Suspicion de virus son mon pc Résolu

Question

Bonsoir,

En vu des performances de mon ordinateur je suspecte un virus de l'avoir infecter, en effet alors qu'aucun programme ne tourne le processeur lui tourne a 100% et la mémoire vive est constamment au dessus de 85%.

Je poste donc le résultat des deux fichier : log.txt et info.txt

En vous remerciant pour votre aide.

Log.txt :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Audrey at 2009-09-10 20:08:32
Microsoft® Windows Vista™ Édition Familiale Basique  Service Pack 2
System drive C: has 24 GB (21%) free of 111 GB
Total RAM: 895 MB (18% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:09:25, on 10/09/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32	askeng.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\conime.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Audrey\Downloads\RSIT.exe
C:\Program Files	rend micro\Audrey.exe
C:\Windows\system32\SearchProtocolHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O3 - Toolbar: (no name) - {90222687-F593-4738-B738-FBEE9C7B26DF} - (no file)
O3 - Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Pluginseg\VeohToolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - (no file)
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

archet9 · Answer

Bonsoir Seb1989,


Commences par ceci stp:

Impératif sous vista: 

desactives tes comptes d'utilisateur:
https://www.zebulon.fr/astuces/pratique/220-desactiver-l-uac-dans-vista.html 

Ensuite:

[*]Télécharge AD-Remover  (de Cyrildu17 / C_XX) sur ton Bureau.

[*] Déconnecte-toi et ferme toutes applications en cours  

[*]Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program files).
[*]Double-clique sur l'icône [AD-Remover située sur ton Bureau.
[*]Au menu principal, choisis l'option L.[*]
Poste le rapport qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-report(date).log)

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

[g][u]Note/g : "Process.exe", une composante de l'outil, est détecté par certains antivirus comme une infection, ne pas en tenir compte, il s'agit d'un faux positif, continue la procédure

 

 





a+

Seb1989 · Answer

Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2773
Windows 6.0.6002 Service Pack 2

10/09/2009 20:57:48
mbam-log-2009-09-10 (20-57-48).txt

Type de recherche: Examen rapide
Eléments examinés: 89797
Temps écoulé: 11 minute(s), 8 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

archet9 · Answer

Re....

==> Ce rapport n'est pas du tout le rapport demandé....!!!!!

On y viendra tres certainement, mais avant tout...

Fais ce que j'ai demandé stp ....

a+

Seb1989 · Answer

J"ai posté l'analyse précédente car elle était fait voici celle demandé :
.
======= RAPPORT D'AD-REMOVER 1.1.4.5_U | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 10/09/2009 à 7:00 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 21:16:03, 10/09/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows Vista™ Home Basic Service Pack 2 v6.0.6002
Nom du PC: PC-DE-AUDREY | Utilisateur actuel: Audrey
. 
============== ÉLÉMENT(S) NEUTRALISÉ(S) ============== 
.
.
HKCU\Software\CToolbar
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Everest Poker
HKLM\Software\Microsoft\Internet Explorer\Toolbar\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
. 
C:\Program Files\Crawler 
C:\Program Files\Crawler\ctbcomm.dll 
C:\Program Files\Crawler\CTipsDef.dll 
C:\Program Files\Crawler\CToolbar.exe 
C:\Program Files\Crawler\firefox 
C:\Program Files\Crawler\firefox\chrome 
C:\Program Files\Crawler\firefox\chrome\crawlertbr.jar 
C:\Program Files\Crawler\firefox\components 
C:\Program Files\Crawler\firefox\components\xshared.dll 
C:\Program Files\Crawler\firefox\components\xsupport.dll 
C:\Program Files\Crawler\Update 
C:\Program Files\Everest Poker 
C:\Program Files\Everest Poker\casino.exe 
C:\Program Files\Everest Poker\cstart.exe 
C:\Program Files\Everest Poker\data 
C:\Program Files\Everest Poker\data\cpanel 
C:\Program Files\Everest Poker\data\fonts 
C:\Program Files\Everest Poker\data\fonts\kgp-en.ttf 
C:\Program Files\Everest Poker\data\mp-lobby 
C:\Program Files\Everest Poker\data\mp-lobby\fr.gvt 
C:\Program Files\Everest Poker\data\mp-lobby\shared.gvt 
C:\Program Files\Everest Poker\data\mp-poker 
C:\Program Files\Everest Poker\data\mp-poker\background 
C:\Program Files\Everest Poker\data\mp-poker\background\default.gvt 
C:\Program Files\Everest Poker\data\mp-poker\background\woods.gvt 
C:\Program Files\Everest Poker\data\mp-poker\fr 
C:\Program Files\Everest Poker\data\mp-poker\fr\bitmaps.gvt 
C:\Program Files\Everest Poker\data\mp-poker\fr\mp-poker_strings.txt 
C:\Program Files\Everest Poker\data\mp-poker\fr\mp-poker_tutorial.txt 
C:\Program Files\Everest Poker\data\mp-poker\shared.gvt 
C:\Program Files\Everest Poker\data\shared 
C:\Program Files\Everest Poker\data\shared\fr 
C:\Program Files\Everest Poker\data\shared\fr\country.txt 
C:\Program Files\Everest Poker\data\shared\fr\language.txt 
C:\Program Files\Everest Poker\data\shared\fr\ordinal.txt 
C:\Program Files\Everest Poker\data\shared\shared 
C:\Program Files\Everest Poker\data\shared\shared\bitmaps 
C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt 
C:\Program Files\Everest Poker\data\shared\shared\bitmaps\check.art 
C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art 
C:\Program Files\Everest Poker\data\shared\shared\sounds 
C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg 
C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg 
C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg 
C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg 
C:\Program Files\Everest Poker\data\startup 
C:\Program Files\Everest Poker\data\startup\en 
C:\Program Files\Everest Poker\data\startup\en\startup_strings.txt 
C:\Program Files\Everest Poker\data\startup\fr 
C:\Program Files\Everest Poker\data\startup\fr\cstart.txt 
C:\Program Files\Everest Poker\data\startup\fr\startup_strings.txt 
C:\Program Files\Everest Poker\data\startup\shared 
C:\Program Files\Everest Poker\data\startup\shared\bitmaps 
C:\Program Files\Everest Poker\data\startup\shared\bitmaps\splash_poker.art 
C:\Program Files\Everest Poker\data\startup\shared\icons 
C:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico 
C:\Program Files\Everest Poker\data\startup\shared\sounds 
C:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg 
C:\Program Files\Everest Poker\Everest Poker.exe 
C:\Program Files\Everest Poker\gvbase.dll 
C:\Program Files\Everest Poker\gvcrt.dll 
C:\Program Files\Everest Poker\gvgfx-dib.dll 
C:\Program Files\Everest Poker\gvgfx.dll 
C:\Program Files\Everest Poker\gvmain.dll 
C:\Program Files\Everest Poker\gvmain.exe 
C:\Program Files\Everest Poker\gvnetwork.dll 
C:\Program Files\Everest Poker\gvsound.dll 
C:\Program Files\Everest Poker\history 
C:\Program Files\Everest Poker\history\1.txt 
C:\Program Files\Everest Poker\history\10.txt 
C:\Program Files\Everest Poker\history\100.txt 
C:\Program Files\Everest Poker\history\101.txt 
C:\Program Files\Everest Poker\history\102.txt 
C:\Program Files\Everest Poker\history\103.txt 
C:\Program Files\Everest Poker\history\105.txt 
C:\Program Files\Everest Poker\history\106.txt 
C:\Program Files\Everest Poker\history\107.txt 
C:\Program Files\Everest Poker\history\108.txt 
C:\Program Files\Everest Poker\history\109.txt 
C:\Program Files\Everest Poker\history\11.txt 
C:\Program Files\Everest Poker\history\113.txt 
C:\Program Files\Everest Poker\history\114.txt 
C:\Program Files\Everest Poker\history\115.txt 
C:\Program Files\Everest Poker\history\116.txt 
C:\Program Files\Everest Poker\history\118.txt 
C:\Program Files\Everest Poker\history\12.txt 
C:\Program Files\Everest Poker\history\131.txt 
C:\Program Files\Everest Poker\history\132.txt 
C:\Program Files\Everest Poker\history\14.txt 
C:\Program Files\Everest Poker\history\143.txt 
C:\Program Files\Everest Poker\history\147.txt 
C:\Program Files\Everest Poker\history\149.txt 
C:\Program Files\Everest Poker\history\150.txt 
C:\Program Files\Everest Poker\history\153.txt 
C:\Program Files\Everest Poker\history\163.txt 
C:\Program Files\Everest Poker\history\18.txt 
C:\Program Files\Everest Poker\history\19.txt 
C:\Program Files\Everest Poker\history\2.txt 
C:\Program Files\Everest Poker\history\20.txt 
C:\Program Files\Everest Poker\history\23.txt 
C:\Program Files\Everest Poker\history\24.txt 
C:\Program Files\Everest Poker\history\25.txt 
C:\Program Files\Everest Poker\history\29.txt 
C:\Program Files\Everest Poker\history\3.txt 
C:\Program Files\Everest Poker\history\4.txt 
C:\Program Files\Everest Poker\history\41.txt 
C:\Program Files\Everest Poker\history\43.txt 
C:\Program Files\Everest Poker\history\44.txt 
C:\Program Files\Everest Poker\history\45.txt 
C:\Program Files\Everest Poker\history\46.txt 
C:\Program Files\Everest Poker\history\48.txt 
C:\Program Files\Everest Poker\history\49.txt 
C:\Program Files\Everest Poker\history\50.txt 
C:\Program Files\Everest Poker\history\51.txt 
C:\Program Files\Everest Poker\history\52.txt 
C:\Program Files\Everest Poker\history\53.txt 
C:\Program Files\Everest Poker\history\55.txt 
C:\Program Files\Everest Poker\history\57.txt 
C:\Program Files\Everest Poker\history\58.txt 
C:\Program Files\Everest Poker\history\59.txt 
C:\Program Files\Everest Poker\history\60.txt 
C:\Program Files\Everest Poker\history\61.txt 
C:\Program Files\Everest Poker\history\64.txt 
C:\Program Files\Everest Poker\history\66.txt 
C:\Program Files\Everest Poker\history\70.txt 
C:\Program Files\Everest Poker\history\72.txt 
C:\Program Files\Everest Poker\history\76.txt 
C:\Program Files\Everest Poker\history\77.txt 
C:\Program Files\Everest Poker\history\80.txt 
C:\Program Files\Everest Poker\history\81.txt 
C:\Program Files\Everest Poker\history\82.txt 
C:\Program Files\Everest Poker\history\84.txt 
C:\Program Files\Everest Poker\history\85.txt 
C:\Program Files\Everest Poker\history\86.txt 
C:\Program Files\Everest Poker\history\90.txt 
C:\Program Files\Everest Poker\history\92.txt 
C:\Program Files\Everest Poker\history\93.txt 
C:\Program Files\Everest Poker\history\95.txt 
C:\Program Files\Everest Poker\history\98.txt 
C:\Program Files\Everest Poker\init.ini 
C:\Program Files\Everest Poker\log.dat 
C:\Program Files\Everest Poker\settings.ini 
C:\Program Files\Everest Poker	oc_fr.ini 
C:\Program Files\Everest Poker\var 
C:\Program Files\Everest Poker\var\content-fr.dat 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Everest Poker 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Everest Poker\Everest Poker.lnk 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Everest Poker\Uninstall Everest Poker.lnk 
 
(!) -- Fichiers temporaires supprimés. 
 
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.0.12 *
.
 Nom du profil: 652714ow.default (Audrey)
.
(Prefs.js) user_pref("browser.search.defaultenginename", "Google"); 
(Prefs.js) user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="); 
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://www.google.fr/ig"); 
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.12"); 
.
.
* Internet Explorer Version 8.0.6001.18813 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://fr.msn.com/
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks; Serials ... ) ==============
.
C:\Users\Audrey\Downloads\zoo_tycoon_2_patch_v22.03.00.0013_anglais_20522.exe
C:\Users\Audrey\Favorites\Divers\Divertissement\Traduction des options de MessPatch 8.1.0178 8.10178 - MessPatch fran‡ais -    MSN MANIAC  Le Blog    Astuces pour (MSN) Windows Live Messenger.URL
C:\Users\Audrey\Favorites\Divers\Jeux\Zoo tycoon\Patch Zoo Tycoon.URL
C:\Users\Audrey\Favorites\Enseignement\Facult‚\dossier semestre 5\The results of ballot initiatives   Dispatches from the culture wars   The Economist.URL
C:\Users\Audrey\Favorites\Sites sympa\Serials & keys - unlocks the world.URL
C:\Users\Audrey\Pictures\Audrey Images\Photos de Nous\Nous\private\Mes fichiers re‡us\messpatch application\messpatch application.zip
.
===================================
.
10823 Octet(s) - C:\Ad-Report-CLEAN.log 
.
2 Fichier(s) - C:\Users\Audrey\AppData\Local\Temp 
13 Fichier(s) - C:\Windows\Temp 
.
19 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
92 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE 
.
Fin à: 21:59:28 | 10/09/2009
.
============== E.O.F ==============
.

archet9 · Answer

Ok

Supprimes les traces de Norton qui restent sur le pc
avec cet utilitaire:
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924

Ensuite,

Telecharge GENPROC

http://www.genproc.com/GenProc.exe

Copie et colle le rapport stp...



a+

Seb1989 · Answer

Bonjour,

Nortontool appliqué ! donc maintenant voici le fichier blocnote de GenPRoc :


Rapport GenProc 2.625 [1] - 11/09/2009 à 12:32:39 
@ Windows Vista Service Pack 2 - Mode normal
@ Mozilla Firefox (3.0.12) [Navigateur par défaut]

GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante : 


Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :  
C:\Program Files\EsetOnlineScanner\log.txt

 


~~~~ INFORMATION COMPLEMENTAIRE ~~~~
 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:28, on 11/09/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\GenProc\outil\Audrey_GenProc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Pluginseg\VeohToolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - (no file)
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

archet9 · Answer

Bien....

Mets à jour Adobe et java: (faille de sécurité)
https://adobe-reader.updatestar.com/fr
https://www.java.com/fr/download/help/java_update.html

Puis:

Pour desinstaller les outils utilisés
Telecharge ToolsCleaner2--> 

http://pc-system.fr/ 
-Une fois téléchargé, installe-le et lance-le 
-Clique sur Recherche et laisse le scan se terminer 
-Clique sur SUPPRESSION 
-Clique sur Quitter pour que le rapport puisse se créer
-Poste moi le rapport se trouvant ici--> C:\TCleaner.txt 


puis

---> Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar) :

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html 

 * Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc.... 
* Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage. 
* Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs tant de fois qu il en trouve a l analyse(Sauvegarde la base de registre).  
* Décoche la case plus vieux que 48 h 

TRES IMPORTANT: 

---> Il est nécessaire de désactiver puis réactiver la restauration système pour la purger : 
XP:
https://www.tayo.fr/desactiver-restauration-systeme-sur-windows-xp-tutoriel.php
VISTA:
https://www.tayo.fr/desactiver-restauration-windows-vista-tutoriel.php 

---> Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème : 
https://www.vulgarisation-informatique.com/creer-point-restauration.php

Enfin :

Si tout est OK:
Change le statut de ce topic en "résolu"
https://www.commentcamarche.net/infos/25917-marquer-un-fil-de-discussion-comme-etant-resolu/

  

a+

Seb1989 · Answer

voila et merci pour ton aide !

[ Rapport ToolsCleaner version 2.3.10 (par A.Rothstein & dj QUIOU) ]

--> Recherche: 

C:\GenProc: trouvé !
C:\Rsit: trouvé !
C:\GenProc\Genproc.exe: trouvé !
C:\GenProc\outil\hijackthis.log: trouvé !
C:\GenProc\outil\mbr.exe: trouvé !
C:\GenProc\Page\GenProc[*].html: trouvé !
C:\Program Files\Ad-remover: trouvé !
C:\Program Files	rend micro\HijackThis.exe: trouvé !
C:\Program Files	rend micro\hijackthis.log: trouvé !
C:\Users\Audrey\Downloads\Ad-R.exe: trouvé !
C:\Users\Audrey\Downloads\Rsit.exe: trouvé !
C:\Users\Audrey\Downloads\Genproc.exe: trouvé !

---------------------------------
--> Suppression: 

C:\Program Files	rend micro\HijackThis.exe: supprimé !
C:\Users\Audrey\Downloads\Ad-R.exe: supprimé !
C:\GenProc\Genproc.exe: supprimé !
C:\GenProc\outil\hijackthis.log: supprimé !
C:\GenProc\outil\mbr.exe: supprimé !
C:\GenProc\Page\GenProc[*].html: ERREUR DE SUPPRESSION !!
C:\Program Files	rend micro\hijackthis.log: supprimé !
C:\Users\Audrey\Downloads\Rsit.exe: supprimé !
C:\Users\Audrey\Downloads\Genproc.exe: supprimé !
C:\GenProc: supprimé !
C:\Rsit: supprimé !
C:\Program Files\Ad-remover: supprimé !

archet9 · Answer

De rien ...

a+

Suspicion de virus son mon pc

9 réponses

Newsletters