Infecté par un Trojan win32 gen

bonjour,

j'ai suivi les instructions, donc voici les rapports VundoFix et HijackThis. Que devrai-je faire pr la suite ? Merci


VundoFix V6.3.9

Checking Java version...

Java version is 1.5.0.6

Scan started at 12:56:46 25/02/2007

Listing files found while scanning....

C:\WINDOWS\system32\jkklk.dll
C:\WINDOWS\system32\klkkj.bak1
C:\WINDOWS\system32\klkkj.bak2
C:\WINDOWS\system32\klkkj.ini
C:\WINDOWS\system32\klkkj.ini2
C:\WINDOWS\system32\klkkj.tmp
C:\WINDOWS\system32\shcsfsow.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\jkklk.dll
C:\WINDOWS\system32\jkklk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\klkkj.bak1
C:\WINDOWS\system32\klkkj.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\klkkj.bak2
C:\WINDOWS\system32\klkkj.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\klkkj.ini
C:\WINDOWS\system32\klkkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\klkkj.ini2
C:\WINDOWS\system32\klkkj.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\klkkj.tmp
C:\WINDOWS\system32\klkkj.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\shcsfsow.dll
C:\WINDOWS\system32\shcsfsow.dll Has been deleted!

Performing Repairs to the registry.
Done!




Logfile of HijackThis v1.99.1
Scan saved at 13:08:17, on 25/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\HPAware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Belkin\Logiciel Bluetooth\BTTray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\merouane\LOCALS~1\Temp\Rar$EX00.594\HijackThis.e­xe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6AAFFECB-C291-D274-2709-095D05C9A843} - C:\WINDOWS\system32\qbagmg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {C7F47017-0A96-4600-8C65-FDDFAFE0E997} - C:\WINDOWS\system32\ssqopnm.dll
O2 - BHO: (no name) - {DDB8E2E5-44A3-4EA9-AF33-C0F4E8F37657} - C:\WINDOWS\system32\jkklk.dll (file missing)
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\shcsfsow.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [ezgnkhf.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\merouane\Local Settings\Application Data\ezgnkhf.dll",yuubxkg
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvhux.dll,startup
O4 - HKLM\..\Run: [HP Update Assistant] C:\WINDOWS\system32\HPAware.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ssqopnm - C:\WINDOWS\SYSTEM32\ssqopnm.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjjq32 - C:\WINDOWS\SYSTEM32\winjjq32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

voilà le nouveau rapport Vundo ainsi que le log Hijack que vous m'avez demandé. j'attendrai la suite des instructions. merci



Java version is 1.5.0.6

Scan started at 12:56:46 25/02/2007

Listing files found while scanning....

C:\WINDOWS\system32\jkklk.dll
C:\WINDOWS\system32\klkkj.bak1
C:\WINDOWS\system32\klkkj.bak2
C:\WINDOWS\system32\klkkj.ini
C:\WINDOWS\system32\klkkj.ini2
C:\WINDOWS\system32\klkkj.tmp
C:\WINDOWS\system32\shcsfsow.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\jkklk.dll
C:\WINDOWS\system32\jkklk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\klkkj.bak1
C:\WINDOWS\system32\klkkj.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\klkkj.bak2
C:\WINDOWS\system32\klkkj.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\klkkj.ini
C:\WINDOWS\system32\klkkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\klkkj.ini2
C:\WINDOWS\system32\klkkj.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\klkkj.tmp
C:\WINDOWS\system32\klkkj.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\shcsfsow.dll
C:\WINDOWS\system32\shcsfsow.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\ssqopnm.dll
C:\WINDOWS\SYSTEM32\ssqopnm.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\qbagmg.dll
C:\WINDOWS\system32\qbagmg.dll Has been deleted!

Performing Repairs to the registry.
Done!



Logfile of HijackThis v1.99.1
Scan saved at 20:18:15, on 25/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\HPAware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Belkin\Logiciel Bluetooth\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [ezgnkhf.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\merouane\Local Settings\Application Data\ezgnkhf.dll",yuubxkg
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvhux.dll,startup
O4 - HKLM\..\Run: [HP Update Assistant] C:\WINDOWS\system32\HPAware.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

re,
tout d'abord j'ai rencontré un petit souci au redémarrage de Windows après le scan de eScan. Le pc m'a signalé 2 erreurs de chargement
1) C:\Documets and Settings\ma cession\Local Settings\Application\Data\ezgnkhf.dll (module introuvable)

2)C:\WINDOWS\System32\drvhux.dll (module introuvable)


et voilà le rapport de eScan :


File C:\WINDOWS\system32/udial.exe infected by "Trojan.Win32.Dialer.rt" Virus. Action Taken: File Deleted.

File C:\WINDOWS\system32\drvhux.dll infected by "Trojan.Win32.Agent.qt" Virus. Action Taken: File Deleted.

File C:\WINDOWS\system32\winjjq32.dll infected by "Trojan.Win32.Agent.qt" Virus. Action Taken: File to be deleted on reboot.

File C:\WINDOWS\system32\wvurpqr.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.ha. No Action Taken.

File C:\Documents and Settings\merouane\Bureau\bpftpserver_install.exe tagged as not-a-virus:Server-FTP.Win32.BulletProof.231. No Action Taken.

File C:\Documents and Settings\merouane\Local Settings\Application Data\ezgnkhf.dll infected by "Trojan-Downloader.Win32.Busky.gen" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{C479C975-8F87-4C4A-BF87-6B717348EAB8}\RP2\A0000096.exe infected by "Trojan-Downloader.Win32.Tiny.fk" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{C479C975-8F87-4C4A-BF87-6B717348EAB8}\RP2\A0000181.exe infected by "Trojan.Win32.Dialer.rt" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{C479C975-8F87-4C4A-BF87-6B717348EAB8}\RP2\A0000229.exe infected by "Trojan.Win32.Dialer.rt" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{C479C975-8F87-4C4A-BF87-6B717348EAB8}\RP3\A0000397.exe infected by "Trojan.Win32.Dialer.rt" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{C479C975-8F87-4C4A-BF87-6B717348EAB8}\RP3\A0000428.exe infected by "Trojan-Downloader.Win32.Tiny.fk" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{C479C975-8F87-4C4A-BF87-6B717348EAB8}\RP3\A0000437.exe infected by "Trojan.Win32.Dialer.rt" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{C479C975-8F87-4C4A-BF87-6B717348EAB8}\RP3\A0000458.exe infected by "Trojan.Win32.Dialer.rt" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{C479C975-8F87-4C4A-BF87-6B717348EAB8}\RP4\A0001458.exe infected by "Trojan.Win32.Dialer.rt" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{C479C975-8F87-4C4A-BF87-6B717348EAB8}\RP4\A0001498.dll infected by "Trojan.Win32.BHO.g" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{C479C975-8F87-4C4A-BF87-6B717348EAB8}\RP4\A0001507.exe infected by "Trojan.Win32.Dialer.rt" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{C479C975-8F87-4C4A-BF87-6B717348EAB8}\RP4\A0001564.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.ha. No Action Taken.

File C:\System Volume Information\_restore{C479C975-8F87-4C4A-BF87-6B717348EAB8}\RP4\A0001574.exe infected by "Trojan.Win32.Dialer.rt" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{C479C975-8F87-4C4A-BF87-6B717348EAB8}\RP4\A0001581.dll infected by "Trojan-Downloader.Win32.Busky.gen" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{C479C975-8F87-4C4A-BF87-6B717348EAB8}\RP4\A0001610.exe infected by "Trojan.Win32.Dialer.rt" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{C479C975-8F87-4C4A-BF87-6B717348EAB8}\RP4\A0001611.dll infected by "Trojan.Win32.Agent.qt" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{C479C975-8F87-4C4A-BF87-6B717348EAB8}\RP4\A0001612.dll infected by "Trojan-Downloader.Win32.Busky.gen" Virus. Action Taken: File Deleted.

File C:\VundoFix Backups\qbagmg.dll .bad infected by "Trojan-Downloader.Win32.Busky.gen" Virus. Action Taken: File Deleted.
File C:\VundoFix Backups\shcsfsow.dll.bad infected by "Trojan.Win32.BHO.g" Virus. Action Taken: File Deleted.

File C:\VundoFix Backups\ssqopnm.dll .bad tagged as not-a-virus:AdWare.Win32.Virtumonde.ha. No Action Taken.

File C:\WINDOWS\system32\udial.exe infected by "Trojan.Win32.Dialer.rt" Virus. Action Taken: File to be deleted on reboot.
File C:\WINDOWS\system32\wvurpqr.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.ha. No Action Taken.

File C:\WINDOWS\Temp\mst6B.tmp infected by "Trojan.Win32.Agent.qt" Virus. Action Taken: File Deleted.
File C:\WINDOWS\Temp\win180.tmp.exe infected by "Trojan.Win32.Dialer.rt" Virus. Action Taken: File to be deleted on reboot.

File C:\WINDOWS\Temp\win65.tmp.exe infected by "Trojan-Downloader.Win32.Agent.bgn" Virus. Action Taken: File Deleted.

File C:\WINDOWS\Temp\win86.tmp.exe infected by "Trojan.Win32.Dialer.rt" Virus. Action Taken: File Deleted.


merci !

bonsoir,
volà les rapports SDFix et Clean. merci


SDFix: Version 1.68

Run by merouane - 26/02/2007 @ 19:13:21,21

Microsoft Windows XP [version 5.1.2600]

Running From: C:\Documents and Settings\merouane\Bureau\SDFix

Safe Mode:
Checking Services:

Name:

Path:


Checking For Malware Registry Entries
Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\Temp\removalfile.bat - Deleted
C:\WINDOWS\Temp\win*.tmp - Deleted



ADS Check:

C:\WINDOWS\system32
No streams found.


Final Check:

Remaining Services:
------------------


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Shared­Access\Parameters\FirewallPolicy\StandardProfile\AuthorizedA­pplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"="C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe:*:Enabled:HP Software Update Client"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe:*:Enabled:TrueVector Service"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Documents and Settings\\merouane\\Local Settings\\Temp\\java_ee_sdk-5_01-windows.exe2\\package\\jre\\bin\\javaw.exe"="C:\\Documents and Settings\\merouane\\Local Settings\\Temp\\java_ee_sdk-5_01-windows.exe2\\package\\jre\\bin\\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\Sun\\SDK\\jdk\\bin\\java.exe"="C:\\Sun\\SDK\\jdk\\bin\\java.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\Program Files\\Java\\jdk\\bin\\java.exe"="C:\\Program Files\\Java\\jdk\\bin\\java.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\WINDOWS\\system32\\javaw.exe"="C:\\WINDOWS\\system32\\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MaxTV\\maxtv.exe"="C:\\Program Files\\MaxTV\\maxtv.exe:*:Disabled:MaxTV Online"
"C:\\Program Files\\BPFTP Server\\bpftpserver.exe"="C:\\Program Files\\BPFTP Server\\bpftpserver.exe:*:Enabled:BulletProof FTP Server (http://www.bpftpserver.com)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Kaspersky\\kavupd.exe"="C:\\Kaspersky\\kavupd.exe:*:Enabled:kavupd"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"


Remaining Files:
---------------

Backups Folder: - C:\DOCUME~1\merouane\Bureau\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\WINDOWS\system32\ssqpn.dll
C:\WINDOWS\system32\wvurpqr.dll

Add/Remove Programs List:

a-squared Free 2.1
Athan Basic 3.0
avast! Antivirus
BitComet 0.68
BulletProof FTP Server (remove only)
CCleaner (remove only)
PowerPoint Slide Show Converter 2.3
EasyPHP 1.8
eMule
FL Studio 6
HijackThis 1.99.1
HP Image Zone 4.7
HP Extended Capabilities 4.7
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
IL Download Manager
iTunes
iPod for Windows 2005-02-22
Java Platform, Enterprise Edition 5 SDK
Correctif Windows XP - KB873339
Correctif Windows XP - KB885835
Correctif Windows XP - KB885836
Correctif Windows XP - KB886185
Correctif Windows XP - KB887472
Correctif Windows XP - KB887742
Correctif Windows XP - KB888113
Correctif Windows XP - KB888302
Correctif Windows XP - KB890859
Correctif Windows XP - KB891781
K-Lite Codec Pack 2.72 Full
Logitech Print Service
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Messenger Plus! 3
Barre d'outils MSN
Microsoft National Language Support Downlevel APIs
Plato Video To 3GP Converter Free 3.31
pptXTREME Import_Export for PowerPoint
Programme de gestion Camera de Logitech©
QuickTime
RealPlayer
SAMSUNG CDMA Modem Driver Set
Samsung Mobile USB Modem Software
SAMSUNG Mobile USB Modem 1.0 Software
Adobe Flash Player 9 ActiveX
Steinberg Cubase SX v3.1.1.944
BeWAN ADSL modem
SyncroSoft Emu (Remove only)
Le Centre de Contr“le de Licences de Syncrosoft
VideoLAN VLC media player 0.8.5
Archiveur WinRAR
Yahoo! Toolbar avec bloqueur de fenˆtres pop-up
Yahoo! Toolbar
Scan
1600
ScannerCopy
HP Software Update
HP Product Assistant
Fax
InstantShare
Copy
TrayApp
ACDSee for Pentax 2.0
cp_dwShrek2Albums1
Unload
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 10
HP PSC & OfficeJet 4.7
CueTour
ProductContext
iTunes
Belkin Bluetooth Software
Readme
GdiplusUpgrade
PanoStandAlone
CreativeProjects
PhotoGallery
AiO_Scan
Samsung PC Studio
Destinations
Nero 7 Demo
BufferChm
Microsoft .NET Framework 2.0
cp_dwShrek2Cards1
HPSystemDiagnostics
MVCpromo
SkinsHP1
AiOSoftware
QFolder
DocProc
Logitech Desktop Messenger
Microsoft Office Professional Edition 2003
Microsoft .NET Framework 1.1 French Language Pack
CP_AtenaShokunin1Config
Adobe Reader 8 - Fran‡ais
iPod for Windows 2005-02-22
Director
MSN Messenger 7.5
MarketResearch
Logiciel QuickCam de Logitech
Samsung PC Studio
Microsoft .NET Framework 1.1
1600_Help
WebReg
DocumentViewer
LP_Flash
Sony Media Manager 2.0
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Samsung PC Studio 3 USB Driver Installer
1600Trb
CreativeProjectsTemplates

Finished


Rapport clean par Malekal_morte - http://www.malekal.com
Option 1, executee le 26/02/2007 a 19:23:58,10

*** Recherche de fichiers sur C:

*** Recherche des fichiers dans C:\WINDOWS\
C:\WINDOWS\ALCXMNTR.EXE FOUND

*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\mcrh.tmp FOUND

*** Fin du rapport !

re,
voilà le nouveau rapport Clean ainsi que les 2 rapports de Total virus pour les fichiers ssqpn.dll et wvurpqr.dll.


Script execute en mode normal
Rapport clean par Malekal_morte - http://www.malekal.com
Option 2, executee le 26/02/2007 a 19:33:38,62

Microsoft Windows XP [version 5.1.2600]

*** Suppression de fichiers sur C:

*** Suppression des fichiers dans C:\WINDOWS\
tentative de suppression de C:\WINDOWS\ALCXMNTR.EXE

*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\mcrh.tmp


*** Suppression des clefs du registre effectuee..
*** Fin du rapport !



STATUS: FINISHEDComplete scanning result of "ssqpn.dll_", received in VirusTotal at 02.26.2007, 19:35:28 (CET).

Antivirus Version Update Result
AntiVir 7.3.1.38 02.26.2007 TR/Spy.Vundo.AF
Authentium 4.93.8 02.26.2007 no virus found
Avast 4.7.936.0 02.26.2007 no virus found
AVG 386 02.25.2007 Downloader.Zlob.FC
BitDefender 7.2 02.26.2007 MemScan:Trojan.Vundo.AF
CAT-QuickHeal 9.00 02.26.2007 no virus found
ClamAV devel-20060426 02.26.2007 no virus found
DrWeb 4.33 02.26.2007 Trojan.Virtumod
eSafe 7.0.14.0 02.26.2007 no virus found
eTrust-Vet 30.4.3434 02.26.2007 no virus found
Ewido 4.0 02.26.2007 no virus found
FileAdvisor 1 02.26.2007 no virus found
Fortinet 2.85.0.0 02.26.2007 suspicious
F-Prot 4.3.1.45 02.26.2007 no virus found
F-Secure 6.70.13030.0 02.26.2007 no virus found
Ikarus T3.1.1.3 02.26.2007 MemScanTrojan.Vundo.AF
Kaspersky 4.0.2.24 02.26.2007 no virus found
McAfee 4971 02.26.2007 no virus found
Microsoft 1.2204 02.26.2007 no virus found
NOD32v2 2082 02.26.2007 no virus found
Norman 5.80.02 02.26.2007 no virus found
Panda 9.0.0.4 02.26.2007 Suspicious file
Prevx1 V2 02.26.2007 no virus found
Sophos 4.14.0 02.26.2007 no virus found
Sunbelt 2.2.907.0 02.24.2007 no virus found
Symantec 10 02.26.2007 no virus found
TheHacker 6.1.6.065 02.26.2007 no virus found
UNA 1.83 02.26.2007 no virus found
VBA32 3.11.2 02.25.2007 no virus found
VirusBuster 4.3.19:9 02.26.2007 Trojan.DL.Vundo.Gen!Pac.6


Aditional Information
File size: 281652 bytes
MD5: 29e0b9ddd53b937dd0ccbbe0ba139016
SHA1: f34f0a6bfa6c2b7a69cdd48be6a7aff66ed0b7d4



STATUS: FINISHEDComplete scanning result of "wvurpqr.dll_", received in VirusTotal at 02.26.2007, 19:48:27 (CET).

Antivirus Version Update Result
AntiVir 7.3.1.38 02.26.2007 TR/Crypt.ULPM.Gen
Authentium 4.93.8 02.26.2007 no virus found
Avast 4.7.936.0 02.26.2007 no virus found
AVG 386 02.25.2007 Adware Generic.VFB
BitDefender 7.2 02.26.2007 MemScan:Adware.VirtuMonde.DY
CAT-QuickHeal 9.00 02.26.2007 AdWare.Virtumonde.ha (Not a Virus)
ClamAV devel-20060426 02.26.2007 no virus found
DrWeb 4.33 02.26.2007 Trojan.Virtumod
eSafe 7.0.14.0 02.26.2007 no virus found
eTrust-Vet 30.4.3434 02.26.2007 no virus found
Ewido 4.0 02.26.2007 no virus found
FileAdvisor 1 02.26.2007 no virus found
Fortinet 2.85.0.0 02.26.2007 suspicious
F-Prot 4.3.1.45 02.26.2007 no virus found
F-Secure 6.70.13030.0 02.26.2007 no virus found
Ikarus T3.1.1.3 02.26.2007 not-a-virus:AdWare.Win32.Virtumonde.ha
Kaspersky 4.0.2.24 02.26.2007 not-a-virus:AdWare.Win32.Virtumonde.ha
McAfee 4971 02.26.2007 no virus found
Microsoft 1.2204 02.26.2007 no virus found
NOD32v2 2082 02.26.2007 no virus found
Norman 5.80.02 02.26.2007 W32/Virtumonde.ENB
Panda 9.0.0.4 02.26.2007 Suspicious file
Prevx1 V2 02.26.2007 no virus found
Sophos 4.14.0 02.26.2007 no virus found
Sunbelt 2.2.907.0 02.24.2007 no virus found
Symantec 10 02.26.2007 no virus found
TheHacker 6.1.6.065 02.26.2007 Adware/Virtumonde.ha
UNA 1.83 02.26.2007 Adware.Virtumonde.F155
VBA32 3.11.2 02.25.2007 no virus found
VirusBuster 4.3.19:9 02.26.2007 no virus found


Aditional Information
File size: 26637 bytes
MD5: 810c4ee96a4a715edff66c7ab925a54e
SHA1: bb671f2a91864cfaf99e5580001436517f187cda

ok c'est fait ! merci beaucoup. Toutefois il me reste encore un module introuvable au démarrage de Windows (un fichier .dll).
a +

re,

voilà c'est ce fichier qui m'est afficher en message d'erreur de chargement au démarrage de windows (une fois sur le bureau) :

C:\Documets and Settings\ma cession\Local Settings\Application\Data\ezgnkhf.dll

merci bcp ! a+