[aide] pour eradication de virus

voila c est fait

01/11/2005,23:18:38 [INFO] Stop Filter Device.
01/11/2005,23:18:41 AVGuard service has been stopped!
02/11/2005,07:50:22 ---------------------------------------------------------
02/11/2005,07:50:22 [INIT] The AVGuard Service is starting.
02/11/2005,07:50:27 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
02/11/2005,07:50:29 [LOGON] Connection request by remote computer. Establishing secure communication channel.
02/11/2005,07:50:29 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa3e1a.
02/11/2005,07:51:10 [INFO] Start Filter Device.
02/11/2005,07:51:10 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.0.127
02/11/2005,07:51:10 AVGuard has been started successfully!
02/11/2005,07:51:46 WARNING: Contains signature of the worm WORM/Mytob.KV!
C:\WINDOWS\SYSTEM32\TASKGMR.EXE
02/11/2005,07:51:57 WARNING: Contains signature of the worm WORM/Mytob.KV!
C:\WINDOWS\SYSTEM32\TASKGMR.EXE
02/11/2005,07:51:56 WARNING: Contains signature of the worm WORM/Mytob.KV!
C:\WINDOWS\SYSTEM32\TASKGMR.EXE
02/11/2005,07:51:56 WARNING: Contains signature of the worm WORM/Mytob.KV!
C:\WINDOWS\SYSTEM32\TASKGMR.EXE
02/11/2005,07:51:54 WARNING: Contains signature of the worm WORM/Mytob.KV!
C:\WINDOWS\SYSTEM32\TASKGMR.EXE
02/11/2005,07:51:28 WARNING: Is the Trojan horse TR/Qhost.AA!
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
02/11/2005,07:52:01 WARNING: Contains signature of the worm WORM/Mytob.KV!
C:\WINDOWS\SYSTEM32\TASKGMR.EXE
02/11/2005,07:52:00 WARNING: Contains signature of the worm WORM/Mytob.KV!
C:\WINDOWS\SYSTEM32\TASKGMR.EXE
02/11/2005,07:52:00 WARNING: Contains signature of the worm WORM/Mytob.KV!
C:\WINDOWS\SYSTEM32\TASKGMR.EXE
02/11/2005,07:51:59 WARNING: Contains signature of the worm WORM/Mytob.KV!
C:\WINDOWS\SYSTEM32\TASKGMR.EXE
02/11/2005,07:52:04 WARNING: Contains signature of the worm WORM/Mytob.KV!
C:\WINDOWS\SYSTEM32\TASKGMR.EXE
02/11/2005,07:52:04 WARNING: Contains signature of the worm WORM/Mytob.KV!
C:\WINDOWS\SYSTEM32\TASKGMR.EXE
02/11/2005,07:52:04 WARNING: Contains signature of the worm WORM/Mytob.KV!
C:\WINDOWS\SYSTEM32\TASKGMR.EXE
02/11/2005,07:52:04 WARNING: Contains signature of the worm WORM/Mytob.KV!
C:\WINDOWS\SYSTEM32\TASKGMR.EXE
02/11/2005,07:52:15 WARNING: Contains signature of the worm WORM/Mytob.KV!
C:\WINDOWS\SYSTEM32\TASKGMR.EXE
02/11/2005,07:52:14 WARNING: Contains signature of the worm WORM/Mytob.KV!
C:\WINDOWS\SYSTEM32\TASKGMR.EXE
02/11/2005,07:52:14 WARNING: Contains signature of the worm WORM/Mytob.KV!
C:\WINDOWS\SYSTEM32\TASKGMR.EXE
02/11/2005,07:52:17 WARNING: Contains signature of the worm WORM/Mytob.KV!
C:\WINDOWS\SYSTEM32\TASKGMR.EXE
02/11/2005,07:52:18 WARNING: Contains signature of the worm WORM/Mytob.KV!
C:\WINDOWS\SYSTEM32\TASKGMR.EXE
02/11/2005,07:52:20 WARNING: Contains signature of the worm WORM/Mytob.KV!
C:\WINDOWS\SYSTEM32\TASKGMR.EXE
02/11/2005,07:52:20 WARNING: Contains signature of the worm WORM/Mytob.KV!
C:\WINDOWS\SYSTEM32\TASKGMR.EXE
02/11/2005,07:52:20 WARNING: Contains signature of the worm WORM/Mytob.KV!
C:\WINDOWS\SYSTEM32\TASKGMR.EXE
02/11/2005,07:52:20 WARNING: Contains signature of the worm WORM/Mytob.KV!
C:\WINDOWS\SYSTEM32\TASKGMR.EXE
02/11/2005,07:52:23 WARNING: Contains signature of the worm WORM/Mytob.KV!
C:\WINDOWS\SYSTEM32\TASKGMR.EXE
02/11/2005,07:52:34 WARNING: Contains signature of the worm WORM/Mytob.KV!
C:\WINDOWS\SYSTEM32\TASKGMR.EXE
02/11/2005,07:52:23 WARNING: Contains signature of the worm WORM/Mytob.KV!
C:\WINDOWS\SYSTEM32\TASKGMR.EXE
02/11/2005,07:52:23 WARNING: Contains signature of the worm WORM/Mytob.KV!
C:\WINDOWS\SYSTEM32\TASKGMR.EXE
02/11/2005,07:52:22 WARNING: Contains signature of the worm WORM/Mytob.KV!
C:\WINDOWS\SYSTEM32\TASKGMR.EXE
02/11/2005,07:52:42 WARNING: Contains signature of the worm WORM/Mytob.KV!
C:\WINDOWS\SYSTEM32\TASKGMR.EXE
02/11/2005,07:52:56 WARNING: Contains signature of the worm WORM/Mytob.KV!
C:\WINDOWS\SYSTEM32\TASKGMR.EXE
02/11/2005,07:53:02 WARNING: Contains signature of the worm WORM/Mytob.KV!
C:\WINDOWS\SYSTEM32\TASKGMR.EXE
02/11/2005,07:54:47 WARNING: Contains signature of the worm WORM/Padobot.Z.8!
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\D4EBCZJG\XXXXXXXXX[2]
02/11/2005,07:55:13 WARNING: Contains signature of the worm WORM/Padobot.Z.8!
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\D4EBCZJG\XXXXXXXXX[3]
02/11/2005,07:55:18 WARNING: Contains signature of the worm WORM/Padobot.Z.8!
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\D4EBCZJG\XXXXXXXXX[5]
02/11/2005,07:55:22 WARNING: Contains signature of the worm WORM/Padobot.Z.8!
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\D4EBCZJG\XXXXXXXXX[6]
02/11/2005,07:55:24 WARNING: Contains signature of the worm WORM/Padobot.Z.8!
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\D4EBCZJG\XXXXXXXXX[7]
02/11/2005,07:55:26 WARNING: Contains signature of the worm WORM/Padobot.Z.8!
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\D4EBCZJG\XXXXXXXXX[8]
02/11/2005,07:55:28 WARNING: Contains signature of the worm WORM/Padobot.Z.8!
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\D4EBCZJG\XXXXXXXXX[9]
02/11/2005,07:55:30 WARNING: Contains signature of the worm WORM/Padobot.Z.8!
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\D4EBCZJG\XXXXXXXXX[10]
02/11/2005,07:55:32 WARNING: Contains signature of the worm WORM/Padobot.Z.8!
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\MTX8V9OB\XXXXXXXXX[3]
02/11/2005,07:55:45 WARNING: Is the Trojan horse TR/Qhost.AA!
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
02/11/2005,07:59:40 WARNING: Contains signature of the worm WORM/Mytob.KV!
C:\WINDOWS\SYSTEM32\NETHELL.EXE
02/11/2005,07:59:44 WARNING: Contains signature of the worm WORM/Mytob.KV!
C:\WINDOWS\SYSTEM32\BINGOO.EXE.VIR
02/11/2005,07:59:46 WARNING: Contains signature of the worm WORM/Mytob.KV!
C:\WINDOWS\SYSTEM32\BINGOO.EXE
02/11/2005,07:59:46 WARNING: Contains signature of the worm WORM/Mytob.KV!
C:\WINDOWS\SYSTEM32\TASKGMR.EXE

toujours des alertes d antivir ...bitdefender est en trian de s executer...



Logfile of HijackThis v1.99.1
Scan saved at 10:07:14, on 02/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\AVPersonal\AVSched32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Moi\Mes documents\outils\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=10.203.15.25:808;gopher=10.203.15.25:808;http=10.203.15.25:808;https=10.203.15.25:808;socks=10.203.15.25:808
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Barre d'outils Texto Web - {4E7BD74F-2B8D-469E-C0FF-FD63A08DBF29} - C:\WINDOWS\DOWNLO~1\textobar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Barre d'outils Texto Web - {4E7BD74F-2B8D-469E-C0FF-FD63A08DBF29} - C:\WINDOWS\DOWNLO~1\textobar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1A8D59CC-9BFC-44D8-9578-F2D9C7D09269}: NameServer = 10.200.1.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

______________________________________________________

02/11/2005,09:37:52 [INIT] The AVGuard Service is starting.
02/11/2005,09:37:56 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
02/11/2005,09:38:02 [LOGON] Connection request by remote computer. Establishing secure communication channel.
02/11/2005,09:38:02 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa027c.
02/11/2005,09:38:16 [INFO] Start Filter Device.
02/11/2005,09:38:16 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.0.127
02/11/2005,09:38:16 AVGuard has been started successfully!
02/11/2005,09:50:35 WARNING: Contains signature of the worm WORM/Mytob.KV!
C:\WINDOWS\SYSTEM32\NETHELL.EXE
02/11/2005,09:50:50 WARNING: Contains signature of the worm WORM/Mytob.KV!
C:\WINDOWS\SYSTEM32\BINGOO.EXE
02/11/2005,09:55:01 WARNING: Contains signature of the worm WORM/Padobot.Z.8!
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\D4EBCZJG\XXXXXXXXX[2]
02/11/2005,09:55:09 WARNING: Contains signature of the worm WORM/Padobot.Z.8!
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\D4EBCZJG\XXXXXXXXX[3]
02/11/2005,09:55:11 WARNING: Contains signature of the worm WORM/Padobot.Z.8!
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\D4EBCZJG\XXXXXXXXX[5]
02/11/2005,09:55:12 WARNING: Contains signature of the worm WORM/Padobot.Z.8!
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\D4EBCZJG\XXXXXXXXX[6]
02/11/2005,09:55:14 WARNING: Contains signature of the worm WORM/Padobot.Z.8!
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\D4EBCZJG\XXXXXXXXX[7]
02/11/2005,09:55:15 WARNING: Contains signature of the worm WORM/Padobot.Z.8!
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\D4EBCZJG\XXXXXXXXX[8]
02/11/2005,09:55:15 WARNING: Contains signature of the worm WORM/Padobot.Z.8!
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\D4EBCZJG\XXXXXXXXX[9]
02/11/2005,09:55:17 WARNING: Contains signature of the worm WORM/Padobot.Z.8!
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\D4EBCZJG\XXXXXXXXX[10]
02/11/2005,09:55:18 WARNING: Contains signature of the worm WORM/Padobot.Z.8!
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\MTX8V9OB\XXXXXXXXX[3]
02/11/2005,09:59:21 WARNING: Contains signature of the worm WORM/Mytob.KV!
C:\WINDOWS\SYSTEM32\NETHELL.EXE
02/11/2005,09:59:28 WARNING: Contains signature of the worm WORM/Mytob.KV!
C:\WINDOWS\SYSTEM32\BINGOO.EXE.VIR
02/11/2005,09:59:32 WARNING: Contains signature of the worm WORM/Mytob.KV!
C:\WINDOWS\SYSTEM32\BINGOO.EXE.VIR
02/11/2005,09:59:33 WARNING: Contains signature of the worm WORM/Mytob.KV!
C:\WINDOWS\SYSTEM32\BINGOO.EXE
02/11/2005,09:59:35 WARNING: Contains signature of the worm WORM/Mytob.KV!
C:\WINDOWS\SYSTEM32\BINGOO.EXE
02/11/2005,10:00:57 WARNING: Contains signature of the worm WORM/Mytob.KV!
C:\WINDOWS\SYSTEM32\BINGOO.EXE
02/11/2005,10:01:05 WARNING: Contains signature of the worm WORM/Mytob.KV!
C:\WINDOWS\SYSTEM32\BINGOO.EXE

bit defender n a trouvé aucun probleme!

encore une fois merci !
antivir a trouvé encore des virus. je t envoie le rapport.

Creation date of the report file: mercredi 2 novembre 2005 11:11

AntiVir®/XP (2000 + NT) PersonalEdition Classic
Build 1111 of 18.10.2005
Mainprogram 6.32.00.50 of 13.10.2005
VDF file 6.32.11.14 (0) of 01.11.2005


This program is for PERSONAL USE only.
Any other use is PROHIBITED.
Informations regarding commercial versions of AntiVir may be obtained from:
www.hbedv.com.


Scanning for 239807 virus strains and unwanted programs.

Licensed for: AntiVir Personal Edition
Serial number: 0000149991-WURGE-0001

Please enter the workstation and
contact name with phone number in this form:

Name ___________________________________________

Street ___________________________________________

Town ___________________________________________

Phone/Fax ___________________________________________

Email ___________________________________________

Platform: Windows NT Workstation
Windows version: 5.1 Build 2600 (Service Pack 1)
Username: Moi
Processor: Pentium
Working memory: 260592 KB free

Version information:
AVWIN.DLL : 6.32.00.50 561192 13.10.2005 16:32:14
AVEWIN32.DLL : 6.32.0.57 954880 01.11.2005 14:58:32
AVGNT.EXE : 6.32.00.02 180327 14.10.2005 12:32:02
AVGUARD.EXE : 6.32.00.12 208424 17.10.2005 08:35:12
GUARDMSG.DLL : 6.30.00.02 94248 01.02.2005 11:24:10
AVGCMSG.DLL : 6.32.00.01 295029 13.10.2005 16:32:14
AVGNTDW.SYS : 6.31.00.01 32896 29.04.2005 08:07:16
AVPACK32.DLL : 6.32.00.02 319528 18.10.2005 11:57:30
AVGETVER.DLL : 6.30.00.00 24576 28.01.2005 18:10:20
AVSHLEXT.DLL : 6.30.00.01 40960 28.01.2005 18:10:22
AVSched32.EXE : 6.32.00.01 110632 20.09.2005 14:16:24
AVSched32.DLL : 6.30.00.00 122880 01.02.2005 11:24:10
AVREG.DLL : 6.31.00.05 41000 07.09.2005 16:34:50
AVRep.DLL : 6.32.00.120 1454120 01.11.2005 14:58:44
INETUPD.EXE : 6.32.00.52 262203 17.10.2005 15:46:14
INETUPD.DLL : 6.32.00.52 143360 17.10.2005 15:46:14
CTL3D32.DLL : 2.31.000 27136 24.04.2003 12:00:00
MFC42.DLL : 6.00.8665.0 995383 24.04.2003 12:00:00
MSVCRT.DLL : 7.0.2600.1106 (xpsp1.020828-1920
MSVCRT.DLL : 7.0.2600.1106 323072 24.04.2003 12:00:00
CTL3DV2.DLL : No information

Configuration file:

Name of configuration file: C:\Program Files\AVPersonal\AVWIN.INI
Name of report file: C:\Program Files\AVPersonal\LOGFILES\AVWIN.LOG
Start path: C:\Program Files\AVPersonal
Command line:
Start mode: unknown

Mode of report file:
[ ] Do not create report
[X] Overwrite report
[ ] Append new report

Data in report file:
[X] Infected files
[ ] Infected files with paths
[ ] All scanned files
[ ] Full information

Abridge report file:
[ ] Abridge report file

Warnings in report:
[X] Access denied/file locked
[X] Wrong file size in directory
[X] Wrong creation time in directory
[ ] COM file is too large
[X] Invalid start address
[X] Invalid EXE header
[X] Possibly damaged

Summary report:
[X] Create summary report
Output file: AVWIN.ACT
Maximum number of entries: 100

Where to search:
[X] Memory
[X] Boot record of selected drives
[ ] Report unknown boot sectors
[X] All files
[ ] Program files

Response in case of a detection:
[X] Repair with prompt
[ ] Repair without prompt
[ ] Delete with prompt
[ ] Delete without prompt
[ ] Write in report file only
[X] Acoustic alarm

Response in case of destroyed files:
[ ] Delete with prompt
[ ] Delete without prompt
[X] Ignore

Response in case of destroyed files:
[X] No change
[ ] Current system time
[ ] Correct date

Drag&drop settings:
[X] Scan subdirectories

Profile settings:
[X] Scan subdirectories

Archive options
[X] Search archive
[X] All archive types

Miscellaneous options:
Temporary path: %TEMP% -> C:\DOCUME~1\Moi\LOCALS~1\Temp
[X] Overwrite infected files
[ ] Detect idle time
[X] Allow interruptions of scan
[X] Load AVWin®/NT Guard on System start

General settings:
[X] Save options on exiting AntiVir
Priority: medium

Drives:
C: Hard disk
D: Hard disk
E: CD-ROM

Start of scan: mercredi 2 novembre 2005 11:11

Memory test OK
Master boot record of hard disk HD0 OK
Boot record of drive C: OK
Boot record of drive D: OK


Access denied! Error during file opening!
Error code: 0x0002
C:\

WARNING! Access error/file locked!
Access denied! Error during file opening!
Error code: 0x0002

WARNING! Access error/file locked!
C:\WINDOWS\system32
BINGOO.EXE.VIR
[DETECTION] Contains signature of the worm WORM/Mytob.KV
C:\WINDOWS\system32\config
system.LOG
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
software.LOG
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
default.LOG
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
SECURITY
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
SAM
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
SAM.LOG
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
SECURITY.LOG
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
SYSTEM
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
SOFTWARE
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
DEFAULT
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\D4EBCZJG
xxxxxxxxx[2]
[DETECTION] Contains signature of the worm WORM/Padobot.Z.8
xxxxxxxxx[3]
[DETECTION] Contains signature of the worm WORM/Padobot.Z.8
xxxxxxxxx[5]
[DETECTION] Contains signature of the worm WORM/Padobot.Z.8
xxxxxxxxx[6]
[DETECTION] Contains signature of the worm WORM/Padobot.Z.8
xxxxxxxxx[7]
[DETECTION] Contains signature of the worm WORM/Padobot.Z.8
xxxxxxxxx[8]
[DETECTION] Contains signature of the worm WORM/Padobot.Z.8
xxxxxxxxx[9]
[DETECTION] Contains signature of the worm WORM/Padobot.Z.8
xxxxxxxxx[10]
[DETECTION] Contains signature of the worm WORM/Padobot.Z.8
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MTX8V9OB
xxxxxxxxx[3]
[DETECTION] Contains signature of the worm WORM/Padobot.Z.8
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery
AlexaRelated.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
LSA.zip
ArchiveType: ZIP
NOTE! No files to extract.
LSA1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
LSA2.zip
ArchiveType: ZIP
NOTE! No files to extract.
SmitfraudC.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
SmitfraudC1.zip
ArchiveType: ZIP
NOTE! No files to extract.
SmitfraudC2.zip
ArchiveType: ZIP
NOTE! No files to extract.
C:\Documents and Settings\NetworkService
NTUSER.DAT
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
ntuser.dat.LOG
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows
UsrClass.dat
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
UsrClass.dat.LOG
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
C:\Documents and Settings\LocalService
NTUSER.DAT
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
ntuser.dat.LOG
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows
UsrClass.dat
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
UsrClass.dat.LOG
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
C:\Documents and Settings\Moi
NTUSER.DAT
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
ntuser.dat.LOG
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
C:\Documents and Settings\Moi\Local Settings\Application Data\Microsoft\Windows
UsrClass.dat.LOG
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
UsrClass.dat
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
C:\Program Files\AVPersonal\INFECTED
HOSTS.VIR
[DETECTION] Is the Trojan horse TR/Qhost.AA
C:\Program Files\WinRAR
rarnew.dat
ArchiveType: RAR
NOTE! The archive is created by multiple volumes



End of scan: mercredi 2 novembre 2005 11:32
Time taken: 21:10 min


1989 directories were scanned
45229 files were scanned
24 warning messages were issued
0 files were deleted
0 files were repaired
11 detections

merci pour ton aide!
J ai fait tout ce que tu m as dit et cela a l air de marcher.

pas de probleme ce sera fait
j ai un 2e ordi qui a qq pbs. si ca derange pas, je ferai passer...

re
pour le premier ordi cela semble casiment réglé.
mon 2e ordi est sp2 donc le lien de bit defender ne marche pas.
comment faire?
voila le rapport d antivir:

Creation date of the report file: mercredi 2 novembre 2005 14:43

AntiVir®/XP (2000 + NT) PersonalEdition Classic
Build 1111 of 18.10.2005
Mainprogram 6.32.00.50 of 13.10.2005
VDF file 6.32.11.14 (0) of 01.11.2005


This program is for PERSONAL USE only.
Any other use is PROHIBITED.
Informations regarding commercial versions of AntiVir may be obtained from:
www.hbedv.com.


Scanning for 239807 virus strains and unwanted programs.

Licensed for: AntiVir Personal Edition
Serial number: 0000149991-WURGE-0001

Please enter the workstation and
contact name with phone number in this form:

Name ___________________________________________

Street ___________________________________________

Town ___________________________________________

Phone/Fax ___________________________________________

Email ___________________________________________

Platform: Windows NT Workstation
Windows version: 5.1 Build 2600 (Service Pack 2)
Username: Compaq_Propriétaire
Computername: LA_PAILLE
Processor: Pentium
Working memory: 391664 KB free

Version information:
AVWIN.DLL : 6.32.00.50 561192 19.10.2005 15:48:52
AVEWIN32.DLL : 6.32.0.57 954880 24.10.2005 10:55:46
AVGNT.EXE : 6.32.00.02 180327 19.10.2005 15:48:52
AVGUARD.EXE : 6.32.00.12 208424 19.10.2005 15:48:52
GUARDMSG.DLL : 6.30.00.02 94248 01.02.2005 10:24:10
AVGCMSG.DLL : 6.32.00.01 295029 19.10.2005 15:48:52
AVGNTDW.SYS : 6.31.00.01 32896 29.04.2005 07:07:16
AVPACK32.DLL : 6.32.00.02 319528 19.10.2005 15:48:52
AVGETVER.DLL : 6.30.00.00 24576 28.01.2005 17:10:20
AVSHLEXT.DLL : 6.30.00.01 40960 28.01.2005 17:10:22
AVSched32.EXE : 6.32.00.01 110632 21.09.2005 10:14:42
AVSched32.DLL : 6.30.00.00 122880 01.02.2005 10:24:10
AVREG.DLL : 6.31.00.05 41000 13.09.2005 10:19:36
AVRep.DLL : 6.32.00.120 1454120 01.11.2005 14:54:22
INETUPD.EXE : 6.32.00.52 262203 19.10.2005 15:48:52
INETUPD.DLL : 6.32.00.52 143360 19.10.2005 15:48:52
CTL3D32.DLL : 2.31.000 27136 05.08.2004 13:00:00
MFC42.DLL : 6.02.4131.0 1028096 05.08.2004 19:00:00
MSVCRT.DLL : 7.0.2600.2180 (xpsp_sp2_rtm.0408
MSVCRT.DLL : 7.0.2600.2180 343040 05.08.2004 19:00:00
CTL3DV2.DLL : No information

Configuration file:

Name of configuration file: C:\Program Files\AVPersonal\AVWIN.INI
Name of report file: C:\Program Files\AVPersonal\LOGFILES\AVWIN.LOG
Start path: C:\Program Files\AVPersonal
Command line:
Start mode: unknown

Mode of report file:
[ ] Do not create report
[X] Overwrite report
[ ] Append new report

Data in report file:
[X] Infected files
[ ] Infected files with paths
[ ] All scanned files
[ ] Full information

Abridge report file:
[ ] Abridge report file

Warnings in report:
[X] Access denied/file locked
[X] Wrong file size in directory
[X] Wrong creation time in directory
[ ] COM file is too large
[X] Invalid start address
[X] Invalid EXE header
[X] Possibly damaged

Summary report:
[X] Create summary report
Output file: AVWIN.ACT
Maximum number of entries: 100

Where to search:
[X] Memory
[X] Boot record of selected drives
[ ] Report unknown boot sectors
[ ] All files
[X] Program files
Extensions: .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

Response in case of a detection:
[X] Repair with prompt
[ ] Repair without prompt
[ ] Delete with prompt
[ ] Delete without prompt
[ ] Write in report file only
[X] Acoustic alarm

Response in case of destroyed files:
[X] Delete with prompt
[ ] Delete without prompt
[ ] Ignore

Response in case of destroyed files:
[X] No change
[ ] Current system time
[ ] Correct date

Drag&drop settings:
[X] Scan subdirectories

Profile settings:
[X] Scan subdirectories

Archive options
[X] Search archive
[X] All archive types

Miscellaneous options:
Temporary path: %TEMP% -> C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp
[X] Overwrite infected files
[ ] Detect idle time
[X] Allow interruptions of scan
[X] Load AVWin®/NT Guard on System start

General settings:
[X] Save options on exiting AntiVir
Priority: low

Drives:
C: Hard disk
D: Hard disk
E: CD-ROM
G: Floppy drive
H: Floppy drive
I: Floppy drive
J: Floppy drive

Start of scan: mercredi 2 novembre 2005 14:43

Memory test OK
Master boot record of hard disk HD0 OK
Master boot record of hard disk HD1
The record could not be read!
Error code: 0x0015
Master boot record of hard disk HD2
The record could not be read!
Error code: 0x0015
Master boot record of hard disk HD3
The record could not be read!
Error code: 0x0015
Master boot record of hard disk HD4
The record could not be read!
Error code: 0x0015
Boot record of drive C: OK
Boot record of drive D: OK


Access denied! Error during file opening!
Error code: 0x0002
C:\

WARNING! Access error/file locked!
Access denied! Error during file opening!
Error code: 0x0002

WARNING! Access error/file locked!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery
BackWeblite.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite10.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite11.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite12.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite13.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite14.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite15.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite16.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite17.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite18.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite19.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite20.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite21.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite22.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite23.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite24.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite25.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite26.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite27.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite28.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite29.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite3.zip
ArchiveType: ZIP
NOTE! No files to extract.
BackWeblite30.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite31.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite32.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite33.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite34.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite35.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite36.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite37.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite38.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite39.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite4.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite40.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite41.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite42.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite43.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite44.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite45.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite46.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite47.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite48.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite49.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite5.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite50.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite51.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite52.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite53.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite54.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite55.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite56.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite57.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite58.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite6.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite7.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite8.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite9.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Error! Could not change directory: System Volume Information
C:\WINDOWS\SoftwareDistribution\EventCache
{974CC7BE-5E94-4A40-820A-EAC3D363FC85}.bin
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
Access denied! Error during file opening!
Error code: 0x0002
C:\WINDOWS\system32

WARNING! Access error/file locked!
C:\WINDOWS\system32\config
default
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
SAM
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
SECURITY
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
software
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
system
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!



End of scan: mercredi 2 novembre 2005 15:39
Time taken: 55:38 min


3708 directories were scanned
93219 files were scanned
9 warning messages were issued
0 files were deleted
0 files were repaired
0 detections

désolé, j avais pas fait gaffe la fenee avait été bloquée. bit defender a trouvé deux fichiers infectés et ils ont été supprimés.
Juste une derniere petite question pratique: comment cela se fait que j ai autant de "lignes" sur le 2e ordi en executant hijack?
N y aurait il pas des trucs inutiles?

Logfile of HijackThis v1.99.1
Scan saved at 17:51:16, on 02/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\CCProxy\CCProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Compaq_Propriétaire\Mes documents\outils\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q305&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.free.fr/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lequipe.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q305&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q305&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Barre d'outils Texto Web - {4E7BD74F-2B8D-469E-C0FF-FD63A08DBF29} - C:\WINDOWS\DOWNLO~1\textobar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Barre d'outils Texto Web - {4E7BD74F-2B8D-469E-C0FF-FD63A08DBF29} - C:\WINDOWS\DOWNLO~1\textobar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [CCProxy] C:\Program Files\CCProxy\CCProxy.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2E97F64-C932-40C1-89BA-D5FC8FFBEC2D}: NameServer = 10.200.1.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE


Je te remercie,encore une fois, pour ton aide précieuse.
a bientot (j espere pas mais bon... ce fut une aide appréciable!)
;)