Je veux desinstaller mirar

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:04:43, on 18/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\csrss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\Ati2evxx.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\system32\spoolsv.exe
C:\WINDOWS1\system32\Ati2evxx.exe
C:\WINDOWS1\Yg\command.exe
C:\WINDOWS1\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS1\system32\HPZipm12.exe
C:\WINDOWS1\system32\svchost.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro\vk_service.exe
C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
C:\WINDOWS1\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro\VirusKeeper.exe
C:\windows1\system32\jkwnw64k.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro\Quarantaine\ncntlkdm.exe
C:\Documents and Settings\pc\svchost.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS1\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS1\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS1\system32\wscntfy.exe
C:\WINDOWS1\System32\alg.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\limewire\limewire.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS1\system32\rundll32.exe
C:\WINDOWS1\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS1\System32\Rundll32.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\WINDOWS1\explorer.exe
C:\PROGRA~1\Wanadoo\WOOBRO~1\DownloadManager.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS1\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS1\system32\WinNB56.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.12\AsRunHelp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro\VirusKeeper.exe
O4 - HKLM\..\Run: [{AA-A3-38-85-DW}] C:\windows1\system32\jkwnw64k.exe DWramXX
O4 - HKLM\..\Run: [runner1] C:\WINDOWS1\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [ExploreUpdSched] C:\Program Files\AxBx\VirusKeeper 2008 Pro\Quarantaine\ncntlkdm.exe DWramXX
O4 - HKLM\..\Run: [Host Process] C:\Documents and Settings\pc\svchost.exe
O4 - HKLM\..\Run: [{b3e5c88b-6127-cf93-ec62-2cdbabf58adf}] C:\WINDOWS1\System32\Rundll32.exe "C:\WINDOWS1\system32\{bb6b0ce1-9426-f927-8ca0-f8cf6811368c}.dll" DllInit
O4 - HKLM\..\Run: [dbar_starter] C:\Documents and Settings\pc\Application Data\Deskbar_{1113F92D-4956-40b7-A27A-261617E3F8E8}\starter.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BM834990b6] Rundll32.exe "C:\WINDOWS1\system32\owjhxbdg.dll",s
O4 - HKLM\..\Run: [807aa32a] rundll32.exe "C:\WINDOWS1\system32\dptpigss.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [L08FXLRD_3988390] "C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background
O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\Program Files\AxBx\VirusKeeper 2008 Pro\Quarantaine\ncntlkdm.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS1\system32\jkwnw64k.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = C:\Program Files\SAGEM WiFi manager\WLANUTL.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS1\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS1\system32\ati2sgag.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS1\Yg\command.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS1\System32\FTRTSVC.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS1\system32\HPZipm12.exe
O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - AxBx - C:\Program Files\AxBx\VirusKeeper 2008 Pro\vk_service.exe

BTFix 1.098 (par bibi26) - 19/05/2008 07:23:14 - Analyse
Lancé depuis C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\btfix\BTFix\BTFix.exe

---> Fichiers/Dossiers trouvés

- C:\WINDOWS1\system32\mysidesearch_sidebar_uninstall.exe
- C:\WINDOWS1\system32\mysidesearch_sidebar.dll
- C:\WINDOWS1\system32\WinNB56.dll
- C:\Program Files\NavigationProgram\
- C:\Program Files\MyWebSearch\
- C:\Program Files\FBrowserAdvisor\
- C:\Program Files\FunWebProducts\
- C:\Program Files\Dealio\

---> Analyse terminée le 19/05/2008 07:23:23



merci de m'aider!je ne sais meme pas comment c'est arrive la!pour navilog,je ne peux pas l'ouvrir,le message dit qu'il est occupe par une autre application

BTFix 1.098 (par bibi26) - 19/05/2008 19:52:40 - Nettoyage - Mode normal
Lancé depuis C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\btfix\BTFix\BTFix.exe

---> Fichiers/dossiers supprimés (Première passe)

- Fichiers temporaires effacés
- C:\WINDOWS1\system32\mysidesearch_sidebar_uninstall.exe
- C:\WINDOWS1\system32\mysidesearch_sidebar.dll
- C:\WINDOWS1\system32\WinNB56.dll
- C:\Program Files\NavigationProgram\
- C:\Program Files\MyWebSearch\bar\History\
- C:\Program Files\MyWebSearch\bar\Settings\
- C:\Program Files\MyWebSearch\bar\
- C:\Program Files\MyWebSearch\
- C:\Program Files\FBrowserAdvisor\
- C:\Program Files\FunWebProducts\ScreenSaver\Images\
- C:\Program Files\FunWebProducts\ScreenSaver\
- C:\Program Files\FunWebProducts\Shared\
- C:\Program Files\FunWebProducts\
- C:\Program Files\Dealio\kb126\
- C:\Program Files\Dealio\

---> Nettoyage terminé le 19/05/2008 19:52:58Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:55:28, on 19/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\csrss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\Ati2evxx.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\system32\spoolsv.exe
C:\WINDOWS1\system32\Ati2evxx.exe
C:\WINDOWS1\Yg\command.exe
C:\WINDOWS1\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS1\system32\HPZipm12.exe
C:\WINDOWS1\system32\svchost.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro\vk_service.exe
C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
C:\WINDOWS1\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro\VirusKeeper.exe
C:\windows1\system32\jkwnw64k.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro\Quarantaine\ncntlkdm.exe
C:\Documents and Settings\pc\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS1\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS1\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS1\System32\alg.exe
C:\WINDOWS1\system32\wscntfy.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\limewire\limewire.exe
C:\WINDOWS1\system32\rundll32.exe
C:\WINDOWS1\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\WINDOWS1\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS1\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.12\AsRunHelp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro\VirusKeeper.exe
O4 - HKLM\..\Run: [{AA-A3-38-85-DW}] C:\windows1\system32\jkwnw64k.exe DWramXX
O4 - HKLM\..\Run: [runner1] C:\WINDOWS1\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [ExploreUpdSched] C:\Program Files\AxBx\VirusKeeper 2008 Pro\Quarantaine\ncntlkdm.exe DWramXX
O4 - HKLM\..\Run: [Host Process] C:\Documents and Settings\pc\svchost.exe
O4 - HKLM\..\Run: [{b3e5c88b-6127-cf93-ec62-2cdbabf58adf}] C:\WINDOWS1\System32\Rundll32.exe "C:\WINDOWS1\system32\{bb6b0ce1-9426-f927-8ca0-f8cf6811368c}.dll" DllInit
O4 - HKLM\..\Run: [dbar_starter] C:\Documents and Settings\pc\Application Data\Deskbar_{1113F92D-4956-40b7-A27A-261617E3F8E8}\starter.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BM834990b6] Rundll32.exe "C:\WINDOWS1\system32\mylbiima.dll",s
O4 - HKLM\..\Run: [807aa32a] rundll32.exe "C:\WINDOWS1\system32\hvpoyuma.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [L08FXLRD_3988390] "C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background
O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\Program Files\AxBx\VirusKeeper 2008 Pro\Quarantaine\ncntlkdm.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS1\system32\jkwnw64k.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = C:\Program Files\SAGEM WiFi manager\WLANUTL.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS1\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS1\system32\ati2sgag.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS1\Yg\command.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS1\System32\FTRTSVC.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS1\system32\HPZipm12.exe
O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - AxBx - C:\Program Files\AxBx\VirusKeeper 2008 Pro\vk_service.exe

j'ai un antivirus§ virus keeper pro

mon antivirus est dedans!! viruskeeper pro

re,
je ne peux pas l'ouvrir il me dit qu'il est occupe par une autre application.

maintenant il me sort tous les dossiers de smitfraudfix,lequel j'utilise?merci

SmitFraudFix v2.320

Rapport fait à 22:25:06,75, 19/05/2008
Executé à partir de C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\Explorer.EXE
C:\WINDOWS1\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS1


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS1\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS1\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS1\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS1\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\pc

C:\Documents and Settings\pc\svchost.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\pc\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\pc\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS1\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

il me donnait tous les sous dossiers mais je penses que tu m'as indique le bon.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:58:28, on 20/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\csrss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\Ati2evxx.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\system32\Ati2evxx.exe
C:\WINDOWS1\Explorer.EXE
C:\WINDOWS1\system32\spoolsv.exe
C:\WINDOWS1\Yg\command.exe
C:\WINDOWS1\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS1\system32\HPZipm12.exe
C:\WINDOWS1\system32\svchost.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro\vk_service.exe
C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
C:\WINDOWS1\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro\VirusKeeper.exe
C:\windows1\system32\jkwnw64k.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro\Quarantaine\ncntlkdm.exe
C:\WINDOWS1\System32\Rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS1\system32\rundll32.exe
C:\WINDOWS1\system32\Rundll32.exe
C:\WINDOWS1\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS1\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS1\System32\alg.exe
C:\WINDOWS1\system32\wscntfy.exe
C:\WINDOWS1\system32\msiexec.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS1\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.12\AsRunHelp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro\VirusKeeper.exe
O4 - HKLM\..\Run: [{AA-A3-38-85-DW}] C:\windows1\system32\jkwnw64k.exe DWramXX
O4 - HKLM\..\Run: [runner1] C:\WINDOWS1\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [ExploreUpdSched] C:\Program Files\AxBx\VirusKeeper 2008 Pro\Quarantaine\ncntlkdm.exe DWramXX
O4 - HKLM\..\Run: [Host Process] C:\Documents and Settings\pc\svchost.exe
O4 - HKLM\..\Run: [{b3e5c88b-6127-cf93-ec62-2cdbabf58adf}] C:\WINDOWS1\System32\Rundll32.exe "C:\WINDOWS1\system32\{bb6b0ce1-9426-f927-8ca0-f8cf6811368c}.dll" DllInit
O4 - HKLM\..\Run: [dbar_starter] C:\Documents and Settings\pc\Application Data\Deskbar_{1113F92D-4956-40b7-A27A-261617E3F8E8}\starter.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [807aa32a] rundll32.exe "C:\WINDOWS1\system32\hvpoyuma.dll",b
O4 - HKLM\..\Run: [BM834990b6] Rundll32.exe "C:\WINDOWS1\system32\mylbiima.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background
O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\Program Files\AxBx\VirusKeeper 2008 Pro\Quarantaine\ncntlkdm.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS1\system32\jkwnw64k.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = C:\Program Files\SAGEM WiFi manager\WLANUTL.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS1\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS1\system32\ati2sgag.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS1\Yg\command.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS1\System32\FTRTSVC.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS1\system32\HPZipm12.exe
O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - AxBx - C:\Program Files\AxBx\VirusKeeper 2008 Pro\vk_service.exe

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:48:38, on 20/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\Ati2evxx.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\system32\spoolsv.exe
C:\WINDOWS1\system32\Ati2evxx.exe
C:\WINDOWS1\Explorer.EXE
C:\WINDOWS1\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS1\system32\HPZipm12.exe
C:\WINDOLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:52:35, on 20/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\Ati2evxx.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\system32\spoolsv.exe
C:\WINDOWS1\system32\Ati2evxx.exe
C:\WINDOWS1\Explorer.EXE
C:\WINDOWS1\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS1\system32\HPZipm12.exe
C:\WINDOWS1\system32\svchost.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro\vk_service.exe
C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
C:\WINDOWS1\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro\VirusKeeper.exe
C:\WINDOWS1\System32\Rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS1\system32\rundll32.exe
C:\WINDOWS1\system32\Rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS1\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
c:\windows1\system32\rwwnw64d.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro\Quarantaine\ncntlkdm.exe
C:\WINDOWS1\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS1\system32\msiexec.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.12\AsRunHelp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro\VirusKeeper.exe
O4 - HKLM\..\Run: [{AA-A3-38-85-DW}] c:\windows1\system32\rwwnw64d.exe DWramXX
O4 - HKLM\..\Run: [{b3e5c88b-6127-cf93-ec62-2cdbabf58adf}] C:\WINDOWS1\System32\Rundll32.exe "C:\WINDOWS1\system32\{bb6b0ce1-9426-f927-8ca0-f8cf6811368c}.dll" DllInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [807aa32a] rundll32.exe "C:\WINDOWS1\system32\hvpoyuma.dll",b
O4 - HKLM\..\Run: [BM834990b6] Rundll32.exe "C:\WINDOWS1\system32\mylbiima.dll",s
O4 - HKLM\..\Run: [ExploreUpdSched] C:\Program Files\AxBx\VirusKeeper 2008 Pro\Quarantaine\ncntlkdm.exe DWramXX
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\Program Files\AxBx\VirusKeeper 2008 Pro\Quarantaine\ncntlkdm.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS1\system32\rwwnw64d.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = C:\Program Files\SAGEM WiFi manager\WLANUTL.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS1\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS1\system32\ati2sgag.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS1\System32\FTRTSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS1\system32\HPZipm12.exe
O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - AxBx - C:\Program Files\AxBx\VirusKeeper 2008 Pro\vk_service.exe

Malwarebytes' Anti-Malware 1.12
Version de la base de données: 768

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 211609
Temps écoulé: 42 minute(s), 50 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 23
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 6
Fichier(s) infecté(s): 64

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
c:\WINDOWS1\system32\{bb6b0ce1-9426-f927-8ca0-f8cf6811368c}.dll (Adware.Vapsup) -> Unloaded module successfully.
C:\WINDOWS1\system32\hvpoyuma.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS1\system32\jkkKabbA.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS1\system32\{321ef3c3-2dec-97d5-7c96-b96f7805d764}.dll (Trojan.Agent) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{5d932aae-0c38-81b4-f77d-b54f77a2dd23} (Adware.Vapsup) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5d932aae-0c38-81b4-f77d-b54f77a2dd23} (Adware.Vapsup) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fccef4e9-2500-4fb1-b156-569fa1b7dc4c} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{fccef4e9-2500-4fb1-b156-569fa1b7dc4c} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\Interface\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9f593aac-ca4c-4a41-a7ff-a00812192d61} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{749ec66f-a838-4b38-b8e5-e65d905fff74} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gooochi (Adware.Vapsup) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\playmp3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e13a2098-e68a-dbee-ac3f-332784adeea5} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{e13a2098-e68a-dbee-ac3f-332784adeea5} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f08c2c87-87ad-0298-ebb5-f1cfbeac7161} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f08c2c87-87ad-0298-ebb5-f1cfbeac7161} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deewoo Network Manager (Adware.Radio) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{b3e5c88b-6127-cf93-ec62-2cdbabf58adf} (Adware.Vapsup) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\807aa32a (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{8a290466-39bd-419b-93db-0e9599506654} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM834990b6 (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ExploreUpdSched (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows1\system32\jkkkabba -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows1\system32\jkkkabba -> Delete on reboot.

Dossier(s) infecté(s):
C:\Program Files\MessengerSkinner (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\download (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\updates (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
c:\WINDOWS1\system32\{bb6b0ce1-9426-f927-8ca0-f8cf6811368c}.dll (Adware.Vapsup) -> Delete on reboot.
C:\WINDOWS1\system32\edvhmmua.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\aummhvde.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\hvpoyuma.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS1\system32\amuyopvh.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\jkkKabbA.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS1\system32\AbbaKkkj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\AbbaKkkj.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\play_mp3.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\AxBx\VirusKeeper 2008 Pro\Quarantaine\csrss.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\AxBx\VirusKeeper 2008 Pro\Quarantaine\mrofinu1000106.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Program Files\AxBx\VirusKeeper 2008 Pro\Quarantaine\mrofinu1188.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Program Files\AxBx\VirusKeeper 2008 Pro\Quarantaine\ncntlkdn.exe (Adware.ZeroSearch) -> Quarantined and deleted successfully.
C:\Program Files\AxBx\VirusKeeper 2008 Pro\Quarantaine\smss.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\FairUse Wizard 2\un_FU-Setup_14333.exe (Adware.Rabio) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\DefenseNetSurfage\stm.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z\PlayMP3.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP128\A0017898.exe (Trojan.StartPage) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP128\A0017903.exe (Adware.ZeroSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP133\A0019568.exe (Rogue.PCPrivacyTool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP133\A0019579.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP135\A0019727.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP136\A0019756.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP136\A0019813.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP136\A0020043.dll (AdWare.CommAd) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP136\A0020044.exe (AdWare.CommAd) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP136\A0020046.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP136\A0020048.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP136\A0020049.dll (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP136\A0020051.exe (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP136\A0020062.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP136\A0020063.dll (Adware.TargetSaver) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP136\A0020066.vbs (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\ncntlkdn.exe (Adware.ZeroSearch) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\{bb6b0ce1-9426-f927-8ca0-f8cf6811368c}.dll-uninst.exe (Adware.Vapsup) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\emL1\roEbdll2.exe (Trojan.StartPage) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\rDA\dBparsdll.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\MessengerSkinner.url (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\MessengerSkinnerDll.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\download\defaultPack.cab (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\appconfig.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btn.rgn (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnBnr.rgn (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnIn.rgn (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnInNormal.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnInOver.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnNormal.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnNormal.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnNormalBnr.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnNormalBnr.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnOver.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnOver.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnOverBnr.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnOverBnr.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\languages.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z\uninstall.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\{321ef3c3-2dec-97d5-7c96-b96f7805d764}.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS1\system32\mylbiima.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS1\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:07:01, on 20/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\Ati2evxx.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\system32\spoolsv.exe
C:\WINDOWS1\system32\Ati2evxx.exe
C:\WINDOWS1\Explorer.EXE
C:\WINDOWS1\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS1\system32\HPZipm12.exe
C:\WINDOWS1\system32\svchost.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro\vk_service.exe
C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
C:\WINDOWS1\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro\VirusKeeper.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS1\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro\Quarantaine\ncntlkdm.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS1\System32\ALERTM~1\ALERTM~1.EXE
C:\WINDOWS1\system32\wscntfy.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS1\system32\msiexec.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {8b7d47ec-fdf8-8f8a-2c84-4184b2cbec8a} - {a8cebc2b-4814-48c2-a8f8-8fdfce74d7b8} - C:\WINDOWS1\system32\oqrrajqo.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.12\AsRunHelp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro\VirusKeeper.exe
O4 - HKLM\..\Run: [{AA-A3-38-85-DW}] c:\windows1\system32\rwwnw64d.exe DWramXX
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ExploreUpdSched] C:\Program Files\AxBx\VirusKeeper 2008 Pro\Quarantaine\ncntlkdm.exe DWramXX
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\Program Files\AxBx\VirusKeeper 2008 Pro\Quarantaine\ncntlkdm.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS1\system32\rwwnw64d.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = C:\Program Files\SAGEM WiFi manager\WLANUTL.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS1\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS1\system32\ati2sgag.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS1\System32\FTRTSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS1\system32\HPZipm12.exe
O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - AxBx - C:\Program Files\AxBx\VirusKeeper 2008 Pro\vk_service.exe

re,
voici le rapport:
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, May 20, 2008 9:28:22 PM
Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 20/05/2008
Enregistrements dans la base antivirus Kaspersky : 703072


Paramètres d'analyse
Analyser avec la base antivirus suivante standard
Analyser les archives vrai
Analyser les bases de messagerie vrai

Cible de l'analyse Poste de travail
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Statistiques de l'analyse
Total d'objets analysés 163704
Nombre de virus trouvés 3
Nombre d'objets infectés 5 / 0
Nombre d'objets suspects 0
Durée de l'analyse 02:08:35

Nom de l'objet infecté Nom du virus Dernière action
C:\Documents and Settings\All Users.WINDOWS1\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré

C:\Documents and Settings\All Users.WINDOWS1\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré

C:\Documents and Settings\H5456\Local Settings\Temp\hsperfdata_H5456\2980 L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService.AUTORITE NT\Cookies\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService.AUTORITE NT\NTUSER.DAT L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService.AUTORITE NT\ntuser.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService.AUTORITE NT\NTUSER.DAT L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService.AUTORITE NT\ntuser.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\pc\Cookies\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\pc\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

C:\Documents and Settings\pc\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\pc\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\pc\Local Settings\Historique\History.IE5\MSHist012008052020080521\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\pc\Local Settings\Temp\hpodvd09.log L'objet est verrouillé ignoré

C:\Documents and Settings\pc\Local Settings\Temp\Perflib_Perfdata_2c4.dat L'objet est verrouillé ignoré

C:\Documents and Settings\pc\Local Settings\Temp\~DF36BE.tmp L'objet est verrouillé ignoré

C:\Documents and Settings\pc\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\sdfix\SDFix\backups\backups.zip/backups/dFrnx051080.exe Infecté : Trojan-Downloader.Win32.VB.ehl ignoré

C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\sdfix\SDFix\backups\backups.zip ZIP: infecté - 1 ignoré

C:\Documents and Settings\pc\Mes documents\LimeWire\Incomplete\chti quinquin.mp3 Infecté : Trojan-Downloader.WMA.Wimad.n ignoré

C:\Documents and Settings\pc\Mes documents\Ma musique\iTunes\Incomplete\salsa du demon.mp3 Infecté : Trojan-Downloader.WMA.Wimad.n ignoré

C:\Documents and Settings\pc\ntuser.dat L'objet est verrouillé ignoré

C:\Documents and Settings\pc\NTUSER.DAT.LOG L'objet est verrouillé ignoré

C:\Program Files\AxBx\VirusKeeper 2008 Pro\Quarantaine\svchost.exe Infecté : Trojan.Win32.VB.cxu ignoré

C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré

C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP136\change.log L'objet est verrouillé ignoré

C:\WINDOWS1\Debug\PASSWD.LOG L'objet est verrouillé ignoré

C:\WINDOWS1\SchedLgU.Txt L'objet est verrouillé ignoré

C:\WINDOWS1\SoftwareDistribution\EventCache\{B3C07DC4-198D-4E37-BC35-07B51C379D65}.bin L'objet est verrouillé ignoré

C:\WINDOWS1\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré

C:\WINDOWS1\Sti_Trace.log L'objet est verrouillé ignoré

C:\WINDOWS1\system32\CatRoot2\edb.log L'objet est verrouillé ignoré

C:\WINDOWS1\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré

C:\WINDOWS1\system32\config\AppEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS1\system32\config\default L'objet est verrouillé ignoré

C:\WINDOWS1\system32\config\default.LOG L'objet est verrouillé ignoré

C:\WINDOWS1\system32\config\SAM L'objet est verrouillé ignoré

C:\WINDOWS1\system32\config\SAM.LOG L'objet est verrouillé ignoré

C:\WINDOWS1\system32\config\SecEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS1\system32\config\SECURITY L'objet est verrouillé ignoré

C:\WINDOWS1\system32\config\SECURITY.LOG L'objet est verrouillé ignoré

C:\WINDOWS1\system32\config\software L'objet est verrouillé ignoré

C:\WINDOWS1\system32\config\software.LOG L'objet est verrouillé ignoré

C:\WINDOWS1\system32\config\SysEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS1\system32\config\system L'objet est verrouillé ignoré

C:\WINDOWS1\system32\config\system.LOG L'objet est verrouillé ignoré

C:\WINDOWS1\system32\h323log.txt L'objet est verrouillé ignoré

C:\WINDOWS1\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré

C:\WINDOWS1\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré

C:\WINDOWS1\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré

C:\WINDOWS1\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré

C:\WINDOWS1\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré

C:\WINDOWS1\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré

C:\WINDOWS1\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré

C:\WINDOWS1\wiadebug.log L'objet est verrouillé ignoré

C:\WINDOWS1\wiaservc.log L'objet est verrouillé ignoré

C:\WINDOWS1\WindowsUpdate.log L'objet est verrouillé ignoré

D:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré

Analyse terminée.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:38:29, on 20/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\Ati2evxx.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\system32\spoolsv.exe
C:\WINDOWS1\system32\Ati2evxx.exe
C:\WINDOWS1\Explorer.EXE
C:\WINDOWS1\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS1\system32\HPZipm12.exe
C:\WINDOWS1\system32\svchost.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro\vk_service.exe
C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
C:\WINDOWS1\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro\VirusKeeper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro\Quarantaine\ncntlkdm.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS1\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS1\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS1\system32\msiexec.exe
C:\WINDOWS1\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {8b7d47ec-fdf8-8f8a-2c84-4184b2cbec8a} - {a8cebc2b-4814-48c2-a8f8-8fdfce74d7b8} - C:\WINDOWS1\system32\oqrrajqo.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.12\AsRunHelp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro\VirusKeeper.exe
O4 - HKLM\..\Run: [{AA-A3-38-85-DW}] c:\windows1\system32\rwwnw64d.exe DWramXX
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ExploreUpdSched] C:\Program Files\AxBx\VirusKeeper 2008 Pro\Quarantaine\ncntlkdm.exe DWramXX
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\Program Files\AxBx\VirusKeeper 2008 Pro\Quarantaine\ncntlkdm.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS1\system32\rwwnw64d.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = C:\Program Files\SAGEM WiFi manager\WLANUTL.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS1\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS1\system32\ati2sgag.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS1\System32\FTRTSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS1\system32\HPZipm12.exe
O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - AxBx - C:\Program Files\AxBx\VirusKeeper 2008 Pro\vk_service.exe

bonjour
oui je payes virus keeper jusqu'a mars 2009.