Coolwebsearch? entre autres?? !!

Bonjour tout le monde!

Comme tu m'as conseillé, moe, j'ouvre un nouveau topic pour mon pb.

je rappelle vite fait tout ce que j'ai déjà dit dans le précédent message :

"

le problème est un trojandownloader, que norton 2004 détecte dans winsocks5.exe, et que adaware détecte dans les H-KEYS comme un coolwebsearch, au nombre de 6, à chaque fois.
Adaware dit qu'il supprime le fichier ( ce qui n'est pas le cas puisqu'à chaque nouveau scan il redétecte les mêmes virus ) et Norton dit qu'il n'y arrive pas.

ps: le pc infecté n'est pas celui à partir duquel je poste le msg. le pc infecté n'arrive plus à se connecter à internet, il n'y a que msn qui marche. et norton fait une boucle infernale disant qu'il a repéré le virus puis qu'il n'a pas réussi à s'en débarasser, je clique sur "ok", et il recommence...indéfiniment.
ps2: le pc infecté est en réseau avec celui à partir duquel je poste le msg, y a t'il un risque de contamination?

"

depuis ceci, hier soir, j'ai l'impression d'avoir un nouveau problème en plus, car norton détecte en plus :

trojan.abwiz.d, dans le fichier c:\windows\system32\symcsvc.ex
qu'il lui est impossible de réparer, ni d'accéder.

---------------------

quoiqu'il en soit, voici le rapport hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 22:10:03, on 24/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\inet20081\services.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\winsocks5.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\windows\bxvpkkv.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\PROGRA~1\Wanadoo\ALERTM~1.EXE
d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
d:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\FTRTSVC.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\palm\Hotsync.exe
D:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Messenger\msmsgs.exe
D:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\Domi\LOCALS~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://abcsearch4u.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://abcsearch4u.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://abcsearch4u.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
F3 - REG:win.ini: run=C:\WINDOWS\inet20081\services.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20081\services.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Microsoft standard protector] C:\WINDOWS\winsocks5.exe
O4 - HKLM\..\Run: [avast!] d:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\symcsvc.exe
O4 - HKCU\..\Run: [itvxcys] c:\windows\xfmgiwl.exe
O4 - HKCU\..\Run: [jcwdvsq] c:\windows\bxvpkkv.exe
O4 - HKCU\..\Run: [riacgpn] c:\windows\bxvpkkv.exe
O4 - HKCU\..\Run: [kgrvgon] c:\windows\bxvpkkv.exe
O4 - HKCU\..\Run: [xcpkqgi] c:\windows\bxvpkkv.exe
O4 - HKCU\..\Run: [bkprajr] c:\windows\bxvpkkv.exe
O4 - HKCU\..\Run: [caajwqe] c:\windows\bxvpkkv.exe
O4 - HKCU\..\Run: [mvpkcis] c:\windows\bxvpkkv.exe
O4 - HKCU\..\Run: [hldoula] c:\windows\bwfuyce.exe
O4 - HKCU\..\Run: [cstrjnt] c:\windows\algncqr.exe
O4 - HKCU\..\Run: [cxxtlbb] c:\windows\algncqr.exe
O4 - HKCU\..\Run: [iajcbih] c:\windows\algncqr.exe
O4 - HKCU\..\Run: [pybabtg] c:\windows\algncqr.exe
O4 - HKCU\..\Run: [sjrmouc] c:\windows\algncqr.exe
O4 - HKCU\..\Run: [norerrp] c:\windows\algncqr.exe
O4 - HKCU\..\Run: [famypdj] c:\windows\algncqr.exe
O4 - HKCU\..\Run: [iviqmhs] c:\windows\algncqr.exe
O4 - HKCU\..\Run: [fgoweil] c:\windows\algncqr.exe
O4 - HKCU\..\Run: [auflaym] c:\windows\algncqr.exe
O4 - HKCU\..\Run: [wwvxdev] c:\windows\algncqr.exe
O4 - HKCU\..\Run: [rfkfwdd] c:\windows\algncqr.exe
O4 - HKCU\..\Run: [cjjifok] c:\windows\algncqr.exe
O4 - HKCU\..\Run: [foiayqv] c:\windows\algncqr.exe
O4 - HKCU\..\Run: [qpqkwnp] c:\windows\brbwnvp.exe
O4 - HKCU\..\Run: [smedgyc] c:\windows\brbwnvp.exe
O4 - HKCU\..\Run: [uyccayn] c:\windows\brbwnvp.exe
O4 - HKCU\..\Run: [ynqyyfd] c:\windows\brbwnvp.exe
O4 - HKCU\..\Run: [kqfvpuf] c:\windows\brbwnvp.exe
O4 - HKCU\..\Run: [jepokgg] c:\windows\brbwnvp.exe
O4 - HKCU\..\Run: [khuoupp] c:\windows\brbwnvp.exe
O4 - HKCU\..\Run: [cowmqqi] c:\windows\brbwnvp.exe
O4 - HKCU\..\Run: [alfdkrt] c:\windows\brbwnvp.exe
O4 - HKCU\..\Run: [htcqgwg] c:\windows\brbwnvp.exe
O4 - HKCU\..\Run: [fhjrsgg] c:\windows\brbwnvp.exe
O4 - HKCU\..\Run: [xuusbwy] c:\windows\brbwnvp.exe
O4 - HKCU\..\Run: [xwccvkg] c:\windows\brbwnvp.exe
O4 - HKCU\..\Run: [nvndsrp] c:\windows\brbwnvp.exe
O4 - HKCU\..\Run: [psnrspd] c:\windows\brbwnvp.exe
O4 - HKCU\..\Run: [ihyaqmr] c:\windows\brbwnvp.exe
O4 - HKCU\..\Run: [mpokmiu] c:\windows\brbwnvp.exe
O4 - HKCU\..\Run: [yiycige] c:\windows\brbwnvp.exe
O4 - HKCU\..\Run: [hrfeshg] c:\windows\brbwnvp.exe
O4 - HKCU\..\Run: [ymeerca] c:\windows\brbwnvp.exe
O4 - HKCU\..\Run: [ryfqwoe] c:\windows\brbwnvp.exe
O4 - HKCU\..\Run: [ifxlqsi] c:\windows\brbwnvp.exe
O4 - HKCU\..\Run: [ccsipnn] c:\windows\brbwnvp.exe
O4 - HKCU\..\Run: [ucfhvoy] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [rnujwuo] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [fjgpbjj] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [wbotmnu] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [bljisan] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [bgyhhhi] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [utqjfeq] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [mijapeq] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [ymstvdc] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [ndbrrxe] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [xowyevc] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [rberraa] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [isbjcex] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [ebyemtf] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [xdngyuv] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [mderycm] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [gfwbfwj] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [uxlctfw] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [nppqhtf] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [oymmrxm] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [ovlokys] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [kucdqdd] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [owfswug] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [nucthoj] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [hjwhqyi] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [sclfvbf] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [dxtbyof] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [gvqgbvf] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [cuuvbqi] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [pvsxajl] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [gxrrtnx] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [pkrejls] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [shltner] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [ksukfmn] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [hmncxbg] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [qfhehil] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [lqqeyef] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [mliahcf] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [etvnvrp] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [cjfwypj] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [ihppyeg] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [qsjvmdh] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [dubbghe] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [wurryba] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [ynalaly] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [mqposim] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [ynmamgq] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [minhwak] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [ssuwyny] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [xtdfbcp] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [kahseqj] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [ktvlrta] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [fpimrel] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [sijncve] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [suhkknc] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [qieubqm] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [rextfpy] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [rleaodp] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [evckjwy] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [aniiahx] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [pehcjto] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [hgnkrxb] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [fvuloen] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [rsiefsn] c:\windows\ayvvomt.exe
O4 - HKCU\..\Run: [ejkbuqg] c:\windows\xuuyugo.exe
O4 - HKCU\..\Run: [kuaobnk] c:\windows\xuuyugo.exe
O4 - HKCU\..\Run: [tagvekn] c:\windows\xuuyugo.exe
O4 - HKCU\..\Run: [rphhssi] c:\windows\hinvdci.exe
O4 - HKCU\..\Run: [xnmtujr] c:\windows\hinvdci.exe
O4 - HKCU\..\Run: [rsmjmmj] c:\windows\hinvdci.exe
O4 - HKCU\..\Run: [vmybcfd] c:\windows\hinvdci.exe
O4 - HKCU\..\Run: [iaabgxt] c:\windows\hinvdci.exe
O4 - HKCU\..\Run: [vnbmonw] c:\windows\hinvdci.exe
O4 - HKCU\..\Run: [xylkgdm] c:\windows\hinvdci.exe
O4 - HKCU\..\Run: [grkvjos] c:\windows\hinvdci.exe
O4 - HKCU\..\Run: [unjujxe] c:\windows\hinvdci.exe
O4 - HKCU\..\Run: [rlnbkfc] c:\windows\hinvdci.exe
O4 - HKCU\..\Run: [nrkmurv] c:\windows\hinvdci.exe
O4 - HKCU\..\Run: [rkcpqti] c:\windows\hinvdci.exe
O4 - HKCU\..\Run: [rcujrbm] c:\windows\hinvdci.exe
O4 - HKCU\..\Run: [tiiakrr] c:\windows\hinvdci.exe
O4 - HKCU\..\Run: [kcremdw] c:\windows\hinvdci.exe
O4 - HKCU\..\Run: [nefehgc] c:\windows\fvyywxb.exe
O4 - HKCU\..\Run: [vyxofgo] c:\windows\fvyywxb.exe
O4 - HKCU\..\Run: [jpxetth] c:\windows\cxlqxth.exe
O4 - HKCU\..\Run: [axiytto] c:\windows\cxlqxth.exe
O4 - HKCU\..\Run: [jsulmcs] c:\windows\cxlqxth.exe
O4 - HKCU\..\Run: [ayhahqi] c:\windows\cxlqxth.exe
O4 - HKCU\..\Run: [fjfgxax] c:\windows\cxlqxth.exe
O4 - HKCU\..\Run: [mlqwccn] c:\windows\cxlqxth.exe
O4 - HKCU\..\Run: [dvioqfb] c:\windows\cxlqxth.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20081\services.exe
O4 - HKCU\..\Run: [nemthic] c:\windows\cxlqxth.exe
O4 - HKCU\..\Run: [lqinpxp] c:\windows\akaqohv.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: HotSync Manager.lnk = D:\Program Files\palm\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = D:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {D147430C-86CD-4E6F-A807-93FBC496D201} (NCSLayeredView Class) - http://ad.cg22.fr/ecwplugins/ncs1.cab
O16 - DPF: {D8A8A7F1-53EF-41F2-B44D-F3E2E595DC27} - ms-its:mhtml:file://C:\MAIN.MHT!http://69.50.172.102/336//main.chm::/update.exe
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader_sp1/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B4C87FE9-CE6A-4114-BEE9-8A22C757B66A}: NameServer = 80.10.246.130,80.10.246.3
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINDOWS\System32\dcom_9.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - d:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - d:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

----------------------

ainsi que le rapport silentrunners :

"Silent Runners.vbs", revision 40, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"WooCnxMon" = ""WooCnxMon" = (data in unrecognized format!)" [file not found]
"WOOKIT" = "C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe" ["France Télécom R&D"]
"msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]
"aupd" = "C:\WINDOWS\System32\symcsvc.exe" [null data]
"itvxcys" = "c:\windows\xfmgiwl.exe" [null data]
"jcwdvsq" = "c:\windows\bxvpkkv.exe" [null data]
"riacgpn" = "c:\windows\bxvpkkv.exe" [null data]
"kgrvgon" = "c:\windows\bxvpkkv.exe" [null data]
"xcpkqgi" = "c:\windows\bxvpkkv.exe" [null data]
"bkprajr" = "c:\windows\bxvpkkv.exe" [null data]
"caajwqe" = "c:\windows\bxvpkkv.exe" [null data]
"mvpkcis" = "c:\windows\bxvpkkv.exe" [null data]
"hldoula" = "c:\windows\bwfuyce.exe" [null data]
"cstrjnt" = "c:\windows\algncqr.exe" [null data]
"cxxtlbb" = "c:\windows\algncqr.exe" [null data]
"iajcbih" = "c:\windows\algncqr.exe" [null data]
"pybabtg" = "c:\windows\algncqr.exe" [null data]
"sjrmouc" = "c:\windows\algncqr.exe" [null data]
"norerrp" = "c:\windows\algncqr.exe" [null data]
"famypdj" = "c:\windows\algncqr.exe" [null data]
"iviqmhs" = "c:\windows\algncqr.exe" [null data]
"fgoweil" = "c:\windows\algncqr.exe" [null data]
"auflaym" = "c:\windows\algncqr.exe" [null data]
"wwvxdev" = "c:\windows\algncqr.exe" [null data]
"rfkfwdd" = "c:\windows\algncqr.exe" [null data]
"cjjifok" = "c:\windows\algncqr.exe" [null data]
"foiayqv" = "c:\windows\algncqr.exe" [null data]
"qpqkwnp" = "c:\windows\brbwnvp.exe" [null data]
"smedgyc" = "c:\windows\brbwnvp.exe" [null data]
"uyccayn" = "c:\windows\brbwnvp.exe" [null data]
"ynqyyfd" = "c:\windows\brbwnvp.exe" [null data]
"kqfvpuf" = "c:\windows\brbwnvp.exe" [null data]
"jepokgg" = "c:\windows\brbwnvp.exe" [null data]
"khuoupp" = "c:\windows\brbwnvp.exe" [null data]
"cowmqqi" = "c:\windows\brbwnvp.exe" [null data]
"alfdkrt" = "c:\windows\brbwnvp.exe" [null data]
"htcqgwg" = "c:\windows\brbwnvp.exe" [null data]
"fhjrsgg" = "c:\windows\brbwnvp.exe" [null data]
"xuusbwy" = "c:\windows\brbwnvp.exe" [null data]
"xwccvkg" = "c:\windows\brbwnvp.exe" [null data]
"nvndsrp" = "c:\windows\brbwnvp.exe" [null data]
"psnrspd" = "c:\windows\brbwnvp.exe" [null data]
"ihyaqmr" = "c:\windows\brbwnvp.exe" [null data]
"mpokmiu" = "c:\windows\brbwnvp.exe" [null data]
"yiycige" = "c:\windows\brbwnvp.exe" [null data]
"hrfeshg" = "c:\windows\brbwnvp.exe" [null data]
"ymeerca" = "c:\windows\brbwnvp.exe" [null data]
"ryfqwoe" = "c:\windows\brbwnvp.exe" [null data]
"ifxlqsi" = "c:\windows\brbwnvp.exe" [null data]
"ccsipnn" = "c:\windows\brbwnvp.exe" [null data]
"ucfhvoy" = "c:\windows\ayvvomt.exe" [null data]
"rnujwuo" = "c:\windows\ayvvomt.exe" [null data]
"fjgpbjj" = "c:\windows\ayvvomt.exe" [null data]
"wbotmnu" = "c:\windows\ayvvomt.exe" [null data]
"bljisan" = "c:\windows\ayvvomt.exe" [null data]
"bgyhhhi" = "c:\windows\ayvvomt.exe" [null data]
"utqjfeq" = "c:\windows\ayvvomt.exe" [null data]
"mijapeq" = "c:\windows\ayvvomt.exe" [null data]
"ymstvdc" = "c:\windows\ayvvomt.exe" [null data]
"ndbrrxe" = "c:\windows\ayvvomt.exe" [null data]
"xowyevc" = "c:\windows\ayvvomt.exe" [null data]
"rberraa" = "c:\windows\ayvvomt.exe" [null data]
"isbjcex" = "c:\windows\ayvvomt.exe" [null data]
"ebyemtf" = "c:\windows\ayvvomt.exe" [null data]
"xdngyuv" = "c:\windows\ayvvomt.exe" [null data]
"mderycm" = "c:\windows\ayvvomt.exe" [null data]
"gfwbfwj" = "c:\windows\ayvvomt.exe" [null data]
"uxlctfw" = "c:\windows\ayvvomt.exe" [null data]
"nppqhtf" = "c:\windows\ayvvomt.exe" [null data]
"oymmrxm" = "c:\windows\ayvvomt.exe" [null data]
"ovlokys" = "c:\windows\ayvvomt.exe" [null data]
"kucdqdd" = "c:\windows\ayvvomt.exe" [null data]
"owfswug" = "c:\windows\ayvvomt.exe" [null data]
"nucthoj" = "c:\windows\ayvvomt.exe" [null data]
"hjwhqyi" = "c:\windows\ayvvomt.exe" [null data]
"sclfvbf" = "c:\windows\ayvvomt.exe" [null data]
"dxtbyof" = "c:\windows\ayvvomt.exe" [null data]
"gvqgbvf" = "c:\windows\ayvvomt.exe" [null data]
"cuuvbqi" = "c:\windows\ayvvomt.exe" [null data]
"pvsxajl" = "c:\windows\ayvvomt.exe" [null data]
"gxrrtnx" = "c:\windows\ayvvomt.exe" [null data]
"pkrejls" = "c:\windows\ayvvomt.exe" [null data]
"shltner" = "c:\windows\ayvvomt.exe" [null data]
"ksukfmn" = "c:\windows\ayvvomt.exe" [null data]
"hmncxbg" = "c:\windows\ayvvomt.exe" [null data]
"qfhehil" = "c:\windows\ayvvomt.exe" [null data]
"lqqeyef" = "c:\windows\ayvvomt.exe" [null data]
"mliahcf" = "c:\windows\ayvvomt.exe" [null data]
"etvnvrp" = "c:\windows\ayvvomt.exe" [null data]
"cjfwypj" = "c:\windows\ayvvomt.exe" [null data]
"ihppyeg" = "c:\windows\ayvvomt.exe" [null data]
"qsjvmdh" = "c:\windows\ayvvomt.exe" [null data]
"dubbghe" = "c:\windows\ayvvomt.exe" [null data]
"wurryba" = "c:\windows\ayvvomt.exe" [null data]
"ynalaly" = "c:\windows\ayvvomt.exe" [null data]
"mqposim" = "c:\windows\ayvvomt.exe" [null data]
"ynmamgq" = "c:\windows\ayvvomt.exe" [null data]
"minhwak" = "c:\windows\ayvvomt.exe" [null data]
"ssuwyny" = "c:\windows\ayvvomt.exe" [null data]
"xtdfbcp" = "c:\windows\ayvvomt.exe" [null data]
"kahseqj" = "c:\windows\ayvvomt.exe" [null data]
"ktvlrta" = "c:\windows\ayvvomt.exe" [null data]
"fpimrel" = "c:\windows\ayvvomt.exe" [null data]
"sijncve" = "c:\windows\ayvvomt.exe" [null data]
"suhkknc" = "c:\windows\ayvvomt.exe" [null data]
"qieubqm" = "c:\windows\ayvvomt.exe" [null data]
"rextfpy" = "c:\windows\ayvvomt.exe" [null data]
"rleaodp" = "c:\windows\ayvvomt.exe" [null data]
"evckjwy" = "c:\windows\ayvvomt.exe" [null data]
"aniiahx" = "c:\windows\ayvvomt.exe" [null data]
"pehcjto" = "c:\windows\ayvvomt.exe" [null data]
"hgnkrxb" = "c:\windows\ayvvomt.exe" [null data]
"fvuloen" = "c:\windows\ayvvomt.exe" [null data]
"rsiefsn" = "c:\windows\ayvvomt.exe" [null data]
"ejkbuqg" = "c:\windows\xuuyugo.exe" [null data]
"kuaobnk" = "c:\windows\xuuyugo.exe" [null data]
"tagvekn" = "c:\windows\xuuyugo.exe" [null data]
"rphhssi" = "c:\windows\hinvdci.exe" [null data]
"xnmtujr" = "c:\windows\hinvdci.exe" [null data]
"rsmjmmj" = "c:\windows\hinvdci.exe" [null data]
"vmybcfd" = "c:\windows\hinvdci.exe" [null data]
"iaabgxt" = "c:\windows\hinvdci.exe" [null data]
"vnbmonw" = "c:\windows\hinvdci.exe" [null data]
"xylkgdm" = "c:\windows\hinvdci.exe" [null data]
"grkvjos" = "c:\windows\hinvdci.exe" [null data]
"unjujxe" = "c:\windows\hinvdci.exe" [null data]
"rlnbkfc" = "c:\windows\hinvdci.exe" [null data]
"nrkmurv" = "c:\windows\hinvdci.exe" [null data]
"rkcpqti" = "c:\windows\hinvdci.exe" [null data]
"rcujrbm" = "c:\windows\hinvdci.exe" [null data]
"tiiakrr" = "c:\windows\hinvdci.exe" [null data]
"kcremdw" = "c:\windows\hinvdci.exe" [null data]
"nefehgc" = "c:\windows\fvyywxb.exe" [null data]
"vyxofgo" = "c:\windows\fvyywxb.exe" [null data]
"jpxetth" = "c:\windows\cxlqxth.exe" [null data]
"axiytto" = "c:\windows\cxlqxth.exe" [null data]
"jsulmcs" = "c:\windows\cxlqxth.exe" [null data]
"ayhahqi" = "c:\windows\cxlqxth.exe" [null data]
"fjfgxax" = "c:\windows\cxlqxth.exe" [null data]
"mlqwccn" = "c:\windows\cxlqxth.exe" [null data]
"dvioqfb" = "c:\windows\cxlqxth.exe" [null data]
"xp_system" = "C:\WINDOWS\inet20081\services.exe" [null data]
"nemthic" = "c:\windows\cxlqxth.exe" [null data]
"lqinpxp" = "c:\windows\akaqohv.exe" [null data]
"ohxgsio" = "c:\windows\akaqohv.exe" [null data]
"vyqclha" = "c:\windows\akaqohv.exe" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ccApp" = ""C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"ccRegVfy" = ""C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"" ["Symantec Corporation"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"iTunesHelper" = "D:\Program Files\iTunes\iTunesHelper.exe" ["Apple Computer, Inc."]
"WinampAgent" = "D:\Program Files\Winamp\winampa.exe" [null data]
"WOOWATCH" = "C:\PROGRA~1\Wanadoo\Watch.exe" ["France Télécom R&D"]
"REGSHAVE" = "C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN" ["FUJI PHOTO FILM CO., LTD."]
"xp_system" = "C:\WINDOWS\inet20081\services.exe" [null data]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]
"SSC_UserPrompt" = "C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe" ["Symantec Corporation"]
"Microsoft standard protector" = "C:\WINDOWS\winsocks5.exe" [null data]
"avast!" = "d:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

HKLM\Software\Microsoft\Active Setup\Installed Components\
{306D6C21-C1B6-4629-986C-E59E1875B8AF}\(Default) = (no title provided)
\StubPath = ""C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{32A9D769-5B55-4a25-9A62-86B5683FE50A}" = "NikonView Drop Extension"
-> {CLSID}\InProcServer32\(Default) = "d:\Program Files\Nikon\NkView6\NkvDropExt.dll" ["Nikon Corporation"]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {CLSID}\InProcServer32\(Default) = "d:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
INFECTION WARNING! "{2C1CD3D7-86AC-4068-93BC-A02304BB8C34}" = "DCOM Server"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\dcom_9.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"DCOM Server" = "{2C1CD3D7-86AC-4068-93BC-A02304BB8C34}"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\dcom_9.dll" [null data]

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
INFECTION WARNING! "run" = "C:\WINDOWS\inet20081\services.exe" [null data]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {CLSID}\InProcServer32\(Default) = "d:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {CLSID}\InProcServer32\(Default) = "d:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Domi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]

Startup items in "Domi" & "All Users" startup folders:
------------------------------------------------------

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"EPSON Status Monitor 3 Environment Check 2" -> shortcut to: "C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE" ["SEIKO EPSON CORPORATION"]
"HotSync Manager" -> shortcut to: "D:\Program Files\palm\Hotsync.exe" ["Palm Computing, Inc., a 3Com Company"]
"Microsoft Office" -> shortcut to: "D:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
"NkvMon.exe" -> shortcut to: "D:\Program Files\Nikon\NkView6\NkvMon.exe" ["Nikon Corporation"]

Enabled Scheduled Tasks:
------------------------

"Norton AntiVirus - Analyser mon ordinateur" -> launches: "D:\PROGRA~1\NORTON~1\NAVW32.exe /task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\Tasks\mycomp.sca" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{9455301C-CF6B-11D3-A266-00C04F689C50}\ = "&Organise-notes Encarta" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKCU\Software\Microsoft\Internet Explorer\Extensions\
{1462651F-F4BA-4C76-A001-C4284D0FE16E}\
"ButtonText" = "Wanadoo"
"Exec" = "http://www.wanadoo.fr" [file not found]

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{9455301C-CF6B-11D3-A266-00C04F689C50}\
"ButtonText" = "Organise-notes"

{B205A35E-1FC4-4CE3-818B-899DBBB3388C}\

Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"

Missing lines (compared with English-language version):
[Strings]: 1 line

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
"{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = "Search Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\SEARCH~1.DLL" [empty string]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

avast! Antivirus, avast! Antivirus, ""d:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
avast! Mail Scanner, avast! Mail Scanner, ""d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""d:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
EPSON Printer Status Agent2, EPSONStatusAgent2, "C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe" ["SEIKO EPSON CORPORATION"]
France Telecom Routing Table Service, FTRTSVC, "C:\WINDOWS\System32\FTRTSVC.exe" ["France Telecom"]
iPod Service, iPodService, "C:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]
Machine Debug Manager, MDM, ""C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
Service Norton AntiVirus Auto-Protect, navapsvc, ""D:\Program Files\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]

----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "Yes" at the first message box.
---------- (total run time: 168 seconds, including 14 seconds for message boxes)

un grand merci par avance à ceux qui voudront jeter un oiel là dessus.

c'est dingue le nombre de problème que tout le monde a! et c'est dingue comme c'est laborieux d'y remédier!