Ouverture de pages non solicitées

Grounch · Septembre 8, 2010, 4:07

Salut

Depuis quelques jours j’ai un probleme certes pas genant, mais dont j’aimerais quand meme connaitre la cause ou la solution.
Quand je navigue sur internet (FireFox 3.6.8) de temps a autres une page s’ouvre dans un nouvel onglet, du style ça: websking.com…

Une vieille pub en gros. Sauf que ça me plait pas vraiment, vu que je l’ai jamais demandée… Ca peut venir d’où d’apres vous? Spyware?

Grounch · Septembre 9, 2010, 4:40

Eh ben y’a foule ici…

Senosen · Septembre 10, 2010, 10:57

:hello:

fais un scan en ligne de ton ordi: www.eset-nod32.fr…

puis Télécharge, mets à jour Malwarebytes Anti-Malware que tu trouveras ici (pour les intimes il se nomme MBAM)

va dans l’onglet “Recherche”, coche “Exécuter un examen complet” puis “Rechercher”

Sélectionnes tes disques durs puis clique sur “Lancer lexamen”

A la fin du scan, clique sur Afficher les résultats , sélectionne tous les éléments trouvés puis
cliques sur Supprimer la sélection==>Important à faire

S’il t’ es demandé de redémarrer, clique sur "oui "

après la suppression de ou des infections trouvées --> poste le rapport ici

Grounch · Septembre 10, 2010, 4:53

Ok merci des conseils

J’ai essayé de désactiver Greasemonkey et j’ai l’impression que depuis ça, plus d’ouvertures d’onglets. Mais jvais quand meme passer un coup de MBAM!

En fait rien a voir avec Grmonkey, ça me le refait, et en prime il m’a instalé de force un “Antimalware Doctor” qui bien sur n’a pas fait long feu…
Edité le 10/09/2010 à 17:19

Grounch · Septembre 11, 2010, 2:57

Tien voila, avant et apres la suppression:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4590

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

11/09/2010 00:48:14
mbam-log-2010-09-11 (00-48-14).txt

Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 257222
Temps écoulé: 47 minute(s), 57 seconde(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 23
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 27

Processus mémoire infecté(s):
C:\WINDOWS\Afexua.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Grounch\Local Settings\Temp\Amh.exe (Trojan.Downloader) -> No action taken.

Module(s) mémoire infecté(s):
C:\Documents and Settings\Grounch\Local Settings\Temp\12C.tmp (Rootkit.Dropper) -> No action taken.
C:\Documents and Settings\Grounch\Local Settings\Temp\12D.tmp (Rootkit.Dropper) -> No action taken.
C:\Documents and Settings\Grounch\Local Settings\Temp\130.tmp (Rootkit.Dropper) -> No action taken.
C:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.Downloader) -> No action taken.
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> No action taken.
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> No action taken.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF196$ (Adware.StreetAds) -> No action taken.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> No action taken.
HKEY_CURRENT_USER\Software\Street-Ads (Adware.Adrotator) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\YXE7DXCQ37 (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61f24ae8-a4b6-4410-8c50-24fac23eccb3} (Adware.AdRotator) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{61f24ae8-a4b6-4410-8c50-24fac23eccb3} (Adware.AdRotator) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a0eacbfe-ae3c-420b-bf13-f02e3b167f96} (Adware.Adrotator) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a0eacbfe-ae3c-420b-bf13-f02e3b167f96} (Adware.Adrotator) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yxe7dxcq37 (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cilefyyc (Rogue.SecuritySuite) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cilefyyc (Rogue.SecuritySuite) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lsdefrag (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\a5x3tq (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mediafix70700en02.exe (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bipro (Trojan.Agent.Gen) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
C:\Documents and Settings\Grounch\Application Data\Sky-Banners (Adware.Adrotator) -> No action taken.
C:\Documents and Settings\Grounch\Application Data\Sky-Banners\skb (Adware.Adrotator) -> No action taken.
C:\Documents and Settings\Grounch\Application Data\Street-Ads (Adware.Adrotator) -> No action taken.
C:\Documents and Settings\Grounch\Application Data\Street-Ads\sta (Adware.Adrotator) -> No action taken.
C:\WINDOWS\$ntUninstallmtf196$ (Adware.StreetAds) -> No action taken.

Fichier(s) infecté(s):
C:\Documents and Settings\Grounch\Local Settings\Temp\12C.tmp (Rootkit.Dropper) -> No action taken.
C:\Documents and Settings\Grounch\Local Settings\Temp\12D.tmp (Rootkit.Dropper) -> No action taken.
C:\Documents and Settings\Grounch\Local Settings\Temp\130.tmp (Rootkit.Dropper) -> No action taken.
C:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Afexua.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Grounch\Local Settings\Temp\Amh.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Grounch\Local Settings\Application Data\odjvtkaiw\lbsvetluqiw.exe (Rogue.SecuritySuite) -> No action taken.
C:\Documents and Settings\Grounch\Local Settings\Temp\naocwsermx.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Grounch\Local Settings\Temp\st_cd96_1960.exe (Adware.BHO) -> No action taken.
C:\Documents and Settings\Grounch\Local Settings\Temp\tpcuqc.exe (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\Grounch\Local Settings\Temp\unqo.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Grounch\Local Settings\Temp\xjoqojgw.exe (Adware.BHO) -> No action taken.
C:\Documents and Settings\Grounch\Local Settings\Temp\132.tmp (Rootkit.Dropper) -> No action taken.
C:\Documents and Settings\Grounch\Local Settings\Temp\Amf.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Grounch\Local Settings\Temp\Amg.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Grounch\Local Settings\Temp\mkcxhunr.exe (Rogue.SecuritySuite) -> No action taken.
C:\Documents and Settings\Grounch\Local Settings\Temporary Internet Files\Content.IE5\BBRO0B9N\vzgbidyje[1].htm (Adware.BHO) -> No action taken.
C:\Documents and Settings\Grounch\Local Settings\Temporary Internet Files\Content.IE5\HZB0DZ81\vzgbidyje[2].htm (Adware.BHO) -> No action taken.
C:\Documents and Settings\Grounch\Mes documents\Downloads\Amnesia The Dark Descent\Amnesia The Dark Descent\NFOviewer.exe (Malware.Packer.Krunchy) -> No action taken.
C:\Documents and Settings\Grounch\Modèles\memory.tmp (Trojan.Spambot) -> No action taken.
C:\WINDOWS\system32\drivers\WDICA.sys (Rootkit.Bubnix) -> No action taken.
C:\WINDOWS\$ntUninstallmtf196$\apUninstall.exe (Adware.StreetAds) -> No action taken.
C:\Documents and Settings\Grounch\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> No action taken.
C:\Documents and Settings\Grounch\Menu Démarrer\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> No action taken.
C:\Documents and Settings\Grounch\Menu Démarrer\Programmes\Démarrage\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> No action taken.
C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4590

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

11/09/2010 00:48:29
mbam-log-2010-09-11 (00-48-29).txt

Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 257222
Temps écoulé: 47 minute(s), 57 seconde(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 23
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 27

Processus mémoire infecté(s):
C:\WINDOWS\Afexua.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Documents and Settings\Grounch\Local Settings\Temp\Amh.exe (Trojan.Downloader) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\Documents and Settings\Grounch\Local Settings\Temp\12C.tmp (Rootkit.Dropper) -> Delete on reboot.
C:\Documents and Settings\Grounch\Local Settings\Temp\12D.tmp (Rootkit.Dropper) -> Delete on reboot.
C:\Documents and Settings\Grounch\Local Settings\Temp\130.tmp (Rootkit.Dropper) -> Delete on reboot.
C:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF196$ (Adware.StreetAds) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\YXE7DXCQ37 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61f24ae8-a4b6-4410-8c50-24fac23eccb3} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{61f24ae8-a4b6-4410-8c50-24fac23eccb3} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a0eacbfe-ae3c-420b-bf13-f02e3b167f96} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a0eacbfe-ae3c-420b-bf13-f02e3b167f96} (Adware.Adrotator) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yxe7dxcq37 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cilefyyc (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cilefyyc (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lsdefrag (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\a5x3tq (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mediafix70700en02.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bipro (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Documents and Settings\Grounch\Application Data\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\Grounch\Application Data\Sky-Banners\skb (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\Grounch\Application Data\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\Grounch\Application Data\Street-Ads\sta (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\$ntUninstallmtf196$ (Adware.StreetAds) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\Grounch\Local Settings\Temp\12C.tmp (Rootkit.Dropper) -> Delete on reboot.
C:\Documents and Settings\Grounch\Local Settings\Temp\12D.tmp (Rootkit.Dropper) -> Delete on reboot.
C:\Documents and Settings\Grounch\Local Settings\Temp\130.tmp (Rootkit.Dropper) -> Delete on reboot.
C:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\Afexua.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Grounch\Local Settings\Temp\Amh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Grounch\Local Settings\Application Data\odjvtkaiw\lbsvetluqiw.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
C:\Documents and Settings\Grounch\Local Settings\Temp\naocwsermx.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Grounch\Local Settings\Temp\st_cd96_1960.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Grounch\Local Settings\Temp\tpcuqc.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Grounch\Local Settings\Temp\unqo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Grounch\Local Settings\Temp\xjoqojgw.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Grounch\Local Settings\Temp\132.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Grounch\Local Settings\Temp\Amf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Grounch\Local Settings\Temp\Amg.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Grounch\Local Settings\Temp\mkcxhunr.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
C:\Documents and Settings\Grounch\Local Settings\Temporary Internet Files\Content.IE5\BBRO0B9N\vzgbidyje[1].htm (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Grounch\Local Settings\Temporary Internet Files\Content.IE5\HZB0DZ81\vzgbidyje[2].htm (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Grounch\Mes documents\Downloads\Amnesia The Dark Descent\Amnesia The Dark Descent\NFOviewer.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Grounch\Modèles\memory.tmp (Trojan.Spambot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\WDICA.sys (Rootkit.Bubnix) -> Quarantined and deleted successfully.
C:\WINDOWS\$ntUninstallmtf196$\apUninstall.exe (Adware.StreetAds) -> Quarantined and deleted successfully.
C:\Documents and Settings\Grounch\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Grounch\Menu Démarrer\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Grounch\Menu Démarrer\Programmes\Démarrage\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

Ca a l’air d’être plus profond que prévu, ça m’installe des saloperies sans demander et aléatoirement…

Senosen · Septembre 11, 2010, 9:04

:hello:

ok fait le scan en ligne comme proposé plus haut

Grounch · Septembre 13, 2010, 1:55

C’est fait, et ça m’ouvre encore des onglets de temps a autre. Peut-être réinstaller Firefox?

Grounch · Septembre 16, 2010, 3:12

J’ai remarqué que dans l’url de la page qui s’ouvre il y’a souvent des mots que j’ai recherché sur google un peu avant. Une piste…?

lezardjaune · Décembre 21, 2010, 5:14

Bonjour,
je rencontre le même problème. As-tu eu la bonne solution?

Voici ce que j’ai tenté:

Sur chaque page indésirable , je suis allé dans outils (Firefox) et informations sur la page dans les onglets permissions et sécurité, j’ai tout bloqué.
2)J’ai effacé l’historique de la période où je pense avoir attrapé le problème.
Dans Option, Vie privée, afficher les cookies. j’ai supprimé tous les cookies de sites douteux…mais j’en ai peut-être oublié

Résultat : seule une page persiste à s’afficher, mais partiellement car j’ai bloqué les images. Donc pas totalement satisfaisant. A suivre dans les jours qui viennent pour confirmer l’action.

Suis preneur pour explications et solution un peu moins “bricolo”

P.S. naturellement, avant tout ça j’ai scanné l’ordi avec AVG, Spybot et Clamwin, sans détection de virus et autre malwares ou chevaux de Troie
Merci pour réponse et conseils.

lezardjaune · Décembre 21, 2010, 8:53

suite du message précédent
Ma tentative est infructueuse : les pages indésirables reviennent…:-(:
Que faire?

12 mars 2011

Finalement, mon problème est résolu.
J’ai scanné avec Spybot, qui n’a trouvé d’abord que de nombreux problèmes “verts”. J’en ai détruit la plus grande partie, ne gardant que ce qui me semblait inoffensif. Spybot n’a pas pu tout détruire et a proposé un nouveau scan au prochain démarrage.
J’ai rebooté et le scan Spybot a démarré et a trouvé alors un cheval de Troie qu’il a détruit.
Depuis plus de problème, mais je scanne plus souvent avec Spybot!
Edité le 13/03/2011 à 02:15