Se connecter / S'enregistrer
Votre question

Site bloquer par ProSiteFinder.

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
23 Février 2010 12:33:28

Bonjour,

J'ai un site pour le moment qui est bloquer par ProSiteFinder, en l'occurence celui-ci ouvre une fenetre pop-up dans ce style :
http://forum.malekal.com/download/file.php?id=2645&mode...
a chaque fois que je click sur un lien de se site.

J'ai déjà éssayer Spybot et Antivir, sans résultat.

Par ailleurs ceci se produit quelque soit le navigateur utilisé.

Voici le rapport DDS, et Catchme.

Merci pour votre aide.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Administrateur at 15:59:05,31 on 22/02/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1307 [GMT 1:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Garena\Garena.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\notepad.exe
D:\Mes documents\Téléchargements\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.fr/
uSearch Bar = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
ucustomizesearch = hxxp://www.google.com/ie
usearchassistant = hxxp://www.google.com/ie
mcustomizesearch = hxxp://www.google.com/ie
msearchassistant = hxxp://www.google.com/ie
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [PlayNC Launcher]
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunOnce: [UniblueRegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRunOnce: [JkDefrag] rundll32 advpack.dll,LaunchINFSection JKDEFRAG.INF,RunOnce,1,N
dRunOnce: [SweetRegistry] rundll32 advpack.dll,LaunchINFSection SweetReg.inf,PerUserStub
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\paltalk.lnk - c:\program files\paltalk messenger\paltalk.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: NoInstrumentation = 1 (0x1)
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMBalloonTip = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: NoSMHelp = 1 (0x1)
uPolicies-explorer: NoStrCmpLogical = 0 (0x0)
uPolicies-explorer: NoWelcomeScreen = 1 (0x1)
mPolicies-explorer: HideRunAsVerb = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoInstrumentation = 1 (0x1)
mPolicies-explorer: NoNetConnectDisconnect = 1 (0x1)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
dPolicies-explorer: NoInstrumentation = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMBalloonTip = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: NoStrCmpLogical = 0 (0x0)
dPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1242485856062
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1242485849000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fichie~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - rundll32 advpack.dll,LaunchINFSection c:\windows\inf\ie.inf,IE7Stub
mASetup: >{D10A0BD6-DEAB-423e-8A6B-373B4BDB3C7B} - rundll32.exe advpack.dll,LaunchINFSection c:\windows\inf\firefox.inf,PerUserStub

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\mteietq8.default\
FF - component: c:\documents and settings\administrateur\application data\mozilla\firefox\profiles\mteietq8.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [2008-9-28 103680]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-5-16 11608]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\avira\antivir desktop\sched.exe [2009-5-16 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-5-16 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-16 56816]
R3 GarenaPEngine;GarenaPEngine;c:\docume~1\admini~1\locals~1\temp\KAGF.tmp [2010-2-22 25616]
S2 gupdate1ca1c667e887256;Service Google Update (gupdate1ca1c667e887256);c:\program files\google\update\GoogleUpdate.exe [2009-8-13 133104]
S3 DBKDRVR54;DBKDRVR54;\??\c:\program files\cheat engine\dbk32.sys --> c:\program files\cheat engine\dbk32.sys [?]
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\ncsoft\aion (north america)\bin32\gameguard\dump_wmimmc.sys --> c:\program files\ncsoft\aion (north america)\bin32\gameguard\dump_wmimmc.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

=============== Created Last 30 ================

2010-02-22 14:27:56 0 d-----w- c:\docume~1\admini~1\applic~1\Uniblue
2010-02-22 14:27:39 0 d-----w- c:\program files\Uniblue
2010-02-21 23:36:54 73 ----a-w- c:\windows\wininit.ini
2010-02-21 22:33:04 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-02-21 22:33:04 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-02-21 22:31:19 0 d-----w- c:\program files\Lavasoft
2010-02-21 22:30:22 0 d-----w- c:\program files\SetBrowser
2010-02-10 23:34:13 0 d-----w- c:\docume~1\admini~1\applic~1\La Bataille pour la Terre du Milieu ™ II
2010-02-09 19:38:08 0 d-----w- C:\Fruity_Loops_Studio_9_&_Crack
2010-02-02 15:10:44 0 d-----w- C:\The.Lord.Of.The.Rings.Battle.For.Middle.Earth.2-RELOADED
2010-02-02 13:13:09 35 ----a-w- c:\windows\Worldbuilder.INI
2010-01-29 16:45:45 0 d-----w- C:\Battle.For.Middle.Earth.2.The.Witch.King

==================== Find3M ====================

2010-02-14 16:49:43 24284 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-21 13:44:06 100047 ----a-w- c:\windows\War3Unin.dat
2005-11-28 11:44:46 15385831 ----a-w- c:\program files\RomeTW.exe
2009-05-16 15:38:18 16384 --sha-w- c:\windows\system32\config\systemprofile\cookies\index.dat
2009-05-16 15:38:18 16384 --sha-w- c:\windows\system32\config\systemprofile\local settings\historique\history.ie5\index.dat
2009-05-16 15:38:18 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 15:59:21,75 ===============

&

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-22 16:04:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:51,18,c4,4f,0b,2e,6b,37,e0,fb,58,41,f4,12,f3,81,3a,9a,09,b3,24,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:15,9a,46,16,24,1e,4d,98,80,f4,36,95,c8,c7,de,3b,61,b3,c3,2b,50,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"hdf12"=hex:e7,bf,61,fc,5d,f3,46,a4,c9,ba,51,ad,ad,50,96,d5,b8,f0,66,7b,58,..
"a0"=hex:20,01,00,00,1f,2e,2b,c1,22,c0,07,85,bb,82,52,da,a1,03,e8,4c,41,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:7b,55,d3,e2,d7,d3,31,cb,ce,1a,47,ab,42,49,b2,29,79,f0,e1,09,3a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:51,18,c4,4f,0b,2e,6b,37,e0,fb,58,41,f4,12,f3,81,3a,9a,09,b3,24,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:15,9a,46,16,24,1e,4d,98,80,f4,36,95,c8,c7,de,3b,61,b3,c3,2b,50,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"hdf12"=hex:e7,bf,61,fc,5d,f3,46,a4,c9,ba,51,ad,ad,50,96,d5,b8,f0,66,7b,58,..
"a0"=hex:20,01,00,00,1f,2e,2b,c1,22,c0,07,85,bb,82,52,da,a1,03,e8,4c,41,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:7b,55,d3,e2,d7,d3,31,cb,ce,1a,47,ab,42,49,b2,29,79,f0,e1,09,3a,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Autres pages sur : site bloquer prositefinder

23 Février 2010 18:04:57

Bonsoir
On va avoir du boulot... On va faire un pré nettoyage avant.

Ouvre Spybot , clique sur l'onglet Mode et choisis Mode Avancé
Ne tiens pas compte de l'avertissement
En bas à gauche , clique sur Outils
Toujours dans la colonne de gauche , clique sur Résident ( pas dans la fenêtre centrale )
Et décoche l'option Resident "TeaTimer".......
+++++++++++

Télécharge MalwareByte's Anti-Malware sur ton Bureau.

  • Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
    Une fois l'installation et la mise à jour effectuées :
  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    ~ Si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    ~~ Si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau.


    REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    Note : Si tu ne parviens à télécharger MBAM à partir de MajorGeeks, tu peux le télécharger ici!

    [#FF0000]Aide
    :
  • Comment utiliser MBAM.
    23 Février 2010 20:21:44

    Merci beaucoup, voici le rapport que j'ai eu :

    Malwarebytes' Anti-Malware 1.44
    Version de la base de données: 3781
    Windows 5.1.2600 Service Pack 3 (Safe Mode)
    Internet Explorer 7.0.5730.13

    23/02/2010 20:11:32
    mbam-log-2010-02-23 (20-11-26).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 213369
    Temps écoulé: 20 minute(s), 24 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 8
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 2

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> No action taken.

    Elément(s) de données du Registre infecté(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (1) Good: (0) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> No action taken.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Program Files\Image-Line\Shared\DSP_IPP\Uninstall.exe (Rootkit.Agent) -> No action taken.
    C:\Program Files\Ubisoft\Related Designs\ANNO 1404\Anno1404_Crack.exe (Trojan.Bancos) -> No action taken.
    Contenus similaires
    23 Février 2010 21:01:02

    re

    1

    Tu as mal lu la procédure:
    dans ton rapport:
    Citation :
    :\Program Files\Ubisoft\Related Designs\ANNO 1404\Anno1404_Crack.exe (Trojan.Bancos) -> No action taken.


    Quand l'outil a trouvé quelque-chose, à la fin, il faut cliquer sur "Supprimer la sélection".

    Recommence stp


    2

    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs :
    ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer

    24 Février 2010 18:14:30

    Ils étaient tous dans la quarantaine de MalwareBytes, et je les aient supprimés.
    J'ai même relancé un scan mais il y a eu 0 infections.

    Voici le rapport Combofix :

    ComboFix 10-02-23.04 - Administrateur 24/02/2010 18:08:00.1.2 - x86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1636 [GMT 1:00]
    Lancé depuis: d:\mes documents\Téléchargements\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2010-01-24 au 2010-02-24 ))))))))))))))))))))))))))))))))))))
    .

    2010-02-23 18:30 . 2010-02-23 18:30 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes
    2010-02-23 18:30 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-02-23 18:30 . 2010-02-23 18:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-02-23 18:30 . 2010-02-23 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-02-23 18:30 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-02-22 14:27 . 2010-02-22 14:27 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Uniblue
    2010-02-22 14:27 . 2010-02-22 14:27 -------- d-----w- c:\program files\Uniblue
    2010-02-21 22:33 . 2010-02-23 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-02-21 22:33 . 2010-02-22 13:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-02-21 22:31 . 2010-02-21 22:31 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Lavasoft
    2010-02-21 22:31 . 2010-02-21 22:31 -------- d-----w- c:\program files\Lavasoft
    2010-02-21 22:30 . 2010-02-21 22:30 -------- d-----w- c:\program files\SetBrowser
    2010-02-10 23:34 . 2010-02-10 23:39 -------- d-----w- c:\documents and settings\Administrateur\Application Data\La Bataille pour la Terre du Milieu ™ II
    2010-02-10 23:23 . 2010-02-10 23:33 -------- d-----w- c:\program files\Electronic Arts
    2010-02-09 19:38 . 2010-02-09 19:38 -------- d-----w- C:\Fruity_Loops_Studio_9_&_Crack
    2010-02-02 15:10 . 2010-02-09 19:40 -------- d-----w- C:\The.Lord.Of.The.Rings.Battle.For.Middle.Earth.2-RELOADED
    2010-01-29 16:45 . 2010-01-31 18:40 -------- d-----w- C:\Battle.For.Middle.Earth.2.The.Witch.King

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-02-24 16:58 . 2009-05-20 17:38 -------- d-----w- c:\documents and settings\Administrateur\Application Data\DNA
    2010-02-24 15:00 . 2009-06-10 21:28 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Skype
    2010-02-24 14:59 . 2009-06-04 14:46 -------- d-----w- c:\program files\Steam
    2010-02-24 14:59 . 2009-05-20 17:38 -------- d-----w- c:\program files\DNA
    2010-02-24 13:51 . 2009-06-10 21:29 -------- d-----w- c:\documents and settings\Administrateur\Application Data\skypePM
    2010-02-24 05:36 . 2009-08-14 18:21 -------- d-----w- c:\program files\Warcraft III
    2010-02-24 03:36 . 2009-08-13 17:53 -------- d-----w- c:\program files\Garena
    2010-02-23 20:19 . 2009-09-03 02:42 -------- d-----w- c:\program files\Image-Line
    2010-02-23 20:16 . 2009-09-03 02:43 -------- d-----w- c:\program files\VstPlugins
    2010-02-21 22:02 . 2009-05-20 17:39 -------- d-----w- c:\documents and settings\Administrateur\Application Data\BitTorrent
    2010-02-14 16:49 . 2009-06-08 12:46 24284 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-02-09 18:34 . 2009-05-31 04:50 -------- d-----w- c:\documents and settings\Administrateur\Application Data\dvdcss
    2010-02-02 13:14 . 2009-07-09 23:34 -------- d-----w- c:\program files\Common Files
    2010-01-21 15:51 . 2010-01-04 15:08 -------- d-----w- c:\program files\Activision
    2010-01-21 15:43 . 2009-05-16 14:53 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-01-21 13:44 . 2009-08-14 18:22 100047 ----a-w- c:\windows\War3Unin.dat
    2010-01-18 20:31 . 2009-09-18 16:38 -------- d-----w- c:\program files\CDBurnerXP
    2010-01-16 17:31 . 2009-08-23 14:31 -------- d-----w- c:\program files\World of Warcraft
    2010-01-05 19:44 . 2009-05-16 19:57 46056 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-01-05 14:29 . 2009-08-13 22:35 -------- d-----w- c:\program files\Google
    2010-01-05 14:26 . 2009-07-10 21:51 -------- d-----w- c:\program files\American Conquest
    2010-01-04 14:21 . 2009-06-28 15:30 -------- d-----w- c:\program files\Ubisoft
    2010-01-04 14:07 . 2010-01-04 14:06 -------- d-----w- c:\program files\MagicISO
    2009-12-10 10:12 . 2009-05-16 17:40 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-12-04 00:13 . 2009-12-04 00:13 38 ----a-r- c:\documents and settings\Administrateur\Application Data\MixVibes\Cross\language.dll
    2005-11-28 11:44 . 2005-01-28 09:03 15385831 ----a-w- c:\program files\RomeTW.exe
    2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    .

    ------- Sigcheck -------

    [-] 2008-09-27 . 4BB6301D634C857A5089E8B24C5555E4 . 593408 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

    [-] 2008-09-27 . AAC42FD16A1976DE9A0773E740597644 . 693248 . . [5.82] . . c:\windows\system32\comctl32.dll

    [-] 2008-09-27 . EF31A8266AF7996746392E4F45502536 . 517632 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

    [-] 2008-09-27 . BFBBBFE0913E6C9706F97598A6588B8F . 1573888 . . [6.00.2900.5634] . . c:\windows\explorer.exe

    [-] 2008-09-27 . B3D95BCB6D0B033BEBFB81FADDA8B8AC . 37376 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-04-03 3558648]
    "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-07 323392]
    "Steam"="c:\program files\Steam\Steam.exe" [2009-06-10 1217784]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-02 24264488]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-13 39408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14854144]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-04 417792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "JkDefrag"="advpack.dll" [2009-02-20 124928]
    "SweetRegistry"="advpack.dll" [2009-02-20 124928]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "HideRunAsVerb"= 1 (0x1)
    "NoNetConnectDisconnect"= 1 (0x1)
    "NoResolveTrack"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveTrack"= 1 (0x1)
    "NoSMBalloonTip"= 1 (0x1)
    "NoSMConfigurePrograms"= 1 (0x1)
    "NoStrCmpLogical"= 0 (0x0)
    "NoWelcomeScreen"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)
    "NoResolveTrack"= 1 (0x1)
    "NoSMBalloonTip"= 1 (0x1)
    "NoSMConfigurePrograms"= 1 (0x1)
    "NoSMHelp"= 1 (0x1)
    "NoStrCmpLogical"= 0 (0x0)
    "NoWelcomeScreen"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\Program Files\\DNA\\btdna.exe"=
    "c:\\Program Files\\Garena\\Garena.exe"=
    "d:\\Warcraft III\\Warcraft III.exe"=
    "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\defcon\\defcon.exe"=
    "c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
    "c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-3.2.0-frFR-downloader.exe"=
    "c:\\Program Files\\World of Warcraft\\Launcher.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-frFR-downloader.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-frFR-downloader.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-frFR-downloader.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10505-to-3.3.0.10958-frFR-downloader.exe"=
    "c:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\Anno4.exe"=
    "c:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\tools\\Anno4Web.exe"=
    "c:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\game.dat"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "41:TCP"= 41:TCP:41249
    "38:UDP"= 38:UDP:38907
    "6112:TCP"= 6112:TCP:war3
    "6112:UDP"= 6112:UDP:war3
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

    R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [28/09/2008 00:41 103680]
    R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [16/05/2009 18:40 108289]
    S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17/05/2009 07:04 721904]
    S2 gupdate1ca1c667e887256;Service Google Update (gupdate1ca1c667e887256);c:\program files\Google\Update\GoogleUpdate.exe [13/08/2009 23:36 133104]
    S3 DBKDRVR54;DBKDRVR54;\??\c:\program files\Cheat Engine\dbk32.sys --> c:\program files\Cheat Engine\dbk32.sys [?]
    S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\NCsoft\Aion (North America)\bin32\GameGuard\dump_wmimmc.sys --> c:\program files\NCsoft\Aion (North America)\bin32\GameGuard\dump_wmimmc.sys [?]
    S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\WQYB.tmp --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\WQYB.tmp [?]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06/11/2007 21:22 34064]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

    --- Autres Services/Pilotes en mémoire ---

    *NewlyCreated* - SRSERVICE

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
    2009-02-20 17:18 124928 ----a-w- c:\windows\system32\advpack.dll
    .
    Contenu du dossier 'Tâches planifiées'

    2009-05-17 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

    2010-02-24 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-13 22:35]

    2009-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ca5ba8d834913c.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-13 22:36]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/
    mStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    ucustomizesearch = hxxp://www.google.com/ie
    usearchassistant = hxxp://www.google.com/ie
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\
    FF - component: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
    FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
    FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKCU-Run-PlayNC Launcher - (no file)
    AddRemove-Garena - c:\program files\Garena\uninst.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-02-24 18:11
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
    "ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\WQYB.tmp"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
    "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(984)
    c:\windows\system32\SETUPAPI.dll
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\COMRes.dll
    c:\windows\system32\cscui.dll

    - - - - - - - > 'lsass.exe'(1104)
    c:\windows\system32\setupapi.dll
    c:\windows\system32\scecli.dll
    .
    Heure de fin: 2010-02-24 18:12:24
    ComboFix-quarantined-files.txt 2010-02-24 17:12

    Avant-CF: 25 746 903 040 octets libres
    Après-CF: 25 756 418 048 octets libres

    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
    [operating systems]
    d:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

    - - End Of File - - F78D35B13562A2652CABC6707B2398F4
    24 Février 2010 18:25:42

    Oui c'est moi, sa date d'il y a un bon bout de temps maintenant que j'ai ça installer sur l'ordi.

    Je viens de le supprimer =)
    24 Février 2010 18:33:42

    re
    ça m'étonnerait que ça soit si simple à supprimer...
    redémarre ton pc et refais un scan DDS et poste le rapport.
    24 Février 2010 18:41:23

    Oui je pense aussi, car j'ai vue que la derniere utilisation de cheatengine remontait à 2007.
    Dailleur je ne sais pas comment il a fait pour rester dans mon pc si longtemps.

    Je verrais ça demain, merci encore de t'occuper de mon cas ;) 
    24 Février 2010 18:44:23

    ok
    à demain :hello: 
    4 Mars 2010 02:54:45

    Re coucou !

    Désolé de l'absence je m'y suis remis.
    voici le 2eme scan dds :
    DDS (Ver_09-12-01.01) - NTFSx86
    Run by Administrateur at 2:54:28,23 on 04/03/2010
    Internet Explorer: 7.0.5730.13
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1594 [GMT 1:00]

    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    D:\Mes documents\Téléchargements\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.fr/
    mStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    ucustomizesearch = hxxp://www.google.com/ie
    usearchassistant = hxxp://www.google.com/ie
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot - search & destroy\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
    BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
    TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
    TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
    uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
    uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
    uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    dRunOnce: [JkDefrag] rundll32 advpack.dll,LaunchINFSection JKDEFRAG.INF,RunOnce,1,N
    dRunOnce: [SweetRegistry] rundll32 advpack.dll,LaunchINFSection SweetReg.inf,PerUserStub
    StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\paltalk.lnk - c:\program files\paltalk messenger\paltalk.exe
    uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
    uPolicies-explorer: NoInstrumentation = 1 (0x1)
    uPolicies-explorer: NoResolveTrack = 1 (0x1)
    uPolicies-explorer: NoSMBalloonTip = 1 (0x1)
    uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
    uPolicies-explorer: NoStrCmpLogical = 0 (0x0)
    uPolicies-explorer: NoWelcomeScreen = 1 (0x1)
    mPolicies-explorer: HideRunAsVerb = 1 (0x1)
    mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
    mPolicies-explorer: NoInstrumentation = 1 (0x1)
    mPolicies-explorer: NoNetConnectDisconnect = 1 (0x1)
    mPolicies-explorer: NoResolveTrack = 1 (0x1)
    dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
    dPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
    dPolicies-explorer: NoInstrumentation = 1 (0x1)
    dPolicies-explorer: NoResolveTrack = 1 (0x1)
    dPolicies-explorer: NoSMBalloonTip = 1 (0x1)
    dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
    dPolicies-explorer: NoSMHelp = 1 (0x1)
    dPolicies-explorer: NoStrCmpLogical = 0 (0x0)
    dPolicies-explorer: NoWelcomeScreen = 1 (0x1)
    IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot - search & destroy\SDHelper.dll
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1242485856062
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1242485849000
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fichie~1\skype\SKYPE4~1.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    mASetup: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - rundll32 advpack.dll,LaunchINFSection c:\windows\inf\ie.inf,IE7Stub
    mASetup: >{D10A0BD6-DEAB-423e-8A6B-373B4BDB3C7B} - rundll32.exe advpack.dll,LaunchINFSection c:\windows\inf\firefox.inf,PerUserStub

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\mteietq8.default\
    FF - component: c:\documents and settings\administrateur\application data\mozilla\firefox\profiles\mteietq8.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll
    FF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll
    FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
    FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
    FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

    ============= SERVICES / DRIVERS ===============

    R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [2008-9-28 103680]
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-5-16 11608]
    R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\avira\antivir desktop\sched.exe [2009-5-16 108289]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-5-16 185089]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-16 56816]
    S2 gupdate1ca1c667e887256;Service Google Update (gupdate1ca1c667e887256);c:\program files\google\update\GoogleUpdate.exe [2009-8-13 133104]
    S3 DBKDRVR54;DBKDRVR54;\??\c:\program files\cheat engine\dbk32.sys --> c:\program files\cheat engine\dbk32.sys [?]
    S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\ncsoft\aion (north america)\bin32\gameguard\dump_wmimmc.sys --> c:\program files\ncsoft\aion (north america)\bin32\gameguard\dump_wmimmc.sys [?]
    S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\admini~1\locals~1\temp\naw36.tmp --> c:\docume~1\admini~1\locals~1\temp\NAW36.tmp [?]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

    =============== Created Last 30 ================

    2010-02-24 16:59:24 98816 ----a-w- c:\windows\sed.exe
    2010-02-24 16:59:24 77312 ----a-w- c:\windows\MBR.exe
    2010-02-24 16:59:24 261632 ----a-w- c:\windows\PEV.exe
    2010-02-24 16:59:24 161792 ----a-w- c:\windows\SWREG.exe
    2010-02-23 18:30:23 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
    2010-02-23 18:30:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-02-23 18:30:16 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-02-23 18:30:16 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-02-23 18:30:16 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-02-22 14:27:56 0 d-----w- c:\docume~1\admini~1\applic~1\Uniblue
    2010-02-22 14:27:39 0 d-----w- c:\program files\Uniblue
    2010-02-21 23:36:54 73 ----a-w- c:\windows\wininit.ini
    2010-02-21 22:33:04 0 d-----w- c:\program files\Spybot - Search & Destroy
    2010-02-21 22:33:04 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
    2010-02-21 22:31:19 0 d-----w- c:\program files\Lavasoft
    2010-02-21 22:30:22 0 d-----w- c:\program files\SetBrowser
    2010-02-10 23:34:13 0 d-----w- c:\docume~1\admini~1\applic~1\La Bataille pour la Terre du Milieu ™ II
    2010-02-09 19:38:08 0 d-----w- C:\Fruity_Loops_Studio_9_&_Crack
    2010-02-02 15:10:44 0 d-----w- C:\The.Lord.Of.The.Rings.Battle.For.Middle.Earth.2-RELOADED
    2010-02-02 13:13:09 35 ----a-w- c:\windows\Worldbuilder.INI

    ==================== Find3M ====================

    2010-02-14 16:49:43 24284 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-01-21 13:44:06 100047 ----a-w- c:\windows\War3Unin.dat
    2005-11-28 11:44:46 15385831 ----a-w- c:\program files\RomeTW.exe
    2009-05-16 15:38:18 16384 --sha-w- c:\windows\system32\config\systemprofile\local settings\historique\history.ie5\index.dat
    2009-05-16 15:38:18 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

    ============= FINISH: 2:54:36,75 ===============

    4 Mars 2010 06:35:20

    Cheat engine est toujours là =/
    4 Mars 2010 18:59:20

    re
    Mets l'outils combofix sur ton bureau.
    et vire tes cracks

    Copie
    (Ctrl+C) le texte ci-dessous :
    Driver::
    DBKDRVR54

    File::
    c:\program files\Cheat Engine\dbk32.sys
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\WQYB.tmp
    Folder::
    c:\program files\Cheat Engine



    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
    Sauvegarde ce fichier sous le nom de CFScript.txt

    Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Combofix se lance, laisse toi guider..

  • Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis

  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS