Retour à Forum Microsoft Windows

WoW compte piraté, keylogger? Log HJT

  • unpossible
  • Born
  • Born
  • No Avatar
  • Inscription: Oct 23, 2008
  • Messages: 2
  • Status: Offline

Message Octobre 23rd, 2008, 7:47 pm

Aujourd'hui, mon compte de World of Warcraft a été piraté, puis interdit. Im pensée un keylogger a été impliqué. Je DLD HJT (ce qui est assez nouveau et il ne l'avait pas encore). Le journal est ci-dessous. Je me demande si quelqu'un peut m'aider à déchiffrer le log et m'aider. Également un problème à trouver des spyware / adware / malware / keylogger programmes de scan de mon ordinateur, avec, comme jaimerais avoir de multiples programmes...mais j'utilise Vista 64-bit et Im avoir de la difficulté à trouver des programmes compatibles. Id à utiliser Kaspersky, mais je n'ai pas l'argent supplémentaire atm pour l'acheter. Search and Destroy n'aime pas mon Vista, mais j'ai un programme appelé Avast. Ive cherché sur Internet pour plus de programmes, mais Im peur de faire un programme qui permet de diffuser en tant que anti-virus, mais est en fait l'un déguisé. Quelqu'un peut-il fournir toute l'aide?

Merci d'avance pour votre temps

HJT:

Logfile de HijackThis v1.99. 1
Scan sauvé à 7:37:20 PM, le 10.23.2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C: \ Program Files (x86) \ Linksys EasyLink Advisor \ LinksysAgent.exe
C: \ Program Files (x86) \ Electronic Arts \ EADM \ Core.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashDisp.exe
C: \ Program Files (x86) \ Fichiers communs \ Realtime Soft \ RTSHookInterop \ x32 \ RTSHookInterop.exe
C: \ Program Files (x86) \ Internet Explorer \ ieuser. exe
C: \ Program Files (x86) \ Internet Explorer \ iexplore.exe
C: \ Program Files (x86) \ HijackThis \ HijackThis. exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search , SearchAssistant =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch =
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
F2 - REG: system.ini: Userinit = userinit.exe
O1 - Hosts::: 1 localhost
O2 - BHO: (no name) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files (x86) \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files (x86) \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [avast!] C: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe
O4 - HKCU \ .. \ Run: [Sidebar] C: \ Program Files \ Windows Sidebar \ sidebar.exe / autorun
O4 - HKCU \ .. \ Run: [EasyLinkAdvisor] "C: \ Program Files (x86) \ Linksys EasyLink Advisor \ LinksysAgent.exe" / startup
O4 - HKCU \ .. \ Run: [EA Core] C: \ Program Files (x86) \ Electronic Arts \ EADM \ Core. exe-silent
O4 - Global Startup: UltraMon.lnk =?
O10 - Unknown file dans Winsock LSP: c: \ windows \ system32 \ nlaapi.dll
O10 - Unknown file dans Winsock LSP: c: \ windows \ system32 \ napinsp.dll
O10 - Unknown file dans Winsock LSP: c: \ windows \ system32 \ nvlsp.dll
O10 - Unknown file dans Winsock LSP: c: \ windows \ system32 \ nvlsp.dll
O10 - Unknown file dans Winsock LSP: c: \ windows \ system32 \ nvlsp.dll
O10 - Unknown file dans Winsock LSP: c: \ windows \ system32 \ nvlsp. dll
O11 - Options group: [INTERNATIONAL] International *
O13 - Gopher Prefix:
O16 - DPF: (48DD0448-9209-4F81-9F6D-D83562940134) (MySpace Uploader Control) -- http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: (4F1E5B1A-2A80-42CA-8532-2D05CB959537) (MSN Photo Upload Tool) -- http://gfx1.hotmail.com/mail/w3/pr01/re ... den-us.cab
O23 - Service: @% SystemRoot% \ system32 \ alg.exe, -112 (ALG) - Unknown owner - C: \ Windows \ System32 \ alg.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ aswupdsv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C: \ Program Files \ Alwil Software \ Avast4 \ ashmaisv.exe "/ service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv. exe "/ service (file missing)
O23 - Service: @ dfsrres.dll, -101 (DFSR) - Unknown owner - C: \ Windows \ system32 \ DFSR.exe (file missing)
O23 - Service: @% SystemRoot% \ ehome \ ehstart.dll, -101 (ehstart) - Unknown owner -% windir% \ system32 \ svchost.exe (file missing)
O23 - Service: @% systemroot% \ system32 \ fxsresm.dll, -118 (Fax) - Unknown owner - C: \ Windows \ system32 \ fxssvc. exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C: \ Program Files \ NVIDIA Corporation \ NetworkAccessManager \ bin32 \ nSvcAppFlt.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files (x86) \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: @ keyiso.dll, -100 (KeyIso) - Unknown owner - C \ Windows \ system32 \ lsass.exe (file missing)
O23 - Service: @ comres. dll, -2797 (MSDTC) - Unknown owner - C: \ Windows \ System32 \ msdtc.exe (file missing)
O23 - Service: @% SystemRoot% \ System32 \ Netlogon.dll, -102 (Netlogon) - Unknown owner - C: \ Windows \ system32 \ lsass.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C: \ Program Files \ NVIDIA Corporation \ NetworkAccessManager \ bin32 \ nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C: \ Windows \ system32 \ nvvsvc. exe (file missing)
O23 - Service: @% systemroot% \ system32 \ psbase.dll, -300 (ProtectedStorage) - Unknown owner - C: \ Windows \ system32 \ lsass.exe (file missing)
O23 - Service: @% SystemRoot% \ system32 \ qwave.dll, -1 (QWAVE) - Unknown owner -% windir% \ system32 \ svchost.exe (file missing)
O23 - Service: @% systemroot% \ system32 \ Locator.exe, -2 (RpcLocator) - Unknown owner - C: \ Windows \ system32 \ locator.exe (file missing)
O23 - Service: @% SystemRoot% \ system32 \ samsrv. dll, -1 (SamSs) - Unknown owner - C: \ Windows \ system32 \ lsass.exe (file missing)
O23 - Service: @% SystemRoot% \ system32 \ seclogon.dll, -7001 (seclogon) - Unknown owner -% windir% \ system32 \ svchost.exe (file missing)
O23 - Service: @% SystemRoot% \ system32 \ SLsvc.exe, -101 (slsvc) - Unknown owner - C: \ Windows \ system32 \ SLsvc.exe (file missing)
O23 - Service: @% SystemRoot% \ system32 \ snmptrap.exe, -3 (SNMPTRAP) - Unknown owner - C: \ Windows \ System32 \ SNMPTRAP. exe (file missing)
O23 - Service: @% systemroot% \ system32 \ spoolsv.exe, -1 (Spooler) - Unknown owner - C: \ Windows \ System32 \ spoolsv.exe (file missing)
O23 - Service: @% SystemRoot% \ system32 \ ui0detect.exe, -101 (UI0Detect) - Unknown owner - C: \ Windows \ system32 \ UI0Detect.exe (file missing)
O23 - Service: @% SystemRoot% \ system32 \ vds.exe, -100 (vds) - Unknown owner - C: \ Windows \ System32 \ vds.exe (file missing)
O23 - Service: @% systemroot% \ system32 \ vssvc. exe, -102 (VSS) - Unknown owner - C: \ Windows \ system32 \ vssvc.exe (file missing)
O23 - Service: @% systemroot% \ system32 \ wbengine.exe, -104 (wbengine) - Unknown owner - C: \ Windows \ system32 \ wbengine.exe (file missing)
O23 - Service: @% Systemroot% \ system32 \ wbem \ wmiapsrv.exe, -110 (wmiApSrv) - Unknown owner - C: \ Windows \ system32 \ wbem \ WmiApSrv.exe (file missing)
O23 - Service: @% ProgramFiles% \ Windows Media Player \ wmpnetwk. exe, -101 (WMPNetworkSvc) - Unknown owner -% ProgramFiles% \ Windows Media Player \ wmpnetwk.exe (file missing)
  • Anonymous
  • Bot
  • No Avatar
  • Inscription: 25 Feb 2008
  • Messages: ?
  • Loc: Ozzuland
  • Status: Online

Message Octobre 23rd, 2008, 7:47 pm

  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • Avatar de l’utilisateur
  • Inscription: Mai 28, 2003
  • Messages: 23404
  • Loc: Woodbridge VA
  • Status: Offline

Message Octobre 23rd, 2008, 8:28 pm

Mise à jour de votre HJT 2.0.2 à télécharger et repost
http://www.download.com/Trend-Micro-Hij ... 27353.html

1.99 ne reconnaît pas vista
"There's no place like 127.0.0.1 except for ::1."
Alexandria Networks. Leader in IT consulting for associations/non-profits, and small to medium sized businesses around the northern Virginia and Washington D.C. metro area.
  • unpossible
  • Born
  • Born
  • No Avatar
  • Inscription: Oct 23, 2008
  • Messages: 2
  • Status: Offline

Message Octobre 23rd, 2008, 8:50 pm

Nous vous remercions de signaler que, sur! Aussi, Ive a finalement réussi à Ad-Aware sur l'ordinateur et de supprimer certaines choses après un scan, mais surtout juste cookies. D'autres programmes sont encore à trouver quoi que ce soit.

HJT Log - hacké des comptes privés, à la recherche d'un keylogger

Logfile de Trend Micro HijackThis v2.0.2
Scan sauvé à 8:48:07 PM, le 10.23.2008
Plate-forme: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001. 18000)
Boot mode: Normal

Running processes:
C: \ Program Files (x86) \ Linksys EasyLink Advisor \ LinksysAgent.exe
C: \ Program Files (x86) \ Electronic Arts \ EADM \ Core.exe
C: \ Program Files (x86) \ Internet Explorer \ ieuser.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashDisp.exe
C: \ Program Files (x86) \ Internet Explorer \ iexplore.exe
C: \ Program Files (x86) \ Fichiers communs \ Realtime Soft \ RTSHookInterop \ x32 \ RTSHookInterop.exe
C: \ Windows \ SysWow64 \ Macromed \ Flash \ FlashUtil9f. exe
C: \ Program Files (x86) \ Trend Micro \ HijackThis \ HijackThis. exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search , SearchAssistant =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch =
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
F2 - REG: system.ini: Userinit = userinit.exe
O1 - Hosts::: 1 localhost
O2 - BHO: (no name) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files (x86) \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files (x86) \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [avast!] C: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe
O4 - HKCU \ .. \ Run: [Sidebar] C: \ Program Files \ Windows Sidebar \ sidebar.exe / autorun
O4 - HKCU \ .. \ Run: [EasyLinkAdvisor] "C: \ Program Files (x86) \ Linksys EasyLink Advisor \ LinksysAgent.exe" / startup
O4 - HKCU \ .. \ Run: [EA Core] C: \ Program Files (x86) \ Electronic Arts \ EADM \ Core. exe-silent
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User LOCAL SERVICE)
O4 - HKUS \ S-1-5-19 \ .. \ Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll, ShowWelcomeCenter (User LOCAL SERVICE)
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User service réseau)
O4 - Global Startup: UltraMon.lnk =?
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files (x86) \ Java \ jre1.5.0_03 \ bin \ npjpi150_03.dll
O9 - Extra "Outils" menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files (x86) \ Java \ jre1.5.0_03 \ bin \ npjpi150_03.dll
O10 - Unknown file dans Winsock LSP: c: \ windows \ system32 \ nvlsp.dll
O10 - Unknown file dans Winsock LSP: c: \ windows \ system32 \ nvlsp.dll
O10 - Unknown file dans Winsock LSP: c: \ windows \ system32 \ nvlsp. dll
O10 - Unknown file dans Winsock LSP: c: \ windows \ system32 \ nvlsp.dll
O13 - Gopher Prefix:
O16 - DPF: (48DD0448-9209-4F81-9F6D-D83562940134) (MySpace Uploader Control) -- http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: (4F1E5B1A-2A80-42CA-8532-2D05CB959537) (MSN Photo Upload Tool) -- http://gfx1.hotmail.com/mail/w3/pr01/re ... den-us.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C: \ Program Files (x86) \ Lavasoft \ Ad-Aware \ aawservice.exe
O23 - Service: @% SystemRoot% \ system32 \ Alg. exe, -112 (ALG) - Unknown owner - C: \ Windows \ System32 \ alg.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ aswupdsv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashmaisv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe
O23 - Service: @ dfsrres.dll, -101 (DFSR) - Unknown owner - C: \ Windows \ system32 \ DFSR.exe (file missing)
O23 - Service: @% systemroot% \ system32 \ fxsresm.dll, -118 (Fax) - Unknown owner - C: \ Windows \ system32 \ fxssvc.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C: \ Program Files \ NVIDIA Corporation \ NetworkAccessManager \ bin32 \ nSvcAppFlt. exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files (x86) \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: @ keyiso.dll, -100 (KeyIso) - Unknown owner - C: \ Windows \ system32 \ lsass.exe (file missing)
O23 - Service: @ comres.dll, -2797 (MSDTC) - Unknown owner - C: \ Windows \ System32 \ msdtc.exe (file missing)
O23 - Service: @% SystemRoot% \ System32 \ netlogon. dll, -102 (Netlogon) - Unknown owner - C: \ Windows \ system32 \ lsass.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C: \ Program Files \ NVIDIA Corporation \ NetworkAccessManager \ bin32 \ nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C: \ Windows \ system32 \ nvvsvc.exe (file missing)
O23 - Service: @% systemroot% \ system32 \ psbase.dll, -300 (ProtectedStorage) - Unknown owner - C: \ Windows \ system32 \ lsass. exe (file missing)
O23 - Service: @% systemroot% \ system32 \ Locator.exe, -2 (RpcLocator) - Unknown owner - C: \ Windows \ system32 \ locator.exe (file missing)
O23 - Service: @% SystemRoot% \ system32 \ Samsrv.dll, -1 (SamSs) - Unknown owner - C: \ Windows \ system32 \ lsass.exe (file missing)
O23 - Service: @% SystemRoot% \ system32 \ SLsvc.exe, -101 (slsvc) - Unknown owner - C: \ Windows \ system32 \ SLsvc.exe (file missing)
O23 - Service: @% SystemRoot% \ system32 \ SNMPTRAP. exe, -3 (SNMPTRAP) - Unknown owner - C: \ Windows \ System32 \ snmptrap.exe (file missing)
O23 - Service: @% systemroot% \ system32 \ spoolsv.exe, -1 (Spooler) - Unknown owner - C: \ Windows \ System32 \ spoolsv.exe (file missing)
O23 - Service: @% SystemRoot% \ system32 \ ui0detect.exe, -101 (UI0Detect) - Unknown owner - C: \ Windows \ system32 \ UI0Detect.exe (file missing)
O23 - Service: @% SystemRoot% \ system32 \ vds.exe, -100 (vds) - Unknown owner - C: \ Windows \ System32 \ vds. exe (file missing)
O23 - Service: @% systemroot% \ system32 \ vssvc.exe, -102 (VSS) - Unknown owner - C: \ Windows \ system32 \ vssvc.exe (file missing)
O23 - Service: @% systemroot% \ system32 \ wbengine.exe, -104 (wbengine) - Unknown owner - C: \ Windows \ system32 \ wbengine.exe (file missing)
O23 - Service: @% Systemroot% \ system32 \ wbem \ wmiapsrv.exe, -110 (wmiApSrv) - Unknown owner - C: \ Windows \ system32 \ wbem \ WmiApSrv.exe (file missing)
O23 - Service: @% ProgramFiles% \ Windows Media Player \ wmpnetwk. exe, -101 (WMPNetworkSvc) - Unknown owner - C: \ Program Files (x86) \ Windows Media Player \ wmpnetwk.exe (file missing)

--
Fin de la file - 6990 bytes

Page 1 sur 1

Afficher de l'information

  • Total des messages de ce sujet: 3 messages
  • Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 103 invités
  • Vous ne pouvez pas poster de nouveaux sujets
  • Vous ne pouvez pas répondre aux sujets
  • Vous ne pouvez pas éditer vos messages
  • Vous ne pouvez pas supprimer vos messages
  • Vous ne pouvez pas joindre des fichiers
 
 

© 2011 Unmelted, LLC. Ozzu® est une marque déposée de Unmelted, LLC