Comportement bizarre

macmic · le 25 juillet 2006

Bonsoir,

Je n'avais pas encore pris connaissance de votre dernier message car je pensais être sorti de mes problèmes.J'ai contacter vos collègues de l'optimisation mais n'ai pas encore fait tout ce qu'ils m'ont indiqué.

Depuis aujourd'hui les symptomes décrits tout au début sont réapparus, à savoir

- série de "beep" à l'allumage du micro avant le lancement de windows

- clignotement intempestif de l'item "fichier" avec perte de la main. Quand ce clignotement apparait il devient impossible de faire quoi que ce soit ni saisie, ni lancement d'application. cela arrive surtout avec les logigiels microsoft office word et excel ( on ne peut plus masquer ou afficher des lignes, il faut taper plusieurs fois pour saisir un chiffre). ainsi que sur la messagerie. On arrive quelquefois à stopper le clignotement en appuyant sur une touche fonction "esc", F1.... mais quelquefois on pert alors tout ce qu'on vient de saisir (c'est d'ailleurs la deuxième fois que je tape ce message car tout s'est effacé.

- les listes correspondant aux différents items "fichiers", "edition", .... s'ouvre toutes seules de temps en temps.

- Impossibilité d'utiliser le clic droit de la souris

Tout cela est très stressant et je commence à craquer

J'ai fait un scan avec Panda qui a détecté 7 nouveaux espions, avec Ewido qui n'a rien trouvé, j'ai passé ATF-Cleaner, Easycleaner et JV16 mais les symptomes persistent

Merci de bien vouloir m'apporter de nouveau votre aide.

voilà la log de panda et celle d'Hijacktis

Incident Statut Analyse

Spyware:Cookie/Bluestreak Signalé C:\Documents and Settings\MARC\Cookies\marc@bluestreak[2].txt

Spyware:Cookie/Doubleclick Signalé C:\Documents and Settings\MARC\Cookies\marc@doubleclick[2].txt

Spyware:Cookie/Mediaplex Signalé C:\Documents and Settings\MARC\Cookies\marc@mediaplex[1].txt

Spyware:Cookie/Serving-sys Signalé C:\Documents and Settings\MARC\Cookies\marc@serving-sys[2].txt

Spyware:Cookie/Tradedoubler Signalé C:\Documents and Settings\MARC\Cookies\marc@tradedoubler[1].txt

Spyware:Cookie/Weborama Signalé C:\Documents and Settings\MARC\Cookies\marc@weborama[1].txt

Spyware:Cookie/Xiti Signalé C:\Documents and Settings\MARC\Cookies\marc@xiti[1].txt

Logfile of HijackThis v1.99.1

Scan saved at 14:42:56, on 25/07/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

C:\Program Files\Norton Internet Security\ISSVC.exe

C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\Program Files\TOSHIBA\TOSHIBA Picture Enhancement Utility\TosPEHK.exe

C:\Program Files\TOSHIBA\Tvs\TvsTray.exe

C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\TFNF5.exe

C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\PRISMSVR.EXE

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\00THotkey.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\st120g.exe

C:\Program Files\Numericable\Mon Assistant Internet\bin\mad.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Numericable\Mon Assistant Internet\bin\mpbtn.exe

C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Outlook Express\msimn.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\OPScan.exe

C:\Program Files\Logiciels installes\Hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE /P41 "EPSON Stylus Photo RX620 Series (Copie 1)" /O6 "USB001" /M "Stylus Photo RX620"

O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series (Copie 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE /P41 "EPSON Stylus Photo RX620 Series (Copie 2)" /O5 "TBP1:" /M "Stylus Photo RX620"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [utilitaire d'enrichissement d'image Toshiba] C:\Program Files\TOSHIBA\TOSHIBA Picture Enhancement Utility\TosPEHK.exe

O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [TFNF5] TFNF5.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\PRISMSVR.EXE" /APPLY

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB002" /M "Stylus D68"

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe

O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

O4 - HKCU\..\Run: [itLauncherAutoStart] C:\PROGRA~1\INSTAN~1\bin\ITLAUN~1.EXE -Embedding /AutoStart

O4 - Global Startup: Bluetooth Monitor.lnk = ?

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Mon Assistant Internet.lnk = C:\Program Files\Numericable\Mon Assistant Internet\bin\matcli.exe

O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

O4 - Global Startup: SpeedTouch 120g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\st120g.exe

O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT

O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE

O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE

O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {D147430C-86CD-4E6F-A807-93FBC496D201} (NCSLayeredView Class) - http://sallevirtuelle.cotesdarmor.fr/ecwplugins/ncs.cab

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe

O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

flopat · le 28 juillet 2006

Comme je vous l'ndique dans le message précédent envoyé par micmac, le comportement² de mon ordinateur est de nouveau bizarre.

J'a réussi à faire tout ce qui n'avait pas marché et vous envoie donc le rapport Kasperky, Silent runners et hijackthis.

Merci de bien vouloir m'aider de nouveau, je pars en vacances demain et aurais aimé pouvoir amené mon micro en état de marche. Je n'aurai pas internet

Friday, July 28, 2006 4:01:39 PM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.83.0

Kaspersky Anti-Virus database last update: 28/07/2006

Kaspersky Anti-Virus database records: 210531

Scan Settings

Scan using the following antivirus database extended

Scan Archives true

Scan Mail Bases true

Scan Target My Computer

C:\

D:\

Scan Statistics

Total number of scanned objects 95352

Number of viruses found 0

Number of infected objects 0 / 0

Number of suspicious objects 0

Duration of the scan process 00:57:14

Infected Object Name Virus Name Last Action

C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Prism\14756a33 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped

C:\Documents and Settings\All Users\Documents\TV enregistrée\TempRec\TempSBE\MSDVRMM_343239219_2097152_63453 Object is locked skipped

C:\Documents and Settings\All Users\Documents\TV enregistrée\TempRec\TempSBE\SBE1.tmp Object is locked skipped

C:\Documents and Settings\All Users\Documents\TV enregistrée\TempRec\{87BE241C-71A3-45BB-B8C0-5BEF0E178470}.TmpSBE Object is locked skipped

C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\MARC\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\MARC\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\MARC\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\MARC\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\MARC\Local Settings\Historique\History.IE5\MSHist012006072820060729\index.dat Object is locked skipped

C:\Documents and Settings\MARC\Local Settings\Temp\~DF6883.tmp Object is locked skipped

C:\Documents and Settings\MARC\Local Settings\Temp\~DF6999.tmp Object is locked skipped

C:\Documents and Settings\MARC\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\MARC\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\MARC\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SNDALRT.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SNDCON.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SNDDBG.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SNDFW.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SNDIDS.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SNDSYS.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped

C:\Program Files\Motive\AsstCommon\log\MotiveDirectory.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0637NAV~.TMP Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0695NAV~.TMP Object is locked skipped

C:\Program Files\Numericable\Mon Assistant Internet\log\mad.log Object is locked skipped

C:\Program Files\Numericable\Mon Assistant Internet\log\mpbtn.log Object is locked skipped

C:\Program Files\Numericable\Mon Assistant Internet\SmartBridge\AlertFilter.log Object is locked skipped

C:\Program Files\Numericable\Mon Assistant Internet\SmartBridge\log\httpclient.log Object is locked skipped

C:\Program Files\Numericable\Mon Assistant Internet\SmartBridge\SmartBridge.log Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{A13C7A4E-F5F7-4C03-A681-969D661F2F13}\RP10\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{578B47FC-45C7-4CC1-BCC9-B361BCE15F0F}.crmlog Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

"Silent Runners.vbs", revision 46, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"SpybotSD TeaTimer" = "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]

"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

"TOSCDSPD" = "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" ["TOSHIBA"]

"MoneyAgent" = ""C:\Program Files\Microsoft Money\System\mnyexpr.exe"" [MS]

"ItLauncherAutoStart" = "C:\PROGRA~1\INSTAN~1\bin\ITLAUN~1.EXE -Embedding /AutoStart" ["Winwise"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"EPSON Stylus Photo RX620 Series (Copie 1)" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE /P41 "EPSON Stylus Photo RX620 Series (Copie 1)" /O6 "USB001" /M "Stylus Photo RX620"" ["SEIKO EPSON CORPORATION"]

"EPSON Stylus Photo RX620 Series (Copie 2)" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE /P41 "EPSON Stylus Photo RX620 Series (Copie 2)" /O5 "TBP1:" /M "Stylus Photo RX620"" ["SEIKO EPSON CORPORATION"]

"ccApp" = ""C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]

"PadTouch" = "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" ["TOSHIBA"]

"Utilitaire d'enrichissement d'image Toshiba" = "C:\Program Files\TOSHIBA\TOSHIBA Picture Enhancement Utility\TosPEHK.exe" ["TOSHIBA Corp."]

"Tvs" = "C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" ["TOSHIBA Corporation"]

"TPSMain" = "TPSMain.exe" ["TOSHIBA Corporation"]

"TouchED" = "C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" ["TOSHIBA Corporation"]

"TosHKCW.exe" = ""C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"" ["TOSHIBA CORPORATION"]

"TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]

"TFNF5" = "TFNF5.exe" ["TOSHIBA Corp."]

"TFncKy" = "TFncKy.exe" ["TOSHIBA Corporation"]

"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]

"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]

"SoundMAXPnP" = "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" ["Analog Devices, Inc."]

"SoundMAX" = "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray" ["Analog Devices, Inc."]

"SmoothView" = "C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" ["TOSHIBA Corporation"]

"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

"PRISMSVR.EXE" = ""C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\PRISMSVR.EXE" /APPLY" ["Conexant Systems, Inc."]

"nwiz" = "nwiz.exe /installquiet" ["NVIDIA Corporation"]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"NDSTray.exe" = "NDSTray.exe" ["TOSHIBA CORPORATION"]

"Motive SmartBridge" = "C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe" ["Motive Communications, Inc."]

"Microsoft Works Update Detection" = "C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" ["Microsoft® Corporation"]

"LtMoh" = "C:\Program Files\ltmoh\Ltmoh.exe" ["Agere Systems"]

"EPSON Stylus D68 Series" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB002" /M "Stylus D68"" ["SEIKO EPSON CORPORATION"]

"ehTray" = "C:\WINDOWS\ehome\ehtray.exe" [MS]

"CFSServ.exe" = "CFSServ.exe -NoClient" ["TOSHIBA"]

"BluetoothAuthenticationAgent" = "rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" [MS]

"Apoint" = "C:\Program Files\Apoint2K\Apoint.exe" ["Alps Electric Co., Ltd."]

"AGRSMMSG" = "AGRSMMSG.exe" ["Agere Systems"]

"00THotkey" = "C:\WINDOWS\system32\00THotkey.exe" ["TOSHIBA Corporation"]

"000StTHK" = "000StTHK.exe" [null data]

"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Yahoo! Companion BHO"

\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll" ["Yahoo! Inc."]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

{9ECB9560-04F9-4bbc-943D-298DDF1699E1}\(Default) = "Norton Internet Security"

-> {HKLM...CLSID} = "CNisExtBho Class"

\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Google Toolbar Helper"

\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"

-> {HKLM...CLSID} = "CNavExtBho Class"

\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\(Default) = (no title provided)

-> {HKLM...CLSID} = "EpsonToolBandKicker Class"

\InProcServer32\(Default) = "C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"

-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"

\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

-> {HKLM...CLSID} = "Portable Media Devices"

\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

-> {HKLM...CLSID} = "Portable Media Devices Menu"

\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{C4213067-97B3-4929-9B98-B5600FBBBA13}" = "TouchED"

-> {HKLM...CLSID} = "TouchShellExt Class"

\InProcServer32\(Default) = "C:\PROGRA~1\TOSHIBA\TouchED\TouchED.dll" ["TOSHIBA Corporation"]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

-> {HKLM...CLSID} = "DesktopContext Class"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

-> {HKLM...CLSID} = "Desktop Explorer"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

-> {HKLM...CLSID} = "nView Desktop Context Menu"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

-> {HKLM...CLSID} = "NVIDIA CPL Extension"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Outlook File Icon Extension"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]

"{A5D35F9F-6A11-4EAA-B70B-7BB6FE32663A}" = "XnView Shell Extension"

-> {HKLM...CLSID} = "XnViewShell Class"

\InProcServer32\(Default) = "C:\Program Files\XnView\ShellEx\XnViewShellExt.dll" [empty string]

"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"

-> {HKLM...CLSID} = "Shell Search Band"

\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"

-> {HKLM...CLSID} = "RealOne Player Context Menu Class"

\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]

"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"

-> {HKLM...CLSID} = "RecordNow! SendToExt"

\InProcServer32\(Default) = "C:\Program Files\Sonic\RecordNow!\shlext.dll" [null data]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

INFECTION WARNING! WgaLogon\DLLName = "WgaLogon.dll" [MS]

HKLM\Software\Classes\PROTOCOLS\Filter\

INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

IXnView\(Default) = "{A5D35F9F-6A11-4EAA-B70B-7BB6FE32663A}"

-> {HKLM...CLSID} = "XnViewShell Class"

\InProcServer32\(Default) = "C:\Program Files\XnView\ShellEx\XnViewShellExt.dll" [empty string]

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"

-> {HKLM...CLSID} = "IEContextMenu Class"

\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"

-> {HKLM...CLSID} = "IEContextMenu Class"

\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

Active Desktop and Wallpaper:

-----------------------------

Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\MARC\Application Data\Microsoft\Internet Explorer\Papier peint de Internet Explorer.bmp"

Enabled Screen Saver:

---------------------

HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\system32\ssmypics.scr" [MS]

Startup items in "MARC" & "All Users" startup folders:

------------------------------------------------------

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

"Bluetooth Monitor" -> shortcut to: "C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe" [null data]

"Lancement rapide d'Adobe Reader" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]

"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]

"Mon Assistant Internet" -> shortcut to: "C:\Program Files\Numericable\Mon Assistant Internet\bin\matcli.exe -boot" ["Motive Communications, Inc."]

"NkbMonitor.exe" -> shortcut to: "C:\Program Files\Nikon\PictureProject\NkbMonitor.exe" ["Nikon Corporation"]

"SpeedTouch 120g Wireless USB Monitor" -> shortcut to: "C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\st120g.exe" [empty string]

Enabled Scheduled Tasks:

------------------------

"Critical0" -> WARNING -- The file "Critical0.job" is corrupt! (no executable)

"Norton AntiVirus - Analyser mon ordinateur - MARC" -> launches: "C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]

"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]

Winsock2 Service Provider DLLs:

-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000004\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 28

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:

------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"

-> {HKLM...CLSID} = "Norton AntiVirus"

\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"

-> {HKLM...CLSID} = "&Google"

\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}"

-> {HKLM...CLSID} = "Norton Internet Security"

\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}"

-> {HKLM...CLSID} = "EPSON Web-To-Page"

\InProcServer32\(Default) = "C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]

"{F2E259E8-0FC8-438C-A6E0-342DD80FA53E}"

-> {HKLM...CLSID} = "Copernic Agent"

\InProcServer32\(Default) = "C:\Program Files\Copernic Agent\CopernicAgentExt.dll" ["Copernic Technologies Inc."]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"

-> {HKLM...CLSID} = "&Google"

\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"

-> {HKLM...CLSID} = "Yahoo! Companion"

\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll" ["Yahoo! Inc."]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"

-> {HKLM...CLSID} = "Norton AntiVirus"

\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" = (no title provided)

-> {HKLM...CLSID} = "EPSON Web-To-Page"

\InProcServer32\(Default) = "C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]

"{F2E259E8-0FC8-438C-A6E0-342DD80FA53E}" = (no title provided)

-> {HKLM...CLSID} = "Copernic Agent"

\InProcServer32\(Default) = "C:\Program Files\Copernic Agent\CopernicAgentExt.dll" ["Copernic Technologies Inc."]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)

-> {HKLM...CLSID} = "Yahoo! Companion"

\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll" ["Yahoo! Inc."]

"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Norton Internet Security"

-> {HKLM...CLSID} = "Norton Internet Security"

\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"

-> {HKLM...CLSID} = "Norton AntiVirus"

\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)

-> {HKLM...CLSID} = "&Google"

\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\

{21569614-B795-46B1-85F4-E737A8DC09AD}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Shell Search Band"

\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

{6F480F82-C3A6-4D35-96F7-B297AD49FBE8}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Résultats de Copernic Agent"

\InProcServer32\(Default) = "C:\Program Files\Copernic Agent\CopernicAgentExt.dll" ["Copernic Technologies Inc."]

{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = (no title provided)

-> {HKLM...CLSID} = "&Rechercher"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

{6F480F82-C3A6-4D35-96F7-B297AD49FBE8}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Résultats de Copernic Agent"

\InProcServer32\(Default) = "C:\Program Files\Copernic Agent\CopernicAgentExt.dll" ["Copernic Technologies Inc."]

{F2E259E8-0FC8-438C-A6E0-342DD80FA53E}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Copernic Agent"

\InProcServer32\(Default) = "C:\Program Files\Copernic Agent\CopernicAgentExt.dll" ["Copernic Technologies Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Console Java (Sun)"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"

-> {HKCU...CLSID} = "Java Plug-in"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

{193B17B0-7C9F-4D5B-AEAB-8D3605EFC084}\

"MenuText" = "Démarrer Copernic Agent"

"Exec" = "C:\PROGRA~1\COPERN~1\COPERN~1.EXE" ["Copernic Technologies Inc."]

{688DC797-DC11-46A7-9F1B-445F4F58CE6E}\

"ButtonText" = "Copernic Agent"

"Exec" = "C:\PROGRA~1\COPERN~1\COPERN~1.EXE" ["Copernic Technologies Inc."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Recherche"

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

Miscellaneous IE Hijack Points

------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):

[strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"

Missing lines (compared with English-language version):

[strings]: 1 line

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\

"{BE89472C-B803-4D1D-9A9A-0A63660E0FE3}" = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\PROGRA~1\COPERN~1\COPERN~1.DLL" ["Copernic Technologies Inc."]

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

Bluetooth Support Service, BthServ, "C:\WINDOWS\system32\svchost.exe -k bthsvcs" {"C:\WINDOWS\System32\bthserv.dll" [MS]}

ConfigFree Service, CFSvcs, "C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe" ["TOSHIBA CORPORATION"]

ISSvc, ISSVC, ""C:\Program Files\Norton Internet Security\ISSVC.exe"" ["Symantec Corporation"]

Machine Debug Manager, MDM, ""C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe"" [MS]

Media Center Extender Service, McrdSvc, "C:\WINDOWS\ehome\mcrdsvc.exe" [MS]

Media Center Receiver Service, ehRecvr, "C:\WINDOWS\eHome\ehRecvr.exe" [MS]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

Service de planification Media Center, ehSched, "C:\WINDOWS\eHome\ehSched.exe" [MS]

Service Norton AntiVirus Auto-Protect, navapsvc, ""C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]

SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."]

Symantec Core LC, Symantec Core LC, ""C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe"" ["Symantec Corporation"]

Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]

Symantec Network Drivers Service, SNDSrvc, ""C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]

Symantec Network Proxy, ccProxy, ""C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe"" ["Symantec Corporation"]

Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]

Print Monitors:

---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\

EPSON Stylus D68 Series 2KMonitor5E\Driver = "E_FLMAAE.DLL" ["SEIKO EPSON CORPORATION"]

EPSON Stylus Photo RX620 Series 2KMonitor5E\Driver = "E_FLM9HE.DLL" ["SEIKO EPSON CORPORATION"]

----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

use the -supp parameter or answer "No" at the first message box.

---------- (total run time: 36 seconds, including 13 seconds for message boxes)

Logfile of HijackThis v1.99.1

Scan saved at 14:43:49, on 28/07/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

C:\Program Files\Norton Internet Security\ISSVC.exe

C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\Program Files\TOSHIBA\TOSHIBA Picture Enhancement Utility\TosPEHK.exe

C:\Program Files\TOSHIBA\Tvs\TvsTray.exe

C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\TFNF5.exe

C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\PRISMSVR.EXE

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\00THotkey.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\st120g.exe

C:\Program Files\Numericable\Mon Assistant Internet\bin\mad.exe

C:\Program Files\Numericable\Mon Assistant Internet\bin\mpbtn.exe

C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NSMdtr.exe