Sujet Précédent Sujet Suivant

Infecter par trojan tr/click delf CU2

Résolu/Fermé
loco4 Messages postés 59 Date d'inscription dimanche 25 septembre 2005 Statut Membre Dernière intervention 16 avril 2016 - 22 nov. 2005 à 17:38
 Utilisateur anonyme - 6 déc. 2005 à 20:07
salutttttttt

voila!!

mon antivirus (antivir) dectecte le virus au demarrage de mon pc et me met une fenetre " WARNING ".
deny access et je clic sur ok.
mais il revient a chaque demarrage de mon pc.

Logfile of HijackThis v1.99.1
Scan saved at 17:38:06, on 22/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Documents and Settings\laulau\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {EE5C363D-7627-4F21-98AE-4CBCC1DBD650} - C:\WINDOWS\system32\common32.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [MS Critical Security Installer] %Windir%\game.exe
O4 - HKLM\..\Run: [Printer Driver] C:\WINDOWS\System32\accessdb.exe
O4 - HKLM\..\Run: [Network Interface Device Driver] C:\WINDOWS\System32\mcm.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128718991625
O17 - HKLM\System\CCS\Services\Tcpip\..\{E725002D-DBB6-47B0-8A41-2BE4CCDF29E9}: NameServer = 213.36.80.1 213.36.80.1
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
A voir également:

65 réponses

Réponse 1 / 65
ben13010 Messages postés 3356 Date d'inscription vendredi 24 septembre 2004 Statut Contributeur Dernière intervention 5 octobre 2012 387
22 nov. 2005 à 17:50
salut

fixe et efface le fichier correspondant s'il existe ( en gras )

O2 - BHO: (no name) - {EE5C363D-7627-4F21-98AE-4CBCC1DBD650} - C:\WINDOWS\system32\common32.dll (file missing)


vide ta corbeille

passe les logiciels cleanup , ccleaner a2 free , spybot et ewido

fais un scan en ligne sur http://www.bitdefender.fr/bd/site/page.php

poste les rapports de tous ces logiciels et de bit defender

reposte un hijack ensuite

bye


ps : je crois pas avoir vu de firewall , installe zone alarm
0
Réponse 2 / 65
loco4 Messages postés 59 Date d'inscription dimanche 25 septembre 2005 Statut Membre Dernière intervention 16 avril 2016
23 nov. 2005 à 17:28
saluttttttttttttt

rien a faire.
il revient a chaque fois .
j'ai meme scaner avec drWeb .
ils les trouvent .mais ils sont toujours la des que je redemarre mon pc

Logfile of HijackThis v1.99.1
Scan saved at 17:27:36, on 23/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\laulau\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [MS Critical Security Installer] %Windir%\game.exe
O4 - HKLM\..\Run: [Network Interface Device Driver] C:\WINDOWS\System32\mcm.exe
O4 - HKLM\..\Run: [DrWebScheduler] "C:\Program Files\DrWeb\DRWEBSCD.EXE"
O4 - HKLM\..\Run: [Printer Driver] C:\WINDOWS\System32\accessdb.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128718991625
O17 - HKLM\System\CCS\Services\Tcpip\..\{E725002D-DBB6-47B0-8A41-2BE4CCDF29E9}: NameServer = 213.36.80.1 213.36.80.1
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
0
Réponse 3 / 65
ben13010 Messages postés 3356 Date d'inscription vendredi 24 septembre 2004 Statut Contributeur Dernière intervention 5 octobre 2012 387
23 nov. 2005 à 17:31
t'a supprimé le fichier en gras ?

common32.dll

bye
0
loco4 Messages postés 59 Date d'inscription dimanche 25 septembre 2005 Statut Membre Dernière intervention 16 avril 2016
24 nov. 2005 à 14:45
salut
tu ne peux plus m'aider ?

SNIFFFFFFFFFFFF
0
Réponse 4 / 65
loco4 Messages postés 59 Date d'inscription dimanche 25 septembre 2005 Statut Membre Dernière intervention 16 avril 2016
23 nov. 2005 à 17:45
yes
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 65
Utilisateur anonyme
24 nov. 2005 à 14:59
salut c'est quoi le nom du virus? et c'est quoi le nom du fichier infecter par le virus?
@++++++
0
Réponse 6 / 65
ben13010 Messages postés 3356 Date d'inscription vendredi 24 septembre 2004 Statut Contributeur Dernière intervention 5 octobre 2012 387
24 nov. 2005 à 16:38
re

reposte un rapport mais tu l'a plus le bho suspect non ? je le vois pas dans ton dernier rapport
0
Réponse 7 / 65
loco4 Messages postés 59 Date d'inscription dimanche 25 septembre 2005 Statut Membre Dernière intervention 16 avril 2016
24 nov. 2005 à 17:08
saluttttt

oui. on le vois plus!!
mais il est toujours la.

quand je redamarre mon pc il revient.
mon anti virus m'indique

C:\WINDOWS\SYSTEM32\COMMON32.DLL

Is the Trojan horse TR/Click.Delf.CU.2

alors je fix et sup.
et la il disparé de mon rapport..
je redemarre mon pc et le revoila .

haaaaaaaaaaaaaaaaaaaaa
0
Réponse 8 / 65
Utilisateur anonyme
24 nov. 2005 à 17:13
salut essay ca :
1.redemarre en mode sans echec (redemarage + tapotte sans arret sur F8 desque l'ordi s'allume)

2. desactive ta restauration (pour win xp ) comme ceci :
clike droit sur post de travaille/proprietes/restauration system et la tu coche desactiver la restauration du systeme tu applique

3. affiche les fichier cacher comme ceci :
clicker sur demarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cacher
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Puis fais «Ok» pour valider les changements.
Decocher masquer les extentions dont le type est connues

4.ensuite va dans demarrer/rechercher et tape:
COMMON32.DLL
suprime le et vide ta corebeille

refait un scan si tt va bien reactive la restauration et masque les fichiers caché en suivant le meme chemin

@+++++++
0
Réponse 9 / 65
loco4 Messages postés 59 Date d'inscription dimanche 25 septembre 2005 Statut Membre Dernière intervention 16 avril 2016
24 nov. 2005 à 20:07
je viens de tout faire
et il est toujours la.

que faire...............
0
Réponse 10 / 65
Utilisateur anonyme
24 nov. 2005 à 20:15
salut

essai ceci stp
demarer < poste de travail < c < program files < av personal < logfiles < NTGRDRT < copie / colle tout ce qu il y a a l interieur stp

+

Telecharge ceci
http://www.silentrunners.org/Silent%20Runners.vbs
Execute le,atends quelques minutes, il va creer ensuite un dossier juste a coté de silent runner sous format texte, copie/colle ce qu il te donnera

A+
0
Réponse 11 / 65
Utilisateur anonyme
24 nov. 2005 à 20:18
salut telecharge a et execute ces antispywares ( pense a les mettre a jour avant de les lancées)
(1) ad-aware version 1.06

(ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
voir demo
http://pageperso.aol.fr/balltrap34/adwseflash.zip
***
(2) spybot version 1.4

(ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite


voir demo d utilisation
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
***
et aussi ceci
(3) CleanUp40.exe
http://www.florensac-chasse-trap.com/ section virus/logiciel de securite

voir demo
http://pageperso.aol.fr/balltrap34/democleanup.htm
***
(4) a2

http://www.emsisoft.net/fr/
penser a le metre a jour avant de scanner le pc
***
ps : un grand merci a balltrap pour les lien :)

(5) Edwido
http://download.ewido.net/ewido-setup.exe
Pendant l'installation, sur la page "Additional Options", décoche les deux options "Install background guard" et "Install scan via context menu Ewido Security Suite. Clique sur mise à jour.

Clique sur scanner puis sur scan complet du système.

(6) SmitfraudFix
http://siri.urz.free.fr/Fix/SmitfraudFix.zip

@+++++++
0
Réponse 12 / 65
loco4 Messages postés 59 Date d'inscription dimanche 25 septembre 2005 Statut Membre Dernière intervention 16 avril 2016
24 nov. 2005 à 20:46
voila je colle

C:\Windows\System32\commo.dll.exe 23/11/2005,20:06:59 ---------------------------------------------------------
23/11/2005,20:06:59 [INIT] The AVGuard Service is starting.
23/11/2005,20:07:00 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
23/11/2005,20:07:01 [INFO] Start Filter Device.
23/11/2005,20:07:01 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.14.17
23/11/2005,20:07:01 AVGuard has been started successfully!
23/11/2005,20:07:03 [LOGON] Connection request by remote computer. Establishing secure communication channel.
23/11/2005,20:07:03 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaa26f732.
23/11/2005,20:08:43 [INFO] Stop Filter Device.
23/11/2005,20:08:44 AVGuard service has been stopped!
23/11/2005,20:08:49 ---------------------------------------------------------
23/11/2005,20:08:49 [INIT] The AVGuard Service is starting.
23/11/2005,20:08:49 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
23/11/2005,20:08:50 [INFO] Start Filter Device.
23/11/2005,20:08:50 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
23/11/2005,20:08:50 AVGuard has been started successfully!
23/11/2005,20:09:29 [INFO] Stop Filter Device.
23/11/2005,20:09:30 AVGuard service has been stopped!
23/11/2005,20:10:45 ---------------------------------------------------------
23/11/2005,20:10:45 [INIT] The AVGuard Service is starting.
23/11/2005,20:10:46 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
23/11/2005,20:10:48 [INFO] Start Filter Device.
23/11/2005,20:10:48 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
23/11/2005,20:10:48 AVGuard has been started successfully!
23/11/2005,20:10:49 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
23/11/2005,20:10:49 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
23/11/2005,20:11:29 [LOGON] Connection request by remote computer. Establishing secure communication channel.
23/11/2005,20:11:29 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaab829e.
23/11/2005,20:11:27 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
23/11/2005,20:11:28 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
23/11/2005,20:38:16 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
23/11/2005,20:39:47 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
23/11/2005,20:40:45 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
23/11/2005,20:48:40 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
23/11/2005,21:04:08 [INFO] Stop Filter Device.
23/11/2005,21:04:16 AVGuard service has been stopped!
23/11/2005,21:05:24 ---------------------------------------------------------
23/11/2005,21:05:24 [INIT] The AVGuard Service is starting.
23/11/2005,21:05:25 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
23/11/2005,21:05:27 [INFO] Start Filter Device.
23/11/2005,21:05:27 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
23/11/2005,21:05:27 AVGuard has been started successfully!
23/11/2005,21:05:34 [LOGON] Connection request by remote computer. Establishing secure communication channel.
23/11/2005,21:05:34 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa071e.
23/11/2005,21:05:34 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
23/11/2005,21:05:33 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
23/11/2005,21:33:40 [INFO] Stop Filter Device.
23/11/2005,21:33:40 AVGuard service has been stopped!
23/11/2005,22:52:56 ---------------------------------------------------------
23/11/2005,22:52:56 [INIT] The AVGuard Service is starting.
23/11/2005,22:52:57 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
23/11/2005,22:52:59 [INFO] Start Filter Device.
23/11/2005,22:52:59 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
23/11/2005,22:52:59 AVGuard has been started successfully!
23/11/2005,22:53:09 [LOGON] Connection request by remote computer. Establishing secure communication channel.
23/11/2005,22:53:09 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa180c.
23/11/2005,22:53:07 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
23/11/2005,22:53:07 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
23/11/2005,22:53:42 [INFO] Stop Filter Device.
23/11/2005,22:53:42 AVGuard service has been stopped!
24/11/2005,08:12:03 ---------------------------------------------------------
24/11/2005,08:12:03 [INIT] The AVGuard Service is starting.
24/11/2005,08:12:04 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,08:12:06 [INFO] Start Filter Device.
24/11/2005,08:12:06 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,08:12:06 AVGuard has been started successfully!
24/11/2005,08:12:07 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,08:12:55 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,08:12:55 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaabe3e2.
24/11/2005,08:12:55 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,08:12:55 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,14:13:46 [INFO] Stop Filter Device.
24/11/2005,14:13:47 AVGuard service has been stopped!
24/11/2005,14:15:03 ---------------------------------------------------------
24/11/2005,14:15:03 [INIT] The AVGuard Service is starting.
24/11/2005,14:15:04 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,14:15:06 [INFO] Start Filter Device.
24/11/2005,14:15:06 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,14:15:06 AVGuard has been started successfully!
24/11/2005,14:15:08 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
24/11/2005,14:15:41 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,14:15:41 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaabb653.
24/11/2005,14:15:41 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
24/11/2005,14:19:24 [INFO] Stop Filter Device.
24/11/2005,14:19:24 AVGuard service has been stopped!
24/11/2005,14:20:39 ---------------------------------------------------------
24/11/2005,14:20:39 [INIT] The AVGuard Service is starting.
24/11/2005,14:20:39 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,14:20:42 [INFO] Start Filter Device.
24/11/2005,14:20:42 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,14:20:42 AVGuard has been started successfully!
24/11/2005,14:20:48 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,14:20:48 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa094b.
24/11/2005,14:20:50 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,14:20:50 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,14:21:08 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,14:22:34 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,14:22:47 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,14:24:44 [INFO] Stop Filter Device.
24/11/2005,14:24:44 AVGuard service has been stopped!
24/11/2005,14:26:01 ---------------------------------------------------------
24/11/2005,14:26:01 [INIT] The AVGuard Service is starting.
24/11/2005,14:26:02 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,14:26:05 [INFO] Start Filter Device.
24/11/2005,14:26:05 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,14:26:05 AVGuard has been started successfully!
24/11/2005,14:28:30 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
24/11/2005,14:28:38 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
24/11/2005,14:28:54 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,14:28:54 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa98ecb.
24/11/2005,14:28:53 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
24/11/2005,14:30:50 [INFO] Stop Filter Device.
24/11/2005,14:30:51 AVGuard service has been stopped!
24/11/2005,14:32:07 ---------------------------------------------------------
24/11/2005,14:32:07 [INIT] The AVGuard Service is starting.
24/11/2005,14:32:07 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,14:32:10 [INFO] Start Filter Device.
24/11/2005,14:32:10 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,14:32:10 AVGuard has been started successfully!
24/11/2005,14:34:39 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
24/11/2005,14:34:45 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
24/11/2005,14:35:04 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,14:35:04 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa99695.
24/11/2005,14:35:05 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
24/11/2005,14:48:37 [INFO] Stop Filter Device.
24/11/2005,14:48:38 AVGuard service has been stopped!
24/11/2005,14:49:53 ---------------------------------------------------------
24/11/2005,14:49:53 [INIT] The AVGuard Service is starting.
24/11/2005,14:49:53 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,14:49:56 [INFO] Start Filter Device.
24/11/2005,14:49:56 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,14:49:56 AVGuard has been started successfully!
24/11/2005,14:52:33 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,14:52:40 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,14:52:59 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,14:52:59 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa9f069.
24/11/2005,14:52:56 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,15:52:36 [INFO] Stop Filter Device.
24/11/2005,15:52:38 AVGuard service has been stopped!
24/11/2005,15:53:51 ---------------------------------------------------------
24/11/2005,15:53:51 [INIT] The AVGuard Service is starting.
24/11/2005,15:53:52 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,15:53:54 [INFO] Start Filter Device.
24/11/2005,15:53:54 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,15:53:54 AVGuard has been started successfully!
24/11/2005,15:56:32 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
24/11/2005,15:56:43 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
24/11/2005,15:56:59 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,15:56:59 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa9f53c.
24/11/2005,15:56:59 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
24/11/2005,16:51:59 [INFO] Stop Filter Device.
24/11/2005,16:52:00 AVGuard service has been stopped!
24/11/2005,16:53:02 ---------------------------------------------------------
24/11/2005,16:53:02 [INIT] The AVGuard Service is starting.
24/11/2005,16:53:03 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,16:53:05 [INFO] Start Filter Device.
24/11/2005,16:53:05 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,16:53:05 AVGuard has been started successfully!
24/11/2005,16:55:47 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,16:56:07 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,16:56:22 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,16:56:22 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa9c1b5.
24/11/2005,16:56:23 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,17:23:40 [INFO] Stop Filter Device.
24/11/2005,17:23:40 AVGuard service has been stopped!
24/11/2005,17:55:23 ---------------------------------------------------------
24/11/2005,17:55:23 [INIT] The AVGuard Service is starting.
24/11/2005,17:55:24 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,17:55:26 [INFO] Start Filter Device.
24/11/2005,17:55:26 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,17:55:26 AVGuard has been started successfully!
24/11/2005,17:55:26 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been deleted!
24/11/2005,17:57:09 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,17:57:10 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa89b9d.
24/11/2005,17:57:13 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been deleted!
24/11/2005,17:58:01 [INFO] Stop Filter Device.
24/11/2005,17:58:01 AVGuard service has been stopped!
24/11/2005,17:59:18 ---------------------------------------------------------
24/11/2005,17:59:18 [INIT] The AVGuard Service is starting.
24/11/2005,17:59:19 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,17:59:21 [INFO] Start Filter Device.
24/11/2005,17:59:21 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,17:59:21 AVGuard has been started successfully!
24/11/2005,17:59:22 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been deleted!
24/11/2005,17:59:59 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,17:59:59 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa5448.
24/11/2005,17:59:59 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been deleted!
24/11/2005,18:00:34 [INFO] Stop Filter Device.
24/11/2005,18:00:35 AVGuard service has been stopped!
24/11/2005,18:01:39 ---------------------------------------------------------
24/11/2005,18:01:39 [INIT] The AVGuard Service is starting.
24/11/2005,18:01:39 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,18:01:42 [INFO] Start Filter Device.
24/11/2005,18:01:42 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,18:01:42 AVGuard has been started successfully!
24/11/2005,18:01:49 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,18:01:49 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa2db8.
24/11/2005,18:01:47 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been deleted!
24/11/2005,18:01:46 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
Unable to delete the file:
0x00000002 - Le fichier spécifié est introuvable.
24/11/2005,18:05:31 [INFO] Stop Filter Device.
24/11/2005,18:05:31 AVGuard service has been stopped!
24/11/2005,18:06:43 ---------------------------------------------------------
24/11/2005,18:06:43 [INIT] The AVGuard Service is starting.
24/11/2005,18:06:44 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,18:06:46 [INFO] Start Filter Device.
24/11/2005,18:06:46 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,18:06:46 AVGuard has been started successfully!
24/11/2005,18:06:52 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,18:06:52 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa2e8e.
24/11/2005,18:06:54 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,18:07:30 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,18:08:46 [INFO] Stop Filter Device.
24/11/2005,18:08:46 AVGuard service has been stopped!
24/11/2005,19:59:20 ---------------------------------------------------------
24/11/2005,19:59:20 [INIT] The AVGuard Service is starting.
24/11/2005,19:59:21 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,19:59:23 [INFO] Start Filter Device.
24/11/2005,19:59:23 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,19:59:23 AVGuard has been started successfully!
24/11/2005,19:59:23 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
24/11/2005,19:59:57 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,19:59:57 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa5d34.
24/11/2005,19:59:59 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!


"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"NvCplDaemon" = "RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"InCD" = "C:\Program Files\Ahead\InCD\InCD.exe" ["Ahead Software AG"]
"MS Critical Security Installer" = "%Windir%\game.exe" [file not found]
"Network Interface Device Driver" = "C:\WINDOWS\System32\mcm.exe" [null data]
"Printer Driver" = "C:\WINDOWS\System32\accessdb.exe" [null data]
"AVGCtrl" = ""C:\Program Files\AVPersonal\AVGNT.EXE" /min" ["H+BEDV Datentechnik GmbH"]

HKLM\Software\Microsoft\Active Setup\Installed Components\
{460BB7AC-4C41-49F2-8BF2-34270F15ED74}\(Default) = (no title provided)
\StubPath = "C:\WINDOWS\System32\rtp.exe" [null data]
{87D6584F-729D-4302-9192-9549AE2EA38B}\(Default) = (no title provided)
\StubPath = "C:\WINDOWS\MS VerNet.exe" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{EE5C363D-7627-4F21-98AE-4CBCC1DBD650}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\common32.dll" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
0
Réponse 13 / 65
Utilisateur anonyme
24 nov. 2005 à 20:55
salut
1/le rapport est pas entier, atends qqs minutes avant de le recuperer stp

2/vide ta quarantaine
c < program files < av personal < infected < vide tout ce qu il y a a l interieur et vide ta poubelle

a+
0
Réponse 14 / 65
loco4 Messages postés 59 Date d'inscription dimanche 25 septembre 2005 Statut Membre Dernière intervention 16 avril 2016
24 nov. 2005 à 21:38
ok


Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"NvCplDaemon" = "RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"InCD" = "C:\Program Files\Ahead\InCD\InCD.exe" ["Ahead Software AG"]
"MS Critical Security Installer" = "%Windir%\game.exe" [file not found]
"Network Interface Device Driver" = "C:\WINDOWS\System32\mcm.exe" [null data]
"Printer Driver" = "C:\WINDOWS\System32\accessdb.exe" [null data]
"AVGCtrl" = ""C:\Program Files\AVPersonal\AVGNT.EXE" /min" ["H+BEDV Datentechnik GmbH"]

HKLM\Software\Microsoft\Active Setup\Installed Components\
{460BB7AC-4C41-49F2-8BF2-34270F15ED74}\(Default) = (no title provided)
\StubPath = "C:\WINDOWS\System32\rtp.exe" [null data]
{87D6584F-729D-4302-9192-9549AE2EA38B}\(Default) = (no title provided)
\StubPath = "C:\WINDOWS\MS VerNet.exe" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{EE5C363D-7627-4F21-98AE-4CBCC1DBD650}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\common32.dll" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Explorateur de Bureau"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Ahead\InCD\incdshx.dll" ["Ahead Software, Karlsbad, Germany"]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\laulau\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Startup items in "laulau" & "All Users" startup folders:
--------------------------------------------------------

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe" [empty string]
"InterVideo WinCinema Manager" -> shortcut to: "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" [empty string]
"Lancement rapide d'Adobe Reader" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
"Rappels du Calendrier Microsoft Works" -> shortcut to: "C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe" ["Microsoft® Corporation"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Messenger"
"Exec" = "C:\Program Files\Messenger\MSMSGS.EXE" [MS]


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"

Missing lines (compared with English-language version):
[Strings]: 1 line


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AntiVir Service, AntiVirService, ""C:\Program Files\AVPersonal\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"]
AntiVir Update, AVWUpSrv, ""C:\Program Files\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"]
C-DillaCdaC11BA, C-DillaCdaC11BA, "C:\WINDOWS\System32\drivers\CDAC11BA.EXE" ["Macrovision"]
InCD File System Service, InCDsrv, "C:\Program Files\Ahead\InCD\InCDsrv.exe" ["AHEAD Software"]
NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
SmartLinkService, SLService, "slserv.exe" [" "]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Canon BJ Language Monitor i250\Driver = "CNMLM50.DLL" ["CANON INC."]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 47 seconds, including 6 seconds for message boxes)
0
Réponse 15 / 65
Utilisateur anonyme
24 nov. 2005 à 21:57
salut

Télécharge: Pocket Killbox ici
http://www.downloads.subratam.org/KillBox.exe

:: Démo d utilisation (merci a Balltrap34 pour cette réalisation) ::
http://pageperso.aol.fr/balltrap34/killbox.htm

Double clic sur killbox.exe (Pocket Killbox)

- coche: delete on reboot
- Dans "Full Path of File to Delete"
copie et colle:

C:\WINDOWS\SYSTEM32\COMMON32.DLL

- clique sur la croix rouge
- une fenêtre va apparaître pour confirmation clique sur YES
- une seconde fenêtre te demande si tu veux redémarrer clique sur YES

Laisse le pc redémarrer.
Et après reposte un log HijackThis.

A+
0
Réponse 16 / 65
loco4 Messages postés 59 Date d'inscription dimanche 25 septembre 2005 Statut Membre Dernière intervention 16 avril 2016
24 nov. 2005 à 22:01
j'ai deja fait .

dossier introuvable C:\WINDOWS\SYSTEM32\COMMON32.DLL
a la place de COMMON32 je trouve cmmon32
0
Réponse 17 / 65
Utilisateur anonyme
24 nov. 2005 à 22:03
re,
fais une recherche et dis moi si tu as ceci
commop.exe
battlenet.exe
commonaccess.exe
memswapmanger.pif
msfirewall.exe
opsys.exe
DirectX.exe
screensaver.scr

a+
0
Réponse 18 / 65
loco4 Messages postés 59 Date d'inscription dimanche 25 septembre 2005 Statut Membre Dernière intervention 16 avril 2016
25 nov. 2005 à 13:59
salutttttttttttttt

rien de chez rien...
0
Réponse 19 / 65
Utilisateur anonyme
25 nov. 2005 à 14:06
salut
Recherche ceci
game.exe

Note le chemin puis:
Rend toi sur ce site :
http://www.virustotal.com/xhtml/virustotal_en.html
Clik sur parcourir
Recherche ceci :
Ici, tu suis le chemin ou tu l as trouvé
Clik send et colle le rapport stp

A+
0
Réponse 20 / 65
Utilisateur anonyme
25 nov. 2005 à 14:06
salut as tu afficher les fichier caché avant de faire une recherche :
affiche les fichier cacher comme ceci :
clicker sur demarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cacher
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Puis fais «Ok» pour valider les changements.
Decocher masquer les extentions dont le type est connues
@++++++++++
0

Discussions similaires

Site de confiance ou non ?
mlle_so -
Jaffeli -

25 réponses
Virus : trojan:win32/wacatac.h!ml
Alky09 -
bazfile -

8 réponses
Sa veux dire koi??Subject: FW: Tr :FW: TR: TR
france22 -
ghano0666545160 -

12 réponses
MSI CLICK BIOS 5
Theo4612 -
john99 -

9 réponses
casque sans fil Sennheiser TR 4200 ne fonctionne plus
jcb83400 -
DIY -

3 réponses