Marimy

Bonjour, là c'est pire que tout depuis que j'ai installer le nouveau antivirus antivir parce que ca n'arrête pu de m'ouvrir une fenetre disant qu'un virus a été trouver alors je le supprime ou le met en quaraintaine mais ca revient immédiatement après, c'est vraiment fatigant je ne sais plus quoi faire... voici mon rapport de mon scan antivir: SVP DITES MOI QUOI FAIRE POUR ME DÉBARASSER DE CE VIRUS AntiVir PersonalEdition Classic Report file date: 23 janvier 2008 12:08 Scanning for 1065753 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: SYSTEM Computer name: MARIMY Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 19:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 18:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 21:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 18:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 20:27:15 ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 16:51:08 ANTIVIR2.VDF : 7.0.2.0 948736 Bytes 15/01/2008 16:51:08 ANTIVIR3.VDF : 7.0.2.36 347648 Bytes 23/01/2008 16:51:08 AVEWIN32.DLL : 7.6.0.48 3080704 Bytes 23/01/2008 16:51:09 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 16:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 13:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 19:16:24 AVPACK32.DLL : 7.6.0.3 360488 Bytes 23/01/2008 16:51:09 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 13:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 18:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 13:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 17:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 18:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 18:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 15:37:21 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: C:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: 23 janvier 2008 12:08 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'guardgui.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned Scan process 'jucheck.exe' - '1' Module(s) have been scanned Scan process 'companion.exe' - '1' Module(s) have been scanned Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned Scan process 'ALG.EXE' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'symwsc.exe' - '1' Module(s) have been scanned Scan process 'aoltray.exe' - '1' Module(s) have been scanned Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned Scan process 'wanmpsvc.exe' - '1' Module(s) have been scanned Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned Module is infected -> 'C:\Program Files\Windows Media Player\WMPNSCFG.exe' Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned Module is infected -> 'C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe' Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'pctsTray.exe' - '1' Module(s) have been scanned Module is infected -> 'C:\Program Files\Spyware Doctor\pctsTray.exe' Scan process 'wnbsvc.exe' - '1' Module(s) have been scanned Module is infected -> 'C:\WINDOWS\system32\wnbsvc.exe' Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Module is infected -> 'C:\Program Files\iTunes\iTunesHelper.exe' Scan process 'SweetIM.exe' - '1' Module(s) have been scanned Module is infected -> 'C:\Program Files\Macrogaming\SweetIM\SweetIM.exe' Scan process 'realplay.exe' - '1' Module(s) have been scanned Scan process 'igfxpers.exe' - '1' Module(s) have been scanned Module is infected -> 'C:\WINDOWS\system32\igfxpers.exe' Scan process 'hkcmd.exe' - '1' Module(s) have been scanned Module is infected -> 'C:\WINDOWS\system32\hkcmd.exe' Scan process 'QTTask.exe' - '1' Module(s) have been scanned Module is infected -> 'C:\Program Files\QuickTime\QTTask.exe' Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned Module is infected -> 'C:\WINDOWS\system32\dla\tfswctrl.exe' Scan process 'DVDLauncher.exe' - '1' Module(s) have been scanned Module is infected -> 'C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe' Scan process 'jusched.exe' - '1' Module(s) have been scanned Module is infected -> 'C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe' Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned Module is infected -> 'C:\Program Files\Analog Devices\Core\smax4pnp.exe' Scan process 'pctsSvc.exe' - '1' Module(s) have been scanned Scan process 'pctsAuxs.exe' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'LSASS.EXE' - '1' Module(s) have been scanned Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned Scan process 'SMSS.EXE' - '1' Module(s) have been scanned Process 'wmpnscfg.exe' has been terminated Process 'GoogleToolbarNotifier.exe' has been terminated Process 'pctsTray.exe' has been terminated Process 'wnbsvc.exe' has been terminated Process 'iTunesHelper.exe' has been terminated Process 'SweetIM.exe' has been terminated Process 'igfxpers.exe' has been terminated Process 'hkcmd.exe' has been terminated Process 'QTTask.exe' has been terminated Process 'tfswctrl.exe' has been terminated Process 'DVDLauncher.exe' has been terminated Process 'jusched.exe' has been terminated Process 'smax4pnp.exe' has been terminated C:\Program Files\Windows Media Player\WMPNSCFG.exe [DETECTION] Is the Trojan horse TR/Vundo.DWK [iNFO] The file was deleted! C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [DETECTION] Is the Trojan horse TR/Vundo.DWK [iNFO] The file was deleted! C:\Program Files\Spyware Doctor\pctsTray.exe [DETECTION] Is the Trojan horse TR/Vundo.DWK [iNFO] The file was deleted! C:\WINDOWS\system32\wnbsvc.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\Program Files\iTunes\iTunesHelper.exe [DETECTION] Is the Trojan horse TR/Vundo.DWK [iNFO] The file was deleted! C:\Program Files\Macrogaming\SweetIM\SweetIM.exe [DETECTION] Is the Trojan horse TR/Vundo.DWK [iNFO] The file was deleted! C:\WINDOWS\system32\igfxpers.exe [DETECTION] Is the Trojan horse TR/Vundo.DWK [iNFO] The file was deleted! C:\WINDOWS\system32\hkcmd.exe [DETECTION] Is the Trojan horse TR/Vundo.DWK [iNFO] The file was deleted! C:\Program Files\QuickTime\QTTask.exe [DETECTION] Is the Trojan horse TR/Vundo.DWK [iNFO] The file was deleted! C:\WINDOWS\system32\dla\tfswctrl.exe [DETECTION] Is the Trojan horse TR/Vundo.DWK [iNFO] The file was deleted! C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [DETECTION] Is the Trojan horse TR/Vundo.DWK [iNFO] The file was deleted! C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe [DETECTION] Is the Trojan horse TR/Vundo.DWK [iNFO] The file was deleted! C:\Program Files\Analog Devices\Core\smax4pnp.exe [DETECTION] Is the Trojan horse TR/Vundo.DWK [iNFO] The file was deleted! 62 processes with 49 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Starting to scan the registry. C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe [DETECTION] Is the Trojan horse TR/Vundo.DWK [iNFO] The file was deleted! C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe [DETECTION] Is the Trojan horse TR/Vundo.DWK C:\WINDOWS\SYSTEM32\igfxtray.exe [DETECTION] Is the Trojan horse TR/Vundo.DWK [iNFO] The file was deleted! C:\WINDOWS\SYSTEM32\igfxtray.exe [DETECTION] Is the Trojan horse TR/Vundo.DWK C:\WINDOWS\mrofinu2000201.exe [DETECTION] Is the Trojan horse TR/Vundo.DWK [iNFO] The file was deleted! C:\WINDOWS\mrofinu2000201.exe [DETECTION] Is the Trojan horse TR/Vundo.DWK The registry was scanned ( '33' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\Marie-Michelle\Bureau\marimy chanson5 Track 5.wma [DETECTION] Is the Trojan horse TR/Wimad.A.Gen [iNFO] The file was deleted! C:\Documents and Settings\Marie-Michelle\Local Settings\Temp\52.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was deleted! C:\Documents and Settings\Marie-Michelle\Local Settings\Temp\img022.zip [0] Archive type: ZIP --> img022.jpg-www.facepic.com [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\Documents and Settings\Marie-Michelle\Local Settings\Temporary Internet Files\Content.IE5\D52VGK2P\CA8H0HKB [DETECTION] Is the Trojan horse TR/Vundo.DWK [iNFO] The file was deleted! C:\Documents and Settings\Marie-Michelle\Local Settings\Temporary Internet Files\Content.IE5\D52VGK2P\po1[1].exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was moved to '47c8797a.qua'! C:\Documents and Settings\Marie-Michelle\Local Settings\Temporary Internet Files\Content.IE5\EADUG27I\17PHolmes[1].cmt [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was deleted! C:\Documents and Settings\Marie-Michelle\Local Settings\Temporary Internet Files\Content.IE5\EADUG27I\wr5[1].exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cc7988.qua'! C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe [DETECTION] Is the Trojan horse TR/Vundo.DWK [iNFO] The file was moved to '480b80d7.qua'! C:\Program Files\Temporary\kernInst.exe [DETECTION] Is the Trojan horse TR/Agent.edq [iNFO] The file was moved to '4809842b.qua'! C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP951\A0115824.dll [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Q.2 [iNFO] The file was moved to '47c8848e.qua'! C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP952\A0115925.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47c8849d.qua'! C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP952\A0116057.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47c884aa.qua'! C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP954\A0116060.exe [DETECTION] Is the Trojan horse TR/Vundo.DWK [iNFO] The file was moved to '47c884b0.qua'! C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP954\A0116063.exe [DETECTION] Is the Trojan horse TR/Vundo.DWK [iNFO] The file was moved to '47c884ba.qua'! C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP954\A0116064.exe [DETECTION] Is the Trojan horse TR/Vundo.DWK [iNFO] The file was moved to '47c884bf.qua'! C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP954\A0116065.exe [DETECTION] Is the Trojan horse TR/Vundo.DWK [iNFO] The file was moved to '47c884e1.qua'! C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP954\A0116066.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was moved to '47c884e4.qua'! C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP954\A0116067.exe [DETECTION] Is the Trojan horse TR/Vundo.DWK [iNFO] The file was moved to '47c884e7.qua'! C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP954\A0116068.exe [DETECTION] Is the Trojan horse TR/Vundo.DWK [iNFO] The file was moved to '47c884f9.qua'! C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP954\A0116069.exe [DETECTION] Is the Trojan horse TR/Vundo.DWK [iNFO] The file was moved to '47c884fc.qua'! C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP954\A0116070.exe [DETECTION] Is the Trojan horse TR/Vundo.DWK [iNFO] The file was moved to '47c884ff.qua'! C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP954\A0116071.exe [DETECTION] Is the Trojan horse TR/Vundo.DWK [iNFO] The file was moved to '47c88521.qua'! C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP954\A0116072.exe [DETECTION] Is the Trojan horse TR/Vundo.DWK [iNFO] The file was moved to '47c88523.qua'! C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP954\A0116073.exe [DETECTION] Is the Trojan horse TR/Vundo.DWK [iNFO] The file was moved to '47c88526.qua'! C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP954\A0116074.exe [DETECTION] Is the Trojan horse TR/Vundo.DWK [iNFO] The file was moved to '47c88529.qua'! C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP954\A0116075.exe [DETECTION] Is the Trojan horse TR/Vundo.DWK [iNFO] The file was moved to '47c8852c.qua'! C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP954\A0116076.exe [DETECTION] Is the Trojan horse TR/Vundo.DWK [iNFO] The file was moved to '47c8852e.qua'! C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP954\A0116077.exe [DETECTION] Is the Trojan horse TR/Vundo.DWK [iNFO] The file was moved to '47c88530.qua'! C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP954\A0116078.exe [DETECTION] Is the Trojan horse TR/Vundo.DWK [iNFO] The file was moved to '47c88533.qua'! C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP954\A0116079.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47c88535.qua'! C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP954\A0116080.exe [DETECTION] Is the Trojan horse TR/Drop.Agent.dgo.221 [iNFO] The file was moved to '47c88536.qua'! C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP954\A0116081.exe [DETECTION] Is the Trojan horse TR/Vundo.DWK [iNFO] The file was moved to '47c88539.qua'! C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP954\A0116082.exe [DETECTION] Is the Trojan horse TR/Agent.edq [iNFO] The file was moved to '47c8853f.qua'! C:\WINDOWS\mrofinu2000201.exe.tmp [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '48068a8c.qua'! End of the scan: 23 janvier 2008 13:40 Used time: 1:31:32 min The scan has been canceled! 4214 Scanning directories 180135 Files were scanned 63 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 21 files were deleted 0 files were repaired 29 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 180072 Files not concerned 2646 Archives were scanned 2 Warnings 0 Notes

Bonjour, Je suis moi aussi infecté par un cheval de troie dont je n'arrive pas à me défaire. Pouvez-vous m'aider ? Voici mon log hijack. Merci Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:05:20, on 2008-01-22 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\QuickTime\QTTask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\wnbsvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\AOL 8.0\aoltray.exe C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe C:\Program Files\AOL Companion\companion.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\Office\WINWORD.EXE C:\Program Files\iTunes\iTunes.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/index.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.ca/index.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2423041F-8B96-4280-95DC-709250944B8D} - C:\WINDOWS\system32\awtsqpp.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr-ca\msntb.dll O2 - BHO: MSEvents Object - {CE70731D-F28D-4D81-9D61-C8EE60378401} - C:\WINDOWS\system32\gebcd.dll (file missing) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr-ca\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Windows Console Source] wnbsvc.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe O4 - Global Startup: Compagnon d'AOL.lnk = C:\Program Files\AOL Companion\companion.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Mini-icône d'AOL 8.0.lnk = C:\Program Files\AOL 8.0\aoltray.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by125fd.bay125.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O20 - Winlogon Notify: awtsqpp - C:\WINDOWS\SYSTEM32\awtsqpp.dll O20 - Winlogon Notify: gebcd - C:\WINDOWS\system32\gebcd.dll (file missing) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 8943 bytes

Bonjour, Je suis moi aussi infecté par un cheval de troie dont je n'arrive pas à me défaire. Pouvez-vous m'aider ? Voici mon log hijack. Edit par Gof. Suite ici.