Possible Keylogger
- a1cbecker
- Born
- Inscription: Juil 01, 2009
- Messages: 1
- Status: Offline
Juillet 1st, 2009, 3:25 pm
Logfile de Trend Micro HijackThis v2.0.2
Scan sauvé à 5:21:12 PM, le 7.1.2009
Plate-forme: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C: \ Program Files (x86) \ Webroot \ WebrootSecurity \ SpySweeperUI.exe
C: \ Program Files (x86) \ Mozilla Firefox \ firefox.exe
C: \ Program Files (x86) \ Common Files \ Adobe \ Updater6 \ Adobe_Updater.exe
C: \ Program Files (x86) \ Trend Micro \ HijackThis \ HijackThis. exe
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b= ... 7805u&c=BB
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.worldofwarcraft.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b= ... 7805u&c=BB
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main , Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://homepage.gateway.com/rdr.aspx?b= ... 7805u&c=BB
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Local Page = C: \ Windows \ SysWow64 \ blank.htm
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
F2 - REG: system.ini: userinit = Userinit. exe
O1 - Hosts::: 1 localhost
O2 - BHO: (no name) - MRI_DISABLED - (no file)
O2 - BHO: AskBar BHO - (201f27d4-3704-41d6-89c1-aa35e39143ed) - C: \ Program Files (x86) \ AskBarDis \ bar \ bin \ askBar.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ Program Files (x86) \ Spybot - Search & Destroy \ SDHelper.dll
O3 - Toolbar: Ask Toolbar - (3041d03e-fd4b-44e0-b742-2d9b88305f98) - C: \ Program Files (x86) \ AskBarDis \ bar \ bin \ askBar.dll
O4 - HKLM \ .. \ Run: [SpySweeper] "C: \ Program Files (x86) \ Webroot \ WebrootSecurity \ SpySweeperUI.exe" / startintray
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Program Files (x86) \ Windows Media Player \ wmpnscfg.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User SERVICE LOCAL)
O4 - HKUS \ S-1-5-19 \ .. \ Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll, ShowWelcomeCenter (User SERVICE LOCAL)
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User service réseau)
O8 - Extra du menu contextuel: E & xporter vers Microsoft Excel -- res://C : \ PROGRA ~ 2 \ MICROS ~ 2 \ Office12 \ EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 2 \ MICROS ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra "Outils" menuitem: S & end à OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 2 \ MICROS ~ 2 \ Office12 \ ONBttnIE. dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 2 \ MICROS ~ 2 \ Office12 \ REFIEBAR.DLL
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ Program Files (x86) \ Spybot - Search & Destroy \ SDHelper.dll
O9 - Extra "Outils" menuitem: Spybot - Search & & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ Program Files (x86) \ Spybot - Search & Destroy \ SDHelper. dll
O13 - Gopher Prefix:
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C: \ Windows \ System32 \ alg.exe (file missing)
O23 - Service: ASKService - Unknown owner - C: \ Program Files (x86) \ AskBarDis \ bar \ bin \ AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C: \ Program Files (x86) \ AskBarDis \ bar \ bin \ ASKUpgrade.exe
O23 - Service: Service d'Etat ASP.NET (aspnet_state) - Unknown owner - (no file)
O23 - Service: @ dfsrres. dll, -101 (DFSR) - Unknown owner - C: \ Windows \ system32 \ DFSR.exe (file missing)
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C: \ Program Files \ GATEWAY \ Gateway Recovery Management \ Service \ ETService.exe
O23 - Service: Intel ® PROSet / Wireless Event Log (EvtEng) - Intel (R) Corporation - C: \ Program Files \ Intel \ WiFi \ bin \ EvtEng. exe
O23 - Service: Intel (R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C: \ Program Files (x86) \ Intel \ Intel Matrix Storage Manager \ IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files (x86) \ Common Files \ InstallShield \ Driver \ 1050 \ Intel 32 \ IDriverT.exe
O23 - Service: @ keyiso.dll, -100 (KeyIso) - Unknown owner - C: \ Windows \ system32 \ lsass.exe (file missing)
O23 - Service: @ comres. dll, -2797 (MSDTC) - Unknown owner - C: \ Windows \ System32 \ msdtc.exe (file missing)
O23 - Service: @% SystemRoot% \ System32 \ Netlogon.dll, -102 (Netlogon) - Unknown owner - C: \ Windows \ system32 \ lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C: \ Windows \ system32 \ nvvsvc.exe (file missing)
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C: \ Program Files (x86) \ O2Micro Flash Memory Card Driver \ o2flash. exe
O23 - Service: @% systemroot% \ system32 \ psbase.dll, -300 (ProtectedStorage) - Unknown owner - C: \ Windows \ system32 \ lsass.exe (file missing)
O23 - Service: Intel ® PROSet / Wireless Registry Service (RegSrvc) - Intel (R) Corporation - C: \ Program Files \ Common Files \ Intel \ WirelessCommon \ RegSrvc. exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - (no file)
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C: \ Windows \ system32 \ locator.exe (file missing)
O23 - Service: @% SystemRoot% \ system32 \ Samsrv.dll, -1 (SamSs) - Unknown owner - C: \ Windows \ system32 \ lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd - C: \ Program Files (x86) \ Spybot - Search & Destroy \ SDWinSec.exe
O23 - Service: @% SystemRoot% \ system32 \ SLsvc.exe, -101 (slsvc) - Unknown owner - C: \ Windows \ system32 \ SLsvc.exe (file missing)
O23 - Service: @% SystemRoot% \ system32 \ snmptrap.exe, -3 (SNMPTRAP) - Unknown owner - C: \ Windows \ System32 \ snmptrap.exe (file missing)
O23 - Service: @% systemroot% \ system32 \ spoolsv.exe, -1 (Spooler) - Unknown owner - C: \ Windows \ System32 \ spoolsv. exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C: \ Program Files (x86) \ Common Files \ Steam \ SteamService.exe
O23 - Service: @% SystemRoot% \ system32 \ ui0detect.exe, -101 (UI0Detect) - Unknown owner - C: \ Windows \ system32 \ UI0Detect.exe (file missing)
O23 - Service: @% SystemRoot% \ system32 \ vds.exe, -100 (vds) - Unknown owner - C: \ Windows \ System32 \ vds.exe (file missing)
O23 - Service: @% systemroot% \ system32 \ vssvc. exe, -102 (VSS) - Unknown owner - C: \ Windows \ system32 \ vssvc.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc ( http://www.webroot.com ) - C: \ Program Files (x86) \ Webroot \ WebrootSecurity \ spysweeper.exe
O23 - Service: @% Systemroot% \ system32 \ wbem \ wmiapsrv.exe, -110 (wmiApSrv) - Unknown owner - C: \ Windows \ system32 \ wbem \ WmiApSrv. exe (file missing)
O23 - Service: @% ProgramFiles% \ Windows Media Player \ wmpnetwk.exe, -101 (WMPNetworkSvc) - Unknown owner - C: \ Program Files (x86) \ Windows Media Player \ wmpnetwk.exe (file missing)
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc - C: \ Program Files (x86) \ Webroot \ WebrootSecurity \ WRConsumerService.exe
O23 - Service: XAudioService - Unknown owner - C: \ Windows \ system32 \ drivers \ xaudio64. exe (file missing)
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)
--
Fin de file - 7813 bytes
Salut tous, de se sentir comme je mai ont un keylogger. Des idées?
Scan sauvé à 5:21:12 PM, le 7.1.2009
Plate-forme: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C: \ Program Files (x86) \ Webroot \ WebrootSecurity \ SpySweeperUI.exe
C: \ Program Files (x86) \ Mozilla Firefox \ firefox.exe
C: \ Program Files (x86) \ Common Files \ Adobe \ Updater6 \ Adobe_Updater.exe
C: \ Program Files (x86) \ Trend Micro \ HijackThis \ HijackThis. exe
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b= ... 7805u&c=BB
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.worldofwarcraft.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b= ... 7805u&c=BB
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main , Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://homepage.gateway.com/rdr.aspx?b= ... 7805u&c=BB
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Local Page = C: \ Windows \ SysWow64 \ blank.htm
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
F2 - REG: system.ini: userinit = Userinit. exe
O1 - Hosts::: 1 localhost
O2 - BHO: (no name) - MRI_DISABLED - (no file)
O2 - BHO: AskBar BHO - (201f27d4-3704-41d6-89c1-aa35e39143ed) - C: \ Program Files (x86) \ AskBarDis \ bar \ bin \ askBar.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ Program Files (x86) \ Spybot - Search & Destroy \ SDHelper.dll
O3 - Toolbar: Ask Toolbar - (3041d03e-fd4b-44e0-b742-2d9b88305f98) - C: \ Program Files (x86) \ AskBarDis \ bar \ bin \ askBar.dll
O4 - HKLM \ .. \ Run: [SpySweeper] "C: \ Program Files (x86) \ Webroot \ WebrootSecurity \ SpySweeperUI.exe" / startintray
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Program Files (x86) \ Windows Media Player \ wmpnscfg.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User SERVICE LOCAL)
O4 - HKUS \ S-1-5-19 \ .. \ Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll, ShowWelcomeCenter (User SERVICE LOCAL)
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User service réseau)
O8 - Extra du menu contextuel: E & xporter vers Microsoft Excel -- res://C : \ PROGRA ~ 2 \ MICROS ~ 2 \ Office12 \ EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 2 \ MICROS ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra "Outils" menuitem: S & end à OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 2 \ MICROS ~ 2 \ Office12 \ ONBttnIE. dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 2 \ MICROS ~ 2 \ Office12 \ REFIEBAR.DLL
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ Program Files (x86) \ Spybot - Search & Destroy \ SDHelper.dll
O9 - Extra "Outils" menuitem: Spybot - Search & & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ Program Files (x86) \ Spybot - Search & Destroy \ SDHelper. dll
O13 - Gopher Prefix:
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C: \ Windows \ System32 \ alg.exe (file missing)
O23 - Service: ASKService - Unknown owner - C: \ Program Files (x86) \ AskBarDis \ bar \ bin \ AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C: \ Program Files (x86) \ AskBarDis \ bar \ bin \ ASKUpgrade.exe
O23 - Service: Service d'Etat ASP.NET (aspnet_state) - Unknown owner - (no file)
O23 - Service: @ dfsrres. dll, -101 (DFSR) - Unknown owner - C: \ Windows \ system32 \ DFSR.exe (file missing)
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C: \ Program Files \ GATEWAY \ Gateway Recovery Management \ Service \ ETService.exe
O23 - Service: Intel ® PROSet / Wireless Event Log (EvtEng) - Intel (R) Corporation - C: \ Program Files \ Intel \ WiFi \ bin \ EvtEng. exe
O23 - Service: Intel (R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C: \ Program Files (x86) \ Intel \ Intel Matrix Storage Manager \ IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files (x86) \ Common Files \ InstallShield \ Driver \ 1050 \ Intel 32 \ IDriverT.exe
O23 - Service: @ keyiso.dll, -100 (KeyIso) - Unknown owner - C: \ Windows \ system32 \ lsass.exe (file missing)
O23 - Service: @ comres. dll, -2797 (MSDTC) - Unknown owner - C: \ Windows \ System32 \ msdtc.exe (file missing)
O23 - Service: @% SystemRoot% \ System32 \ Netlogon.dll, -102 (Netlogon) - Unknown owner - C: \ Windows \ system32 \ lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C: \ Windows \ system32 \ nvvsvc.exe (file missing)
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C: \ Program Files (x86) \ O2Micro Flash Memory Card Driver \ o2flash. exe
O23 - Service: @% systemroot% \ system32 \ psbase.dll, -300 (ProtectedStorage) - Unknown owner - C: \ Windows \ system32 \ lsass.exe (file missing)
O23 - Service: Intel ® PROSet / Wireless Registry Service (RegSrvc) - Intel (R) Corporation - C: \ Program Files \ Common Files \ Intel \ WirelessCommon \ RegSrvc. exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - (no file)
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C: \ Windows \ system32 \ locator.exe (file missing)
O23 - Service: @% SystemRoot% \ system32 \ Samsrv.dll, -1 (SamSs) - Unknown owner - C: \ Windows \ system32 \ lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd - C: \ Program Files (x86) \ Spybot - Search & Destroy \ SDWinSec.exe
O23 - Service: @% SystemRoot% \ system32 \ SLsvc.exe, -101 (slsvc) - Unknown owner - C: \ Windows \ system32 \ SLsvc.exe (file missing)
O23 - Service: @% SystemRoot% \ system32 \ snmptrap.exe, -3 (SNMPTRAP) - Unknown owner - C: \ Windows \ System32 \ snmptrap.exe (file missing)
O23 - Service: @% systemroot% \ system32 \ spoolsv.exe, -1 (Spooler) - Unknown owner - C: \ Windows \ System32 \ spoolsv. exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C: \ Program Files (x86) \ Common Files \ Steam \ SteamService.exe
O23 - Service: @% SystemRoot% \ system32 \ ui0detect.exe, -101 (UI0Detect) - Unknown owner - C: \ Windows \ system32 \ UI0Detect.exe (file missing)
O23 - Service: @% SystemRoot% \ system32 \ vds.exe, -100 (vds) - Unknown owner - C: \ Windows \ System32 \ vds.exe (file missing)
O23 - Service: @% systemroot% \ system32 \ vssvc. exe, -102 (VSS) - Unknown owner - C: \ Windows \ system32 \ vssvc.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc ( http://www.webroot.com ) - C: \ Program Files (x86) \ Webroot \ WebrootSecurity \ spysweeper.exe
O23 - Service: @% Systemroot% \ system32 \ wbem \ wmiapsrv.exe, -110 (wmiApSrv) - Unknown owner - C: \ Windows \ system32 \ wbem \ WmiApSrv. exe (file missing)
O23 - Service: @% ProgramFiles% \ Windows Media Player \ wmpnetwk.exe, -101 (WMPNetworkSvc) - Unknown owner - C: \ Program Files (x86) \ Windows Media Player \ wmpnetwk.exe (file missing)
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc - C: \ Program Files (x86) \ Webroot \ WebrootSecurity \ WRConsumerService.exe
O23 - Service: XAudioService - Unknown owner - C: \ Windows \ system32 \ drivers \ xaudio64. exe (file missing)
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)
--
Fin de file - 7813 bytes
Salut tous, de se sentir comme je mai ont un keylogger. Des idées?
- Anonymous
- Bot
- Inscription: 25 Feb 2008
- Messages: ?
- Loc: Ozzuland
- Status: Online
Juillet 1st, 2009, 3:25 pm
- Samurai-Hacker
- Born
- Inscription: Juil 01, 2009
- Messages: 4
- Status: Offline
Juillet 1st, 2009, 6:27 pm
C: \ Program Files (x86) \ Mozilla Firefox \ firefox.exe
voir si votre firefox est sur ou pas si votre firefox est désactivé et que vous recevez, cela signifie que son utilisation du nom de firefox.exe
cos i avoir un serveur qui utilise le piratage ou iexplorer.exe firefox.exe nom
voir si votre firefox est sur ou pas si votre firefox est désactivé et que vous recevez, cela signifie que son utilisation du nom de firefox.exe
cos i avoir un serveur qui utilise le piratage ou iexplorer.exe firefox.exe nom
Page 1 sur 1
Pour répondre à ce sujet, vous devez vous connecter ou vous enregistrer. Il est gratuit.
Afficher de l'information
- Total des messages de ce sujet: 2 messages
- Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 125 invités
- Vous ne pouvez pas poster de nouveaux sujets
- Vous ne pouvez pas répondre aux sujets
- Vous ne pouvez pas éditer vos messages
- Vous ne pouvez pas supprimer vos messages
- Vous ne pouvez pas joindre des fichiers
