Comment suprimer keylogger de mo ordi

aimaj Messages postés 12 Statut Membre -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,

j'ai découverts à mon insu que j'avais dans mon ordinateur des logiciel espion comme
- the best key logger
- espion proffessionnel à distance 2008
- key board guardian trial
je voudrai savoir comment les supprimer svp

merci d'avance.
Configuration: Windows XP
Firefox 3.0.5

9 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    télécharge a squared free, mets le a jour et colle un rapport avec

    https://www.01net.com/telecharger/

    puis

    Télécharge ici :

    http://images.malwareremoval.com/random/RSIT.exe

    random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

    Double-clique sur RSIT.exe afin de lancer RSIT.

    Clique Continue à l'écran Disclaimer.

    Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

    Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

    NB : Les rapports sont sauvegardés dans le dossier C:\rsit
    0
    1. aimaj Messages postés 12 Statut Membre
       
      VOICI LES RAPPORTS
      Logfile of random's system information tool 1.05 (written by random/random)
      Run by parents at 2009-02-05 11:48:07
      Microsoft Windows XP Édition familiale Service Pack 3
      System drive C: has 219 GB (92%) free of 238 GB
      Total RAM: 1023 MB (45% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 11:49:07, on 05/02/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16762)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\LEXPPS.EXE
      c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
      C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Norton Internet Security\AddOns\Norton AddOn Pack\Engine\3.1.0.8\ccProxy.exe
      c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
      c:\APPS\Powercinema\Kernel\TV\CLSched.exe
      C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
      c:\APPS\HIDSERVICE\HIDSERVICE.exe
      C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
      C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\slserv.exe
      C:\WINDOWS\System32\snmp.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\WINDOWS\SOUNDMAN.EXE
      C:\WINDOWS\ALCWZRD.EXE
      C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
      C:\Apps\Powercinema\PCMService.exe
      C:\apps\ABoard\ABoard.exe
      C:\Program Files\Labtec\Mouse\V3.0\moffice.exe
      C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
      C:\apps\ABoard\AOSD.exe
      C:\WINDOWS\system32\LVCOMSX.EXE
      C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
      C:\Program Files\Logitech\Video\CameraAssistant.exe
      C:\WINDOWS\system32\ElkCtrl.exe
      C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
      C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
      C:\Program Files\QuickTime\QTTask.exe
      C:\Program Files\Labtec\Mouse\V3.0\MOUSE32A.EXE
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Documents and Settings\All Users\Application Data\The Best KeyLogger\SysDir.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\APPS\skype\Phone\Skype.exe
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Hercules\WiFi Station\WifiStation.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
      C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
      C:\WINDOWS\explorer.exe
      C:\Documents and Settings\parents\Bureau\RSIT.exe
      C:\Program Files\trend micro\parents.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/spresults.aspx
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?fdr=lc&toHttps=1&redig=FA6AD360E0BE4C719380F8C470A3D3A8
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/spresults.aspx
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.norton.com/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: PBFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - C:\WINDOWS\system32\pbfrv2.dll (file missing)
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
      O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
      O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
      O3 - Toolbar: PBFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - C:\WINDOWS\system32\pbfrv2.dll (file missing)
      O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
      O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
      O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
      O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
      O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\V3.0\moffice.exe
      O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
      O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
      O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
      O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
      O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
      O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [SysDir] C:\Documents and Settings\All Users\Application Data\The Best KeyLogger\SysDir.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Skype] "C:\APPS\skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O4 - Global Startup: WiFi Station.lnk = ?
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
      O18 - Protocol: bw+0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw+0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O18 - Protocol: bwg0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwg0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: offline-8876480 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
      O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Norton Internet Security\AddOns\Norton AddOn Pack\Engine\3.1.0.8\ccProxy.exe
      O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
      O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
      O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
      O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
      O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
      O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
      O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
      O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
      0
  2. kharkam Messages postés 86 Date d'inscription   Statut Membre Dernière intervention   20
     
    bonjour, keylogger est un logiciel trés facile à installer et désinstaller .
    petite question perso , êtes vous mariez ou autre , y a t il une personne chez vous susceptibles de surveiller vos faits t gestes si oui .
    le dossier doit être caché et il à été installé pour vous surveiller car il enregistre tous ce que vous tapez.
    et en aucun cas keylogger et un virus .
    0
    1. aimaj Messages postés 12 Statut Membre
       
      oui pourquoi,?
      0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    le rapport a squared free????

    ____________________

    tu as mis The Best KeyLogger c'est voulu???: c'est ceci:

    http://french.eazel.com/lv/group/view/kl80093/The_Best_KeyLogger.htm

    _____________________

    télécharge OTMoveIt
    http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.

    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
    (attention bien mettre :files)

    :files
    C:\WINDOWS\system32\pbfrv2.dll
    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D}-

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    ____________________

    scan avec
    MalwareByte's Anti-Malware après mise a jour, en mode normal et vire ce qui est trouvé et colle le rapport

    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    ____________________
    je mets ceci de coté:

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "SysDir"=-
    C:\Documents and Settings\All Users\Application Data\The Best KeyLogger\SysDir.exe
    0
    1. aimaj Messages postés 12 Statut Membre
       
      j'ai télécharger OTMovelt
      j'ai bien coller ceci dans la partie gauche du tableau

      :files
      C:\WINDOWS\system32\pbfrv2.dll
      :reg
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi­on\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D}]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi­on\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D}-


      le résultat apparait bien dans le tableau result mais des que je clic sur exit pour fermer ça bug tout est figé je ne peux plus rien faire
      0
  4. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok arrete

    et passe a malwarebyte

    et

    tu ne m'as pas dis pour ceci:

    tu as mis The Best KeyLogger c'est voulu???: c'est ceci:

    http://french.eazel.com/lv/group/view/kl80093/The_Best_KeyLo­gger.htm
    0
    1. aimaj Messages postés 12 Statut Membre
       
      pour the best key logger non ce n'etait pas voulu.
      0
    2. aimaj Messages postés 12 Statut Membre
       
      voici le rappord de malwarebyte


      Malwarebytes' Anti-Malware 1.33
      Version de la base de données: 1654
      Windows 5.1.2600 Service Pack 3

      05/02/2009 14:39:39
      mbam-log-2009-02-05 (14-39-39).txt

      Type de recherche: Examen complet (C:\|)
      Eléments examinés: 92550
      Temps écoulé: 23 minute(s), 29 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 4
      Valeur(s) du Registre infectée(s): 2
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 0

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_CLASSES_ROOT\pbfrv2.pbfrv2 (Adware.2020Search) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{4e7bd74f-2b8d-469e-a0e8-ed6ab685fa7d} (Adware.2020Search) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4e7bd74f-2b8d-469e-a0e8-ed6ab685fa7d} (Adware.2020Search) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e7bd74f-2b8d-469e-a0e8-ed6ab685fa7d} (Adware.2020Search) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{4e7bd74f-2b8d-469e-a0e8-ed6ab685fa7d} (Adware.2020Search) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4e7bd74f-2b8d-469e-a0e8-ed6ab685fa7d} (Adware.2020Search) -> Quarantined and deleted successfully.

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      (Aucun élément nuisible détecté)
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    télécharge OTMoveIt
    http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.

    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.

    :files
    C:\Documents and Settings\All Users\Application Data\The Best KeyLogger
    C:\WINDOWS\system32\pbfrv2.dll
    C:\Documents and Settings\All Users\Application Data\The Best KeyLogger\SysDir.exe
    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi­­on\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi­­on\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D}-
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "SysDir"=-
    :commands
    [purity]
    [emptytemp]
    [start explorer]

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
    0
    1. aimaj Messages postés 12 Statut Membre
       
      bonjour
      toujours le même problème ça bloque dès que je clic sur exit il y a le sablier et c'est écrit "ne répond pas"
      0
  7. kharkam Messages postés 86 Date d'inscription   Statut Membre Dernière intervention   20
     
    ce logiciel à été instllé pour espionner , c'est quelqu un de chez toi qui l'a mit afin de voir ce que tu fait
    0
  8. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    regarde si tu peux virer via ton panneau de configuration the best keylogger

    _______________

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !

    Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    File::
    C:\Documents and Settings\All Users\Application Data\The Best KeyLogger
    C:\WINDOWS\system32\pbfrv2.dll
    C:\Documents and Settings\All Users\Application Data\The Best KeyLogger\SysDir.exe
    Registry::
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi­­­on\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi­­­on\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D}-
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersio­n\Run]
    "SysDir"=-

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Remets aussi un rapport Hijackthis

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
    0
    1. aimaj Messages postés 12 Statut Membre
       
      voici le rapport de ComboFix


      ComboFix 09-02-05.04 - parents 2009-02-06 16:11:06.1 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1023.433 [GMT 1:00]
      Lancé depuis: c:\documents and settings\parents\Bureau\ComboFix.exe
      AV: Norton Internet Security *On-access scanning enabled* (Updated)
      FW: Norton Internet Security *enabled*
      * Un nouveau point de restauration a été créé
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
      c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
      c:\windows\nt32200ax2R2.dll
      c:\windows\system32\AutoRun.inf
      c:\windows\system32\ntcheck3232bxR2.dll

      ----- BITS: Il y a peut-être des sites infectés -----

      hxxp://premium.virginmega.fr
      .
      ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-06 au 2009-02-06 ))))))))))))))))))))))))))))))))))))
      .

      2009-02-05 13:53 . 2009-02-05 13:53 <REP> d-------- c:\documents and settings\parents\Application Data\Malwarebytes
      2009-02-05 13:53 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
      2009-02-05 13:52 . 2009-02-05 13:57 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
      2009-02-05 13:52 . 2009-02-05 13:52 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
      2009-02-05 13:52 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
      2009-02-05 13:13 . 2009-02-05 13:13 <REP> d-------- C:\_OTMoveIt
      2009-02-05 11:51 . 2009-02-05 12:03 <REP> d-------- c:\program files\a-squared Free
      2009-02-05 11:48 . 2009-02-05 11:49 <REP> d-------- C:\rsit
      2009-02-05 11:48 . 2009-02-05 15:02 <REP> d-------- c:\program files\trend micro
      2009-02-04 15:36 . 2009-02-04 15:36 <REP> d-------- c:\documents and settings\All Users\Application Data\SysDll
      2009-02-04 15:36 . 2009-02-04 15:37 <REP> d-------- c:\documents and settings\All Users\Application Data\SysDir
      2009-02-04 13:36 . 2009-02-04 13:36 940,794 --a------ c:\windows\system32\LoopyMusic.wav
      2009-02-04 13:36 . 2009-02-04 13:36 146,650 --a------ c:\windows\system32\BuzzingBee.wav
      2009-02-04 13:36 . 2009-02-04 13:36 73,728 --a------ c:\windows\ALCFDRTM.VER
      2009-02-04 13:36 . 2009-02-04 13:36 73,728 --a------ c:\windows\ALCFDRTM.EXE
      2009-02-03 19:01 . 2008-10-21 09:22 114,600 --a------ c:\windows\system32\drivers\s0017mdm.sys
      2009-02-03 19:01 . 2008-10-21 09:22 109,736 --a------ c:\windows\system32\drivers\s0017unic.sys
      2009-02-03 19:01 . 2008-10-21 09:22 108,328 --a------ c:\windows\system32\drivers\s0017mgmt.sys
      2009-02-03 19:01 . 2008-10-21 09:22 104,616 --a------ c:\windows\system32\drivers\s0017obex.sys
      2009-02-03 19:01 . 2008-10-21 09:22 86,824 --a------ c:\windows\system32\drivers\s0017bus.sys
      2009-02-03 19:01 . 2008-10-21 09:22 26,024 --a------ c:\windows\system32\drivers\s0017nd5.sys
      2009-02-03 19:01 . 2008-10-21 09:22 15,016 --a------ c:\windows\system32\drivers\s0017mdfl.sys
      2009-02-03 19:01 . 2008-10-21 09:22 12,200 --a------ c:\windows\system32\drivers\s0017whnt.sys
      2009-02-03 19:01 . 2008-10-21 09:22 12,200 --a------ c:\windows\system32\drivers\s0017wh.sys
      2009-02-03 19:01 . 2008-10-21 09:22 12,200 --a------ c:\windows\system32\drivers\s0017cmnt.sys
      2009-02-03 19:01 . 2008-10-21 09:22 12,200 --a------ c:\windows\system32\drivers\s0017cm.sys
      2009-02-03 19:01 . 2008-10-21 09:22 10,792 --a------ c:\windows\system32\drivers\s0017cr.sys
      2009-02-03 18:42 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll
      2009-02-03 18:42 . 2009-02-03 18:42 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
      2009-02-03 18:42 . 2009-02-03 18:42 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
      2009-02-03 18:36 . 2009-02-03 18:36 1,107,296 --a------ c:\windows\system32\WdfCoInstaller01007.dll
      2009-02-03 18:36 . 2009-02-03 18:36 24,616 --a------ c:\windows\system32\drivers\ggsemc.sys
      2009-02-03 18:36 . 2009-02-03 18:36 13,224 --a------ c:\windows\system32\drivers\ggflt.sys
      2009-02-03 18:25 . 2009-02-05 09:21 <REP> d-------- c:\documents and settings\parents\Application Data\Sony
      2009-02-03 18:25 . 2009-02-03 18:25 <REP> d-------- c:\documents and settings\All Users\Application Data\Sony
      2009-02-03 18:19 . 2007-06-25 10:43 108,456 --a------ c:\windows\system32\drivers\s117mdm.sys
      2009-02-03 18:19 . 2007-06-25 10:43 100,264 --a------ c:\windows\system32\drivers\s117mgmt.sys
      2009-02-03 18:19 . 2007-06-25 10:43 98,856 --a------ c:\windows\system32\drivers\s117unic.sys
      2009-02-03 18:19 . 2007-06-25 10:43 98,344 --a------ c:\windows\system32\drivers\s117obex.sys
      2009-02-03 18:19 . 2007-06-25 10:43 82,984 --a------ c:\windows\system32\drivers\s117bus.sys
      2009-02-03 18:19 . 2007-06-25 10:43 22,952 --a------ c:\windows\system32\drivers\s117nd5.sys
      2009-02-03 18:19 . 2007-06-25 10:43 14,888 --a------ c:\windows\system32\drivers\s117mdfl.sys
      2009-02-03 18:19 . 2007-06-25 10:43 12,200 --a------ c:\windows\system32\drivers\s117whnt.sys
      2009-02-03 18:19 . 2007-06-25 10:43 12,200 --a------ c:\windows\system32\drivers\s117wh.sys
      2009-02-03 18:19 . 2007-06-25 10:43 12,200 --a------ c:\windows\system32\drivers\s117cmnt.sys
      2009-02-03 18:19 . 2007-06-25 10:43 12,200 --a------ c:\windows\system32\drivers\s117cm.sys
      2009-02-03 18:19 . 2007-06-25 10:43 10,792 --a------ c:\windows\system32\drivers\s117cr.sys
      2009-02-03 18:17 . 2009-02-05 09:30 <REP> d-------- c:\program files\Sony Ericsson
      2009-02-02 19:31 . 2009-02-02 19:31 <REP> d-------- c:\program files\SereneScreen
      2009-02-02 19:31 . 2006-02-28 08:53 2,936,832 --a------ c:\windows\system32\MA2_6.scr
      2009-01-30 17:50 . 2009-01-30 17:50 <REP> d-------- c:\documents and settings\Propriétaire
      2009-01-30 13:29 . 2009-01-30 13:29 8,192 --ahs---- c:\windows\Thumbs.db
      2009-01-30 13:27 . 2009-01-30 15:20 <REP> d-------- C:\Ctr
      2009-01-29 17:50 . 2009-01-29 17:50 <REP> d-------- c:\program files\NOS
      2009-01-29 17:50 . 2009-02-03 19:28 <REP> d-------- c:\documents and settings\All Users\Application Data\NOS
      2009-01-28 13:58 . 2003-07-06 13:07 372,736 --a------ c:\windows\system32\IJL_11.DLL
      2009-01-28 13:58 . 2004-03-08 23:00 212,240 --a------ c:\windows\system32\RICHTX32.OCX
      2009-01-28 12:44 . 2005-12-02 10:25 7 --a------ c:\windows\cfsywin32.sys
      2009-01-28 12:13 . 2009-01-28 12:21 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
      2009-01-28 11:31 . 2009-01-28 11:31 <REP> d-------- c:\program files\Microsoft Silverlight
      2009-01-27 10:06 . 2009-01-27 10:06 <REP> d-------- c:\program files\TechTracker
      2009-01-27 10:06 . 2009-01-27 10:11 <REP> d-------- c:\documents and settings\parents\Application Data\VersionTracker Pro
      2009-01-23 11:56 . 2009-01-23 11:56 <REP> d-------- c:\program files\Micro Application
      2009-01-23 11:56 . 2009-01-23 11:56 <REP> d-------- c:\documents and settings\All Users\Application Data\Micro Application
      2009-01-23 11:22 . 2009-01-23 11:24 <REP> d-------- c:\windows\system32\XPSViewer
      2009-01-23 11:22 . 2009-01-23 11:22 <REP> d-------- c:\program files\Reference Assemblies
      2009-01-23 11:22 . 2009-01-23 11:22 <REP> d-------- c:\program files\MSBuild
      2009-01-23 11:21 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
      2009-01-23 11:11 . 2009-01-23 12:33 <REP> d-------- c:\program files\Radio Fr Solo
      2009-01-23 11:02 . 2009-01-26 18:01 <REP> d-------- c:\program files\Google
      2009-01-23 11:02 . 2009-01-28 12:23 <REP> d-------- c:\program files\DAP
      2009-01-23 11:02 . 2009-02-04 15:32 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
      2009-01-23 11:02 . 2009-01-28 12:22 <REP> d-------- c:\documents and settings\All Users\Application Data\SpeedBit
      2009-01-23 10:46 . 2009-01-23 10:46 <REP> d-------- c:\windows\system32\3Planesoft
      2009-01-23 10:46 . 2009-01-23 10:46 <REP> d-------- c:\program files\Lantern 3D Screensaver
      2009-01-23 10:46 . 2009-01-23 10:46 <REP> d-------- c:\program files\3Planesoft Screensaver Manager
      2009-01-23 10:46 . 2009-01-20 01:41 3,204,096 --a------ c:\windows\system32\Lantern 3D Screensaver.exe
      2009-01-23 10:46 . 2009-01-20 01:33 657,408 --a------ c:\windows\system32\3Planesoft_Screensaver_Manager.scr
      2009-01-23 10:46 . 2009-01-20 02:47 440,320 --a------ c:\windows\system32\Lantern_3D_Screensaver.scr
      2009-01-22 21:12 . 2009-01-22 21:12 <REP> d-------- C:\Games
      2009-01-22 20:44 . 2009-01-22 20:44 <REP> d-------- c:\windows\system32\NtmsData
      2009-01-20 16:08 . 2009-01-20 16:08 <REP> d-------- c:\windows\system32\fr
      2009-01-20 16:08 . 2009-01-20 16:08 <REP> d-------- c:\windows\system32\bits
      2009-01-20 16:08 . 2009-01-20 16:08 <REP> d-------- c:\windows\l2schemas
      2009-01-20 16:05 . 2009-01-20 16:09 <REP> d-------- c:\windows\ServicePackFiles
      2009-01-20 15:59 . 2009-01-20 15:59 <REP> d-------- c:\windows\EHome
      2009-01-19 19:12 . 2009-02-04 20:10 <REP> d-------- c:\documents and settings\élias\Application Data\Apple Computer
      2009-01-18 21:49 . 2009-01-22 20:56 <REP> d-------- c:\documents and settings\parents\Application Data\Apple Computer
      2009-01-18 21:49 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
      2009-01-18 21:49 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
      2009-01-18 21:48 . 2009-01-18 21:49 <REP> d-------- c:\program files\iTunes
      2009-01-18 21:48 . 2009-01-18 21:48 <REP> d-------- c:\program files\iPod
      2009-01-18 21:48 . 2009-01-18 21:48 <REP> d-------- c:\program files\Bonjour
      2009-01-18 21:48 . 2009-01-18 21:49 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
      2009-01-18 21:47 . 2009-02-03 18:31 <REP> d-------- c:\program files\QuickTime
      2009-01-18 21:47 . 2009-01-18 21:47 <REP> d-------- c:\program files\Apple Software Update
      2009-01-18 21:47 . 2009-01-18 21:48 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
      2009-01-18 21:47 . 2008-11-07 14:23 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys
      2009-01-18 21:46 . 2009-01-18 21:48 <REP> d-------- c:\program files\Fichiers communs\Apple
      2009-01-18 21:46 . 2009-01-18 21:46 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple
      2009-01-17 17:13 . 2009-01-17 17:13 <REP> d-------- c:\documents and settings\amine et maria\Application Data\OD2
      2009-01-17 17:11 . 2009-01-17 17:11 <REP> d-------- c:\documents and settings\amine et maria\Application Data\CyberLink
      2009-01-17 17:01 . 2009-01-17 17:01 <REP> d-------- c:\documents and settings\amine et maria\Application Data\Sonic
      2009-01-17 16:52 . 2009-01-17 16:52 <REP> d-------- c:\documents and settings\amine et maria\Application Data\Leadertech
      2009-01-17 12:13 . 2004-08-04 00:54 159,232 --a------ c:\windows\system32\ptpusd.dll
      2009-01-17 12:13 . 2001-08-23 17:47 5,632 --a------ c:\windows\system32\ptpusb.dll
      2009-01-15 10:55 . 2009-01-15 10:55 <REP> d-------- c:\program files\SAMSUNG CDMA Modem
      2009-01-15 10:45 . 2009-02-04 15:24 <REP> d-------- c:\program files\Jeyo Remote SP
      2009-01-14 20:35 . 2009-01-20 15:27 <REP> d-------- c:\documents and settings\élias\Application Data\Azureus
      2009-01-14 20:35 . 2009-01-14 20:35 <REP> d-------- c:\documents and settings\All Users\Application Data\Azureus
      2009-01-14 18:51 . 2009-01-14 18:51 <REP> d-------- c:\documents and settings\élias\Application Data\Leadertech
      2009-01-14 18:49 . 2009-01-14 18:49 <REP> d-------- c:\documents and settings\élias\Application Data\OD2
      2009-01-14 13:14 . 2009-01-14 13:14 <REP> d-------- c:\documents and settings\parents\Application Data\Leadertech
      2009-01-14 10:43 . 2009-01-19 12:09 <REP> d-------- c:\windows\Drivers
      2009-01-14 08:39 . 2009-01-14 08:39 <REP> d-------- c:\documents and settings\amine et maria\Application Data\Shareaza
      2009-01-13 17:52 . 2009-01-13 17:52 <REP> d-------- c:\documents and settings\élias\Application Data\PC Suite
      2009-01-13 12:03 . 2009-01-13 12:03 <REP> d-------- c:\documents and settings\amine et maria\Application Data\PC Suite
      2009-01-13 11:16 . 2009-01-13 11:16 <REP> d-------- c:\program files\PC Connectivity Solution
      2009-01-13 11:16 . 2008-08-26 09:26 18,816 --a------ c:\windows\system32\drivers\pccsmcfd.sys
      2009-01-13 11:11 . 2009-01-13 11:22 <REP> d-------- c:\documents and settings\All Users\Application Data\PC Suite
      2009-01-13 10:57 . 2009-01-13 11:16 <REP> d-------- c:\program files\Fichiers communs\Nokia
      2009-01-13 10:56 . 2009-01-13 10:56 <REP> d-------- c:\program files\MSXML 6.0
      2009-01-13 10:56 . 2009-01-13 11:11 <REP> d-------- c:\documents and settings\All Users\Application Data\Installations
      2009-01-13 10:55 . 2009-01-13 10:55 <REP> d-------- c:\documents and settings\All Users\Application Data\Nokia
      2009-01-13 10:47 . 2009-01-13 10:47 <REP> d-------- c:\program files\Fichiers communs\MainConcept

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-02-06 08:26 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
      2009-02-04 14:32 --------- d--h--w c:\program files\Qhshziugvnbt
      2009-01-08 13:13 118,784 ------r c:\windows\bwUnin-7.2.0.137-8876480SL.exe
      2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
      2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
      2008-12-08 11:23 195,832 ----a-w c:\windows\system32\drivers\abjda.sys
      2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
      .

      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
      "Skype"="c:\apps\skype\Phone\Skype.exe" [2008-11-07 21710120]
      "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2009-01-08 32768]
      "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
      "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-26 39408]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
      "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
      "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
      "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-04-01 5562368]
      "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-04-01 86016]
      "SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_05\bin\jusched.exe" [2004-06-03 32881]
      "PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-01-28 110740]
      "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
      "FLMOFFICE4DMOUSE"="c:\program files\Labtec\Mouse\V3.0\moffice.exe" [2009-01-08 958464]
      "Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
      "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]
      "LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2005-12-07 489472]
      "LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2005-12-07 10:33 73728]
      "LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
      "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
      "sclauncher"="c:\program files\SimpleCenter\bin\win\sclauncher.exe" [2007-01-30 94208]
      "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
      "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
      "nwiz"="nwiz.exe" [2005-04-01 c:\windows\system32\nwiz.exe]
      "Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 c:\windows\system32\Hdaudpropshortcut.exe]
      "SoundMan"="SOUNDMAN.EXE" [2004-09-10 c:\windows\SoundMan.exe]
      "AlcWzrd"="ALCWZRD.EXE" [2004-09-15 c:\windows\ALCWZRD.EXE]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

      c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
      Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2009-01-08 450560]
      WiFi Station.lnk - c:\program files\Hercules\WiFi Station\WifiStation.exe [2009-01-08 654336]

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
      @="Driver"

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Athan]
      --a------ 2008-12-11 12:38 1069056 c:\program files\Athan\Athan.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
      --a------ 2008-10-01 12:00 5723136 c:\program files\Shareaza\Shareaza.exe

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%ProgramFiles%\\AOL 9.0\\aol.exe"=
      "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
      "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\APPS\\Inventime\\my.exe"=
      "c:\\Program Files\\AOL 9.0\\waol.exe"=
      "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
      "c:\\Program Files\\Messenger\\msmsgs.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\Program Files\\Shareaza\\Shareaza.exe"=
      "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\iTunes\\iTunes.exe"=
      "c:\\APPS\\skype\\Phone\\Skype.exe"=

      R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1002000.007\SymEFA.sys [2009-01-08 309296]
      R1 abjda;abjda;c:\windows\system32\drivers\abjda.sys [2008-12-08 195832]
      R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1002000.007\BHDrvx86.sys [2009-01-08 255536]
      R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1002000.007\cchpx86.sys [2009-01-08 362544]
      R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090129.005\IDSxpx86.sys [2009-02-03 276344]
      R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-01-08 55136]
      R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe [2009-01-08 115560]
      R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-01-08 99376]
      S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
      S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-01-29 33752]
      S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-02-03 13224]
      S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2009-02-03 86824]
      S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2009-02-03 15016]
      S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2009-02-03 114600]
      S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2009-02-03 108328]
      S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2009-02-03 26024]
      S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2009-02-03 104616]
      S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2009-02-03 109736]
      .
      Contenu du dossier 'Tâches planifiées'

      2009-01-31 c:\windows\Tasks\AppleSoftwareUpdate.job
      - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

      2009-01-30 c:\windows\Tasks\HDReg.job
      - c:\apps\HDReg\HDRegRem.exe [2003-07-15 10:14]
      .
      - - - - ORPHELINS SUPPRIMES - - - -

      HKLM-Run-SysDir - c:\documents and settings\All Users\Application Data\The Best KeyLogger\SysDir.exe


      .
      ------- Examen supplémentaire -------
      .
      uInternet Connection Wizard,ShellNext = hxxp://www.symantec.com/fr/fr/norton/products/toolbar/popup.jsp?pvid=nis2009
      uInternet Settings,ProxyOverride = *.local
      IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
      Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\Norton Internet Security\Engine\16.2.0.7\CoIEPlg.dll
      FF - ProfilePath - c:\documents and settings\parents\Application Data\Mozilla\Firefox\Profiles\vfoy8vff.default\
      FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
      FF - prefs.js: browser.search.selectedEngine - Google
      FF - prefs.js: browser.startup.homepage - hxxp://packardbell.maxicours.com/W/part/packardbell/?act=web
      FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
      FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
      FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
      FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
      FF - plugin: c:\progra~1\MOZILL~1\plugins\np_gp.dll
      FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava11.dll
      FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava12.dll
      FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava13.dll
      FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava14.dll
      FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava32.dll
      FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJPI142_05.dll
      FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPOJI610.dll
      FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
      .

      **************************************************************************

      catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-02-06 16:13:31
      Windows 5.1.2600 Service Pack 3 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
      "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.2.0.7\diMaster.dll\" /prefetch:1"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MysqlInventime]
      "ImagePath"="c:\apps\INVENT~1\mysql\bin\mysqld-nt --defaults-file=c:\apps\Inventime\mysql\my.ini MysqlInventime"
      .
      --------------------- CLES DE REGISTRE BLOQUEES ---------------------

      [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|ù•Ñw*]
      "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
      "C040211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
      .
      Heure de fin: 2009-02-06 16:14:52
      ComboFix-quarantined-files.txt 2009-02-06 15:14:49

      Avant-CF: 229 124 386 816 octets libres
      Après-CF: 229,774,868,480 octets libres

      296 --- E O F --- 2009-01-21 09:09:03



      ou je peux trouver le rapport Hijackthis

      merci
      0
  9. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    encore des soucis? Mets un rapport rsit
    0
    1. aimaj Messages postés 12 Statut Membre
       
      bonjour

      voici le rapport rsit




      Logfile of random's system information tool 1.05 (written by random/random)
      Run by parents at 2009-02-07 12:05:02
      Microsoft Windows XP Édition familiale Service Pack 3
      System drive C: has 219 GB (92%) free of 238 GB
      Total RAM: 1023 MB (36% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 12:05:08, on 07/02/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16762)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\spoolsv.exe
      c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
      C:\Program Files\a-squared Free\a2service.exe
      C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Norton Internet Security\AddOns\Norton AddOn Pack\Engine\3.1.0.8\ccProxy.exe
      c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
      c:\APPS\Powercinema\Kernel\TV\CLSched.exe
      C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
      c:\APPS\HIDSERVICE\HIDSERVICE.exe
      C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
      C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\slserv.exe
      C:\WINDOWS\System32\snmp.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\WINDOWS\SOUNDMAN.EXE
      C:\WINDOWS\ALCWZRD.EXE
      C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
      C:\Apps\Powercinema\PCMService.exe
      C:\apps\ABoard\ABoard.exe
      C:\Program Files\Labtec\Mouse\V3.0\moffice.exe
      C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
      C:\WINDOWS\system32\LVCOMSX.EXE
      C:\Program Files\Logitech\Video\CameraAssistant.exe
      C:\WINDOWS\system32\ElkCtrl.exe
      C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
      C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
      C:\Program Files\QuickTime\QTTask.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\apps\ABoard\AOSD.exe
      C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
      C:\APPS\skype\Phone\Skype.exe
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Hercules\WiFi Station\WifiStation.exe
      C:\Program Files\Labtec\Mouse\V3.0\MOUSE32A.EXE
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
      C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
      C:\Documents and Settings\parents\Bureau\logiciel de recher che de malware\RSIT.exe
      C:\Program Files\trend micro\parents.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.norton.com/
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
      O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
      O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
      O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
      O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
      O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
      O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
      O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\V3.0\moffice.exe
      O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
      O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
      O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
      O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
      O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
      O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Skype] "C:\APPS\skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKUS\S-1-5-21-209618270-3312955852-1623511331-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'élias')
      O4 - HKUS\S-1-5-21-209618270-3312955852-1623511331-1007\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (User 'élias')
      O4 - HKUS\S-1-5-21-209618270-3312955852-1623511331-1007\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'élias')
      O4 - HKUS\S-1-5-21-209618270-3312955852-1623511331-1007\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray (User 'élias')
      O4 - HKUS\S-1-5-21-209618270-3312955852-1623511331-1007\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (User 'élias')
      O4 - HKUS\S-1-5-21-209618270-3312955852-1623511331-1007\..\Run: [55102] c:\program files\qhshziugvnbt\ldufum.exe ld (User 'élias')
      O4 - HKUS\S-1-5-21-209618270-3312955852-1623511331-1008\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (User 'amine et maria')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O4 - Global Startup: WiFi Station.lnk = ?
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
      O18 - Protocol: bw+0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw+0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O18 - Protocol: bwg0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwg0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0s - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: offline-8876480 - {6250B481-7255-4DD2-9EDA-67B036C45890} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
      O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
      O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Norton Internet Security\AddOns\Norton AddOn Pack\Engine\3.1.0.8\ccProxy.exe
      O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
      O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
      O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
      O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
      O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
      O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
      O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
      O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
      0
    2. aimaj Messages postés 12 Statut Membre
       
      j'ai un autre petit souci
      dans le panneau de configuration et ajout/suppression de programme je trouve toujours keyBoard Guardian Trial Version
      impossible de le supprimer il est ecrit "utilisée occasionnellement"

      merci
      0
  10. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    fais bien la procedure

    Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    Driver ::
    abjda
    File::
    C:\Documents and Settings\All Users\Application Data\The Best KeyLogger
    C:\WINDOWS\system32\pbfrv2.dll
    C:\Documents and Settings\All Users\Application Data\The Best KeyLogger\SysDir.exe
    C:\WINDOWS\abjda
    c:\windows\system32\drivers\abjda.sys
    Registry::
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi­­­on\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi­­­on\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D}-
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersio­n\Run]
    "SysDir"=-

    Enregistre ce fichier sous le nom CFscript (attention aux minuscules et majuscules)

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Remets aussi un rapport Hijackthis

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
    0