Bonjour,

J'ai un soucis sur un PC au démarrage et je pense avoir chopper quelques choses...

Problème ATKKBService.exe au démarrage et plusieurs autres problèmes iexplorer.exe entre autre...

Je lance un scan Malwarebytes' anti-Malware. Avira anti-vir et un rapport HijackThis

Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1080
Windows 5.1.2600 Service Pack 2

11:41:41 24/08/2008
mbam-log-08-24-2008 (11-41-41).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 208200
Temps écoulé: 1 hour(s), 0 minute(s), 50 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

------------------------------------------------------------­------------------------------------------------------------­---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:43, on 24/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe
C:\Program Files\Startup Mechanic\StartupMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Graveur\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\mstsc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [AS00_Netgear] C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup Mechanic\StartupMonitor.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users.WINDOWS\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} (isInstalled Class) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Graveur\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
End of file - 12131 bytes

---------------------------------------------------------------------------------------------------------------------------------------------------------------



Avira AntiVir Personal
Report file date: dimanche 24 août 2008 11:43

Scanning for 1568528 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: GONE

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.10 2587136 Bytes 14/08/2008 09:03:19
ANTIVIR3.VDF : 7.0.6.59 242688 Bytes 23/08/2008 09:03:20
Engineversion : 8.1.1.23
AEVDF.DLL : 8.1.0.5 102772 Bytes 09/07/2008 08:46:50
AESCRIPT.DLL : 8.1.0.68 315770 Bytes 24/08/2008 09:03:33
AESCN.DLL : 8.1.0.23 119156 Bytes 24/08/2008 09:03:32
AERDL.DLL : 8.1.0.20 418165 Bytes 09/07/2008 08:46:50
AEPACK.DLL : 8.1.2.1 364917 Bytes 24/08/2008 09:03:31
AEOFFICE.DLL : 8.1.0.22 192890 Bytes 24/08/2008 09:03:29
AEHEUR.DLL : 8.1.0.50 1388918 Bytes 24/08/2008 09:03:28
AEHELP.DLL : 8.1.0.15 115063 Bytes 09/07/2008 08:46:50
AEGEN.DLL : 8.1.0.36 315764 Bytes 24/08/2008 09:03:24
AEEMU.DLL : 8.1.0.7 430452 Bytes 24/08/2008 09:03:23
AECORE.DLL : 8.1.1.8 172406 Bytes 24/08/2008 09:03:22
AEBB.DLL : 8.1.0.1 53617 Bytes 24/04/2008 08:50:42
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 24/08/2008 09:03:21
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 24 août 2008 11:43

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'mstsc.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'flashget.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'nSvcAppFlt.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'StarWindService.exe' - '1' Module(s) have been scanned
Scan process 'sqlwriter.exe' - '1' Module(s) have been scanned
Scan process 'sqlbrowser.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'nSvcLog.exe' - '1' Module(s) have been scanned
Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'LogMeIn.exe' - '1' Module(s) have been scanned
Scan process 'Apache.exe' - '1' Module(s) have been scanned
Scan process 'ramaint.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
Scan process 'Apache.exe' - '1' Module(s) have been scanned
Scan process 'Orb.exe' - '1' Module(s) have been scanned
Scan process 'rapimgr.exe' - '1' Module(s) have been scanned
Scan process 'OrbTray.exe' - '1' Module(s) have been scanned
Scan process 'wcescomm.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'acrotray.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'StartupMonitor.exe' - '1' Module(s) have been scanned
Scan process 'NetgearAG.exe' - '1' Module(s) have been scanned
Scan process 'GamerOSD.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
55 processes with 55 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '60' files ).


Starting the file scan:

Begin scan in 'C:\' <XP>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\Temp\tmp000059690\ncrdll.exe
[DETECTION] Is the TR/Small.14900 Trojan
[NOTE] The file was moved to '4923356d.qua'!
Begin scan in 'D:\' <Logiciel>
D:\Alcohol.120%.v1.9.5.3105.WinALL.Cracked-BetaMaster\Crack\Patch.exe
[DETECTION] Is the TR/Agent.69632.O Trojan
[NOTE] The file was moved to '49253577.qua'!
D:\Antivirus\Flash_Disinfector.exe
[DETECTION] Is the TR/Batc.Flashdis.A.1 Trojan
[NOTE] The file was moved to '49123585.qua'!
D:\Crystal Report Dev 8.5\Seagate Crystal Report Dev 8.5\redist\jp\NSQL20~1.EXE
[0] Archive type: ZIP SFX (self extracting)
--> INSTDLL.DLL
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4902359d.qua'!
D:\emoticon\MsgPlus-301.exe
[DETECTION] Is the TR/Dldr.Swizzor.AG.2 Trojan
[NOTE] The file was moved to '491835de.qua'!
D:\System Volume Information\_restore{28C1292A-4ABD-46DE-89E7-D99C3F82D40F}\RP248\A0033736.exe
[DETECTION] Is the TR/Agent.69632.O Trojan
[NOTE] The file was moved to '48e13670.qua'!
D:\System Volume Information\_restore{28C1292A-4ABD-46DE-89E7-D99C3F82D40F}\RP248\A0033737.exe
[DETECTION] Is the TR/Batc.Flashdis.A.1 Trojan
[NOTE] The file was moved to '4963a501.qua'!
D:\System Volume Information\_restore{28C1292A-4ABD-46DE-89E7-D99C3F82D40F}\RP248\A0033738.EXE
[0] Archive type: ZIP SFX (self extracting)
--> INSTDLL.DLL
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48e13671.qua'!
D:\System Volume Information\_restore{28C1292A-4ABD-46DE-89E7-D99C3F82D40F}\RP248\A0033739.exe
[DETECTION] Is the TR/Dldr.Swizzor.AG.2 Trojan
[NOTE] The file was moved to '4963a502.qua'!
Begin scan in 'E:\' <Fichiers>
E:\Fichiers téléchargés\archi\GH0ST.exe
[DETECTION] Is the TR/Dldr.Delphi.Gen Trojan
[NOTE] The file was moved to '48e13850.qua'!
E:\Fichiers téléchargés\archi\XXX.folder
[DETECTION] Contains recognition pattern of a probably damaged CC/JS.Agent.A sample
[NOTE] The file was moved to '49093861.qua'!
E:\Fichiers téléchargés\archi\pamela\_aleste.exe
[DETECTION] Contains recognition pattern of the W32/Stanit Windows virus
[NOTE] The file was moved to '491d38b6.qua'!
E:\Fichiers téléchargés\archi\programme\Artlantis Studio 2.0 + Crack.rar
[0] Archive type: RAR
--> Artlantis_Studio_200_EN_Win\Crack_atl_2.zip
[1] Archive type: ZIP
--> ArtlantisBatchRender.exe
[DETECTION] Is the TR/Agent.716800.F Trojan
--> ArtlantisStudio.exe
[DETECTION] Is the TR/Agent.2246656 Trojan
[NOTE] The file was moved to '4925399d.qua'!
E:\Fichiers téléchargés\archi\programme\Artlantis.Studio.v1.2.0.0.Multilanguage.WinALL.Cracked-ENGiNE.rar
[0] Archive type: RAR
--> Artlantis.Studio.v1.2.0.0.Multilanguage.WinALL.Cracked-ENGiNE\Crack\Artlantis.studio.v1.2.0.0_Crk.exe
[DETECTION] Is the TR/Patch.ES Trojan
[NOTE] The file was moved to '492539c3.qua'!
E:\Fichiers téléchargés\archi\programme\Artlantis.Studio.v2.0.0.3.Multilangual-ENGiNE.rar
[0] Archive type: RAR
--> Artlantis.Studio.v2.0.0.3.Multilangual-ENGiNE\e-as23ce.zip
[1] Archive type: ZIP
--> e-as23.rar
[2] Archive type: RAR
--> ENGiNE\ArtlantisBatchRender.exe
[DETECTION] Is the TR/Agent.716800.F Trojan
--> ENGiNE\ArtlantisStudio.exe
[DETECTION] Is the TR/Agent.2246656 Trojan
[NOTE] The file was moved to '492539e9.qua'!
E:\Fichiers téléchargés\archi\programme\archi 10 commercial\Setup.exe
[DETECTION] Contains recognition pattern of the W32/Stanit Windows virus
[NOTE] The file was moved to '49253ad9.qua'!
E:\Fichiers téléchargés\archi\programme\archi 10 commercial\ArchiCAD 10\archive.exe
[DETECTION] Contains recognition pattern of the W32/Stanit Windows virus
[NOTE] The file was moved to '49143ae7.qua'!
E:\Fichiers téléchargés\archi\programme\archi 10 commercial\ArchiCAD 10\Setup.exe
[DETECTION] Contains recognition pattern of the W32/Stanit Windows virus
[NOTE] The file was moved to '49253af4.qua'!
E:\Fichiers téléchargés\archi\programme\archi 10 commercial\ArchiCAD 10\JVM\jre-1_5_0_06-windows-i586-p.exe
[DETECTION] Contains recognition pattern of the W32/Stanit Windows virus
[NOTE] The file was moved to '49163b02.qua'!
E:\Fichiers téléchargés\archi\programme\archi 10 commercial\Crack\Arch10.fr_Crk.exe
[DETECTION] Contains recognition pattern of the W32/Stanit Windows virus
[NOTE] The file was moved to '49143b02.qua'!
E:\Fichiers téléchargés\archi\programme\archi 10 commercial\JAVA\jre-1_5_0_06-windows-i586-p.exe
[DETECTION] Contains recognition pattern of the W32/Stanit Windows virus
[NOTE] The file was moved to '489299b3.qua'!
E:\Fichiers téléchargés\archi\programme\archi 10 commercial\QuickTime\QuickTimeInstaller.exe
[DETECTION] Contains recognition pattern of the W32/Stanit Windows virus
[NOTE] The file was moved to '491a3b06.qua'!
E:\Fichiers téléchargés\archi\programme\archi 10 commercial\WIBU\WIBU32\WIBUKEY.exe
[DETECTION] Contains recognition pattern of the W32/Stanit Windows virus
[NOTE] The file was moved to '48f33ada.qua'!
E:\Fichiers téléchargés\archi\programme\archi 10 commercial\WIBU\WIBU32\DRIVER\Setup32.exe
[DETECTION] Contains recognition pattern of the W32/Stanit Windows virus
[NOTE] The file was moved to '49253af6.qua'!
E:\Fichiers téléchargés\archi\programme\archi 10 commercial\WIBU\WIBU64\WIBUKEY.exe
[DETECTION] Contains recognition pattern of the W32/Stanit Windows virus
[NOTE] The file was moved to '48f33add.qua'!
E:\Fichiers téléchargés\archi\programme\archi 10 commercial\WIBU\WIBU64\DRIVER\Setup64.exe
[DETECTION] Contains recognition pattern of the W32/Gael.3666 Windows virus
[NOTE] The file was moved to '49253af9.qua'!
E:\Fichiers téléchargés\Prog Charlotte\Adobe Acrobat Reader 7.0 Professional Multilanguage + Keygenerator.zip
[0] Archive type: ZIP
--> Keygenerator.exe
[DETECTION] Contains recognition pattern of the WORM/Autorun.cxl worm
[NOTE] The file was moved to '49203bc4.qua'!
E:\System Volume Information\_restore{28C1292A-4ABD-46DE-89E7-D99C3F82D40F}\RP248\A0033740.exe
[DETECTION] Is the TR/Dldr.Delphi.Gen Trojan
[NOTE] The file was moved to '48e13c49.qua'!
E:\System Volume Information\_restore{28C1292A-4ABD-46DE-89E7-D99C3F82D40F}\RP248\A0033741.exe
[DETECTION] Contains recognition pattern of the W32/Stanit Windows virus
[NOTE] The file was moved to '4963af3a.qua'!
E:\System Volume Information\_restore{28C1292A-4ABD-46DE-89E7-D99C3F82D40F}\RP248\A0033742.exe
[DETECTION] Contains recognition pattern of the W32/Stanit Windows virus
[NOTE] The file was moved to '48e13c4b.qua'!
E:\System Volume Information\_restore{28C1292A-4ABD-46DE-89E7-D99C3F82D40F}\RP248\A0033743.exe
[DETECTION] Contains recognition pattern of the W32/Stanit Windows virus
[NOTE] The file was moved to '48e13c4a.qua'!
E:\System Volume Information\_restore{28C1292A-4ABD-46DE-89E7-D99C3F82D40F}\RP248\A0033744.exe
[DETECTION] Contains recognition pattern of the W32/Stanit Windows virus
[NOTE] The file was moved to '4963af3b.qua'!
E:\System Volume Information\_restore{28C1292A-4ABD-46DE-89E7-D99C3F82D40F}\RP248\A0033745.exe
[DETECTION] Contains recognition pattern of the W32/Stanit Windows virus
[NOTE] The file was moved to '48e13c4c.qua'!
E:\System Volume Information\_restore{28C1292A-4ABD-46DE-89E7-D99C3F82D40F}\RP248\A0033746.exe
[DETECTION] Contains recognition pattern of the W32/Stanit Windows virus
[NOTE] The file was moved to '4963af3c.qua'!
E:\System Volume Information\_restore{28C1292A-4ABD-46DE-89E7-D99C3F82D40F}\RP248\A0033747.exe
[DETECTION] Contains recognition pattern of the W32/Stanit Windows virus
[NOTE] The file was moved to '48e13c4d.qua'!
E:\System Volume Information\_restore{28C1292A-4ABD-46DE-89E7-D99C3F82D40F}\RP248\A0033748.exe
[DETECTION] Contains recognition pattern of the W32/Stanit Windows virus
[NOTE] The file was moved to '4963af3e.qua'!
E:\System Volume Information\_restore{28C1292A-4ABD-46DE-89E7-D99C3F82D40F}\RP248\A0033749.exe
[DETECTION] Contains recognition pattern of the W32/Stanit Windows virus
[NOTE] The file was moved to '48e13c4f.qua'!
E:\System Volume Information\_restore{28C1292A-4ABD-46DE-89E7-D99C3F82D40F}\RP248\A0033750.exe
[DETECTION] Contains recognition pattern of the W32/Stanit Windows virus
[NOTE] The file was moved to '4963af3d.qua'!
E:\System Volume Information\_restore{28C1292A-4ABD-46DE-89E7-D99C3F82D40F}\RP248\A0033751.exe
[DETECTION] Contains recognition pattern of the W32/Stanit Windows virus
[NOTE] The file was moved to '48e13c4e.qua'!
E:\System Volume Information\_restore{28C1292A-4ABD-46DE-89E7-D99C3F82D40F}\RP248\A0033752.exe
[DETECTION] Contains recognition pattern of the W32/Gael.3666 Windows virus
[NOTE] The file was moved to '4963af3f.qua'!


End of the scan: dimanche 24 août 2008 12:46
Used time: 1:03:24 Hour(s)

The scan has been done completely.

14658 Scanning directories
546270 Files were scanned
42 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
40 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
546227 Files not concerned
3551 Archives were scanned
1 Warnings
40 Notes

Configuration: Windows XP
Firefox 2.0.0.16