Infecté coolwebsearch

bonsoir,
après scan hijack et analyse on line je trouve 4 lignes suspectes
voici le log
Arcade File Downloads UsenetGeeks --Usenet Geeks-- MSUsenet.com WindowsForum.com WebMasterDev.com TheMoneyForum.com UsenetBikes.com UsenetCars.com Usenethealth.com Usenetlinux.com Usenetmac.com UsenetSports.com UsenetTV.com
Email
Confirm email


Articles Spyware Removal File Help Startup DB Tips Service DB News Hijack This! Analyzer





Bad - Remove almost always
OK Most of the time - don't need to touch
Probably not needed - Safe to remove
Generally harmless - third party applications
Bad if you don't know what it is
Unknown Item - Investigate further
--------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1Up To Date Version of HijackThis
You are using the latest version of HijackThis. Check www.merijn.org frequently for updates.
Scan saved at 21:24:54, on 21/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exeSmss.exe
What is it?
Session Manager SubSystem - smss.exe

What does it do?
smss.exe - This is the session manager subsystem, which is responsible for starting the user session. This process is initiated by the system thread and is responsible for various activities, including launching the Winlogon and Win32 (Csrss.exe) processes and setting system variables. After it has launched these processes, it waits for either Winlogon or Csrss to end. If this happens "normally," the system shuts down; if it happens unexpectedly, Smss.exe causes the system to stop responding (hang).

Additional Reading:
Smss.exe does not resolve forward references in environment

You will not be able to end this through task manager!

More info


--------------------------------------------------------------------------------

Virus Precaution:

The smss.exe which is from Microsoft is located at c:windowsSystem32smss.exe . We've been able to find several viruses that run as smss to trick you.

Adware.Advision - Symantec Corporation
Adware.DreamAd - Symantec Corporation
Backdoor.IRC.Aladinz.O - Symantec Corporation
Backdoor.IRC.Flood.F - Symantec Corporation
W32.Dalbug.Worm - Symantec Corporation
W32.Resdoc - Symantec Corporation
C:\WINDOWS\system32\winlogon.exeWinlogon.exe

What is it?
Windows Logon Process - Winlogon.exe

What does it do?
Direct Quote from here:
This is the process responsible for managing user logon and logoff. Moreover, Winlogon is active only when the user presses CTRL+ALT+DEL, at which point it shows the security dialog box.

Search MS for more info: Link

Virus Precaution:
The original Winlogon.exe from Microsoft gets placed in the C:WINDOWSSystem32 directory. if you find it anywhere else then you should be suspicious for sure.

You'll want to keep an eye on this google search for any known viruses. We've been able to find only 1 report of a virus so far.

Troj/Madr-B @ Sophos
Netsky.D @ Trend Micro
C:\WINDOWS\system32\services.exeservices.exe
services.exe is a part of Windows that manages the processes. Anytime a service starts or stops it is through services.exe. During system startup and shutdown is when this process sees most of its action. You should never end this process unless it is running outside of your windows system folder.

C:\WINDOWS\system32\lsass.exelsass.exe
What is it?
Local Security Authentication Server - lsass.exe

What does it do?
lsass.exe - It generates the process responsible for authenticating users for the Winlogon service. This process is performed by using authentication packages such as the default Msgina.dll. If authentication is successful, Lsass generates the user's access token, which is used to launch the initial shell. Other processes that the user initiates inherit this token.

You will not be able to end this through task manager!

From MS


--------------------------------------------------------------------------------

The lsass.exe which is from Microsoft is located at c:windowsSystem32lsass.exe . there's a few viruses that have been found to run as lsass.exe to hide from you.
C:\WINDOWS\system32\svchost.exeSvchost.exe

What is it?
Service Host Process - svchost.exe

What does it do?

Here's a direct quote from MS about this: (source)
Svchost.exe is a generic host process name for services that are run from dynamic-link libraries (DLLs). The Svchost.exe file is located in the %SystemRoot%System32 folder. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. There can be multiple instances of Svchost.exe running at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging.

Svchost.exe groups are identified in the following registry key:

HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionSvchost

Each value under this key represents a separate Svchost group and is displayed as a separate instance when you are viewing active processes. Each value is a REG_MULTI_SZ value and contains the services that run under that Svchost group. Each Svchost group can contain one or more service_names extracted from the following registry key, whose Parameters key contains a ServiceDLL value:

HKEY_LOCAL_MACHINESystemCurrentControlSetServicesService

If you're running Windows XP Home edition then you'll have to download this file HERE and put it in your windows/system32 directory. If you're running XP Pro then you won't need that file since you already have it.

1.) Start --> Run --> cmd
2.) Tasklist /svc >C:ianaginfo.txt

Here's an example of what I got when I issued this command if you'd like to take a look at an example.

A Description of Svchost.exe in Windows XP:
https://support.microsoft.com/en-us/windows?ui=en-US&rs=en-001&ad=US

More Info
More Info

Virus Precaution:
The original file from Microsoft gets placed in the Located in C:WINDOWSSystem32 directory. If you find it anywhere else then you should be suspicious for sure.

You'll want to keep an eye on this google search for any known viruses.

C:\WINDOWS\System32\svchost.exeSvchost.exe

What is it?
Service Host Process - svchost.exe

What does it do?

Here's a direct quote from MS about this: (source)
Svchost.exe is a generic host process name for services that are run from dynamic-link libraries (DLLs). The Svchost.exe file is located in the %SystemRoot%System32 folder. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. There can be multiple instances of Svchost.exe running at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging.

Svchost.exe groups are identified in the following registry key:

HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionSvchost

Each value under this key represents a separate Svchost group and is displayed as a separate instance when you are viewing active processes. Each value is a REG_MULTI_SZ value and contains the services that run under that Svchost group. Each Svchost group can contain one or more service_names extracted from the following registry key, whose Parameters key contains a ServiceDLL value:

HKEY_LOCAL_MACHINESystemCurrentControlSetServicesService

If you're running Windows XP Home edition then you'll have to download this file HERE and put it in your windows/system32 directory. If you're running XP Pro then you won't need that file since you already have it.

1.) Start --> Run --> cmd
2.) Tasklist /svc >C:ianaginfo.txt

Here's an example of what I got when I issued this command if you'd like to take a look at an example.

A Description of Svchost.exe in Windows XP:
https://support.microsoft.com/en-us/windows?ui=en-US&rs=en-001&ad=US

More Info
More Info

Virus Precaution:
The original file from Microsoft gets placed in the Located in C:WINDOWSSystem32 directory. If you find it anywhere else then you should be suspicious for sure.

You'll want to keep an eye on this google search for any known viruses.

C:\WINDOWS\system32\spoolsv.exeSpoolsv.exe

What is it?
SPOOLer SerVice - spoolsv.exe

What does it do?
spoolsv.exe - The spooler service is responsible for managing spooled print/fax jobs

You will be able to end this through task manager!

More info


--------------------------------------------------------------------------------

Virus Precaution:
The spoolsv.exe which is from Microsoft is located at c:windowsSystem32spoolsv.exe . We've been able to find several viruses that run as spoolsv to trick you.

Backdoor.Ciadoor.B - Symantec Corporation
Hacktool.Privshell - Symantec Corporation
VBS.Masscal.Worm (vbs) - Symantec Corporation
Graybird-A @ Sophos

C:\WINDOWS\Explorer.EXEexplorer.exe

What is it?
Windows Explorer - explorer.exe


What does it do?
explorer.exe - Below is a direct quote from Microsoft found on THIS page:

This is the user shell, which we see as the familiar taskbar, desktop, and so on. This process isn't as vital to the running of Windows as you might expect, and can be stopped (and restarted) from Task Manager, usually with no negative side effects on the system.

I have found that stopping this process is needed sometimes to stop some other processes.

More Info
More Info

Virus Precaution:
The original file from Microsoft gets placed at C:WINDOWSSystem32explorer.exe . if you find it anywhere else then you should be suspicious for sure.

You'll want to keep an eye on this google search for any known viruses. There's only one unique virus found through this search. All of the results are the various names of this single virus.

Deloder-A @ Sophos
MyDoom.B @ Symantec

C:\Acer\Empowering Technology\ePerformance\MemCheck.exeMemCheck.exe
We Don't know! Please post a comment with information about this file
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exejusched.exe

What is it?
Java Update Scheduler - jusched.exe

What does it do?
jusched.exe - This is Sun's Java automatic update utility. If you would like to disable this scheduler then go to your control panel and click on the java module. The go to the updates tab and uncheck "check for updates automatically".

Virus Precautions:
You'll want to keep an eye on this google search for any known viruses. The normal location of jusched.exe is C:Program FilesJavaj2re1.4.2_04injusched.exe. Obviously j2re1.4.2_04 is the version number. At this time my search shows nothing that you need to worry about..

C:\WINDOWS\RTHDCPL.EXERTHDCPL.EXE
RTHDCPL.EXE belongs to Realtek HD Audio Control Panel. You don't need this process running but it will allow you to configure your sound through a taskbar icon. If you're trying to free up resources I'd kill this one from your startup.
C:\Acer\Empowering Technology\eRecovery\eRAgent.exeeRAgent.exe
We Don't know! Please post a comment with information about this file
C:\WINDOWS\ehome\ehtray.exeehtray.exe
ehtray.exe - This is the traybar process for Microsoft Media, this provides easy access to the digital media manager, this is non essential.

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exeeDSloader.exe
Related to eDataSecurity Loader from Acer Empowering Technology.
C:\WINDOWS\system32\SysMonitor.exeUnknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeashDisp.exe

What is it?

ashDisp.exe is an executable file that is included with the avast! anti virus program

What does it do?

Both the virus database and the program itself can be updated automatically. The updates are incremental, i.e. only the new or missing data are downloaded, thus reducing the transfer heavily. The typical size of a virus database update are tens of KB, the program update usually has hundreds of KB.

If your Internet connection is persistent, the updates are performed completely automatically in fixed time intervals. If you connect to the Internet only occasionally, avast! watches your connection and tries to perform the update when you are online.

More info:

https://www.avast.com/fr-fr/index

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exerealsched.exe
What is it?
Real Player Scheduler - realsched.exe

What does it do?
realsched.exe - The Real Player automatic update utility. It has no real functional purpose. I would certainly stop this from running on startup.

Virus Precautions:
You'll want to keep an eye on this google search for any known viruses. The normal location of realsched.exe is C:Program FilesCommon FilesRealUpdate_OBrealsched.exe


.
C:\WINDOWS\system32\ctfmon.exectfmon.exe

What is it?
Language bar AKA Alternative User Input Services - ctfmon.exe

What does it do?
ctfmon.exe - it's an ever annoying helper tool that comes rather unexpectedly at times and liked by nearly nobody.

Ctfmon.exe monitors the active windows and provides text input service support for speech recognition, handwriting recognition, keyboard, translation, and other alternative user input technologies.

Loads of information can be found on microsoft's site here.

Unless you're using anything in that list above you'll want to stop this file from loading!

How do I get rid of it?
There's been a number of threads in our forum as well as others about this. A typical thread can be found here.

control panel --> regional and language options --> languages tab --> details button --> language bar button

Virus Precaution:
Just like so many of the other files I've written about so far, ctfmon.exe is located in the c:windowsSystem32ctfmon.exe. At the time of this writing there isn't any spyware, viruses or anything like that masking itself as this file. If you find any info on one then please let me know!
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exeGoogleToolbarNotifier.exe
We Don't know! Please post a comment with information about this file
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeGoogleDesktop.exe
Google Desktop Search - "a desktop search application that provides full text search over your email, computer files, chats, and the web pages you've viewed. By making your computer searchable, Google Desktop Search puts your information easily within your reach and frees you from having to manually organize your files, emails, and bookmarks"
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeTeaTimer.exe
TeaTimer.exe is Spybot Search and Destroys resident protection which prevents unauthorized system changes. More information can be found here.

Quote:

The Resident TeaTimer is a new tool of Spybot-S&D which perpetually monitors the processes called/initiated. It immediately detects known malicious processes wanting to start and terminates them giving you some options, how to deal with this process in the future: You can set TeaTimer to:

be informed, when the process tries to start again
automatically kill the process
or generally allow the process to run
There is also an option to delete the file associated with this process.

In addition, TeaTimer detects, when something wants to change some critical registry keys. TeaTimer can protect you against such changes again giving you an option: You can either "Allow" or "Deny" the change.

As TeaTimer is always running in the background, it takes some resources of about 5 MB.


C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exeUnknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exeZDWlan.exe
Wireless network utility, please comment about this file and what all it does.
C:\Program Files\SpywareGuard\sgmain.exesgmain.exe
sgmain.exe is SpywareGuard which provides realtime protection from spyware. More information can be found here.

Quote:
The last release was 8-31-2003 and the last spyware definition was released on 1/22/04 but this remains one of the better tools out there that is freely available to help prevent spyware from getting on your machine. Below is a direct quote from the developer about this software;
SpywareGuard provides a real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.

An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware! And you can easily have an anti-virus program running alongside SpywareGuard.

SpywareGuard now also features Download Protection and Browser Hijacking Protection!

Features Listing:

Fast Real-Time Scanning engine - catch and block spyware before it is executed (EXE and CAB files supported) with signature-based scanning for known spyware and heuristic/generic detection capabilities to catch new/mutated spyware
Download Protection - prevent spyware from being download in Internet Explorer
Browser Hijacking Protection - stop browser hijacking activity in real-time
SG LiveUpdate - provides an easy updating solution
Small size - with a small size and small definition sizes, download and updates are quick
Report Capabilities - keep a detailed log of all spyware detected
Spyware files are blocked before being opened or run - they are not simply shut down after they are loaded in memory (and after they have performed their tasks)
It's a free download


C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeaswUpdSv.exe

What is it?

aswUpdSv.exe is an executable file that is included with the avast! anti virus program

What does it do?

aswUpdSv.exe handles automatic updates for the avast anti virus program.

Both the virus database and the program itself can be updated automatically. The updates are incremental, i.e. only the new or missing data are downloaded, thus reducing the transfer heavily. The typical size of a virus database update are tens of KB, the program update usually has hundreds of KB.

If your Internet connection is persistent, the updates are performed completely automatically in fixed time intervals. If you connect to the Internet only occasionally, avast! watches your connection and tries to perform the update when you are online.

More info:

https://www.avast.com/fr-fr/index


C:\Program Files\Alwil Software\Avast4\ashServ.exeashServ.exe

What is it?

ashServ.exe is an executable file that is included with the avast! anti virus program

What does it do?

Both the virus database and the program itself can be updated automatically. The updates are incremental, i.e. only the new or missing data are downloaded, thus reducing the transfer heavily. The typical size of a virus database update are tens of KB, the program update usually has hundreds of KB.

If your Internet connection is persistent, the updates are performed completely automatically in fixed time intervals. If you connect to the Internet only occasionally, avast! watches your connection and tries to perform the update when you are online.

More info:

https://www.avast.com/fr-fr/index

C:\Program Files\SpywareGuard\sgbhp.exesgbhp.exe
sgbhp.exe is a part of spywareguard which is also available as SpywareBlaster. More information can be found here.

Quote:
This program is NOT for scanning and removing spyware that is already on your system but instead it offers protection for you to help prevent the crap from ever getting on your system! For all of you Internet Explorer users it will protect you from an ever growing list of ActiveX related driveby installations that hit so many people. It will also use the restricted zones feature of IE to completely block access to certain known bad domains. Both IE and Mozilla/FireFox users will benefit from ad cookie tracking which is classified as a form of spyware since it can track your visitation to a number of sites that use the same ad company.

C:\WINDOWS\eHome\ehRecvr.exeehRecvr.exe
ehRecvr.exe - This is from Microsoft Windows Media Center, this allows additional support for Microsoft Operating System, this is non essential.

C:\WINDOWS\eHome\ehSched.exeehSched.exe
ehSched.exe - This process is from Microsoft Media center scheduler service it installed sheduled updates to your computer for this product for a safe computer this is important.

C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exekpf4ss.exe
kpf4ss.exe is a part of Kerio Personal Firewall Service.
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exeLSSrvc.exe
The process belongs to the software LightScribe by Hewlett-Packard Company (www.hp.com).
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exekpf4gui.exe
kpf4gui.exe - This is a process from Kerio Personal firewall this process should not be removed for your systems safety.

C:\WINDOWS\system32\nvsvc32.exenvsvc32.exe
What is it?
NVIDIA Driver Helper Service - nvsvc32.exe

What does it do?
nvsvc32.exe - For all of you that have video cards that utilize one of the Nvidia chipsets running under Windows NT4/2k/XP/2k3 they install a driver help service. We have emailed Nvidia asking them about this but haven't been able to get a response. I was able to to end this task without any issues.

There have been a number of reports that say this service is the root of some nasty shutdown slowdowns! Even though I haven't experienced this personally, Black Viper is a source that I trust and he has stated this service has caused extreme slowdowns during shutdown.

There's been a number of rumors posted that state that this is some form of spyware. I have not found it to transmit any form of data while I've been using it. I also don't believe Nvidia is stupid enough to package spyware and send it to their massive installation base.

You'll want to visit nvidia.com for more information about them and their products. You may also want to download the latest drivers from them.

Virus Precaution:
nvsvc32.exe is located at c:windowsSystem32 vsvc32.exe . We've been unable to find any threats that run as nvsvc32.exe to trick you.

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeashMaiSv.exe

What is it?

ashMaiSv.exe is an executable file that is included with the avast! anti virus program

What does it do?

Both the virus database and the program itself can be updated automatically. The updates are incremental, i.e. only the new or missing data are downloaded, thus reducing the transfer heavily. The typical size of a virus database update are tens of KB, the program update usually has hundreds of KB.

If your Internet connection is persistent, the updates are performed completely automatically in fixed time intervals. If you connect to the Internet only occasionally, avast! watches your connection and tries to perform the update when you are online.

More info:

https://www.avast.com/fr-fr/index

C:\Program Files\Alwil Software\Avast4\ashWebSv.exeashwebsv.exe

What is it?

ashwebsv.exe is a file associated with Avast antivirus software.

What does it do?

Both the virus database and the program itself can be updated automatically. The updates are incremental, i.e. only the new or missing data are downloaded, thus reducing the transfer heavily.

More info:

Read more about avast antivirus software

[url=https://www.avast.com/index]@ avast.com[/url]

C:\WINDOWS\system32\dllhost.exeDLLhost.exe

What is it?
DCOM DLL Host Process - dllhost.exe


What does it do?
dllhost.exe - DCOM DLL host process supports DLL-based COM objects and is used by many Windows programs. .NET Runtime and IIS are probably the two most common applications that use this process.

What's DCOM? "A wire protocol that enables software components to communicate directly over a network"

More Info
More Info

Virus Precaution:
The original file from Microsoft gets placed in the C:WINDOWSSystem32dllhost.exe directory. if you find it anywhere else then you should be suspicious for sure.

You'll want to keep an eye on this google search for any known viruses. There's only one unique virus found through this search. All of the results are the various names of this single virus.

Nachia-A @ Sophos

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exekpf4gui.exe
kpf4gui.exe - This is a process from Kerio Personal firewall this process should not be removed for your systems safety.

C:\WINDOWS\eHome\ehmsas.exeehmsas.exe
ehmsas.exe - This is a process from Microsoft Windows Media Center, this is? descibed as the Windows Media Center Aggregator Service, this is important for a secure system.

C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exeGoogleDesktopIndex.exe
Google Desktop Search - "a desktop search application that provides full text search over your email, computer files, chats, and the web pages you've viewed. By making your computer searchable, Google Desktop Search puts your information easily within your reach and frees you from having to manually organize your files, emails, and bookmarks"
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exeGoogleDesktopCrawl.exe
Google Desktop Search - "a desktop search application that provides full text search over your email, computer files, chats, and the web pages you've viewed. By making your computer searchable, Google Desktop Search puts your information easily within your reach and frees you from having to manually organize your files, emails, and bookmarks"
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exeGoogleDesktopOE.exe
GoogleDesktopOE.exe - This is a process from Google Desktop Search utility it integrates with your Windows desktop, this is non essential.

C:\WINDOWS\System32\svchost.exeSvchost.exe

What is it?
Service Host Process - svchost.exe

What does it do?

Here's a direct quote from MS about this: (source)
Svchost.exe is a generic host process name for services that are run from dynamic-link libraries (DLLs). The Svchost.exe file is located in the %SystemRoot%System32 folder. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. There can be multiple instances of Svchost.exe running at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging.

Svchost.exe groups are identified in the following registry key:

HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionSvchost

Each value under this key represents a separate Svchost group and is displayed as a separate instance when you are viewing active processes. Each value is a REG_MULTI_SZ value and contains the services that run under that Svchost group. Each Svchost group can contain one or more service_names extracted from the following registry key, whose Parameters key contains a ServiceDLL value:

HKEY_LOCAL_MACHINESystemCurrentControlSetServicesService

If you're running Windows XP Home edition then you'll have to download this file HERE and put it in your windows/system32 directory. If you're running XP Pro then you won't need that file since you already have it.

1.) Start --> Run --> cmd
2.) Tasklist /svc >C:ianaginfo.txt

Here's an example of what I got when I issued this command if you'd like to take a look at an example.

A Description of Svchost.exe in Windows XP:
https://support.microsoft.com/en-us/windows?ui=en-US&rs=en-001&ad=US

More Info
More Info

Virus Precaution:
The original file from Microsoft gets placed in the Located in C:WINDOWSSystem32 directory. If you find it anywhere else then you should be suspicious for sure.

You'll want to keep an eye on this google search for any known viruses.

C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXEVERSION TRADUITE ORIGINALE.EXE
We Don't know! Please post a comment with information about this file

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*http://fr.yahoo.comInternet Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don't know here clean this line!
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don't know here clean this line!
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.microsoft.com/fr-fr/?ref=go Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don't know here clean this line!
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.comInternet Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don't know here clean this line!
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-InternetInternet Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don't know here clean this line!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1Internet Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don't know here clean this line!
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensInternet Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don't know here clean this line!
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllDefault Search Page
When using the search toolbar this is your default search. Should be either yahoo, msn or google cause all others suck
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllUnnamed BHO
Ycomp*_*_*_*.dll yt.dll - Yahoo Companion http://companion.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllAcroIEhelper.ocx AcroIEhelper.dll - Adobe Acrobat reader http://www.adobe.com/products/acrobat/reads
AcroIEhelper.ocx AcroIEhelper.dll - Adobe Acrobat reader https://get2.adobe.com/reader/otherversions/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllSDhelper.dll - SpyBot Search&Destroy https://www.safer-networking.org/
SDhelper.dll - SpyBot Search&Destroy https://www.safer-networking.org/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllUnnamed BHO
ssv.dll - Related to Sun_Java_software https://www.java.com/en/download/
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dllUnnamed BHO
WindowsLiveLogin.dll - Microsoft Windows_Live https://support.microsoft.com/en-us/windows/windows-essentials-2707b879-5004-4349-c4a4-e5900945f2a9
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dllgoogletoolbar.dll googletoolbar*.dll googlenav.dll googletoolbar_en_*.**-big.dll googletoolbar_en_*.
googletoolbar.dll googletoolbar*.dll googlenav.dll googletoolbar_en_*.**-big.dll googletoolbar_en_*.*.**-deleon.dll - Google Toolbar http://www.google.com/intl/fr/toolbar/ie/index.html
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllUnnamed BHO
msntb.dll - MSN Toolbar https://www.bing.com/?toHttps=1&redig=C5A5F4D5ECA345F689A948C005FF88A7
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dllUnknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllUnknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dllUnknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllUnknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"SunJavaUpdateSched
"Checks with Sun's Java updates site to see if newer Java versions are available. Visit https://www.oracle.com/java/technologies/ or just run the Java Plug-In Control Panel"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXEUnknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXERTHDCPL
Realtek HD Audio Sound Effect Manager
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitNvMediaCenter
NvTaskbarInit"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupNvCplDaemon
NvCplDaemon"
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exeUnknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
O4 - HKLM\..\Run: [LaunchApp] AlaunchLaunchApp
"Acer Launch tool utility on laptops"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exeeRecoveryService
"Acer Notebook related. Acer eRecovery allows the user to restore the operating system or backup the current system profile
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exeehTray
"Windows XP Media Center Edition 2005. Enables the user to access Windows Messenger from within Media Center"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0eDataSecurity Loader
"Part of Acer Empowering Technology. ""Acer eDataSecurity Management is a handy file encryption utility that protects files from being accessed by unauthorized persons
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exeUnknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /idleUnknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exeTrojanScanner
"Trojan Remover from Simply Super Software. Scans for an removes trojan viruses where anti-virus software may have not detected or removed"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeAvast!
"Avast! anti-virus software"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osbootTkBellExe
"Application Scheduler installed along with RealOne Player. Once installed
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeCtfmon.exe
"CoolWebSearch Ctfmon32 parasite variant"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exeswg
"Companion to the Google Toolbar that lets you keep Google as your default search engine and prevents this setting from being changed without your consent. Shouldn't remain in memory after the feature is disabled as it's a bug - see here"
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupGoogle Desktop Search
"Google Desktop Search - ""a desktop search application that provides full text search over your email
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeSpybotSD TeaTimer
"TeaTimer is a new tool of Spybot S&D - spam filter which perpetually monitors the processes called/initiated. It immediately detects known malicious processes wanting to start and terminates them giving you some options
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\erunt\AUTOBACK.EXE

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: Acer Empowering Technology.lnk = ?

O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentInternet Explorer Restrictions
Spybot uses this to lock your homepage. Otherwise ask your administrator. If you're the administrator and you don't know what this is go ahead and clear it.
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentInternet Explorer Restrictions
Spybot uses this to lock your homepage. Otherwise ask your administrator. If you're the administrator and you don't know what this is go ahead and clear it.
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htmInternet Right Click Menu
Most of the time this is garbage leave it only if you actually use this function. Otherwise for the sake of cleanliness get rid of this sucker. A wise man once said Cleanliness is next to godliness
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites Right Click Menu
Most of the time this is garbage leave it only if you actually use this function. Otherwise for the sake of cleanliness get rid of this sucker. A wise man once said Cleanliness is next to godliness
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dllSun Java Console
Related to Sun Java
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dllSun Java Console
Related to Sun Java
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.caboscan8.cab
Bitdefender
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLExtra Protocols
There's a few known hijackers that use this but I haven't found anything good come out of these
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLExtra Protocols
There's a few known hijackers that use this but I haven't found anything good come out of these
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllAppInit_DLLs Registry value autorun
Very few known *good* purposes of this. Norton Cleansweep being the headliner of good items
Loads a .dll into memory when a user logs in. Frequently used by VERY bad hijackers.
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllShellServiceObjectDelayLoad Registry key autorun
HJT automatically weeds out the good ones here so we'll flag this as bad. Consult a HJT expert before cleaning anything.
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exeUnknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeavast! iAVS4 Control Service
Related to Avast AntiVirus
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exeavast! Antivirus
Related to Avast AntiVirus
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)File Missing
When a file is missing, you should always have HijackThis fix the item.
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)File Missing
When a file is missing, you should always have HijackThis fix the item.
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeUnknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exeInstallDriver Table Manager
Related to Macrovision Corporation.
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeiPod Service
Related to Apple iPod.
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exeUnknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exeLightScribeService Direct Disc Labeling Service

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeNVIDIA Display Driver Service
NVidia


Copyright 2005 I Am Not A Geek Inc.



2006 accounting software
Great offer on 2006 accounting business microsoft office small

www.best-shopping-site.com
merci de me dire quel outils utiliser
a +