Sondage :

Publicité




Partenaires




Jmax-Hardware

mxdev.net

feedburner
donate.gif


1 visiteur(s) en ligne
Forums d'entraide informatique - Les forums de PCW
[RESOLU]Pages pub intempestives +Fichier excel kill - Version imprimable

+- Forums d'entraide informatique - Les forums de PCW (http://forum.pcinfo-web.com)
+-- Forum : Forum Informatique (/forumdisplay.php?fid=39)
+--- Forum : Sécurité Informatique (/forumdisplay.php?fid=2)
+--- Discussion : [RESOLU]Pages pub intempestives +Fichier excel kill (/showthread.php?tid=2158)

[RESOLU]Pages pub intempestives +Fichier excel kill - Cheeta - 28-02-2008 09:55 AM

Bonjour

Mon fils est de nouveau passé par là et nous voilà de nouveau infecté. Deux de nos ordis sont infectés par l'apparition de pages pub intempestives.
Et l'un d'entre eux de surcroît est particulièrement lent et lorsqu'on consulte le gestionnaire de fichiers, le fichier excel nommé kill apparaît.
J'ai essayé d'éliminer ces virus mais en vain. Par où dois-je commencer?
Merci d'avance pour votre aide

- -Sh4D0w- - 28-02-2008 10:02 AM

merci de suivre la procédure d'éradication des malwares Wink

- Cheeta - 28-02-2008 10:10 AM

ok j'avais deja fait toute la procédure en vain. Mais je vais refaire pour poster les logs. Merci

- Cheeta - 28-02-2008 21:08 PM

Bon, on va commencer par le pc le plus affecté. J'ai lancé les 4 logiciels , le fichier excel nommé kill a disparu mais les pages pub intempetives continuent.
Voila le rapport d'ewido:
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 15.26.16 28-02-2008

+ Scan result:



C:\Documents and Settings\Fred\Mis documentos\Mes fichiers reçus\messengerskinner.exe -> Dropper.Agent.cwp : Cleaned.
:mozilla.239:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.247:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.249:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.280:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.406:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.407:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\guillaume\Cookies\guillaume@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\guillaume\Cookies\guillaume@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\guillaume\Cookies\guillaume@microsoftwlmessengermkt.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\guillaume\Cookies\guillaume@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\guillaume\Cookies\guillaume@sonyeurope.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.396:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.424:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.427:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\guillaume\Cookies\guillaume@4.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\guillaume\Cookies\guillaume@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\guillaume\Cookies\guillaume@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.49:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.50:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.51:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.52:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.53:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.408:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.410:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\guillaume\Cookies\guillaume@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.404:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.414:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.422:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.423:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\guillaume\Cookies\guillaume@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.383:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\guillaume\Cookies\guillaume@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.395:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\guillaume\Cookies\guillaume@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.367:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\guillaume\Cookies\guillaume@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\guillaume\Cookies\guillaume@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.362:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\guillaume\Cookies\guillaume@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.30:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.33:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.34:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.35:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.36:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.37:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
C:\Documents and Settings\guillaume\Cookies\guillaume@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.56:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.12:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\guillaume\Cookies\guillaume@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.57:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.349:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.350:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\guillaume\Cookies\guillaume@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.311:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.346:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\guillaume\Cookies\guillaume@ehg-francetel.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\guillaume\Cookies\guillaume@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.363:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.370:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.266:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\guillaume\Cookies\guillaume@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.301:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.302:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.303:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.366:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.368:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.393:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\guillaume\Cookies\guillaume@auto.search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\guillaume\Cookies\guillaume@ie.search.msn[2].txt -> TrackingCookie.Msn : Cleaned.
:mozilla.234:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.235:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\guillaume\Cookies\guillaume@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.221:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\guillaume\Cookies\guillaume@overture[1].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.149:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.150:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.151:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.152:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.153:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.371:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\guillaume\Cookies\guillaume@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\guillaume\Cookies\guillaume@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.43:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.44:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.45:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\guillaume\Cookies\guillaume@smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.212:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.213:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.214:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.215:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.216:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.217:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.218:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.219:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\guillaume\Cookies\guillaume@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.222:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.225:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.226:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\guillaume\Cookies\guillaume@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.26:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\guillaume\Cookies\guillaume@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.127:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\guillaume\Cookies\guillaume@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.48:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.54:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.55:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\guillaume\Cookies\guillaume@weborama[1].txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.248:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\guillaume\Cookies\guillaume@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.175:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\guillaume\Cookies\guillaume@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.402:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.403:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.415:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.425:C:\Documents and Settings\guillaume\Datos de programa\Mozilla\Firefox\Profiles\rgvfb0hx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\guillaume\Cookies\guillaume@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\WINDOWS\Session.exe -> Trojan.VB.atg : Cleaned.
C:\WINDOWS\system32\FileKan.exe -> Trojan.VB.atg : Cleaned.
C:\WINDOWS\system32\SocksA.exe -> Trojan.VB.atg : Cleaned.
C:\tel.xls.exe -> Trojan.VB.atg : Cleaned.


::Report end



et le log hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 22.03.31, on 28-02-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\PVSW\Bin\WGE_SRV.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PVSW\BIN\W3dbsmgr.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Archivos de programa\Apoint\Apoint.exe
C:\Archivos de programa\SigmaTel\C-Major Audio\stacmon.exe
C:\WINDOWS\system32\ICO.EXE
C:\Archivos de programa\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Archivos de programa\Java\jre1.6.0_02\bin\jusched.exe
C:\Archivos de programa\Lexmark 7300 Series\lxcimon.exe
C:\Archivos de programa\Lexmark 7300 Series\ezprint.exe
C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Sony\HotKey Utility\HKWnd.exe
C:\Archivos de programa\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Picasa2\PicasaMediaDetector.exe
C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Archivos de programa\IEEE 802.11g Wireless LAN Utility\WLANUTL.exe
C:\Archivos de programa\powerpanel\Program\PcfMgr.exe
C:\Archivos de programa\Ryanair Bargains\1.0\RyanairBargains.exe
C:\WINDOWS\system32\lxcicoms.exe
C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Archivos de programa\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Archivos de programa\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Archivos de programa\ewido anti-spyware 4.0\ewido.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ares.mp3.es/start.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.forospyware.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Archivos de programa\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Archivos de programa\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Archivos de programa\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LXCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcimon.exe] "C:\Archivos de programa\Lexmark 7300 Series\lxcimon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Archivos de programa\Lexmark 7300 Series\ezprint.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Archivos de programa\Picasa2\PicasaMediaDetector.exe
O4 - Startup: Ryanair Bargains 1.0.lnk = C:\Archivos de programa\Ryanair Bargains\1.0\RyanairBargains.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: IEEE 802.11g Wireless LAN Utility.lnk = ?
O4 - Global Startup: PowerPanel.lnk = ?
O8 - Extra context menu item: &Search - ?p=ZNfox000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\ARCHIV~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\archivos de programa\bonjour\mdnsnsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Archivos de programa\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~2\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~2\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARCHIV~1\ARCHIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: EBP Pervasive.SQL - Unknown owner - C:\PVSW\Bin\WGE_SRV.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Archivos de programa\ewido anti-spyware 4.0\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

- -Sh4D0w- - 28-02-2008 21:18 PM

alors , un petit coup d'avg anti spyware pour commencer ...

- Cheeta - 29-02-2008 08:04 AM

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 08.59.25 29-02-2008

+ Résultat de l'analyse:



:mozilla.15:C:\Documents and Settings\Fred\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.7:C:\Documents and Settings\Fred\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.58:C:\Documents and Settings\Fred\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\cookies.txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
:mozilla.128:C:\Documents and Settings\Fred\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.129:C:\Documents and Settings\Fred\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.130:C:\Documents and Settings\Fred\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.131:C:\Documents and Settings\Fred\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.132:C:\Documents and Settings\Fred\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.133:C:\Documents and Settings\Fred\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.134:C:\Documents and Settings\Fred\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.63:C:\Documents and Settings\Fred\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\cookies.txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
:mozilla.37:C:\Documents and Settings\Fred\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\cookies.txt -> TrackingCookie.Imrworldwide : Aucune action entreprise.
:mozilla.38:C:\Documents and Settings\Fred\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\cookies.txt -> TrackingCookie.Imrworldwide : Aucune action entreprise.
:mozilla.124:C:\Documents and Settings\Fred\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\cookies.txt -> TrackingCookie.Information : Aucune action entreprise.
:mozilla.125:C:\Documents and Settings\Fred\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\cookies.txt -> TrackingCookie.Information : Aucune action entreprise.
:mozilla.126:C:\Documents and Settings\Fred\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\cookies.txt -> TrackingCookie.Information : Aucune action entreprise.
:mozilla.69:C:\Documents and Settings\Fred\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\cookies.txt -> TrackingCookie.Netflame : Aucune action entreprise.
:mozilla.122:C:\Documents and Settings\Fred\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\cookies.txt -> TrackingCookie.Revenue : Aucune action entreprise.
:mozilla.83:C:\Documents and Settings\Fred\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.84:C:\Documents and Settings\Fred\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.85:C:\Documents and Settings\Fred\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.86:C:\Documents and Settings\Fred\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.87:C:\Documents and Settings\Fred\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.88:C:\Documents and Settings\Fred\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.89:C:\Documents and Settings\Fred\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.59:C:\Documents and Settings\Fred\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.60:C:\Documents and Settings\Fred\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.61:C:\Documents and Settings\Fred\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.62:C:\Documents and Settings\Fred\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.66:C:\Documents and Settings\Fred\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.67:C:\Documents and Settings\Fred\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.68:C:\Documents and Settings\Fred\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.111:C:\Documents and Settings\Fred\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\cookies.txt -> TrackingCookie.Webtrendslive : Aucune action entreprise.
:mozilla.123:C:\Documents and Settings\Fred\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP118\A0105656.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP118\A0105661.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP118\A0105662.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP118\A0105663.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP119\A0105724.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP119\A0105871.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP119\A0105892.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP119\A0105893.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP119\A0105894.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP120\A0105903.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP120\A0106872.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP121\A0106880.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP121\A0106897.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP121\A0106900.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP121\A0106901.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP121\A0106902.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP122\A0106932.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP122\A0107038.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP122\A0107039.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP122\A0107040.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP122\A0107897.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP122\A0107900.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP122\A0107901.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP122\A0107902.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP122\A0107958.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP123\A0107970.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP124\A0107978.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP124\A0107980.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP124\A0107981.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP124\A0107982.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP124\A0107999.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP125\A0108998.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP126\A0109002.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP126\A0109004.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP126\A0109005.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP126\A0109006.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP126\A0109999.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP127\A0110002.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP127\A0110004.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP127\A0110005.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP127\A0110006.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP127\A0110099.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP128\A0110104.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP128\A0110112.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP128\A0111111.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP129\A0111115.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP129\A0111127.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP129\A0112140.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP130\A0112151.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP130\A0112158.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP130\A0112159.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP130\A0112160.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP130\A0113126.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP130\A0113130.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP130\A0113131.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP130\A0113132.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP130\A0114126.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP131\A0114139.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP132\A0114143.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP132\A0115127.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP132\A0116127.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP132\A0117126.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP133\A0117138.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP134\A0117161.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP135\A0117187.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP135\A0118137.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP136\A0118140.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP136\A0119136.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP136\A0119145.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP136\A0119149.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP136\A0119150.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP136\A0119151.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP136\A0119187.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP136\A0119190.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP136\A0119191.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP136\A0119192.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP136\A0119197.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP136\A0119198.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP136\A0119199.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP136\A0119200.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP136\A0119202.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP136\A0119211.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP136\A0119443.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP136\A0119444.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP136\A0119445.exe -> Trojan.VB.atg : Aucune action entreprise.
C:\System Volume Information\_restore{465AD253-B18C-44D9-9E78-0462EBF45315}\RP136\A0119446.exe -> Trojan.VB.atg : Aucune action entreprise.


Fin du rapport

- -Sh4D0w- - 29-02-2008 08:28 AM

as tu supprimer les cookies ? et aparement ton virus est bien caché dans ta restauration système . alors tu va désactiver la restoration système démarrer en mode sans échec , fais un nettoyage ccleaner , scan AVG anti spyware , tu redémarre puis un scan Spybot tu redémarre. tu refais un Hijackthis et apres on pourra essayer pour un scan online secuser voila voila .

- Cheeta - 29-02-2008 14:23 PM

Pour avg et spybot rien à signaler

Logfile of HijackThis v1.99.1
Scan saved at 15.21.45, on 29-02-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\PVSW\Bin\WGE_SRV.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PVSW\BIN\W3dbsmgr.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Apoint\Apoint.exe
C:\Archivos de programa\SigmaTel\C-Major Audio\stacmon.exe
C:\WINDOWS\system32\ICO.EXE
C:\Archivos de programa\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Archivos de programa\Java\jre1.6.0_02\bin\jusched.exe
C:\Archivos de programa\Lexmark 7300 Series\lxcimon.exe
C:\Archivos de programa\Lexmark 7300 Series\ezprint.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Picasa2\PicasaMediaDetector.exe
C:\Archivos de programa\Apoint\Apntex.exe
C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Archivos de programa\IEEE 802.11g Wireless LAN Utility\WLANUTL.exe
C:\Archivos de programa\powerpanel\Program\PcfMgr.exe
C:\Archivos de programa\Ryanair Bargains\1.0\RyanairBargains.exe
C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Archivos de programa\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\lxcicoms.exe
C:\Archivos de programa\Sony\HotKey Utility\HKWnd.exe
C:\hijack\HijackThis.exe
C:\ARCHIV~1\Mozilla Firefox\firefox.exe
C:\Archivos de programa\Spybot - Search & Destroy\SpybotSD.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ares.mp3.es/start.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.forospyware.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Archivos de programa\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Archivos de programa\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Archivos de programa\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LXCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcimon.exe] "C:\Archivos de programa\Lexmark 7300 Series\lxcimon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Archivos de programa\Lexmark 7300 Series\ezprint.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Archivos de programa\Picasa2\PicasaMediaDetector.exe
O4 - Startup: Ryanair Bargains 1.0.lnk = C:\Archivos de programa\Ryanair Bargains\1.0\RyanairBargains.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: IEEE 802.11g Wireless LAN Utility.lnk = ?
O4 - Global Startup: PowerPanel.lnk = ?
O8 - Extra context menu item: &Search - ?p=ZNfox000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\ARCHIV~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\archivos de programa\bonjour\mdnsnsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Archivos de programa\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~2\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~2\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARCHIV~1\ARCHIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: EBP Pervasive.SQL - Unknown owner - C:\PVSW\Bin\WGE_SRV.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe


Mais les fenêtres continuent à s'ouvrir....

- Cheeta - 29-02-2008 18:24 PM

J'ai lancé Navilog1 sur les conseils d'une autre personne el le problème semble être résolu....

[RESOLU]Pages pub intempestives +Fichier excel kill - -Sh4D0w- - 29-02-2008 19:57 PM

alors supprime les toolbars de yahoo :

R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll

navilog est pas mal en effet , mais si le problème perciste désactive la restauration système et tu peux ensuite refaire un scan