Soupçonner un keylogger besoin d'aide
- mgibson2244
- Born
- Inscription: Jan 04, 2010
- Messages: 2
- Status: Offline
Janvier 4th, 2010, 12:25 pm
Revenez après mes vacances et un compte de la mienne a été piraté si quelqu'un peut-il s'il vous plaît vérifier et voir si clean im ou non
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:07:21, le 04/01/2010
Plate-forme: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18349)
Boot mode: Normal
Running processes:
C: \ Program Files (x86) \ Norton Internet Security \ Engine \ 16.7.2.11 \ ccSvcHst. exe
C: \ Program Files (x86) \ Google \ GoogleToolbarNotifier \ GoogleToolbarNotifier.exe
C: \ Program Files (x86) \ Windows Live \ Messenger \ msnmsgr.exe
C: \ Program Files (x86) \ NewTech Infosystems \ NTI Backup Now 5 \ BkupTray.exe
C: \ Program Files (x86) \ Mozilla Firefox \ firefox.exe
C: \ Program Files (x86) \ Trend Micro \ HijackThis \ HijackThis.exe
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Local = http://homepage.acer .) com / rdr.aspx? b = ACAW & l = 0809 & s = 1 & o = VP64 & d = 1006 & m = aspire_x3200
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft .) com / fwlink /? LinkId = 54896
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google .) co.) UK /
- R1 HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Local = http://homepage.acer .) com / rdr.aspx? b = ACAW & l = 0809 & s = 1 & o = VP64 & d = 1006 & m = aspire_x3200
- R1 HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft .) com / fwlink /? LinkId = 54896
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft .) com / fwlink /? LinkId = 54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://homepage.acer .) com / rdr.aspx? b = ACAW & l = 0809 & s = 1 & o = VP64 & d = 1006 & m = aspire_x3200
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch =
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
R3 - BHO: (no name) - (0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2) - C: \ Program Files (x86) \ AskSBar \ SrchAstt \ 1.bin \ A2SRCHAS.DLL
F2 - REG: system.ini: UserInit = userinit. exe
- O1 Hosts::: 1 localhost
O2 - BHO: (no name) - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - (no file)
O2 - BHO: Ask Search Assistant BHO - (0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2) - C: \ Program Files (x86) \ AskSBar \ SrchAstt \ 1.bin \ A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files (x86) \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper. dll
O2 - BHO: SPEEDBIT1 - (425E30F0-CCC6-4E24-BBeB-BCBD31720B37) - C: \ Program Files (x86) \ SpeedBit Toolbar \ Toolbar \ SpeedBit.dll
O2 - BHO: (no name) - (5C255C8A-E604-49b4-9D64-90988571CECB) - (no file)
O2 - BHO: Symantec NCO BHO - (602ADB0E-4AFF-4217-8AA1-95DAC4DFA408) - C: \ Program Files (x86) \ Norton Internet Security \ Engine \ 16.7.2.11 \ coIEPlg. dll
O2 - BHO: Symantec Intrusion Prevention - (6D53EC84-6AAE-4787-AEEE-F4628F01010C) - C: \ Program Files (x86) \ Norton Internet Security \ Engine \ 16.7.2.11 \ IPSBHO.DLL
Windows O2 - BHO: Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files (x86) \ Fichiers communs \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - C: \ Program Files (x86) \ Google \ Google Toolbar \ GoogleToolbar_32. dll
O2 - BHO: Google Toolbar Helper - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files (x86) \ Google \ GoogleToolbarNotifier \ 5.4.4525.1752 \ swg.dll
O2 - BHO: Ask Toolbar Helper - (F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA) - C: \ Program Files (x86) \ AskSBar \ bar \ 1.bin \ ASKSBAR.DLL
- O3 Toolbar: Norton Toolbar - (7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA) - C: \ Program Files (x86) \ Norton Internet Security \ Engine \ 16.7.2.11 \ coIEPlg. dll
- O3 Toolbar: SpeedBit - (EBFCD017-BCAD-42C3-9ED5-89DBDFC59171) - C: \ Program Files (x86) \ SpeedBit Toolbar \ Toolbar \ SpeedBit.dll
- O3 Toolbar: Ask Toolbar - (F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA) - C: \ Program Files (x86) \ AskSBar \ bar \ 1.bin \ ASKSBAR.DLL
- O3 Toolbar: barre d'outils Google - (2318C2B1-4965-11d4-9B18-009027A5CD4F) - C: \ Program Files (x86) \ Google \ Google Toolbar \ GoogleToolbar_32.dll
O4 - HKLM \ .. \ Run: [PCMMediaSharing] "C: \ Program Files (x86) \ Acer Arcade Live \ Acer HomeMedia Connect \ Kernel \ DMS \ PCMMediaSharing.exe"
O4 - HKLM \ .. \ Run: [BkupTray] "C: \ Program Files (x86) \ NewTech Infosystems \ NTI Backup Now 5 \ BkupTray.exe"
O4 - HKLM \ .. \ Run: [Trigger New Acer AlaunchX] C: \ Acer \ Preload \ Command \ AlaunchX \ AppInRun.exe
O4 - HKLM \ .. \ Run: [WarReg_PopUp] "C: \ Program Files (x86) \ Acer \ WR_PopUp \ WarReg_PopUp.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files (x86) \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [Nouveau Acer AlaunchX] C: \ Acer \ Preload \ Command \ AlaunchX \ LaunchAlaunchX.exe
O4 - HKCU \ .. \ Run: [Sidebar] C: \ Windows \ ehome \ ehTray.exe
O4 - HKCU \ .. \ Run: [Sidebar] C: \ Program Files (x86) \ Windows Media Player \ TeaTimer.exe
O4 - HKCU \ .. \ Run: [Skype] "C: \ Program Files (x86) \ Google \ GoogleToolbarNotifier \ GoogleToolbarNotifier.exe"
O4 - HKCU \ .. \ Run: [Skype] "C: \ Program Files (x86) \ Windows Live \ Messenger \ msnmsgr.exe" / background
O4 - HKLM \ S-1-5-19 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ CTFMON.EXE (User SERVICE LOCAL)
O4 - HKLM \ S-1-5-19 \ .. \ Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll, ShowWelcomeCenter (User SERVICE LOCAL)
O4 - HKLM \ S-1-5-20 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar. exe / detectMem (User SERVICE RÉSEAU)
O8 - Extra context menu item: E & xporter vers Microsoft Excel -- res://C : \ PROGRA ~ 2 \ MICROS ~ 1 \ Office12 \ EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki...-- res://C : \ Program Files (x86) \ Google \ Google Toolbar \ Component \ GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Envoyer à OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 2 \ MICROS ~ 1 \ Office12 \ ONBttnIE. dll
O9 - Extra "Outils" menuitem: S & end to OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 2 \ MICROS ~ 1 \ Office12 \ ONBttnIE.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 2 \ MICROS ~ 1 \ Office12 \ REFIEBAR.DLL
O10 - fichier inconnu dans Winsock LSP: c: \ windows \ system32 \ nvlsp.dll
O10 - fichier inconnu dans Winsock LSP: c: \ windows \ system32 \ nvlsp.dll
O10 - fichier inconnu dans Winsock LSP: c: \ windows \ system32 \ nvlsp. dll
O10 - fichier inconnu dans Winsock LSP: c: \ windows \ system32 \ nvlsp.dll
O13 - Gopher Prefix:
O16 - DPF: (E2883E8F-472f-4FB0-9522-AC9BF37916A7) -- http://platformdl.adobe .) com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: (F27237D7-93C8-44C2-AC6E-D6057B9A918F) (JuniperSetupClientControl Class) -- https://ive.dmu .) ac. uk) / dana-cached / sc / JuniperSetupClient.cab
O18 - Protocol: symres - (AA1061FE-6C41-421f-9344-69640C9732AB) - C: \ Program Files (x86) \ Norton Internet Security \ Engine \ 16.7.2.11 \ coIEPlg. dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C: \ Program Files (x86) \ Acer Arcade Live \ Acer HomeMedia Connect \ Kernel \ DMS \ CLMSServer.exe
O23 - Service: @% SystemRoot% \ system32 \ alg.exe, -112 (ALG) - ALWIL Software - C: \ Windows \ System32 \ alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc - C: \ Program Files (x86) \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: ASP. ) NET State Service (aspnet_state) - ALWIL Software - C: \ Windows \ Microsoft.) NET \ Framework \ v2.0.50727 \ aspnet_state.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc - C: \ Program Files (x86) \ Bonjour \ mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc - C: \ Program Files (x86) \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc. exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C: \ Program Files (x86) \ Dragon Age \ bin_ship \ DAUpdaterSvc.Service.exe
O23 - Service: @ dfsrres.dll, -101 (DFSR) - ALWIL Software - C: \ Windows \ system32 \ DFSR.exe (file missing)
O23 - Service: Empowering Technology Service (ETService) - ALWIL Software - C: \ Program Files \ Acer \ Empowering Technology \ Service \ ETService. exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - ALWIL Software - C: \ Program Files \ bin32 \ nSvcAppFlt.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google - C: \ Program Files (x86) \ Google \ Update \ googleupdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C: \ Program Files (x86) \ Google \ Common \ Google Updater \ GoogleUpdaterService. exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files (x86) \ Fichiers communs \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files (x86) \ iPod \ bin \ iPodService.exe
O23 - Service: @ keyiso.dll, -100 (KeyIso) - ALWIL Software - C: \ Windows \ system32 \ LSASS. exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C: \ Program Files (x86) \ Common Files \ LightScribe \ LSSrvc.exe
O23 - Service: @ comres.dll, -2797 (MSDTC) - ALWIL Software - C: \ Windows \ System32 \ msdtc.exe (file missing)
O23 - Service: @% SystemRoot% \ System32 \ Netlogon.dll, -102 (Netlogon) - ALWIL Software - C: \ Windows \ system32 \ LSASS. exe (file missing)
O23 - Service: Norton Internet Security - Symantec Corporation - C: \ Program Files (x86) \ Norton Internet Security \ Engine \ 16.7.2.11 \ ccSvcHst.exe
O23 - Service: NProtect GameGuard Service (npggsvc) - ALWIL Software - C: \ Windows \ system32 \ GameMon.des.exe (file missing)
O23 - Service: ForceWare de services IP (nSvcIp) - ALWIL Software - C: \ Program Files \ bin32 \ nsvcip.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc - C: \ Program Files (x86) \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - ALWIL Software - C: \ Program Files (x86) \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - ALWIL Software - C: \ Windows \ system32 \ nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - ALWIL Software - C: \ Windows \ system32 \ PnkBstrA.exe
O23 - Service: @% systemroot% \ system32 \ psbase. dll, -300 (ProtectedStorage) - ALWIL Software - C: \ Windows \ system32 \ lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service (CRVS) (RichVideo) - ALWIL Software - C: \ Program Files (x86) \ CyberLink \ Shared Files \ RichVideo.exe
O23 - Service: @% systemroot% \ system32 \ Locator.exe, -2 (RpcLocator) - ALWIL Software - C: \ Windows \ system32 \ locator.exe (file missing)
O23 - Service: @% SystemRoot% \ system32 \ Samsrv.dll, -1 (SamSs) - ALWIL Software - C: \ Windows \ system32 \ LSASS. exe (file missing)
O23 - Service: @% SystemRoot% \ system32 \ SLsvc.exe, -101 (slsvc) - ALWIL Software - C: \ Windows \ system32 \ SLsvc.exe (file missing)
O23 - Service: @% SystemRoot% \ system32 \ snmptrap.exe, -3 (SNMPTRAP) - ALWIL Software - C: \ Windows \ System32 \ snmptrap.exe (file missing)
O23 - Service: @% systemroot% \ system32 \ spoolsv.exe, -1 (Spooler) - ALWIL Software - C: \ Windows \ System32 \ spoolsv. exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C: \ Program Files (x86) \ Common Files \ Steam \ SteamService.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C: \ Program Files (x86) \ TeamViewer \ Version4 \ TeamViewer_Service.exe
O23 - Service: @% SystemRoot% \ system32 \ ui0detect.exe, -101 (UI0Detect) - ALWIL Software - C: \ Windows \ system32 \ UI0Detect.exe (file missing)
O23 - Service: @% SystemRoot% \ system32 \ VDS. exe, -100 (vds) - ALWIL Software - C: \ Windows \ System32 \ vds.exe (file missing)
O23 - Service: @% systemroot% \ system32 \ Vssvc.exe, -102 (VSS) - ALWIL Software - C: \ Windows \ system32 \ Vssvc.exe (file missing)
O23 - Service: @% SystemRoot% \ System32 \ WBEM \ wmiapsrv.exe, -110 (wmiApSrv) - ALWIL Software - C: \ Windows \ System32 \ WBEM \ wmiapsrv.exe (file missing)
O23 - Service: @% ProgramFiles% \ Windows Media Player \ wmpnetwk. exe, -101 (WMPNetworkSvc) - ALWIL Software - C: \ Program Files (x86) \ Windows Media Player \ wmpnetwk.exe (file missing)
--
End of file - 11771 bytes
Note: Ajout de quelques) en raison d'erreur pour afficher des liens externes
Cheers à l'avance
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:07:21, le 04/01/2010
Plate-forme: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18349)
Boot mode: Normal
Running processes:
C: \ Program Files (x86) \ Norton Internet Security \ Engine \ 16.7.2.11 \ ccSvcHst. exe
C: \ Program Files (x86) \ Google \ GoogleToolbarNotifier \ GoogleToolbarNotifier.exe
C: \ Program Files (x86) \ Windows Live \ Messenger \ msnmsgr.exe
C: \ Program Files (x86) \ NewTech Infosystems \ NTI Backup Now 5 \ BkupTray.exe
C: \ Program Files (x86) \ Mozilla Firefox \ firefox.exe
C: \ Program Files (x86) \ Trend Micro \ HijackThis \ HijackThis.exe
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Local = http://homepage.acer .) com / rdr.aspx? b = ACAW & l = 0809 & s = 1 & o = VP64 & d = 1006 & m = aspire_x3200
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft .) com / fwlink /? LinkId = 54896
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google .) co.) UK /
- R1 HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Local = http://homepage.acer .) com / rdr.aspx? b = ACAW & l = 0809 & s = 1 & o = VP64 & d = 1006 & m = aspire_x3200
- R1 HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft .) com / fwlink /? LinkId = 54896
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft .) com / fwlink /? LinkId = 54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://homepage.acer .) com / rdr.aspx? b = ACAW & l = 0809 & s = 1 & o = VP64 & d = 1006 & m = aspire_x3200
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch =
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
R3 - BHO: (no name) - (0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2) - C: \ Program Files (x86) \ AskSBar \ SrchAstt \ 1.bin \ A2SRCHAS.DLL
F2 - REG: system.ini: UserInit = userinit. exe
- O1 Hosts::: 1 localhost
O2 - BHO: (no name) - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - (no file)
O2 - BHO: Ask Search Assistant BHO - (0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2) - C: \ Program Files (x86) \ AskSBar \ SrchAstt \ 1.bin \ A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files (x86) \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper. dll
O2 - BHO: SPEEDBIT1 - (425E30F0-CCC6-4E24-BBeB-BCBD31720B37) - C: \ Program Files (x86) \ SpeedBit Toolbar \ Toolbar \ SpeedBit.dll
O2 - BHO: (no name) - (5C255C8A-E604-49b4-9D64-90988571CECB) - (no file)
O2 - BHO: Symantec NCO BHO - (602ADB0E-4AFF-4217-8AA1-95DAC4DFA408) - C: \ Program Files (x86) \ Norton Internet Security \ Engine \ 16.7.2.11 \ coIEPlg. dll
O2 - BHO: Symantec Intrusion Prevention - (6D53EC84-6AAE-4787-AEEE-F4628F01010C) - C: \ Program Files (x86) \ Norton Internet Security \ Engine \ 16.7.2.11 \ IPSBHO.DLL
Windows O2 - BHO: Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files (x86) \ Fichiers communs \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - C: \ Program Files (x86) \ Google \ Google Toolbar \ GoogleToolbar_32. dll
O2 - BHO: Google Toolbar Helper - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files (x86) \ Google \ GoogleToolbarNotifier \ 5.4.4525.1752 \ swg.dll
O2 - BHO: Ask Toolbar Helper - (F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA) - C: \ Program Files (x86) \ AskSBar \ bar \ 1.bin \ ASKSBAR.DLL
- O3 Toolbar: Norton Toolbar - (7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA) - C: \ Program Files (x86) \ Norton Internet Security \ Engine \ 16.7.2.11 \ coIEPlg. dll
- O3 Toolbar: SpeedBit - (EBFCD017-BCAD-42C3-9ED5-89DBDFC59171) - C: \ Program Files (x86) \ SpeedBit Toolbar \ Toolbar \ SpeedBit.dll
- O3 Toolbar: Ask Toolbar - (F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA) - C: \ Program Files (x86) \ AskSBar \ bar \ 1.bin \ ASKSBAR.DLL
- O3 Toolbar: barre d'outils Google - (2318C2B1-4965-11d4-9B18-009027A5CD4F) - C: \ Program Files (x86) \ Google \ Google Toolbar \ GoogleToolbar_32.dll
O4 - HKLM \ .. \ Run: [PCMMediaSharing] "C: \ Program Files (x86) \ Acer Arcade Live \ Acer HomeMedia Connect \ Kernel \ DMS \ PCMMediaSharing.exe"
O4 - HKLM \ .. \ Run: [BkupTray] "C: \ Program Files (x86) \ NewTech Infosystems \ NTI Backup Now 5 \ BkupTray.exe"
O4 - HKLM \ .. \ Run: [Trigger New Acer AlaunchX] C: \ Acer \ Preload \ Command \ AlaunchX \ AppInRun.exe
O4 - HKLM \ .. \ Run: [WarReg_PopUp] "C: \ Program Files (x86) \ Acer \ WR_PopUp \ WarReg_PopUp.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files (x86) \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [Nouveau Acer AlaunchX] C: \ Acer \ Preload \ Command \ AlaunchX \ LaunchAlaunchX.exe
O4 - HKCU \ .. \ Run: [Sidebar] C: \ Windows \ ehome \ ehTray.exe
O4 - HKCU \ .. \ Run: [Sidebar] C: \ Program Files (x86) \ Windows Media Player \ TeaTimer.exe
O4 - HKCU \ .. \ Run: [Skype] "C: \ Program Files (x86) \ Google \ GoogleToolbarNotifier \ GoogleToolbarNotifier.exe"
O4 - HKCU \ .. \ Run: [Skype] "C: \ Program Files (x86) \ Windows Live \ Messenger \ msnmsgr.exe" / background
O4 - HKLM \ S-1-5-19 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ CTFMON.EXE (User SERVICE LOCAL)
O4 - HKLM \ S-1-5-19 \ .. \ Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll, ShowWelcomeCenter (User SERVICE LOCAL)
O4 - HKLM \ S-1-5-20 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar. exe / detectMem (User SERVICE RÉSEAU)
O8 - Extra context menu item: E & xporter vers Microsoft Excel -- res://C : \ PROGRA ~ 2 \ MICROS ~ 1 \ Office12 \ EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki...-- res://C : \ Program Files (x86) \ Google \ Google Toolbar \ Component \ GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Envoyer à OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 2 \ MICROS ~ 1 \ Office12 \ ONBttnIE. dll
O9 - Extra "Outils" menuitem: S & end to OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 2 \ MICROS ~ 1 \ Office12 \ ONBttnIE.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 2 \ MICROS ~ 1 \ Office12 \ REFIEBAR.DLL
O10 - fichier inconnu dans Winsock LSP: c: \ windows \ system32 \ nvlsp.dll
O10 - fichier inconnu dans Winsock LSP: c: \ windows \ system32 \ nvlsp.dll
O10 - fichier inconnu dans Winsock LSP: c: \ windows \ system32 \ nvlsp. dll
O10 - fichier inconnu dans Winsock LSP: c: \ windows \ system32 \ nvlsp.dll
O13 - Gopher Prefix:
O16 - DPF: (E2883E8F-472f-4FB0-9522-AC9BF37916A7) -- http://platformdl.adobe .) com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: (F27237D7-93C8-44C2-AC6E-D6057B9A918F) (JuniperSetupClientControl Class) -- https://ive.dmu .) ac. uk) / dana-cached / sc / JuniperSetupClient.cab
O18 - Protocol: symres - (AA1061FE-6C41-421f-9344-69640C9732AB) - C: \ Program Files (x86) \ Norton Internet Security \ Engine \ 16.7.2.11 \ coIEPlg. dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C: \ Program Files (x86) \ Acer Arcade Live \ Acer HomeMedia Connect \ Kernel \ DMS \ CLMSServer.exe
O23 - Service: @% SystemRoot% \ system32 \ alg.exe, -112 (ALG) - ALWIL Software - C: \ Windows \ System32 \ alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc - C: \ Program Files (x86) \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: ASP. ) NET State Service (aspnet_state) - ALWIL Software - C: \ Windows \ Microsoft.) NET \ Framework \ v2.0.50727 \ aspnet_state.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc - C: \ Program Files (x86) \ Bonjour \ mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc - C: \ Program Files (x86) \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc. exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C: \ Program Files (x86) \ Dragon Age \ bin_ship \ DAUpdaterSvc.Service.exe
O23 - Service: @ dfsrres.dll, -101 (DFSR) - ALWIL Software - C: \ Windows \ system32 \ DFSR.exe (file missing)
O23 - Service: Empowering Technology Service (ETService) - ALWIL Software - C: \ Program Files \ Acer \ Empowering Technology \ Service \ ETService. exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - ALWIL Software - C: \ Program Files \ bin32 \ nSvcAppFlt.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google - C: \ Program Files (x86) \ Google \ Update \ googleupdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C: \ Program Files (x86) \ Google \ Common \ Google Updater \ GoogleUpdaterService. exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files (x86) \ Fichiers communs \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files (x86) \ iPod \ bin \ iPodService.exe
O23 - Service: @ keyiso.dll, -100 (KeyIso) - ALWIL Software - C: \ Windows \ system32 \ LSASS. exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C: \ Program Files (x86) \ Common Files \ LightScribe \ LSSrvc.exe
O23 - Service: @ comres.dll, -2797 (MSDTC) - ALWIL Software - C: \ Windows \ System32 \ msdtc.exe (file missing)
O23 - Service: @% SystemRoot% \ System32 \ Netlogon.dll, -102 (Netlogon) - ALWIL Software - C: \ Windows \ system32 \ LSASS. exe (file missing)
O23 - Service: Norton Internet Security - Symantec Corporation - C: \ Program Files (x86) \ Norton Internet Security \ Engine \ 16.7.2.11 \ ccSvcHst.exe
O23 - Service: NProtect GameGuard Service (npggsvc) - ALWIL Software - C: \ Windows \ system32 \ GameMon.des.exe (file missing)
O23 - Service: ForceWare de services IP (nSvcIp) - ALWIL Software - C: \ Program Files \ bin32 \ nsvcip.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc - C: \ Program Files (x86) \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - ALWIL Software - C: \ Program Files (x86) \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - ALWIL Software - C: \ Windows \ system32 \ nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - ALWIL Software - C: \ Windows \ system32 \ PnkBstrA.exe
O23 - Service: @% systemroot% \ system32 \ psbase. dll, -300 (ProtectedStorage) - ALWIL Software - C: \ Windows \ system32 \ lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service (CRVS) (RichVideo) - ALWIL Software - C: \ Program Files (x86) \ CyberLink \ Shared Files \ RichVideo.exe
O23 - Service: @% systemroot% \ system32 \ Locator.exe, -2 (RpcLocator) - ALWIL Software - C: \ Windows \ system32 \ locator.exe (file missing)
O23 - Service: @% SystemRoot% \ system32 \ Samsrv.dll, -1 (SamSs) - ALWIL Software - C: \ Windows \ system32 \ LSASS. exe (file missing)
O23 - Service: @% SystemRoot% \ system32 \ SLsvc.exe, -101 (slsvc) - ALWIL Software - C: \ Windows \ system32 \ SLsvc.exe (file missing)
O23 - Service: @% SystemRoot% \ system32 \ snmptrap.exe, -3 (SNMPTRAP) - ALWIL Software - C: \ Windows \ System32 \ snmptrap.exe (file missing)
O23 - Service: @% systemroot% \ system32 \ spoolsv.exe, -1 (Spooler) - ALWIL Software - C: \ Windows \ System32 \ spoolsv. exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C: \ Program Files (x86) \ Common Files \ Steam \ SteamService.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C: \ Program Files (x86) \ TeamViewer \ Version4 \ TeamViewer_Service.exe
O23 - Service: @% SystemRoot% \ system32 \ ui0detect.exe, -101 (UI0Detect) - ALWIL Software - C: \ Windows \ system32 \ UI0Detect.exe (file missing)
O23 - Service: @% SystemRoot% \ system32 \ VDS. exe, -100 (vds) - ALWIL Software - C: \ Windows \ System32 \ vds.exe (file missing)
O23 - Service: @% systemroot% \ system32 \ Vssvc.exe, -102 (VSS) - ALWIL Software - C: \ Windows \ system32 \ Vssvc.exe (file missing)
O23 - Service: @% SystemRoot% \ System32 \ WBEM \ wmiapsrv.exe, -110 (wmiApSrv) - ALWIL Software - C: \ Windows \ System32 \ WBEM \ wmiapsrv.exe (file missing)
O23 - Service: @% ProgramFiles% \ Windows Media Player \ wmpnetwk. exe, -101 (WMPNetworkSvc) - ALWIL Software - C: \ Program Files (x86) \ Windows Media Player \ wmpnetwk.exe (file missing)
--
End of file - 11771 bytes
Note: Ajout de quelques) en raison d'erreur pour afficher des liens externes
Cheers à l'avance
- Anonymous
- Bot
- Inscription: 25 Feb 2008
- Messages: ?
- Loc: Ozzuland
- Status: Online
Janvier 4th, 2010, 12:25 pm
- Don2007
- Web Master
- Inscription: Nov 21, 2006
- Messages: 4924
- Loc: NY
- Status: Offline
Janvier 4th, 2010, 2:46 pm
J'ai énuméré ce que je pense ne lui appartient pas, mais je vois aussi beaucoup de dommages au système, qui mai ne pas être fixé par Hijack This. userinit.exe est normalement un fichier legit mais n'appartient pas à system.ini.
F2 - REG: system.ini: UserInit = userinit.exe
O2 - BHO: (no name) - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - (no file)
O2 - BHO: (no name) - (5C255C8A-E604-49b4-9D64-90988571CECB) - (no file)
O10 - fichier inconnu dans Winsock LSP: c: \ windows \ system32 \ nvlsp. dll
O10 - fichier inconnu dans Winsock LSP: c: \ windows \ system32 \ nvlsp.dll
O10 - fichier inconnu dans Winsock LSP: c: \ windows \ system32 \ nvlsp.dll
O10 - fichier inconnu dans Winsock LSP: c: \ windows \ system32 \ nvlsp.dll
O16 - DPF: (F27237D7-93C8-44C2-AC6E-D6057B9A918F) (JuniperSetupClientControl Class) -- https://ive.dmu .) ac. uk) / dana-cached / sc / JuniperSetupClient.cab
Whos Juniper? ^ ^
F2 - REG: system.ini: UserInit = userinit.exe
O2 - BHO: (no name) - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - (no file)
O2 - BHO: (no name) - (5C255C8A-E604-49b4-9D64-90988571CECB) - (no file)
O10 - fichier inconnu dans Winsock LSP: c: \ windows \ system32 \ nvlsp. dll
O10 - fichier inconnu dans Winsock LSP: c: \ windows \ system32 \ nvlsp.dll
O10 - fichier inconnu dans Winsock LSP: c: \ windows \ system32 \ nvlsp.dll
O10 - fichier inconnu dans Winsock LSP: c: \ windows \ system32 \ nvlsp.dll
O16 - DPF: (F27237D7-93C8-44C2-AC6E-D6057B9A918F) (JuniperSetupClientControl Class) -- https://ive.dmu .) ac. uk) / dana-cached / sc / JuniperSetupClient.cab
Whos Juniper? ^ ^
How do you know when a politician is lying? His mouth is moving.
- mgibson2244
- Born
- Inscription: Jan 04, 2010
- Messages: 2
- Status: Offline
Janvier 5th, 2010, 2:17 am
Je pense que le genévrier mis en place est un Progarm mon frère utilise pour accéder à du travail universitaire à la maison donc je pense que ses jolis inoffensifs. Je ne le O10 - fichier inconnu dans Winsock LSP: c: \ windows \ system32 \ nvlsp.dll est un pilote nvidia cassé, mais ne posera pas de problèmes. Mais suis-je nettoyer les keyloggers? thats parce que ma principale préoccupation à la minute
- Don2007
- Web Master
- Inscription: Nov 21, 2006
- Messages: 4924
- Loc: NY
- Status: Offline
Janvier 5th, 2010, 10:08 am
Je ne vois pas un keylogger mais je voudrais quand même télécharger, mettre à jour et courez la lutte contre les logiciels malveillants de malwarebytes.org
Je voudrais également exécuter netstat-an depuis une invite de commande juste après le redémarrage de chercher des connexions indésirables.
Je voudrais également exécuter netstat-an depuis une invite de commande juste après le redémarrage de chercher des connexions indésirables.
How do you know when a politician is lying? His mouth is moving.
Page 1 sur 1
Pour répondre à ce sujet, vous devez vous connecter ou vous enregistrer. Il est gratuit.
Afficher de l'information
- Total des messages de ce sujet: 4 messages
- Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 124 invités
- Vous ne pouvez pas poster de nouveaux sujets
- Vous ne pouvez pas répondre aux sujets
- Vous ne pouvez pas éditer vos messages
- Vous ne pouvez pas supprimer vos messages
- Vous ne pouvez pas joindre des fichiers
