[virus ?] Publicités dans nouvelles fenêtresRésolu/Fermé

Question

Bonjour,

Premièrement, j'espère que je n'écris pas ce message pour la deuxième fois, le 1er a disparu.
Donc, j'ai des sites de publicités qui s'ouvrent dans de nouvelles fenêtres IE sans que je n'ai rien demandé. Pas moyen de me débarrasser de ça. 
J'ai scanné le PC avec les divers antispywares et voici le rapport hijackthis. Pouvez-vous, SVP, m'aider à l'interpréter et me dire que faire à présent. 
Merci d'avance.
YAel 

Logfile of HijackThis v1.99.1
Scan saved at 23:01:24, on 07/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset
od32krn.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Eset
od32kui.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OBealsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\ECI Telecoms\ECI USB ADSL\dslmon.exe
C:\Program Files\Gigabyte\Gigabyte WB01GS Wireless USB Adapter\Installer\WINXP\GNConfig.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\Computer\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://a7fr.org/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.yahoo.com/?p=us
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
od32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: GN-WB01GS Utility.lnk = C:\Program Files\Gigabyte\Gigabyte WB01GS Wireless USB Adapter\Installer\WINXP\GNConfig.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &&#1497;&#1510;&#1488; &#1500;- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: &#1502;&#1495;&#1511;&#1512; - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {321F38B6-7E5F-470E-B58C-927523B7AF92} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1069_em_XP.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE8927A9-6161-41E1-BFFC-43D97F6EEF77}: NameServer = 194.90.1.5,212.143.212.143
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset
od32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

salwa5 · Answer

bonsoir 

Télécharge Blacklight (de F-Secure) 
https://www.f-secure.com/en
https://europe.f-secure.com/exclude/blacklight/index.shtml 


et sauvegarde le sur ton Bureau. 

Double-clique blbeta.exe et accepte la licence ; laisse [X]scan through Windows Explorer activé ; clique Scan puis Next 

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres). 

Copie et colle le contenu de ce rapport dans ta prochaine réponse 

a++

Yael Ancri · Answer

Merci pour ta réponse si rapide !
Donc voici le rapport :

01/08/07 00:04:00 [Info]: BlackLight Engine 1.0.55 initialized
01/08/07 00:04:00 [Info]: OS: 5.1 build 2600 (Service Pack 2)
01/08/07 00:04:00 [Note]: 7019 4
01/08/07 00:04:00 [Note]: 7005 0
01/08/07 00:04:06 [Note]: 7006 0
01/08/07 00:04:06 [Note]: 7011 1444
01/08/07 00:04:06 [Note]: 7026 0
01/08/07 00:04:06 [Note]: 7026 0
01/08/07 00:04:06 [Note]: 7024 3
01/08/07 00:04:06 [Info]: Hidden process: C:\windows\system32\yjtfwicmdp.exe
01/08/07 00:04:11 [Note]: FSRAW library version 1.7.1021
01/08/07 00:06:01 [Info]: Hidden file: c:\WINDOWS\system32\yjtfwicmdp.dat
01/08/07 00:06:01 [Note]: 10002 1
01/08/07 00:06:01 [Info]: Hidden file: C:\windows\system32\yjtfwicmdp.exe
01/08/07 00:06:01 [Note]: 10002 1
01/08/07 00:06:02 [Info]: Hidden file: c:\WINDOWS\system32\yjtfwicmdp_nav.dat
01/08/07 00:06:02 [Note]: 10002 1
01/08/07 00:06:02 [Info]: Hidden file: c:\WINDOWS\system32\yjtfwicmdp_navps.dat
01/08/07 00:06:02 [Note]: 10002 1

salwa5 · Answer

rebonsoir :)


Télécharge Brute Force Uninstaller (de Merijn) ici: 
http://www.merijn.org/files/bfu.zip 
Créé un nouveau dossier directement à la racine de ton disque dur ou l'endroit qui te convient, nomme ce dossier BFU. 
Décompresse le fichier téléchargé dans ce nouveau dossier (par exemple C:\BFU) 

Ensuite, télécharge EGDACCESS.bfu (de Metallica) : 

Fais un clik droit ici : http://metallica.geekstogo.com/EGDACCESS.bfu et choisis "Enregistrer la cible sous..." afin de télécharger EGDACCESS.bfu (de Metallica). Sauvegarde dans le dossier créé (C:\BFU). **Note : si tu utlises Internet Explorer ; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers". Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : EGDACCESS.bfu et BFU.exe (très important). 


-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- 

Lance "Brute Force Uninstaller" en double-cliquant BFU.exe (Dans le dossier C:\BFU) 
- Clique sur le petit dossier jaune, et clique sur : EGDACCESS.bfu 
- Coches la case Show log after script ends 
- Clique sur Execute pour que le fix fasse son boulot :-) 

Attends que le message Complete script execution apparaîsse et clique sur OK. 
Un rapport va s'afficher dans la fenetre du programme, copie et colle dans le bloc-notes, puis sauvegardes le, tu le posteras plus tard sur le forum. 
Clique Exit pour fermer le programme BFU. 

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- 

Ensuite, lance Blacklight en double cliquant sur blbeta.exe et accepte la licence. 
Clique sur Scan pour lancer l'analyse. 
Une fois fait, selectionnes chaques fichiers trouvés et clic sur "RENAME" 
Puis valide. 
Réponds oui aux messages d'avertissements et te demandant si tu autorises le reboot du pc. 

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- 

Après le reboot du pc, les fichiers : 


C:\windows\system32\yjtfwicmdp.exe 
c:\WINDOWS\system32\yjtfwicmdp.dat 
c:\WINDOWS\system32\yjtfwicmdp_nav.dat 
c:\WINDOWS\system32\yjtfwicmdp_navps.dat 

devraient être visible et pouvoir être supprimés sans aucuns soucis. 
Blacklight ne les supprimes pas, il les renommes simplement et il va falloir que tu les vires toi même: 
Va dans C:\windows\system32\ et recherches et effaces: 


yjtfwicmdp.exe.ren 
yjtfwicmdp.dat.ren 
yjtfwicmdp_nav.dat.ren 
yjtfwicmdp_navps.dat.ren 

Une fois fait, reposte un rapport hijackthis + le rapport de BFU que tu auras sauvegardé et un nouveau rapport de blacklight. 

bon nettoyage et bon courage ;-)

a++

Yael Ancri · Answer

REbonsoir et merci bien

Donc voici les rapports :

BFU v1.00.9
Windows XP SP2 (WinNT 5.01.2600 SP2)
Script started at 00:26:32, on 08/01/2007

Option Delete files to Recycle Bin: Yes
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|MC (key not found)
Failed: DllUnregister C:\WINDOWS\system32\MSWBM32.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MailSkinner\OESkinner.dll|1 (file not found)
Failed: FolderDelete C:\Program Files\dialpass (folder not found)
Failed: FolderDelete C:\Program Files\eghtmldialer (folder not found)
Failed: FolderDelete C:\Program Files\egroup (folder not found)
Failed: FolderDelete C:\Program Files\Instant Access (folder not found)
Failed: FolderDelete C:\Program Files\MailSkinner (folder not found)
Failed: FolderDelete C:\Program Files\InternetGameBox (folder not found)
Failed: FolderDelete C:\Program Files\GoRecord2 (folder not found)
Failed: FolderDelete C:\Program Files\GoAstro (folder not found)
Failed: FolderDelete C:\Program Files\SudoPlanet (folder not found)
Failed: FolderDelete C:\Program Files\WebMediaPlayer (folder not found)
Failed: FolderDelete C:\Program Files\MessengerSkinner (folder not found)
Failed: DllUnregister C:\WINDOWS\mslagent\2_mslagent.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS
avmpc\2_navmpc.dll|1 (file not found)
Failed: FolderDelete C:\WINDOWS\mslagent (folder not found)
Failed: FolderDelete C:\WINDOWS
avmpc (folder not found)
Failed: FolderDelete C:\WINDOWS\msskinner (folder not found)
Failed: FolderDelete C:\WINDOWS\wintrim (folder not found)
Failed: FolderDelete C:\WINDOWS\wincomp (folder not found)
Failed: FolderDelete C:\WINDOWS\winmgts (folder not found)
Failed: FolderDelete C:\WINDOWS\simcss (folder not found)
Failed: FolderDelete C:\WINDOWS\mc (folder not found)
Failed: FileDelete C:\DOCUME~1\Computer\LOCALS~1\Temp\off210E.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\Computer\LOCALS~1\Temp\off210F.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\Computer\LOCALS~1\Temp\off2114.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\Computer\LOCALS~1\Temp\off2115.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\Computer\LOCALS~1\Temp\~DF38EE.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\Computer\LOCALS~1\Temp\~DF38FF.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\Computer\LOCALS~1\Temp\~DF3913.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\Computer\LOCALS~1\Temp\~DF4BAD.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\Computer\LOCALS~1\Temp\~DF67B3.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\Computer\LOCALS~1\Temp\~DF67C7.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\Computer\LOCALS~1\Temp\~DF67DB.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\Computer\LOCALS~1\Temp\~DFAA8D.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\Computer\LOCALS~1\Temp\~DFAAA1.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\Computer\LOCALS~1\Temp\~DFAAB8.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\Computer\LOCALS~1\Temp\~DFAD2F.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\Computer\LOCALS~1\Temp\~DFAD40.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\Computer\LOCALS~1\Temp\~DFAD57.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\Computer\LOCALS~1\Temp\~DFD9A5.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\Computer\LOCALS~1\Temp\~DFDA31.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\Computer\LOCALS~1\Temp\~DFDB36.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\Computer\LOCALS~1\Temp\~DFFC27.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\Computer\LOCALS~1\Temp\~DFFC38.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\Computer\LOCALS~1\Temp\~WRS0000.tmp (operation failed)
Failed: FileDelete C:\WINDOWS\Temp\ZLT02c45.TMP (operation failed)
Failed: FileDelete C:\WINDOWS\Temp\ZLT02c49.TMP (operation failed)
Script completed.

Logfile of HijackThis v1.99.1
Scan saved at 00:48:19, on 08/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset
od32krn.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Eset
od32kui.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OBealsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
C:\Program Files\ECI Telecoms\ECI USB ADSL\dslmon.exe
C:\Program Files\Gigabyte\Gigabyte WB01GS Wireless USB Adapter\Installer\WINXP\GNConfig.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\Documents and Settings\Computer\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://a7fr.org/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.yahoo.com/?p=us
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
od32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [yjtfwicmdp] c:\windows\system32\yjtfwicmdp.exe yjtfwicmdp
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: GN-WB01GS Utility.lnk = C:\Program Files\Gigabyte\Gigabyte WB01GS Wireless USB Adapter\Installer\WINXP\GNConfig.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &&#1497;&#1510;&#1488; &#1500;- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: &#1502;&#1495;&#1511;&#1512; - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE8927A9-6161-41E1-BFFC-43D97F6EEF77}: NameServer = 194.90.1.5,212.143.212.143
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset
od32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

01/08/07 00:49:07 [Info]: BlackLight Engine 1.0.55 initialized
01/08/07 00:49:07 [Info]: OS: 5.1 build 2600 (Service Pack 2)
01/08/07 00:49:07 [Note]: 7019 4
01/08/07 00:49:07 [Note]: 7005 0
01/08/07 00:49:09 [Note]: 7006 0
01/08/07 00:49:09 [Note]: 7011 1448
01/08/07 00:49:09 [Note]: 7026 0
01/08/07 00:49:09 [Note]: 7026 0
01/08/07 00:49:12 [Note]: FSRAW library version 1.7.1021
01/08/07 00:53:48 [Note]: 7007 0

Yael Ancri · Answer

Bonne nuit au fait, parce que là il faudrait que je pense à dormir, il est une heure de plus chez moi.
Merci pour tout.

salwa5 · Answer

bonsoir le raport blacklight est propre :) voici ce que tu doit faire demain pour finalisé tout ca 



ouvre hijack coche cette ligne puis clic sur fix checked

O4 - HKLM\..\Run: [yjtfwicmdp] c:\windows\system32\yjtfwicmdp.exe yjtfwicmdp 



telecharge et execute ces antispywares ( pense a les mettre a jour avant de les lancées)
(1) ad-aware version 1.06 

(ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite 
voir demo 
http://pageperso.aol.fr/balltrap34/adwseflash.zip 

tutorial
https://forums.cnetfrance.fr
*** 
(2) spybot version 1.4 

(ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite 


voir demo d utilisation 
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm 
*** 



ps : un grand merci a balltrap pour les lien :) 

(3) AVG anti spyware 
 https://www.01net.com/telecharger/

(n'oublie pas de le mettre a jour avant de lancer le scan)


Relance AVG AS puis choisis l'onglet "Analyse" 
Puis l'onglet "Paramètres" 
Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine" 
Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système" 
 
/!\ Si un fichier est infecté en fin d'analyse /!\  
Clique sur "Appliquer toutes les actions "  
 
Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous" 
Enregistre ce fichier texte sur ton bureau ensuite colle le raport ici 


supprime les fichiers inutiles (fichiers temporaire , cookies .. ect avec ceci

Ccleaner
https://www.malekal.com/tutoriel-ccleaner/

- Nettoye ta base de registre avec 

regcleaner : https://www.malekal.com/nettoyer-sa-base-de-registre-avec-windows-registry-cleaner/ 

tutorial 


lance regcleaner /click sur le menu option / netoyage du registre/sauvegardes/ coches creé une sauvegarde globale


ensuite pour effectuer un netoyage du regsitre :

 click sur le menu outils / netoyage du registre/ tout faire

apres la fin du scan 

click sur le menu selection / tout / ensuite click sur surpprimé la selection ( en bas a droite)


bonne nuit :)

a+++

Yael Ancri · Answer

Bonjour,

Voilà, j'ai tout fait. 

Voici le rapport d'AVG, on dirait qu'il a préféré supprimer bien que je lui ai dit de mettre en quarantaine, comme tu me l'a expliqué.

AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	13:08:12 07/01/2007

 + Résultat de l'analyse:	



C:\WINDOWS\system32\prosvsys.exe -> Dialer.InstantAccess.ai : Aucune action entreprise.
:mozilla.48:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.49:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.50:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.51:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.52:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.53:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.54:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.245:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.85:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.86:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.159:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.160:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.161:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.40:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Atdmt : Aucune action entreprise.
:mozilla.138:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
:mozilla.147:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.148:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.55:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
:mozilla.152:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Estat : Aucune action entreprise.
:mozilla.113:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
:mozilla.114:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
:mozilla.115:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
:mozilla.289:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Liveperson : Aucune action entreprise.
:mozilla.290:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Liveperson : Aucune action entreprise.
:mozilla.291:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Liveperson : Aucune action entreprise.
:mozilla.258:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
:mozilla.171:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Overture : Aucune action entreprise.
:mozilla.21:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Pro-market : Aucune action entreprise.
:mozilla.22:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Pro-market : Aucune action entreprise.
:mozilla.23:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Pro-market : Aucune action entreprise.
:mozilla.88:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.89:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.90:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.91:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.92:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.93:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.62:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.63:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.64:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.71:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.72:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.73:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.74:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.107:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.108:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.109:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.236:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Web-stat : Aucune action entreprise.
:mozilla.239:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Web-stat : Aucune action entreprise.
:mozilla.121:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.122:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.123:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.145:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Webtrendslive : Aucune action entreprise.
:mozilla.41:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Zedo : Aucune action entreprise.
:mozilla.42:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Zedo : Aucune action entreprise.
:mozilla.43:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Zedo : Aucune action entreprise.
:mozilla.44:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Zedo : Aucune action entreprise.
:mozilla.45:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Zedo : Aucune action entreprise.


Fin du rapport

AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	13:08:48 07/01/2007

 + Résultat de l'analyse:	



C:\WINDOWS\system32\prosvsys.exe -> Dialer.InstantAccess.ai : Nettoyé.
:mozilla.48:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.49:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.50:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.51:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.52:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.53:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.54:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.245:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.85:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.86:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.159:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.160:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.161:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.40:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.138:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.147:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.148:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.55:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.152:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.113:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.114:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.115:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.289:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyé.
:mozilla.290:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyé.
:mozilla.291:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyé.
:mozilla.258:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.171:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.21:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Pro-market : Nettoyé.
:mozilla.22:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Pro-market : Nettoyé.
:mozilla.23:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Pro-market : Nettoyé.
:mozilla.88:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.89:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.90:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.91:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.92:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.93:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.62:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.63:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.64:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.71:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.72:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.73:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.74:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.107:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.108:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.109:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.236:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Web-stat : Nettoyé.
:mozilla.239:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Web-stat : Nettoyé.
:mozilla.121:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.122:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.123:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.145:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyé.
:mozilla.41:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
:mozilla.42:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
:mozilla.43:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
:mozilla.44:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
:mozilla.45:C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles	k1rgdx2.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.


Fin du rapport

Et bien merci encore !

Il y a encore quelque chose à faire ?

salwa5 · Answer

reposte un dernier log hijack pour voir si tout est oK :)

a+++

yael ancri · Answer

Salut,

En tout cas, les pub ne sont plus là.

Voici le rapport : 

Logfile of HijackThis v1.99.1
Scan saved at 20:40:24, on 08/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset
od32krn.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Eset
od32kui.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OBealsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\ECI Telecoms\ECI USB ADSL\dslmon.exe
C:\Program Files\Gigabyte\Gigabyte WB01GS Wireless USB Adapter\Installer\WINXP\GNConfig.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PVSW\Bin\w3dbsmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\Computer\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://a7fr.org/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.yahoo.com/?p=us
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
od32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\Bin\w3dbsmgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: GN-WB01GS Utility.lnk = C:\Program Files\Gigabyte\Gigabyte WB01GS Wireless USB Adapter\Installer\WINXP\GNConfig.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &&#1497;&#1510;&#1488; &#1500;- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: &#1502;&#1495;&#1511;&#1512; - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE8927A9-6161-41E1-BFFC-43D97F6EEF77}: NameServer = 194.90.1.5,212.143.212.143
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset
od32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

@ +

salwa5 · Answer

bonsoir ton log est propre 

pour finir quelque conseils de base

-ta version java est perimé pour plus de securité 

 télécharge la dernière version https://www.java.com/fr/

Après installation et redémarrage , va dans panneau de configuration/Ajouter-Supprimer des programmes afin de désinstaller l'ancienne version, ceci pour récupérer de l'espace disque et éventuellement pour virer les failles présentes dans cette ancienne version.

Retourne ensuite chez Java ci-dessus et clique sur le bouton "Vérifier l'installation" pour t'assurer que tout est en ordre.


- passe reglierement les antispyware (adaware , spybot , avg .. ect) pense a les mettre ajour avant de les lancé c'est tres important

-supprime regulierement les fichiers inutiles (fichiers temporaire , cookies .. ect a l'aide de CCleaner https://www.malekal.com/tutoriel-ccleaner/

-maintenant que ton ordinateur est propre je te conseille de creer un point de restauration comme ca en cas de probleme (virus , plantage ..ect) tu poura tjr revenir en arriere 
http://www.aidoforum.com/tutoriaux-371-creer-un-point-de-restauration-sous-windows.html

a++

yael ancri · Answer

Wahou ! 

Merci pour tous ces conseils.
Je crois qu'il va également falloir que je fasse attention de pas télécharger n'importe quel programme. L'autre jour j'ai téléchargé un truc conseillé par mon frère (celui qui n'y connait rien en informatique)...
Merci pour tout. 

Salut

YA

[virus ?] Publicités dans nouvelles fenêtres

11 réponses

Discussions similaires

Newsletters