Problème Avast et Spybot

Bonjour,
J'ai un gros problème et je ne sais comment le résoudre, Svp, si
vous pouviez m'aider.
J'ai voulu installé le logiciel Avast, au début il a fonctioné quelques
heures et comme il n'était pas sur toutes les sessions de l'ordi, nous avons essayé de le mettre en partager et depuis plus rien impossible de le faire fonctionner même en le réinstallant, j'ai constater que mon logiciel Spybot est également vide, alors qu'il fonctionnait correctement. Même si je le réinstalle il reste vide.
Actuellement mon ordi n'a plus d'anti virus.
J'ai windows Xp2, et j'ai utilisé le logiciel Hijackthis, je ne sais pas si cela vous sera utile, mais voici le rapport
You can reference this log by going to: http://hjt.networktechs.com/parse.php?log=323566
--------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1Up To Date Version of HijackThis
You are using the latest version of HijackThis. Check www.merijn.org frequently for updates.
Scan saved at 09:42:19, on 18/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exeSmss.exe
What is it?
Session Manager SubSystem - smss.exe

What does it do?
smss.exe - This is the session manager subsystem, which is responsible for starting the user session. This process is initiated by the system thread and is responsible for various activities, including launching the Winlogon and Win32 (Csrss.exe) processes and setting system variables. After it has launched these processes, it waits for either Winlogon or Csrss to end. If this happens "normally," the system shuts down; if it happens unexpectedly, Smss.exe causes the system to stop responding (hang).

Additional Reading:
Smss.exe does not resolve forward references in environment

You will not be able to end this through task manager!

More info


--------------------------------------------------------------------------------

Virus Precaution:

The smss.exe which is from Microsoft is located at c:windowsSystem32smss.exe . We've been able to find several viruses that run as smss to trick you.

Adware.Advision - Symantec Corporation
Adware.DreamAd - Symantec Corporation
Backdoor.IRC.Aladinz.O - Symantec Corporation
Backdoor.IRC.Flood.F - Symantec Corporation
W32.Dalbug.Worm - Symantec Corporation
W32.Resdoc - Symantec Corporation
C:\WINDOWS\system32\winlogon.exeWinlogon.exe

What is it?
Windows Logon Process - Winlogon.exe

What does it do?
Direct Quote from here:
This is the process responsible for managing user logon and logoff. Moreover, Winlogon is active only when the user presses CTRL+ALT+DEL, at which point it shows the security dialog box.

Search MS for more info: Link

Virus Precaution:
The original Winlogon.exe from Microsoft gets placed in the C:WINDOWSSystem32 directory. if you find it anywhere else then you should be suspicious for sure.

You'll want to keep an eye on this google search for any known viruses. We've been able to find only 1 report of a virus so far.

Troj/Madr-B @ Sophos
Netsky.D @ Trend Micro
C:\WINDOWS\system32\services.exeservices.exe
services.exe is a part of Windows that manages the processes. Anytime a service starts or stops it is through services.exe. During system startup and shutdown is when this process sees most of its action. You should never end this process unless it is running outside of your windows system folder.

C:\WINDOWS\system32\lsass.exelsass.exe
What is it?
Local Security Authentication Server - lsass.exe

What does it do?
lsass.exe - It generates the process responsible for authenticating users for the Winlogon service. This process is performed by using authentication packages such as the default Msgina.dll. If authentication is successful, Lsass generates the user's access token, which is used to launch the initial shell. Other processes that the user initiates inherit this token.

You will not be able to end this through task manager!

From MS


--------------------------------------------------------------------------------

The lsass.exe which is from Microsoft is located at c:windowsSystem32lsass.exe . there's a few viruses that have been found to run as lsass.exe to hide from you.
C:\WINDOWS\system32\svchost.exeSvchost.exe

What is it?
Service Host Process - svchost.exe

What does it do?

Here's a direct quote from MS about this: (source)
Svchost.exe is a generic host process name for services that are run from dynamic-link libraries (DLLs). The Svchost.exe file is located in the %SystemRoot%System32 folder. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. There can be multiple instances of Svchost.exe running at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging.

Svchost.exe groups are identified in the following registry key:

HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionSvchost

Each value under this key represents a separate Svchost group and is displayed as a separate instance when you are viewing active processes. Each value is a REG_MULTI_SZ value and contains the services that run under that Svchost group. Each Svchost group can contain one or more service_names extracted from the following registry key, whose Parameters key contains a ServiceDLL value:

HKEY_LOCAL_MACHINESystemCurrentControlSetServicesService

If you're running Windows XP Home edition then you'll have to download this file HERE and put it in your windows/system32 directory. If you're running XP Pro then you won't need that file since you already have it.

1.) Start --> Run --> cmd
2.) Tasklist /svc >C:ianaginfo.txt

Here's an example of what I got when I issued this command if you'd like to take a look at an example.

A Description of Svchost.exe in Windows XP:
https://support.microsoft.com/en-us/windows?ui=en-US&rs=en-001&ad=US

More Info
More Info

Virus Precaution:
The original file from Microsoft gets placed in the Located in C:WINDOWSSystem32 directory. If you find it anywhere else then you should be suspicious for sure.

You'll want to keep an eye on this google search for any known viruses.

C:\WINDOWS\System32\svchost.exeSvchost.exe

What is it?
Service Host Process - svchost.exe

What does it do?

Here's a direct quote from MS about this: (source)
Svchost.exe is a generic host process name for services that are run from dynamic-link libraries (DLLs). The Svchost.exe file is located in the %SystemRoot%System32 folder. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. There can be multiple instances of Svchost.exe running at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging.

Svchost.exe groups are identified in the following registry key:

HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionSvchost

Each value under this key represents a separate Svchost group and is displayed as a separate instance when you are viewing active processes. Each value is a REG_MULTI_SZ value and contains the services that run under that Svchost group. Each Svchost group can contain one or more service_names extracted from the following registry key, whose Parameters key contains a ServiceDLL value:

HKEY_LOCAL_MACHINESystemCurrentControlSetServicesService

If you're running Windows XP Home edition then you'll have to download this file HERE and put it in your windows/system32 directory. If you're running XP Pro then you won't need that file since you already have it.

1.) Start --> Run --> cmd
2.) Tasklist /svc >C:ianaginfo.txt

Here's an example of what I got when I issued this command if you'd like to take a look at an example.

A Description of Svchost.exe in Windows XP:
https://support.microsoft.com/en-us/windows?ui=en-US&rs=en-001&ad=US

More Info
More Info

Virus Precaution:
The original file from Microsoft gets placed in the Located in C:WINDOWSSystem32 directory. If you find it anywhere else then you should be suspicious for sure.

You'll want to keep an eye on this google search for any known viruses.

C:\WINDOWS\system32\svchost.exeSvchost.exe

What is it?
Service Host Process - svchost.exe

What does it do?

Here's a direct quote from MS about this: (source)
Svchost.exe is a generic host process name for services that are run from dynamic-link libraries (DLLs). The Svchost.exe file is located in the %SystemRoot%System32 folder. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. There can be multiple instances of Svchost.exe running at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging.

Svchost.exe groups are identified in the following registry key:

HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionSvchost

Each value under this key represents a separate Svchost group and is displayed as a separate instance when you are viewing active processes. Each value is a REG_MULTI_SZ value and contains the services that run under that Svchost group. Each Svchost group can contain one or more service_names extracted from the following registry key, whose Parameters key contains a ServiceDLL value:

HKEY_LOCAL_MACHINESystemCurrentControlSetServicesService

If you're running Windows XP Home edition then you'll have to download this file HERE and put it in your windows/system32 directory. If you're running XP Pro then you won't need that file since you already have it.

1.) Start --> Run --> cmd
2.) Tasklist /svc >C:ianaginfo.txt

Here's an example of what I got when I issued this command if you'd like to take a look at an example.

A Description of Svchost.exe in Windows XP:
https://support.microsoft.com/en-us/windows?ui=en-US&rs=en-001&ad=US

More Info
More Info

Virus Precaution:
The original file from Microsoft gets placed in the Located in C:WINDOWSSystem32 directory. If you find it anywhere else then you should be suspicious for sure.

You'll want to keep an eye on this google search for any known viruses.

C:\WINDOWS\system32\spoolsv.exeSpoolsv.exe

What is it?
SPOOLer SerVice - spoolsv.exe

What does it do?
spoolsv.exe - The spooler service is responsible for managing spooled print/fax jobs

You will be able to end this through task manager!

More info


--------------------------------------------------------------------------------

Virus Precaution:
The spoolsv.exe which is from Microsoft is located at c:windowsSystem32spoolsv.exe . We've been able to find several viruses that run as spoolsv to trick you.

Backdoor.Ciadoor.B - Symantec Corporation
Hacktool.Privshell - Symantec Corporation
VBS.Masscal.Worm (vbs) - Symantec Corporation
Graybird-A @ Sophos

C:\Program Files\Executive Software\DiskeeperLite\DKService.exeDkService.exe
DkService.exe is Executive Software's diskeeper. It is the best hard drive disk defragmentation program I've found. In NT based OS's this file will be run as a service and is used for a users sheduled disk defragmentation. It is good to have your drive scheduled to defrag at least once a week at a time when you know you'll be in bed.
C:\WINDOWS\System32\FTRTSVC.exeFTRTSVC.exe
We Don't know! Please post a comment with information about this file
C:\WINDOWS\System32\svchost.exeSvchost.exe

What is it?
Service Host Process - svchost.exe

What does it do?

Here's a direct quote from MS about this: (source)
Svchost.exe is a generic host process name for services that are run from dynamic-link libraries (DLLs). The Svchost.exe file is located in the %SystemRoot%System32 folder. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. There can be multiple instances of Svchost.exe running at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging.

Svchost.exe groups are identified in the following registry key:

HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionSvchost

Each value under this key represents a separate Svchost group and is displayed as a separate instance when you are viewing active processes. Each value is a REG_MULTI_SZ value and contains the services that run under that Svchost group. Each Svchost group can contain one or more service_names extracted from the following registry key, whose Parameters key contains a ServiceDLL value:

HKEY_LOCAL_MACHINESystemCurrentControlSetServicesService

If you're running Windows XP Home edition then you'll have to download this file HERE and put it in your windows/system32 directory. If you're running XP Pro then you won't need that file since you already have it.

1.) Start --> Run --> cmd
2.) Tasklist /svc >C:ianaginfo.txt

Here's an example of what I got when I issued this command if you'd like to take a look at an example.

A Description of Svchost.exe in Windows XP:
https://support.microsoft.com/en-us/windows?ui=en-US&rs=en-001&ad=US

More Info
More Info

Virus Precaution:
The original file from Microsoft gets placed in the Located in C:WINDOWSSystem32 directory. If you find it anywhere else then you should be suspicious for sure.

You'll want to keep an eye on this google search for any known viruses.

C:\WINDOWS\system32\nvsvc32.exenvsvc32.exe
What is it?
NVIDIA Driver Helper Service - nvsvc32.exe

What does it do?
nvsvc32.exe - For all of you that have video cards that utilize one of the Nvidia chipsets running under Windows NT4/2k/XP/2k3 they install a driver help service. We have emailed Nvidia asking them about this but haven't been able to get a response. I was able to to end this task without any issues.

There have been a number of reports that say this service is the root of some nasty shutdown slowdowns! Even though I haven't experienced this personally, Black Viper is a source that I trust and he has stated this service has caused extreme slowdowns during shutdown.

There's been a number of rumors posted that state that this is some form of spyware. I have not found it to transmit any form of data while I've been using it. I also don't believe Nvidia is stupid enough to package spyware and send it to their massive installation base.

You'll want to visit nvidia.com for more information about them and their products. You may also want to download the latest drivers from them.

Virus Precaution:
nvsvc32.exe is located at c:windowsSystem32 vsvc32.exe . We've been unable to find any threats that run as nvsvc32.exe to trick you.

C:\WINDOWS\system32\svchost.exeSvchost.exe

What is it?
Service Host Process - svchost.exe

What does it do?

Here's a direct quote from MS about this: (source)
Svchost.exe is a generic host process name for services that are run from dynamic-link libraries (DLLs). The Svchost.exe file is located in the %SystemRoot%System32 folder. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. There can be multiple instances of Svchost.exe running at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging.

Svchost.exe groups are identified in the following registry key:

HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionSvchost

Each value under this key represents a separate Svchost group and is displayed as a separate instance when you are viewing active processes. Each value is a REG_MULTI_SZ value and contains the services that run under that Svchost group. Each Svchost group can contain one or more service_names extracted from the following registry key, whose Parameters key contains a ServiceDLL value:

HKEY_LOCAL_MACHINESystemCurrentControlSetServicesService

If you're running Windows XP Home edition then you'll have to download this file HERE and put it in your windows/system32 directory. If you're running XP Pro then you won't need that file since you already have it.

1.) Start --> Run --> cmd
2.) Tasklist /svc >C:ianaginfo.txt

Here's an example of what I got when I issued this command if you'd like to take a look at an example.

A Description of Svchost.exe in Windows XP:
https://support.microsoft.com/en-us/windows?ui=en-US&rs=en-001&ad=US

More Info
More Info

Virus Precaution:
The original file from Microsoft gets placed in the Located in C:WINDOWSSystem32 directory. If you find it anywhere else then you should be suspicious for sure.

You'll want to keep an eye on this google search for any known viruses.

C:\WINDOWS\Explorer.EXEexplorer.exe

What is it?
Windows Explorer - explorer.exe


What does it do?
explorer.exe - Below is a direct quote from Microsoft found on THIS page:

This is the user shell, which we see as the familiar taskbar, desktop, and so on. This process isn't as vital to the running of Windows as you might expect, and can be stopped (and restarted) from Task Manager, usually with no negative side effects on the system.

I have found that stopping this process is needed sometimes to stop some other processes.

More Info
More Info

Virus Precaution:
The original file from Microsoft gets placed at C:WINDOWSSystem32explorer.exe . if you find it anywhere else then you should be suspicious for sure.

You'll want to keep an eye on this google search for any known viruses. There's only one unique virus found through this search. All of the results are the various names of this single virus.

Deloder-A @ Sophos
MyDoom.B @ Symantec

C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exeWkUFind.exe
WkUFind.exe is related to Microsoft Works/PictureIt! and will check for software updates. It is safe to remove this from your system startup.
C:\WINDOWS\system32\rundll32.exerundll32.exe

What is it?
Run a DLL as an App - rundll32.exe


What does it do?
Direct Quote from MS: (Source)
Microsoft Windows 95, Windows 98, and Windows Millennium Edition (Me) contains two command-line utility programs named Rundll.exe and Rundll32.exe that allow you to invoke a function exported from a DLL, either 16-bit or 32-bit. However, Rundll and Rundll32 programs do not allow you to call any exported function from any DLL. For example, you can not use these utility programs to call the Win32 API (Application Programming Interface) calls exported from the system DLLs. The programs only allow you to call functions from a DLL that are explicitly written to be called by them. This article provides more details on the use of Rundll and Rundll32 programs under the Windows operating systems listed above.

More Info
More Info

Virus Precaution:
The original file from Microsoft gets placed in the Located at C:WINDOWSSystem32 undll32.exe . If you find it anywhere else then you should be suspicious for sure.

You'll want to keep an eye on this google search for any known viruses.

.


W32.Miroot.Worm @ Symantec
Backdoor.Lastdoor @ Symantec
Trojan.StartPage @ Symantec

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exehpztsb10.exe

What is it?

hpztsb10.exe is?associated with HP printer products software and drivers.

What does it do?

HP spool service application for Windows 32 bit environments on X86 platforms "PC's"

More info:

www.hp.com

C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exePrintScreen.exe
"Gadwin PrintScreen - utility to capture
C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exeUnknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exeRoboTaskBarIcon.exe
Roboform - password manager and web form filler. Will work without this startup entry, as the "active" component is an integrated Internet Explorer browser plugin More information can be found here.

Quote:

Save and Remember Online Passwords
Every other site these days forces you to create a UserID and Password combination. RoboForm saves the day by saving the online passwords (AutoSave dialog) and then filling login forms from the saved data (AutoFill dialog).

C:\PROGRA~1\Wanadoo\EspaceWanadoo.exeEspaceWanadoo.exe

What is it?

EspaceWanadoo.exe is software associated with an internet provider called Wanadoo.

What does it do?

Wanadoo's software provides connection configuration and other "kit" for their Internet Services.

More info:

Check out this google search for more info about Wanadoo Internet services.

C:\WINDOWS\system32\ctfmon.exectfmon.exe

What is it?
Language bar AKA Alternative User Input Services - ctfmon.exe

What does it do?
ctfmon.exe - it's an ever annoying helper tool that comes rather unexpectedly at times and liked by nearly nobody.

Ctfmon.exe monitors the active windows and provides text input service support for speech recognition, handwriting recognition, keyboard, translation, and other alternative user input technologies.

Loads of information can be found on microsoft's site here.

Unless you're using anything in that list above you'll want to stop this file from loading!

How do I get rid of it?
There's been a number of threads in our forum as well as others about this. A typical thread can be found here.

control panel --> regional and language options --> languages tab --> details button --> language bar button

Virus Precaution:
Just like so many of the other files I've written about so far, ctfmon.exe is located in the c:windowsSystem32ctfmon.exe. At the time of this writing there isn't any spyware, viruses or anything like that masking itself as this file. If you find any info on one then please let me know!
C:\Program Files\Antipub\antipub.exeUnknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
C:\PROGRA~1\Wanadoo\ComComp.exeComComp.exe

Common Components? (ComComp.EXE) is a prerequisite for any VisualTax? program?

It MUST be downloaded and installed once by first time users of any VisualTax product (T1, T2, T3, T4, FP).?There is no need to download again for each product.


C:\PROGRA~1\Wanadoo\Toaster.exeToaster.exe
We Don't know! Please post a comment with information about this file
C:\PROGRA~1\Wanadoo\Inactivity.exeInactivity.exe
We Don't know! Please post a comment with information about this file
C:\PROGRA~1\Wanadoo\PollingModule.exePollingModule.exe
We Don't know! Please post a comment with information about this file
C:\PROGRA~1\Magentic\bin\MgApp.exeUnknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXEALERTM~1.EXE
We Don't know! Please post a comment with information about this file
C:\PROGRA~1\Wanadoo\Watch.exeWatch.exe
Watch.exe - This is a process from Lavasoft for Ad ware this monitors your system and entries for spyware that tries to changeyour system, for Ad ware to work this should not be removed.

C:\HTJ\HijackThis.exeHijackThis.exe
This is our favorite application for fighting against malware and other trashy application that bog systems down. Our guide to using this software can be found here. We have also taken the time to write a system to process the log files created from this application here.
C:\Program Files\Executive Software\DiskeeperLite\DfrgNTFS.exedfrgntfs.exe
dfrgntfs.exe
--------------------------------------------------------------------------------

What is it?
Windows Defrag - dfrgntfs.exe

What does it do?
This is the process in Windows 2000 and XP that handles the file defragmentation process. This helps to speed up things like opening and reading files which will make it so that your applications run as fast as they can on your system. NEVER end this process, if you do it can cause corruption in whatever file it was processing when you ended it.


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don't know here clean this line!
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/fr-fr/?ref=go Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don't know here clean this line!
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.exalead.fr/search/??definition=homepageInternet Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don't know here clean this line!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.microsoft.com/fr-fr/?ref=go Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don't know here clean this line!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.microsoft.com/fr-fr/?ref=go Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don't know here clean this line!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/fr-fr/?ref=go Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don't know here clean this line!
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.microsoft.com/fr-fr/?ref=go Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don't know here clean this line!
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =Internet Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don't know here clean this line!
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBRInternet&cc=fr&toHttps=1&redig=2F6538E9BD8A42E3A46A123231DB1B43 Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don't know here clean this line!
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = WanadooInternet Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don't know here clean this line!
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensInternet Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don't know here clean this line!
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLLDefault Search Page
When using the search toolbar this is your default search. Should be either yahoo, msn or google cause all others suck
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)File Missing
When a file is missing, you should always have HijackThis fix the item.
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllAcroIEhelper.ocx AcroIEhelper.dll - Adobe Acrobat reader http://www.adobe.com/products/acrobat/reads
AcroIEhelper.ocx AcroIEhelper.dll - Adobe Acrobat reader https://get2.adobe.com/reader/otherversions/
O2 - BHO: CJava Object - {43F7497C-7687-4DEA-A057-F21BD81BC896} - C:\WINDOWS\System32\msjava32.dllmsjava32.dll - Trojan connecting to/hailing from adult chat sites (camscenter.com sexecam.net) - WAR
msjava32.dll - Trojan connecting to/hailing from adult chat sites (camscenter.com sexecam.net) - WARNING despite all apprearances this is in NO way a Microsoft file!
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)File Missing
When a file is missing, you should always have HijackThis fix the item.
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezobho.dll (file missing)File Missing
When a file is missing, you should always have HijackThis fix the item.
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dllUnnamed BHO
RoboForm.dll - RoboForm https://www.roboform.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dllUnnamed BHO
ssv.dll - Related to Sun_Java_software https://www.java.com/en/download/
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)File Missing
When a file is missing, you should always have HijackThis fix the item.
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dllUnnamed BHO
WindowsLiveLogin.dll - Microsoft Windows_Live https://support.microsoft.com/en-us/windows/windows-essentials-2707b879-5004-4349-c4a4-e5900945f2a9
O2 - BHO: (no name) - {A685D287-785F-9822-002D-7F4A37C2D302} - (no file)File Missing
When a file is missing, you should always have HijackThis fix the item.
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dllUnnamed BHO
msntb.dll - MSN Toolbar https://www.bing.com/?toHttps=1&redig=C5A5F4D5ECA345F689A948C005FF88A7
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)File Missing
When a file is missing, you should always have HijackThis fix the item.
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dllUnknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
O3 - Toolbar: Sonerie Toolbar - {157B91D9-D643-403b-92FE-FB48DA68D6C4} - (no file)File Missing
When a file is missing, you should always have HijackThis fix the item.
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)File Missing
When a file is missing, you should always have HijackThis fix the item.
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dllUnknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exeMicrosoft Works Update Detection
Checks for updates to MS Works
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentUnknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exeHPDJ Taskbar Utility
"(1) Ghostscript device driver for printers understanding Hewlett-Packard's Printer Command Language - see here for more info or (2) Creates 1 or all 3 icons on taskbar. The 1st one has a yellow border around it warning that ink is low on the printer. The 2nd one is HP Device Detection Software and the 3rd one is about a card being inserted into the Hp printer"
O4 - HKLM\..\Run: [ekiofdjhne] c:\windows\system32\ekiofdjhne.exe ekiofdjhneUnknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exeUnknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplashUnknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /trayUnknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /cUnknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"RoboForm
"Roboform - password manager and web form filler. Will work without this startup entry
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exeUnknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeCtfmon.exe
"CoolWebSearch Ctfmon32 parasite variant"
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe

O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htmInternet Right Click Menu
Most of the time this is garbage leave it only if you actually use this function. Otherwise for the sake of cleanliness get rid of this sucker. A wise man once said Cleanliness is next to godliness
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTMLInternet Right Click Menu
Most of the time this is garbage leave it only if you actually use this function. Otherwise for the sake of cleanliness get rid of this sucker. A wise man once said Cleanliness is next to godliness
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlInternet Right Click Menu
Most of the time this is garbage leave it only if you actually use this function. Otherwise for the sake of cleanliness get rid of this sucker. A wise man once said Cleanliness is next to godliness
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000Internet Right Click Menu
Most of the time this is garbage leave it only if you actually use this function. Otherwise for the sake of cleanliness get rid of this sucker. A wise man once said Cleanliness is next to godliness
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlInternet Right Click Menu
Most of the time this is garbage leave it only if you actually use this function. Otherwise for the sake of cleanliness get rid of this sucker. A wise man once said Cleanliness is next to godliness
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?f2323b672d014723b8a2a74b390ef92Internet Right Click Menu
Most of the time this is garbage leave it only if you actually use this function. Otherwise for the sake of cleanliness get rid of this sucker. A wise man once said Cleanliness is next to godliness
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?f2323b672d014723b8a2a74b390ef92Internet Right Click Menu
Most of the time this is garbage leave it only if you actually use this function. Otherwise for the sake of cleanliness get rid of this sucker. A wise man once said Cleanliness is next to godliness
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.htmlInternet Right Click Menu
Most of the time this is garbage leave it only if you actually use this function. Otherwise for the sake of cleanliness get rid of this sucker. A wise man once said Cleanliness is next to godliness
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlInternet Right Click Menu
Most of the time this is garbage leave it only if you actually use this function. Otherwise for the sake of cleanliness get rid of this sucker. A wise man once said Cleanliness is next to godliness
O8 - Extra context menu item: Voir les cookies - C:\WINDOWS\web\showcookies.htmInternet Right Click Menu
Most of the time this is garbage leave it only if you actually use this function. Otherwise for the sake of cleanliness get rid of this sucker. A wise man once said Cleanliness is next to godliness
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dllSun Java Console
Related to Sun Java
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dllSun Java Console
Related to Sun Java
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlCompila
Related to Roboform Note: File is located under C:ProgrammiSiber SystemsAI RoboForm
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlCompila
Related to Roboform Note: File is located under C:ProgrammiSiber SystemsAI RoboForm
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlSave Forms
Related to Roboform Password Manager and Web Form Filler that completely automates password entering and form filling. Note: file is found under C:Program FilesSiber SystemsAI RoboForm folder.
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlSave Forms
Related to Roboform Password Manager and Web Form Filler that completely automates password entering and form filling. Note: file is found under C:Program FilesSiber SystemsAI RoboForm folder.
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlRoboForm
Related to Roboform Password Manager and Web Form Filler that completely automates password entering and form filling. Note: file is found under C:Program FilesSiber SystemsAI RoboForm folder.
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlRoboForm
Related to Roboform Password Manager and Web Form Filler that completely automates password entering and form filling. Note: file is found under C:Program FilesSiber SystemsAI RoboForm folder.
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)File Missing
When a file is missing, you should always have HijackThis fix the item.
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)File Missing
When a file is missing, you should always have HijackThis fix the item.
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINDOWS\system32\shdocvw.dllYahoo! Messenger
Yahoo Messenger
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINDOWS\system32\shdocvw.dllYahoo! Messenger
Yahoo Messenger
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)File Missing
When a file is missing, you should always have HijackThis fix the item.
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)File Missing
When a file is missing, you should always have HijackThis fix the item.
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)File Missing
When a file is missing, you should always have HijackThis fix the item.
O11 - Options group: [INTERNATIONAL] International*IE Advanced Options
This is rarely modified by programs.
O16 - DPF: PackageHtmlCab - http://acces.blonde.com/package/PackageHtmlCab.CABUnknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - https://www.microsoft.com/fr-fr/?ref=go BHO
http://www.microsoft.com/genuine/downloads/WhyValidate.aspx?FamilyID=b446ae53-3759-40cf-80d5-cde4bbe07999&displaylang=en
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/ BHO
MsnPUpld.cab - MSN photo upload tool
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/... BHO
http://v5.windowsupdate.microsoft.com/windowsupdate/v6/default.aspx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
Microsoft Windows Update more here
O16 - DPF: {F4653484-F38C-455F-BB15-1175E527754E} (VideoProducer Class) - http://www.normal.video-party.com/class/webcam2.cabUnknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A3AE27A-53CB-459C-A5DB-E0BB58355CEC}: NameServer = 85.255.113.130,85.255.112.113Internet Settings
These may not be bad if your internet connection is set manually
O17 - HKLM\System\CCS\Services\Tcpip\..\{655AB98D-28FB-4721-A02C-7E88AAE5AD4C}: NameServer = 85.255.113.130,85.255.112.113Internet Settings
These may not be bad if your internet connection is set manually
O17 - HKLM\System\CCS\Services\Tcpip\..\{7AC237AB-9C87-439A-B4BC-A28DB452638A}: NameServer = 85.255.113.130,85.255.112.113Internet Settings
These may not be bad if your internet connection is set manually
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1097410-77C7-446D-B7F4-B80DA6E836B6}: NameServer = 85.255.113.130,85.255.112.113Internet Settings
These may not be bad if your internet connection is set manually
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7CA6BE1-BAF3-4A5E-BBCA-7CB22B7C33A3}: NameServer = 85.255.113.130,85.255.112.113Internet Settings
These may not be bad if your internet connection is set manually
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.130 85.255.112.113Internet Settings
These may not be bad if your internet connection is set manually
O17 - HKLM\System\CS1\Services\Tcpip\..\{2A3AE27A-53CB-459C-A5DB-E0BB58355CEC}: NameServer = 85.255.113.130,85.255.112.113Internet Settings
These may not be bad if your internet connection is set manually
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.130 85.255.112.113Internet Settings
These may not be bad if your internet connection is set manually
O17 - HKLM\System\CS2\Services\Tcpip\..\{2A3AE27A-53CB-459C-A5DB-E0BB58355CEC}: NameServer = 85.255.113.130,85.255.112.113Internet Settings
These may not be bad if your internet connection is set manually
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.130 85.255.112.113Internet Settings
These may not be bad if your internet connection is set manually
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLExtra Protocols
There's a few known hijackers that use this but I haven't found anything good come out of these
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLExtra Protocols
There's a few known hijackers that use this but I haven't found anything good come out of these
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllAppInit_DLLs Registry value autorun
Very few known *good* purposes of this. Norton Cleansweep being the headliner of good items
Loads a .dll into memory when a user logs in. Frequently used by VERY bad hijackers.
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllShellServiceObjectDelayLoad Registry key autorun
HJT automatically weeds out the good ones here so we'll flag this as bad. Consult a HJT expert before cleaning anything.
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exeDiskeeper
Executive Software's Diskeeper (Defragmenter)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exeUnknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
O23 - Service: InCD Helper (InCDsrv) - Unknown owner - C:\Documents and Settings\ghislaine\Mes documents\imagine\InCD\InCDsrv.exe (file missing)File Missing
When a file is missing, you should always have HijackThis fix the item.
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeNVIDIA Driver Helper Service
Related to NVIDIA drivers.
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)File Missing
When a file is missing, you should always have HijackThis fix the item.
Merci de me répondre