SOS (rapport hijackthis)

[bruce lee]

bonsoir,

 

ton log est propre, as tu encore des problemes?

 

si oui fais ceci:

 

1/telecharge silent runners http://www.silentrunners.org/Silent%20Runners.vbs

 

2/déconnecte toi du net et ferme toutes les applications en cours.

 

3/lance silent runners laisse le travailler quand il aura finit de scanner tu en sauras averti par un message et un nouveau fichier texte sera crée ouvre ce fichier texte et colle nous la totalité du rapport.

 

@+ et bon courage

[chanoly]

bonjour,

 

 

et oui malheureusement, j'ai toujours autant de problèmes, si ce n'est plus !

 

le lien que tu m'as donné pour télécharger silent runners ne marche pas.

 

dis-moi que faire s'il te plait, je n'en peux plus.

 

je crois que je vais laisser tomber internet !!!

 

merci encore pour tes conseils :

[bruce lee]

bonjour,

 

Sur le lien que je t'ai donné, tu fais clique droit dessus et "enregistrer la cible sous" normalement ca devrait

 

marcher.

 

@+

[chanoly]

re,

 

 

voilà ce que ca me donne :

 

"Silent Runners.vbs", revision 45, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

 

 

Startup items buried in registry:

---------------------------------

 

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"WOOKIT" = "C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=" [empty string]

"msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"Zone Labs Client" = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"]

"WOOWATCH" = "C:\PROGRA~1\Wanadoo\Watch.exe" ["France Télécom R&D"]

"BluetoothAuthenticationAgent" = "rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" [MS]

"LXCFCATS" = "rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16" [MS]

"avgnt" = ""C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["H+BEDV Datentechnik GmbH"]

"WOOTASKBARICON" = "C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe" ["France Télécom R&D"]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

-> {HKLM...CLSID} = "AcroIEHlprObj Class"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"

-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"

\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

-> {HKLM...CLSID} = "Portable Media Devices"

\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

-> {HKLM...CLSID} = "Portable Media Devices Menu"

\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]

"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"

-> {HKLM...CLSID} = "Shell Extension for Malware scanning"

\InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"]

"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"

-> {HKLM...CLSID} = "Shell Search Band"

\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

"{acb4a560-3606-11d3-aef4-00104bd0f92d}" = "KodakShellExtension"

-> {HKLM...CLSID} = "KodakShellExtension"

\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Kodak\ifscore\KodakShX.dll" ["Eastman Kodak Company"]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"

-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"

\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\shellhook.dll" ["TODO: <Firmenname>"]

 

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"

-> {HKLM...CLSID} = "Shell Extension for Malware scanning"

\InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"

-> {HKLM...CLSID} = "Shell Extension for Malware scanning"

\InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 

 

Active Desktop and Wallpaper:

-----------------------------

 

Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

 

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

 

 

Enabled Screen Saver:

---------------------

 

HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\system32\ssbezier.scr" [MS]

 

 

Startup items in "Administrateur" & "All Users" startup folders:

----------------------------------------------------------------

 

C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage

"Morpheus" -> shortcut to: "C:\Program Files\Morpheus\Morpheus.exe -min" [file not found]

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

"BlueSoleil" -> shortcut to: "C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" ["IVT Corporation"]

"E-Compagnon" -> shortcut to: "C:\Program Files\ColiPoste\e-COMO\e-COMO.exe" [file not found]

"Kodak software updater" -> shortcut to: "C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" [null data]

"Logiciel Kodak EasyShare" -> shortcut to: "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe -hx" [null data]

 

 

Winsock2 Service Provider DLLs:

-------------------------------

 

Namespace Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000004\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]

 

Transport Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 24

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

 

 

Toolbars, Explorer Bars, Extensions:

------------------------------------

 

Extensions (Tools menu items, main toolbar menu buttons)

 

HKCU\Software\Microsoft\Internet Explorer\Extensions\

{1462651F-F4BA-4C76-A001-C4284D0FE16E}\

"ButtonText" = "Wanadoo"

"Exec" = "http://www.wanadoo.fr" [file not found]

 

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Console Java (Sun)"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"

-> {HKCU...CLSID} = "Java Plug-in"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

 

 

Miscellaneous IE Hijack Points

------------------------------

 

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

 

Added lines (compared with English-language version):

[strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"

 

Missing lines (compared with English-language version):

[strings]: 1 line

 

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\

"{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)

-> {HKLM...CLSID} = "Search Class"

\InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\SEARCH~1.DLL" [empty string]

 

 

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

 

AntiVir PersonalEdition Classic Service, AntiVirService, "C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe" ["AVIRA GmbH"]

AntiVir Scheduler, AntiVirScheduler, "C:\Program Files\AntiVir PersonalEdition Classic\sched.exe" ["Avira GmbH"]

BlueSoleil Hid Service, BlueSoleil Hid Service, "C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe" [null data]

Bluetooth Support Service, BthServ, "C:\WINDOWS\system32\svchost.exe -k bthsvcs" {"C:\WINDOWS\System32\bthserv.dll" [MS]}

ewido security suite control, ewido security suite control, "C:\Program Files\ewido anti-malware\ewidoctrl.exe" ["ewido networks"]

lxcf_device, lxcf_device, "C:\WINDOWS\system32\lxcfcoms.exe -service" [empty string]

Machine Debug Manager, MDM, ""C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe"" [MS]

TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

 

 

Print Monitors:

---------------

 

HKLM\System\CurrentControlSet\Control\Print\Monitors\

730 Series Port\Driver = "lxcflmpm.DLL" [empty string]

 

 

----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

use the -supp parameter or answer "No" at the first message box.

---------- (total run time: 47 seconds, including 6 seconds for message boxes)

 

 

 

 

 

 

 

 

 

ET COMME JE SUIS NULLE EN ANGLAIS JE NE SAIS PAS SI C'EST UN RAPPORT OU SI C'EST AUTRE CHOSE;

 

DESOLEE;

 

 

MERCI ENCORE

[bruce lee]

re,

 

le rapport de silent runners est propre.

 

fais un scan en ligne:

 

http://www.pandasoftware.com/activescan/fr...n_principal.htm

tuto pour panda http://www.monaco-pro.com/cool-life/tuto/panda/tuto.htm

 

a la fin du scan tu cliques sur "consulter le rapport",tu le sauvegardes et tu le posts.

[chanoly]

bon me revoilà,

 

je crois que nous allons devenir inséparables bruce lee !!!

 

 

voilà le rapport de panda :

 

 

Incident Statut Analyse

 

Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\y5rcgw4r.default\cookies.txt[.xiti.com/]

Spyware:Cookie/Advertising No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\y5rcgw4r.default\cookies.txt[.advertising.com/]

Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\y5rcgw4r.default\cookies.txt[.doubleclick.net/]

Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\y5rcgw4r.default\cookies.txt[.atdmt.com/]

Spyware:Cookie/Tradedoubler No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\y5rcgw4r.default\cookies.txt[.tradedoubler.com/]

Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\y5rcgw4r.default\cookies.txt[.weborama.fr/]

Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\y5rcgw4r.default\cookies.txt[.bluestreak.com/]

Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\Administrateur\Cookies\administrateur@bluestreak[1].txt

Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Administrateur\Cookies\administrateur@weborama[2].txt

Virus Eventuel. No Désinfecté C:\Documents and Settings\Administrateur\Mes documents\sécurité\ATF-Cleaner.exe

Outil indésirable:Application/MyWebSearch No Désinfecté C:\WINDOWS\system32\f3PSSavr.scr

 

 

 

 

bon courage, car il doit t'en falloir avec moi !

[bruce lee]

re,

 

je crois que nous allons devenir inséparables bruce lee !!!

 

oui

 

il n'y a qu'un bestiole dans le rapport on va s'en debarrassé:

 

1/ demarre en mode sans echec

 

2/ supprime ce qui est en gras:

 

3/C:\WINDOWS\system32\ f3PSSavr.scr<== le fichier

 

4/ redemarre en mode normal et refais un scan chez panda et post le rapport.

 

@+ et bon courage

 

P.S:

 

bon courage, car il doit t'en falloir avec moi !

 

oui c'est vrai (non je rigole )

Modifié le 28 avril 2006 par bruce lee

[maykimaykedelille]

dur dur la vie chanoly avec un pc a la maison maintenant!

hi hi hi

[chanoly]

tout d'abord mayki ca ne fait rire que toi, mais ta soeur elle se pernd la tête, elle en a plus que marre.

 

 

ensuite bruce lee me revoilà , quand je te disais qu'on allait plus se séparer nous 2 !!

 

et plus ca va plus il bloque ce pc de m......

 

il ne me faut ps plus de 10 minutes pour écrire une phrase de 20 mots!

 

bref, voilà le rapport activescan après les manipulations que tu m'as demandé.

 

merci

[bruce lee]

re,

 

je ne vois pas le rapport de scan .