Arrive pas a supprimer virus
Forum Sécurité - Virus : Arrive pas a supprimer virus
Bonjour,
J'arrive pas a effacer ce virus 
je clique sur effacer mais il ne se efface pas et revient tout le temps!
Merci d'avance!
Message édité par Tenebre le 17-12-2008 à 21:55:07
Personne a eu ce virus?
Bonjour,
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Répondre à Angeldark
Bonsoir,
Merci de ta aide Angeldark, et desoler du retard !
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:38:31, on 20/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Documents and Settings\Admin.XPSP2-6023FF694\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\mldmm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Admin.XPSP2-6023FF694\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\sysrest32.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe
O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\Admin.XPSP2-6023FF694\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [mmsass] mldmm.exe
O4 - HKLM\..\Run: [Secure System Restore] sysrest32.exe
O4 - HKLM\..\RunServices: [mmsass] mldmm.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Admin.XPSP2-6023FF694\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone (HKLM)
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 8655014734
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 5588 bytes
Re,
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
- Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
- Afin de lancer la recherche, clic sur"Rechercher".
- Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
AIDE : Tuto en images sur MBAM
Répondre à Angeldark
Bonsoir, je ne recoit plus le message du virus !!!
Voila le rapport :
Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1528
Windows 5.1.2600 Service Pack 2
21/12/2008 22:09:31
mbam-log-2008-12-21 (22-09-31).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 111465
Temps écoulé: 37 minute(s), 42 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 18
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 29
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\cbXNGvUN.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yayxwXnO.dll (Trojan.Vundo) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6983a0a6-c0ec-427e-a7d1-085d6fedc67d} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6983a0a6-c0ec-427e-a7d1-085d6fedc67d} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yayxwxno (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0cb73740-9f3c-4b89-8bee-ddfdcc4ef6f1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0cb73740-9f3c-4b89-8bee-ddfdcc4ef6f1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{51ee48d3-4832-4cae-9591-a86b2fcef17e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{51ee48d3-4832-4cae-9591-a86b2fcef17e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a489cddb-a39d-4e29-9cf2-d3ef6a4ae300} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a489cddb-a39d-4e29-9cf2-d3ef6a4ae300} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e4f06c92-5995-43a1-94ad-47dd817f8193} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e4f06c92-5995-43a1-94ad-47dd817f8193} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fe41e029-d86a-43e2-bc89-732839722ffb} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fe41e029-d86a-43e2-bc89-732839722ffb} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Advanced DHTML Enable (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows UDP Control Center (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mmsass (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\mmsass (Backdoor.Bot) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\cbxngvun -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\cbxngvun -> Delete on reboot.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\cbXNGvUN.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\NUvGNXbc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NUvGNXbc.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayxwXnO.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\bluz.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\reps.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\waxx.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin.XPSP2-6023FF694\Local Settings\Temporary Internet Files\Content.IE5\FZFORXUY\bluz[1].jpg (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin.XPSP2-6023FF694\Local Settings\Temporary Internet Files\Content.IE5\FZFORXUY\CA638167 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin.XPSP2-6023FF694\Local Settings\Temporary Internet Files\Content.IE5\FZFORXUY\reptile[1].exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin.XPSP2-6023FF694\Local Settings\Temporary Internet Files\Content.IE5\UDRC5336\bluz[1].jpg (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin.XPSP2-6023FF694\Local Settings\Temporary Internet Files\Content.IE5\UDRC5336\bluz[2].jpg (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin.XPSP2-6023FF694\Local Settings\Temporary Internet Files\Content.IE5\ZQU79M1M\bluz[2].jpg (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin.XPSP2-6023FF694\Local Settings\Temporary Internet Files\Content.IE5\ZQU79M1M\wax[1].jpg (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\sysrest32.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXOfebA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXRLfCV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkJdAtq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkLCsTJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMdCuss.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqOHXpo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUkkhFV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUomlkI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUkJcCs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxyvtsrq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin.XPSP2-6023FF694\msvsc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mldmm.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\System.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\svhost.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
Reposte un rapport Hijackthis.
Répondre à Angeldark
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:57:38, on 22/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Documents and Settings\Admin.XPSP2-6023FF694\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Admin.XPSP2-6023FF694\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\sysrest32.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\Admin.XPSP2-6023FF694\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Secure System Restore] sysrest32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Admin.XPSP2-6023FF694\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone (HKLM)
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 8655014734
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 6302 bytes
Tu arrives à désinstaller BearShare MediaBar ?
Répondre à Angeldark
Il y a 1692 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
