Posez votre question Signaler

Infecter par trojan tr/click delf CU2 [Résolu]

loco4 57Messages postés dimanche 25 septembre 2005Date d'inscription 9 février 2014 Dernière intervention - Dernière réponse le 6 déc. 2005 à 20:07
salutttttttt

voila!!

mon antivirus (antivir) dectecte le virus au demarrage de mon pc et me met une fenetre " WARNING ".
deny access et je clic sur ok.
mais il revient a chaque demarrage de mon pc.

Logfile of HijackThis v1.99.1
Scan saved at 17:38:06, on 22/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Documents and Settings\laulau\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {EE5C363D-7627-4F21-98AE-4CBCC1DBD650} - C:\WINDOWS\system32\common32.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [MS Critical Security Installer] %Windir%\game.exe
O4 - HKLM\..\Run: [Printer Driver] C:\WINDOWS\System32\accessdb.exe
O4 - HKLM\..\Run: [Network Interface Device Driver] C:\WINDOWS\System32\mcm.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128718991625
O17 - HKLM\System\CCS\Services\Tcpip\..\{E725002D-DBB6-47B0-8A41-2BE4CCDF29E9}: NameServer = 213.36.80.1 213.36.80.1
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
Lire la suite 
Réponse
+0
moins plus
salut

fixe et efface le fichier correspondant s'il existe ( en gras )

O2 - BHO: (no name) - {EE5C363D-7627-4F21-98AE-4CBCC1DBD650} - C:\WINDOWS\system32\common32.dll (file missing)


vide ta corbeille

passe les logiciels cleanup , ccleaner a2 free , spybot et ewido

fais un scan en ligne sur http://www.bitdefender.fr/bd/site/page.php

poste les rapports de tous ces logiciels et de bit defender

reposte un hijack ensuite

bye


ps : je crois pas avoir vu de firewall , installe zone alarm
Ajouter un commentaire
Réponse
+0
moins plus
saluttttttttttttt

rien a faire.
il revient a chaque fois .
j'ai meme scaner avec drWeb .
ils les trouvent .mais ils sont toujours la des que je redemarre mon pc

Logfile of HijackThis v1.99.1
Scan saved at 17:27:36, on 23/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\laulau\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [MS Critical Security Installer] %Windir%\game.exe
O4 - HKLM\..\Run: [Network Interface Device Driver] C:\WINDOWS\System32\mcm.exe
O4 - HKLM\..\Run: [DrWebScheduler] "C:\Program Files\DrWeb\DRWEBSCD.EXE"
O4 - HKLM\..\Run: [Printer Driver] C:\WINDOWS\System32\accessdb.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128718991625
O17 - HKLM\System\CCS\Services\Tcpip\..\{E725002D-DBB6-47B0-8A41-2BE4CCDF29E9}: NameServer = 213.36.80.1 213.36.80.1
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
Ajouter un commentaire
Réponse
+0
moins plus
t'a supprimé le fichier en gras ?

common32.dll

bye
loco4 57Messages postés dimanche 25 septembre 2005Date d'inscription 9 février 2014 Dernière intervention - 24 nov. 2005 à 14:45
salut
tu ne peux plus m'aider ?

SNIFFFFFFFFFFFF
Répondre
Ajouter un commentaire
Réponse
+0
moins plus
yes
Ajouter un commentaire
Réponse
+0
moins plus
salut c'est quoi le nom du virus? et c'est quoi le nom du fichier infecter par le virus?
@++++++
Ajouter un commentaire
Réponse
+0
moins plus
re

reposte un rapport mais tu l'a plus le bho suspect non ? je le vois pas dans ton dernier rapport
Ajouter un commentaire
Réponse
+0
moins plus
saluttttt

oui. on le vois plus!!
mais il est toujours la.

quand je redamarre mon pc il revient.
mon anti virus m'indique

C:\WINDOWS\SYSTEM32\COMMON32.DLL

Is the Trojan horse TR/Click.Delf.CU.2

alors je fix et sup.
et la il disparé de mon rapport..
je redemarre mon pc et le revoila .

haaaaaaaaaaaaaaaaaaaaa
Ajouter un commentaire
Réponse
+0
moins plus
salut essay ca :
1.redemarre en mode sans echec (redemarage + tapotte sans arret sur F8 desque l'ordi s'allume)

2. desactive ta restauration (pour win xp ) comme ceci :
clike droit sur post de travaille/proprietes/restauration system et la tu coche desactiver la restauration du systeme tu applique

3. affiche les fichier cacher comme ceci :
clicker sur demarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cacher
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Puis fais «Ok» pour valider les changements.
Decocher masquer les extentions dont le type est connues

4.ensuite va dans demarrer/rechercher et tape:
COMMON32.DLL
suprime le et vide ta corebeille

refait un scan si tt va bien reactive la restauration et masque les fichiers caché en suivant le meme chemin

@+++++++
Ajouter un commentaire
Réponse
+0
moins plus
je viens de tout faire
et il est toujours la.

que faire...............
Ajouter un commentaire
Réponse
+0
moins plus
salut

essai ceci stp
demarer < poste de travail < c < program files < av personal < logfiles < NTGRDRT < copie / colle tout ce qu il y a a l interieur stp

+

Telecharge ceci
http://www.silentrunners.org/Silent%20Runners.vbs
Execute le,atends quelques minutes, il va creer ensuite un dossier juste a coté de silent runner sous format texte, copie/colle ce qu il te donnera

A+
Ajouter un commentaire
Réponse
+0
moins plus
salut telecharge a et execute ces antispywares ( pense a les mettre a jour avant de les lancées)
(1) ad-aware version 1.06

(ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
voir demo
http://pageperso.aol.fr/balltrap34/adwseflash.zip
***
(2) spybot version 1.4

(ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite


voir demo d utilisation
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
***
et aussi ceci
(3) CleanUp40.exe
http://www.florensac-chasse-trap.com/ section virus/logiciel de securite

voir demo
http://pageperso.aol.fr/balltrap34/democleanup.htm
***
(4) a2

http://www.emsisoft.net/fr/
penser a le metre a jour avant de scanner le pc
***
ps : un grand merci a balltrap pour les lien :)

(5) Edwido
http://download.ewido.net/ewido-setup.exe
Pendant l'installation, sur la page "Additional Options", décoche les deux options "Install background guard" et "Install scan via context menu Ewido Security Suite. Clique sur mise à jour.

Clique sur scanner puis sur scan complet du système.

(6) SmitfraudFix
http://siri.urz.free.fr/Fix/SmitfraudFix.zip

@+++++++
Ajouter un commentaire
Réponse
+0
moins plus
voila je colle

C:\Windows\System32\commo.dll.exe 23/11/2005,20:06:59 ---------------------------------------------------------
23/11/2005,20:06:59 [INIT] The AVGuard Service is starting.
23/11/2005,20:07:00 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
23/11/2005,20:07:01 [INFO] Start Filter Device.
23/11/2005,20:07:01 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.14.17
23/11/2005,20:07:01 AVGuard has been started successfully!
23/11/2005,20:07:03 [LOGON] Connection request by remote computer. Establishing secure communication channel.
23/11/2005,20:07:03 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaa26f732.
23/11/2005,20:08:43 [INFO] Stop Filter Device.
23/11/2005,20:08:44 AVGuard service has been stopped!
23/11/2005,20:08:49 ---------------------------------------------------------
23/11/2005,20:08:49 [INIT] The AVGuard Service is starting.
23/11/2005,20:08:49 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
23/11/2005,20:08:50 [INFO] Start Filter Device.
23/11/2005,20:08:50 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
23/11/2005,20:08:50 AVGuard has been started successfully!
23/11/2005,20:09:29 [INFO] Stop Filter Device.
23/11/2005,20:09:30 AVGuard service has been stopped!
23/11/2005,20:10:45 ---------------------------------------------------------
23/11/2005,20:10:45 [INIT] The AVGuard Service is starting.
23/11/2005,20:10:46 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
23/11/2005,20:10:48 [INFO] Start Filter Device.
23/11/2005,20:10:48 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
23/11/2005,20:10:48 AVGuard has been started successfully!
23/11/2005,20:10:49 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
23/11/2005,20:10:49 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
23/11/2005,20:11:29 [LOGON] Connection request by remote computer. Establishing secure communication channel.
23/11/2005,20:11:29 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaab829e.
23/11/2005,20:11:27 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
23/11/2005,20:11:28 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
23/11/2005,20:38:16 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
23/11/2005,20:39:47 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
23/11/2005,20:40:45 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
23/11/2005,20:48:40 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
23/11/2005,21:04:08 [INFO] Stop Filter Device.
23/11/2005,21:04:16 AVGuard service has been stopped!
23/11/2005,21:05:24 ---------------------------------------------------------
23/11/2005,21:05:24 [INIT] The AVGuard Service is starting.
23/11/2005,21:05:25 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
23/11/2005,21:05:27 [INFO] Start Filter Device.
23/11/2005,21:05:27 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
23/11/2005,21:05:27 AVGuard has been started successfully!
23/11/2005,21:05:34 [LOGON] Connection request by remote computer. Establishing secure communication channel.
23/11/2005,21:05:34 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa071e.
23/11/2005,21:05:34 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
23/11/2005,21:05:33 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
23/11/2005,21:33:40 [INFO] Stop Filter Device.
23/11/2005,21:33:40 AVGuard service has been stopped!
23/11/2005,22:52:56 ---------------------------------------------------------
23/11/2005,22:52:56 [INIT] The AVGuard Service is starting.
23/11/2005,22:52:57 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
23/11/2005,22:52:59 [INFO] Start Filter Device.
23/11/2005,22:52:59 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
23/11/2005,22:52:59 AVGuard has been started successfully!
23/11/2005,22:53:09 [LOGON] Connection request by remote computer. Establishing secure communication channel.
23/11/2005,22:53:09 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa180c.
23/11/2005,22:53:07 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
23/11/2005,22:53:07 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
23/11/2005,22:53:42 [INFO] Stop Filter Device.
23/11/2005,22:53:42 AVGuard service has been stopped!
24/11/2005,08:12:03 ---------------------------------------------------------
24/11/2005,08:12:03 [INIT] The AVGuard Service is starting.
24/11/2005,08:12:04 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,08:12:06 [INFO] Start Filter Device.
24/11/2005,08:12:06 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,08:12:06 AVGuard has been started successfully!
24/11/2005,08:12:07 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,08:12:55 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,08:12:55 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaabe3e2.
24/11/2005,08:12:55 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,08:12:55 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,14:13:46 [INFO] Stop Filter Device.
24/11/2005,14:13:47 AVGuard service has been stopped!
24/11/2005,14:15:03 ---------------------------------------------------------
24/11/2005,14:15:03 [INIT] The AVGuard Service is starting.
24/11/2005,14:15:04 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,14:15:06 [INFO] Start Filter Device.
24/11/2005,14:15:06 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,14:15:06 AVGuard has been started successfully!
24/11/2005,14:15:08 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
24/11/2005,14:15:41 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,14:15:41 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaabb653.
24/11/2005,14:15:41 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
24/11/2005,14:19:24 [INFO] Stop Filter Device.
24/11/2005,14:19:24 AVGuard service has been stopped!
24/11/2005,14:20:39 ---------------------------------------------------------
24/11/2005,14:20:39 [INIT] The AVGuard Service is starting.
24/11/2005,14:20:39 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,14:20:42 [INFO] Start Filter Device.
24/11/2005,14:20:42 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,14:20:42 AVGuard has been started successfully!
24/11/2005,14:20:48 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,14:20:48 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa094b.
24/11/2005,14:20:50 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,14:20:50 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,14:21:08 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,14:22:34 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,14:22:47 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,14:24:44 [INFO] Stop Filter Device.
24/11/2005,14:24:44 AVGuard service has been stopped!
24/11/2005,14:26:01 ---------------------------------------------------------
24/11/2005,14:26:01 [INIT] The AVGuard Service is starting.
24/11/2005,14:26:02 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,14:26:05 [INFO] Start Filter Device.
24/11/2005,14:26:05 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,14:26:05 AVGuard has been started successfully!
24/11/2005,14:28:30 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
24/11/2005,14:28:38 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
24/11/2005,14:28:54 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,14:28:54 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa98ecb.
24/11/2005,14:28:53 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
24/11/2005,14:30:50 [INFO] Stop Filter Device.
24/11/2005,14:30:51 AVGuard service has been stopped!
24/11/2005,14:32:07 ---------------------------------------------------------
24/11/2005,14:32:07 [INIT] The AVGuard Service is starting.
24/11/2005,14:32:07 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,14:32:10 [INFO] Start Filter Device.
24/11/2005,14:32:10 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,14:32:10 AVGuard has been started successfully!
24/11/2005,14:34:39 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
24/11/2005,14:34:45 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
24/11/2005,14:35:04 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,14:35:04 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa99695.
24/11/2005,14:35:05 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
24/11/2005,14:48:37 [INFO] Stop Filter Device.
24/11/2005,14:48:38 AVGuard service has been stopped!
24/11/2005,14:49:53 ---------------------------------------------------------
24/11/2005,14:49:53 [INIT] The AVGuard Service is starting.
24/11/2005,14:49:53 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,14:49:56 [INFO] Start Filter Device.
24/11/2005,14:49:56 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,14:49:56 AVGuard has been started successfully!
24/11/2005,14:52:33 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,14:52:40 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,14:52:59 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,14:52:59 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa9f069.
24/11/2005,14:52:56 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,15:52:36 [INFO] Stop Filter Device.
24/11/2005,15:52:38 AVGuard service has been stopped!
24/11/2005,15:53:51 ---------------------------------------------------------
24/11/2005,15:53:51 [INIT] The AVGuard Service is starting.
24/11/2005,15:53:52 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,15:53:54 [INFO] Start Filter Device.
24/11/2005,15:53:54 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,15:53:54 AVGuard has been started successfully!
24/11/2005,15:56:32 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
24/11/2005,15:56:43 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
24/11/2005,15:56:59 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,15:56:59 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa9f53c.
24/11/2005,15:56:59 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
24/11/2005,16:51:59 [INFO] Stop Filter Device.
24/11/2005,16:52:00 AVGuard service has been stopped!
24/11/2005,16:53:02 ---------------------------------------------------------
24/11/2005,16:53:02 [INIT] The AVGuard Service is starting.
24/11/2005,16:53:03 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,16:53:05 [INFO] Start Filter Device.
24/11/2005,16:53:05 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,16:53:05 AVGuard has been started successfully!
24/11/2005,16:55:47 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,16:56:07 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,16:56:22 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,16:56:22 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa9c1b5.
24/11/2005,16:56:23 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,17:23:40 [INFO] Stop Filter Device.
24/11/2005,17:23:40 AVGuard service has been stopped!
24/11/2005,17:55:23 ---------------------------------------------------------
24/11/2005,17:55:23 [INIT] The AVGuard Service is starting.
24/11/2005,17:55:24 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,17:55:26 [INFO] Start Filter Device.
24/11/2005,17:55:26 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,17:55:26 AVGuard has been started successfully!
24/11/2005,17:55:26 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been deleted!
24/11/2005,17:57:09 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,17:57:10 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa89b9d.
24/11/2005,17:57:13 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been deleted!
24/11/2005,17:58:01 [INFO] Stop Filter Device.
24/11/2005,17:58:01 AVGuard service has been stopped!
24/11/2005,17:59:18 ---------------------------------------------------------
24/11/2005,17:59:18 [INIT] The AVGuard Service is starting.
24/11/2005,17:59:19 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,17:59:21 [INFO] Start Filter Device.
24/11/2005,17:59:21 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,17:59:21 AVGuard has been started successfully!
24/11/2005,17:59:22 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been deleted!
24/11/2005,17:59:59 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,17:59:59 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa5448.
24/11/2005,17:59:59 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been deleted!
24/11/2005,18:00:34 [INFO] Stop Filter Device.
24/11/2005,18:00:35 AVGuard service has been stopped!
24/11/2005,18:01:39 ---------------------------------------------------------
24/11/2005,18:01:39 [INIT] The AVGuard Service is starting.
24/11/2005,18:01:39 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,18:01:42 [INFO] Start Filter Device.
24/11/2005,18:01:42 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,18:01:42 AVGuard has been started successfully!
24/11/2005,18:01:49 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,18:01:49 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa2db8.
24/11/2005,18:01:47 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been deleted!
24/11/2005,18:01:46 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
Unable to delete the file:
0x00000002 - Le fichier spécifié est introuvable.
24/11/2005,18:05:31 [INFO] Stop Filter Device.
24/11/2005,18:05:31 AVGuard service has been stopped!
24/11/2005,18:06:43 ---------------------------------------------------------
24/11/2005,18:06:43 [INIT] The AVGuard Service is starting.
24/11/2005,18:06:44 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,18:06:46 [INFO] Start Filter Device.
24/11/2005,18:06:46 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,18:06:46 AVGuard has been started successfully!
24/11/2005,18:06:52 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,18:06:52 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa2e8e.
24/11/2005,18:06:54 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,18:07:30 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
24/11/2005,18:08:46 [INFO] Stop Filter Device.
24/11/2005,18:08:46 AVGuard service has been stopped!
24/11/2005,19:59:20 ---------------------------------------------------------
24/11/2005,19:59:20 [INIT] The AVGuard Service is starting.
24/11/2005,19:59:21 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,19:59:23 [INFO] Start Filter Device.
24/11/2005,19:59:23 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.18.37
24/11/2005,19:59:23 AVGuard has been started successfully!
24/11/2005,19:59:23 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!
24/11/2005,19:59:57 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,19:59:57 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa5d34.
24/11/2005,19:59:59 WARNING: Is the Trojan horse TR/Click.Delf.CU.2!
C:\WINDOWS\SYSTEM32\COMMON32.DLL
File has been moved to quarantine directory!


"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"NvCplDaemon" = "RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"InCD" = "C:\Program Files\Ahead\InCD\InCD.exe" ["Ahead Software AG"]
"MS Critical Security Installer" = "%Windir%\game.exe" [file not found]
"Network Interface Device Driver" = "C:\WINDOWS\System32\mcm.exe" [null data]
"Printer Driver" = "C:\WINDOWS\System32\accessdb.exe" [null data]
"AVGCtrl" = ""C:\Program Files\AVPersonal\AVGNT.EXE" /min" ["H+BEDV Datentechnik GmbH"]

HKLM\Software\Microsoft\Active Setup\Installed Components\
{460BB7AC-4C41-49F2-8BF2-34270F15ED74}\(Default) = (no title provided)
\StubPath = "C:\WINDOWS\System32\rtp.exe" [null data]
{87D6584F-729D-4302-9192-9549AE2EA38B}\(Default) = (no title provided)
\StubPath = "C:\WINDOWS\MS VerNet.exe" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{EE5C363D-7627-4F21-98AE-4CBCC1DBD650}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\common32.dll" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
Ajouter un commentaire
Réponse
+0
moins plus
salut
1/le rapport est pas entier, atends qqs minutes avant de le recuperer stp

2/vide ta quarantaine
c < program files < av personal < infected < vide tout ce qu il y a a l interieur et vide ta poubelle

a+
Ajouter un commentaire
Réponse
+0
moins plus
ok


Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"NvCplDaemon" = "RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"InCD" = "C:\Program Files\Ahead\InCD\InCD.exe" ["Ahead Software AG"]
"MS Critical Security Installer" = "%Windir%\game.exe" [file not found]
"Network Interface Device Driver" = "C:\WINDOWS\System32\mcm.exe" [null data]
"Printer Driver" = "C:\WINDOWS\System32\accessdb.exe" [null data]
"AVGCtrl" = ""C:\Program Files\AVPersonal\AVGNT.EXE" /min" ["H+BEDV Datentechnik GmbH"]

HKLM\Software\Microsoft\Active Setup\Installed Components\
{460BB7AC-4C41-49F2-8BF2-34270F15ED74}\(Default) = (no title provided)
\StubPath = "C:\WINDOWS\System32\rtp.exe" [null data]
{87D6584F-729D-4302-9192-9549AE2EA38B}\(Default) = (no title provided)
\StubPath = "C:\WINDOWS\MS VerNet.exe" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{EE5C363D-7627-4F21-98AE-4CBCC1DBD650}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\common32.dll" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Explorateur de Bureau"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Ahead\InCD\incdshx.dll" ["Ahead Software, Karlsbad, Germany"]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\laulau\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Startup items in "laulau" & "All Users" startup folders:
--------------------------------------------------------

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe" [empty string]
"InterVideo WinCinema Manager" -> shortcut to: "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" [empty string]
"Lancement rapide d'Adobe Reader" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
"Rappels du Calendrier Microsoft Works" -> shortcut to: "C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe" ["Microsoft® Corporation"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Messenger"
"Exec" = "C:\Program Files\Messenger\MSMSGS.EXE" [MS]


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"

Missing lines (compared with English-language version):
[Strings]: 1 line


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AntiVir Service, AntiVirService, ""C:\Program Files\AVPersonal\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"]
AntiVir Update, AVWUpSrv, ""C:\Program Files\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"]
C-DillaCdaC11BA, C-DillaCdaC11BA, "C:\WINDOWS\System32\drivers\CDAC11BA.EXE" ["Macrovision"]
InCD File System Service, InCDsrv, "C:\Program Files\Ahead\InCD\InCDsrv.exe" ["AHEAD Software"]
NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
SmartLinkService, SLService, "slserv.exe" [" "]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Canon BJ Language Monitor i250\Driver = "CNMLM50.DLL" ["CANON INC."]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 47 seconds, including 6 seconds for message boxes)
Ajouter un commentaire
Réponse
+0
moins plus
salut

Télécharge: Pocket Killbox ici
http://www.downloads.subratam.org/KillBox.exe

:: Démo d utilisation (merci a Balltrap34 pour cette réalisation) ::
http://pageperso.aol.fr/balltrap34/killbox.htm

Double clic sur killbox.exe (Pocket Killbox)

- coche: delete on reboot
- Dans "Full Path of File to Delete"
copie et colle:

C:\WINDOWS\SYSTEM32\COMMON32.DLL

- clique sur la croix rouge
- une fenêtre va apparaître pour confirmation clique sur YES
- une seconde fenêtre te demande si tu veux redémarrer clique sur YES

Laisse le pc redémarrer.
Et après reposte un log HijackThis.

A+
Ajouter un commentaire
Réponse
+0
moins plus
j'ai deja fait .

dossier introuvable C:\WINDOWS\SYSTEM32\COMMON32.DLL
a la place de COMMON32 je trouve cmmon32
Ajouter un commentaire
Réponse
+0
moins plus
re,
fais une recherche et dis moi si tu as ceci
commop.exe
battlenet.exe
commonaccess.exe
memswapmanger.pif
msfirewall.exe
opsys.exe
DirectX.exe
screensaver.scr

a+
Ajouter un commentaire
Réponse
+0
moins plus
salutttttttttttttt

rien de chez rien...
Ajouter un commentaire
Réponse
+0
moins plus
salut
Recherche ceci
game.exe

Note le chemin puis:
Rend toi sur ce site :
http://www.virustotal.com/xhtml/virustotal_en.html
Clik sur parcourir
Recherche ceci :
Ici, tu suis le chemin ou tu l as trouvé
Clik send et colle le rapport stp

A+
Ajouter un commentaire
Réponse
+0
moins plus
salut as tu afficher les fichier caché avant de faire une recherche :
affiche les fichier cacher comme ceci :
clicker sur demarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cacher
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Puis fais «Ok» pour valider les changements.
Decocher masquer les extentions dont le type est connues
@++++++++++
Ajouter un commentaire
Ce document intitulé «  infecter par trojan tr/click delf CU2  » issu de CommentCaMarche (www.commentcamarche.net) est mis à disposition sous les termes de la licence Creative Commons. Vous pouvez copier, modifier des copies de cette page, dans les conditions fixées par la licence, tant que cette note apparaît clairement.

Vous n'êtes pas encore membre ?

inscrivez-vous, c'est gratuit et ça prend moins d'une minute !

Les membres obtiennent plus de réponses que les utilisateurs anonymes.

Le fait d'être membre vous permet d'avoir un suivi détaillé de vos demandes.

Le fait d'être membre vous permet d'avoir des options supplémentaires.