Infecter par trojan tr/click delf CU2
Résolu/Fermé
loco4
Messages postés
59
Date d'inscription
dimanche 25 septembre 2005
Statut
Membre
Dernière intervention
16 avril 2016
-
22 nov. 2005 à 17:38
Utilisateur anonyme - 6 déc. 2005 à 20:07
Utilisateur anonyme - 6 déc. 2005 à 20:07
A voir également:
- Infecter par trojan tr/click delf CU2
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Auto click - Télécharger - Divers Utilitaires
- Visual click avis - Forum Vos droits sur internet
- Trojan al11 ✓ - Forum Virus
- Trojan win32 - Forum Virus
65 réponses
ben13010
Messages postés
3356
Date d'inscription
vendredi 24 septembre 2004
Statut
Contributeur
Dernière intervention
5 octobre 2012
387
22 nov. 2005 à 17:50
22 nov. 2005 à 17:50
salut
fixe et efface le fichier correspondant s'il existe ( en gras )
O2 - BHO: (no name) - {EE5C363D-7627-4F21-98AE-4CBCC1DBD650} - C:\WINDOWS\system32\common32.dll (file missing)
vide ta corbeille
passe les logiciels cleanup , ccleaner a2 free , spybot et ewido
fais un scan en ligne sur http://www.bitdefender.fr/bd/site/page.php
poste les rapports de tous ces logiciels et de bit defender
reposte un hijack ensuite
bye
ps : je crois pas avoir vu de firewall , installe zone alarm
fixe et efface le fichier correspondant s'il existe ( en gras )
O2 - BHO: (no name) - {EE5C363D-7627-4F21-98AE-4CBCC1DBD650} - C:\WINDOWS\system32\common32.dll (file missing)
vide ta corbeille
passe les logiciels cleanup , ccleaner a2 free , spybot et ewido
fais un scan en ligne sur http://www.bitdefender.fr/bd/site/page.php
poste les rapports de tous ces logiciels et de bit defender
reposte un hijack ensuite
bye
ps : je crois pas avoir vu de firewall , installe zone alarm
loco4
Messages postés
59
Date d'inscription
dimanche 25 septembre 2005
Statut
Membre
Dernière intervention
16 avril 2016
23 nov. 2005 à 17:28
23 nov. 2005 à 17:28
saluttttttttttttt
rien a faire.
il revient a chaque fois .
j'ai meme scaner avec drWeb .
ils les trouvent .mais ils sont toujours la des que je redemarre mon pc
Logfile of HijackThis v1.99.1
Scan saved at 17:27:36, on 23/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\laulau\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [MS Critical Security Installer] %Windir%\game.exe
O4 - HKLM\..\Run: [Network Interface Device Driver] C:\WINDOWS\System32\mcm.exe
O4 - HKLM\..\Run: [DrWebScheduler] "C:\Program Files\DrWeb\DRWEBSCD.EXE"
O4 - HKLM\..\Run: [Printer Driver] C:\WINDOWS\System32\accessdb.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128718991625
O17 - HKLM\System\CCS\Services\Tcpip\..\{E725002D-DBB6-47B0-8A41-2BE4CCDF29E9}: NameServer = 213.36.80.1 213.36.80.1
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
rien a faire.
il revient a chaque fois .
j'ai meme scaner avec drWeb .
ils les trouvent .mais ils sont toujours la des que je redemarre mon pc
Logfile of HijackThis v1.99.1
Scan saved at 17:27:36, on 23/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\laulau\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [MS Critical Security Installer] %Windir%\game.exe
O4 - HKLM\..\Run: [Network Interface Device Driver] C:\WINDOWS\System32\mcm.exe
O4 - HKLM\..\Run: [DrWebScheduler] "C:\Program Files\DrWeb\DRWEBSCD.EXE"
O4 - HKLM\..\Run: [Printer Driver] C:\WINDOWS\System32\accessdb.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128718991625
O17 - HKLM\System\CCS\Services\Tcpip\..\{E725002D-DBB6-47B0-8A41-2BE4CCDF29E9}: NameServer = 213.36.80.1 213.36.80.1
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
ben13010
Messages postés
3356
Date d'inscription
vendredi 24 septembre 2004
Statut
Contributeur
Dernière intervention
5 octobre 2012
387
23 nov. 2005 à 17:31
23 nov. 2005 à 17:31
t'a supprimé le fichier en gras ?
common32.dll
bye
common32.dll
bye
loco4
Messages postés
59
Date d'inscription
dimanche 25 septembre 2005
Statut
Membre
Dernière intervention
16 avril 2016
24 nov. 2005 à 14:45
24 nov. 2005 à 14:45
salut
tu ne peux plus m'aider ?
SNIFFFFFFFFFFFF
tu ne peux plus m'aider ?
SNIFFFFFFFFFFFF
loco4
Messages postés
59
Date d'inscription
dimanche 25 septembre 2005
Statut
Membre
Dernière intervention
16 avril 2016
23 nov. 2005 à 17:45
23 nov. 2005 à 17:45
yes
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
24 nov. 2005 à 14:59
24 nov. 2005 à 14:59
salut c'est quoi le nom du virus? et c'est quoi le nom du fichier infecter par le virus?
@++++++
@++++++
ben13010
Messages postés
3356
Date d'inscription
vendredi 24 septembre 2004
Statut
Contributeur
Dernière intervention
5 octobre 2012
387
24 nov. 2005 à 16:38
24 nov. 2005 à 16:38
re
reposte un rapport mais tu l'a plus le bho suspect non ? je le vois pas dans ton dernier rapport
reposte un rapport mais tu l'a plus le bho suspect non ? je le vois pas dans ton dernier rapport
loco4
Messages postés
59
Date d'inscription
dimanche 25 septembre 2005
Statut
Membre
Dernière intervention
16 avril 2016
24 nov. 2005 à 17:08
24 nov. 2005 à 17:08
saluttttt
oui. on le vois plus!!
mais il est toujours la.
quand je redamarre mon pc il revient.
mon anti virus m'indique
C:\WINDOWS\SYSTEM32\COMMON32.DLL
Is the Trojan horse TR/Click.Delf.CU.2
alors je fix et sup.
et la il disparé de mon rapport..
je redemarre mon pc et le revoila .
haaaaaaaaaaaaaaaaaaaaa
oui. on le vois plus!!
mais il est toujours la.
quand je redamarre mon pc il revient.
mon anti virus m'indique
C:\WINDOWS\SYSTEM32\COMMON32.DLL
Is the Trojan horse TR/Click.Delf.CU.2
alors je fix et sup.
et la il disparé de mon rapport..
je redemarre mon pc et le revoila .
haaaaaaaaaaaaaaaaaaaaa
Utilisateur anonyme
24 nov. 2005 à 17:13
24 nov. 2005 à 17:13
salut essay ca :
1.redemarre en mode sans echec (redemarage + tapotte sans arret sur F8 desque l'ordi s'allume)
2. desactive ta restauration (pour win xp ) comme ceci :
clike droit sur post de travaille/proprietes/restauration system et la tu coche desactiver la restauration du systeme tu applique
3. affiche les fichier cacher comme ceci :
clicker sur demarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cacher
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Puis fais «Ok» pour valider les changements.
Decocher masquer les extentions dont le type est connues
4.ensuite va dans demarrer/rechercher et tape:
COMMON32.DLL
suprime le et vide ta corebeille
refait un scan si tt va bien reactive la restauration et masque les fichiers caché en suivant le meme chemin
@+++++++
1.redemarre en mode sans echec (redemarage + tapotte sans arret sur F8 desque l'ordi s'allume)
2. desactive ta restauration (pour win xp ) comme ceci :
clike droit sur post de travaille/proprietes/restauration system et la tu coche desactiver la restauration du systeme tu applique
3. affiche les fichier cacher comme ceci :
clicker sur demarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cacher
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Puis fais «Ok» pour valider les changements.
Decocher masquer les extentions dont le type est connues
4.ensuite va dans demarrer/rechercher et tape:
COMMON32.DLL
suprime le et vide ta corebeille
refait un scan si tt va bien reactive la restauration et masque les fichiers caché en suivant le meme chemin
@+++++++
loco4
Messages postés
59
Date d'inscription
dimanche 25 septembre 2005
Statut
Membre
Dernière intervention
16 avril 2016
24 nov. 2005 à 20:07
24 nov. 2005 à 20:07
je viens de tout faire
et il est toujours la.
que faire...............
et il est toujours la.
que faire...............
Utilisateur anonyme
24 nov. 2005 à 20:15
24 nov. 2005 à 20:15
salut
essai ceci stp
demarer < poste de travail < c < program files < av personal < logfiles < NTGRDRT < copie / colle tout ce qu il y a a l interieur stp
+
Telecharge ceci
http://www.silentrunners.org/Silent%20Runners.vbs
Execute le,atends quelques minutes, il va creer ensuite un dossier juste a coté de silent runner sous format texte, copie/colle ce qu il te donnera
A+
essai ceci stp
demarer < poste de travail < c < program files < av personal < logfiles < NTGRDRT < copie / colle tout ce qu il y a a l interieur stp
+
Telecharge ceci
http://www.silentrunners.org/Silent%20Runners.vbs
Execute le,atends quelques minutes, il va creer ensuite un dossier juste a coté de silent runner sous format texte, copie/colle ce qu il te donnera
A+
Utilisateur anonyme
24 nov. 2005 à 20:18
24 nov. 2005 à 20:18
salut telecharge a et execute ces antispywares ( pense a les mettre a jour avant de les lancées)
(1) ad-aware version 1.06
(ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
voir demo
http://pageperso.aol.fr/balltrap34/adwseflash.zip
***
(2) spybot version 1.4
(ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
voir demo d utilisation
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
***
et aussi ceci
(3) CleanUp40.exe
http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
voir demo
http://pageperso.aol.fr/balltrap34/democleanup.htm
***
(4) a2
http://www.emsisoft.net/fr/
penser a le metre a jour avant de scanner le pc
***
ps : un grand merci a balltrap pour les lien :)
(5) Edwido
http://download.ewido.net/ewido-setup.exe
Pendant l'installation, sur la page "Additional Options", décoche les deux options "Install background guard" et "Install scan via context menu Ewido Security Suite. Clique sur mise à jour.
Clique sur scanner puis sur scan complet du système.
(6) SmitfraudFix
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
@+++++++
(1) ad-aware version 1.06
(ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
voir demo
http://pageperso.aol.fr/balltrap34/adwseflash.zip
***
(2) spybot version 1.4
(ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
voir demo d utilisation
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
***
et aussi ceci
(3) CleanUp40.exe
http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
voir demo
http://pageperso.aol.fr/balltrap34/democleanup.htm
***
(4) a2
http://www.emsisoft.net/fr/
penser a le metre a jour avant de scanner le pc
***
ps : un grand merci a balltrap pour les lien :)
(5) Edwido
http://download.ewido.net/ewido-setup.exe
Pendant l'installation, sur la page "Additional Options", décoche les deux options "Install background guard" et "Install scan via context menu Ewido Security Suite. Clique sur mise à jour.
Clique sur scanner puis sur scan complet du système.
(6) SmitfraudFix
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
@+++++++
loco4
Messages postés
59
Date d'inscription
dimanche 25 septembre 2005
Statut
Membre
Dernière intervention
16 avril 2016
24 nov. 2005 à 20:46
24 nov. 2005 à 20:46
voila je colle
C:\Windows\System32\commo.dll.exe 23/11/2005,20:06:59 ---------------------------------------------------------
23/11/2005,20:06:59 [INIT] The AVGuard Service is starting.
23/11/2005,20:07:00 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
23/11/2005,20:07:01 [INFO] Start Filter Device.
23/11/2005,20:07:01 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.14.17
23/11/2005,20:07:01 AVGuard has been started successfully!
23/11/2005,20:07:03 [LOGON] Connection request by remote computer. Establishing secure communication channel.
23/11/2005,20:07:03 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaa26f732.
23/11/2005,20:08:43 [INFO] Stop Filter Device.
23/11/2005,20:08:44 AVGuard service has been stopped!
23/11/2005,20:08:49 ---------------------------------------------------------
23/11/2005,20:08:49 [INIT] The AVGuard Service is starting.
23/11/2005,20:08:49 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
23/11/2005,20:08:50 [INFO] Start Filter Device.
23/11/2005,20:08:50 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
23/11/2005,20:08:50 AVGuard has been started successfully!
23/11/2005,20:09:29 [INFO] Stop Filter Device.
23/11/2005,20:09:30 AVGuard service has been stopped!
23/11/2005,20:10:45 ---------------------------------------------------------
23/11/2005,20:10:45 [INIT] The AVGuard Service is starting.
23/11/2005,20:10:46 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
23/11/2005,20:10:48 [INFO] Start Filter Device.
23/11/2005,20:10:48 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
23/11/2005,20:10:48 AVGuard has been started successfully!
23/11/2005,20:10:49 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
23/11/2005,20:10:49 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
23/11/2005,20:11:29 [LOGON] Connection request by remote computer. Establishing secure communication channel.
23/11/2005,20:11:29 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaab829e.
23/11/2005,20:11:27 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
23/11/2005,20:11:28 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
23/11/2005,20:38:16 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
23/11/2005,20:39:47 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
23/11/2005,20:40:45 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
23/11/2005,20:48:40 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
23/11/2005,21:04:08 [INFO] Stop Filter Device.
23/11/2005,21:04:16 AVGuard service has been stopped!
23/11/2005,21:05:24 ---------------------------------------------------------
23/11/2005,21:05:24 [INIT] The AVGuard Service is starting.
23/11/2005,21:05:25 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
23/11/2005,21:05:27 [INFO] Start Filter Device.
23/11/2005,21:05:27 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
23/11/2005,21:05:27 AVGuard has been started successfully!
23/11/2005,21:05:34 [LOGON] Connection request by remote computer. Establishing secure communication channel.
23/11/2005,21:05:34 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa071e.
23/11/2005,21:05:34 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
23/11/2005,21:05:33 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
23/11/2005,21:33:40 [INFO] Stop Filter Device.
23/11/2005,21:33:40 AVGuard service has been stopped!
23/11/2005,22:52:56 ---------------------------------------------------------
23/11/2005,22:52:56 [INIT] The AVGuard Service is starting.
23/11/2005,22:52:57 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
23/11/2005,22:52:59 [INFO] Start Filter Device.
23/11/2005,22:52:59 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
23/11/2005,22:52:59 AVGuard has been started successfully!
23/11/2005,22:53:09 [LOGON] Connection request by remote computer. Establishing secure communication channel.
23/11/2005,22:53:09 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa180c.
23/11/2005,22:53:07 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
23/11/2005,22:53:07 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
23/11/2005,22:53:42 [INFO] Stop Filter Device.
23/11/2005,22:53:42 AVGuard service has been stopped!
24/11/2005,08:12:03 ---------------------------------------------------------
24/11/2005,08:12:03 [INIT] The AVGuard Service is starting.
24/11/2005,08:12:04 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,08:12:06 [INFO] Start Filter Device.
24/11/2005,08:12:06 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,08:12:06 AVGuard has been started successfully!
24/11/2005,08:12:07 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,08:12:55 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,08:12:55 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaabe3e2.
24/11/2005,08:12:55 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,08:12:55 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,14:13:46 [INFO] Stop Filter Device.
24/11/2005,14:13:47 AVGuard service has been stopped!
24/11/2005,14:15:03 ---------------------------------------------------------
24/11/2005,14:15:03 [INIT] The AVGuard Service is starting.
24/11/2005,14:15:04 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,14:15:06 [INFO] Start Filter Device.
24/11/2005,14:15:06 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,14:15:06 AVGuard has been started successfully!
24/11/2005,14:15:08 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
24/11/2005,14:15:41 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,14:15:41 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaabb653.
24/11/2005,14:15:41 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
24/11/2005,14:19:24 [INFO] Stop Filter Device.
24/11/2005,14:19:24 AVGuard service has been stopped!
24/11/2005,14:20:39 ---------------------------------------------------------
24/11/2005,14:20:39 [INIT] The AVGuard Service is starting.
24/11/2005,14:20:39 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,14:20:42 [INFO] Start Filter Device.
24/11/2005,14:20:42 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,14:20:42 AVGuard has been started successfully!
24/11/2005,14:20:48 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,14:20:48 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa094b.
24/11/2005,14:20:50 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,14:20:50 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,14:21:08 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,14:22:34 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,14:22:47 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,14:24:44 [INFO] Stop Filter Device.
24/11/2005,14:24:44 AVGuard service has been stopped!
24/11/2005,14:26:01 ---------------------------------------------------------
24/11/2005,14:26:01 [INIT] The AVGuard Service is starting.
24/11/2005,14:26:02 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,14:26:05 [INFO] Start Filter Device.
24/11/2005,14:26:05 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,14:26:05 AVGuard has been started successfully!
24/11/2005,14:28:30 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
24/11/2005,14:28:38 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
24/11/2005,14:28:54 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,14:28:54 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa98ecb.
24/11/2005,14:28:53 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
24/11/2005,14:30:50 [INFO] Stop Filter Device.
24/11/2005,14:30:51 AVGuard service has been stopped!
24/11/2005,14:32:07 ---------------------------------------------------------
24/11/2005,14:32:07 [INIT] The AVGuard Service is starting.
24/11/2005,14:32:07 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,14:32:10 [INFO] Start Filter Device.
24/11/2005,14:32:10 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,14:32:10 AVGuard has been started successfully!
24/11/2005,14:34:39 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
24/11/2005,14:34:45 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
24/11/2005,14:35:04 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,14:35:04 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa99695.
24/11/2005,14:35:05 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
24/11/2005,14:48:37 [INFO] Stop Filter Device.
24/11/2005,14:48:38 AVGuard service has been stopped!
24/11/2005,14:49:53 ---------------------------------------------------------
24/11/2005,14:49:53 [INIT] The AVGuard Service is starting.
24/11/2005,14:49:53 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,14:49:56 [INFO] Start Filter Device.
24/11/2005,14:49:56 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,14:49:56 AVGuard has been started successfully!
24/11/2005,14:52:33 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,14:52:40 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,14:52:59 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,14:52:59 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa9f069.
24/11/2005,14:52:56 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,15:52:36 [INFO] Stop Filter Device.
24/11/2005,15:52:38 AVGuard service has been stopped!
24/11/2005,15:53:51 ---------------------------------------------------------
24/11/2005,15:53:51 [INIT] The AVGuard Service is starting.
24/11/2005,15:53:52 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,15:53:54 [INFO] Start Filter Device.
24/11/2005,15:53:54 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,15:53:54 AVGuard has been started successfully!
24/11/2005,15:56:32 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
24/11/2005,15:56:43 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
24/11/2005,15:56:59 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,15:56:59 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa9f53c.
24/11/2005,15:56:59 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
24/11/2005,16:51:59 [INFO] Stop Filter Device.
24/11/2005,16:52:00 AVGuard service has been stopped!
24/11/2005,16:53:02 ---------------------------------------------------------
24/11/2005,16:53:02 [INIT] The AVGuard Service is starting.
24/11/2005,16:53:03 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,16:53:05 [INFO] Start Filter Device.
24/11/2005,16:53:05 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,16:53:05 AVGuard has been started successfully!
24/11/2005,16:55:47 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,16:56:07 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,16:56:22 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,16:56:22 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa9c1b5.
24/11/2005,16:56:23 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,17:23:40 [INFO] Stop Filter Device.
24/11/2005,17:23:40 AVGuard service has been stopped!
24/11/2005,17:55:23 ---------------------------------------------------------
24/11/2005,17:55:23 [INIT] The AVGuard Service is starting.
24/11/2005,17:55:24 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,17:55:26 [INFO] Start Filter Device.
24/11/2005,17:55:26 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,17:55:26 AVGuard has been started successfully!
24/11/2005,17:55:26 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been deleted!
24/11/2005,17:57:09 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,17:57:10 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa89b9d.
24/11/2005,17:57:13 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been deleted!
24/11/2005,17:58:01 [INFO] Stop Filter Device.
24/11/2005,17:58:01 AVGuard service has been stopped!
24/11/2005,17:59:18 ---------------------------------------------------------
24/11/2005,17:59:18 [INIT] The AVGuard Service is starting.
24/11/2005,17:59:19 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,17:59:21 [INFO] Start Filter Device.
24/11/2005,17:59:21 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,17:59:21 AVGuard has been started successfully!
24/11/2005,17:59:22 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been deleted!
24/11/2005,17:59:59 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,17:59:59 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa5448.
24/11/2005,17:59:59 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been deleted!
24/11/2005,18:00:34 [INFO] Stop Filter Device.
24/11/2005,18:00:35 AVGuard service has been stopped!
24/11/2005,18:01:39 ---------------------------------------------------------
24/11/2005,18:01:39 [INIT] The AVGuard Service is starting.
24/11/2005,18:01:39 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,18:01:42 [INFO] Start Filter Device.
24/11/2005,18:01:42 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,18:01:42 AVGuard has been started successfully!
24/11/2005,18:01:49 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,18:01:49 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa2db8.
24/11/2005,18:01:47 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been deleted!
24/11/2005,18:01:46 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
Unable to delete the file:
0x00000002 - Le fichier spécifié est introuvable.
24/11/2005,18:05:31 [INFO] Stop Filter Device.
24/11/2005,18:05:31 AVGuard service has been stopped!
24/11/2005,18:06:43 ---------------------------------------------------------
24/11/2005,18:06:43 [INIT] The AVGuard Service is starting.
24/11/2005,18:06:44 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,18:06:46 [INFO] Start Filter Device.
24/11/2005,18:06:46 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,18:06:46 AVGuard has been started successfully!
24/11/2005,18:06:52 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,18:06:52 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa2e8e.
24/11/2005,18:06:54 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,18:07:30 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,18:08:46 [INFO] Stop Filter Device.
24/11/2005,18:08:46 AVGuard service has been stopped!
24/11/2005,19:59:20 ---------------------------------------------------------
24/11/2005,19:59:20 [INIT] The AVGuard Service is starting.
24/11/2005,19:59:21 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,19:59:23 [INFO] Start Filter Device.
24/11/2005,19:59:23 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,19:59:23 AVGuard has been started successfully!
24/11/2005,19:59:23 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
24/11/2005,19:59:57 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,19:59:57 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa5d34.
24/11/2005,19:59:59 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"NvCplDaemon" = "RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"InCD" = "C:\Program Files\Ahead\InCD\InCD.exe" ["Ahead Software AG"]
"MS Critical Security Installer" = "%Windir%\game.exe" [file not found]
"Network Interface Device Driver" = "C:\WINDOWS\System32\mcm.exe" [null data]
"Printer Driver" = "C:\WINDOWS\System32\accessdb.exe" [null data]
"AVGCtrl" = ""C:\Program Files\AVPersonal\AVGNT.EXE" /min" ["H+BEDV Datentechnik GmbH"]
HKLM\Software\Microsoft\Active Setup\Installed Components\
{460BB7AC-4C41-49F2-8BF2-34270F15ED74}\(Default) = (no title provided)
\StubPath = "C:\WINDOWS\System32\rtp.exe" [null data]
{87D6584F-729D-4302-9192-9549AE2EA38B}\(Default) = (no title provided)
\StubPath = "C:\WINDOWS\MS VerNet.exe" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{EE5C363D-7627-4F21-98AE-4CBCC1DBD650}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\common32.dll" [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
C:\Windows\System32\commo.dll.exe 23/11/2005,20:06:59 ---------------------------------------------------------
23/11/2005,20:06:59 [INIT] The AVGuard Service is starting.
23/11/2005,20:07:00 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
23/11/2005,20:07:01 [INFO] Start Filter Device.
23/11/2005,20:07:01 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.14.17
23/11/2005,20:07:01 AVGuard has been started successfully!
23/11/2005,20:07:03 [LOGON] Connection request by remote computer. Establishing secure communication channel.
23/11/2005,20:07:03 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaa26f732.
23/11/2005,20:08:43 [INFO] Stop Filter Device.
23/11/2005,20:08:44 AVGuard service has been stopped!
23/11/2005,20:08:49 ---------------------------------------------------------
23/11/2005,20:08:49 [INIT] The AVGuard Service is starting.
23/11/2005,20:08:49 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
23/11/2005,20:08:50 [INFO] Start Filter Device.
23/11/2005,20:08:50 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
23/11/2005,20:08:50 AVGuard has been started successfully!
23/11/2005,20:09:29 [INFO] Stop Filter Device.
23/11/2005,20:09:30 AVGuard service has been stopped!
23/11/2005,20:10:45 ---------------------------------------------------------
23/11/2005,20:10:45 [INIT] The AVGuard Service is starting.
23/11/2005,20:10:46 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
23/11/2005,20:10:48 [INFO] Start Filter Device.
23/11/2005,20:10:48 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
23/11/2005,20:10:48 AVGuard has been started successfully!
23/11/2005,20:10:49 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
23/11/2005,20:10:49 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
23/11/2005,20:11:29 [LOGON] Connection request by remote computer. Establishing secure communication channel.
23/11/2005,20:11:29 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaab829e.
23/11/2005,20:11:27 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
23/11/2005,20:11:28 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
23/11/2005,20:38:16 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
23/11/2005,20:39:47 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
23/11/2005,20:40:45 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
23/11/2005,20:48:40 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
23/11/2005,21:04:08 [INFO] Stop Filter Device.
23/11/2005,21:04:16 AVGuard service has been stopped!
23/11/2005,21:05:24 ---------------------------------------------------------
23/11/2005,21:05:24 [INIT] The AVGuard Service is starting.
23/11/2005,21:05:25 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
23/11/2005,21:05:27 [INFO] Start Filter Device.
23/11/2005,21:05:27 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
23/11/2005,21:05:27 AVGuard has been started successfully!
23/11/2005,21:05:34 [LOGON] Connection request by remote computer. Establishing secure communication channel.
23/11/2005,21:05:34 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa071e.
23/11/2005,21:05:34 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
23/11/2005,21:05:33 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
23/11/2005,21:33:40 [INFO] Stop Filter Device.
23/11/2005,21:33:40 AVGuard service has been stopped!
23/11/2005,22:52:56 ---------------------------------------------------------
23/11/2005,22:52:56 [INIT] The AVGuard Service is starting.
23/11/2005,22:52:57 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
23/11/2005,22:52:59 [INFO] Start Filter Device.
23/11/2005,22:52:59 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
23/11/2005,22:52:59 AVGuard has been started successfully!
23/11/2005,22:53:09 [LOGON] Connection request by remote computer. Establishing secure communication channel.
23/11/2005,22:53:09 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa180c.
23/11/2005,22:53:07 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
23/11/2005,22:53:07 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
23/11/2005,22:53:42 [INFO] Stop Filter Device.
23/11/2005,22:53:42 AVGuard service has been stopped!
24/11/2005,08:12:03 ---------------------------------------------------------
24/11/2005,08:12:03 [INIT] The AVGuard Service is starting.
24/11/2005,08:12:04 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,08:12:06 [INFO] Start Filter Device.
24/11/2005,08:12:06 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,08:12:06 AVGuard has been started successfully!
24/11/2005,08:12:07 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,08:12:55 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,08:12:55 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaabe3e2.
24/11/2005,08:12:55 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,08:12:55 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,14:13:46 [INFO] Stop Filter Device.
24/11/2005,14:13:47 AVGuard service has been stopped!
24/11/2005,14:15:03 ---------------------------------------------------------
24/11/2005,14:15:03 [INIT] The AVGuard Service is starting.
24/11/2005,14:15:04 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,14:15:06 [INFO] Start Filter Device.
24/11/2005,14:15:06 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,14:15:06 AVGuard has been started successfully!
24/11/2005,14:15:08 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
24/11/2005,14:15:41 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,14:15:41 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaabb653.
24/11/2005,14:15:41 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
24/11/2005,14:19:24 [INFO] Stop Filter Device.
24/11/2005,14:19:24 AVGuard service has been stopped!
24/11/2005,14:20:39 ---------------------------------------------------------
24/11/2005,14:20:39 [INIT] The AVGuard Service is starting.
24/11/2005,14:20:39 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,14:20:42 [INFO] Start Filter Device.
24/11/2005,14:20:42 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,14:20:42 AVGuard has been started successfully!
24/11/2005,14:20:48 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,14:20:48 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa094b.
24/11/2005,14:20:50 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,14:20:50 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,14:21:08 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,14:22:34 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,14:22:47 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,14:24:44 [INFO] Stop Filter Device.
24/11/2005,14:24:44 AVGuard service has been stopped!
24/11/2005,14:26:01 ---------------------------------------------------------
24/11/2005,14:26:01 [INIT] The AVGuard Service is starting.
24/11/2005,14:26:02 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,14:26:05 [INFO] Start Filter Device.
24/11/2005,14:26:05 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,14:26:05 AVGuard has been started successfully!
24/11/2005,14:28:30 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
24/11/2005,14:28:38 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
24/11/2005,14:28:54 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,14:28:54 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa98ecb.
24/11/2005,14:28:53 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
24/11/2005,14:30:50 [INFO] Stop Filter Device.
24/11/2005,14:30:51 AVGuard service has been stopped!
24/11/2005,14:32:07 ---------------------------------------------------------
24/11/2005,14:32:07 [INIT] The AVGuard Service is starting.
24/11/2005,14:32:07 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,14:32:10 [INFO] Start Filter Device.
24/11/2005,14:32:10 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,14:32:10 AVGuard has been started successfully!
24/11/2005,14:34:39 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
24/11/2005,14:34:45 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
24/11/2005,14:35:04 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,14:35:04 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa99695.
24/11/2005,14:35:05 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
24/11/2005,14:48:37 [INFO] Stop Filter Device.
24/11/2005,14:48:38 AVGuard service has been stopped!
24/11/2005,14:49:53 ---------------------------------------------------------
24/11/2005,14:49:53 [INIT] The AVGuard Service is starting.
24/11/2005,14:49:53 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,14:49:56 [INFO] Start Filter Device.
24/11/2005,14:49:56 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,14:49:56 AVGuard has been started successfully!
24/11/2005,14:52:33 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,14:52:40 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,14:52:59 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,14:52:59 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa9f069.
24/11/2005,14:52:56 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,15:52:36 [INFO] Stop Filter Device.
24/11/2005,15:52:38 AVGuard service has been stopped!
24/11/2005,15:53:51 ---------------------------------------------------------
24/11/2005,15:53:51 [INIT] The AVGuard Service is starting.
24/11/2005,15:53:52 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,15:53:54 [INFO] Start Filter Device.
24/11/2005,15:53:54 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,15:53:54 AVGuard has been started successfully!
24/11/2005,15:56:32 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
24/11/2005,15:56:43 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
24/11/2005,15:56:59 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,15:56:59 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa9f53c.
24/11/2005,15:56:59 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
24/11/2005,16:51:59 [INFO] Stop Filter Device.
24/11/2005,16:52:00 AVGuard service has been stopped!
24/11/2005,16:53:02 ---------------------------------------------------------
24/11/2005,16:53:02 [INIT] The AVGuard Service is starting.
24/11/2005,16:53:03 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,16:53:05 [INFO] Start Filter Device.
24/11/2005,16:53:05 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,16:53:05 AVGuard has been started successfully!
24/11/2005,16:55:47 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,16:56:07 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,16:56:22 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,16:56:22 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa9c1b5.
24/11/2005,16:56:23 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,17:23:40 [INFO] Stop Filter Device.
24/11/2005,17:23:40 AVGuard service has been stopped!
24/11/2005,17:55:23 ---------------------------------------------------------
24/11/2005,17:55:23 [INIT] The AVGuard Service is starting.
24/11/2005,17:55:24 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,17:55:26 [INFO] Start Filter Device.
24/11/2005,17:55:26 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,17:55:26 AVGuard has been started successfully!
24/11/2005,17:55:26 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been deleted!
24/11/2005,17:57:09 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,17:57:10 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa89b9d.
24/11/2005,17:57:13 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been deleted!
24/11/2005,17:58:01 [INFO] Stop Filter Device.
24/11/2005,17:58:01 AVGuard service has been stopped!
24/11/2005,17:59:18 ---------------------------------------------------------
24/11/2005,17:59:18 [INIT] The AVGuard Service is starting.
24/11/2005,17:59:19 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,17:59:21 [INFO] Start Filter Device.
24/11/2005,17:59:21 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,17:59:21 AVGuard has been started successfully!
24/11/2005,17:59:22 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been deleted!
24/11/2005,17:59:59 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,17:59:59 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa5448.
24/11/2005,17:59:59 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been deleted!
24/11/2005,18:00:34 [INFO] Stop Filter Device.
24/11/2005,18:00:35 AVGuard service has been stopped!
24/11/2005,18:01:39 ---------------------------------------------------------
24/11/2005,18:01:39 [INIT] The AVGuard Service is starting.
24/11/2005,18:01:39 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,18:01:42 [INFO] Start Filter Device.
24/11/2005,18:01:42 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,18:01:42 AVGuard has been started successfully!
24/11/2005,18:01:49 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,18:01:49 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa2db8.
24/11/2005,18:01:47 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been deleted!
24/11/2005,18:01:46 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
Unable to delete the file:
0x00000002 - Le fichier spécifié est introuvable.
24/11/2005,18:05:31 [INFO] Stop Filter Device.
24/11/2005,18:05:31 AVGuard service has been stopped!
24/11/2005,18:06:43 ---------------------------------------------------------
24/11/2005,18:06:43 [INIT] The AVGuard Service is starting.
24/11/2005,18:06:44 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,18:06:46 [INFO] Start Filter Device.
24/11/2005,18:06:46 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,18:06:46 AVGuard has been started successfully!
24/11/2005,18:06:52 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,18:06:52 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa2e8e.
24/11/2005,18:06:54 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,18:07:30 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,18:08:46 [INFO] Stop Filter Device.
24/11/2005,18:08:46 AVGuard service has been stopped!
24/11/2005,19:59:20 ---------------------------------------------------------
24/11/2005,19:59:20 [INIT] The AVGuard Service is starting.
24/11/2005,19:59:21 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,19:59:23 [INFO] Start Filter Device.
24/11/2005,19:59:23 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,19:59:23 AVGuard has been started successfully!
24/11/2005,19:59:23 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
24/11/2005,19:59:57 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,19:59:57 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa5d34.
24/11/2005,19:59:59 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"NvCplDaemon" = "RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"InCD" = "C:\Program Files\Ahead\InCD\InCD.exe" ["Ahead Software AG"]
"MS Critical Security Installer" = "%Windir%\game.exe" [file not found]
"Network Interface Device Driver" = "C:\WINDOWS\System32\mcm.exe" [null data]
"Printer Driver" = "C:\WINDOWS\System32\accessdb.exe" [null data]
"AVGCtrl" = ""C:\Program Files\AVPersonal\AVGNT.EXE" /min" ["H+BEDV Datentechnik GmbH"]
HKLM\Software\Microsoft\Active Setup\Installed Components\
{460BB7AC-4C41-49F2-8BF2-34270F15ED74}\(Default) = (no title provided)
\StubPath = "C:\WINDOWS\System32\rtp.exe" [null data]
{87D6584F-729D-4302-9192-9549AE2EA38B}\(Default) = (no title provided)
\StubPath = "C:\WINDOWS\MS VerNet.exe" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{EE5C363D-7627-4F21-98AE-4CBCC1DBD650}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\common32.dll" [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
Utilisateur anonyme
24 nov. 2005 à 20:55
24 nov. 2005 à 20:55
salut
1/le rapport est pas entier, atends qqs minutes avant de le recuperer stp
2/vide ta quarantaine
c < program files < av personal < infected < vide tout ce qu il y a a l interieur et vide ta poubelle
a+
1/le rapport est pas entier, atends qqs minutes avant de le recuperer stp
2/vide ta quarantaine
c < program files < av personal < infected < vide tout ce qu il y a a l interieur et vide ta poubelle
a+
loco4
Messages postés
59
Date d'inscription
dimanche 25 septembre 2005
Statut
Membre
Dernière intervention
16 avril 2016
24 nov. 2005 à 21:38
24 nov. 2005 à 21:38
ok
Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"NvCplDaemon" = "RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"InCD" = "C:\Program Files\Ahead\InCD\InCD.exe" ["Ahead Software AG"]
"MS Critical Security Installer" = "%Windir%\game.exe" [file not found]
"Network Interface Device Driver" = "C:\WINDOWS\System32\mcm.exe" [null data]
"Printer Driver" = "C:\WINDOWS\System32\accessdb.exe" [null data]
"AVGCtrl" = ""C:\Program Files\AVPersonal\AVGNT.EXE" /min" ["H+BEDV Datentechnik GmbH"]
HKLM\Software\Microsoft\Active Setup\Installed Components\
{460BB7AC-4C41-49F2-8BF2-34270F15ED74}\(Default) = (no title provided)
\StubPath = "C:\WINDOWS\System32\rtp.exe" [null data]
{87D6584F-729D-4302-9192-9549AE2EA38B}\(Default) = (no title provided)
\StubPath = "C:\WINDOWS\MS VerNet.exe" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{EE5C363D-7627-4F21-98AE-4CBCC1DBD650}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\common32.dll" [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Explorateur de Bureau"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Ahead\InCD\incdshx.dll" ["Ahead Software, Karlsbad, Germany"]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\laulau\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]
Startup items in "laulau" & "All Users" startup folders:
--------------------------------------------------------
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe" [empty string]
"InterVideo WinCinema Manager" -> shortcut to: "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" [empty string]
"Lancement rapide d'Adobe Reader" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
"Rappels du Calendrier Microsoft Works" -> shortcut to: "C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe" ["Microsoft® Corporation"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Messenger"
"Exec" = "C:\Program Files\Messenger\MSMSGS.EXE" [MS]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"
Missing lines (compared with English-language version):
[Strings]: 1 line
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AntiVir Service, AntiVirService, ""C:\Program Files\AVPersonal\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"]
AntiVir Update, AVWUpSrv, ""C:\Program Files\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"]
C-DillaCdaC11BA, C-DillaCdaC11BA, "C:\WINDOWS\System32\drivers\CDAC11BA.EXE" ["Macrovision"]
InCD File System Service, InCDsrv, "C:\Program Files\Ahead\InCD\InCDsrv.exe" ["AHEAD Software"]
NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
SmartLinkService, SLService, "slserv.exe" [" "]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Canon BJ Language Monitor i250\Driver = "CNMLM50.DLL" ["CANON INC."]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 47 seconds, including 6 seconds for message boxes)
Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"NvCplDaemon" = "RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"InCD" = "C:\Program Files\Ahead\InCD\InCD.exe" ["Ahead Software AG"]
"MS Critical Security Installer" = "%Windir%\game.exe" [file not found]
"Network Interface Device Driver" = "C:\WINDOWS\System32\mcm.exe" [null data]
"Printer Driver" = "C:\WINDOWS\System32\accessdb.exe" [null data]
"AVGCtrl" = ""C:\Program Files\AVPersonal\AVGNT.EXE" /min" ["H+BEDV Datentechnik GmbH"]
HKLM\Software\Microsoft\Active Setup\Installed Components\
{460BB7AC-4C41-49F2-8BF2-34270F15ED74}\(Default) = (no title provided)
\StubPath = "C:\WINDOWS\System32\rtp.exe" [null data]
{87D6584F-729D-4302-9192-9549AE2EA38B}\(Default) = (no title provided)
\StubPath = "C:\WINDOWS\MS VerNet.exe" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{EE5C363D-7627-4F21-98AE-4CBCC1DBD650}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\common32.dll" [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Explorateur de Bureau"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Ahead\InCD\incdshx.dll" ["Ahead Software, Karlsbad, Germany"]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\laulau\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]
Startup items in "laulau" & "All Users" startup folders:
--------------------------------------------------------
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe" [empty string]
"InterVideo WinCinema Manager" -> shortcut to: "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" [empty string]
"Lancement rapide d'Adobe Reader" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
"Rappels du Calendrier Microsoft Works" -> shortcut to: "C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe" ["Microsoft® Corporation"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Messenger"
"Exec" = "C:\Program Files\Messenger\MSMSGS.EXE" [MS]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"
Missing lines (compared with English-language version):
[Strings]: 1 line
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AntiVir Service, AntiVirService, ""C:\Program Files\AVPersonal\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"]
AntiVir Update, AVWUpSrv, ""C:\Program Files\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"]
C-DillaCdaC11BA, C-DillaCdaC11BA, "C:\WINDOWS\System32\drivers\CDAC11BA.EXE" ["Macrovision"]
InCD File System Service, InCDsrv, "C:\Program Files\Ahead\InCD\InCDsrv.exe" ["AHEAD Software"]
NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
SmartLinkService, SLService, "slserv.exe" [" "]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Canon BJ Language Monitor i250\Driver = "CNMLM50.DLL" ["CANON INC."]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 47 seconds, including 6 seconds for message boxes)
Utilisateur anonyme
24 nov. 2005 à 21:57
24 nov. 2005 à 21:57
salut
Télécharge: Pocket Killbox ici
http://www.downloads.subratam.org/KillBox.exe
:: Démo d utilisation (merci a Balltrap34 pour cette réalisation) ::
http://pageperso.aol.fr/balltrap34/killbox.htm
Double clic sur killbox.exe (Pocket Killbox)
- coche: delete on reboot
- Dans "Full Path of File to Delete"
copie et colle:
C:\WINDOWS\SYSTEM32\COMMON32.DLL
- clique sur la croix rouge
- une fenêtre va apparaître pour confirmation clique sur YES
- une seconde fenêtre te demande si tu veux redémarrer clique sur YES
Laisse le pc redémarrer.
Et après reposte un log HijackThis.
A+
Télécharge: Pocket Killbox ici
http://www.downloads.subratam.org/KillBox.exe
:: Démo d utilisation (merci a Balltrap34 pour cette réalisation) ::
http://pageperso.aol.fr/balltrap34/killbox.htm
Double clic sur killbox.exe (Pocket Killbox)
- coche: delete on reboot
- Dans "Full Path of File to Delete"
copie et colle:
C:\WINDOWS\SYSTEM32\COMMON32.DLL
- clique sur la croix rouge
- une fenêtre va apparaître pour confirmation clique sur YES
- une seconde fenêtre te demande si tu veux redémarrer clique sur YES
Laisse le pc redémarrer.
Et après reposte un log HijackThis.
A+
loco4
Messages postés
59
Date d'inscription
dimanche 25 septembre 2005
Statut
Membre
Dernière intervention
16 avril 2016
24 nov. 2005 à 22:01
24 nov. 2005 à 22:01
j'ai deja fait .
dossier introuvable C:\WINDOWS\SYSTEM32\COMMON32.DLL
a la place de COMMON32 je trouve cmmon32
dossier introuvable C:\WINDOWS\SYSTEM32\COMMON32.DLL
a la place de COMMON32 je trouve cmmon32
Utilisateur anonyme
24 nov. 2005 à 22:03
24 nov. 2005 à 22:03
re,
fais une recherche et dis moi si tu as ceci
commop.exe
battlenet.exe
commonaccess.exe
memswapmanger.pif
msfirewall.exe
opsys.exe
DirectX.exe
screensaver.scr
a+
fais une recherche et dis moi si tu as ceci
commop.exe
battlenet.exe
commonaccess.exe
memswapmanger.pif
msfirewall.exe
opsys.exe
DirectX.exe
screensaver.scr
a+
loco4
Messages postés
59
Date d'inscription
dimanche 25 septembre 2005
Statut
Membre
Dernière intervention
16 avril 2016
25 nov. 2005 à 13:59
25 nov. 2005 à 13:59
salutttttttttttttt
rien de chez rien...
rien de chez rien...
Utilisateur anonyme
25 nov. 2005 à 14:06
25 nov. 2005 à 14:06
salut
Recherche ceci
game.exe
Note le chemin puis:
Rend toi sur ce site :
http://www.virustotal.com/xhtml/virustotal_en.html
Clik sur parcourir
Recherche ceci :
Ici, tu suis le chemin ou tu l as trouvé
Clik send et colle le rapport stp
A+
Recherche ceci
game.exe
Note le chemin puis:
Rend toi sur ce site :
http://www.virustotal.com/xhtml/virustotal_en.html
Clik sur parcourir
Recherche ceci :
Ici, tu suis le chemin ou tu l as trouvé
Clik send et colle le rapport stp
A+
Utilisateur anonyme
25 nov. 2005 à 14:06
25 nov. 2005 à 14:06
salut as tu afficher les fichier caché avant de faire une recherche :
affiche les fichier cacher comme ceci :
clicker sur demarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cacher
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Puis fais «Ok» pour valider les changements.
Decocher masquer les extentions dont le type est connues
@++++++++++
affiche les fichier cacher comme ceci :
clicker sur demarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cacher
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Puis fais «Ok» pour valider les changements.
Decocher masquer les extentions dont le type est connues
@++++++++++