TROJAN agent.am.1 / Click.526 / Drop32.Smal.U
Résolu/Fermé
gablo
Messages postés
37
Date d'inscription
mardi 5 juillet 2005
Statut
Membre
Dernière intervention
28 juillet 2005
-
5 juil. 2005 à 18:23
mercredi Messages postés 2 Date d'inscription jeudi 13 septembre 2007 Statut Membre Dernière intervention 17 septembre 2007 - 17 sept. 2007 à 07:53
mercredi Messages postés 2 Date d'inscription jeudi 13 septembre 2007 Statut Membre Dernière intervention 17 septembre 2007 - 17 sept. 2007 à 07:53
A voir également:
- TROJAN agent.am.1 / Click.526 / Drop32.Smal.U
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Auto click - Télécharger - Divers Utilitaires
- Visual click avis - Forum Vos droits sur internet
- Trojan spyware ✓ - Forum Virus
- Ad double click ✓ - Forum Téléphones & tablettes Android
16 réponses
Utilisateur anonyme
5 juil. 2005 à 19:06
5 juil. 2005 à 19:06
Bonjour,
Méthode a suivre dans l'ordre...
----------------------------------------------------------------------------
¤Télécharge ces logiciels mais que tu n utilises pas tout de suite:
1/Spybot S&D 1.4 <<nouvelle version
http://www.safer-networking.org/fr/index.html
2/Ad-Aware SE 1.06 <<nouvelle version
http://www.lavasoftusa.com/software/adaware/
-Une aide:
http://www.tutopat.com/viewtopic.php?t=1191
- installe le patch français, tu pourra le trouver ici:
http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
et une petite vidéo ici d'utilisation:(merci a Moe31 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/adawrevid.asf
3/Clean Up 40:
http://pageperso.aol.fr/balltrap34/CleanUp40.exe
-aide en image:(merci a Balltrap34)
http://pageperso.aol.fr/balltrap34/democleanup.htm
----------------------------------------------------------------------------
¤Démarre en mode sans échec :
Pour cela, tu tapote la touche F8 des le début de l allumage du pc sans t arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c est normal !
(Si F8 ne marche pas utilise la touche F5)
----------------------------------------------------------------------------
¤Désactive ta restauration système:
Clic droit sur poste de travail puis,
propriété, tu clique sur onglet restauration système
tu coche la case désactiver la restauration et applique
----------------------------------------------------------------------------
¤Vide tes fichiers temps et tempory internet file:
utilise ceci pour le faire (tu as télécharger avant)
http://pageperso.aol.fr/balltrap34/CleanUp40.exe
----------------------------------------------------------------------------
¤Relance Hijack This, coche les cases devant ces lignes et ensuite click sur fix checked :
O4 - HKCU\..\Run: [stuffmon] SetupExeDll.exe
O4 - HKCU\..\Run: [Dest068] scanSYS.exe
O4 - HKCU\..\Run: [wormexe] keybdll.exe
----------------------------------------------------------------------------
¤ Passe adaware et vire tous se qu il trouve
----------------------------------------------------------------------------
¤ Passe spybot et vire tous se qu il trouve
----------------------------------------------------------------------------
> Tu vide ta poubelle et tu redémarre en mode normal et refait un Hijack
Précise tes soucis si il en restes....
Tiens moi au courant et dis moi si tu as des alertes de avpersonal
a+
Méthode a suivre dans l'ordre...
----------------------------------------------------------------------------
¤Télécharge ces logiciels mais que tu n utilises pas tout de suite:
1/Spybot S&D 1.4 <<nouvelle version
http://www.safer-networking.org/fr/index.html
2/Ad-Aware SE 1.06 <<nouvelle version
http://www.lavasoftusa.com/software/adaware/
-Une aide:
http://www.tutopat.com/viewtopic.php?t=1191
- installe le patch français, tu pourra le trouver ici:
http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
et une petite vidéo ici d'utilisation:(merci a Moe31 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/adawrevid.asf
3/Clean Up 40:
http://pageperso.aol.fr/balltrap34/CleanUp40.exe
-aide en image:(merci a Balltrap34)
http://pageperso.aol.fr/balltrap34/democleanup.htm
----------------------------------------------------------------------------
¤Démarre en mode sans échec :
Pour cela, tu tapote la touche F8 des le début de l allumage du pc sans t arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c est normal !
(Si F8 ne marche pas utilise la touche F5)
----------------------------------------------------------------------------
¤Désactive ta restauration système:
Clic droit sur poste de travail puis,
propriété, tu clique sur onglet restauration système
tu coche la case désactiver la restauration et applique
----------------------------------------------------------------------------
¤Vide tes fichiers temps et tempory internet file:
utilise ceci pour le faire (tu as télécharger avant)
http://pageperso.aol.fr/balltrap34/CleanUp40.exe
----------------------------------------------------------------------------
¤Relance Hijack This, coche les cases devant ces lignes et ensuite click sur fix checked :
O4 - HKCU\..\Run: [stuffmon] SetupExeDll.exe
O4 - HKCU\..\Run: [Dest068] scanSYS.exe
O4 - HKCU\..\Run: [wormexe] keybdll.exe
----------------------------------------------------------------------------
¤ Passe adaware et vire tous se qu il trouve
----------------------------------------------------------------------------
¤ Passe spybot et vire tous se qu il trouve
----------------------------------------------------------------------------
> Tu vide ta poubelle et tu redémarre en mode normal et refait un Hijack
Précise tes soucis si il en restes....
Tiens moi au courant et dis moi si tu as des alertes de avpersonal
a+
Utilisateur anonyme
6 juil. 2005 à 23:06
6 juil. 2005 à 23:06
re,
Lance un scan chez RAV :
http://www.ravantivirus.com/scan/
Clique sur "To continue without subscribing click here" et attends quelques minutes.
Lorsque "Ready" est affiché dans "status", coche la case "Autoclean" puis clique sur "Scan my PC"
A la fin de l'analyse, copie/colle le rapport ici
aa+
Lance un scan chez RAV :
http://www.ravantivirus.com/scan/
Clique sur "To continue without subscribing click here" et attends quelques minutes.
Lorsque "Ready" est affiché dans "status", coche la case "Autoclean" puis clique sur "Scan my PC"
A la fin de l'analyse, copie/colle le rapport ici
aa+
gablo
Messages postés
37
Date d'inscription
mardi 5 juillet 2005
Statut
Membre
Dernière intervention
28 juillet 2005
7 juil. 2005 à 01:11
7 juil. 2005 à 01:11
Ok Voici le résultat du scan:
Scan started at 07/07/2005 00:15:03
Scanning memory...
Scanning boot sectors...
Scanning files...
C:\Program Files\WinRAR\Uninstall.exe - Backdoor:Win32/Poebot.E -> Suspicious
Scanned
============================
Objects: 44748
Directories: 3956
Archives: 6633
Size(Kb): -928236
Infected files: 0
Found
============================
Viruses found: 0
Suspicious files: 1
Disinfected files: 0
Mail files: 104
Pendant le scan, antivir guard est intervenu pour signaler les trojans. Faut-il que je coupe Antivir pendant le scan RAV??
PS: sincèrement merci pour ton temps...
Scan started at 07/07/2005 00:15:03
Scanning memory...
Scanning boot sectors...
Scanning files...
C:\Program Files\WinRAR\Uninstall.exe - Backdoor:Win32/Poebot.E -> Suspicious
Scanned
============================
Objects: 44748
Directories: 3956
Archives: 6633
Size(Kb): -928236
Infected files: 0
Found
============================
Viruses found: 0
Suspicious files: 1
Disinfected files: 0
Mail files: 104
Pendant le scan, antivir guard est intervenu pour signaler les trojans. Faut-il que je coupe Antivir pendant le scan RAV??
PS: sincèrement merci pour ton temps...
jean38
Messages postés
2534
Date d'inscription
samedi 16 avril 2005
Statut
Contributeur
Dernière intervention
17 juillet 2017
47
7 juil. 2005 à 08:14
7 juil. 2005 à 08:14
salut,
ton scan RAV ne revele rien, le fichier suspicious est un faux positif, RAS.
donc tout semble bon, ou en sont tes pbs??
jean
ton scan RAV ne revele rien, le fichier suspicious est un faux positif, RAS.
donc tout semble bon, ou en sont tes pbs??
jean
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
7 juil. 2005 à 08:14
7 juil. 2005 à 08:14
re,
c est simple, fais ca:
demarer<poste de travail< c < programmes files< av personal < logfiles <ntrgd<
COPIE COLLE LE RAPPORT
A+
c est simple, fais ca:
demarer<poste de travail< c < programmes files< av personal < logfiles <ntrgd<
COPIE COLLE LE RAPPORT
A+
Bonjour,
Tout d'abord, merci de vos réponses.
Voici le log d'AV personal:
03/07/2005,03:08:03 [INFO] Stop Filter Device.
03/07/2005,03:08:08 AVGuard service has been stopped!
03/07/2005,03:09:32 ---------------------------------------------------------
03/07/2005,03:09:32 [INIT] The AVGuard Service is starting.
03/07/2005,03:09:33 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
03/07/2005,03:09:47 [INFO] Start Filter Device.
03/07/2005,03:09:47 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
03/07/2005,03:09:47 AVGuard has been started successfully!
03/07/2005,09:50:41 [LOGON] Connection request by remote computer. Establishing secure communication channel.
03/07/2005,09:50:42 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xabc56003.
03/07/2005,10:46:34 ---------------------------------------------------------
03/07/2005,10:46:34 [INIT] The AVGuard Service is starting.
03/07/2005,10:46:35 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
03/07/2005,10:46:47 [INFO] Start Filter Device.
03/07/2005,10:46:47 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
03/07/2005,10:46:47 AVGuard has been started successfully!
03/07/2005,10:50:02 [LOGON] Connection request by remote computer. Establishing secure communication channel.
03/07/2005,10:50:02 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa962f8.
03/07/2005,10:51:24 WARNING: Is the Trojan horse TR/Click.526!
C:\WINDOWS\SYSTEM32\RDSNDIN.EXE
File has been deleted!
03/07/2005,10:53:58 WARNING: Is the Trojan horse TR/Agent.am.1!
C:\WINDOWS\SYSTEM32\DRV2CLTR.DLL
03/07/2005,10:54:03 WARNING: Is the Trojan horse TR/Agent.am.1!
C:\WINDOWS\SYSTEM32\DRV2CLTR.DLL
03/07/2005,10:54:06 WARNING: Is the Trojan horse TR/Agent.am.1!
C:\WINDOWS\SYSTEM32\DRV2CLTR.DLL
File has been deleted!
03/07/2005,10:54:14 WARNING: Is the Trojan horse TR/Click.526!
C:\WINDOWS\SYSTEM32\RDSNDIN.EXE
03/07/2005,10:54:19 WARNING: Is the Trojan horse TR/Drop32.Smal.UE.3!
C:\WINDOWS\SYSTEM32\GPSRESL.EXE
File has been deleted!
03/07/2005,12:44:33 [INFO] Stop Filter Device.
03/07/2005,12:44:39 AVGuard service has been stopped!
03/07/2005,12:46:22 ---------------------------------------------------------
03/07/2005,12:46:22 [INIT] The AVGuard Service is starting.
03/07/2005,12:46:38 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
03/07/2005,12:47:08 [LOGON] Connection request by remote computer. Establishing secure communication channel.
03/07/2005,12:47:08 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaab6d1a.
03/07/2005,12:47:33 [INFO] Start Filter Device.
03/07/2005,12:47:33 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
03/07/2005,12:47:33 AVGuard has been started successfully!
03/07/2005,13:00:32 ---------------------------------------------------------
03/07/2005,13:00:32 [INIT] The AVGuard Service is starting.
03/07/2005,13:00:33 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
03/07/2005,13:01:00 [INFO] Start Filter Device.
03/07/2005,13:01:00 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
03/07/2005,13:01:00 AVGuard has been started successfully!
03/07/2005,13:04:27 [LOGON] Connection request by remote computer. Establishing secure communication channel.
03/07/2005,13:04:28 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaeee5e.
03/07/2005,13:13:37 [INFO] Stop Filter Device.
03/07/2005,13:13:41 AVGuard service has been stopped!
03/07/2005,13:18:07 ---------------------------------------------------------
03/07/2005,13:18:07 [INIT] The AVGuard Service is starting.
03/07/2005,13:18:19 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
03/07/2005,13:19:01 [INFO] Start Filter Device.
03/07/2005,13:19:01 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
03/07/2005,13:19:01 AVGuard has been started successfully!
03/07/2005,13:22:37 [LOGON] Connection request by remote computer. Establishing secure communication channel.
03/07/2005,13:22:38 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaafcb35.
03/07/2005,13:29:45 WARNING: Is the Trojan horse TR/Click.526!
C:\WINDOWS\SYSTEM32\RDSNDIN.EXE
File has been deleted!
03/07/2005,13:30:08 WARNING: Is the Trojan horse TR/Drop32.Smal.UE.3!
C:\WINDOWS\SYSTEM32\GPSRESL.EXE
File has been deleted!
03/07/2005,13:36:48 [INFO] Stop Filter Device.
03/07/2005,13:36:52 AVGuard service has been stopped!
03/07/2005,13:38:30 ---------------------------------------------------------
03/07/2005,13:38:30 [INIT] The AVGuard Service is starting.
03/07/2005,13:38:39 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
03/07/2005,13:39:12 [LOGON] Connection request by remote computer. Establishing secure communication channel.
03/07/2005,13:39:12 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaabe6cf.
03/07/2005,13:40:13 [INFO] Start Filter Device.
03/07/2005,13:40:13 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
03/07/2005,13:40:14 AVGuard has been started successfully!
03/07/2005,14:01:35 WARNING: Is the Trojan horse TR/Agent.am.1!
C:\WINDOWS\SYSTEM32\DRV2CLTR.DLL
File has been deleted!
03/07/2005,14:05:49 [INFO] Stop Filter Device.
03/07/2005,14:05:53 AVGuard service has been stopped!
03/07/2005,14:07:35 ---------------------------------------------------------
03/07/2005,14:07:35 [INIT] The AVGuard Service is starting.
03/07/2005,14:07:40 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
03/07/2005,14:08:00 [LOGON] Connection request by remote computer. Establishing secure communication channel.
03/07/2005,14:08:01 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaabbd13.
03/07/2005,14:09:39 [INFO] Start Filter Device.
03/07/2005,14:09:39 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
03/07/2005,14:09:39 AVGuard has been started successfully!
03/07/2005,14:35:49 [INFO] Stop Filter Device.
03/07/2005,14:35:54 AVGuard service has been stopped!
03/07/2005,14:37:38 ---------------------------------------------------------
03/07/2005,14:37:38 [INIT] The AVGuard Service is starting.
03/07/2005,14:37:47 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
03/07/2005,14:38:30 [LOGON] Connection request by remote computer. Establishing secure communication channel.
03/07/2005,14:38:30 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaab393a.
03/07/2005,14:39:33 [INFO] Start Filter Device.
03/07/2005,14:39:33 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
03/07/2005,14:39:33 AVGuard has been started successfully!
03/07/2005,14:47:07 [INFO] Stop Filter Device.
03/07/2005,14:47:08 AVGuard service has been stopped!
03/07/2005,15:03:54 ---------------------------------------------------------
03/07/2005,15:03:54 [INIT] The AVGuard Service is starting.
03/07/2005,15:04:03 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
03/07/2005,15:04:46 [LOGON] Connection request by remote computer. Establishing secure communication channel.
03/07/2005,15:04:46 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaab2631.
03/07/2005,15:05:26 [INFO] Start Filter Device.
03/07/2005,15:05:26 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
03/07/2005,15:05:26 AVGuard has been started successfully!
03/07/2005,15:31:08 WARNING: Is the Trojan horse TR/DNSChanger.R!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB9588DB-2B10-4BD6-B56C-6581E1008829}\RP3\A0000034.EXE
File has been deleted!
03/07/2005,17:29:03 WARNING: Is the Trojan horse TR/DNSChanger.R!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB9588DB-2B10-4BD6-B56C-6581E1008829}\RP3\A0001033.EXE
File has been deleted!
03/07/2005,18:39:02 [INFO] Stop Filter Device.
03/07/2005,18:39:08 AVGuard service has been stopped!
03/07/2005,21:26:05 ---------------------------------------------------------
03/07/2005,21:26:05 [INIT] The AVGuard Service is starting.
03/07/2005,21:26:10 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
03/07/2005,21:26:30 [LOGON] Connection request by remote computer. Establishing secure communication channel.
03/07/2005,21:26:30 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaabbfb3.
03/07/2005,21:27:24 [INFO] Start Filter Device.
03/07/2005,21:27:24 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
03/07/2005,21:27:24 AVGuard has been started successfully!
04/07/2005,01:55:12 WARNING: Is the Trojan horse TR/DNSChanger.R!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB9588DB-2B10-4BD6-B56C-6581E1008829}\RP4\A0001199.EXE
04/07/2005,11:08:51 WARNING: Is the Trojan horse TR/Click.526!
C:\WINDOWS\SYSTEM32\RDSNDIN.EXE
04/07/2005,11:42:10 WARNING: Is the Trojan horse TR/DNSChanger.R!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB9588DB-2B10-4BD6-B56C-6581E1008829}\RP4\A0001199.EXE
04/07/2005,12:07:21 [INFO] Stop Filter Device.
04/07/2005,12:07:25 AVGuard service has been stopped!
04/07/2005,13:57:17 ---------------------------------------------------------
04/07/2005,13:57:17 [INIT] The AVGuard Service is starting.
04/07/2005,13:57:24 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
04/07/2005,13:57:43 [LOGON] Connection request by remote computer. Establishing secure communication channel.
04/07/2005,13:57:43 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaba76c.
04/07/2005,13:58:39 [INFO] Start Filter Device.
04/07/2005,13:58:39 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
04/07/2005,13:58:39 AVGuard has been started successfully!
04/07/2005,14:24:20 WARNING: Is the Trojan horse TR/DNSChanger.R!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB9588DB-2B10-4BD6-B56C-6581E1008829}\RP4\A0001199.EXE
File has been deleted!
04/07/2005,14:25:39 WARNING: Is the Trojan horse TR/Agent.am.1!
C:\WINDOWS\SYSTEM32\DRV2CLTR.DLL
File has been deleted!
04/07/2005,15:55:18 [INFO] Stop Filter Device.
04/07/2005,15:55:23 AVGuard service has been stopped!
04/07/2005,16:27:06 ---------------------------------------------------------
04/07/2005,16:27:06 [INIT] The AVGuard Service is starting.
04/07/2005,16:27:11 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
04/07/2005,16:27:31 [LOGON] Connection request by remote computer. Establishing secure communication channel.
04/07/2005,16:27:31 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaabae14.
04/07/2005,16:28:27 [INFO] Start Filter Device.
04/07/2005,16:28:27 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
04/07/2005,16:28:27 AVGuard has been started successfully!
04/07/2005,19:05:56 [INFO] Stop Filter Device.
04/07/2005,19:06:03 AVGuard service has been stopped!
04/07/2005,19:07:26 ---------------------------------------------------------
04/07/2005,19:07:26 [INIT] The AVGuard Service is starting.
04/07/2005,19:07:28 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
04/07/2005,19:07:50 [LOGON] Connection request by remote computer. Establishing secure communication channel.
04/07/2005,19:07:50 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa5a86.
04/07/2005,19:08:33 [INFO] Start Filter Device.
04/07/2005,19:08:33 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
04/07/2005,19:08:33 AVGuard has been started successfully!
04/07/2005,19:10:09 [INFO] Stop Filter Device.
04/07/2005,19:10:12 [INFO] Start Filter Device.
04/07/2005,19:56:40 WARNING: Is the Trojan horse TR/Click.526!
C:\WINDOWS\SYSTEM32\RDSNDIN.EXE
File has been deleted!
04/07/2005,19:57:00 WARNING: Is the Trojan horse TR/Click.526!
C:\WINDOWS\SYSTEM32\RDSNDIN.EXE
File has been deleted!
04/07/2005,19:57:06 WARNING: Is the Trojan horse TR/Drop32.Smal.UE.3!
C:\WINDOWS\SYSTEM32\GPSRESL.EXE
File has been deleted!
04/07/2005,20:04:00 [INFO] Stop Filter Device.
04/07/2005,20:04:05 AVGuard service has been stopped!
04/07/2005,20:06:49 ---------------------------------------------------------
04/07/2005,20:06:49 [INIT] The AVGuard Service is starting.
04/07/2005,20:06:49 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
04/07/2005,20:07:12 [INFO] Start Filter Device.
04/07/2005,20:07:12 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
04/07/2005,20:07:12 AVGuard has been started successfully!
04/07/2005,20:26:51 WARNING: Is the Trojan horse TR/DNSChanger.R!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB9588DB-2B10-4BD6-B56C-6581E1008829}\RP2\A0000063.EXE
04/07/2005,20:41:01 [LOGON] Connection request by remote computer. Establishing secure communication channel.
04/07/2005,20:41:02 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaab55f58.
04/07/2005,21:00:08 WARNING: Is the Trojan horse TR/Click.526!
C:\WINDOWS\SYSTEM32\RDSNDIN.EXE
File has been deleted!
04/07/2005,21:00:14 WARNING: Is the Trojan horse TR/Click.526!
C:\WINDOWS\SYSTEM32\RDSNDIN.EXE
File has been deleted!
04/07/2005,21:00:21 WARNING: Is the Trojan horse TR/Drop32.Smal.UE.3!
C:\WINDOWS\SYSTEM32\GPSRESL.EXE
File has been deleted!
04/07/2005,21:35:17 WARNING: Is the Trojan horse TR/DNSChanger.R!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB9588DB-2B10-4BD6-B56C-6581E1008829}\RP2\A0000063.EXE
File has been renamed to *.VIR
04/07/2005,22:43:27 WARNING: Is the Trojan horse TR/Agent.am.1!
C:\WINDOWS\SYSTEM32\DRV2CLTR.DLL
File has been deleted!
04/07/2005,23:22:11 ---------------------------------------------------------
04/07/2005,23:22:11 [INIT] The AVGuard Service is starting.
04/07/2005,23:22:12 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
04/07/2005,23:22:18 [LOGON] Connection request by remote computer. Establishing secure communication channel.
04/07/2005,23:22:18 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa087d.
04/07/2005,23:23:20 [INFO] Start Filter Device.
04/07/2005,23:23:20 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
04/07/2005,23:23:20 AVGuard has been started successfully!
04/07/2005,23:37:33 [INFO] Stop Filter Device.
04/07/2005,23:37:37 AVGuard service has been stopped!
05/07/2005,01:32:28 ---------------------------------------------------------
05/07/2005,01:32:28 [INIT] The AVGuard Service is starting.
05/07/2005,01:32:29 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
05/07/2005,01:32:37 [INFO] Start Filter Device.
05/07/2005,01:32:37 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
05/07/2005,01:32:37 AVGuard has been started successfully!
05/07/2005,01:43:26 [INFO] Stop Filter Device.
05/07/2005,01:43:28 AVGuard service has been stopped!
05/07/2005,01:44:58 ---------------------------------------------------------
05/07/2005,01:44:58 [INIT] The AVGuard Service is starting.
05/07/2005,01:44:59 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
05/07/2005,01:45:18 [INFO] Start Filter Device.
05/07/2005,01:45:18 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
05/07/2005,01:45:18 AVGuard has been started successfully!
05/07/2005,01:49:23 [INFO] Stop Filter Device.
05/07/2005,01:49:24 AVGuard service has been stopped!
05/07/2005,01:50:58 ---------------------------------------------------------
05/07/2005,01:50:58 [INIT] The AVGuard Service is starting.
05/07/2005,01:50:58 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
05/07/2005,01:51:01 [LOGON] Connection request by remote computer. Establishing secure communication channel.
05/07/2005,01:51:01 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa0aa2.
05/07/2005,01:51:17 [INFO] Start Filter Device.
05/07/2005,01:51:17 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
05/07/2005,01:51:17 AVGuard has been started successfully!
05/07/2005,09:26:59 ---------------------------------------------------------
05/07/2005,09:26:59 [INIT] The AVGuard Service is starting.
05/07/2005,09:27:00 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
05/07/2005,09:27:04 [LOGON] Connection request by remote computer. Establishing secure communication channel.
05/07/2005,09:27:04 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa0523.
05/07/2005,09:27:09 [INFO] Start Filter Device.
05/07/2005,09:27:09 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
05/07/2005,09:27:09 AVGuard has been started successfully!
05/07/2005,10:50:45 WARNING: Is the Trojan horse TR/Click.526!
C:\WINDOWS\SYSTEM32\RDSNDIN.EXE
File has been moved to quarantine directory!
05/07/2005,10:51:03 WARNING: Is the Trojan horse TR/Drop32.Smal.UE.3!
C:\WINDOWS\SYSTEM32\GPSRESL.EXE
File has been moved to quarantine directory!
05/07/2005,12:33:46 WARNING: Is the Trojan horse TR/Agent.am.1!
C:\WINDOWS\SYSTEM32\DRV2CLTR.DLL
File has been moved to quarantine directory!
05/07/2005,15:55:08 [INFO] Stop Filter Device.
05/07/2005,15:55:14 AVGuard service has been stopped!
05/07/2005,15:56:40 ---------------------------------------------------------
05/07/2005,15:56:40 [INIT] The AVGuard Service is starting.
05/07/2005,15:56:40 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
05/07/2005,15:56:44 [LOGON] Connection request by remote computer. Establishing secure communication channel.
05/07/2005,15:56:44 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa3543.
05/07/2005,15:56:46 [INFO] Start Filter Device.
05/07/2005,15:56:46 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
05/07/2005,15:56:46 AVGuard has been started successfully!
05/07/2005,16:51:12 WARNING: Is the Trojan horse TR/Click.526!
C:\WINDOWS\SYSTEM32\RDSNDIN.EXE
05/07/2005,16:51:16 WARNING: Is the Trojan horse TR/Drop32.Smal.UE.3!
C:\WINDOWS\SYSTEM32\GPSRESL.EXE
05/07/2005,16:57:15 WARNING: Is the Trojan horse TR/Agent.am.1!
C:\WINDOWS\SYSTEM32\DRV2CLTR.DLL
File has been deleted!
05/07/2005,17:46:57 [INFO] Stop Filter Device.
05/07/2005,17:47:00 AVGuard service has been stopped!
05/07/2005,17:48:29 ---------------------------------------------------------
05/07/2005,17:48:29 [INIT] The AVGuard Service is starting.
05/07/2005,17:48:30 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
05/07/2005,17:48:36 [INFO] Start Filter Device.
05/07/2005,17:48:36 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
05/07/2005,17:48:36 AVGuard has been started successfully!
05/07/2005,19:42:19 [INFO] Stop Filter Device.
05/07/2005,19:42:21 AVGuard service has been stopped!
05/07/2005,19:47:09 ---------------------------------------------------------
05/07/2005,19:47:09 [INIT] The AVGuard Service is starting.
05/07/2005,19:47:10 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
05/07/2005,19:47:13 [LOGON] Connection request by remote computer. Establishing secure communication channel.
05/07/2005,19:47:13 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa322c.
05/07/2005,19:47:17 [INFO] Start Filter Device.
05/07/2005,19:47:17 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
05/07/2005,19:47:17 AVGuard has been started successfully!
05/07/2005,19:51:53 [INFO] Stop Filter Device.
05/07/2005,19:51:54 AVGuard service has been stopped!
06/07/2005,02:41:53 ---------------------------------------------------------
06/07/2005,02:41:53 [INIT] The AVGuard Service is starting.
06/07/2005,02:41:54 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
06/07/2005,02:41:57 [LOGON] Connection request by remote computer. Establishing secure communication channel.
06/07/2005,02:41:57 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa3d71.
06/07/2005,02:41:59 [INFO] Start Filter Device.
06/07/2005,02:41:59 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
06/07/2005,02:41:59 AVGuard has been started successfully!
06/07/2005,17:15:19 [INFO] Stop Filter Device.
06/07/2005,17:15:24 AVGuard service has been stopped!
06/07/2005,17:20:17 ---------------------------------------------------------
06/07/2005,17:20:17 [INIT] The AVGuard Service is starting.
06/07/2005,17:20:18 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
06/07/2005,17:20:21 [LOGON] Connection request by remote computer. Establishing secure communication channel.
06/07/2005,17:20:21 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaad8b9.
06/07/2005,17:20:25 [INFO] Start Filter Device.
06/07/2005,17:20:25 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
06/07/2005,17:20:26 AVGuard has been started successfully!
06/07/2005,17:21:22 [INFO] Stop Filter Device.
06/07/2005,17:21:23 AVGuard service has been stopped!
06/07/2005,18:50:03 ---------------------------------------------------------
06/07/2005,18:50:03 [INIT] The AVGuard Service is starting.
06/07/2005,18:50:04 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
06/07/2005,18:50:06 [LOGON] Connection request by remote computer. Establishing secure communication channel.
06/07/2005,18:50:06 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaac7c5.
06/07/2005,18:50:12 [INFO] Start Filter Device.
06/07/2005,18:50:12 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
06/07/2005,18:50:12 AVGuard has been started successfully!
06/07/2005,19:19:52 WARNING: Is the Trojan horse TR/Click.526!
C:\WINDOWS\SYSTEM32\RDSNDIN.EXE
File has been deleted!
06/07/2005,19:21:12 WARNING: Is the Trojan horse TR/Drop32.Smal.UE.3!
C:\WINDOWS\SYSTEM32\GPSRESL.EXE
File has been deleted!
07/07/2005,00:41:57 WARNING: Is the Trojan horse TR/Click.526!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB9588DB-2B10-4BD6-B56C-6581E1008829}\RP1\A0000003.EXE
File has been deleted!
07/07/2005,00:42:27 WARNING: Is the Trojan horse TR/Drop32.Smal.UE.3!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB9588DB-2B10-4BD6-B56C-6581E1008829}\RP1\A0000005.EXE
File has been deleted!
07/07/2005,00:57:42 WARNING: Is the Trojan horse TR/DNSChanger.R!
C:\WINDOWS\SYSTEM32\CSDEP.EXE
File has been deleted!
07/07/2005,00:58:22 WARNING: Is the Trojan horse TR/Drop32.Smal.UE.3!
C:\WINDOWS\SYSTEM32\GPSRESL.EXE
File has been deleted!
07/07/2005,00:58:43 WARNING: Is the Trojan horse TR/Drop.Agent.hy.4!
C:\WINDOWS\SYSTEM32\LOADCTR.EXE
File has been deleted!
07/07/2005,01:22:16 WARNING: Is the Trojan horse TR/Drop32.Smal.UE.3!
C:\WINDOWS\SYSTEM32\GPSRESL.EXE
File has been deleted!
07/07/2005,11:27:24 ---------------------------------------------------------
07/07/2005,11:27:24 [INIT] The AVGuard Service is starting.
07/07/2005,11:27:25 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
07/07/2005,11:27:27 [LOGON] Connection request by remote computer. Establishing secure communication channel.
07/07/2005,11:27:27 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaad8b9.
07/07/2005,11:27:57 [INFO] Start Filter Device.
07/07/2005,11:27:57 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
07/07/2005,11:27:57 AVGuard has been started successfully!
07/07/2005,11:39:05 WARNING: Is the Trojan horse TR/Drop32.Smal.UE.3!
C:\WINDOWS\SYSTEM32\GPSRESL.EXE
File has been deleted!
Tout d'abord, merci de vos réponses.
Voici le log d'AV personal:
03/07/2005,03:08:03 [INFO] Stop Filter Device.
03/07/2005,03:08:08 AVGuard service has been stopped!
03/07/2005,03:09:32 ---------------------------------------------------------
03/07/2005,03:09:32 [INIT] The AVGuard Service is starting.
03/07/2005,03:09:33 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
03/07/2005,03:09:47 [INFO] Start Filter Device.
03/07/2005,03:09:47 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
03/07/2005,03:09:47 AVGuard has been started successfully!
03/07/2005,09:50:41 [LOGON] Connection request by remote computer. Establishing secure communication channel.
03/07/2005,09:50:42 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xabc56003.
03/07/2005,10:46:34 ---------------------------------------------------------
03/07/2005,10:46:34 [INIT] The AVGuard Service is starting.
03/07/2005,10:46:35 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
03/07/2005,10:46:47 [INFO] Start Filter Device.
03/07/2005,10:46:47 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
03/07/2005,10:46:47 AVGuard has been started successfully!
03/07/2005,10:50:02 [LOGON] Connection request by remote computer. Establishing secure communication channel.
03/07/2005,10:50:02 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa962f8.
03/07/2005,10:51:24 WARNING: Is the Trojan horse TR/Click.526!
C:\WINDOWS\SYSTEM32\RDSNDIN.EXE
File has been deleted!
03/07/2005,10:53:58 WARNING: Is the Trojan horse TR/Agent.am.1!
C:\WINDOWS\SYSTEM32\DRV2CLTR.DLL
03/07/2005,10:54:03 WARNING: Is the Trojan horse TR/Agent.am.1!
C:\WINDOWS\SYSTEM32\DRV2CLTR.DLL
03/07/2005,10:54:06 WARNING: Is the Trojan horse TR/Agent.am.1!
C:\WINDOWS\SYSTEM32\DRV2CLTR.DLL
File has been deleted!
03/07/2005,10:54:14 WARNING: Is the Trojan horse TR/Click.526!
C:\WINDOWS\SYSTEM32\RDSNDIN.EXE
03/07/2005,10:54:19 WARNING: Is the Trojan horse TR/Drop32.Smal.UE.3!
C:\WINDOWS\SYSTEM32\GPSRESL.EXE
File has been deleted!
03/07/2005,12:44:33 [INFO] Stop Filter Device.
03/07/2005,12:44:39 AVGuard service has been stopped!
03/07/2005,12:46:22 ---------------------------------------------------------
03/07/2005,12:46:22 [INIT] The AVGuard Service is starting.
03/07/2005,12:46:38 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
03/07/2005,12:47:08 [LOGON] Connection request by remote computer. Establishing secure communication channel.
03/07/2005,12:47:08 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaab6d1a.
03/07/2005,12:47:33 [INFO] Start Filter Device.
03/07/2005,12:47:33 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
03/07/2005,12:47:33 AVGuard has been started successfully!
03/07/2005,13:00:32 ---------------------------------------------------------
03/07/2005,13:00:32 [INIT] The AVGuard Service is starting.
03/07/2005,13:00:33 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
03/07/2005,13:01:00 [INFO] Start Filter Device.
03/07/2005,13:01:00 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
03/07/2005,13:01:00 AVGuard has been started successfully!
03/07/2005,13:04:27 [LOGON] Connection request by remote computer. Establishing secure communication channel.
03/07/2005,13:04:28 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaeee5e.
03/07/2005,13:13:37 [INFO] Stop Filter Device.
03/07/2005,13:13:41 AVGuard service has been stopped!
03/07/2005,13:18:07 ---------------------------------------------------------
03/07/2005,13:18:07 [INIT] The AVGuard Service is starting.
03/07/2005,13:18:19 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
03/07/2005,13:19:01 [INFO] Start Filter Device.
03/07/2005,13:19:01 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
03/07/2005,13:19:01 AVGuard has been started successfully!
03/07/2005,13:22:37 [LOGON] Connection request by remote computer. Establishing secure communication channel.
03/07/2005,13:22:38 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaafcb35.
03/07/2005,13:29:45 WARNING: Is the Trojan horse TR/Click.526!
C:\WINDOWS\SYSTEM32\RDSNDIN.EXE
File has been deleted!
03/07/2005,13:30:08 WARNING: Is the Trojan horse TR/Drop32.Smal.UE.3!
C:\WINDOWS\SYSTEM32\GPSRESL.EXE
File has been deleted!
03/07/2005,13:36:48 [INFO] Stop Filter Device.
03/07/2005,13:36:52 AVGuard service has been stopped!
03/07/2005,13:38:30 ---------------------------------------------------------
03/07/2005,13:38:30 [INIT] The AVGuard Service is starting.
03/07/2005,13:38:39 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
03/07/2005,13:39:12 [LOGON] Connection request by remote computer. Establishing secure communication channel.
03/07/2005,13:39:12 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaabe6cf.
03/07/2005,13:40:13 [INFO] Start Filter Device.
03/07/2005,13:40:13 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
03/07/2005,13:40:14 AVGuard has been started successfully!
03/07/2005,14:01:35 WARNING: Is the Trojan horse TR/Agent.am.1!
C:\WINDOWS\SYSTEM32\DRV2CLTR.DLL
File has been deleted!
03/07/2005,14:05:49 [INFO] Stop Filter Device.
03/07/2005,14:05:53 AVGuard service has been stopped!
03/07/2005,14:07:35 ---------------------------------------------------------
03/07/2005,14:07:35 [INIT] The AVGuard Service is starting.
03/07/2005,14:07:40 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
03/07/2005,14:08:00 [LOGON] Connection request by remote computer. Establishing secure communication channel.
03/07/2005,14:08:01 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaabbd13.
03/07/2005,14:09:39 [INFO] Start Filter Device.
03/07/2005,14:09:39 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
03/07/2005,14:09:39 AVGuard has been started successfully!
03/07/2005,14:35:49 [INFO] Stop Filter Device.
03/07/2005,14:35:54 AVGuard service has been stopped!
03/07/2005,14:37:38 ---------------------------------------------------------
03/07/2005,14:37:38 [INIT] The AVGuard Service is starting.
03/07/2005,14:37:47 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
03/07/2005,14:38:30 [LOGON] Connection request by remote computer. Establishing secure communication channel.
03/07/2005,14:38:30 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaab393a.
03/07/2005,14:39:33 [INFO] Start Filter Device.
03/07/2005,14:39:33 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
03/07/2005,14:39:33 AVGuard has been started successfully!
03/07/2005,14:47:07 [INFO] Stop Filter Device.
03/07/2005,14:47:08 AVGuard service has been stopped!
03/07/2005,15:03:54 ---------------------------------------------------------
03/07/2005,15:03:54 [INIT] The AVGuard Service is starting.
03/07/2005,15:04:03 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
03/07/2005,15:04:46 [LOGON] Connection request by remote computer. Establishing secure communication channel.
03/07/2005,15:04:46 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaab2631.
03/07/2005,15:05:26 [INFO] Start Filter Device.
03/07/2005,15:05:26 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
03/07/2005,15:05:26 AVGuard has been started successfully!
03/07/2005,15:31:08 WARNING: Is the Trojan horse TR/DNSChanger.R!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB9588DB-2B10-4BD6-B56C-6581E1008829}\RP3\A0000034.EXE
File has been deleted!
03/07/2005,17:29:03 WARNING: Is the Trojan horse TR/DNSChanger.R!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB9588DB-2B10-4BD6-B56C-6581E1008829}\RP3\A0001033.EXE
File has been deleted!
03/07/2005,18:39:02 [INFO] Stop Filter Device.
03/07/2005,18:39:08 AVGuard service has been stopped!
03/07/2005,21:26:05 ---------------------------------------------------------
03/07/2005,21:26:05 [INIT] The AVGuard Service is starting.
03/07/2005,21:26:10 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
03/07/2005,21:26:30 [LOGON] Connection request by remote computer. Establishing secure communication channel.
03/07/2005,21:26:30 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaabbfb3.
03/07/2005,21:27:24 [INFO] Start Filter Device.
03/07/2005,21:27:24 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
03/07/2005,21:27:24 AVGuard has been started successfully!
04/07/2005,01:55:12 WARNING: Is the Trojan horse TR/DNSChanger.R!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB9588DB-2B10-4BD6-B56C-6581E1008829}\RP4\A0001199.EXE
04/07/2005,11:08:51 WARNING: Is the Trojan horse TR/Click.526!
C:\WINDOWS\SYSTEM32\RDSNDIN.EXE
04/07/2005,11:42:10 WARNING: Is the Trojan horse TR/DNSChanger.R!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB9588DB-2B10-4BD6-B56C-6581E1008829}\RP4\A0001199.EXE
04/07/2005,12:07:21 [INFO] Stop Filter Device.
04/07/2005,12:07:25 AVGuard service has been stopped!
04/07/2005,13:57:17 ---------------------------------------------------------
04/07/2005,13:57:17 [INIT] The AVGuard Service is starting.
04/07/2005,13:57:24 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
04/07/2005,13:57:43 [LOGON] Connection request by remote computer. Establishing secure communication channel.
04/07/2005,13:57:43 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaba76c.
04/07/2005,13:58:39 [INFO] Start Filter Device.
04/07/2005,13:58:39 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
04/07/2005,13:58:39 AVGuard has been started successfully!
04/07/2005,14:24:20 WARNING: Is the Trojan horse TR/DNSChanger.R!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB9588DB-2B10-4BD6-B56C-6581E1008829}\RP4\A0001199.EXE
File has been deleted!
04/07/2005,14:25:39 WARNING: Is the Trojan horse TR/Agent.am.1!
C:\WINDOWS\SYSTEM32\DRV2CLTR.DLL
File has been deleted!
04/07/2005,15:55:18 [INFO] Stop Filter Device.
04/07/2005,15:55:23 AVGuard service has been stopped!
04/07/2005,16:27:06 ---------------------------------------------------------
04/07/2005,16:27:06 [INIT] The AVGuard Service is starting.
04/07/2005,16:27:11 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
04/07/2005,16:27:31 [LOGON] Connection request by remote computer. Establishing secure communication channel.
04/07/2005,16:27:31 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaabae14.
04/07/2005,16:28:27 [INFO] Start Filter Device.
04/07/2005,16:28:27 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
04/07/2005,16:28:27 AVGuard has been started successfully!
04/07/2005,19:05:56 [INFO] Stop Filter Device.
04/07/2005,19:06:03 AVGuard service has been stopped!
04/07/2005,19:07:26 ---------------------------------------------------------
04/07/2005,19:07:26 [INIT] The AVGuard Service is starting.
04/07/2005,19:07:28 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
04/07/2005,19:07:50 [LOGON] Connection request by remote computer. Establishing secure communication channel.
04/07/2005,19:07:50 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa5a86.
04/07/2005,19:08:33 [INFO] Start Filter Device.
04/07/2005,19:08:33 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
04/07/2005,19:08:33 AVGuard has been started successfully!
04/07/2005,19:10:09 [INFO] Stop Filter Device.
04/07/2005,19:10:12 [INFO] Start Filter Device.
04/07/2005,19:56:40 WARNING: Is the Trojan horse TR/Click.526!
C:\WINDOWS\SYSTEM32\RDSNDIN.EXE
File has been deleted!
04/07/2005,19:57:00 WARNING: Is the Trojan horse TR/Click.526!
C:\WINDOWS\SYSTEM32\RDSNDIN.EXE
File has been deleted!
04/07/2005,19:57:06 WARNING: Is the Trojan horse TR/Drop32.Smal.UE.3!
C:\WINDOWS\SYSTEM32\GPSRESL.EXE
File has been deleted!
04/07/2005,20:04:00 [INFO] Stop Filter Device.
04/07/2005,20:04:05 AVGuard service has been stopped!
04/07/2005,20:06:49 ---------------------------------------------------------
04/07/2005,20:06:49 [INIT] The AVGuard Service is starting.
04/07/2005,20:06:49 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
04/07/2005,20:07:12 [INFO] Start Filter Device.
04/07/2005,20:07:12 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
04/07/2005,20:07:12 AVGuard has been started successfully!
04/07/2005,20:26:51 WARNING: Is the Trojan horse TR/DNSChanger.R!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB9588DB-2B10-4BD6-B56C-6581E1008829}\RP2\A0000063.EXE
04/07/2005,20:41:01 [LOGON] Connection request by remote computer. Establishing secure communication channel.
04/07/2005,20:41:02 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaab55f58.
04/07/2005,21:00:08 WARNING: Is the Trojan horse TR/Click.526!
C:\WINDOWS\SYSTEM32\RDSNDIN.EXE
File has been deleted!
04/07/2005,21:00:14 WARNING: Is the Trojan horse TR/Click.526!
C:\WINDOWS\SYSTEM32\RDSNDIN.EXE
File has been deleted!
04/07/2005,21:00:21 WARNING: Is the Trojan horse TR/Drop32.Smal.UE.3!
C:\WINDOWS\SYSTEM32\GPSRESL.EXE
File has been deleted!
04/07/2005,21:35:17 WARNING: Is the Trojan horse TR/DNSChanger.R!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB9588DB-2B10-4BD6-B56C-6581E1008829}\RP2\A0000063.EXE
File has been renamed to *.VIR
04/07/2005,22:43:27 WARNING: Is the Trojan horse TR/Agent.am.1!
C:\WINDOWS\SYSTEM32\DRV2CLTR.DLL
File has been deleted!
04/07/2005,23:22:11 ---------------------------------------------------------
04/07/2005,23:22:11 [INIT] The AVGuard Service is starting.
04/07/2005,23:22:12 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
04/07/2005,23:22:18 [LOGON] Connection request by remote computer. Establishing secure communication channel.
04/07/2005,23:22:18 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa087d.
04/07/2005,23:23:20 [INFO] Start Filter Device.
04/07/2005,23:23:20 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
04/07/2005,23:23:20 AVGuard has been started successfully!
04/07/2005,23:37:33 [INFO] Stop Filter Device.
04/07/2005,23:37:37 AVGuard service has been stopped!
05/07/2005,01:32:28 ---------------------------------------------------------
05/07/2005,01:32:28 [INIT] The AVGuard Service is starting.
05/07/2005,01:32:29 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
05/07/2005,01:32:37 [INFO] Start Filter Device.
05/07/2005,01:32:37 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
05/07/2005,01:32:37 AVGuard has been started successfully!
05/07/2005,01:43:26 [INFO] Stop Filter Device.
05/07/2005,01:43:28 AVGuard service has been stopped!
05/07/2005,01:44:58 ---------------------------------------------------------
05/07/2005,01:44:58 [INIT] The AVGuard Service is starting.
05/07/2005,01:44:59 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
05/07/2005,01:45:18 [INFO] Start Filter Device.
05/07/2005,01:45:18 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
05/07/2005,01:45:18 AVGuard has been started successfully!
05/07/2005,01:49:23 [INFO] Stop Filter Device.
05/07/2005,01:49:24 AVGuard service has been stopped!
05/07/2005,01:50:58 ---------------------------------------------------------
05/07/2005,01:50:58 [INIT] The AVGuard Service is starting.
05/07/2005,01:50:58 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
05/07/2005,01:51:01 [LOGON] Connection request by remote computer. Establishing secure communication channel.
05/07/2005,01:51:01 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa0aa2.
05/07/2005,01:51:17 [INFO] Start Filter Device.
05/07/2005,01:51:17 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
05/07/2005,01:51:17 AVGuard has been started successfully!
05/07/2005,09:26:59 ---------------------------------------------------------
05/07/2005,09:26:59 [INIT] The AVGuard Service is starting.
05/07/2005,09:27:00 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
05/07/2005,09:27:04 [LOGON] Connection request by remote computer. Establishing secure communication channel.
05/07/2005,09:27:04 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa0523.
05/07/2005,09:27:09 [INFO] Start Filter Device.
05/07/2005,09:27:09 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
05/07/2005,09:27:09 AVGuard has been started successfully!
05/07/2005,10:50:45 WARNING: Is the Trojan horse TR/Click.526!
C:\WINDOWS\SYSTEM32\RDSNDIN.EXE
File has been moved to quarantine directory!
05/07/2005,10:51:03 WARNING: Is the Trojan horse TR/Drop32.Smal.UE.3!
C:\WINDOWS\SYSTEM32\GPSRESL.EXE
File has been moved to quarantine directory!
05/07/2005,12:33:46 WARNING: Is the Trojan horse TR/Agent.am.1!
C:\WINDOWS\SYSTEM32\DRV2CLTR.DLL
File has been moved to quarantine directory!
05/07/2005,15:55:08 [INFO] Stop Filter Device.
05/07/2005,15:55:14 AVGuard service has been stopped!
05/07/2005,15:56:40 ---------------------------------------------------------
05/07/2005,15:56:40 [INIT] The AVGuard Service is starting.
05/07/2005,15:56:40 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
05/07/2005,15:56:44 [LOGON] Connection request by remote computer. Establishing secure communication channel.
05/07/2005,15:56:44 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa3543.
05/07/2005,15:56:46 [INFO] Start Filter Device.
05/07/2005,15:56:46 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
05/07/2005,15:56:46 AVGuard has been started successfully!
05/07/2005,16:51:12 WARNING: Is the Trojan horse TR/Click.526!
C:\WINDOWS\SYSTEM32\RDSNDIN.EXE
05/07/2005,16:51:16 WARNING: Is the Trojan horse TR/Drop32.Smal.UE.3!
C:\WINDOWS\SYSTEM32\GPSRESL.EXE
05/07/2005,16:57:15 WARNING: Is the Trojan horse TR/Agent.am.1!
C:\WINDOWS\SYSTEM32\DRV2CLTR.DLL
File has been deleted!
05/07/2005,17:46:57 [INFO] Stop Filter Device.
05/07/2005,17:47:00 AVGuard service has been stopped!
05/07/2005,17:48:29 ---------------------------------------------------------
05/07/2005,17:48:29 [INIT] The AVGuard Service is starting.
05/07/2005,17:48:30 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
05/07/2005,17:48:36 [INFO] Start Filter Device.
05/07/2005,17:48:36 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
05/07/2005,17:48:36 AVGuard has been started successfully!
05/07/2005,19:42:19 [INFO] Stop Filter Device.
05/07/2005,19:42:21 AVGuard service has been stopped!
05/07/2005,19:47:09 ---------------------------------------------------------
05/07/2005,19:47:09 [INIT] The AVGuard Service is starting.
05/07/2005,19:47:10 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
05/07/2005,19:47:13 [LOGON] Connection request by remote computer. Establishing secure communication channel.
05/07/2005,19:47:13 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa322c.
05/07/2005,19:47:17 [INFO] Start Filter Device.
05/07/2005,19:47:17 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
05/07/2005,19:47:17 AVGuard has been started successfully!
05/07/2005,19:51:53 [INFO] Stop Filter Device.
05/07/2005,19:51:54 AVGuard service has been stopped!
06/07/2005,02:41:53 ---------------------------------------------------------
06/07/2005,02:41:53 [INIT] The AVGuard Service is starting.
06/07/2005,02:41:54 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
06/07/2005,02:41:57 [LOGON] Connection request by remote computer. Establishing secure communication channel.
06/07/2005,02:41:57 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa3d71.
06/07/2005,02:41:59 [INFO] Start Filter Device.
06/07/2005,02:41:59 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
06/07/2005,02:41:59 AVGuard has been started successfully!
06/07/2005,17:15:19 [INFO] Stop Filter Device.
06/07/2005,17:15:24 AVGuard service has been stopped!
06/07/2005,17:20:17 ---------------------------------------------------------
06/07/2005,17:20:17 [INIT] The AVGuard Service is starting.
06/07/2005,17:20:18 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
06/07/2005,17:20:21 [LOGON] Connection request by remote computer. Establishing secure communication channel.
06/07/2005,17:20:21 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaad8b9.
06/07/2005,17:20:25 [INFO] Start Filter Device.
06/07/2005,17:20:25 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
06/07/2005,17:20:26 AVGuard has been started successfully!
06/07/2005,17:21:22 [INFO] Stop Filter Device.
06/07/2005,17:21:23 AVGuard service has been stopped!
06/07/2005,18:50:03 ---------------------------------------------------------
06/07/2005,18:50:03 [INIT] The AVGuard Service is starting.
06/07/2005,18:50:04 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
06/07/2005,18:50:06 [LOGON] Connection request by remote computer. Establishing secure communication channel.
06/07/2005,18:50:06 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaac7c5.
06/07/2005,18:50:12 [INFO] Start Filter Device.
06/07/2005,18:50:12 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
06/07/2005,18:50:12 AVGuard has been started successfully!
06/07/2005,19:19:52 WARNING: Is the Trojan horse TR/Click.526!
C:\WINDOWS\SYSTEM32\RDSNDIN.EXE
File has been deleted!
06/07/2005,19:21:12 WARNING: Is the Trojan horse TR/Drop32.Smal.UE.3!
C:\WINDOWS\SYSTEM32\GPSRESL.EXE
File has been deleted!
07/07/2005,00:41:57 WARNING: Is the Trojan horse TR/Click.526!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB9588DB-2B10-4BD6-B56C-6581E1008829}\RP1\A0000003.EXE
File has been deleted!
07/07/2005,00:42:27 WARNING: Is the Trojan horse TR/Drop32.Smal.UE.3!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB9588DB-2B10-4BD6-B56C-6581E1008829}\RP1\A0000005.EXE
File has been deleted!
07/07/2005,00:57:42 WARNING: Is the Trojan horse TR/DNSChanger.R!
C:\WINDOWS\SYSTEM32\CSDEP.EXE
File has been deleted!
07/07/2005,00:58:22 WARNING: Is the Trojan horse TR/Drop32.Smal.UE.3!
C:\WINDOWS\SYSTEM32\GPSRESL.EXE
File has been deleted!
07/07/2005,00:58:43 WARNING: Is the Trojan horse TR/Drop.Agent.hy.4!
C:\WINDOWS\SYSTEM32\LOADCTR.EXE
File has been deleted!
07/07/2005,01:22:16 WARNING: Is the Trojan horse TR/Drop32.Smal.UE.3!
C:\WINDOWS\SYSTEM32\GPSRESL.EXE
File has been deleted!
07/07/2005,11:27:24 ---------------------------------------------------------
07/07/2005,11:27:24 [INIT] The AVGuard Service is starting.
07/07/2005,11:27:25 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
07/07/2005,11:27:27 [LOGON] Connection request by remote computer. Establishing secure communication channel.
07/07/2005,11:27:27 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaad8b9.
07/07/2005,11:27:57 [INFO] Start Filter Device.
07/07/2005,11:27:57 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
07/07/2005,11:27:57 AVGuard has been started successfully!
07/07/2005,11:39:05 WARNING: Is the Trojan horse TR/Drop32.Smal.UE.3!
C:\WINDOWS\SYSTEM32\GPSRESL.EXE
File has been deleted!
Utilisateur anonyme
7 juil. 2005 à 17:25
7 juil. 2005 à 17:25
re,
affcihe les fichiers caché et supprime l exe
C:\WINDOWS\SYSTEM32\GPSRESL.EXE
ensuite dis moi si t as encore des alertes de ton av
affcihe les fichiers caché et supprime l exe
C:\WINDOWS\SYSTEM32\GPSRESL.EXE
ensuite dis moi si t as encore des alertes de ton av
gablo
Messages postés
37
Date d'inscription
mardi 5 juillet 2005
Statut
Membre
Dernière intervention
28 juillet 2005
7 juil. 2005 à 19:07
7 juil. 2005 à 19:07
Alors, malgrè l'affichage des dossiers cachés, je ne trouve pas le fichier GPSREL.EXE dans C:/windows/system32. Peut-être que la dernière action d'AVPersonal a été efficace...à vrai dire, j'en doute puisque ce n'est pas la première fois que je choisis "delete" lors de l'alerte d'AV et que le fichier réapparait.
Si il réapparait à nouveau, faut-il que je le supprime en mode sans echec?
Est-ce que je peux également supprimer sans soucis les fichiers suivants:
C:\WINDOWS\SYSTEM32\LOADCTR.EXE
C:\WINDOWS\SYSTEM32\CSDEP.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB9588DB-2B10-4BD6-B56C-6581E1008829}\RP1\A0000005.EXE
C:\WINDOWS\SYSTEM32\RDSNDIN.EXE
C:\WINDOWS\SYSTEM32\DRV2CLTR.DLL
Merci et à +
Si il réapparait à nouveau, faut-il que je le supprime en mode sans echec?
Est-ce que je peux également supprimer sans soucis les fichiers suivants:
C:\WINDOWS\SYSTEM32\LOADCTR.EXE
C:\WINDOWS\SYSTEM32\CSDEP.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB9588DB-2B10-4BD6-B56C-6581E1008829}\RP1\A0000005.EXE
C:\WINDOWS\SYSTEM32\RDSNDIN.EXE
C:\WINDOWS\SYSTEM32\DRV2CLTR.DLL
Merci et à +
Utilisateur anonyme
7 juil. 2005 à 19:51
7 juil. 2005 à 19:51
salut
Fais un scan ici:
http://www.bitdefender.com/scan/licence.php
et poste le rapport
a+
Fais un scan ici:
http://www.bitdefender.com/scan/licence.php
et poste le rapport
a+
gablo
Messages postés
37
Date d'inscription
mardi 5 juillet 2005
Statut
Membre
Dernière intervention
28 juillet 2005
7 juil. 2005 à 20:52
7 juil. 2005 à 20:52
Salut,
Merci de ta réponse, mais le scan de bitdefender n'a rien révélé.
Durant le scan, Antivir Guard a detecté le trojan DNS Changer.
Voici le log d'AV personal
07/07/2005,18:48:16 [INIT] The AVGuard Service is starting.
07/07/2005,18:48:18 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
07/07/2005,18:48:22 [LOGON] Connection request by remote computer. Establishing secure communication channel.
07/07/2005,18:48:23 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaadd3b.
07/07/2005,18:48:29 [INFO] Start Filter Device.
07/07/2005,18:48:29 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
07/07/2005,18:48:29 AVGuard has been started successfully!
07/07/2005,20:23:17 WARNING: Is the Trojan horse TR/DNSChanger.R!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB9588DB-2B10-4BD6-B56C-6581E1008829}\RP1\A0000013.EXE
07/07/2005,20:23:38 WARNING: Is the Trojan horse TR/Drop.Agent.hy.4!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB9588DB-2B10-4BD6-B56C-6581E1008829}\RP1\A0000014.EXE
07/07/2005,20:23:43 WARNING: Is the Trojan horse TR/DNSChanger.R!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB9588DB-2B10-4BD6-B56C-6581E1008829}\RP1\A0001001.EXE
07/07/2005,20:23:47 WARNING: Is the Trojan horse TR/DNSChanger.R!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB9588DB-2B10-4BD6-B56C-6581E1008829}\RP1\A0002003.EXE
File has been deleted!
07/07/2005,20:23:52 WARNING: Is the Trojan horse TR/DNSChanger.R!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB9588DB-2B10-4BD6-B56C-6581E1008829}\RP1\A0002025.EXE
File has been deleted!
07/07/2005,20:23:56 WARNING: Is the Trojan horse TR/DNSChanger.R!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB9588DB-2B10-4BD6-B56C-6581E1008829}\RP1\A0002029.EXE
File has been deleted!
07/07/2005,20:27:53 [LOGON] Connection request by remote computer. Establishing secure communication channel.
07/07/2005,20:27:53 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaf13be2.
Merci de ta réponse, mais le scan de bitdefender n'a rien révélé.
Durant le scan, Antivir Guard a detecté le trojan DNS Changer.
Voici le log d'AV personal
07/07/2005,18:48:16 [INIT] The AVGuard Service is starting.
07/07/2005,18:48:18 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
07/07/2005,18:48:22 [LOGON] Connection request by remote computer. Establishing secure communication channel.
07/07/2005,18:48:23 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaadd3b.
07/07/2005,18:48:29 [INFO] Start Filter Device.
07/07/2005,18:48:29 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.7 VDF Version: 6.31.0.137
07/07/2005,18:48:29 AVGuard has been started successfully!
07/07/2005,20:23:17 WARNING: Is the Trojan horse TR/DNSChanger.R!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB9588DB-2B10-4BD6-B56C-6581E1008829}\RP1\A0000013.EXE
07/07/2005,20:23:38 WARNING: Is the Trojan horse TR/Drop.Agent.hy.4!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB9588DB-2B10-4BD6-B56C-6581E1008829}\RP1\A0000014.EXE
07/07/2005,20:23:43 WARNING: Is the Trojan horse TR/DNSChanger.R!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB9588DB-2B10-4BD6-B56C-6581E1008829}\RP1\A0001001.EXE
07/07/2005,20:23:47 WARNING: Is the Trojan horse TR/DNSChanger.R!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB9588DB-2B10-4BD6-B56C-6581E1008829}\RP1\A0002003.EXE
File has been deleted!
07/07/2005,20:23:52 WARNING: Is the Trojan horse TR/DNSChanger.R!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB9588DB-2B10-4BD6-B56C-6581E1008829}\RP1\A0002025.EXE
File has been deleted!
07/07/2005,20:23:56 WARNING: Is the Trojan horse TR/DNSChanger.R!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB9588DB-2B10-4BD6-B56C-6581E1008829}\RP1\A0002029.EXE
File has been deleted!
07/07/2005,20:27:53 [LOGON] Connection request by remote computer. Establishing secure communication channel.
07/07/2005,20:27:53 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaf13be2.
Utilisateur anonyme
7 juil. 2005 à 20:56
7 juil. 2005 à 20:56
salut,
¤Désactive ta restauration système:
Clic droit sur poste de travail puis,
propriété, tu clique sur onglet restauration système
tu coche la case désactiver la restauration et applique
puis reactive la en decochant la case
a+
¤Désactive ta restauration système:
Clic droit sur poste de travail puis,
propriété, tu clique sur onglet restauration système
tu coche la case désactiver la restauration et applique
puis reactive la en decochant la case
a+
Utilisateur anonyme
7 juil. 2005 à 21:00
7 juil. 2005 à 21:00
vire ceux là aussi:
C:\WINDOWS\SYSTEM32\LOADCTR.EXE
C:\WINDOWS\SYSTEM32\RDSNDIN.EXE
C:\WINDOWS\SYSTEM32\CSDEP.EXE
C:\WINDOWS\SYSTEM32\DRV2CLTR.DLL
a+
C:\WINDOWS\SYSTEM32\LOADCTR.EXE
C:\WINDOWS\SYSTEM32\RDSNDIN.EXE
C:\WINDOWS\SYSTEM32\CSDEP.EXE
C:\WINDOWS\SYSTEM32\DRV2CLTR.DLL
a+
gablo
Messages postés
37
Date d'inscription
mardi 5 juillet 2005
Statut
Membre
Dernière intervention
28 juillet 2005
7 juil. 2005 à 21:55
7 juil. 2005 à 21:55
Pb: je ne trouve aucun de ces fichiers aux emplacements indiqués, malgrè l'affichage de tous les dossiers...
gablo
Messages postés
37
Date d'inscription
mardi 5 juillet 2005
Statut
Membre
Dernière intervention
28 juillet 2005
7 juil. 2005 à 23:09
7 juil. 2005 à 23:09
Bon, j'ai l'impression que tout est rentré dans l'ordre...
Je viens de relancer un scan complet antivir et il ne détecte plus rien.
BRAVO à Regis59, Jean38 et moe31 pour leur attention et leur disponibilité
Je viens de relancer un scan complet antivir et il ne détecte plus rien.
BRAVO à Regis59, Jean38 et moe31 pour leur attention et leur disponibilité
Utilisateur anonyme
7 juil. 2005 à 23:21
7 juil. 2005 à 23:21
ok
reactive ta restau+recache tes fichiers si tu avais fait cette manip
bon surf alors
a+
reactive ta restau+recache tes fichiers si tu avais fait cette manip
bon surf alors
a+
mercredi
Messages postés
2
Date d'inscription
jeudi 13 septembre 2007
Statut
Membre
Dernière intervention
17 septembre 2007
17 sept. 2007 à 07:53
17 sept. 2007 à 07:53
BOnjour
J'ai un problème, avec zlob dns changer. Lorsque je vais sur internet, les pages demandées sont dirigées vers d'autres sites. J'ai installé spyboth, aquared, rien n'est détecté? J'ai télécharge hijackthis et fait le scan, voici ce qu'il a trouvé.
Pourriez vous m'aider, y a t'il une ligne à supprimer?....en cochant une des cases concernées,
Merci d'avance, je suis complètement perdue....
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [] C:\Program Files\DisqudurProtection\SysRep.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B15FF160-1503-453D-B936-44DD106F9221}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2D6E469-276F-4E06-AB2C-3A06C4FD91B3}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
J'ai un problème, avec zlob dns changer. Lorsque je vais sur internet, les pages demandées sont dirigées vers d'autres sites. J'ai installé spyboth, aquared, rien n'est détecté? J'ai télécharge hijackthis et fait le scan, voici ce qu'il a trouvé.
Pourriez vous m'aider, y a t'il une ligne à supprimer?....en cochant une des cases concernées,
Merci d'avance, je suis complètement perdue....
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [] C:\Program Files\DisqudurProtection\SysRep.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B15FF160-1503-453D-B936-44DD106F9221}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2D6E469-276F-4E06-AB2C-3A06C4FD91B3}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
6 juil. 2005 à 19:43
Merci pour la description détaillée de la démarche.
J'ai effectué les actions recommandées, et je viens de relancer en mode normal: des alertes AV se produisent et m'indiquent la présence des trojans suivants:
-Trojan Click526 dans C:/windows/system32/RDSNDIN.EXE
-Trojan Drop32.small.UE.3 dans C:/windows/system32/GPSREL.EXE
Pour info, en mode sans échec, lors du scan de Spybot, une erreur s'est produite: "Error during check / Xuron 55 dans C:/windows/win.ini / le processus ne peut accéder au fichier car ce fichier est utilisé par un autre processus"
Est-ce que je peux tenter autre chose avant de formater??
Merci par avance
Voici le log Hijack:
Logfile of HijackThis v1.99.1
Scan saved at 18:54:09, on 06/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\GABRINELL\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1FBC0725-E5E4-32D8-BEB5-1F7D82C3CEF8} - StartCpl.dll (file missing)
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [stuffmon] SetupExeDll.exe
O4 - HKCU\..\Run: [Dest068] scanSYS.exe
O4 - HKCU\..\Run: [wormexe] keybdll.exe
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe