Bonjour,
voilà j'ai repéré 3 rundll32 dans mes processus. je suis allé voir dans msconfig et je les ai enlevées au démarrage.
je redémarre et hop elle sont revenues. :??:
je fais un regedit et dans :
HKLM\software\microsoft\windows\currentversion\run ; je trouve ces 3 lignes:
Acronis Toolbar Helper : rundll32.exe "C:\Documents and Settings\STAGIAIRE\Local Settings\Application Data\Desktop Cleanup Wizard\dskclnwiz.dll", StartProt
rqrropsys : rundll32.exe "ssrqro.dll",s
yaxutsaudio : rundll32.exe "nnonmn.dll",s
je les vire et paf elles reviennent :fou: :fou: :fou:
starter me donne ça comme démarrage :
Elément,Valeur,Section,Enabled,Description,Company
"Acronis Toolbar Helper","rundll32.exe "C:\Documents and Settings\STAGIAIRE\Local Settings\Application Data\Desktop Cleanup Wizard\dskclnwiz.dll", StartProt","Registre - Démarrage machine","1","",""
"Acronis Toolbar Helper","rundll32.exe "C:\Documents and Settings\STAGIAIRE\Local Settings\Application Data\Desktop Cleanup Wizard\dskclnwiz.dll", StartProt","Registre - Démarrage machine","0","",""
"CTFMON.EXE","C:\WINDOWS\system32\ctfmon.exe","Registre - Démarrage utilisateur courant","1","CTF Loader (Microsoft® Windows® Operating System)","Microsoft Corporation"
"CTFMON.EXE","C:\WINDOWS\system32\CTFMON.EXE","Registre - Démarrage utilisateur par défaut","1","CTF Loader (Microsoft® Windows® Operating System)","Microsoft Corporation"
"Desktop Cleanup Wizard","rundll32.exe "C:\Documents and Settings\STAGIAIRE\Local Settings\Application Data\Desktop Cleanup Wizard\dskclnwiz.dll", StartProt","Registre - Démarrage utilisateur courant","0","",""
"hgfgggsys","rundll32.exe "ssrqro.dll",s","Registre - Démarrage machine","0","foobar2000","foobar2000.org"
"khiigdsys","rundll32.exe "ssrqro.dll",s","Registre - Démarrage machine","0","foobar2000","foobar2000.org"
"Microsoft Office.lnk","C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l","Démarrage - Tous les utilisateurs","1","Microsoft Office XP component (Microsoft Office XP)","Microsoft Corporation"
"mligecaudio","rundll32.exe "nnonmn.dll",s","Registre - Démarrage utilisateur par défaut","1","RemoteCommand Module (Norton Ghost )","Symantec Corporation"
"mlkjigaudio","rundll32.exe "nnonmn.dll",s","Registre - Démarrage utilisateur courant","1","RemoteCommand Module (Norton Ghost )","Symantec Corporation"
"MSMSGS",""C:\Program Files\Messenger\msmsgs.exe" /background","Registre - Démarrage utilisateur courant","1","Windows Messenger (Messenger)","Microsoft Corporation"
"Realtime Monitor",""C:\Program Files\CA\eTrustITM\realmon.exe" -s","Registre - Démarrage machine","1"," (eTrust ITM)","CA"
"rqrropsys","rundll32.exe "ssrqro.dll",s","Registre - Démarrage machine","1","foobar2000","foobar2000.org"
"ssrstqsys","rundll32.exe "ssrqro.dll",s","Registre - Démarrage utilisateur par défaut","1","foobar2000","foobar2000.org"
"xxvttraudio","rundll32.exe "nnonmn.dll",s","Registre - Démarrage machine","0","RemoteCommand Module (Norton Ghost )","Symantec Corporation"
"xxxyabaudio","rundll32.exe "nnonmn.dll",s","Registre - Démarrage utilisateur courant","0","RemoteCommand Module (Norton Ghost )","Symantec Corporation"
"yaaabbsys","rundll32.exe "ssrqro.dll",s","Registre - Démarrage machine","0","foobar2000","foobar2000.org"
"yaxutsaudio","rundll32.exe "nnonmn.dll",s","Registre - Démarrage machine","1","RemoteCommand Module (Norton Ghost )","Symantec Corporation"
je précise que je ne peux plus lancer malewarebyte's.
comment puis-je virer ces virus? car je pense que c'est comme ça que celà doit s'appeler!!!
merci d'avance à ceux qui se pencheront sur mon problème
Fredalien
voilà j'ai repéré 3 rundll32 dans mes processus. je suis allé voir dans msconfig et je les ai enlevées au démarrage.
je redémarre et hop elle sont revenues. :??:
je fais un regedit et dans :
HKLM\software\microsoft\windows\currentversion\run ; je trouve ces 3 lignes:
Acronis Toolbar Helper : rundll32.exe "C:\Documents and Settings\STAGIAIRE\Local Settings\Application Data\Desktop Cleanup Wizard\dskclnwiz.dll", StartProt
rqrropsys : rundll32.exe "ssrqro.dll",s
yaxutsaudio : rundll32.exe "nnonmn.dll",s
je les vire et paf elles reviennent :fou: :fou: :fou:
starter me donne ça comme démarrage :
Elément,Valeur,Section,Enabled,Description,Company
"Acronis Toolbar Helper","rundll32.exe "C:\Documents and Settings\STAGIAIRE\Local Settings\Application Data\Desktop Cleanup Wizard\dskclnwiz.dll", StartProt","Registre - Démarrage machine","1","",""
"Acronis Toolbar Helper","rundll32.exe "C:\Documents and Settings\STAGIAIRE\Local Settings\Application Data\Desktop Cleanup Wizard\dskclnwiz.dll", StartProt","Registre - Démarrage machine","0","",""
"CTFMON.EXE","C:\WINDOWS\system32\ctfmon.exe","Registre - Démarrage utilisateur courant","1","CTF Loader (Microsoft® Windows® Operating System)","Microsoft Corporation"
"CTFMON.EXE","C:\WINDOWS\system32\CTFMON.EXE","Registre - Démarrage utilisateur par défaut","1","CTF Loader (Microsoft® Windows® Operating System)","Microsoft Corporation"
"Desktop Cleanup Wizard","rundll32.exe "C:\Documents and Settings\STAGIAIRE\Local Settings\Application Data\Desktop Cleanup Wizard\dskclnwiz.dll", StartProt","Registre - Démarrage utilisateur courant","0","",""
"hgfgggsys","rundll32.exe "ssrqro.dll",s","Registre - Démarrage machine","0","foobar2000","foobar2000.org"
"khiigdsys","rundll32.exe "ssrqro.dll",s","Registre - Démarrage machine","0","foobar2000","foobar2000.org"
"Microsoft Office.lnk","C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l","Démarrage - Tous les utilisateurs","1","Microsoft Office XP component (Microsoft Office XP)","Microsoft Corporation"
"mligecaudio","rundll32.exe "nnonmn.dll",s","Registre - Démarrage utilisateur par défaut","1","RemoteCommand Module (Norton Ghost )","Symantec Corporation"
"mlkjigaudio","rundll32.exe "nnonmn.dll",s","Registre - Démarrage utilisateur courant","1","RemoteCommand Module (Norton Ghost )","Symantec Corporation"
"MSMSGS",""C:\Program Files\Messenger\msmsgs.exe" /background","Registre - Démarrage utilisateur courant","1","Windows Messenger (Messenger)","Microsoft Corporation"
"Realtime Monitor",""C:\Program Files\CA\eTrustITM\realmon.exe" -s","Registre - Démarrage machine","1"," (eTrust ITM)","CA"
"rqrropsys","rundll32.exe "ssrqro.dll",s","Registre - Démarrage machine","1","foobar2000","foobar2000.org"
"ssrstqsys","rundll32.exe "ssrqro.dll",s","Registre - Démarrage utilisateur par défaut","1","foobar2000","foobar2000.org"
"xxvttraudio","rundll32.exe "nnonmn.dll",s","Registre - Démarrage machine","0","RemoteCommand Module (Norton Ghost )","Symantec Corporation"
"xxxyabaudio","rundll32.exe "nnonmn.dll",s","Registre - Démarrage utilisateur courant","0","RemoteCommand Module (Norton Ghost )","Symantec Corporation"
"yaaabbsys","rundll32.exe "ssrqro.dll",s","Registre - Démarrage machine","0","foobar2000","foobar2000.org"
"yaxutsaudio","rundll32.exe "nnonmn.dll",s","Registre - Démarrage machine","1","RemoteCommand Module (Norton Ghost )","Symantec Corporation"
je précise que je ne peux plus lancer malewarebyte's.
comment puis-je virer ces virus? car je pense que c'est comme ça que celà doit s'appeler!!!
merci d'avance à ceux qui se pencheront sur mon problème
Fredalien