Rdriv.sys sous Windows 2000

Bonjour a tous,

je dispause actuellement d'une machine avec Windows 2000,

j'ai Avast Anti Virus a jour ( aujourdui on es le 19 juillet 2005)

Avast me trouve un virus dans le fichier rdriv.sys dans c:\winnt\system32\rdriv.sys ( winnt etant mon repertoir root)

il le suprime mais quelques seconde seulement aprés il revien... j'ai pencer a une restoration du system automatique ( cf windows XP) mais je ne l'ais pas trouver sur windows 2000

j'ai parcourue le Web en me disant qu'une solution a surement dejas etait trouver, mais rien de trés concluents, j'ai entre autre lancer le petit utilitaire rdrivrem.bat il m'indique le log suivant en fin de traitement :

      ~~~~~~~~~~~~~ Pre-run File Check ~~~~~~~~~~~~~ 

rdriv.sys PRESENT!
ItunesMusic.exe NOT PRESENT!
wkssvc.exe NOT PRESENT!


      ~~~~~~~~~~~~~ Post run File Check ~~~~~~~~~~~~~ 

rdriv.sys PRESENT!
ItunesMusic.exe NOT PRESENT!
wkssvc.exe NOT PRESENT!

Si j'execute ce petit utilitaire en mode sans echeques voici ce que j'obtien :

      ~~~~~~~~~~~~~ Pre-run File Check ~~~~~~~~~~~~~ 

rdriv.sys PRESENT!
ItunesMusic.exe NOT PRESENT!
wkssvc.exe NOT PRESENT!


      ~~~~~~~~~~~~~ Post run File Check ~~~~~~~~~~~~~ 

rdriv.sys NOT PRESENT!
ItunesMusic.exe NOT PRESENT!
wkssvc.exe NOT PRESENT!

mais dés que je redémare normalement il revien comme si j'avais une restoration system - je vous rapelle que je suis sous Windows 2000...

voici un petit journal de avast :

19/07/2005 14:37:33	SYSTEM	472	Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINNT\system32\rdriv.sys" file.  
19/07/2005 14:40:43	HONNFO	1428	Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINNT\system32\rdriv.sys" file.  
19/07/2005 15:12:33	HONNFO	1264	Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINNT\system32\rdriv.sys" file.  
19/07/2005 15:17:32	SYSTEM	472	Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINNT\system32\rdriv.sys" file.  
19/07/2005 15:19:20	SYSTEM	472	Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\RECYCLER\S-1-5-21-1454471165-1708537768-1202660629-1000\Dc25.sys" file.  
19/07/2005 15:19:39	SYSTEM	472	Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINNT\system32\rdriv.sys" file.  
19/07/2005 15:19:49	SYSTEM	472	Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINNT\system32\rdriv.sys" file.  
19/07/2005 15:20:02	SYSTEM	472	Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINNT\system32\rdriv.sys" file.  
19/07/2005 15:20:29	SYSTEM	472	Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINNT\system32\rdriv.sys" file.  
19/07/2005 15:22:56	HONNFO	584	Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINNT\system32\rdriv.sys" file.  
19/07/2005 15:23:09	HONNFO	1384	Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINNT\system32\rdriv.sys" file.  
19/07/2005 16:00:06	SYSTEM	472	Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINNT\system32\rdriv.sys" file.  
19/07/2005 16:01:05	HONNFO	1316	Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINNT\system32\rdriv.sys" file.  
19/07/2005 16:04:25	HONNFO	1092	Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINNT\system32\rdriv.sys" file.  
19/07/2005 16:04:34	HONNFO	1340	Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINNT\system32\rdriv.sys" file.  
19/07/2005 16:04:43	HONNFO	1092	Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINNT\system32\rdriv.sys" file.  
19/07/2005 19:44:01	SYSTEM	472	Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINNT\system32\rdriv.sys" file.  
19/07/2005 20:54:03	HONNFO	920	Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINNT\system32\rdriv.sys" file.  
19/07/2005 21:12:46	HONNFO	1224	Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINNT\system32\rdriv.sys" file.  
19/07/2005 21:21:23	SYSTEM	472	Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINNT\system32\rdriv.sys" file.  
19/07/2005 21:27:25	SYSTEM	472	Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINNT\system32\rdriv.sys" file.  

cela montre bien qu'il s'agit de ce fichier ( meme aprés des scann durant le démarage windows )


et voici un petit log hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 21:47:30, on 19/07/2005
Platform: Windows 2000  (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\vvv.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINNT\TPPALDR.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SuperCopier\SuperCopier.exe
C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe
C:\Program Files\Reality Fusion\Reality Fusion GameCam SE\Program\RFTRay.exe
C:\Documents and Settings\HONNFO\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINNT\TPPALDR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Reality Fusion GameCam SE.lnk = C:\Program Files\Reality Fusion\Reality Fusion GameCam SE\Program\RFTRay.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: hpdj - HP - C:\DOCUME~1\HONNFO\LOCALS~1\Temp\hpdj.exe
O23 - Service: WIN32 (image) - Unknown owner - C:\WINNT\image.exe
O23 - Service: MAPI Mail Client (MAPI) - Unknown owner - C:\WINNT\system32\vvv.exe

Personnelement je n'ais rien trouver ce raportant a rdriv.sys mais maintenant vous, sa vous sautras peut etre au yeux ??

Enfin merci a tout ceux qui pourons m'aider