S'abonner :

Newsletters

Magazines

01men.

Avis sur les produits

Avis sur les logiciels

Avis sur les jeux

Actualités

A propos de 01net

173 utilisateurs connectés

Forum de 01net / Sécurité / Cheval de Troie détecté par Antivir Guard [Résolu]

Cheval de Troie détecté par Antivir Guard [Résolu]

scooby95 le 15 juillet 2005 à 12h26

Antivir Guard a détecté un cheval de Troie dans mes fichiers et semble en détecter continuellement.

Son identité :

TR/Dldr.Age.bc.19.A

Sur les listes de Troyens mises à dispo sur internet, je ne le trouve pas.

Le souci est qu'antivir guard ne l'élimine pas.

Peut-être avez-vous une soluce ?

Merci d'avance.

-->Message édité par gchris le 17/07/2005 18:32:42<--

répondre

gchris le 15 juillet 2005 à 13h16

Il est détecté ou ?

répondre

scooby95 le 15 juillet 2005 à 15h12

Bonjour,

En fait, il est détecté essentiellement dans des fichiers .DLL du dossier WINDOWS ou du sous-répertoire SYSTEM32 de WINDOWS.

répondre

gchris le 15 juillet 2005 à 18h02

Colle le rapport d'Antivir.

répondre

scooby95 le 15 juillet 2005 à 19h40

Voilà le rapport (qui s'alourdit à chaque fois que j'allume le PC) :

14/07/2005,15:17:58 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\MFCXC32.DLL
File has been moved to quarantine directory!
14/07/2005,15:19:31 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\D3HE.DLL
File has been moved to quarantine directory!
14/07/2005,15:20:38 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\WINNK32.DLL
File has been moved to quarantine directory!
14/07/2005,15:21:32 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\CRWZ32.DLL
File has been moved to quarantine directory!
14/07/2005,15:21:44 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\JAVAOV32.DLL
File has been moved to quarantine directory!
14/07/2005,15:24:52 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\IEBD.DLL
File has been moved to quarantine directory!
14/07/2005,15:25:06 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\APPDW.DLL
14/07/2005,15:25:46 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\SDKSK32.DLL
File has been moved to quarantine directory!
14/07/2005,15:26:14 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\ADDOD.DLL
File has been moved to quarantine directory!
14/07/2005,15:27:09 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\IPLN.DLL
File has been moved to quarantine directory!
14/07/2005,15:27:47 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SDKHF.DLL
File has been moved to quarantine directory!
14/07/2005,15:28:01 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\MSJG.DLL
File has been moved to quarantine directory!
14/07/2005,15:29:19 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\NETLN.DLL
File has been moved to quarantine directory!
14/07/2005,15:29:08 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\ADDPL.DLL
File has been moved to quarantine directory!
14/07/2005,15:32:13 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\NETMV32.DLL
File has been moved to quarantine directory!
14/07/2005,15:34:23 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\MFCND32.DLL
File has been moved to quarantine directory!
14/07/2005,15:34:47 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\APPOD32.DLL
File has been moved to quarantine directory!
14/07/2005,15:34:59 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\ADDYZ32.DLL
File has been moved to quarantine directory!
14/07/2005,15:36:06 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\APIEF32.DLL
File has been moved to quarantine directory!
14/07/2005,15:36:35 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\NTGA.DLL
File has been moved to quarantine directory!
14/07/2005,15:37:53 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\ADDRH32.DLL
File has been moved to quarantine directory!
14/07/2005,15:39:49 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\CRXP.DLL
File has been moved to quarantine directory!
14/07/2005,15:39:56 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\NETYY32.DLL
File has been moved to quarantine directory!
14/07/2005,15:41:08 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSNY.DLL
File has been moved to quarantine directory!
14/07/2005,15:43:08 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\MFCXR.DLL
File has been moved to quarantine directory!
14/07/2005,15:43:18 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\IEOZ.DLL
File has been moved to quarantine directory!
14/07/2005,15:44:52 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\WINLD32.DLL
File has been moved to quarantine directory!
14/07/2005,15:45:53 [INFO] Stop Filter Device.
14/07/2005,15:45:56 AVGuard service has been stopped!
14/07/2005,15:46:58 ---------------------------------------------------------
14/07/2005,15:46:58 [INIT] The AVGuard Service is starting.
14/07/2005,15:47:02 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
14/07/2005,15:47:17 [INFO] Start Filter Device.
14/07/2005,15:47:17 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.9 VDF Version: 6.31.0.203
14/07/2005,15:47:17 AVGuard has been started successfully!
14/07/2005,21:13:56 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\MSMC32.DLL
File has been moved to quarantine directory!
14/07/2005,21:15:56 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\MFCRI.DLL
File has been moved to quarantine directory!
14/07/2005,21:20:13 [LOGON] Connection request by remote computer. Establishing secure communication channel.
14/07/2005,21:20:13 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xab9b0036.
14/07/2005,21:20:13 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\WINRO.DLL
14/07/2005,21:20:34 [INFO] Stop Filter Device.
14/07/2005,21:20:35 AVGuard service has been stopped!
14/07/2005,21:21:32 ---------------------------------------------------------
14/07/2005,21:21:32 [INIT] The AVGuard Service is starting.
14/07/2005,21:21:36 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
14/07/2005,21:22:12 [INFO] Start Filter Device.
14/07/2005,21:22:12 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.9 VDF Version: 6.31.0.203
14/07/2005,21:22:12 AVGuard has been started successfully!
14/07/2005,21:22:26 [LOGON] Connection request by remote computer. Establishing secure communication channel.
14/07/2005,21:22:26 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaabcef8.
14/07/2005,21:22:22 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SDKXR.DLL
File has been moved to quarantine directory!
14/07/2005,21:23:15 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\MFCOY.DLL
File has been moved to quarantine directory!
14/07/2005,21:23:39 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\APPHY32.DLL
File has been moved to quarantine directory!
14/07/2005,21:26:28 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\APPMR32.DLL
File has been moved to quarantine directory!
14/07/2005,21:26:27 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\NTZX.DLL
File has been moved to quarantine directory!
14/07/2005,21:27:35 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\ADDYZ32.DLL
File has been moved to quarantine directory!
14/07/2005,21:28:29 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\D3GO.DLL
File has been moved to quarantine directory!
14/07/2005,21:31:21 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\IPOZ32.DLL
File has been moved to quarantine directory!
14/07/2005,21:32:48 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\SYSLU32.DLL
File has been moved to quarantine directory!
14/07/2005,21:32:53 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\MFCTH.DLL
File has been moved to quarantine directory!
14/07/2005,21:35:06 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\APPAY.DLL
File has been moved to quarantine directory!
14/07/2005,21:36:49 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SDKEN32.DLL
File has been moved to quarantine directory!
14/07/2005,21:39:08 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\ADDEV.DLL
File has been moved to quarantine directory!
14/07/2005,21:41:59 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\APPZF32.DLL
File has been moved to quarantine directory!
14/07/2005,21:44:01 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\D3BC32.DLL
File has been moved to quarantine directory!
14/07/2005,21:45:01 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\NETGY32.DLL
File has been moved to quarantine directory!
14/07/2005,21:48:24 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\SDKIT.DLL
File has been moved to quarantine directory!
14/07/2005,21:49:54 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\WINVE.DLL
File has been moved to quarantine directory!
14/07/2005,21:50:28 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\NTNM32.DLL
File has been moved to quarantine directory!
14/07/2005,21:51:33 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\IPJV32.DLL
File has been moved to quarantine directory!
14/07/2005,21:51:56 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\JAVAXB.DLL
File has been moved to quarantine directory!
14/07/2005,21:53:00 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\SYSFQ32.DLL
File has been moved to quarantine directory!
14/07/2005,21:55:20 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\NTFY.DLL
File has been moved to quarantine directory!
14/07/2005,21:58:51 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSOE32.DLL
File has been moved to quarantine directory!
14/07/2005,21:59:48 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\JAVAVK.DLL
File has been moved to quarantine directory!
14/07/2005,21:59:54 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SDKRR32.DLL
File has been moved to quarantine directory!
14/07/2005,22:02:57 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\NTVF32.DLL
File has been moved to quarantine directory!
14/07/2005,22:04:31 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\JAVATJ.DLL
File has been moved to quarantine directory!
14/07/2005,22:05:14 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\ADDFW.DLL
File has been moved to quarantine directory!
14/07/2005,22:05:39 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SDKEQ.DLL
File has been moved to quarantine directory!
14/07/2005,22:05:53 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\ATLBP.DLL
File has been moved to quarantine directory!
14/07/2005,22:06:55 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\MSQR32.DLL
File has been moved to quarantine directory!
14/07/2005,22:07:34 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SDKFW32.DLL
File has been moved to quarantine directory!
14/07/2005,22:08:45 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\NTOC32.DLL
File has been moved to quarantine directory!
14/07/2005,22:12:09 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\APIWZ32.DLL
File has been moved to quarantine directory!
14/07/2005,22:12:00 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\NETLM.DLL
File has been moved to quarantine directory!
14/07/2005,22:14:17 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSND32.DLL
File has been moved to quarantine directory!
14/07/2005,22:15:19 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\IEKW.DLL
File has been moved to quarantine directory!
14/07/2005,22:16:52 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\NETUY.DLL
File has been moved to quarantine directory!
14/07/2005,22:17:31 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\APPDS32.DLL
File has been moved to quarantine directory!
14/07/2005,22:18:55 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\JAVACP32.DLL
File has been moved to quarantine directory!
14/07/2005,22:20:54 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\APIGN.DLL
File has been moved to quarantine directory!
14/07/2005,22:22:58 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\MFCLG32.DLL
File has been moved to quarantine directory!
14/07/2005,22:24:21 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\APPMB.DLL
File has been moved to quarantine directory!
14/07/2005,22:25:18 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\D3TG.DLL
File has been moved to quarantine directory!
14/07/2005,22:25:54 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\SDKWL.DLL
File has been moved to quarantine directory!
14/07/2005,22:27:26 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\NETJS.DLL
File has been moved to quarantine directory!
14/07/2005,22:28:22 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\NETLW32.DLL
File has been moved to quarantine directory!
14/07/2005,22:29:39 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\MFCIJ.DLL
File has been moved to quarantine directory!
14/07/2005,22:31:05 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\APPZC32.DLL
File has been moved to quarantine directory!
14/07/2005,22:31:57 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\NTXV32.DLL
File has been moved to quarantine directory!
14/07/2005,22:33:41 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\ATLMZ32.DLL
File has been moved to quarantine directory!
14/07/2005,22:34:54 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\IPOT32.DLL
File has been moved to quarantine directory!
14/07/2005,22:35:16 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\WINXX32.DLL
File has been moved to quarantine directory!
14/07/2005,22:35:59 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\IPBK32.DLL
File has been moved to quarantine directory!
14/07/2005,22:36:51 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\MSZD32.DLL
File has been moved to quarantine directory!
14/07/2005,22:37:36 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\NTXF.DLL
File has been moved to quarantine directory!
14/07/2005,22:38:50 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\IPWC.DLL
File has been moved to quarantine directory!
14/07/2005,22:41:08 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\JAVALN.DLL
File has been moved to quarantine directory!
14/07/2005,22:43:13 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\MFCDT.DLL
File has been moved to quarantine directory!
14/07/2005,22:45:46 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\NETAZ.DLL
File has been moved to quarantine directory!
14/07/2005,22:45:10 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\SDKPD32.DLL
File has been moved to quarantine directory!
14/07/2005,22:47:19 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\MSSB.DLL
File has been moved to quarantine directory!
14/07/2005,22:48:11 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\ATLJU.DLL
File has been moved to quarantine directory!
14/07/2005,22:48:21 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\MSIU.DLL
File has been moved to quarantine directory!
14/07/2005,22:48:34 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\NETFS32.DLL
File has been moved to quarantine directory!
14/07/2005,22:50:16 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\MSJH.DLL
File has been moved to quarantine directory!
14/07/2005,22:52:23 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\D3MR32.DLL
File has been moved to quarantine directory!
14/07/2005,22:52:28 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\ADDCE32.DLL
File has been moved to quarantine directory!
14/07/2005,22:53:45 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\SYSAR.DLL
File has been moved to quarantine directory!
14/07/2005,22:55:18 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\NETST.DLL
File has been moved to quarantine directory!
14/07/2005,22:57:00 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\MSWB32.DLL
File has been moved to quarantine directory!
14/07/2005,22:57:11 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\ADDAK32.DLL
File has been moved to quarantine directory!
14/07/2005,22:59:43 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SDKKP32.DLL
File has been moved to quarantine directory!
14/07/2005,23:00:35 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\SYSIZ32.DLL
File has been moved to quarantine directory!
14/07/2005,23:00:54 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\IPTN32.DLL
File has been moved to quarantine directory!
14/07/2005,23:01:28 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\SYSMN.DLL
File has been moved to quarantine directory!
14/07/2005,23:05:01 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\CROP.DLL
File has been renamed to *.VIR
14/07/2005,23:05:18 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSGG32.DLL
File has been moved to quarantine directory!
14/07/2005,23:13:45 [LOGON] Connection request by remote computer. Establishing secure communication channel.
14/07/2005,23:13:45 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaacde5d8.
14/07/2005,23:08:30 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\MSEZ.DLL
File has been moved to quarantine directory!
14/07/2005,23:07:51 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\ADDDM32.DLL
File has been moved to quarantine directory!
14/07/2005,23:15:09 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SDKIN32.DLL
14/07/2005,23:16:21 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\APPXO.DLL
File has been moved to quarantine directory!
14/07/2005,23:17:37 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\NETXZ32.DLL
File has been moved to quarantine directory!
14/07/2005,23:18:30 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\NETAM.DLL
File has been moved to quarantine directory!
14/07/2005,23:18:49 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSLZ.DLL
File has been moved to quarantine directory!
14/07/2005,23:19:33 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\WINVH32.DLL
File has been moved to quarantine directory!
14/07/2005,23:23:05 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\APPSH.DLL
File has been moved to quarantine directory!
14/07/2005,23:23:13 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\IPYS.DLL
File has been moved to quarantine directory!
14/07/2005,23:23:40 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\MFCQJ.DLL
File has been moved to quarantine directory!
14/07/2005,23:26:34 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\MFCIR.DLL
File has been moved to quarantine directory!
14/07/2005,23:28:15 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\WINHE.DLL
File has been moved to quarantine directory!
14/07/2005,23:29:47 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\MSMM.DLL
File has been moved to quarantine directory!
14/07/2005,23:31:59 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\ADDNI.DLL
File has been moved to quarantine directory!
14/07/2005,23:33:01 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\NETXH32.DLL
File has been moved to quarantine directory!
14/07/2005,23:36:23 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\NTAC.DLL
File has been moved to quarantine directory!
14/07/2005,23:36:31 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\MSHN.DLL
File has been moved to quarantine directory!
14/07/2005,23:39:03 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\MFCQR.DLL
File has been moved to quarantine directory!
14/07/2005,23:39:56 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\APIUE32.DLL
File has been moved to quarantine directory!
14/07/2005,23:40:06 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\IETM.DLL
File has been moved to quarantine directory!
14/07/2005,23:44:08 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\MSXB.DLL
File has been moved to quarantine directory!
14/07/2005,23:44:38 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\CRMJ.DLL
File has been moved to quarantine directory!
14/07/2005,23:45:30 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\ADDLC.DLL
File has been moved to quarantine directory!
14/07/2005,23:46:22 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\NETJU.DLL
File has been moved to quarantine directory!
14/07/2005,23:47:20 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\D3VU32.DLL
14/07/2005,23:48:12 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\APPTN32.DLL
File has been moved to quarantine directory!
14/07/2005,23:50:34 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSMK32.DLL
File has been moved to quarantine directory!
14/07/2005,23:51:56 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\APPAS.DLL
File has been moved to quarantine directory!
14/07/2005,23:52:14 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\ADDXD32.DLL
File has been moved to quarantine directory!
14/07/2005,23:53:06 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\IPWO32.DLL
File has been moved to quarantine directory!
14/07/2005,23:53:29 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\JAVAKU.DLL
File has been moved to quarantine directory!
14/07/2005,23:56:44 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\NTGL32.DLL
File has been moved to quarantine directory!
14/07/2005,23:57:18 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSZL.DLL
File has been moved to quarantine directory!
14/07/2005,23:59:11 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\JAVAHU32.DLL
File has been moved to quarantine directory!
15/07/2005,00:00:07 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\JAVAJG.DLL
File has been moved to quarantine directory!
15/07/2005,00:01:31 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\ATLHC.DLL
File has been moved to quarantine directory!
15/07/2005,00:04:00 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\JAVABQ32.DLL
File has been moved to quarantine directory!
15/07/2005,00:04:43 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\ADDFV32.DLL
File has been moved to quarantine directory!
15/07/2005,00:06:04 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SDKOB.DLL
File has been moved to quarantine directory!
15/07/2005,00:08:15 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\ATLCE32.DLL
File has been moved to quarantine directory!
15/07/2005,00:08:36 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\ADDYF.DLL
File has been moved to quarantine directory!
15/07/2005,00:08:58 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\SDKGJ.DLL
File has been moved to quarantine directory!
15/07/2005,00:11:10 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\MSAG32.DLL
File has been moved to quarantine directory!
15/07/2005,00:12:07 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\NTHL32.DLL
File has been moved to quarantine directory!
15/07/2005,00:12:50 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\SYSTZ32.DLL
File has been moved to quarantine directory!
15/07/2005,00:15:53 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\IEYM32.DLL
File has been moved to quarantine directory!
15/07/2005,00:16:22 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\WINIZ.DLL
File has been moved to quarantine directory!
15/07/2005,00:16:57 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\APPGB.DLL
File has been moved to quarantine directory!
15/07/2005,00:19:49 WARNING: Contains signature of the HTML script virus HTML/IstBar.A.1!
C:\DOCUMENTS AND SETTINGS\LAURENT\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4JGQFLPB\YSB_PROMPT[1].HTM
Unable to move the file to the quarantine directory:
0x00000020 - Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
15/07/2005,00:19:52 WARNING: Contains signature of the HTML script virus HTML/IstBar.A.1!
C:\DOCUMENTS AND SETTINGS\LAURENT\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4JGQFLPB\YSB_PROMPT[1].HTM
Unable to move the file to the quarantine directory:
0x00000020 - Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
15/07/2005,00:19:59 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\IPNU.DLL
File has been moved to quarantine directory!
15/07/2005,00:20:07 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\D3TG32.DLL
File has been moved to quarantine directory!
15/07/2005,00:21:29 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSHG.DLL
File has been moved to quarantine directory!
15/07/2005,00:22:32 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\SDKCB.DLL
File has been moved to quarantine directory!
15/07/2005,00:23:02 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\NETRI.DLL
File has been moved to quarantine directory!
15/07/2005,00:23:25 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\SDKFO32.DLL
File has been moved to quarantine directory!
15/07/2005,00:24:44 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\MSVX32.DLL
File has been moved to quarantine directory!
15/07/2005,00:26:56 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\ADDPU.DLL
File has been moved to quarantine directory!
15/07/2005,00:27:37 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\APPID.DLL
File has been moved to quarantine directory!
15/07/2005,00:31:11 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SDKQH32.DLL
File has been moved to quarantine directory!
15/07/2005,00:32:39 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\D3RX.DLL
File has been moved to quarantine directory!
15/07/2005,00:33:03 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SDKTX32.DLL
File has been moved to quarantine directory!
15/07/2005,00:33:14 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\IEXZ32.DLL
File has been moved to quarantine directory!
15/07/2005,00:35:26 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\IPLT.DLL
File has been moved to quarantine directory!
15/07/2005,00:38:25 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\ADDJD.DLL
File has been moved to quarantine directory!
15/07/2005,00:38:25 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\D3MW32.DLL
File has been moved to quarantine directory!
15/07/2005,00:38:52 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\MFCRH.DLL
File has been moved to quarantine directory!
15/07/2005,00:40:04 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\MSGH32.DLL
File has been moved to quarantine directory!
15/07/2005,00:42:07 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\APPFY32.DLL
File has been moved to quarantine directory!
15/07/2005,00:43:29 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\JAVAOE.DLL
File has been moved to quarantine directory!
15/07/2005,00:46:41 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\ATLRZ.DLL
File has been moved to quarantine directory!
15/07/2005,00:47:54 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\IPVD.DLL
File has been moved to quarantine directory!
15/07/2005,00:49:04 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\CRPX32.DLL
File has been moved to quarantine directory!
15/07/2005,00:51:42 [INFO] Stop Filter Device.
15/07/2005,09:23:43 ---------------------------------------------------------
15/07/2005,09:23:43 [INIT] The AVGuard Service is starting.
15/07/2005,09:23:47 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
15/07/2005,09:24:05 [INFO] Start Filter Device.
15/07/2005,09:24:05 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.9 VDF Version: 6.31.0.203
15/07/2005,09:24:05 AVGuard has been started successfully!
15/07/2005,09:25:22 [LOGON] Connection request by remote computer. Establishing secure communication channel.
15/07/2005,09:25:22 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa88fd5.
15/07/2005,09:25:40 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\MSAL.DLL
File has been moved to quarantine directory!
15/07/2005,09:25:32 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\MSAL.DLL
Unable to move the file to the quarantine directory:
0x00000002 - Le fichier spécifié est introuvable.
15/07/2005,09:25:19 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\MSAL.DLL
Unable to move the file to the quarantine directory:
0x00000002 - Le fichier spécifié est introuvable.
15/07/2005,09:25:55 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\MFCAZ.DLL
File has been moved to quarantine directory!
15/07/2005,09:26:18 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\APPUZ32.DLL
File has been moved to quarantine directory!
15/07/2005,09:26:35 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\NETUQ.DLL
File has been moved to quarantine directory!
15/07/2005,09:27:26 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\ADDFG32.DLL
File has been moved to quarantine directory!
15/07/2005,09:28:19 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\ADDJT.DLL
File has been moved to quarantine directory!
15/07/2005,09:28:59 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\NTXI32.DLL
File has been moved to quarantine directory!
15/07/2005,09:29:12 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\APPMG32.DLL
File has been moved to quarantine directory!
15/07/2005,09:31:35 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\JAVAKF.DLL
File has been moved to quarantine directory!
15/07/2005,09:31:48 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\ATLHD.DLL
File has been moved to quarantine directory!
15/07/2005,09:33:02 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\APPOA.DLL
File has been moved to quarantine directory!
15/07/2005,09:33:30 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\JAVALL.DLL
File has been moved to quarantine directory!
15/07/2005,09:35:43 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\NTKK.DLL
File has been moved to quarantine directory!
15/07/2005,09:35:42 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\IEFH32.DLL
File has been moved to quarantine directory!
15/07/2005,09:36:35 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\JAVACR.DLL
File has been moved to quarantine directory!
15/07/2005,09:39:52 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\ADDPI32.DLL
File has been moved to quarantine directory!
15/07/2005,09:40:07 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\WINXD.DLL
File has been moved to quarantine directory!
15/07/2005,09:40:34 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\IEWT.DLL
File has been moved to quarantine directory!
15/07/2005,09:43:29 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\NTUD.DLL
File has been moved to quarantine directory!
15/07/2005,09:43:36 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\APPVN32.DLL
File has been moved to quarantine directory!
15/07/2005,09:45:38 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\D3QK32.DLL
File has been moved to quarantine directory!
15/07/2005,09:47:12 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\IENG.DLL
File has been moved to quarantine directory!
15/07/2005,09:47:25 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\NTKE.DLL
File has been moved to quarantine directory!
15/07/2005,09:49:00 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\MFCNC32.DLL
File has been moved to quarantine directory!
15/07/2005,09:49:38 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\NETJD32.DLL
File has been moved to quarantine directory!
15/07/2005,09:52:53 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\MFCFM32.DLL
File has been moved to quarantine directory!
15/07/2005,09:53:40 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\APINS32.DLL
File has been moved to quarantine directory!
15/07/2005,09:54:22 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\ADDUD.DLL
File has been moved to quarantine directory!
15/07/2005,09:57:33 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\APIFC.DLL
File has been moved to quarantine directory!
15/07/2005,09:58:35 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\APICV.DLL
File has been moved to quarantine directory!
15/07/2005,09:59:57 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\NTQV.DLL
File has been moved to quarantine directory!
15/07/2005,10:01:17 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\NETLH32.DLL
File has been moved to quarantine directory!
15/07/2005,10:01:30 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSAF.DLL
File has been moved to quarantine directory!
15/07/2005,10:03:02 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\D3NF.DLL
File has been moved to quarantine directory!
15/07/2005,10:04:44 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\APPRU32.DLL
File has been moved to quarantine directory!
15/07/2005,10:05:48 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\IPZJ.DLL
File has been moved to quarantine directory!
15/07/2005,10:06:08 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\CRQQ.DLL
File has been moved to quarantine directory!
15/07/2005,10:07:50 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\ADDUY32.DLL
File has been moved to quarantine directory!
15/07/2005,10:08:12 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\JAVACC32.DLL
File has been moved to quarantine directory!
15/07/2005,10:11:44 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\ADDMI.DLL
File has been moved to quarantine directory!
15/07/2005,10:12:54 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\WINVO32.DLL
File has been moved to quarantine directory!
15/07/2005,10:12:26 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\NTYV.DLL
File has been moved to quarantine directory!
15/07/2005,10:11:54 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\APIQK32.DLL
File has been moved to quarantine directory!
15/07/2005,10:16:23 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\APPMY.DLL
File has been moved to quarantine directory!
15/07/2005,11:08:31 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\IPLG32.DLL
15/07/2005,10:50:39 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP96\A0015274.DLL
File has been moved to quarantine directory!
15/07/2005,10:22:32 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\MFCNW.DLL
File has been moved to quarantine directory!
15/07/2005,11:08:42 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\CRPI32.DLL
File has been moved to quarantine directory!
15/07/2005,11:09:44 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\CRNJ32.DLL
File has been moved to quarantine directory!
15/07/2005,11:12:31 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\ADDEH.DLL
File has been moved to quarantine directory!
15/07/2005,11:14:15 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\D3BL.DLL
File has been moved to quarantine directory!
15/07/2005,11:14:34 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\APIMQ.DLL
File has been moved to quarantine directory!
15/07/2005,11:16:37 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\JAVATI.DLL
File has been moved to quarantine directory!
15/07/2005,11:17:16 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\NETVC32.DLL
File has been moved to quarantine directory!
15/07/2005,11:17:22 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\CRDP32.DLL
File has been moved to quarantine directory!
15/07/2005,11:18:09 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\IPYP.DLL
File has been moved to quarantine directory!
15/07/2005,11:21:25 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\APIUH32.DLL
File has been moved to quarantine directory!
15/07/2005,11:21:17 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\D3HS32.DLL
File has been moved to quarantine directory!
15/07/2005,11:26:31 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\SDKGL.DLL
File has been moved to quarantine directory!
15/07/2005,11:37:49 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\MFCRE32.DLL
File has been moved to quarantine directory!
15/07/2005,11:38:44 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\MFCSQ.DLL
File has been moved to quarantine directory!
15/07/2005,11:29:16 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\MFCSQ.DLL
Unable to move the file to the quarantine directory:
0x00000002 - Le fichier spécifié est introuvable.
15/07/2005,11:28:20 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\MFCRE32.DLL
Unable to move the file to the quarantine directory:
0x00000002 - Le fichier spécifié est introuvable.
15/07/2005,11:40:27 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\CRQB32.DLL
File has been moved to quarantine directory!
15/07/2005,11:41:27 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\NETVX32.DLL
File has been moved to quarantine directory!
15/07/2005,11:42:22 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\CRRG32.DLL
File has been moved to quarantine directory!
15/07/2005,11:42:32 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\APIQO.DLL
File has been moved to quarantine directory!
15/07/2005,11:47:46 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\APPMS32.DLL
File has been moved to quarantine directory!
15/07/2005,11:46:25 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\ADDNQ32.DLL
File has been moved to quarantine directory!
15/07/2005,11:46:03 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\APPMS32.DLL
Unable to move the file to the quarantine directory:
0x00000002 - Le fichier spécifié est introuvable.
15/07/2005,11:43:17 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\ADDNQ32.DLL
Unable to move the file to the quarantine directory:
0x00000002 - Le fichier spécifié est introuvable.
15/07/2005,11:51:17 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\APISC.DLL
File has been moved to quarantine directory!
15/07/2005,11:57:04 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\MFCPD32.DLL
File has been moved to quarantine directory!
15/07/2005,11:53:53 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\NETFZ.DLL
File has been moved to quarantine directory!
15/07/2005,11:52:19 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\MFCPD32.DLL
Unable to move the file to the quarantine directory:
0x00000002 - Le fichier spécifié est introuvable.
15/07/2005,12:06:21 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\ADDCD32.DLL
File has been moved to quarantine directory!
15/07/2005,12:07:32 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\CRRD.DLL
File has been moved to quarantine directory!
15/07/2005,12:09:45 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SDKQU.DLL
File has been moved to quarantine directory!
15/07/2005,12:10:07 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\APPYY.DLL
File has been moved to quarantine directory!
15/07/2005,12:11:31 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\JAVAFC32.DLL
File has been moved to quarantine directory!
15/07/2005,12:12:33 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\JAVAUV32.DLL
File has been moved to quarantine directory!
15/07/2005,12:14:09 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\ADDKV.DLL
File has been moved to quarantine directory!
15/07/2005,12:16:11 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\CRFK32.DLL
File has been moved to quarantine directory!
15/07/2005,12:17:25 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\SDKMH32.DLL
File has been moved to quarantine directory!
15/07/2005,12:20:45 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\D3RL.DLL
File has been moved to quarantine directory!
15/07/2005,12:21:38 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\MSUY32.DLL
File has been moved to quarantine directory!
15/07/2005,12:24:43 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\ADDRI32.DLL
15/07/2005,12:25:00 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\APIKZ.DLL
File has been moved to quarantine directory!
15/07/2005,12:26:14 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\ATLRO.DLL
File has been moved to quarantine directory!
15/07/2005,12:27:24 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\IPVS32.DLL
File has been moved to quarantine directory!
15/07/2005,12:29:29 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\ADDNF32.DLL
File has been moved to quarantine directory!
15/07/2005,12:32:06 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\MSNW.DLL
File has been moved to quarantine directory!
15/07/2005,12:35:51 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SDKRD.DLL
File has been moved to quarantine directory!
15/07/2005,12:35:49 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\MFCGG.DLL
File has been moved to quarantine directory!
15/07/2005,12:40:13 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\CRTA.DLL
File has been moved to quarantine directory!
15/07/2005,12:39:32 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\JAVAZJ.DLL
File has been moved to quarantine directory!
15/07/2005,12:55:31 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\IPLN.DLL
File has been moved to quarantine directory!
15/07/2005,12:55:31 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\IPLN.DLL
Unable to move the file to the quarantine directory:
0x00000002 - Le fichier spécifié est introuvable.
15/07/2005,12:59:35 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\CRIZ.DLL
File has been moved to quarantine directory!
15/07/2005,12:58:23 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\ADDTH32.DLL
File has been moved to quarantine directory!
15/07/2005,13:05:36 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\MFCSW.DLL
File has been moved to quarantine directory!
15/07/2005,13:05:41 [INFO] Stop Filter Device.
15/07/2005,13:05:47 AVGuard service has been stopped!
15/07/2005,14:43:44 ---------------------------------------------------------
15/07/2005,14:43:44 [INIT] The AVGuard Service is starting.
15/07/2005,14:43:47 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
15/07/2005,14:44:04 [INFO] Start Filter Device.
15/07/2005,14:44:04 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.9 VDF Version: 6.31.0.203
15/07/2005,14:44:04 AVGuard has been started successfully!
15/07/2005,14:44:41 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\APINA32.DLL
File has been moved to quarantine directory!
15/07/2005,14:44:45 [LOGON] Connection request by remote computer. Establishing secure communication channel.
15/07/2005,14:44:45 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaab303f.
15/07/2005,14:44:46 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\SYSPN.DLL
File has been moved to quarantine directory!
15/07/2005,14:45:28 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\ADDJE.DLL
File has been moved to quarantine directory!
15/07/2005,14:45:49 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\SDKSI.DLL
File has been moved to quarantine directory!
15/07/2005,14:47:18 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\WINSC.DLL
File has been moved to quarantine directory!
15/07/2005,14:47:46 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\SDKJM32.DLL
File has been moved to quarantine directory!
15/07/2005,14:46:40 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\WINSC.DLL
Unable to move the file to the quarantine directory:
0x00000002 - Le fichier spécifié est introuvable.
15/07/2005,14:46:41 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\WINSC.DLL
Unable to move the file to the quarantine directory:
0x00000002 - Le fichier spécifié est introuvable.
15/07/2005,14:49:58 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\MSCI.DLL
File has been moved to quarantine directory!
15/07/2005,14:49:35 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSJI.DLL
File has been moved to quarantine directory!
15/07/2005,14:52:32 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\JAVAFJ32.DLL
File has been moved to quarantine directory!
15/07/2005,14:53:42 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\IEJN.DLL
File has been moved to quarantine directory!
15/07/2005,14:55:13 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\WINIS32.DLL
File has been moved to quarantine directory!
15/07/2005,14:55:55 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\D3HE.DLL
File has been moved to quarantine directory!
15/07/2005,14:59:17 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\MFCFE.DLL
File has been moved to quarantine directory!
15/07/2005,15:00:19 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\MFCUX.DLL
File has been moved to quarantine directory!
15/07/2005,15:02:38 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\APPPD.DLL
File has been moved to quarantine directory!
15/07/2005,15:02:20 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\ATLJS32.DLL
File has been moved to quarantine directory!
15/07/2005,15:03:04 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\APIBZ32.DLL
File has been moved to quarantine directory!
15/07/2005,15:07:02 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SDKCW.DLL
File has been moved to quarantine directory!
15/07/2005,15:07:49 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\JAVASC.DLL
File has been moved to quarantine directory!
15/07/2005,15:10:22 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\D3HA32.DLL
File has been moved to quarantine directory!
15/07/2005,15:10:38 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\APIUX.DLL
File has been moved to quarantine directory!
15/07/2005,15:12:48 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\MFCCX.DLL
File has been moved to quarantine directory!
15/07/2005,15:15:11 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\D3AW32.DLL
File has been moved to quarantine directory!
15/07/2005,15:17:31 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\JAVAVC32.DLL
File has been moved to quarantine directory!
15/07/2005,15:17:43 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\ATLKA.DLL
File has been moved to quarantine directory!
15/07/2005,15:19:07 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\D3QW.DLL
File has been moved to quarantine directory!
15/07/2005,15:21:11 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\CRDQ32.DLL
File has been moved to quarantine directory!
15/07/2005,15:21:44 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\NTIV32.DLL
File has been moved to quarantine directory!
15/07/2005,15:24:18 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\MFCLW32.DLL
File has been moved to quarantine directory!
15/07/2005,15:24:30 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\ATLVS32.DLL
File has been moved to quarantine directory!
15/07/2005,15:24:33 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\ATLSI.DLL
File has been moved to quarantine directory!
15/07/2005,15:26:12 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\JAVAHZ.DLL
File has been moved to quarantine directory!
15/07/2005,15:28:26 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\ATLLS32.DLL
15/07/2005,15:28:24 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\IEAE32.DLL
File has been moved to quarantine directory!
15/07/2005,15:32:26 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\MSET32.DLL
File has been moved to quarantine directory!
15/07/2005,15:33:07 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\IEYC32.DLL
File has been moved to quarantine directory!
15/07/2005,15:33:18 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\ATLCE32.DLL
File has been moved to quarantine directory!
15/07/2005,15:34:03 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\IEZO.DLL
File has been moved to quarantine directory!
15/07/2005,15:36:50 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\MFCRN32.DLL
File has been moved to quarantine directory!
15/07/2005,15:37:35 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\WINOO.DLL
File has been moved to quarantine directory!
15/07/2005,15:41:22 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\ADDKJ32.DLL
File has been moved to quarantine directory!
15/07/2005,15:41:38 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSSE.DLL
File has been moved to quarantine directory!
15/07/2005,15:43:21 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\CROQ.DLL
File has been moved to quarantine directory!
15/07/2005,15:44:24 [INFO] Stop Filter Device.
15/07/2005,15:44:26 AVGuard service has been stopped!
15/07/2005,19:09:55 ---------------------------------------------------------
15/07/2005,19:09:55 [INIT] The AVGuard Service is starting.
15/07/2005,19:09:59 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
15/07/2005,19:10:20 [INFO] Start Filter Device.
15/07/2005,19:10:20 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.9 VDF Version: 6.31.0.203
15/07/2005,19:10:20 AVGuard has been started successfully!
15/07/2005,19:10:56 [LOGON] Connection request by remote computer. Establishing secure communication channel.
15/07/2005,19:10:56 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaab0683.
15/07/2005,19:11:25 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\WINWF32.DLL
File has been moved to quarantine directory!
15/07/2005,19:11:14 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\WINWF32.DLL
Unable to move the file to the quarantine directory:
0x00000002 - Le fichier spécifié est introuvable.
15/07/2005,19:10:50 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\WINWF32.DLL
Unable to move the file to the quarantine directory:
0x00000002 - Le fichier spécifié est introuvable.
15/07/2005,19:12:29 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\WINKP32.DLL
File has been moved to quarantine directory!
15/07/2005,19:12:34 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\WINGE32.DLL
File has been moved to quarantine directory!
15/07/2005,19:12:46 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\IEPA.DLL
File has been moved to quarantine directory!
15/07/2005,19:14:03 WARNING: Is the Trojan horse TR/Dldr.Age.bc.19.A!
C:\WINDOWS\SYSTEM32\MSNN32.DLL
File has been moved to quarantine directory!

répondre

gchris le 15 juillet 2005 à 19h42

Vide le contenu de la quarantaine d'antivir.
Refais maintenant un nouveau scan avec antivir et colle le nouveau rapport.

répondre

scooby95 le 16 juillet 2005 à 11h13

Voici le nouveau scan du disque.
J'ai une autre info peut-être importante : Norton possède aussi des éléments en quarantaine.

Dois-je les supprimer ?

Start of scan: samedi 16 juillet 2005 00:21

Memory test OK
Master boot record of hard disk HD0 OK
Master boot record of hard disk HD1
The record could not be read!
Error code: 0x0015
Master boot record of hard disk HD2
The record could not be read!
Error code: 0x0015
Master boot record of hard disk HD3
The record could not be read!
Error code: 0x0015
Master boot record of hard disk HD4
The record could not be read!
Error code: 0x0015
Boot record of drive C: OK

C:\
hiberfil.sys
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
pagefile.sys
Access denied! Error during file opening!
This is a Windows swap file. This file is locked by Windows.
Error code: 0x000D
WARNING! Access error/file locked!
C:\Documents and Settings\Laurent\Favoris\LOISIRS
? ? ? Absoluflash Les jeux d'enquête, les jeux de rôles et d'aventure en ligne gratuit.url
Access denied! Error during file opening!
Error code: 0x0016
WARNING! Access error/file locked!
C:\Documents and Settings\L\Mes documents\Mes fichiers reçus
Hexa.zip
ArchiveType: ZIP
NOTE! No files to extract.
C:\DRIVERS\MCDBF\SOURCE1
OTHER.EXE
ArchiveType: ARJ SFX (self extracting)
NOTE! The whole archive is password protected
TSADDON.EXE
ArchiveType: ARJ SFX (self extracting)
--> UNISHHS.ARJ
ArchiveType: ARJ
NOTE! The whole archive is password protected
C:\Program Files\microsoft office\office11\OFFTRIA
ZF612707.CAB
ArchiveType: CAB (Microsoft)
--> REFSAN.TTF
NOTE! Incorrect decompression table
--> MISTRAL.TTF
NOTE! Invalid compressed data
--> PAPYRUS.TTF
NOTE! Invalid compressed data
--> FREESCPT.TTF
NOTE! Invalid compressed data
--> ARIALNB.TTF
NOTE! Invalid compressed data
--> ARIALNBI.TTF
NOTE! Invalid compressed data
--> ARIALNI.TTF
NOTE! Invalid compressed data
--> ARIALN.TTF
NOTE! Invalid compressed data
Error! Could not change directory: System Volume Information
C:\WINDOWS
apior.dll
[DETECTION] Is the Trojan horse TR/Dldr.Age.bc.19.A
Not deleted after prompt!
C:\WINDOWS\system32
addeh.dll
[DETECTION] Is the Trojan horse TR/Dldr.Age.bc.19.A
Not deleted after prompt!
C:\WINDOWS\system32\config
DEFAULT
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
SAM
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
SECURITY
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
SOFTWARE
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
SYSTEM
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!

End of scan: samedi 16 juillet 2005 00:58
Time taken: 37:08 min

3851 directories were scanned
82756 files were scanned
10 warning messages were issued
0 files were deleted
0 files were repaired
2 detections

répondre

gchris le 16 juillet 2005 à 14h55

Un seul antivirus sur une même machine, si tu as antivir, désinstalle norton.

C:\WINDOWS\system32\addeh.dll à supprimer via le mode sans échec. (Voir la faq).

-->Message édité par gchris le 16/07/2005 14:56:29<--

répondre

scooby95 le 16 juillet 2005 à 23h21

En fait j'ai essayé de supprimer ce fichier mais , même en affichant les fichiers cachés, aucune trace.

J'ai toujours à l'écran ce genre de message :
C:\WINDOWS\SYSTEM32\SDKIQ32.dll
Is the Trojan horse TR/Dldr.Age.bc.19.A
Quelques liens indésirables sont également apparus dans mes favoris.

A bientôt.

répondre

gchris le 16 juillet 2005 à 23h53

-Télécharge HijackThis:

(lien sur l'image).
-Crée un dossier nommé HijackThis et place le dedans.
-Exécute le et clique sur Do a scan and save log file.
-Copie et colle ici ton rapport ouvert avec le bloc note. Sans rien faire d'autre.

répondre

scooby95 le 17 juillet 2005 à 00h33

Voilà le logfile :

Logfile of HijackThis v1.99.1
Scan saved at 00:31:39, on 17/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ntzd.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\winkk.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Laurent\Bureau\HiJack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\marww.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\marww.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\marww.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\marww.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\marww.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\marww.dll/sp.html#55135
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\marww.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&p(...)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {0C5166B1-769E-6539-9208-12261EAF18EA} - C:\WINDOWS\system32\d3dj.dll (file missing)
O2 - BHO: Class - {1518542C-9941-B156-1EAF-B1474D266EC2} - C:\WINDOWS\ntej.dll (file missing)
O2 - BHO: Class - {1762F757-A98D-E9D2-EABB-16A676699034} - C:\WINDOWS\appdt.dll (file missing)
O2 - BHO: Class - {2793398C-63BA-9933-FF75-7C0CDD7AC593} - C:\WINDOWS\netul32.dll (file missing)
O2 - BHO: Class - {42907D52-904C-8D11-AF0C-5E6301181732} - C:\WINDOWS\system32\msal.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Class - {7FD318B9-600D-989C-1DCA-4BF6B4D6258D} - C:\WINDOWS\netad.dll (file missing)
O2 - BHO: Class - {A8C3732C-8C8B-6F52-758A-DD43EB823302} - C:\WINDOWS\netck32.dll (file missing)
O2 - BHO: Class - {AD1C10AB-B823-DD59-CC22-04E0B321DD28} - C:\WINDOWS\appon.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {CEBAD012-13C4-4D24-410D-C7155144CF79} - C:\WINDOWS\system32\mswr32.dll (file missing)
O2 - BHO: Class - {DBD602A8-8F55-C964-E168-4A9DD3C20AC4} - C:\WINDOWS\winwf32.dll (file missing)
O2 - BHO: Class - {F0FD1195-33D1-9B47-F0C9-4013D99FC5AF} - C:\WINDOWS\netnd.dll (file missing)
O2 - BHO: Class - {FBD7A3E5-5601-4992-2152-5DFA235095A9} - C:\WINDOWS\system32\netax32.dll (file missing)
O2 - BHO: Class - {FFB59007-30E2-88D1-986B-566D8510B4B3} - C:\WINDOWS\ieba.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [winkk.exe] C:\WINDOWS\winkk.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housec(...)
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\ntzd.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

répondre

gchris le 17 juillet 2005 à 14h25

Télécharge ceci
Mets le juste à jour sur Update et ferme le.

-Télécharger Adware SE:

-Le patch pour franciser ad aware SE: PATCH FR
-Mets le à jour et clique sur l'engrennage (deuxième icône en haut à droite) >> "Interface" >> Français.
-Clique sur l'engrennage >> "Analyse" >> Coche la case "Analyser dans les archives". Referme le.

Télécharge ceci ne le passe pas de suite.
-----1

Démarrer->exécuter-> tape services.msc
Double-clique : Workstation NetLogon Service -> arrêter
Mets-le sur "Désactivé".
---

-Redémarre en mode sans échec (session administrateur si possible), (en tapotant F8 au démarrage). Si tu ne comprend pas, >>regarde ici<<.

-HijackThis -> Do a system scan only et coche ces lignes :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\marww.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\marww.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\marww.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\marww.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\marww.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\marww.dll/sp.html#55135
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\marww.dll/sp.html#55135

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {0C5166B1-769E-6539-9208-12261EAF18EA} - C:\WINDOWS\system32\d3dj.dll (file missing)
O2 - BHO: Class - {1518542C-9941-B156-1EAF-B1474D266EC2} - C:\WINDOWS\ntej.dll (file missing)
O2 - BHO: Class - {1762F757-A98D-E9D2-EABB-16A676699034} - C:\WINDOWS\appdt.dll (file missing)
O2 - BHO: Class - {2793398C-63BA-9933-FF75-7C0CDD7AC593} - C:\WINDOWS\netul32.dll (file missing)
O2 - BHO: Class - {42907D52-904C-8D11-AF0C-5E6301181732} - C:\WINDOWS\system32\msal.dll (file missing)
O2 - BHO: Class - {7FD318B9-600D-989C-1DCA-4BF6B4D6258D} - C:\WINDOWS\netad.dll (file missing)
O2 - BHO: Class - {A8C3732C-8C8B-6F52-758A-DD43EB823302} - C:\WINDOWS\netck32.dll (file missing)
O2 - BHO: Class - {AD1C10AB-B823-DD59-CC22-04E0B321DD28} - C:\WINDOWS\appon.dll (file missing)
O2 - BHO: Class - {CEBAD012-13C4-4D24-410D-C7155144CF79} - C:\WINDOWS\system32\mswr32.dll (file missing)
O2 - BHO: Class - {DBD602A8-8F55-C964-E168-4A9DD3C20AC4} - C:\WINDOWS\winwf32.dll (file missing)
O2 - BHO: Class - {F0FD1195-33D1-9B47-F0C9-4013D99FC5AF} - C:\WINDOWS\netnd.dll (file missing)
O2 - BHO: Class - {FBD7A3E5-5601-4992-2152-5DFA235095A9} - C:\WINDOWS\system32\netax32.dll (file missing)
O2 - BHO: Class - {FFB59007-30E2-88D1-986B-566D8510B4B3} - C:\WINDOWS\ieba.dll (file missing)

O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [winkk.exe] C:\WINDOWS\winkk.exe

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm

Ferme les programmes en cours et fais Fix Checked.
-----------2

-Assures-toi que tu as accès aux fichiers cachés.
-Explorateur windows->outils->options des dossiers->affichage
"Afficher les fichiers cachés"->coché
"Masquer les extensions.."->décoché

-Supprimes manuellement les fichiers suivants: (en gras)

C:\WINDOWS\ntzd.exe
C:\WINDOWS\winkk.exe

Vide ta corbeille.
----------------3

Passe AboutBuster deux fois de suite.
Clique à chaque fois sur "Save log"

Passe Ad-Aware et supprime tout ce qu'il trouve.

Lance CleanUp (Attention à la fin quand tu mets oui, il te déloge de ta session).
------------------4

Redémarre ton pc.
Copie/colle les deux log de aboutbuster.
Reposte un log HijackThis.

répondre

scooby95 le 17 juillet 2005 à 15h59

Voici les deux scans successifs de about buster :
AboutBuster 5.0 reference file 30
Scan started on [17/07/2005] at [15:27:45]
------------------------------------------------
Removed Stream! C:\WINDOWS\cmsetacl.log:yuhkqz
Removed Stream! C:\WINDOWS\DESK01.JPG:qvapsk
Removed Stream! C:\WINDOWS\gvcasinos.ini:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Removed Stream! C:\WINDOWS\Photo Service.scr:Zone.Identifier
Removed Stream! C:\WINDOWS\Plume.bmp:zufnz
------------------------------------------------
Removed File! : C:\Windows\System32\rupsv.dat
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 15:28:05

AboutBuster 5.0 reference file 30
Scan started on [17/07/2005] at [15:30:06]
------------------------------------------------
Removed Stream! C:\WINDOWS\Photo Service.scr:Zone.Identifier
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 15:30:19

Puis le log de Hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 15:57:36, on 17/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Laurent\Bureau\HiJack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&p(...)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {07E65FDF-2A73-7925-24D8-A81B2D818986} - C:\WINDOWS\mfcdn32.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Class - {72A958A1-9DD4-3EE7-E121-6A16C6778544} - C:\WINDOWS\d3yd.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Class - {BBF8DC95-3A2E-5656-D1C3-B52D78BB35FD} - C:\WINDOWS\msul.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housec(...)
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

Encore merci de ton aide.
Pour le moment, pas de nouvelle alerte de antivir...

répondre

gchris le 17 juillet 2005 à 17h12

Hijackthis -> Do a system scan only -> coche ces lignes :

O2 - BHO: Class - {07E65FDF-2A73-7925-24D8-A81B2D818986} - C:\WINDOWS\mfcdn32.dll (file missing)
O2 - BHO: Class - {72A958A1-9DD4-3EE7-E121-6A16C6778544} - C:\WINDOWS\d3yd.dll (file missing)
O2 - BHO: Class - {BBF8DC95-3A2E-5656-D1C3-B52D78BB35FD} - C:\WINDOWS\msul.dll (file missing)

Clique sur Fix Checked.

répondre

scooby95 le 17 juillet 2005 à 17h52