14. | Internet.lnk.vir
    15. |
    16. \---Registry_backups
    17. LEGACY_NM.reg.cf
    18. services_nm.reg.cf

    a b 8 Sécurité
    30 Avril 2007 14:02:41

    Ce n'est pas le rapport.
    Il se trouve dans C:\
    30 Avril 2007 14:04:26

    Oui trompé désolé , voilà :

    "Psychoyos" - 07-04-30 13:55:39 Service Pack 2
    ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Psychoyos\Bureau\"


    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\PSYCHO~1\Bureau\internet.lnk


    ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\nm
    -------\LEGACY_NM


    ((((((((((((((((((((((((((((((( Files Created from 2007-03-28 to 2007-04-30 ))))))))))))))))))))))))))))))))))


    2007-04-30 13:13 <REP> d-------- C:\VundoFix Backups
    2007-04-29 20:31 <REP> d-------- C:\Program Files\CCleaner
    2007-04-29 12:48 <REP> d-------- C:\Program Files\Common Files
    2007-04-29 12:46 <REP> d-------- C:\WINDOWS\cache
    2007-04-29 12:36 <REP> d-------- C:\Program Files\WC3Banlist
    2007-04-29 12:36 <REP> d-------- C:\Program Files\Google
    2007-04-29 12:36 <REP> d-------- C:\DOCUME~1\PSYCHO~1\APPLIC~1\vlc
    2007-04-28 18:25 519,886 ---hs---- C:\WINDOWS\system32\ututv.bak2
    2007-04-27 18:25 565,614 ---hs---- C:\WINDOWS\system32\ututv.bak1
    2007-04-25 21:31 <REP> d-------- C:\Program Files\Trickster Online
    2007-04-18 14:07 <REP> d-------- C:\Program Files\MaxTV
    2007-04-18 14:05 <REP> d-------- C:\WINDOWS\MaxTV
    2007-04-17 14:11 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
    2007-04-17 14:11 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
    2007-04-17 14:11 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
    2007-04-17 14:11 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
    2007-04-17 14:11 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
    2007-04-17 14:11 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
    2007-04-17 14:11 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
    2007-04-17 14:11 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
    2007-04-17 14:11 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
    2007-04-17 14:11 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
    2007-04-17 14:11 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
    2007-04-17 14:11 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
    2007-04-17 14:11 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
    2007-04-17 14:10 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
    2007-04-16 16:11 153,925 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc.sys
    2007-04-16 15:35 <REP> d-------- C:\Program Files\Lineage II
    2007-04-15 14:05 <REP> d-------- C:\DOCUME~1\PSYCHO~1\APPLIC~1\IGN_DLM
    2007-04-14 16:45 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
    2007-04-14 16:45 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
    2007-04-14 16:45 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
    2007-04-14 16:45 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
    2007-04-14 16:45 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
    2007-04-14 16:45 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
    2007-04-05 15:31 <REP> d-------- C:\DOCUME~1\PSYCHO~1\APPLIC~1\Google
    2007-04-01 16:44 90,112 --a------ C:\WINDOWS\system32\TG_SYNC.DLL
    2007-04-01 16:44 90,112 --a------ C:\WINDOWS\system32\TG_DUMP0611.DLL
    2007-04-01 16:44 90,112 --a------ C:\WINDOWS\system32\SMIIMG.DLL
    2007-04-01 16:44 110,592 --a------ C:\WINDOWS\system32\TG_VIEW0607.DLL
    2007-03-30 21:39 <REP> d-------- C:\Program Files\LizardTech
    2007-03-30 20:25 921,600 --a------ C:\WINDOWS\system32\vorbisenc.dll
    2007-03-30 20:25 57,344 --a------ C:\WINDOWS\system32\MTXSYNCICON.dll
    2007-03-30 20:25 471,040 --a------ C:\WINDOWS\system32\muzapp.dll
    2007-03-30 20:25 45,056 --a------ C:\WINDOWS\system32\Ogg.dll
    2007-03-30 20:25 245,408 --a------ C:\WINDOWS\system32\unicows.dll
    2007-03-30 20:25 237,568 --a------ C:\WINDOWS\system32\OggDS.dll
    2007-03-30 20:25 200,704 --a------ C:\WINDOWS\system32\muzwmts.dll
    2007-03-30 20:25 188,416 --a------ C:\WINDOWS\system32\vorbis.dll
    2007-03-30 20:25 167,936 --a------ C:\WINDOWS\system32\muzapp.exe
    2007-03-30 20:25 135,168 --a------ C:\WINDOWS\system32\muzaf1.dll
    2007-03-30 20:25 110,592 --a------ C:\WINDOWS\system32\tg_dump.dll
    2007-03-30 20:25 <REP> d-------- C:\Program Files\Lame MP3 Codec


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-04-30 13:37 -------- d-------- C:\DOCUME~1\PSYCHO~1\APPLIC~1\skype
    2007-04-30 01:01 -------- d-------- C:\Program Files\warcraft iii
    2007-04-29 12:48 -------- d-------- C:\Program Files\yahoo!
    2007-04-29 12:36 -------- d--h----- C:\Program Files\installshield installation information
    2007-04-29 12:36 -------- d-------- C:\Program Files\interactual
    2007-04-29 12:36 -------- d-------- C:\Program Files\dial-messenger
    2007-04-29 12:10 -------- d-------- C:\Program Files\videolan
    2007-04-28 10:13 -------- d-------- C:\Program Files\diablo 2
    2007-04-27 18:27 -------- d-------- C:\Program Files\msn messenger
    2007-04-24 16:49 -------- d-------- C:\Program Files\morpheus
    2007-04-19 13:33 75266 --a------ C:\WINDOWS\system32\perfc00c.dat
    2007-04-19 13:33 468072 --a------ C:\WINDOWS\system32\perfh00c.dat
    2007-03-30 20:25 65024 --a------ C:\WINDOWS\ifinst26.exe
    2007-03-27 21:56 -------- d-------- C:\Program Files\xvid
    2007-03-27 21:55 -------- d-------- C:\Program Files\markany
    2007-03-27 21:54 -------- d-------- C:\Program Files\samsung
    2007-03-27 21:40 -------- d-------- C:\Program Files\windows media connect 2
    2007-03-22 19:10 -------- d-------- C:\DOCUME~1\PSYCHO~1\APPLIC~1\media player classic
    2007-03-21 21:36 -------- d-------- C:\Program Files\k-lite codec pack
    2007-03-21 20:28 -------- d-------- C:\DOCUME~1\PSYCHO~1\APPLIC~1\dvdcss
    2007-03-19 18:52 -------- d-------- C:\DOCUME~1\PSYCHO~1\APPLIC~1\screenshot sender
    2007-03-17 15:44 293376 --a------ C:\WINDOWS\system32\winsrv.dll
    2007-03-17 10:50 -------- d-------- C:\Program Files\messenger plus! live
    2007-03-10 18:30 -------- d-------- C:\Program Files\microsoft picture it! 7
    2007-03-10 18:23 -------- d-------- C:\Program Files\microsoft works
    2007-03-10 18:15 -------- d-------- C:\Program Files\microsoft works suite 2003
    2007-03-08 17:37 578560 --a------ C:\WINDOWS\system32\user32.dll
    2007-03-08 17:37 40960 --a------ C:\WINDOWS\system32\mf3216.dll
    2007-03-08 17:37 281600 --a------ C:\WINDOWS\system32\gdi32.dll
    2007-03-08 17:33 1843712 --a------ C:\WINDOWS\system32\win32k.sys
    2007-02-21 22:00 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll
    2007-02-09 19:46 43520 --a------ C:\WINDOWS\system32\cmdlineext03.dll
    2007-02-05 22:19 185344 --a------ C:\WINDOWS\system32\upnphost.dll
    2007-02-01 19:03 8464 --a------ C:\WINDOWS\system32\sporder.dll
    2007-02-01 19:03 118784 --a------ C:\WINDOWS\newdotnet3_36.dll
    2007-01-30 14:13 21840 --a----t- C:\WINDOWS\system32\sintfnt.dll
    2007-01-30 14:13 17212 --a----t- C:\WINDOWS\system32\sintf32.dll
    2007-01-30 14:13 12067 --a----t- C:\WINDOWS\system32\sintf16.dll
    2007-01-27 00:42 62 --ahs---- C:\DOCUME~1\PSYCHO~1\APPLIC~1\desktop.ini


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
    {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
    {BC924FF7-402B-435A-B650-A49AC8BBD471} C:\WINDOWS\system32\vtutu.dll [x]
    {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "ATIPTA"="C:\\ATI-CPanel\\atiptaxx.exe"
    "SoundMan"="SOUNDMAN.EXE"
    "F-Secure Manager"="\"C:\\Program Files\\Securitoo\\av_fw\\Common\\FSM32.EXE\" /splash"
    "F-Secure TNB"="\"C:\\Program Files\\Securitoo\\av_fw\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
    "F-Secure Startup Wizard"="\"C:\\Program Files\\Securitoo\\av_fw\\FSGUI\\FSSW.EXE\" /reboot"
    "News Service"="\"C:\\Program Files\\Securitoo\\av_fw\\FSGUI\\ispnews.exe\""
    "LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
    "LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "Microsoft Works Update Detection"="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Works Shared\\WkUFind.exe"
    "SMSTray"="C:\\Program Files\\Samsung\\Samsung Media Studio 5\\SMSTray.exe"
    "MAAgent"="C:\\Program Files\\MarkAny\\ContentSafer\\MAAgent.exe"
    "InfoData"="rundll32.exe \"C:\\WINDOWS\\system32\\sfftdnnp.dll\",realset"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "WOOKIT"="C:\\PROGRA~1\\Wanadoo\\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM="
    "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
    "Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
    "WhenUSave"="\"C:\\Program Files\\Save\\Save.exe\""
    "Pando"="\"C:\\Program Files\\Pando Networks\\Pando\\Pando.exe\" /Minimized"
    @=""
    "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{A2E49E61-7F19-4337-8620-60FF0538866B}"=""

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
    Authentication Packages REG_MULTI_SZ msv1_0\0\0
    Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
    Notification Packages REG_MULTI_SZ scecli\0\0


    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


    ********************************************************************

    catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-04-30 13:59:57
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    ********************************************************************

    Completion time: 07-04-30 13:59:59
    C:\ComboFix-quarantined-files.txt ... 07-04-30 13:59
    a b 8 Sécurité
    30 Avril 2007 14:10:21

    Re,

    Télécharge Clean.zip (de Malekal),
    Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
    Ouvre le dossier clean, double-clique sur clean.cmd.
    Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.

    30 Avril 2007 14:14:44

    30/04/2007 a 14:14:24,51

    *** Recherche des fichiers dans C:

    *** Recherche des fichiers dans C:\WINDOWS\

    *** Recherche des fichiers dans C:\WINDOWS\system32

    *** Recherche des fichiers dans C:\Program Files
    "C:\Program Files\MSN Messenger\msrr.exe" FOUND
    *** Fin du rapport !
    a b 8 Sécurité
    30 Avril 2007 17:50:21

    Re,

    Désinstalle via Ajout/Suppression de Programmes :
    Morpheus Toolbar
    WhenUSave
    NewDotNet

    Reposte un rapport Hijackthis.
    30 Avril 2007 19:50:39

    Re,

    Je n'ai pu supr que Morpheu Toolbar , les autres n'y figurent pas.

    Logfile of HijackThis v1.99.1
    Scan saved at 19:50:38, on 30/04/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\SECURI~1\av_fw\backweb\6588780\Program\SERVIC~1.EXE
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
    C:\Program Files\Securitoo\av_fw\backweb\6588780\program\fsbwsys.exe
    C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
    C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
    C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsrw.exe
    C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\ATI-CPanel\atiptaxx.exe
    C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
    C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
    C:\PROGRA~1\SECURI~1\av_fw\ANTI-S~1\fsaw.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Securitoo\av_fw\backweb\6588780\Program\fspex.exe
    C:\WINDOWS\system32\LVComS.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\DOCUME~1\PSYCHO~1\LOCALS~1\Temp\Rar$EX01.469\MyBackPack11\MyBackPack1.1.exe
    C:\Documents and Settings\Psychoyos\Mes documents\Irene PSYCHOYOS\W3XMapHack12102.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Pando Networks\Pando\pando.exe
    C:\DOCUME~1\PSYCHO~1\LOCALS~1\Temp\Rar$EX00.765\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {BC924FF7-402B-435A-B650-A49AC8BBD471} - C:\WINDOWS\system32\vtutu.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
    O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
    O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\sfftdnnp.dll",realset
    O4 - HKLM\..\RunOnce: [MorpheusToolbar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
    O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\Securitoo\av_fw\backweb\6588780\Program\fspex.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm
    O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: Yahoo! Poker - http://download2.games.yahoo.com/games/clients/y/pt3_x....
    O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x...
    O16 - DPF: Yahoo! Reversi - http://download2.games.yahoo.com/games/clients/y/rt0_x....
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/Dj...
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.c...
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\SECURI~1\av_fw\backweb\6588780\Program\SERVIC~1.EXE
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\6588780\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

    a b 8 Sécurité
    30 Avril 2007 19:51:44

    Tu as bien désinstallé ce que j'ai dit ?
    a b 8 Sécurité
    30 Avril 2007 19:52:17

    J'avais pas lu ta première ligne, la procédure arrive...
    a b 8 Sécurité
    30 Avril 2007 19:54:40

    Désolé pour le triple post :/ 

    - Lance Hijackthis ->Do a system scan only
    ->Coche les lignes ci-dessous :

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {BC924FF7-402B-435A-B650-A49AC8BBD471} - C:\WINDOWS\system32\vtutu.dll (file missing)
    O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\sfftdnnp.dll",realset
    O4 - HKLM\..\RunOnce: [MorpheusToolbar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
    O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"

    Clique sur Fix checked (en bas à gauche)

    -- Télécharge LSPfix
    -- Lance LSPfix
    -- Déconnecte-toi d'Internet et ferme toutes les fenêtres d'Internet Explorer.
    -- Coche la case "I know what I'm doing"
    -- Sélectionne toutes les instances des dll suivantes (s'il y en a, sinon ferme LSPfix) :
    newdotnetX_XX (X=des chiffres)
    Clique sur le bouton "Finish".

    Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
    Sélectionne TOUS les emplacements en gras ci-dessous :

    C:\WINDOWS\system32\sfftdnnp.dll
    C:\Program Files\Save
    C:\Program Files\NewDotNet


    ---> Clique-droit puis Copier

    Double-clique sur OTMoveIt.exe afin de le lancer.
    Fais un Clique-droit sur le cadre de gauche puis choisis Coller.
    Clique maintenant sur [#ff0000]MoveIt![/#f]

    [#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.[/#f]

    Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport est la date de sa création.
    30 Avril 2007 20:32:39

    Pour LSPfix

    j'ai cette instance : NEWDOT~1.DLL
    Je la met dans REMOVE et clic sur Finish ?
    a b 8 Sécurité
    30 Avril 2007 20:49:09

    Ouaip :) 
    30 Avril 2007 21:06:06

    Un message dit :
    Cannot create file C:\_OTMoveIt\MovedFiles\04302007_205545.log.

    ce qui fait que le raport n'y est po :( 
    a b 8 Sécurité
    30 Avril 2007 21:10:45

    Reposte un rapport Hijackthis.
    30 Avril 2007 21:12:43

    Logfile of HijackThis v1.99.1
    Scan saved at 21:12:50, on 30/04/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\ATI-CPanel\atiptaxx.exe
    C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\SECURI~1\av_fw\backweb\6588780\Program\SERVIC~1.EXE
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
    C:\Program Files\Securitoo\av_fw\backweb\6588780\program\fsbwsys.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
    C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
    C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Securitoo\av_fw\backweb\6588780\Program\fspex.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
    C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsrw.exe
    C:\WINDOWS\system32\LVComS.exe
    C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
    C:\PROGRA~1\SECURI~1\av_fw\ANTI-S~1\fsaw.exe
    C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Pando Networks\Pando\pando.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\DOCUME~1\PSYCHO~1\LOCALS~1\Temp\Rar$EX00.953\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
    O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\Securitoo\av_fw\backweb\6588780\Program\fspex.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm
    O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: Yahoo! Poker - http://download2.games.yahoo.com/games/clients/y/pt3_x....
    O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x...
    O16 - DPF: Yahoo! Reversi - http://download2.games.yahoo.com/games/clients/y/rt0_x....
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/Dj...
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.c...
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\SECURI~1\av_fw\backweb\6588780\Program\SERVIC~1.EXE
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\6588780\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

    a b 8 Sécurité
    30 Avril 2007 21:13:44

    Ton pc se comporte mieux ?

    Télécharge puis installe AVG Anti-Spyware (AVG AS)
    Fais les mises à jour mais ne lance pas de scan pour le moment.
    AIDE : Tuto sur AVG Anti-Spyware (Malekal)

    Redémarre en mode sans échec

    Relance AVG AS :
    - Choisis l'onglet "Analyse"
    - Puis l'onglet "Paramètres"
    - Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
    - Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

    [#ff0000]Si un fichier est infecté en fin d'analyse, clique sur "Appliquer toutes les actions"[/#f]

    Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
    Enregistre ce fichier texte sur ton bureau.

    Redémarre normalement
    Poste le rapport AVG AS ainsi qu'un rapport Hijackthis.
    30 Avril 2007 21:26:22

    Oui mon pc se comporte beaucoup mieu , 0 pop up de la journée ^^

    C'est long sinon a ouvrir la page pour dl AVG Anti-Spyware (AVG AS) :o 

    T'es sur que le lien marche tjr ?
    a b 8 Sécurité
    30 Avril 2007 21:38:11

    Le site est peut être surchargé.
    30 Avril 2007 21:50:31

    Bonjour
    30 Avril 2007 22:09:37

    erf c'est relou :o 
    30 Avril 2007 22:16:02

    a yes ça marche , bon je re-suit les tuto.
    a b 8 Sécurité
    30 Avril 2007 22:23:52

    Ok :) 
    30 Avril 2007 22:28:11

    Erf ils me disent de ré-essayer plutard car le server "is not ready to serve"


    Est-ce vraiment nécessaire le smise a jours ?
    a b 8 Sécurité
    30 Avril 2007 22:43:18

    Continue.
    30 Avril 2007 23:43:13

    geralde connecte toi a msn
    30 Avril 2007 23:49:02

    bonsoir
    je confirme, ewido est en surchage. (j'ai le même problème sur une autre désinfection)
    Il faut patienter...
    1 Mai 2007 00:05:11

    Re , désolé c'etait long le scan .

    ---------------------------------------------------------
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 23:56:01 30/04/2007

    + Résultat de l'analyse:



    C:\Program Files\GDiVX Player\SuperBarInstall.exe -> Adware.GigatechSuperBar : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\Psychoyos\Mes documents\Irene PSYCHOYOS\GDiVX1.9.9.5.exe -> Adware.NewDotNet : Nettoyé et sauvegardé (mise en quarantaine).
    C:\WINDOWS\newdotnet3_36.dll -> Adware.NewDotNet : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\Psychoyos\Menu Démarrer\Programmes\WeatherCast -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\Psychoyos\Menu Démarrer\Programmes\WeatherCast\WeatherCast.lnk -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\Psychoyos\Menu Démarrer\Programmes\WhenU -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\Psychoyos\Menu Démarrer\Programmes\WhenU\Customer Support.lnk -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\Psychoyos\Menu Démarrer\Programmes\WhenU\Learn More About WhenU Save.url -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\Psychoyos\Menu Démarrer\Programmes\WhenU\Learn More About WhenU SaveNow.url -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\Psychoyos\Menu Démarrer\Programmes\WhenU\Uninstall Instructions.lnk -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\Psychoyos\Menu Démarrer\Programmes\WhenU\WhenU.com Website.url -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine).
    C:\System Volume Information\_restore{2DF86429-7572-402D-98FC-2B51BB5D9B7D}\RP23\A0006584.exe/Save.exe -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine).
    C:\System Volume Information\_restore{2DF86429-7572-402D-98FC-2B51BB5D9B7D}\RP23\A0006584.exe/SaveUninst.exe -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine).
    C:\System Volume Information\_restore{2DF86429-7572-402D-98FC-2B51BB5D9B7D}\RP23\A0006584.exe/Uninst.exe -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine).
    C:\System Volume Information\_restore{2DF86429-7572-402D-98FC-2B51BB5D9B7D}\RP23\A0006584.exe/Weather.exe -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine).
    HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine).
    HKLM\SOFTWARE\WhenUSave -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine).
    HKLM\SOFTWARE\WhenUSave\Partners -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine).
    HKLM\SOFTWARE\WhenUSave\Partners\CAST -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine).
    HKLM\SOFTWARE\WhenUSave\Partners\VIDG -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine).
    HKLM\SOFTWARE\superbar -> Adware.SuperBar : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\Psychoyos\Cookies\psychoyos@www.adobe[1].txt -> TrackingCookie.Adobe : Nettoyé.
    C:\Documents and Settings\Psychoyos\Cookies\psychoyos@burstnet[2].txt -> TrackingCookie.Burstnet : Nettoyé.
    C:\Documents and Settings\Psychoyos\Cookies\psychoyos@www.burstnet[1].txt -> TrackingCookie.Burstnet : Nettoyé.
    C:\Documents and Settings\Psychoyos\Cookies\psychoyos@com[1].txt -> TrackingCookie.Com : Nettoyé.
    C:\Documents and Settings\Psychoyos\Cookies\psychoyos@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Nettoyé.
    C:\Documents and Settings\Psychoyos\Cookies\psychoyos@ads.gamershell[1].txt -> TrackingCookie.Gamershell : Nettoyé.
    C:\Documents and Settings\Psychoyos\Cookies\psychoyos@gamershell[1].txt -> TrackingCookie.Gamershell : Nettoyé.
    C:\Documents and Settings\Psychoyos\Cookies\psychoyos@www.gamershell[1].txt -> TrackingCookie.Gamershell : Nettoyé.
    C:\Documents and Settings\Psychoyos\Cookies\psychoyos@goldenpalace[2].txt -> TrackingCookie.Goldenpalace : Nettoyé.
    C:\Documents and Settings\Psychoyos\Cookies\psychoyos@intelli-direct[1].txt -> TrackingCookie.Intelli-direct : Nettoyé.
    C:\Documents and Settings\Psychoyos\Cookies\psychoyos@search.live[3].txt -> TrackingCookie.Live : Nettoyé.
    C:\Documents and Settings\Psychoyos\Cookies\psychoyos@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Nettoyé.
    C:\Documents and Settings\Psychoyos\Cookies\psychoyos@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Nettoyé.
    C:\Documents and Settings\Psychoyos\Cookies\psychoyos@skype[1].txt -> TrackingCookie.Skype : Nettoyé.
    C:\Documents and Settings\Psychoyos\Cookies\psychoyos@toplist[1].txt -> TrackingCookie.Toplist : Nettoyé.
    C:\Documents and Settings\Psychoyos\Cookies\psychoyos@m.webtrends[1].txt -> TrackingCookie.Webtrends : Nettoyé.
    C:\Documents and Settings\Psychoyos\Cookies\psychoyos@yadro[1].txt -> TrackingCookie.Yadro : Nettoyé.


    Fin du rapport

    1 Mai 2007 00:08:34

    et HijackThis :

    Logfile of HijackThis v1.99.1
    Scan saved at 00:08:27, on 01/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\ATI-CPanel\atiptaxx.exe
    C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\SECURI~1\av_fw\backweb\6588780\Program\SERVIC~1.EXE
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
    C:\Program Files\Securitoo\av_fw\backweb\6588780\program\fsbwsys.exe
    C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    C:\WINDOWS\system32\LVComS.exe
    C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
    C:\Program Files\Securitoo\av_fw\backweb\6588780\Program\fspex.exe
    C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
    C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsrw.exe
    C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
    C:\PROGRA~1\SECURI~1\av_fw\ANTI-S~1\fsaw.exe
    C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
    C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Pando Networks\Pando\pando.exe
    C:\DOCUME~1\PSYCHO~1\LOCALS~1\Temp\Rar$EX00.422\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
    O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\Securitoo\av_fw\backweb\6588780\Program\fspex.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm
    O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: Yahoo! Poker - http://download2.games.yahoo.com/games/clients/y/pt3_x....
    O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x...
    O16 - DPF: Yahoo! Reversi - http://download2.games.yahoo.com/games/clients/y/rt0_x....
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/Dj...
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.c...
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\SECURI~1\av_fw\backweb\6588780\Program\SERVIC~1.EXE
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\6588780\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

    a b 8 Sécurité
    1 Mai 2007 10:36:35

    Ton pc se comporte mieux ?
    1 Mai 2007 13:23:12

    Oui 0 pop up depuuis hier ^^
    a b 8 Sécurité
    1 Mai 2007 14:32:59

    Tu as des questions ?
    1 Mai 2007 15:33:32

    Eu non merci beaucoup :D D

    ah si , les programmes installés puis-je les désinstaller ??
    a b 8 Sécurité
    1 Mai 2007 15:45:45

    Garde unqiuement AVG.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS