iwanttotellyu

bonjour, j ai essayer d'analyser complètement un log hijackthis pour une copine portugaise, dont l enfant de 6 ans a accepter un ficher par msn, provenant de son oncle ... et j'aimerais avoir votre avis sur certains points. toutes les recherches de clé on été faites sur file.com les exe et le reste sur google et processlibrary.com j ai annoté en début de ligne par ok ok ???? hmmm ??!!?? ça pue !!!!! a supprimer Malheureusement je n ais pas pu avoir le log en mode sans échec je l aurais ce soir le fameux log : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 0:54:45, on 25-03-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: ok C:\WINDOWS\System32\smss.exe ok C:\WINDOWS\system32\winlogon.exe ok C:\WINDOWS\system32\services.exe ok C:\WINDOWS\system32\lsass.exe ok C:\WINDOWS\system32\svchost.exe ok C:\WINDOWS\System32\svchost.exe ok C:\Programas\Alwil Software\Avast4\aswUpdSv.exe ok C:\Programas\Alwil Software\Avast4\ashServ.exe ok C:\WINDOWS\Explorer.EXE ok C:\WINDOWS\system32\spoolsv.exe ok C:\Programas\HP\HP Software Update\HPwuSchd2.exe ok C:\WINDOWS\VM_STI.EXE ok C:\HP\KBD\KBD.EXE ok C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe ok C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe ok C:\Programas\Java\jre1.5.0_09\bin\jusched.exe !!!!! C:\WINDOWS\system32\msnstartup.exe ok C:\WINDOWS\system32\rundll32.exe ok C:\Programas\Messenger\msmsgs.exe ok C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ok C:\WINDOWS\system32\ctfmon.exe ok C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe ok C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe ok C:\Programas\Ficheiros comuns\Microsoft Shared\Works Shared\WkCalRem.exe ok C:\Programas\Ficheiros comuns\Teleca Shared\Generic.exe ok C:\WINDOWS\system32\nvsvc32.exe ok c:\Programas\HP\Digital Imaging\bin\hpqSTE08.exe ok C:\WINDOWS\system32\svchost.exe ok C:\Programas\Alwil Software\Avast4\ashMaiSv.exe ok C:\WINDOWS\ALCXMNTR.EXE ok c:\windows\system\hpsysdrv.exe ok C:\Programas\Ficheiros comuns\InstallShield\UpdateService\issch.exe !!!!!! C:\Programas\Windows Live\installer\WLSetupSvc.exe ok C:\Programas\Java\jre1.5.0_09\bin\jucheck.exe ok C:\Programas\Windows Live\Messenger\msnmsgr.exe ok C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe ok C:\Programas\Windows Live\Messenger\usnsvc.exe ok C:\Programas\Internet Explorer\iexplore.exe ok C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe ok C:\Programas\Alwil Software\Avast4\ashSimpl.exe ok C:\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações !!??!! R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programas\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing) ok R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Programas\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL ok O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll ok O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Programas\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL !!!! O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programas\Windows Live\Proteção para a Família\fssbho.dll ok O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll ok O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_09\bin\ssv.dll !!!!! O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) ok O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll ??ok?? O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar4.dll ok O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll ok O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\Windows Live Toolbar\msntb.dll ! ok ! O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Programas\AskPBar\bar\1.bin\ASKPBAR.DLL ??!! mauvaise clé ?? O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar4.dll !!!! O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Programas\AskPBar\bar\1.bin\ASKPBAR.DLL !!mauvaise clé!! O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\Windows Live Toolbar\msntb.dll ok O4 - HKLM\..\Run: [HPHUPD08] c:\Programas\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe ok O4 - HKLM\..\Run: [HPBootOp] "C:\Programas\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run ok O4 - HKLM\..\Run: [HP Software Update] C:\Programas\HP\HP Software Update\HPwuSchd2.exe ok O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera ok O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE ok O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot ok O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe ok O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup ok O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.5.0_09\bin\jusched.exe" ok O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime ok O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHEI~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup ? ok ? O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect ok O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions !!!!! O4 - HKLM\..\Run: [Msn Startup] msnstartup.exe !!!!! O4 - HKLM\..\Run: [fssui] "C:\Programas\Windows Live\Proteção para a Família\fssui.exe" -autorun ok O4 - HKCU\..\Run: [bitTorrent] "C:\Programas\BitTorrent\bittorrent.exe" --force_start_minimized ok O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background ok O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet ok O4 - HKCU\..\Run: [swg] C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ok O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe ok O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL') ok O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede') ok O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') ok O4 - Startup: Adobe Gamma.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe !!!!! O4 - Startup: IMVU.lnk = C:\Programas\IMVU\IMVUClient.exe !!!!! O4 - Startup: wkcalrem.LNK = C:\Programas\Ficheiros comuns\Microsoft Shared\Works Shared\WkCalRem.exe ok O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxdm824YYPT ? ok ? O8 - Extra context menu item: &Windows Live Search - res://C:\Programas\Windows Live Toolbar\msntb.dll/search.htm ? ok ? O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx ok O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_09\bin\ssv.dll ok O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_09\bin\ssv.dll ?????O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll ????? O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Proprietário-de-HP\Menu Iniciar\Programas\IMVU\Run IMVU.lnk (file missing) ok O9 - Extra button: Ajuda com a ligação - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ok O9 - Extra 'Tools' menuitem: Ajuda com a ligação - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ok O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe ok O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe ? ok ? O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll ?????? O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab ok O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 ?????? O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab ?????? O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab ?????? O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab !!!!!!! O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab !!!!!!! O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab ! ok ! O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab ok O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe ok O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe ok O23 - Service: avast! Antivirus - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashServ.exe ok O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe ok O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashWebSv.exe ok O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe ok O23 - Service: iPod Service - Unknown owner - C:\Programas\iPod\bin\iPodService.exe (file missing) ok O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe ok O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE -- End of file - 10411 bytes un suepr merci a tous ceux qui interviennent (des rédacteurs des dossiers super bien fait, ... d'où mon premier post , aux bénévoles du forum, etc. etc..