Bonjour à tous,
Voici mon souci : je me retrouve avec une petite icone triangulaire jaune à côté de mon horloge qui m'indique sans arrêt que mon PC est infecté, j'ai des icones qui sont apparues sur mon bureau dont je n'arrive pas à me débarasser (online security guide et live safety center), j'ai des fenêtres Internet Explorer qui s'ouvrent sans que je demande quoi que ce soit (qui pointent sur savetheinformation.com, www.protectroom.com) , mon PC rame, ...etc.
J'ai un peu regardé sur le site et j'ai scrupuleusement appliqué la méthode préliminaire de désinfection (CCCleaner, puis AVG anti-spyware, puis BitDefender, et enfin Hijackthis). Les symptomes n'ont malheureusement pas disparu.
Il me reste donc plus qu'à m'adresser à un expert ! Merci par avance pour votre aide !!!
Ci-dessous les 3 rapports :
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 08:19:37 16/10/2007
+ Résultat de l'analyse:
C:\System Volume Information\_restore{DC728D2A-F789-45D0-A904-D810A757CF8D}\RP199\A0078210.dll -> Adware.404Search : Nettoyé.
C:\System Volume Information\_restore{DC728D2A-F789-45D0-A904-D810A757CF8D}\RP199\A0078209.exe -> Adware.RXBar : Nettoyé.
HKU\S-1-5-21-857990369-3436217285-3352127403-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{59879FA4-4790-461C-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Nettoyé.
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@com[1].txt -> TrackingCookie.Com : Nettoyé.
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Nettoyé.
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\LocalService\Cookies\system@need2find[2].txt -> TrackingCookie.Need2find : Nettoyé.
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyé.
Fin du rapport
-------------------------------------------------------------------------------------------------------------------------------------
BitDefender Online Scanner
Scan report generated at: Tue, Oct 16, 2007 - 11:01:37
Scan path: A:\;C:\;D:\;E:\;F:\;G:\;
Statistics
Time 02:11:07
Files 348821
Folders 8373
Boot Sectors 5
Archives 29444
Packed Files 16313
Results
Identified Viruses 2
Infected Files 9
Suspect Files 0
Warnings 0
Disinfected 0
Deleted Files 9
Engines Info
Virus Definitions 826871
Engine build AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins 14
Archive plugins 38
Unpack plugins 7
E-mail plugins 6
System plugins 1
Scan Settings
First Action Disinfect
Second Action Delete
Heuristics Yes
Enable Warnings Yes
Scanned Extensions *;
Exclude Extensions
Scan Emails Yes
Scan Archives Yes
Scan Packed Yes
Scan Files Yes
Scan Boot Yes
Scanned File
Status
C:\Documents and Settings\Propriétaire\Local Settings\Temp\blbgpvtl.exe
Infected with: Trojan.Fotomoto.E
C:\Documents and Settings\Propriétaire\Local Settings\Temp\blbgpvtl.exe
Disinfection failed
C:\Documents and Settings\Propriétaire\Local Settings\Temp\blbgpvtl.exe
Deleted
C:\Documents and Settings\Propriétaire\Local Settings\Temp\lgjpifby.exe
Infected with: Trojan.Fotomoto.E
C:\Documents and Settings\Propriétaire\Local Settings\Temp\lgjpifby.exe
Disinfection failed
C:\Documents and Settings\Propriétaire\Local Settings\Temp\lgjpifby.exe
Deleted
C:\Documents and Settings\Propriétaire\Local Settings\Temp\oqpuxdvb.exe
Infected with: Trojan.Fotomoto.E
C:\Documents and Settings\Propriétaire\Local Settings\Temp\oqpuxdvb.exe
Disinfection failed
C:\Documents and Settings\Propriétaire\Local Settings\Temp\oqpuxdvb.exe
Deleted
C:\Documents and Settings\Propriétaire\Local Settings\Temp\pkqkxxeb.exe
Infected with: Trojan.Fotomoto.E
C:\Documents and Settings\Propriétaire\Local Settings\Temp\pkqkxxeb.exe
Disinfection failed
C:\Documents and Settings\Propriétaire\Local Settings\Temp\pkqkxxeb.exe
Deleted
C:\Documents and Settings\Propriétaire\Local Settings\Temp\plrvvdrk.exe
Infected with: Trojan.Fotomoto.E
C:\Documents and Settings\Propriétaire\Local Settings\Temp\plrvvdrk.exe
Disinfection failed
C:\Documents and Settings\Propriétaire\Local Settings\Temp\plrvvdrk.exe
Deleted
C:\Documents and Settings\Propriétaire\Local Settings\Temp\rpafeaox.exe
Infected with: Trojan.Fotomoto.E
C:\Documents and Settings\Propriétaire\Local Settings\Temp\rpafeaox.exe
Disinfection failed
C:\Documents and Settings\Propriétaire\Local Settings\Temp\rpafeaox.exe
Deleted
C:\Documents and Settings\Propriétaire\Local Settings\Temp\slfmcodh.exe
Infected with: Trojan.Fotomoto.E
C:\Documents and Settings\Propriétaire\Local Settings\Temp\slfmcodh.exe
Disinfection failed
C:\Documents and Settings\Propriétaire\Local Settings\Temp\slfmcodh.exe
Deleted
C:\Documents and Settings\Propriétaire\Local Settings\Temp\vsgghkep.exe
Infected with: Trojan.Fotomoto.E
C:\Documents and Settings\Propriétaire\Local Settings\Temp\vsgghkep.exe
Disinfection failed
C:\Documents and Settings\Propriétaire\Local Settings\Temp\vsgghkep.exe
Deleted
C:\System Volume Information\_restore{DC728D2A-F789-45D0-A904-D810A757CF8D}\RP211\A0079771.DLL
Infected with: Generic.Lineage.2259D555
C:\System Volume Information\_restore{DC728D2A-F789-45D0-A904-D810A757CF8D}\RP211\A0079771.DLL
Disinfection failed
C:\System Volume Information\_restore{DC728D2A-F789-45D0-A904-D810A757CF8D}\RP211\A0079771.DLL
Deleted
---------------------------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:49:38, on 16/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\svchost.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Plustek\OpticFilm 7200\QuickScan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/fr8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/fr8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-fr8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/fr8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\pgafvpre.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ShowShifter TVTV EPG Daemon] "C:\Program Files\Home Media Networks Limited\ShowShifter\TVTVD.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: QuickScan (OpticFilm 7200).lnk = C:\Program Files\Plustek\OpticFilm 7200\QuickScan.exe
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - https://www.vm-wl.com/DownloadManager/Release/Prod/DownMan.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - C:\Program Files\Controle Parental\bin\optproxy.exe
Afficher la suite