un log de plus qui demande un oeil expert ;)

[iwanttotellyu]

bonjour,

 

j ai essayer d'analyser complètement un log hijackthis pour une copine portugaise, dont l enfant de 6 ans a accepter un ficher par msn, provenant de son oncle ... et j'aimerais avoir votre avis sur certains points.

 

 

toutes les recherches de clé on été faites sur file.com

les exe et le reste sur google et processlibrary.com

j ai annoté en début de ligne par

 

ok ok

???? hmmm

??!!?? ça pue

!!!!! a supprimer

 

Malheureusement je n ais pas pu avoir le log en mode sans échec je l aurais ce soir

 

 

 

le fameux log :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 0:54:45, on 25-03-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

ok C:\WINDOWS\System32\smss.exe

ok C:\WINDOWS\system32\winlogon.exe

ok C:\WINDOWS\system32\services.exe

ok C:\WINDOWS\system32\lsass.exe

ok C:\WINDOWS\system32\svchost.exe

ok C:\WINDOWS\System32\svchost.exe

ok C:\Programas\Alwil Software\Avast4\aswUpdSv.exe

ok C:\Programas\Alwil Software\Avast4\ashServ.exe

ok C:\WINDOWS\Explorer.EXE

ok C:\WINDOWS\system32\spoolsv.exe

ok C:\Programas\HP\HP Software Update\HPwuSchd2.exe

ok C:\WINDOWS\VM_STI.EXE

ok C:\HP\KBD\KBD.EXE

ok C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe

ok C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

ok C:\Programas\Java\jre1.5.0_09\bin\jusched.exe

!!!!! C:\WINDOWS\system32\msnstartup.exe

ok C:\WINDOWS\system32\rundll32.exe

ok C:\Programas\Messenger\msmsgs.exe

ok C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

ok C:\WINDOWS\system32\ctfmon.exe

ok C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe

ok C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

ok C:\Programas\Ficheiros comuns\Microsoft Shared\Works Shared\WkCalRem.exe

ok C:\Programas\Ficheiros comuns\Teleca Shared\Generic.exe

ok C:\WINDOWS\system32\nvsvc32.exe

ok c:\Programas\HP\Digital Imaging\bin\hpqSTE08.exe

ok C:\WINDOWS\system32\svchost.exe

ok C:\Programas\Alwil Software\Avast4\ashMaiSv.exe

ok C:\WINDOWS\ALCXMNTR.EXE

ok c:\windows\system\hpsysdrv.exe

ok C:\Programas\Ficheiros comuns\InstallShield\UpdateService\issch.exe

!!!!!! C:\Programas\Windows Live\installer\WLSetupSvc.exe

ok C:\Programas\Java\jre1.5.0_09\bin\jucheck.exe

ok C:\Programas\Windows Live\Messenger\msnmsgr.exe

ok C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

ok C:\Programas\Windows Live\Messenger\usnsvc.exe

ok C:\Programas\Internet Explorer\iexplore.exe

ok C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

ok C:\Programas\Alwil Software\Avast4\ashSimpl.exe

ok C:\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

!!??!! R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programas\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

ok R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Programas\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL

ok O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

ok O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Programas\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL

!!!! O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programas\Windows Live\Proteção para a Família\fssbho.dll

ok O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

ok O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_09\bin\ssv.dll

!!!!! O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

ok O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

??ok?? O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar4.dll

ok O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll

ok O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\Windows Live Toolbar\msntb.dll

! ok ! O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Programas\AskPBar\bar\1.bin\ASKPBAR.DLL

??!! mauvaise clé ?? O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar4.dll

!!!! O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Programas\AskPBar\bar\1.bin\ASKPBAR.DLL

!!mauvaise clé!! O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\Windows Live Toolbar\msntb.dll

 

 

ok O4 - HKLM\..\Run: [HPHUPD08] c:\Programas\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

ok O4 - HKLM\..\Run: [HPBootOp] "C:\Programas\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

ok O4 - HKLM\..\Run: [HP Software Update] C:\Programas\HP\HP Software Update\HPwuSchd2.exe

ok O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera

ok O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

ok O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot

ok O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

ok O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

ok O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.5.0_09\bin\jusched.exe"

ok O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime

ok O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHEI~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

? ok ? O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

ok O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

!!!!! O4 - HKLM\..\Run: [Msn Startup] msnstartup.exe

!!!!! O4 - HKLM\..\Run: [fssui] "C:\Programas\Windows Live\Proteção para a Família\fssui.exe" -autorun

ok O4 - HKCU\..\Run: [bitTorrent] "C:\Programas\BitTorrent\bittorrent.exe" --force_start_minimized

ok O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background

ok O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

ok O4 - HKCU\..\Run: [swg] C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

ok O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

ok O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')

ok O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')

ok O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

ok O4 - Startup: Adobe Gamma.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe

!!!!! O4 - Startup: IMVU.lnk = C:\Programas\IMVU\IMVUClient.exe

!!!!! O4 - Startup: wkcalrem.LNK = C:\Programas\Ficheiros comuns\Microsoft Shared\Works Shared\WkCalRem.exe

ok O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxdm824YYPT

? ok ? O8 - Extra context menu item: &Windows Live Search - res://C:\Programas\Windows Live Toolbar\msntb.dll/search.htm

? ok ? O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

ok O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_09\bin\ssv.dll

ok O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_09\bin\ssv.dll

?????O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll

????? O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Proprietário-de-HP\Menu Iniciar\Programas\IMVU\Run IMVU.lnk (file missing)

ok O9 - Extra button: Ajuda com a ligação - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

ok O9 - Extra 'Tools' menuitem: Ajuda com a ligação - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

ok O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

ok O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

? ok ? O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

?????? O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

ok O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

?????? O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

?????? O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

?????? O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab

!!!!!!! O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab

!!!!!!! O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab

! ok ! O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

ok O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

ok O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe

ok O23 - Service: avast! Antivirus - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashServ.exe

ok O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe

ok O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashWebSv.exe

ok O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe

ok O23 - Service: iPod Service - Unknown owner - C:\Programas\iPod\bin\iPodService.exe (file missing)

ok O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

ok O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE

 

--

End of file - 10411 bytes

 

 

un suepr merci a tous ceux qui interviennent (des rédacteurs des dossiers super bien fait, ... d'où mon premier post , aux bénévoles du forum, etc. etc..

Modifié le 25 mars 2008 par iwanttotellyu