Salut, c'est mon premier post sur info-du-net. J'espére étre bien acceuilli.
Voila, j'ai un probléme assez énervent :
Toutes les deu minutes (+ ou -) j'ai une (Voire deux fenétres quand j'ai de la "chance" ^^) qui s'ouvrent et qui me font basculer sur Firfox obligatoirement.
Donc, plus moyen de jouer ou de matter un DVD tranquile !
Voici quelques adresses des pubs juste à titre informatif :
http://www.amaena.com/securityworm [...] v5&lid=net
http://www.health-yshopping.com/normal/yyy102.html
http://www.browserbuy-out.com/normal/yyy102.html
http://www212.paypopup.com/network [...] _prepopped
http://www.winantiviruspro.com/?ai [...] =ban_popup
http://www.dealiotoday.com/normal/yyy102.html
Je suis sûr à 90% qu'il s'agit d'un spyware.
J'ai fait un scan avec ad-aware dont voici le log :


Ad-Aware SE Build 1.06r1
Logfile Created on:mercredi 1 mars 2006 15:27:32
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R93 22.02.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch(TAC index:10):4 total references
MRU List(TAC index:0):14 total references
Tracking Cookie(TAC index:3):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


1-03-2006 15:27:32 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Elfique\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-507921405-651377827-725345543-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-507921405-651377827-725345543-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-507921405-651377827-725345543-1003\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-507921405-651377827-725345543-1003\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-507921405-651377827-725345543-1003\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint


MRU List Object Recognized!
Location: : S-1-5-21-507921405-651377827-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-507921405-651377827-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-507921405-651377827-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-507921405-651377827-725345543-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-507921405-651377827-725345543-1003\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 628
ThreadCreationTime : 1-03-2006 9:15:23
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 712
ThreadCreationTime : 1-03-2006 9:15:31
BasePriority : High


CoolWebSearch Object Recognized!
Type : Process
Data : gp8ul3l91.dll
TAC Rating : 10
Category : Malware
Comment : wqapi.dll
Object : C:\WINDOWS\system32\


Warning! CoolWebSearch Object found in memory(C:\WINDOWS\system32\gp8ul3l91.dll)


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 760
ThreadCreationTime : 1-03-2006 9:15:34
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Applications Services et Contrôleur
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : services.exe

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 772
ThreadCreationTime : 1-03-2006 9:15:34
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 912
ThreadCreationTime : 1-03-2006 9:15:37
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1044
ThreadCreationTime : 1-03-2006 9:15:39
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1172
ThreadCreationTime : 1-03-2006 9:15:42
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:8 [ctsvccda.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1220
ThreadCreationTime : 1-03-2006 9:15:42
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Service for CDROM Access
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
LegalCopyright : Copyright (c) Creative Technology Ltd., 1999. All rights reserved.
OriginalFilename : CTsvcCDA.EXE

#:9 [kepcontroller.exe]
FilePath : C:\Program Files\Kaneva\Platform\bin\
ProcessID : 1256
ThreadCreationTime : 1-03-2006 9:15:43
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Klaus Entertainment Platform
CompanyName : Klaus Entertainment, Inc.
FileDescription : KEP Controller Application
InternalName : Controller
LegalCopyright : Copyright © 2004 Klaus Entertainment, Inc.
OriginalFilename : KEPController.exe

#:10 [raysat_3dsmax8server.exe]
FilePath : C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\
ProcessID : 1276
ThreadCreationTime : 1-03-2006 9:15:46
BasePriority : Normal


#:11 [nvsvc32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1312
ThreadCreationTime : 1-03-2006 9:15:47
BasePriority : Normal
FileVersion : 6.14.10.8198
ProductVersion : 6.14.10.8198
ProductName : NVIDIA Driver Helper Service, Version 81.98
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 81.98
InternalName : NVSVC
LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:12 [mspmspsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1408
ThreadCreationTime : 1-03-2006 9:15:50
BasePriority : Normal
FileVersion : 7.00.00.1954
ProductVersion : 7.00.00.1954
ProductName : Microsoft (R) DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE

#:13 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1640
ThreadCreationTime : 1-03-2006 9:16:06
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Exécuter une DLL en tant qu'application
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : RUNDLL.EXE

CoolWebSearch Object Recognized!
Type : Process
Data : cjiconfg.dll
TAC Rating : 10
Category : Malware
Comment : wqapi.dll
Object : C:\WINDOWS\system32\


Warning! CoolWebSearch Object found in memory(C:\WINDOWS\system32\cjiconfg.dll)


#:14 [wbload.exe]
FilePath : C:\Program Files\Stardock\Object Desktop\WindowBlinds\
ProcessID : 1696
ThreadCreationTime : 1-03-2006 9:16:08
BasePriority : Normal
FileVersion : 4.4
ProductVersion : 4.4
ProductName : WindowBlinds - http://www.windowblinds.net
CompanyName : Stardock Systems, Inc
FileDescription : WindowBlinds
InternalName : WindowBlinds
LegalCopyright : Copyright © 1997-2004 Neil Banfield, © 1998-2004 Stardock.Net, Inc
OriginalFilename : WindowBlinds
Comments : This is the WindowBlinds launcher app. Please do not delete this file. If you want to uninstall WindowBlinds, then use the uninstaller!

#:15 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_06\bin\
ProcessID : 1952
ThreadCreationTime : 1-03-2006 9:16:29
BasePriority : Normal


#:16 [issch.exe]
FilePath : C:\Program Files\Fichiers communs\InstallShield\UpdateService\
ProcessID : 1964
ThreadCreationTime : 1-03-2006 9:16:29
BasePriority : Normal
FileVersion : 4, 60, 100, 37068
ProductVersion : 4, 60
ProductName : InstallShield Update Service
CompanyName : Macrovision Corporation
FileDescription : InstallShield Update Service Scheduler
InternalName : Scheduler
LegalCopyright : Copyright (C) 2005 Macrovision Corporation
OriginalFilename : issch.exe

#:17 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 1996
ThreadCreationTime : 1-03-2006 9:16:30
BasePriority : Normal
FileVersion : 6.0.1.3
ProductVersion : 6.0.1.3
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:18 [winampa.exe]
FilePath : C:\Program Files\Winamp\
ProcessID : 2012
ThreadCreationTime : 1-03-2006 9:16:30
BasePriority : Normal


#:19 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 248
ThreadCreationTime : 1-03-2006 9:16:33
BasePriority : Normal
FileVersion : 6.0.1.3
ProductVersion : 6.0.1.3
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:20 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 272
ThreadCreationTime : 1-03-2006 9:16:34
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:21 [cursorxp.exe]
FilePath : C:\Program Files\CursorXP\
ProcessID : 292
ThreadCreationTime : 1-03-2006 9:16:34
BasePriority : High


#:22 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 1472
ThreadCreationTime : 1-03-2006 10:55:26
BasePriority : Normal
FileVersion : 8.0.0566
ProductVersion : 8.0.0566
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msnmsgr.exe
LegalCopyright : Copyright (c) Microsoft Corporation. All rights reserved.
OriginalFilename : msnmsgr.exe

#:23 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1904
ThreadCreationTime : 1-03-2006 10:56:04
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:24 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 2224
ThreadCreationTime : 1-03-2006 11:17:27
BasePriority : Normal
FileVersion : 6.00.2900.2527 (xpsp.040919-1030)
ProductVersion : 6.00.2900.2527
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Explorateur Windows
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : EXPLORER.EXE

CoolWebSearch Object Recognized!
Type : Process
Data : cjiconfg.dll
TAC Rating : 10
Category : Malware
Comment : wqapi.dll
Object : C:\WINDOWS\system32\


Warning! CoolWebSearch Object found in memory(C:\WINDOWS\system32\cjiconfg.dll)


#:25 [emule.exe]
FilePath : C:\Program Files\eMule\
ProcessID : 2672
ThreadCreationTime : 1-03-2006 11:22:17
BasePriority : Normal
FileVersion : 0.46.2 Unicode
ProductVersion : 0.46.2 Unicode
ProductName : eMule
CompanyName : http://www.emule-project.net
FileDescription : eMule
InternalName : emule.exe
LegalCopyright : Copyright © 2002-2005 Merkur - read license.txt for more infos
OriginalFilename : emule.exe

#:26 [winamp.exe]
FilePath : C:\Program Files\Winamp\
ProcessID : 3416
ThreadCreationTime : 1-03-2006 11:53:21
BasePriority : Normal
FileVersion : 5,2,0,473
ProductVersion : 5.2.0.473
ProductName : Winamp
CompanyName : Nullsoft
FileDescription : Winamp
InternalName : WINAMP
LegalCopyright : Copyright © 1997-2005, Nullsoft
LegalTrademarks : Nullsoft and Winamp are trademarks of Nullsoft, Inc.
OriginalFilename : Winamp.exe
Comments : Visit http://www.winamp.com/ for updates.

#:27 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3996
ThreadCreationTime : 1-03-2006 13:25:08
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:28 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 3816
ThreadCreationTime : 1-03-2006 14:02:58
BasePriority : Normal


#:29 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 380
ThreadCreationTime : 1-03-2006 14:27:23
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : elfique@metriweb[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:elfique@metriweb.be/
Expires : 28/02/2007 16:44:36
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 18



Deep scanning and examining files (C
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : elfique@metriweb[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Elfique\Local Settings\Temp\Cookies\elfique@metriweb[1].txt

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 19


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
45 entries scanned.
New critical objects:0
Objects found so far: 19




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : File
Data : wbemess.log
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\system32\wbem\logs\



Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 20

15:42:19 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:14:47.421
Objects scanned:234474
Objects identified:3
Objects ignored:0
New critical objects:3

Et quand je veut supprimer les objets critiques :
Il refuse de supprimer gp8ul3l91.dll
Il propose donc de le supprimer au prochain démarage mais quand je redémarre, il ne se passe rien. (Idem avec Spybot - S&D)
Aidez-moi svp ! Je peut plus jouer à Guild Wars ou à Ragnarok ! Je suis obligé de me déconnecter pour jouer à Morrowind ! Sa m'énerve !
Je vous en prie...