Infecter par trojan tr/click delf CU2

Résolu
loco4 Messages postés 60 Statut Membre -  
 Utilisateur anonyme -
salutttttttt

voila!!

mon antivirus (antivir) dectecte le virus au demarrage de mon pc et me met une fenetre " WARNING ".
deny access et je clic sur ok.
mais il revient a chaque demarrage de mon pc.

Logfile of HijackThis v1.99.1
Scan saved at 17:38:06, on 22/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Documents and Settings\laulau\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {EE5C363D-7627-4F21-98AE-4CBCC1DBD650} - C:\WINDOWS\system32\common32.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [MS Critical Security Installer] %Windir%\game.exe
O4 - HKLM\..\Run: [Printer Driver] C:\WINDOWS\System32\accessdb.exe
O4 - HKLM\..\Run: [Network Interface Device Driver] C:\WINDOWS\System32\mcm.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128718991625
O17 - HKLM\System\CCS\Services\Tcpip\..\{E725002D-DBB6-47B0-8A41-2BE4CCDF29E9}: NameServer = 213.36.80.1 213.36.80.1
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

65 réponses

  • 1
  • 2
  • 3
  • 4
Résumé de la discussion

Le problème porte sur une alerte antivirus qui se déclenche au démarrage du PC et bloque l’accès avec une fenêtre 'WARNING', revenant à chaque démarrage malgré la validation. Plusieurs mesures préconisées incluent démarrer en mode sans échec, désactiver temporairement l'antivirus et la connexion Internet, afficher les fichiers cachés et les extensions connues, puis utiliser KillBox pour supprimer common32.dll et nettoyer les fichiers temporaires. D'autres étapes recommandées incluent l'emploi d'outils tels que Cleanup et RegCleaner pour vider la corbeille, supprimer les cookies et nettoyer le registre, puis redémarrer normalement et vérifier l'état après redémarrage. En complément, les logs antivirus indiquent l'infection du fichier common32.dll et des services associés.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. ben13010 Messages postés 3369 Statut Contributeur 387
     
    salut

    fixe et efface le fichier correspondant s'il existe ( en gras )

    O2 - BHO: (no name) - {EE5C363D-7627-4F21-98AE-4CBCC1DBD650} - C:\WINDOWS\system32\common32.dll (file missing)

    vide ta corbeille

    passe les logiciels cleanup , ccleaner a2 free , spybot et ewido

    fais un scan en ligne sur http://www.bitdefender.fr/bd/site/page.php

    poste les rapports de tous ces logiciels et de bit defender

    reposte un hijack ensuite

    bye

    ps : je crois pas avoir vu de firewall , installe zone alarm
    0
  2. loco4 Messages postés 60 Statut Membre
     
    saluttttttttttttt

    rien a faire.
    il revient a chaque fois .
    j'ai meme scaner avec drWeb .
    ils les trouvent .mais ils sont toujours la des que je redemarre mon pc

    Logfile of HijackThis v1.99.1
    Scan saved at 17:27:36, on 23/11/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVPersonal\AVGUARD.EXE
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\AVPersonal\AVGNT.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\laulau\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [MS Critical Security Installer] %Windir%\game.exe
    O4 - HKLM\..\Run: [Network Interface Device Driver] C:\WINDOWS\System32\mcm.exe
    O4 - HKLM\..\Run: [DrWebScheduler] "C:\Program Files\DrWeb\DRWEBSCD.EXE"
    O4 - HKLM\..\Run: [Printer Driver] C:\WINDOWS\System32\accessdb.exe
    O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128718991625
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E725002D-DBB6-47B0-8A41-2BE4CCDF29E9}: NameServer = 213.36.80.1 213.36.80.1
    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    0
  3. ben13010 Messages postés 3369 Statut Contributeur 387
     
    t'a supprimé le fichier en gras ?

    common32.dll

    bye
    0
    1. loco4 Messages postés 60 Statut Membre
       
      salut
      tu ne peux plus m'aider ?

      SNIFFFFFFFFFFFF
      0
  4. loco4 Messages postés 60 Statut Membre
     
    yes
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    salut c'est quoi le nom du virus? et c'est quoi le nom du fichier infecter par le virus?
    @++++++
    0
  7. ben13010 Messages postés 3369 Statut Contributeur 387
     
    re

    reposte un rapport mais tu l'a plus le bho suspect non ? je le vois pas dans ton dernier rapport
    0
  8. loco4 Messages postés 60 Statut Membre
     
    saluttttt

    oui. on le vois plus!!
    mais il est toujours la.

    quand je redamarre mon pc il revient.
    mon anti virus m'indique

    C:\WINDOWS\SYSTEM32\COMMON32.DLL

    Is the Trojan horse TR/Click.Delf.CU.2

    alors je fix et sup.
    et la il disparé de mon rapport..
    je redemarre mon pc et le revoila .

    haaaaaaaaaaaaaaaaaaaaa
    0
  9. Utilisateur anonyme
     
    salut essay ca :
    1.redemarre en mode sans echec (redemarage + tapotte sans arret sur F8 desque l'ordi s'allume)

    2. desactive ta restauration (pour win xp ) comme ceci :
    clike droit sur post de travaille/proprietes/restauration system et la tu coche desactiver la restauration du systeme tu applique

    3. affiche les fichier cacher comme ceci :
    clicker sur demarrer/panneau de configuration/option des dossiers/affichage
    Cocher afficher les dossiers cacher
    Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
    Puis fais «Ok» pour valider les changements.
    Decocher masquer les extentions dont le type est connues

    4.ensuite va dans demarrer/rechercher et tape:
    COMMON32.DLL
    suprime le et vide ta corebeille

    refait un scan si tt va bien reactive la restauration et masque les fichiers caché en suivant le meme chemin

    @+++++++
    0
  10. loco4 Messages postés 60 Statut Membre
     
    je viens de tout faire
    et il est toujours la.

    que faire...............
    0
  11. Utilisateur anonyme
     
    salut

    essai ceci stp
    demarer < poste de travail < c < program files < av personal < logfiles < NTGRDRT < copie / colle tout ce qu il y a a l interieur stp

    +

    Telecharge ceci
    http://www.silentrunners.org/Silent%20Runners.vbs
    Execute le,atends quelques minutes, il va creer ensuite un dossier juste a coté de silent runner sous format texte, copie/colle ce qu il te donnera

    A+
    0
  12. Utilisateur anonyme
     
    salut telecharge a et execute ces antispywares ( pense a les mettre a jour avant de les lancées)
    (1) ad-aware version 1.06

    (ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
    voir demo
    http://pageperso.aol.fr/balltrap34/adwseflash.zip
    ***
    (2) spybot version 1.4

    (ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite

    voir demo d utilisation
    http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
    ***
    et aussi ceci
    (3) CleanUp40.exe
    http://www.florensac-chasse-trap.com/ section virus/logiciel de securite

    voir demo
    http://pageperso.aol.fr/balltrap34/democleanup.htm
    ***
    (4) a2

    http://www.emsisoft.net/fr/
    penser a le metre a jour avant de scanner le pc
    ***
    ps : un grand merci a balltrap pour les lien :)

    (5) Edwido
    http://download.ewido.net/ewido-setup.exe
    Pendant l'installation, sur la page "Additional Options", décoche les deux options "Install background guard" et "Install scan via context menu Ewido Security Suite. Clique sur mise à jour.

    Clique sur scanner puis sur scan complet du système.

    (6) SmitfraudFix
    http://siri.urz.free.fr/Fix/SmitfraudFix.zip

    @+++++++
    0
  13. loco4 Messages postés 60 Statut Membre
     
    voila je colle

    C:\Windows\System32\commo.dll.exe 23/11/2005,20:06:59 ---------------------------------------------------------
    23/11/2005,20:06:59 [INIT] The AVGuard Service is starting.
    23/11/2005,20:07:00 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    23/11/2005,20:07:01 [INFO] Start Filter Device.
    23/11/2005,20:07:01 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.14.17
    23/11/2005,20:07:01 AVGuard has been started successfully!
    23/11/2005,20:07:03 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    23/11/2005,20:07:03 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaa26f732.
    23/11/2005,20:08:43 [INFO] Stop Filter Device.
    23/11/2005,20:08:44 AVGuard service has been stopped!
    23/11/2005,20:08:49 ---------------------------------------------------------
    23/11/2005,20:08:49 [INIT] The AVGuard Service is starting.
    23/11/2005,20:08:49 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    23/11/2005,20:08:50 [INFO] Start Filter Device.
    23/11/2005,20:08:50 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
    23/11/2005,20:08:50 AVGuard has been started successfully!
    23/11/2005,20:09:29 [INFO] Stop Filter Device.
    23/11/2005,20:09:30 AVGuard service has been stopped!
    23/11/2005,20:10:45 ---------------------------------------------------------
    23/11/2005,20:10:45 [INIT] The AVGuard Service is starting.
    23/11/2005,20:10:46 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    23/11/2005,20:10:48 [INFO] Start Filter Device.
    23/11/2005,20:10:48 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
    23/11/2005,20:10:48 AVGuard has been started successfully!
    23/11/2005,20:10:49 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
    C:\WINDOWS\SYSTEM32\COMMON32.DLL
    23/11/2005,20:10:49 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
    C:\WINDOWS\SYSTEM32\COMMON32.DLL
    23/11/2005,20:11:29 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    23/11/2005,20:11:29 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaab829e.
    23/11/2005,20:11:27 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
    C:\WINDOWS\SYSTEM32\COMMON32.DLL
    23/11/2005,20:11:28 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
    C:\WINDOWS\SYSTEM32\COMMON32.DLL
    23/11/2005,20:38:16 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
    C:\WINDOWS\SYSTEM32\COMMON32.DLL
    23/11/2005,20:39:47 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
    C:\WINDOWS\SYSTEM32\COMMON32.DLL
    23/11/2005,20:40:45 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
    C:\WINDOWS\SYSTEM32\COMMON32.DLL
    23/11/2005,20:48:40 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
    C:\WINDOWS\SYSTEM32\COMMON32.DLL
    23/11/2005,21:04:08 [INFO] Stop Filter Device.
    23/11/2005,21:04:16 AVGuard service has been stopped!
    23/11/2005,21:05:24 ---------------------------------------------------------
    23/11/2005,21:05:24 [INIT] The AVGuard Service is starting.
    23/11/2005,21:05:25 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    23/11/2005,21:05:27 [INFO] Start Filter Device.
    23/11/2005,21:05:27 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
    23/11/2005,21:05:27 AVGuard has been started successfully!
    23/11/2005,21:05:34 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    23/11/2005,21:05:34 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa071e.
    23/11/2005,21:05:34 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
    C:\WINDOWS\SYSTEM32\COMMON32.DLL
    23/11/2005,21:05:33 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
    C:\WINDOWS\SYSTEM32\COMMON32.DLL
    23/11/2005,21:33:40 [INFO] Stop Filter Device.
    23/11/2005,21:33:40 AVGuard service has been stopped!
    23/11/2005,22:52:56 ---------------------------------------------------------
    23/11/2005,22:52:56 [INIT] The AVGuard Service is starting.
    23/11/2005,22:52:57 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    23/11/2005,22:52:59 [INFO] Start Filter Device.
    23/11/2005,22:52:59 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
    23/11/2005,22:52:59 AVGuard has been started successfully!
    23/11/2005,22:53:09 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    23/11/2005,22:53:09 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa180c.
    23/11/2005,22:53:07 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
    C:\WINDOWS\SYSTEM32\COMMON32.DLL
    23/11/2005,22:53:07 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
    C:\WINDOWS\SYSTEM32\COMMON32.DLL
    23/11/2005,22:53:42 [INFO] Stop Filter Device.
    23/11/2005,22:53:42 AVGuard service has been stopped!
    24/11/2005,08:12:03 ---------------------------------------------------------
    24/11/2005,08:12:03 [INIT] The AVGuard Service is starting.
    24/11/2005,08:12:04 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    24/11/2005,08:12:06 [INFO] Start Filter Device.
    24/11/2005,08:12:06 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
    24/11/2005,08:12:06 AVGuard has been started successfully!
    24/11/2005,08:12:07 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
    C:\WINDOWS\SYSTEM32\COMMON32.DLL
    24/11/2005,08:12:55 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    24/11/2005,08:12:55 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaabe3e2.
    24/11/2005,08:12:55 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
    C:\WINDOWS\SYSTEM32\COMMON32.DLL
    24/11/2005,08:12:55 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
    C:\WINDOWS\SYSTEM32\COMMON32.DLL
    24/11/2005,14:13:46 [INFO] Stop Filter Device.
    24/11/2005,14:13:47 AVGuard service has been stopped!
    24/11/2005,14:15:03 ---------------------------------------------------------
    24/11/2005,14:15:03 [INIT] The AVGuard Service is starting.
    24/11/2005,14:15:04 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    24/11/2005,14:15:06 [INFO] Start Filter Device.
    24/11/2005,14:15:06 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
    24/11/2005,14:15:06 AVGuard has been started successfully!
    24/11/2005,14:15:08 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
    C:\WINDOWS\SYSTEM32\COMMON32.DLL
    File has been moved to quarantine directory!
    24/11/2005,14:15:41 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    24/11/2005,14:15:41 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaabb653.
    24/11/2005,14:15:41 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
    C:\WINDOWS\SYSTEM32\COMMON32.DLL
    File has been moved to quarantine directory!
    24/11/2005,14:19:24 [INFO] Stop Filter Device.
    24/11/2005,14:19:24 AVGuard service has been stopped!
    24/11/2005,14:20:39 ---------------------------------------------------------
    24/11/2005,14:20:39 [INIT] The AVGuard Service is starting.
    24/11/2005,14:20:39 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    24/11/2005,14:20:42 [INFO] Start Filter Device.
    24/11/2005,14:20:42 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
    24/11/2005,14:20:42 AVGuard has been started successfully!
    24/11/2005,14:20:48 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    24/11/2005,14:20:48 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa094b.
    24/11/2005,14:20:50 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
    C:\WINDOWS\SYSTEM32\COMMON32.DLL
    24/11/2005,14:20:50 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
    C:\WINDOWS\SYSTEM32\COMMON32.DLL
    24/11/2005,14:21:08 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
    C:\WINDOWS\SYSTEM32\COMMON32.DLL
    24/11/2005,14:22:34 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
    C:\WINDOWS\SYSTEM32\COMMON32.DLL
    24/11/2005,14:22:47 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
    C:\WINDOWS\SYSTEM32\COMMON32.DLL
    24/11/2005,14:24:44 [INFO] Stop Filter Device.
    24/11/2005,14:24:44 AVGuard service has been stopped!
    24/11/2005,14:26:01 ---------------------------------------------------------
    24/11/2005,14:26:01 [INIT] The AVGuard Service is starting.
    24/11/2005,14:26:02 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    24/11/2005,14:26:05 [INFO] Start Filter Device.
    24/11/2005,14:26:05 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
    24/11/2005,14:26:05 AVGuard has been started successfully!
    24/11/2005,14:28:30 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
    C:\WINDOWS\SYSTEM32\COMMON32.DLL
    File has been moved to quarantine directory!
    24/11/2005,14:28:38 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
    C:\WINDOWS\SYSTEM32\COMMON32.DLL
    File has been moved to quarantine directory!
    24/11/2005,14:28:54 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    24/11/2005,14:28:54 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa98ecb.
    24/11/2005,14:28:53 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
    C:\WINDOWS\SYSTEM32\COMMON32.DLL
    File has been moved to quarantine directory!
    24/11/2005,14:30:50 [INFO] Stop Filter Device.
    24/11/2005,14:30:51 AVGuard service has been stopped!
    24/11/2005,14:32:07 ---------------------------------------------------------
    24/11/2005,14:32:07 [INIT] The AVGuard Service is starting.
    24/11/2005,14:32:07 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    24/11/2005,14:32:10 [INFO] Start Filter Device.
    24/11/2005,14:32:10 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
    24/11/2005,14:32:10 AVGuard has been started successfully!
    24/11/2005,14:34:39 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
    C:\WINDOWS\SYSTEM32\COMMON32.DLL
    File has been moved to quarantine directory!
    24/11/2005,14:34:45 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
    C:\WINDOWS\SYSTEM32\COMMON32.DLL
    File has been moved to quarantine directory!
    24/11/2005,14:35:04 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    24/11/2005,14:35:04 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa99695.
    24/11/2005,14:35:05 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
    C:\WINDOWS\SYSTEM32\COMMON32.DLL
    File has been moved to quarantine directory!
    24/11/2005,14:48:37 [INFO] Stop Filter Device.
    24/11/2005,14:48:38 AVGuard service has been stopped!
    24/11/2005,14:49:53 ---------------------------------------------------------
    24/11/2005,14:49:53 [INIT] The AVGuard Service is starting.
    24/11/2005,14:49:53 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    24/11/2005,14:49:56 [INFO] Start Filter Device.
    24/11/2005,14:49:56 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
    24/11/2005,14:49:56 AVGuard has been started successfully!
    24/11/2005,14:52:33 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
    C:\WINDOWS\SYSTEM32\COMMON32.DLL
    24/11/2005,14:52:40 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
    C:\WINDOWS\SYSTEM32\COMMON32.DLL
    24/11/2005,14:52:59 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    24/11/2005,14:52:59 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa9f069.
    24/11/2005,14:52:56 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
    C:\WINDOWS\SYSTEM32\COMMON32.DLL
    24/11/2005,15:52:36 [INFO] Stop Filter Device.
    24/11/2005,15:52:38 AVGuard service has been stopped!
    24/11/2005,15:53:51 ---------------------------------------------------------
    24/11/2005,15:53:51 [INIT] The AVGuard Service is starting.
    24/11/2005,15:53:52 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    24/11/2005,15:53:54 [INFO] Start Filter Device.
    24/11/2005,15:53:54 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
    24/11/2005,15:53:54 AVGuard has been started successfully!
    24/11/2005,15:56:32 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
    C:\WINDOWS\SYSTEM32\COMMON32.DLL
    File has been moved to quarantine directory!
    24/11/2005,15:56:43 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
    C:\WINDOWS\SYSTEM32\COMMON32.DLL
    File has been moved to quarantine directory!
    24/11/2005,15:56:59 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    24/11/2005,15:56:59 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa9f53c.
    24/11/2005,15:56:59 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
    C:\WINDOWS\SYSTEM32\COMMON32.DLL
    File has been moved to quarantine directory!
    24/11/2005,16:51:59 [INFO] Stop Filter Device.
    24/11/2005,16:52:00 AVGuard service has been stopped!
    24/11/2005,16:53:02 ---------------------------------------------------------
    24/11/2005,16:53:02 [INIT] The AVGuard Service is starting.
    24/11/2005,16:53:03 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    24/11/2005,16:53:05 [INFO] Start Filter Device.
    24/11/2005,16:53:05 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
    24/11/2005,16:53:05 AVGuard has been started successfully!
    24/11/2005,16:55:47 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
    C:\WINDOWS\SYSTEM32\COMMON32.DLL
    24/11/2005,16:56:07 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
    C:\WINDOWS\SYSTEM32\COMMON32.DLL
    24/11/2005,16:56:22 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    24/11/2005,16:56:22 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa9c1b5.
    24/11/2005,16:56:23 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
    C:\WINDOWS\SYSTEM32\COMMON32.DLL
    24/11/2005,17:23:40 [INFO] Stop Filter Device.
    24/11/2005,17:23:40 AVGuard service has been stopped!
    24/11/2005,17:55:23 ---------------------------------------------------------
    24/11/2005,17:55:23 [INIT] The AVGuard Service is starting.
    24/11/2005,17:55:24 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    24/11/2005,17:55:26 [INFO] Start Filter Device.
    24/11/2005,17:55:26 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
    24/11/2005,17:55:26 AVGuard has been started successfully!
    24/11/2005,17:55:26 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
    C:\WINDOWS\SYSTEM32\COMMON32.DLL
    File has been deleted!
    24/11/2005,17:57:09 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    24/11/2005,17:57:10 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa89b9d.
    24/11/2005,17:57:13 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
    C:\WINDOWS\SYSTEM32\COMMON32.DLL
    File has been deleted!
    24/11/2005,17:58:01 [INFO] Stop Filter Device.
    24/11/2005,17:58:01 AVGuard service has been stopped!
    24/11/2005,17:59:18 ---------------------------------------------------------
    24/11/2005,17:59:18 [INIT] The AVGuard Service is starting.
    24/11/2005,17:59:19 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    24/11/2005,17:59:21 [INFO] Start Filter Device.
    24/11/2005,17:59:21 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
    24/11/2005,17:59:21 AVGuard has been started successfully!
    24/11/2005,17:59:22 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
    C:\WINDOWS\SYSTEM32\COMMON32.DLL
    File has been deleted!
    24/11/2005,17:59:59 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    24/11/2005,17:59:59 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa5448.
    24/11/2005,17:59:59 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
    C:\WINDOWS\SYSTEM32\COMMON32.DLL
    File has been deleted!
    24/11/2005,18:00:34 [INFO] Stop Filter Device.
    24/11/2005,18:00:35 AVGuard service has been stopped!
    24/11/2005,18:01:39 ---------------------------------------------------------
    24/11/2005,18:01:39 [INIT] The AVGuard Service is starting.
    24/11/2005,18:01:39 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    24/11/2005,18:01:42 [INFO] Start Filter Device.
    24/11/2005,18:01:42 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
    24/11/2005,18:01:42 AVGuard has been started successfully!
    24/11/2005,18:01:49 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    24/11/2005,18:01:49 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa2db8.
    24/11/2005,18:01:47 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
    C:\WINDOWS\SYSTEM32\COMMON32.DLL
    File has been deleted!
    24/11/2005,18:01:46 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
    C:\WINDOWS\SYSTEM32\COMMON32.DLL
    Unable to delete the file:
    0x00000002 - Le fichier spécifié est introuvable.
    24/11/2005,18:05:31 [INFO] Stop Filter Device.
    24/11/2005,18:05:31 AVGuard service has been stopped!
    24/11/2005,18:06:43 ---------------------------------------------------------
    24/11/2005,18:06:43 [INIT] The AVGuard Service is starting.
    24/11/2005,18:06:44 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    24/11/2005,18:06:46 [INFO] Start Filter Device.
    24/11/2005,18:06:46 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
    24/11/2005,18:06:46 AVGuard has been started successfully!
    24/11/2005,18:06:52 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    24/11/2005,18:06:52 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa2e8e.
    24/11/2005,18:06:54 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
    C:\WINDOWS\SYSTEM32\COMMON32.DLL
    24/11/2005,18:07:30 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
    C:\WINDOWS\SYSTEM32\COMMON32.DLL
    24/11/2005,18:08:46 [INFO] Stop Filter Device.
    24/11/2005,18:08:46 AVGuard service has been stopped!
    24/11/2005,19:59:20 ---------------------------------------------------------
    24/11/2005,19:59:20 [INIT] The AVGuard Service is starting.
    24/11/2005,19:59:21 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    24/11/2005,19:59:23 [INFO] Start Filter Device.
    24/11/2005,19:59:23 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
    24/11/2005,19:59:23 AVGuard has been started successfully!
    24/11/2005,19:59:23 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
    C:\WINDOWS\SYSTEM32\COMMON32.DLL
    File has been moved to quarantine directory!
    24/11/2005,19:59:57 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    24/11/2005,19:59:57 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa5d34.
    24/11/2005,19:59:59 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
    C:\WINDOWS\SYSTEM32\COMMON32.DLL
    File has been moved to quarantine directory!

    "Silent Runners.vbs", revision 41, http://www.silentrunners.org/
    Operating System: Windows XP
    Output limited to non-default values, except where indicated by "{++}"

    Startup items buried in registry:
    ---------------------------------

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
    "NvCplDaemon" = "RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" [MS]
    "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
    "NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
    "InCD" = "C:\Program Files\Ahead\InCD\InCD.exe" ["Ahead Software AG"]
    "MS Critical Security Installer" = "%Windir%\game.exe" [file not found]
    "Network Interface Device Driver" = "C:\WINDOWS\System32\mcm.exe" [null data]
    "Printer Driver" = "C:\WINDOWS\System32\accessdb.exe" [null data]
    "AVGCtrl" = ""C:\Program Files\AVPersonal\AVGNT.EXE" /min" ["H+BEDV Datentechnik GmbH"]

    HKLM\Software\Microsoft\Active Setup\Installed Components\
    {460BB7AC-4C41-49F2-8BF2-34270F15ED74}\(Default) = (no title provided)
    \StubPath = "C:\WINDOWS\System32\rtp.exe" [null data]
    {87D6584F-729D-4302-9192-9549AE2EA38B}\(Default) = (no title provided)
    \StubPath = "C:\WINDOWS\MS VerNet.exe" [null data]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
    {EE5C363D-7627-4F21-98AE-4CBCC1DBD650}\(Default) = (no title provided)
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\common32.dll" [file not found]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
    -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
    0
  14. Utilisateur anonyme
     
    salut
    1/le rapport est pas entier, atends qqs minutes avant de le recuperer stp

    2/vide ta quarantaine
    c < program files < av personal < infected < vide tout ce qu il y a a l interieur et vide ta poubelle

    a+
    0
  15. loco4 Messages postés 60 Statut Membre
     
    ok

    Silent Runners.vbs", revision 41, http://www.silentrunners.org/
    Operating System: Windows XP
    Output limited to non-default values, except where indicated by "{++}"

    Startup items buried in registry:
    ---------------------------------

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
    "NvCplDaemon" = "RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" [MS]
    "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
    "NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
    "InCD" = "C:\Program Files\Ahead\InCD\InCD.exe" ["Ahead Software AG"]
    "MS Critical Security Installer" = "%Windir%\game.exe" [file not found]
    "Network Interface Device Driver" = "C:\WINDOWS\System32\mcm.exe" [null data]
    "Printer Driver" = "C:\WINDOWS\System32\accessdb.exe" [null data]
    "AVGCtrl" = ""C:\Program Files\AVPersonal\AVGNT.EXE" /min" ["H+BEDV Datentechnik GmbH"]

    HKLM\Software\Microsoft\Active Setup\Installed Components\
    {460BB7AC-4C41-49F2-8BF2-34270F15ED74}\(Default) = (no title provided)
    \StubPath = "C:\WINDOWS\System32\rtp.exe" [null data]
    {87D6584F-729D-4302-9192-9549AE2EA38B}\(Default) = (no title provided)
    \StubPath = "C:\WINDOWS\MS VerNet.exe" [null data]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
    {EE5C363D-7627-4F21-98AE-4CBCC1DBD650}\(Default) = (no title provided)
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\common32.dll" [file not found]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
    -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
    "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
    "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Explorateur de Bureau"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
    "{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Ahead\InCD\incdshx.dll" ["Ahead Software, Karlsbad, Germany"]

    HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
    AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

    HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
    AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

    Active Desktop and Wallpaper:
    -----------------------------

    Active Desktop is disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    HKCU\Control Panel\Desktop\
    "Wallpaper" = "C:\Documents and Settings\laulau\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

    Enabled Screen Saver:
    ---------------------

    HKCU\Control Panel\Desktop\
    "SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]

    Startup items in "laulau" & "All Users" startup folders:
    --------------------------------------------------------

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    "DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe" [empty string]
    "InterVideo WinCinema Manager" -> shortcut to: "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" [empty string]
    "Lancement rapide d'Adobe Reader" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
    "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
    "Rappels du Calendrier Microsoft Works" -> shortcut to: "C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe" ["Microsoft® Corporation"]

    Winsock2 Service Provider DLLs:
    -------------------------------

    Namespace Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    Transport Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Extensions (Tools menu items, main toolbar menu buttons)

    HKLM\Software\Microsoft\Internet Explorer\Extensions\
    {FB5F1910-F110-11D2-BB9E-00C04F795683}\
    "ButtonText" = "Messenger"
    "MenuText" = "Messenger"
    "Exec" = "C:\Program Files\Messenger\MSMSGS.EXE" [MS]

    Miscellaneous IE Hijack Points
    ------------------------------

    C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

    Added lines (compared with English-language version):
    [Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"

    Missing lines (compared with English-language version):
    [Strings]: 1 line

    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------

    AntiVir Service, AntiVirService, ""C:\Program Files\AVPersonal\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"]
    AntiVir Update, AVWUpSrv, ""C:\Program Files\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"]
    C-DillaCdaC11BA, C-DillaCdaC11BA, "C:\WINDOWS\System32\drivers\CDAC11BA.EXE" ["Macrovision"]
    InCD File System Service, InCDsrv, "C:\Program Files\Ahead\InCD\InCDsrv.exe" ["AHEAD Software"]
    NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
    SmartLinkService, SLService, "slserv.exe" [" "]
    Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]

    Print Monitors:
    ---------------

    HKLM\System\CurrentControlSet\Control\Print\Monitors\
    Canon BJ Language Monitor i250\Driver = "CNMLM50.DLL" ["CANON INC."]

    ----------
    + This report excludes default entries except where indicated.
    + To see *everywhere* the script checks and *everything* it finds,
    launch it from a command prompt or a shortcut with the -all parameter.
    + To search all directories of local fixed drives for DESKTOP.INI
    DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
    use the -supp parameter or answer "No" at the first message box.
    ---------- (total run time: 47 seconds, including 6 seconds for message boxes)
    0
  16. Utilisateur anonyme
     
    salut

    Télécharge: Pocket Killbox ici
    http://www.downloads.subratam.org/KillBox.exe

    :: Démo d utilisation (merci a Balltrap34 pour cette réalisation) ::
    http://pageperso.aol.fr/balltrap34/killbox.htm

    Double clic sur killbox.exe (Pocket Killbox)

    - coche: delete on reboot
    - Dans "Full Path of File to Delete"
    copie et colle:

    C:\WINDOWS\SYSTEM32\COMMON32.DLL

    - clique sur la croix rouge
    - une fenêtre va apparaître pour confirmation clique sur YES
    - une seconde fenêtre te demande si tu veux redémarrer clique sur YES

    Laisse le pc redémarrer.
    Et après reposte un log HijackThis.

    A+
    0
  17. loco4 Messages postés 60 Statut Membre
     
    j'ai deja fait .

    dossier introuvable C:\WINDOWS\SYSTEM32\COMMON32.DLL
    a la place de COMMON32 je trouve cmmon32
    0
  18. Utilisateur anonyme
     
    re,
    fais une recherche et dis moi si tu as ceci
    commop.exe
    battlenet.exe
    commonaccess.exe
    memswapmanger.pif
    msfirewall.exe
    opsys.exe
    DirectX.exe
    screensaver.scr

    a+
    0
  19. loco4 Messages postés 60 Statut Membre
     
    salutttttttttttttt

    rien de chez rien...
    0
  20. Utilisateur anonyme
     
    salut as tu afficher les fichier caché avant de faire une recherche :
    affiche les fichier cacher comme ceci :
    clicker sur demarrer/panneau de configuration/option des dossiers/affichage
    Cocher afficher les dossiers cacher
    Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
    Puis fais «Ok» pour valider les changements.
    Decocher masquer les extentions dont le type est connues
    @++++++++++
    0
  • 1
  • 2
  • 3
  • 4