Virus persistant..
Spip
-
Spip -
Spip -
Bonjour a tous,
je vous expose mon soucis en espérant que vous pourrez m'aider car un virus me résiste...C le "TR/Rootkit.L"
Je vous donne mon log de Hitjack en attendant vos conseils sur logiciel que je connais très très peu...
Merci d'avance...
Logfile of HijackThis v1.99.1
Scan saved at 01:45:47, on 29/08/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\eChanblard\emule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Drivers\Sur\PROGRAMMES\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{469FDA36-93A5-4F3A-9C76-80EAB3C9B5F5}: NameServer = 80.10.246.1 80.10.246.132
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
Merci encore et a bientot.
Spip..
je vous expose mon soucis en espérant que vous pourrez m'aider car un virus me résiste...C le "TR/Rootkit.L"
Je vous donne mon log de Hitjack en attendant vos conseils sur logiciel que je connais très très peu...
Merci d'avance...
Logfile of HijackThis v1.99.1
Scan saved at 01:45:47, on 29/08/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\eChanblard\emule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Drivers\Sur\PROGRAMMES\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{469FDA36-93A5-4F3A-9C76-80EAB3C9B5F5}: NameServer = 80.10.246.1 80.10.246.132
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
Merci encore et a bientot.
Spip..
A voir également:
- Virus persistant..
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
3 réponses
salut
demarer<poste de travail<c<programmes files< av personal<logfiles<NTGRDRT<copie/colle tout ce qu il y a dedans
a+
demarer<poste de travail<c<programmes files< av personal<logfiles<NTGRDRT<copie/colle tout ce qu il y a dedans
a+
coucou
surtout tutoie moi !!! lol
Utilises ceci
3/Clean Up 40:
http://pageperso.aol.fr/balltrap34/CleanUp40.exe
-aide en image:(merci à Balltrap34)
http://pageperso.aol.fr/balltrap34/democleanup.htm
ensuite lance ce scan en ligne
http://www.bitdefender.com/scan/licence.php
copie/colle le rapport
A+
surtout tutoie moi !!! lol
Utilises ceci
3/Clean Up 40:
http://pageperso.aol.fr/balltrap34/CleanUp40.exe
-aide en image:(merci à Balltrap34)
http://pageperso.aol.fr/balltrap34/democleanup.htm
ensuite lance ce scan en ligne
http://www.bitdefender.com/scan/licence.php
copie/colle le rapport
A+
Ok je vais te tutoyer mais je n'osai pas par respect...
Donc j'ai télécharger Clean UP et je l'ai éxecuter mais je n'arrive pas a lancer le scan en ligne car il me dit qu'il faut avoir une version d'IE supérieure à la 4 alors que je suis sous la 6 avec le SP1...
Je ne comprens pas; peux-tu m'aider?
Merci..
Donc j'ai télécharger Clean UP et je l'ai éxecuter mais je n'arrive pas a lancer le scan en ligne car il me dit qu'il faut avoir une version d'IE supérieure à la 4 alors que je suis sous la 6 avec le SP1...
Je ne comprens pas; peux-tu m'aider?
Merci..
Voila tout ce qui se trouve dans le dossier indiqué...
27/08/2005,01:23:55 ---------------------------------------------------------
27/08/2005,01:23:55 [INIT] The AVGuard Service is starting.
27/08/2005,01:23:56 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
27/08/2005,01:23:57 [INFO] Start Filter Device.
27/08/2005,01:23:57 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.15 VDF Version: 6.30.0.225
27/08/2005,01:23:57 AVGuard has been started successfully!
27/08/2005,01:23:59 [LOGON] Connection request by remote computer. Establishing secure communication channel.
27/08/2005,01:23:59 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaa82e65e.
27/08/2005,01:24:50 [INFO] Stop Filter Device.
27/08/2005,01:24:51 AVGuard service has been stopped!
27/08/2005,09:34:05 ---------------------------------------------------------
27/08/2005,09:34:05 [INIT] The AVGuard Service is starting.
27/08/2005,09:34:12 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
27/08/2005,09:34:27 [INFO] Start Filter Device.
27/08/2005,09:34:27 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.15 VDF Version: 6.30.0.225
27/08/2005,09:34:27 AVGuard has been started successfully!
27/08/2005,09:34:49 [LOGON] Connection request by remote computer. Establishing secure communication channel.
27/08/2005,09:34:49 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaab8c37.
27/08/2005,10:04:00 [INFO] Stop Filter Device.
27/08/2005,10:04:00 AVGuard service has been stopped!
27/08/2005,10:05:07 ---------------------------------------------------------
27/08/2005,10:05:07 [INIT] The AVGuard Service is starting.
27/08/2005,10:05:14 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
27/08/2005,10:05:17 [LOGON] Connection request by remote computer. Establishing secure communication channel.
27/08/2005,10:05:18 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa21e2.
27/08/2005,10:05:25 [INFO] Start Filter Device.
27/08/2005,10:05:25 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.15 VDF Version: 6.30.0.225
27/08/2005,10:05:25 AVGuard has been started successfully!
27/08/2005,10:11:18 [INFO] Stop Filter Device.
27/08/2005,10:11:18 AVGuard service has been stopped!
27/08/2005,13:26:08 ---------------------------------------------------------
27/08/2005,13:26:08 [INIT] The AVGuard Service is starting.
27/08/2005,13:26:12 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
27/08/2005,13:26:18 [LOGON] Connection request by remote computer. Establishing secure communication channel.
27/08/2005,13:26:18 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa0f5e.
27/08/2005,13:26:25 [INFO] Start Filter Device.
27/08/2005,13:26:25 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.15 VDF Version: 6.30.0.225
27/08/2005,13:26:25 AVGuard has been started successfully!
27/08/2005,14:05:57 WARNING: Is the Trojan horse TR/Dldr.Dyfuca.DB!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{963BC377-75CE-4005-9BA1-0A052EBC587C}\RP3\A0000172.EXE
27/08/2005,16:15:01 [INFO] Stop Filter Device.
27/08/2005,16:15:03 AVGuard service has been stopped!
27/08/2005,16:15:49 ---------------------------------------------------------
27/08/2005,16:15:49 [INIT] The AVGuard Service is starting.
27/08/2005,16:15:50 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
27/08/2005,16:15:53 [LOGON] Connection request by remote computer. Establishing secure communication channel.
27/08/2005,16:15:53 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaae188.
27/08/2005,16:15:58 [INFO] Start Filter Device.
27/08/2005,16:15:58 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.15 VDF Version: 6.30.0.225
27/08/2005,16:15:58 AVGuard has been started successfully!
27/08/2005,16:34:29 [INFO] Stop Filter Device.
27/08/2005,16:34:31 AVGuard service has been stopped!
27/08/2005,16:35:21 ---------------------------------------------------------
27/08/2005,16:35:21 [INIT] The AVGuard Service is starting.
27/08/2005,16:35:22 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
27/08/2005,16:35:26 [LOGON] Connection request by remote computer. Establishing secure communication channel.
27/08/2005,16:35:26 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaaf879.
27/08/2005,16:35:31 [INFO] Start Filter Device.
27/08/2005,16:35:31 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.15 VDF Version: 6.30.0.225
27/08/2005,16:35:31 AVGuard has been started successfully!
27/08/2005,16:47:23 [INFO] Stop Filter Device.
27/08/2005,16:47:24 AVGuard service has been stopped!
27/08/2005,16:48:35 ---------------------------------------------------------
27/08/2005,16:48:35 [INIT] The AVGuard Service is starting.
27/08/2005,16:48:37 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
27/08/2005,16:48:40 [LOGON] Connection request by remote computer. Establishing secure communication channel.
27/08/2005,16:48:40 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaaf029.
27/08/2005,16:48:44 [INFO] Start Filter Device.
27/08/2005,16:48:44 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.15 VDF Version: 6.30.0.225
27/08/2005,16:48:44 AVGuard has been started successfully!
27/08/2005,17:42:01 WARNING: Is the Trojan horse TR/Rootkit.L!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2F8E8365-78EF-4693-A892-5097FB370857}\RP115\A0548581.SYS
27/08/2005,17:42:12 WARNING: Is the Trojan horse TR/Rootkit.L!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2F8E8365-78EF-4693-A892-5097FB370857}\RP115\A0548596.SYS
File has been deleted!
27/08/2005,17:42:14 WARNING: Is the Trojan horse TR/Rootkit.L!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2F8E8365-78EF-4693-A892-5097FB370857}\RP115\A0548609.SYS
27/08/2005,17:42:16 WARNING: Is the Trojan horse TR/Rootkit.L!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2F8E8365-78EF-4693-A892-5097FB370857}\RP115\A0548624.SYS
File has been moved to quarantine directory!
27/08/2005,17:42:23 WARNING: Is the Trojan horse TR/Rootkit.L!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2F8E8365-78EF-4693-A892-5097FB370857}\RP115\A0548715.SYS
27/08/2005,17:42:25 WARNING: Is the Trojan horse TR/Rootkit.L!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2F8E8365-78EF-4693-A892-5097FB370857}\RP115\A0548729.SYS
27/08/2005,17:42:33 WARNING: Is the Trojan horse TR/Rootkit.L!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2F8E8365-78EF-4693-A892-5097FB370857}\RP115\A0548742.SYS
File has been renamed to *.VIR
27/08/2005,17:43:14 WARNING: Is the Trojan horse TR/Rootkit.L!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2F8E8365-78EF-4693-A892-5097FB370857}\RP115\A0548758.SYS
File has been overwritten and deleted!
27/08/2005,17:43:17 WARNING: Is the Trojan horse TR/Rootkit.L!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2F8E8365-78EF-4693-A892-5097FB370857}\RP115\A0549758.SYS
File has been deleted!
27/08/2005,17:43:19 WARNING: Is the Trojan horse TR/Rootkit.L!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2F8E8365-78EF-4693-A892-5097FB370857}\RP115\A0549771.SYS
27/08/2005,17:49:37 WARNING: Is the Trojan horse TR/Rootkit.L!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2F8E8365-78EF-4693-A892-5097FB370857}\RP115\A0549783.SYS
27/08/2005,17:49:49 WARNING: Is the Trojan horse TR/Rootkit.L!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2F8E8365-78EF-4693-A892-5097FB370857}\RP115\A0549795.SYS
27/08/2005,18:01:42 [INFO] Stop Filter Device.
27/08/2005,18:01:45 AVGuard service has been stopped!
27/08/2005,18:02:38 ---------------------------------------------------------
27/08/2005,18:02:38 [INIT] The AVGuard Service is starting.
27/08/2005,18:02:39 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
27/08/2005,18:02:46 [INFO] Start Filter Device.
27/08/2005,18:02:46 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.15 VDF Version: 6.30.0.225
27/08/2005,18:02:46 AVGuard has been started successfully!
27/08/2005,18:03:24 [LOGON] Connection request by remote computer. Establishing secure communication channel.
27/08/2005,18:03:24 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa5d46.
27/08/2005,18:07:28 [INFO] Stop Filter Device.
27/08/2005,18:07:29 AVGuard service has been stopped!
27/08/2005,18:08:35 ---------------------------------------------------------
27/08/2005,18:08:35 [INIT] The AVGuard Service is starting.
27/08/2005,18:08:37 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
27/08/2005,18:08:47 [LOGON] Connection request by remote computer. Establishing secure communication channel.
27/08/2005,18:08:47 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa3b8e.
27/08/2005,18:08:50 [INFO] Start Filter Device.
27/08/2005,18:08:50 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.15 VDF Version: 6.30.0.225
27/08/2005,18:08:50 AVGuard has been started successfully!
27/08/2005,18:13:17 [INFO] Stop Filter Device.
27/08/2005,18:13:18 AVGuard service has been stopped!
27/08/2005,18:13:20 ---------------------------------------------------------
27/08/2005,18:13:20 [INIT] The AVGuard Service is starting.
27/08/2005,18:13:21 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
27/08/2005,18:13:22 [INFO] Start Filter Device.
27/08/2005,18:13:22 AntiVirService Version: 6.30.00.06 AVE Version 6.31.1.0 VDF Version: 6.31.1.187
27/08/2005,18:13:22 AVGuard has been started successfully!
27/08/2005,18:13:27 [LOGON] Connection request by remote computer. Establishing secure communication channel.
27/08/2005,18:13:27 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaae5ba9.
27/08/2005,18:13:56 [INFO] Stop Filter Device.
27/08/2005,18:13:56 AVGuard service has been stopped!
27/08/2005,18:28:30 ---------------------------------------------------------
27/08/2005,18:28:30 [INIT] The AVGuard Service is starting.
27/08/2005,18:28:33 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
27/08/2005,18:28:35 [INFO] Start Filter Device.
27/08/2005,18:28:35 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.187
27/08/2005,18:28:35 AVGuard has been started successfully!
27/08/2005,18:28:44 [LOGON] Connection request by remote computer. Establishing secure communication channel.
27/08/2005,18:28:44 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaab85b60.
27/08/2005,18:44:25 WARNING: Is the Trojan horse TR/Rootkit.L!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2F8E8365-78EF-4693-A892-5097FB370857}\RP115\A0548581.SYS
27/08/2005,18:44:34 WARNING: Is the Trojan horse TR/Rootkit.L!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2F8E8365-78EF-4693-A892-5097FB370857}\RP115\A0548581.SYS
27/08/2005,18:50:29 WARNING: Is the Trojan horse TR/Rootkit.L!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2F8E8365-78EF-4693-A892-5097FB370857}\RP115\A0548609.SYS
File has been deleted!
27/08/2005,18:50:36 WARNING: Is the Trojan horse TR/Rootkit.L!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2F8E8365-78EF-4693-A892-5097FB370857}\RP115\A0548715.SYS
File has been moved to quarantine directory!
27/08/2005,18:50:39 WARNING: Is the Trojan horse TR/Rootkit.L!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2F8E8365-78EF-4693-A892-5097FB370857}\RP115\A0548729.SYS
File has been deleted!
27/08/2005,18:50:41 WARNING: Is the Trojan horse TR/Rootkit.L!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2F8E8365-78EF-4693-A892-5097FB370857}\RP115\A0549771.SYS
27/08/2005,18:59:51 WARNING: Is the Trojan horse TR/Rootkit.L!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2F8E8365-78EF-4693-A892-5097FB370857}\RP115\A0549771.SYS
27/08/2005,18:59:52 WARNING: Is the Trojan horse TR/Rootkit.L!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2F8E8365-78EF-4693-A892-5097FB370857}\RP115\A0549783.SYS
27/08/2005,18:59:54 WARNING: Is the Trojan horse TR/Rootkit.L!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2F8E8365-78EF-4693-A892-5097FB370857}\RP115\A0549783.SYS
27/08/2005,18:59:58 WARNING: Is the Trojan horse TR/Rootkit.L!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2F8E8365-78EF-4693-A892-5097FB370857}\RP115\A0549795.SYS
27/08/2005,19:00:10 WARNING: Is the Trojan horse TR/Rootkit.L!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2F8E8365-78EF-4693-A892-5097FB370857}\RP115\A0549795.SYS
27/08/2005,20:28:19 [INFO] Stop Filter Device.
27/08/2005,20:28:22 AVGuard service has been stopped!
28/08/2005,10:08:44 ---------------------------------------------------------
28/08/2005,10:08:44 [INIT] The AVGuard Service is starting.
28/08/2005,10:08:47 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
28/08/2005,10:09:00 [LOGON] Connection request by remote computer. Establishing secure communication channel.
28/08/2005,10:09:00 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa0209.
28/08/2005,10:09:03 [INFO] Start Filter Device.
28/08/2005,10:09:03 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.187
28/08/2005,10:09:03 AVGuard has been started successfully!
28/08/2005,10:14:21 [INFO] Stop Filter Device.
28/08/2005,10:14:22 AVGuard service has been stopped!
28/08/2005,10:15:46 ---------------------------------------------------------
28/08/2005,10:15:46 [INIT] The AVGuard Service is starting.
28/08/2005,10:15:49 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
28/08/2005,10:15:56 [LOGON] Connection request by remote computer. Establishing secure communication channel.
28/08/2005,10:15:56 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa36bb.
28/08/2005,10:16:00 [INFO] Start Filter Device.
28/08/2005,10:16:00 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.187
28/08/2005,10:16:00 AVGuard has been started successfully!
28/08/2005,14:38:18 [INFO] Stop Filter Device.
28/08/2005,14:38:20 AVGuard service has been stopped!
28/08/2005,14:39:40 ---------------------------------------------------------
28/08/2005,14:39:40 [INIT] The AVGuard Service is starting.
28/08/2005,14:39:43 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
28/08/2005,14:39:52 [LOGON] Connection request by remote computer. Establishing secure communication channel.
28/08/2005,14:39:52 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa0b35.
28/08/2005,14:39:56 [INFO] Start Filter Device.
28/08/2005,14:39:56 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.187
28/08/2005,14:39:56 AVGuard has been started successfully!
28/08/2005,19:08:43 WARNING: Contains signature of the dropper DR/Miner!
C:\DOCUMENTS AND SETTINGS\CHOUX\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\URUHOLWV\MAIN[1].CHM
28/08/2005,19:08:50 WARNING: Is the Trojan horse TR/Click.Small.HS!
C:\DOCUMENTS AND SETTINGS\CHOUX\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\MJ0VY5S7\RUNAPL[1].EXE
28/08/2005,19:08:55 WARNING: Is the Trojan horse TR/Click.Small.HS!
C:\NTDETECD.EXE
28/08/2005,19:11:02 WARNING: Contains signature of the dropper DR/Miner!
C:\DOCUMENTS AND SETTINGS\CHOUX\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\URUHOLWV\MAIN[1].CHM
28/08/2005,19:11:12 WARNING: Contains signature of the dropper DR/Miner!
C:\DOCUMENTS AND SETTINGS\CHOUX\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\URUHOLWV\MAIN[2].CHM
28/08/2005,19:11:14 WARNING: Is the Trojan horse TR/Click.Small.HS!
C:\DOCUMENTS AND SETTINGS\CHOUX\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\MJ0VY5S7\RUNAPL[1].EXE
28/08/2005,19:11:15 WARNING: Is the Trojan horse TR/Click.Small.HS!
C:\DOCUMENTS AND SETTINGS\CHOUX\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\MJ0VY5S7\RUNAPL[1].EXE
29/08/2005,00:58:34 ---------------------------------------------------------
29/08/2005,00:58:34 [INIT] The AVGuard Service is starting.
29/08/2005,00:58:36 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
29/08/2005,00:58:43 [LOGON] Connection request by remote computer. Establishing secure communication channel.
29/08/2005,00:58:43 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa2f73.
29/08/2005,00:58:49 [INFO] Start Filter Device.
29/08/2005,00:58:49 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.187
29/08/2005,00:58:49 AVGuard has been started successfully!
29/08/2005,01:34:23 [INFO] Stop Filter Device.
29/08/2005,01:34:24 AVGuard service has been stopped!
29/08/2005,01:35:26 ---------------------------------------------------------
29/08/2005,01:35:26 [INIT] The AVGuard Service is starting.
29/08/2005,01:35:29 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
29/08/2005,01:35:36 [LOGON] Connection request by remote computer. Establishing secure communication channel.
29/08/2005,01:35:36 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa2fc6.
29/08/2005,01:35:39 [INFO] Start Filter Device.
29/08/2005,01:35:39 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.187
29/08/2005,01:35:39 AVGuard has been started successfully!
29/08/2005,02:47:16 [INFO] Stop Filter Device.
29/08/2005,02:47:21 AVGuard service has been stopped!
29/08/2005,12:14:38 ---------------------------------------------------------
29/08/2005,12:14:38 [INIT] The AVGuard Service is starting.
29/08/2005,12:14:41 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
29/08/2005,12:14:49 [LOGON] Connection request by remote computer. Establishing secure communication channel.
29/08/2005,12:14:49 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa2036.
29/08/2005,12:14:52 [INFO] Start Filter Device.
29/08/2005,12:14:52 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.187
29/08/2005,12:14:52 AVGuard has been started successfully!
En attendant une aide de votre part, je vous souhaite une bonne journée..
A++
Spip...