bBernigts

Voici mon log de hijactthis --------------------------------------------- Logfile of HijackThis v1.98.2 Scan saved at 11:39:15, on 2006-02-24 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: K:\WINDOWS\System32\smss.exe K:\WINDOWS\system32\winlogon.exe K:\WINDOWS\system32\services.exe K:\WINDOWS\system32\lsass.exe K:\WINDOWS\system32\svchost.exe K:\WINDOWS\System32\svchost.exe K:\WINDOWS\system32\spoolsv.exe K:\WINDOWS\System32\nvsvc32.exe K:\Program Files\Analog Devices\SoundMAX\SMAgent.exe K:\WINDOWS\explorer.exe K:\WINDOWS\System32\SMSSU.EXE K:\WINDOWS\System32\Tmntsrv32.EXE K:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe K:\Program Files\Analog Devices\SoundMAX\Smax4.exe K:\WINDOWS\System32\RUNDLL32.EXE K:\Program Files\Messenger\msmsgs.exe K:\Program Files\MSN Messenger\MsnMsgr.Exe K:\WINDOWS\System32\Tmntsrv32.EXE K:\WINDOWS\System32\SMSSU.EXE N:\Zip File\HijackThis.exe K:\WINDOWS\win32res.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default.home/ O2 - BHO: XMLDP Class - {60371670-81B9-4d06-9C42-4DEC1AABE62B} - K:\WINDOWS\xml2lib.dll O4 - HKLM\..\Run: [soundMAXPnP] K:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "K:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE K:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE K:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DU Meter] C:\Internet\DU Meter\DUMETER.EXE O4 - HKLM\..\Run: [NeroCheck] K:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [MSMSGS] "K:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "K:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [sMSSU] K:\WINDOWS\System32\SMSSU.EXE O4 - HKCU\..\Run: [Tmntsrv32] K:\WINDOWS\System32\Tmntsrv32.EXE O4 - HKCU\..\Run: [Win32res] K:\WINDOWS\win32res.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = K:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe -------------------- Et voici un scan de silent Runner : "Silent Runners.vbs", revision 43, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "MSMSGS" = ""K:\Program Files\Messenger\msmsgs.exe" /background" [MS] "MsnMsgr" = ""K:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS] "SMSSU" = "K:\WINDOWS\System32\SMSSU.EXE" [null data] "Tmntsrv32" = "K:\WINDOWS\System32\Tmntsrv32.EXE" [null data] "Win32res" = "K:\WINDOWS\win32res.exe" [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "SoundMAXPnP" = "K:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" ["Analog Devices, Inc."] "SoundMAX" = ""K:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray" ["Analog Devices, Inc."] "NvCplDaemon" = "RUNDLL32.EXE K:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RUNDLL32.EXE K:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS] "DU Meter" = "C:\Internet\DU Meter\DUMETER.EXE" [file not found] "NeroCheck" = "K:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {60371670-81B9-4d06-9C42-4DEC1AABE62B}\(Default) = "XMLDP Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "K:\WINDOWS\xml2lib.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal" -> {CLSID}\InProcServer32\(Default) = "K:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {CLSID}\InProcServer32\(Default) = "K:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {CLSID}\InProcServer32\(Default) = "K:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {CLSID}\InProcServer32\(Default) = "K:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {CLSID}\InProcServer32\(Default) = "K:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {CLSID}\InProcServer32\(Default) = "K:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes" -> {CLSID}\InProcServer32\(Default) = "K:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ INFECTION WARNING! explorer.exe\Debugger = "K:\WINDOWS\explorer32dbg.exe" [null data] INFECTION WARNING! iexplore.exe\Debugger = "K:\WINDOWS\iexplore_dbg.exe" [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "K:\Documents and Settings\Bernard\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Startup items in "Bernard" & "All Users" startup folders: --------------------------------------------------------- K:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage "Adobe Reader Speed Launch" -> shortcut to: "K:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "Yahoo! Toolbar avec bloqueur de fenêtres pop-up" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "K:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."] Miscellaneous IE Hijack Points ------------------------------ K:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): [strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/" Missing lines (compared with English-language version): [strings]: 1 line Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ NVIDIA Display Driver Service, NVSvc, "K:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"] SoundMAX Agent Service, SoundMAX Agent Service (default), "K:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."] Windows User Mode Driver Framework, UMWdf, "K:\WINDOWS\System32\wdfmgr.exe" [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 5 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 4 seconds. ---------- (total run time: 23 seconds) ----------------------------------- Je suis obliger d'utiliser un autre ordinateur connecter au reseau chez moi parce que sur le mien des que je vais sur internet ca marque ceci : res://xml2lib.dll/HTTP_Blocked.htm Expliquant que jai un spyware et d'utiliser un programme lister pour l'enlever, la belle arnaque quoi! Jai utiliser Killbox pour tout enlever, sans reussite, je suis a bout la! Merci de m'aider!!