Sujet Précédent Sujet Suivant

Systeme alert pour Win98

Résolu
richard3 Messages postés 207 Statut Membre -  
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
j'ai le message suivant qui s'affiche régulièrement en bas juste à côté de l'horloge :

"SYSTEM ALERT!

j'ai windows 98 SE et Explrer 6
et il y a des logiciel qui ne marche pas pour moi comme SmitfraudFix et ewido anti-spyware ...

j'ai utilisé CCleaner et HijackThis mais je ne sais pas quoi fix
Merci beaucoup à l'avance
Richard

6 réponses

Réponse 1 / 6
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

poste le hijack !

++
0
richard3 Messages postés 207 Statut Membre 5
 
bonjour
voici le HiJack...
Merci beaucoup de m'aider

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 17:24:48, on 07-03-22
Platform: Windows 98 SE (Win9x 4.10.2222A)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\LOGITECH\VIDEO\LOGITRAY.EXE
C:\WINDOWS\SYSTEM\LVCOMSX.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\KODAK\HYDRA_DR\DCFSSVC.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\MéTéOMéDIA\MéTéOIMéDIA\WEATHEREYE.EXE
C:\PROGRAM FILES\BROTHER\BRMFL04B\FAXRX.EXE
C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\SONYTRAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\BRMFRSMG.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\LOGITECH\VIDEO\FXSVR2.EXE
C:\PROGRAM FILES\MéTéOMéDIA\MéTéOIMéDIA\WEATHEREYE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\EMULE\EMULE.EXE
C:\WINDOWS\BUREAU\HIJACKTHIS\HIJACKTHIS_V2.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [CTStartup] C:\PROGRAM FILES\CREATIVE\SBAUDIGY\PROGRAM\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\SYSTEM\LVCOMSX.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [Windows Spooler] C:\WINDOWS\SYSTEM\spoolsv32.exe
O4 - HKLM\..\Run: [Windows DLL Host] C:\WINDOWS\SYSTEM\dllhost32.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
O4 - HKLM\..\Run: [Dcfssvc] C:\PROGRA~1\FICHIE~1\KODAK\HYDRA_DR\DCFSSVC.EXE --pdr: "C:\Program Files\Fichiers communs\KODAK\HYDRA_DR\dcmnter.pdr"
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [BrmfRmPA.exe] C:\WINDOWS\BrmfRmPA.exe -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Fichiers communs\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKCU\..\Run: [MétéoIMédia] C:\PROGRAM FILES\MéTéOMéDIA\MéTéOIMéDIA\WEATHEREYE.EXE
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\PROGRAM FILES\LOGITECH\VIDEO\MANIFESTENGINE.EXE" boot
O4 - HKUS\.DEFAULT\..\Run: [MétéoIMédia] C:\PROGRAM FILES\MéTéOMéDIA\MéTéOIMéDIA\WEATHEREYE.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [LogitechSoftwareUpdate] "C:\PROGRAM FILES\LOGITECH\VIDEO\MANIFESTENGINE.EXE" boot (User 'Default user')
O4 - .DEFAULT Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (User 'Default user')
O4 - .DEFAULT Startup: FAXRX.lnk = C:\Program Files\Brother\Brmfl04b\FAXRX.exe (User 'Default user')
O4 - .DEFAULT Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe (User 'Default user')
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: FAXRX.lnk = C:\Program Files\Brother\Brmfl04b\FAXRX.exe
O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Seekmo/ie/bridge-c9.cab?ae1c4527a33a11031c936f5485447839684c6bd8cb228c03de8df5715489ad2df05e703c0997290e5a16540af9ac1a102f8e9bca68c2607712c47610232c53f10fd72e661f86:c4feb8a70702459b15d3c47945c52d3d
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O21 - SSODL: apathies - {aed6f6a3-183c-488d-9f90-23db99f56e7f} - C:\WINDOWS\SYSTEM\geplxss.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\SYSTEM\BROWSEUI.DLL
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\SYSTEM\BROWSEUI.DLL
0
Réponse 2 / 6
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
re

tu es sur que smitfraud ne fonctionne pas sous win 98 ?! ...

j'ai un doute là :/ ...

essaye avec cette manip :

# Télécharge ceci: (merci a S!RI pour ce petit programme).

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1,
voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php
il va générer un rapport : copie/colle le sur le poste stp.

++
0
richard3 Messages postés 207 Statut Membre 5
 
bonsoir

En fait peut-être que c,est autre chose que Win98 qui m'empèche d'ouvrir smitfraud...voici...je dézip le programme dans un dossier...mais le problème c'est que: SmitfraudFix.cmd n'est pas associé...(vous savez...c'est l'icône windows qui apparait)
j'ai suivi le lien de siri et téléchardgé le .exe il est associé à un icône
de style "nucléaire" mais ne souvre pas...il y a ceci d'écrit dans le "comment" dans priorité:

;Le commentaire ci-dessous contient des commandes pour script SFX

Setup=%comspec% /c cd SmitfraudFix && SmitfraudFix.cmd
Silent=1
Overwrite=2

Voilà
Merci encore
0
Réponse 3 / 6
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

effectivement, il faut d'abord dézippé/ decompresser le fichier !

clic droit dessus puis tout extraire !

@+
0
richard3 Messages postés 207 Statut Membre 5
 
tout est dézippé...
relit bien mon message ...je ne peux installé...car l'icone de Smitfraud n'est pas associé

++
0
Réponse 4 / 6
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Je ne sais pas lire : ça se voit tant que ça ??? :)

Plaisanterie à part, qu'il a t il dans le fichier dezippé ??? le nom des commandes stp

++

0
richard3 Messages postés 207 Statut Membre 5
 
voilà...
Ce sont tous des application...sauf SmitfraudFix.cmd qui est un fichier CMD...il y a le petit drapeau de windows dans un carré blanc. Si je clique dessus il m'ouvre ça ouvre la page qui me demande le programme à utiliser pour ouvrir le fichier SmitfraudFix.cmd

Merci...........

Process;
GenericRenosFix;
dumphive;
Reboot;
restart;
SmitfraudFix.cmd;
SmiUpdate;
SrchSTS;
swreg;
swsc;
swxcacls;
unzip
0
richard3 Messages postés 207 Statut Membre 5
 
quelqu'un m'a dit sur ce site même que les fichier cmd ne sont pas lisible avec win98...
il faudrait autre chose que Smitfraud pour faire le rapport que tu a besoin pour règler mon problème
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 6
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

ok, télécharge ceci :

trojan remover

et poste le rapport stp

@+
0
richard3 Messages postés 207 Statut Membre 5
 
y'a pas rappot comme hiJck...
j'ai copier ce qu'il y a...je ne sais pas quoi sélectionner pour terminer...

C:\WINDOWS\SYSTEM\geplxss.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\"apathies"

Merci beaucoup
0
richard3 Messages postés 207 Statut Membre 5
 
le voici...je suis allé plus loin et je l'ai eu

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.5.9, Build 2457. For information, email simplysupsupport@aol.com
[Unregistered version]
Scan started at: 07-03-25 17:12:19
Using Database v6763
Operating System: Windows 98
Using data directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Program Files\Trojan Remover\


**************************************************
Checking Registry exefile command for modifications
Checking Registry comfile command for modifications
Checking Registry piffile command for modifications
Checking Registry batfile command for modifications
Checking Registry regfile command for modifications
Checking Registry scrfile command for modifications

******************************
17:12:19: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS
an empty LOAD statement was found in line 2; - ignored
an empty RUN statement was found in line 2; - ignored

******************************
17:12:19: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS
The SHELL statement on line 2 attempts to load the following program(s):
Explorer.exe - this command has been left in place
The SCRNSAVE.EXE statement on line 18 attempts to load the following program(s):
C:\WINDOWS\SYSTEM\SS3DFO.SCR - this command has been left in place

******************************
17:12:20: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = NvMediaCenter
Value Data = RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit - this command has been left in place
--------------------
Value Name = NvCplDaemon
Value Data = RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup - this command has been left in place
--------------------
Value Name = nwiz
Value Data = nwiz.exe /install - this command has been left in place
--------------------
Value Name = CriticalUpdate
Value Data = C:\WINDOWS\SYSTEM\wucrtupd.exe -startup - this command has been left in place
--------------------
Value Name = LoadQM
Value Data = loadqm.exe - this command has been left in place
--------------------
Value Name = SystemTray
Value Data = SysTray.Exe - this command has been left in place
--------------------
Value Name = SSBkgdUpdate
Value Data = C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot - this command has been left in place
--------------------
Value Name = ccApp
Value Data = C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe - this command has been left in place
--------------------
Value Name = ccRegVfy
Value Data = C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe - this command has been left in place
--------------------
Value Name = Symantec NetDriver Monitor
Value Data = C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer - this command has been left in place
--------------------
Value Name = LogitechVideoRepair
Value Data = C:\Program Files\Logitech\Video\ISStart.exe - this command has been left in place
--------------------
Value Name = LogitechVideoTray
Value Data = C:\Program Files\Logitech\Video\LogiTray.exe - this command has been left in place
--------------------
Value Name = CTStartup
Value Data = C:\PROGRAM FILES\CREATIVE\SBAUDIGY\PROGRAM\CTEaxSpl.EXE /run - this command has been left in place [file not found to scan]
--------------------
Value Name = LVCOMSX
Value Data = C:\WINDOWS\SYSTEM\LVCOMSX.EXE - this command has been left in place
--------------------
Value Name = StillImageMonitor
Value Data = C:\WINDOWS\SYSTEM\STIMON.EXE - this command has been left in place
--------------------
Value Name = TaskMonitor
Value Data = C:\WINDOWS\taskmon.exe - this command has been left in place
--------------------
Value Name = Windows Spooler
Value Data = C:\WINDOWS\SYSTEM\spoolsv32.exe - this command has been left in place [file not found to scan]
--------------------
Value Name = Windows DLL Host
Value Data = C:\WINDOWS\SYSTEM\dllhost32.exe - this command has been left in place [file not found to scan]
--------------------
Value Name = ScanRegistry
Value Data = C:\WINDOWS\scanregw.exe /autorun - this command has been left in place
--------------------
Value Name = SetDefPrt
Value Data = C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe - this command has been left in place
--------------------
Value Name = Dcfssvc
Value Data = C:\PROGRA~1\FICHIE~1\KODAK\HYDRA_DR\DCFSSVC.EXE --pdr: "C:\Program Files\Fichiers communs\KODAK\HYDRA_DR\dcmnter.pdr - this command has been left in place [file not found to scan]
--------------------
Value Name = LoadPowerProfile
Value Data = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme - this command is expected and has been left in place
--------------------
Value Name = BrmfRmPA.exe
Value Data = C:\WINDOWS\BrmfRmPA.exe -startup - this command has been left in place
--------------------
Value Name = TkBellExe
Value Data = C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot - this command has been left in place
--------------------
Value Name = QuickTime Task
Value Data = C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime - this command has been left in place
--------------------
Value Name = TrojanScanner
Value Data = C:\Program Files\Trojan Remover\Trjscan.exe - this program is Trojan Remover's own scan file
--------------------
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key attempts to run the following program(s):
Value Name = LoadPowerProfile
Value Data = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme - this command is expected and has been left in place
--------------------
Value Name = ccEvtMgr
Value Data = C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe - this command has been left in place
--------------------
Value Name = ScriptBlocking
Value Data = C:\Program Files\Fichiers communs\Symantec Shared\Script Blocking\SBServ.exe" -reg - this command has been left in place
--------------------
Value Name = SchedulingAgent
Value Data = mstask.exe - this command has been left in place
--------------------
Value Name = KB891711
Value Data = C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE - this command has been left in place
--------------------
Value Name = KB918547
Value Data = C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE - this command has been left in place
--------------------
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = MétéoIMédia
Value Data = C:\PROGRAM FILES\MéTéOMéDIA\MéTéOIMéDIA\WEATHEREYE.EXE - this command has been left in place
--------------------
Value Name = LogitechSoftwareUpdate
Value Data = C:\PROGRAM FILES\LOGITECH\VIDEO\MANIFESTENGINE.EXE" boot - this command has been left in place
--------------------
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty

******************************
17:12:28: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

******************************
17:12:28: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
Hidden Registry Entries were not scanned for (not an NT system)

******************************
17:12:28: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

******************************
17:12:28: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Checking the StubPath calls in the Active Setup\Installed Components registry keys:
Key=>PerUser_MSN_Clean
StubPath=C:\WINDOWS\msnmgsr1.exe - this reference has been left in place
----------
Key=PerUser_LinkBar_URLs
StubPath=C:\WINDOWS\COMMAND\sulfnbk.exe - this reference has been left in place
----------
Key={9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}
StubPath=C:\WINDOWS\SYSTEM\updcrl.exe - this reference has been left in place
----------
Key=>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
StubPath=C:\WINDOWS\inf\unregmp2.exe - this reference has been left in place
----------

******************************
17:12:30: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:
VxD Key = VNETSUP
Vxd = vnetsup.vxd - this command has been left in place
---------
VxD Key = NDIS
Vxd = ndis.vxd,ndis2sup.vxd - this command has been left in place [file not found to scan]
---------
VxD Key = JAVASUP
Vxd = JAVASUP.VXD - this command has been left in place
---------
VxD Key = VRTWD
Vxd = C:\WINDOWS\SYSTEM\vrtwd.386 - this command has been left in place
---------
VxD Key = VFIXD
Vxd = C:\WINDOWS\SYSTEM\vfixd.vxd - this command has been left in place
---------
VxD Key = VNETBIOS
Vxd = vnetbios.vxd - this command has been left in place
---------
VxD Key = VREDIR
Vxd = vredir.vxd - this command has been left in place
---------
VxD Key = DFS
Vxd = dfs.vxd - this command has been left in place
---------
VxD Key = SYMEVNT
Vxd = C:\PROGRA~1\SYMANTEC\SYMEVNT.386 - this command has been left in place
---------
VxD Key = SYMTDI
Vxd = SYMTDI.VXD - this command has been left in place
---------
VxD Key = SAVRTPEL
Vxd = C:\PROGRA~1\NORTON~1\SAVRTPEL.VXD - this command has been left in place
---------
VxD Key = SAVRT
Vxd = C:\PROGRA~1\NORTON~1\SAVRT.VXD - this command has been left in place
---------
VxD Key = VGARTD
Vxd = vgartd.vxd - this command has been left in place
---------
Checking VMM32 VxD files being loaded

******************************
17:12:34: Scanning ----- CONTEXTMENUHANDLERS -----
Key = WinZip
CLSID = {E0D79300-84BE-11CE-9641-444553540000}
C:\PROGRA~1\WINZIP\wzshlext.dll - this ContextMenuHandler has been left in place
----------
Key = WinRAR
CLSID = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
C:\PROGRAM FILES\WINRAR\rarext.dll - this ContextMenuHandler has been left in place
----------
Key = Symantec.Norton.Antivirus.IEContextMenu
CLSID = {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}
C:\Program Files\Norton AntiVirus\NavShExt.dll - this ContextMenuHandler has been left in place
----------
Key = Trojan Remover
CLSID = {52B87208-9CCF-42C9-B88E-069281105805}
C:\PROGRA~1\TROJAN~1\TRSHLEX.DLL - this ContextMenuHandler has been left in place
----------

******************************
17:12:35: Scanning ----- FOLDER\COLUMNHANDLERS -----
No Folder\ColumnHandler entries found to scan

******************************
17:12:35: Scanning ----- BROWSER HELPER OBJECTS -----
Key = {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL - this Browser Helper Object has been left in place
----------
Key = {BDF3E430-B101-42AD-A544-FADC6B084872}
C:\Program Files\Norton AntiVirus\NavShExt.dll - this Browser Helper Object has been left in place
----------
Key = {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - this Browser Helper Object has been left in place
----------

******************************
17:12:36: Scanning ----- SHELLSERVICEOBJECTS -----
Key = WebCheck
C:\WINDOWS\SYSTEM\WEBCHECK.DLL - this ShellServiceObject has been left in place
----------
Key = apathies
C:\WINDOWS\SYSTEM\geplxss.dll - appears to contain TROJAN.FAKEALERT
C:\WINDOWS\SYSTEM\geplxss.dll - this ShellServiceObject has been left in place
----------

******************************
17:40:09: Scanning ----- APPINIT_DLLS -----
No APPINIT_DLLS found to scan

******************************
17:40:09: Scanning ------ GLOBAL STARTUP GROUP ------
[C:\WINDOWS\Menu Démarrer\Programmes\Démarrage]
The Global Startup Group attempts to load the following file(s) at boot time:
Microsoft Office.lnk - this links to C:\Program Files\Microsoft Office\Office\OSA9.EXE and has been left in place
--------------------
FAXRX.lnk - this links to C:\Program Files\Brother\Brmfl04b\FAXRX.exe and has been left in place
--------------------
Image Transfer.lnk - this links to C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe and has been left in place
--------------------

******************************
17:40:10: Scanning ------ COMMON STARTUP GROUP ------
[C:\WINDOWS\All users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group does not attempt to load any files

******************************
No individual User Startup Groups were located

******************************
17:40:10: Scanning ----- SCHEDULED TASKS -----

******************************
17:40:10: ----- EXTRA CHECKS -----
----------

******************************
17:40:10: Scanning ------ DOWNLOADED PROGRAM FILES ------
The following files are located in the DOWNLOADED PROGRAM FILES directory:
C:\WINDOWS\Downloaded Program Files\desktop.ini - this file is expected and has been left in place
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd - this file has been left in place
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd - this file has been left in place
C:\WINDOWS\Downloaded Program Files\Internet Explorer Classes for Java.osd - this file has been left in place
C:\WINDOWS\Downloaded Program Files\swflash.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\iuctl.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\dwusplay.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\dwusplay.exe - this file has been left in place
C:\WINDOWS\Downloaded Program Files\isusweb.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\erma.inf - this file has been left in place

******************************
17:40:14: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\SYSTEM\KERNEL32.DLL
--------------------
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
--------------------
C:\WINDOWS\SYSTEM\SPOOL32.EXE
--------------------
C:\WINDOWS\SYSTEM\MPREXE.EXE
--------------------
C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCEVTMGR.EXE
--------------------
C:\WINDOWS\SYSTEM\MSTASK.EXE
--------------------
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
--------------------
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
--------------------
C:\WINDOWS\SYSTEM\PSTORES.EXE
--------------------
C:\WINDOWS\SYSTEM\mmtask.tsk
--------------------
C:\WINDOWS\EXPLORER.EXE
--------------------
C:\WINDOWS\LOADQM.EXE
--------------------
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
--------------------
C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCAPP.EXE
--------------------
C:\PROGRAM FILES\LOGITECH\VIDEO\LOGITRAY.EXE
--------------------
C:\WINDOWS\SYSTEM\LVCOMSX.EXE
--------------------
C:\WINDOWS\SYSTEM\STIMON.EXE
--------------------
C:\WINDOWS\TASKMON.EXE
--------------------
C:\PROGRAM FILES\FICHIERS COMMUNS\KODAK\HYDRA_DR\DCFSSVC.EXE
--------------------
C:\WINDOWS\SYSTEM\DDHELP.EXE
--------------------
C:\PROGRAM FILES\FICHIERS COMMUNS\REAL\UPDATE_OB\REALSCHED.EXE
--------------------
C:\WINDOWS\SYSTEM\QTTASK.EXE
--------------------
C:\PROGRAM FILES\MéTéOMéDIA\MéTéOIMéDIA\WEATHEREYE.EXE
--------------------
C:\WINDOWS\SYSTEM\BRMFRSMG.EXE
--------------------
C:\PROGRAM FILES\BROTHER\BRMFL04B\FAXRX.EXE
--------------------
C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\SONYTRAY.EXE
--------------------
C:\WINDOWS\SYSTEM\WMIEXE.EXE
--------------------
C:\PROGRAM FILES\LOGITECH\VIDEO\FXSVR2.EXE
--------------------
C:\PROGRAM FILES\MéTéOMéDIA\MéTéOIMéDIA\WEATHEREYE.EXE
--------------------
C:\PROGRAM FILES\TROJAN REMOVER\PHCB165.EXE
FileSize: 1 782 336
[This is a Trojan Remover component]
--------------------
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
--------------------

******************************
17:40:25: Checking Windows Services file
SERVICES file found in C:\WINDOWS

******************************
17:40:25: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

******************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\SYSTEM\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page":
about:blank
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\SYSTEM\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

******************************

NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES


Scan completed at: 07-03-25 17:40:25
************************************************************
0
richard3 Messages postés 207 Statut Membre 5
 
C'est règler.......
Merci beaucoup pour ton aide car avec trojanremover
quelqu'un ma dit de supprimer la geplxss.dll qu'il avait trouvé avec Regedit .... et c'est partie...
Merci encore
0
Réponse 6 / 6
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

ok, pas de quoi :)

un peu de lecture :

https://sebsauvage.net/safehex.html

securite proteger un ordinateur contre les malwares d internet

@+

La sagesse, c'est d'avoir des rêves suffisamment grands pour ne pas les
perdre de vue lorsqu'on les poursuit. (Oscar Wilde)
0

Discussions similaires

HP Battery ALERT
Gershia -
Gershia -

2 réponses
l'administrateur système a configuré la polit
lc33520 -
@ -

40 réponses
ALERT en php
snoopy -
appkech -

14 réponses
processus inactif du systeme
edsurf64 -
mick8 -

29 réponses