fraggle559
Messages postés320Date d'inscriptionlundi 15 septembre 2008StatutMembreDernière intervention23 juin 2019
-
22 janv. 2009 à 10:54
geoffrey5
Messages postés13732Date d'inscriptiondimanche 20 mai 2007StatutContributeur sécuritéDernière intervention21 mai 2010
-
28 janv. 2009 à 15:30
Bonjour,
J'ai des fenêtres intempestives qui s'ouvrent toutes seules sur mozilla(sans rien dedans) et sur IE (avec des pubs).
Est-ce un spam ou un virus ?
j'ai passé Malwarebyte qui a nettoyé. Je poste le rapport.
J'ai ensuite refait un scan avec Antivir mais il trouve toujours des anomalies. Est-ce normal ?
Je poste aussi le rapport.
Est-ce que Malwarebytes suffit pour enlever ses fenêtres ou y at'il autre chose à faire ?
Merci de votre aide.
Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1675
Windows 5.1.2600 Service Pack 2
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\pxjsjtbe.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\fcccdBRK.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\yjxsfobe.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ofpfdj.dll (Trojan.Vundo) -> No action taken.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82904c57-38c7-4e55-b67a-2c5289160875} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{82904c57-38c7-4e55-b67a-2c5289160875} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a1cdde1a-2830-4851-b671-3f267f74ff4c} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a1cdde1a-2830-4851-b671-3f267f74ff4c} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a1cdde1a-2830-4851-b671-3f267f74ff4c} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{82904c57-38c7-4e55-b67a-2c5289160875} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Carlson (Dialer) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\320d18a1 (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fcccdbrk -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fcccdbrk -> No action taken.
Dossier(s) infecté(s):
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\Fichiers communs\Carlson (Dialer) -> No action taken.
Fichier(s) infecté(s):
C:\WINDOWS\system32\ofpfdj.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\fcccdBRK.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\KRBdcccf.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\KRBdcccf.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\pxjsjtbe.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ebtjsjxp.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\yjxsfobe.dll (Trojan.Vundo) -> No action taken.
C:\ARK6.tmp (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\axntbhmi.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\13\Local Settings\Temporary Internet Files\Content.IE5\ZSOZSG2F\kbp41256[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\13\Local Settings\Temporary Internet Files\Content.IE5\2LIG6RG8\index[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\13\Local Settings\Temporary Internet Files\Content.IE5\2LIG6RG8\upd105320[1] (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{4081E8B6-077E-420E-8973-EE0643E83BA3}\RP507\A0076997.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4081E8B6-077E-420E-8973-EE0643E83BA3}\RP512\A0077363.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\All Users\Menu Démarrer\carlton (Dialer) -> No action taken.
ET ANTIVIR
Avira AntiVir Personal
Report file date: jeudi 22 janvier 2009 09:57
Scanning for 1242124 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: LAURA
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Start of the scan: jeudi 22 janvier 2009 09:57
Starting search for hidden objects.
'50114' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'KHALMNPR.EXE' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'PINMENU.EXE' - '1' Module(s) have been scanned
Scan process 'SetPoint.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned
Scan process 'MSMSGS.EXE' - '1' Module(s) have been scanned
Scan process 'MSNMSGR.EXE' - '1' Module(s) have been scanned
Scan process 'LogitechDesktopMessenger.exe' - '1' Module(s) have been scanned
Scan process 'vVX1000.exe' - '1' Module(s) have been scanned
Scan process 'SweetIM.exe' - '1' Module(s) have been scanned
Scan process 'AVGNT.EXE' - '1' Module(s) have been scanned
Scan process 'PIFSvc.exe' - '1' Module(s) have been scanned
Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned
Scan process 'InCD.exe' - '1' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'WSCNTFY.EXE' - '1' Module(s) have been scanned
Scan process 'ALG.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'MSCamS32.exe' - '1' Module(s) have been scanned
Scan process 'PIFSvc.exe' - '1' Module(s) have been scanned
Scan process 'CISVC.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned
Scan process 'SCHED.EXE' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'InCDsrv.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
41 processes with 41 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '65' files ).
Starting the file scan:
Begin scan in 'C:\' <ACER>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{4081E8B6-077E-420E-8973-EE0643E83BA3}\RP512\A0077150.exe
[0] Archive type: RSRC
--> Object
[1] Archive type: CAB (Microsoft)
--> Setup_00.exe
[DETECTION] Contains recognition pattern of the DR/Vundo.ggf dropper
[NOTE] The file was moved to '49a83c81.qua'!
C:\System Volume Information\_restore{4081E8B6-077E-420E-8973-EE0643E83BA3}\RP513\A0077388.dll
[DETECTION] Contains HEUR/Crypted suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '49a83c8d.qua'!
C:\System Volume Information\_restore{4081E8B6-077E-420E-8973-EE0643E83BA3}\RP513\A0077391.dll
[DETECTION] Contains HEUR/Crypted suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '49a83c91.qua'!
C:\System Volume Information\_restore{4081E8B6-077E-420E-8973-EE0643E83BA3}\RP513\A0077392.dll
[DETECTION] Contains HEUR/Crypted suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '49a83c95.qua'!
End of the scan: jeudi 22 janvier 2009 10:29
Used time: 32:25 Minute(s)
The scan has been done completely.
5441 Scanning directories
182013 Files were scanned
1 viruses and/or unwanted programs were found
3 Files were classified as suspicious:
0 files were deleted
0 files were repaired
4 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
182007 Files not concerned
6676 Archives were scanned
6 Warnings
4 Notes
50114 Objects were scanned with rootkit scan
0 Hidden objects were found