Systeme alert pour Win98

Résolu
richard3 Messages postés 207 Statut Membre -  
green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   -
j'ai le message suivant qui s'affiche régulièrement en bas juste à côté de l'horloge :

"SYSTEM ALERT!

j'ai windows 98 SE et Explrer 6
et il y a des logiciel qui ne marche pas pour moi comme SmitfraudFix et ewido anti-spyware ...

j'ai utilisé CCleaner et HijackThis mais je ne sais pas quoi fix
Merci beaucoup à l'avance
Richard
Configuration: Windows 98
Internet Explorer 6.0

6 réponses

  1. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    poste le hijack !

    ++
    0
    1. richard3 Messages postés 207 Statut Membre 5
       
      bonjour
      voici le HiJack...
      Merci beaucoup de m'aider

      Logfile of Trend Micro HijackThis v2.0.0 (BETA)
      Scan saved at 17:24:48, on 07-03-22
      Platform: Windows 98 SE (Win9x 4.10.2222A)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\SYSTEM\KERNEL32.DLL
      C:\WINDOWS\SYSTEM\MSGSRV32.EXE
      C:\WINDOWS\SYSTEM\MPREXE.EXE
      C:\WINDOWS\SYSTEM\mmtask.tsk
      C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCEVTMGR.EXE
      C:\WINDOWS\SYSTEM\MSTASK.EXE
      C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
      C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
      C:\WINDOWS\EXPLORER.EXE
      C:\WINDOWS\SYSTEM\PSTORES.EXE
      C:\WINDOWS\LOADQM.EXE
      C:\WINDOWS\SYSTEM\SYSTRAY.EXE
      C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCAPP.EXE
      C:\PROGRAM FILES\LOGITECH\VIDEO\LOGITRAY.EXE
      C:\WINDOWS\SYSTEM\LVCOMSX.EXE
      C:\WINDOWS\SYSTEM\STIMON.EXE
      C:\WINDOWS\TASKMON.EXE
      C:\PROGRAM FILES\FICHIERS COMMUNS\KODAK\HYDRA_DR\DCFSSVC.EXE
      C:\WINDOWS\SYSTEM\SPOOL32.EXE
      C:\PROGRAM FILES\MéTéOMéDIA\MéTéOIMéDIA\WEATHEREYE.EXE
      C:\PROGRAM FILES\BROTHER\BRMFL04B\FAXRX.EXE
      C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\SONYTRAY.EXE
      C:\WINDOWS\SYSTEM\DDHELP.EXE
      C:\WINDOWS\SYSTEM\BRMFRSMG.EXE
      C:\WINDOWS\SYSTEM\WMIEXE.EXE
      C:\PROGRAM FILES\LOGITECH\VIDEO\FXSVR2.EXE
      C:\PROGRAM FILES\MéTéOMéDIA\MéTéOIMéDIA\WEATHEREYE.EXE
      C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
      C:\PROGRAM FILES\FICHIERS COMMUNS\REAL\UPDATE_OB\REALSCHED.EXE
      C:\PROGRAM FILES\EMULE\EMULE.EXE
      C:\WINDOWS\BUREAU\HIJACKTHIS\HIJACKTHIS_V2.EXE

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
      O2 - BHO: (no name) - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file)
      O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
      O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
      O4 - HKLM\..\Run: [LoadQM] loadqm.exe
      O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
      O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
      O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
      O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
      O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
      O4 - HKLM\..\Run: [CTStartup] C:\PROGRAM FILES\CREATIVE\SBAUDIGY\PROGRAM\CTEaxSpl.EXE /run
      O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\SYSTEM\LVCOMSX.EXE
      O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
      O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
      O4 - HKLM\..\Run: [Windows Spooler] C:\WINDOWS\SYSTEM\spoolsv32.exe
      O4 - HKLM\..\Run: [Windows DLL Host] C:\WINDOWS\SYSTEM\dllhost32.exe
      O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
      O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
      O4 - HKLM\..\Run: [Dcfssvc] C:\PROGRA~1\FICHIE~1\KODAK\HYDRA_DR\DCFSSVC.EXE --pdr: "C:\Program Files\Fichiers communs\KODAK\HYDRA_DR\dcmnter.pdr"
      O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
      O4 - HKLM\..\Run: [BrmfRmPA.exe] C:\WINDOWS\BrmfRmPA.exe -startup
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
      O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe"
      O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Fichiers communs\Symantec Shared\Script Blocking\SBServ.exe" -reg
      O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
      O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
      O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
      O4 - HKCU\..\Run: [MétéoIMédia] C:\PROGRAM FILES\MéTéOMéDIA\MéTéOIMéDIA\WEATHEREYE.EXE
      O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\PROGRAM FILES\LOGITECH\VIDEO\MANIFESTENGINE.EXE" boot
      O4 - HKUS\.DEFAULT\..\Run: [MétéoIMédia] C:\PROGRAM FILES\MéTéOMéDIA\MéTéOIMéDIA\WEATHEREYE.EXE (User 'Default user')
      O4 - HKUS\.DEFAULT\..\Run: [LogitechSoftwareUpdate] "C:\PROGRAM FILES\LOGITECH\VIDEO\MANIFESTENGINE.EXE" boot (User 'Default user')
      O4 - .DEFAULT Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (User 'Default user')
      O4 - .DEFAULT Startup: FAXRX.lnk = C:\Program Files\Brother\Brmfl04b\FAXRX.exe (User 'Default user')
      O4 - .DEFAULT Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe (User 'Default user')
      O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O4 - Startup: FAXRX.lnk = C:\Program Files\Brother\Brmfl04b\FAXRX.exe
      O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
      O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
      O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
      O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Seekmo/ie/bridge-c9.cab?ae1c4527a33a11031c936f5485447839684c6bd8cb228c03de8df5715489ad2df05e703c0997290e5a16540af9ac1a102f8e9bca68c2607712c47610232c53f10fd72e661f86:c4feb8a70702459b15d3c47945c52d3d
      O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
      O21 - SSODL: apathies - {aed6f6a3-183c-488d-9f90-23db99f56e7f} - C:\WINDOWS\SYSTEM\geplxss.dll
      O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\SYSTEM\BROWSEUI.DLL
      O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\SYSTEM\BROWSEUI.DLL
      0
  2. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    re

    tu es sur que smitfraud ne fonctionne pas sous win 98 ?! ...

    j'ai un doute là :/ ...

    essaye avec cette manip :

    # Télécharge ceci: (merci a S!RI pour ce petit programme).

    http://siri.urz.free.fr/Fix/SmitfraudFix.zip

    Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1,
    voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php
    il va générer un rapport : copie/colle le sur le poste stp.

    ++
    0
    1. richard3 Messages postés 207 Statut Membre 5
       
      bonsoir

      En fait peut-être que c,est autre chose que Win98 qui m'empèche d'ouvrir smitfraud...voici...je dézip le programme dans un dossier...mais le problème c'est que: SmitfraudFix.cmd n'est pas associé...(vous savez...c'est l'icône windows qui apparait)
      j'ai suivi le lien de siri et téléchardgé le .exe il est associé à un icône
      de style "nucléaire" mais ne souvre pas...il y a ceci d'écrit dans le "comment" dans priorité:

      ;Le commentaire ci-dessous contient des commandes pour script SFX

      Setup=%comspec% /c cd SmitfraudFix && SmitfraudFix.cmd
      Silent=1
      Overwrite=2

      Voilà
      Merci encore
      0
  3. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    effectivement, il faut d'abord dézippé/ decompresser le fichier !

    clic droit dessus puis tout extraire !

    @+
    0
    1. richard3 Messages postés 207 Statut Membre 5
       
      tout est dézippé...
      relit bien mon message ...je ne peux installé...car l'icone de Smitfraud n'est pas associé

      ++
      0
  4. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Je ne sais pas lire : ça se voit tant que ça ??? :)

    Plaisanterie à part, qu'il a t il dans le fichier dezippé ??? le nom des commandes stp

    ++

    0
    1. richard3 Messages postés 207 Statut Membre 5
       
      voilà...
      Ce sont tous des application...sauf SmitfraudFix.cmd qui est un fichier CMD...il y a le petit drapeau de windows dans un carré blanc. Si je clique dessus il m'ouvre ça ouvre la page qui me demande le programme à utiliser pour ouvrir le fichier SmitfraudFix.cmd

      Merci...........

      Process;
      GenericRenosFix;
      dumphive;
      Reboot;
      restart;
      SmitfraudFix.cmd;
      SmiUpdate;
      SrchSTS;
      swreg;
      swsc;
      swxcacls;
      unzip
      0
    2. richard3 Messages postés 207 Statut Membre 5
       
      quelqu'un m'a dit sur ce site même que les fichier cmd ne sont pas lisible avec win98...
      il faudrait autre chose que Smitfraud pour faire le rapport que tu a besoin pour règler mon problème
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    ok, télécharge ceci :

    trojan remover

    et poste le rapport stp

    @+
    0
    1. richard3 Messages postés 207 Statut Membre 5
       
      y'a pas rappot comme hiJck...
      j'ai copier ce qu'il y a...je ne sais pas quoi sélectionner pour terminer...

      C:\WINDOWS\SYSTEM\geplxss.dll

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\"apathies"

      Merci beaucoup
      0
    2. richard3 Messages postés 207 Statut Membre 5
       
      le voici...je suis allé plus loin et je l'ai eu

      ***** NORMAL SCAN FOR ACTIVE MALWARE *****
      Trojan Remover Ver 6.5.9, Build 2457. For information, email simplysupsupport@aol.com
      [Unregistered version]
      Scan started at: 07-03-25 17:12:19
      Using Database v6763
      Operating System: Windows 98
      Using data directory: C:\Program Files\Trojan Remover\
      Logfile directory: C:\Program Files\Trojan Remover\


      **************************************************
      Checking Registry exefile command for modifications
      Checking Registry comfile command for modifications
      Checking Registry piffile command for modifications
      Checking Registry batfile command for modifications
      Checking Registry regfile command for modifications
      Checking Registry scrfile command for modifications

      ******************************
      17:12:19: Scanning ----------WIN.INI-----------
      WIN.INI found in C:\WINDOWS
      an empty LOAD statement was found in line 2; - ignored
      an empty RUN statement was found in line 2; - ignored

      ******************************
      17:12:19: Scanning --------SYSTEM.INI---------
      SYSTEM.INI found in C:\WINDOWS
      The SHELL statement on line 2 attempts to load the following program(s):
      Explorer.exe - this command has been left in place
      The SCRNSAVE.EXE statement on line 18 attempts to load the following program(s):
      C:\WINDOWS\SYSTEM\SS3DFO.SCR - this command has been left in place

      ******************************
      17:12:20: Scanning -----WINDOWS REGISTRY-----
      --------------------
      Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
      --------------------
      Checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
      --------------------
      Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
      This Registry Key attempts to run the following program(s):
      Value Name = NvMediaCenter
      Value Data = RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit - this command has been left in place
      --------------------
      Value Name = NvCplDaemon
      Value Data = RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup - this command has been left in place
      --------------------
      Value Name = nwiz
      Value Data = nwiz.exe /install - this command has been left in place
      --------------------
      Value Name = CriticalUpdate
      Value Data = C:\WINDOWS\SYSTEM\wucrtupd.exe -startup - this command has been left in place
      --------------------
      Value Name = LoadQM
      Value Data = loadqm.exe - this command has been left in place
      --------------------
      Value Name = SystemTray
      Value Data = SysTray.Exe - this command has been left in place
      --------------------
      Value Name = SSBkgdUpdate
      Value Data = C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot - this command has been left in place
      --------------------
      Value Name = ccApp
      Value Data = C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe - this command has been left in place
      --------------------
      Value Name = ccRegVfy
      Value Data = C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe - this command has been left in place
      --------------------
      Value Name = Symantec NetDriver Monitor
      Value Data = C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer - this command has been left in place
      --------------------
      Value Name = LogitechVideoRepair
      Value Data = C:\Program Files\Logitech\Video\ISStart.exe - this command has been left in place
      --------------------
      Value Name = LogitechVideoTray
      Value Data = C:\Program Files\Logitech\Video\LogiTray.exe - this command has been left in place
      --------------------
      Value Name = CTStartup
      Value Data = C:\PROGRAM FILES\CREATIVE\SBAUDIGY\PROGRAM\CTEaxSpl.EXE /run - this command has been left in place [file not found to scan]
      --------------------
      Value Name = LVCOMSX
      Value Data = C:\WINDOWS\SYSTEM\LVCOMSX.EXE - this command has been left in place
      --------------------
      Value Name = StillImageMonitor
      Value Data = C:\WINDOWS\SYSTEM\STIMON.EXE - this command has been left in place
      --------------------
      Value Name = TaskMonitor
      Value Data = C:\WINDOWS\taskmon.exe - this command has been left in place
      --------------------
      Value Name = Windows Spooler
      Value Data = C:\WINDOWS\SYSTEM\spoolsv32.exe - this command has been left in place [file not found to scan]
      --------------------
      Value Name = Windows DLL Host
      Value Data = C:\WINDOWS\SYSTEM\dllhost32.exe - this command has been left in place [file not found to scan]
      --------------------
      Value Name = ScanRegistry
      Value Data = C:\WINDOWS\scanregw.exe /autorun - this command has been left in place
      --------------------
      Value Name = SetDefPrt
      Value Data = C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe - this command has been left in place
      --------------------
      Value Name = Dcfssvc
      Value Data = C:\PROGRA~1\FICHIE~1\KODAK\HYDRA_DR\DCFSSVC.EXE --pdr: "C:\Program Files\Fichiers communs\KODAK\HYDRA_DR\dcmnter.pdr - this command has been left in place [file not found to scan]
      --------------------
      Value Name = LoadPowerProfile
      Value Data = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme - this command is expected and has been left in place
      --------------------
      Value Name = BrmfRmPA.exe
      Value Data = C:\WINDOWS\BrmfRmPA.exe -startup - this command has been left in place
      --------------------
      Value Name = TkBellExe
      Value Data = C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot - this command has been left in place
      --------------------
      Value Name = QuickTime Task
      Value Data = C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime - this command has been left in place
      --------------------
      Value Name = TrojanScanner
      Value Data = C:\Program Files\Trojan Remover\Trjscan.exe - this program is Trojan Remover's own scan file
      --------------------
      --------------------
      Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
      This Registry Key appears to be empty
      --------------------
      Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
      This Registry Key attempts to run the following program(s):
      Value Name = LoadPowerProfile
      Value Data = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme - this command is expected and has been left in place
      --------------------
      Value Name = ccEvtMgr
      Value Data = C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe - this command has been left in place
      --------------------
      Value Name = ScriptBlocking
      Value Data = C:\Program Files\Fichiers communs\Symantec Shared\Script Blocking\SBServ.exe" -reg - this command has been left in place
      --------------------
      Value Name = SchedulingAgent
      Value Data = mstask.exe - this command has been left in place
      --------------------
      Value Name = KB891711
      Value Data = C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE - this command has been left in place
      --------------------
      Value Name = KB918547
      Value Data = C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE - this command has been left in place
      --------------------
      --------------------
      Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
      This Registry Key appears to be empty
      --------------------
      Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
      This Registry Key appears to be empty
      --------------------
      Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
      This Registry Key appears to be empty
      --------------------
      Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
      This Registry Key attempts to run the following program(s):
      Value Name = MétéoIMédia
      Value Data = C:\PROGRAM FILES\MéTéOMéDIA\MéTéOIMéDIA\WEATHEREYE.EXE - this command has been left in place
      --------------------
      Value Name = LogitechSoftwareUpdate
      Value Data = C:\PROGRAM FILES\LOGITECH\VIDEO\MANIFESTENGINE.EXE" boot - this command has been left in place
      --------------------
      --------------------
      Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
      This Registry Key appears to be empty

      ******************************
      17:12:28: Scanning -----SHELLEXECUTEHOOKS-----
      ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
      File: shell32.dll - this file is expected and has been left in place
      ----------

      ******************************
      17:12:28: Scanning -----HIDDEN REGISTRY ENTRIES-----
      Taskdir check completed
      ----------
      Hidden Registry Entries were not scanned for (not an NT system)

      ******************************
      17:12:28: Scanning -----ACTIVE SCREENSAVER-----
      No active ScreenSaver found to scan.

      ******************************
      17:12:28: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
      Checking the StubPath calls in the Active Setup\Installed Components registry keys:
      Key=>PerUser_MSN_Clean
      StubPath=C:\WINDOWS\msnmgsr1.exe - this reference has been left in place
      ----------
      Key=PerUser_LinkBar_URLs
      StubPath=C:\WINDOWS\COMMAND\sulfnbk.exe - this reference has been left in place
      ----------
      Key={9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}
      StubPath=C:\WINDOWS\SYSTEM\updcrl.exe - this reference has been left in place
      ----------
      Key=>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
      StubPath=C:\WINDOWS\inf\unregmp2.exe - this reference has been left in place
      ----------

      ******************************
      17:12:30: Scanning -----VXD ENTRIES-----
      Checking the following VxD entries:
      VxD Key = VNETSUP
      Vxd = vnetsup.vxd - this command has been left in place
      ---------
      VxD Key = NDIS
      Vxd = ndis.vxd,ndis2sup.vxd - this command has been left in place [file not found to scan]
      ---------
      VxD Key = JAVASUP
      Vxd = JAVASUP.VXD - this command has been left in place
      ---------
      VxD Key = VRTWD
      Vxd = C:\WINDOWS\SYSTEM\vrtwd.386 - this command has been left in place
      ---------
      VxD Key = VFIXD
      Vxd = C:\WINDOWS\SYSTEM\vfixd.vxd - this command has been left in place
      ---------
      VxD Key = VNETBIOS
      Vxd = vnetbios.vxd - this command has been left in place
      ---------
      VxD Key = VREDIR
      Vxd = vredir.vxd - this command has been left in place
      ---------
      VxD Key = DFS
      Vxd = dfs.vxd - this command has been left in place
      ---------
      VxD Key = SYMEVNT
      Vxd = C:\PROGRA~1\SYMANTEC\SYMEVNT.386 - this command has been left in place
      ---------
      VxD Key = SYMTDI
      Vxd = SYMTDI.VXD - this command has been left in place
      ---------
      VxD Key = SAVRTPEL
      Vxd = C:\PROGRA~1\NORTON~1\SAVRTPEL.VXD - this command has been left in place
      ---------
      VxD Key = SAVRT
      Vxd = C:\PROGRA~1\NORTON~1\SAVRT.VXD - this command has been left in place
      ---------
      VxD Key = VGARTD
      Vxd = vgartd.vxd - this command has been left in place
      ---------
      Checking VMM32 VxD files being loaded

      ******************************
      17:12:34: Scanning ----- CONTEXTMENUHANDLERS -----
      Key = WinZip
      CLSID = {E0D79300-84BE-11CE-9641-444553540000}
      C:\PROGRA~1\WINZIP\wzshlext.dll - this ContextMenuHandler has been left in place
      ----------
      Key = WinRAR
      CLSID = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
      C:\PROGRAM FILES\WINRAR\rarext.dll - this ContextMenuHandler has been left in place
      ----------
      Key = Symantec.Norton.Antivirus.IEContextMenu
      CLSID = {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}
      C:\Program Files\Norton AntiVirus\NavShExt.dll - this ContextMenuHandler has been left in place
      ----------
      Key = Trojan Remover
      CLSID = {52B87208-9CCF-42C9-B88E-069281105805}
      C:\PROGRA~1\TROJAN~1\TRSHLEX.DLL - this ContextMenuHandler has been left in place
      ----------

      ******************************
      17:12:35: Scanning ----- FOLDER\COLUMNHANDLERS -----
      No Folder\ColumnHandler entries found to scan

      ******************************
      17:12:35: Scanning ----- BROWSER HELPER OBJECTS -----
      Key = {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
      C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL - this Browser Helper Object has been left in place
      ----------
      Key = {BDF3E430-B101-42AD-A544-FADC6B084872}
      C:\Program Files\Norton AntiVirus\NavShExt.dll - this Browser Helper Object has been left in place
      ----------
      Key = {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
      C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - this Browser Helper Object has been left in place
      ----------

      ******************************
      17:12:36: Scanning ----- SHELLSERVICEOBJECTS -----
      Key = WebCheck
      C:\WINDOWS\SYSTEM\WEBCHECK.DLL - this ShellServiceObject has been left in place
      ----------
      Key = apathies
      C:\WINDOWS\SYSTEM\geplxss.dll - appears to contain TROJAN.FAKEALERT
      C:\WINDOWS\SYSTEM\geplxss.dll - this ShellServiceObject has been left in place
      ----------

      ******************************
      17:40:09: Scanning ----- APPINIT_DLLS -----
      No APPINIT_DLLS found to scan

      ******************************
      17:40:09: Scanning ------ GLOBAL STARTUP GROUP ------
      [C:\WINDOWS\Menu Démarrer\Programmes\Démarrage]
      The Global Startup Group attempts to load the following file(s) at boot time:
      Microsoft Office.lnk - this links to C:\Program Files\Microsoft Office\Office\OSA9.EXE and has been left in place
      --------------------
      FAXRX.lnk - this links to C:\Program Files\Brother\Brmfl04b\FAXRX.exe and has been left in place
      --------------------
      Image Transfer.lnk - this links to C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe and has been left in place
      --------------------

      ******************************
      17:40:10: Scanning ------ COMMON STARTUP GROUP ------
      [C:\WINDOWS\All users\Menu Démarrer\Programmes\Démarrage]
      The Common Startup Group does not attempt to load any files

      ******************************
      No individual User Startup Groups were located

      ******************************
      17:40:10: Scanning ----- SCHEDULED TASKS -----

      ******************************
      17:40:10: ----- EXTRA CHECKS -----
      ----------

      ******************************
      17:40:10: Scanning ------ DOWNLOADED PROGRAM FILES ------
      The following files are located in the DOWNLOADED PROGRAM FILES directory:
      C:\WINDOWS\Downloaded Program Files\desktop.ini - this file is expected and has been left in place
      C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd - this file has been left in place
      C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd - this file has been left in place
      C:\WINDOWS\Downloaded Program Files\Internet Explorer Classes for Java.osd - this file has been left in place
      C:\WINDOWS\Downloaded Program Files\swflash.inf - this file has been left in place
      C:\WINDOWS\Downloaded Program Files\iuctl.inf - this file has been left in place
      C:\WINDOWS\Downloaded Program Files\dwusplay.dll - this file has been left in place
      C:\WINDOWS\Downloaded Program Files\dwusplay.exe - this file has been left in place
      C:\WINDOWS\Downloaded Program Files\isusweb.dll - this file has been left in place
      C:\WINDOWS\Downloaded Program Files\erma.inf - this file has been left in place

      ******************************
      17:40:14: Scanning ----- RUNNING PROCESSES -----

      C:\WINDOWS\SYSTEM\KERNEL32.DLL
      --------------------
      C:\WINDOWS\SYSTEM\MSGSRV32.EXE
      --------------------
      C:\WINDOWS\SYSTEM\SPOOL32.EXE
      --------------------
      C:\WINDOWS\SYSTEM\MPREXE.EXE
      --------------------
      C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCEVTMGR.EXE
      --------------------
      C:\WINDOWS\SYSTEM\MSTASK.EXE
      --------------------
      C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
      --------------------
      C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
      --------------------
      C:\WINDOWS\SYSTEM\PSTORES.EXE
      --------------------
      C:\WINDOWS\SYSTEM\mmtask.tsk
      --------------------
      C:\WINDOWS\EXPLORER.EXE
      --------------------
      C:\WINDOWS\LOADQM.EXE
      --------------------
      C:\WINDOWS\SYSTEM\SYSTRAY.EXE
      --------------------
      C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCAPP.EXE
      --------------------
      C:\PROGRAM FILES\LOGITECH\VIDEO\LOGITRAY.EXE
      --------------------
      C:\WINDOWS\SYSTEM\LVCOMSX.EXE
      --------------------
      C:\WINDOWS\SYSTEM\STIMON.EXE
      --------------------
      C:\WINDOWS\TASKMON.EXE
      --------------------
      C:\PROGRAM FILES\FICHIERS COMMUNS\KODAK\HYDRA_DR\DCFSSVC.EXE
      --------------------
      C:\WINDOWS\SYSTEM\DDHELP.EXE
      --------------------
      C:\PROGRAM FILES\FICHIERS COMMUNS\REAL\UPDATE_OB\REALSCHED.EXE
      --------------------
      C:\WINDOWS\SYSTEM\QTTASK.EXE
      --------------------
      C:\PROGRAM FILES\MéTéOMéDIA\MéTéOIMéDIA\WEATHEREYE.EXE
      --------------------
      C:\WINDOWS\SYSTEM\BRMFRSMG.EXE
      --------------------
      C:\PROGRAM FILES\BROTHER\BRMFL04B\FAXRX.EXE
      --------------------
      C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\SONYTRAY.EXE
      --------------------
      C:\WINDOWS\SYSTEM\WMIEXE.EXE
      --------------------
      C:\PROGRAM FILES\LOGITECH\VIDEO\FXSVR2.EXE
      --------------------
      C:\PROGRAM FILES\MéTéOMéDIA\MéTéOIMéDIA\WEATHEREYE.EXE
      --------------------
      C:\PROGRAM FILES\TROJAN REMOVER\PHCB165.EXE
      FileSize: 1 782 336
      [This is a Trojan Remover component]
      --------------------
      C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
      --------------------

      ******************************
      17:40:25: Checking Windows Services file
      SERVICES file found in C:\WINDOWS

      ******************************
      17:40:25: Checking AUTOEXEC.BAT file
      AUTOEXEC.BAT found in C:\
      No malicious entries were found in the AUTOEXEC.BAT file

      ******************************
      ------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Start Page":
      http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Local Page":
      C:\WINDOWS\SYSTEM\blank.htm
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Search Page":
      http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
      http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
      http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
      https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
      https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page":
      about:blank
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Local Page":
      C:\WINDOWS\SYSTEM\blank.htm
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page":
      http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

      ******************************

      NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES


      Scan completed at: 07-03-25 17:40:25
      ************************************************************
      0
    3. richard3 Messages postés 207 Statut Membre 5
       
      C'est règler.......
      Merci beaucoup pour ton aide car avec trojanremover
      quelqu'un ma dit de supprimer la geplxss.dll qu'il avait trouvé avec Regedit .... et c'est partie...
      Merci encore
      0
  7. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    ok, pas de quoi :)

    un peu de lecture :

    https://sebsauvage.net/safehex.html

    securite proteger un ordinateur contre les malwares d internet

    @+

    La sagesse, c'est d'avoir des rêves suffisamment grands pour ne pas les
    perdre de vue lorsqu'on les poursuit. (Oscar Wilde)
    0