Vous pensez être infecté, des pubs s'affichent quand vous naviguez sur internet ?
Perte de données, ralentissement système, virus USB ?
Réparez votre ordinateur gratuitement sur notre assistance en ligne.
  • Avatar du membre
  • Avatar du membre
#20730
retente comme ca ? (j'ai enlevé une ligne)

Kill::
All

File|Fold::
D:\33245707047608daac640909
D:\Users\doums\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\taskeng.exe
D:\Users\doums\AppData\Roaming\E0F404FE
D:\Users\doums\AppData\Roaming\Public
D:\ProgramData\Spybot - Search & Destroy
D:\Program Files\javaaa
D:\Program Files\searchtxt
D:\Windows\System32\Tasks\autooo sd

Clean::
yes

reboot::
yes
#20747
/!\ ATTENTION SUIVRE A LA LETTRE CES INDICATIONS/!\

Desactive tes protections :

Télécharge ici : : Combofix et enregistre-le sur ton bureau

renomme combofix en ce que tu veux (important pour contrer certaines infections)

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."

sur combofix renommé

¤¤¤¤¤¤¤¤¤¤ LAISSE-LE INSTALLER LA CONSOLE DE RECUPERATION S'IL TE LE DEMANDE ¤¤¤¤¤¤¤¤¤¤

!!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!!

n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
#20753
ComboFix 13-12-06.01 - doums 12/06/2013 19:19:04.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2047.1248 [GMT 1:00]
Running from: d:\users\doums\Desktop\cosmocats.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\taskeng.exe
D:\DSC03231.jpg
D:\DSC03265.jpg
D:\DSC03356.jpg
D:\DSC03380.jpg
D:\DSC03384.jpg
D:\DSC03388.jpg
D:\DSC03389(2).jpg
D:\DSC03389.jpg
.
.
((((((((((((((((((((((((( Files Created from 2013-11-06 to 2013-12-06 )))))))))))))))))))))))))))))))
.
.
2013-12-06 17:07 . 2013-12-03 17:28 1446912 ----a-w- d:\users\doums\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\taskeng.exe
2013-12-04 09:34 . 2013-12-06 17:05 -------- d-----w- D:\Pre_Scan
2013-12-03 18:46 . 2013-12-03 18:46 512 ----a-w- D:\PhysicalDisk0_MBR.bin
2013-12-03 17:55 . 2013-12-03 18:47 -------- d-----w- d:\users\doums\AppData\Roaming\ZHP
2013-12-03 17:55 . 2013-12-03 18:46 -------- d-----w- d:\program files\ZHPDiag
2013-12-03 17:03 . 2013-12-03 17:53 -------- d-----w- D:\AdwCleaner
2013-12-03 16:02 . 2013-12-03 17:37 -------- d-----w- D:\UsbFix
2013-12-03 15:33 . 2013-12-03 15:33 -------- d-----w- d:\users\doums\AppData\Roaming\Malwarebytes
2013-12-03 15:32 . 2013-12-03 15:32 -------- d-----w- d:\programdata\Malwarebytes
2013-12-03 15:32 . 2013-12-03 15:33 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2013-12-03 15:32 . 2013-04-04 13:50 22856 ----a-w- d:\windows\system32\drivers\mbam.sys
2013-11-30 11:27 . 2013-11-30 11:27 -------- d-----w- d:\programdata\Panda Security
2013-11-30 11:27 . 2013-11-30 11:27 -------- d-----w- d:\program files\Panda USB Vaccine
2013-11-28 01:07 . 2013-11-28 01:07 -------- d-----w- d:\users\doums\AppData\Roaming\OpenOffice
2013-11-28 00:53 . 2013-11-28 00:53 -------- d-----w- d:\users\doums\AppData\Roaming\ODF
2013-11-28 00:53 . 2013-11-28 00:53 -------- d-----w- d:\users\doums\AppData\Local\ODF
2013-11-22 15:16 . 2005-01-02 12:43 4682 ----a-w- d:\windows\system32\npptNT2.sys
2013-11-22 15:16 . 2003-07-18 21:17 5174 ----a-w- d:\windows\system32\nppt9x.vxd
2013-11-12 17:22 . 2013-07-22 17:12 5148240 ----a-w- d:\windows\system32\GameMon.des
2013-11-08 18:57 . 2013-11-08 18:57 -------- d-----w- d:\users\doums\AppData\Roaming\MotioninJoy
2013-11-08 18:56 . 2011-12-07 18:42 255496 ----a-w- d:\windows\system32\MijFrc.dll
2013-11-08 18:56 . 2013-11-08 18:56 -------- d-----w- d:\program files\MotioninJoy
2013-11-06 20:10 . 2013-01-07 14:56 851176 ----a-w- d:\windows\system32\WinUSBCoInstaller2.dll
2013-11-06 20:10 . 2013-05-05 21:32 33024 ----a-w- d:\windows\system32\drivers\ScpVBus.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-04 00:14 . 2011-06-14 22:11 774392 ----a-w- d:\windows\system32\drivers\aswSnx.sys
2013-12-04 00:14 . 2010-11-09 12:01 35656 ----a-w- d:\windows\system32\drivers\aswFsBlk.sys
2013-12-04 00:14 . 2010-11-09 12:01 57672 ----a-w- d:\windows\system32\drivers\aswTdi.sys
2013-12-04 00:14 . 2010-11-09 12:01 70384 ----a-w- d:\windows\system32\drivers\aswMonFlt.sys
2013-12-04 00:14 . 2010-11-09 12:00 43152 ----a-w- d:\windows\avastSS.scr
2013-12-04 00:14 . 2010-11-09 12:00 269216 ----a-w- d:\windows\system32\aswBoot.exe
2013-11-20 20:33 . 2012-07-12 18:40 692616 ----a-w- d:\windows\system32\FlashPlayerApp.exe
2013-11-20 20:33 . 2012-06-20 21:24 71048 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-08 22:30 . 2010-11-09 12:01 403440 ----a-w- d:\windows\system32\drivers\aswsp.sys
2013-10-21 10:35 . 2013-03-01 11:04 178304 ----a-w- d:\windows\system32\drivers\aswVmm.sys
2013-10-21 10:35 . 2013-03-01 11:04 49944 ----a-w- d:\windows\system32\drivers\aswRvrt.sys
2013-10-21 10:35 . 2012-02-24 16:30 79720 ----a-w- d:\windows\system32\drivers\aswRdr2.sys
2013-10-08 06:50 . 2013-11-03 22:25 94632 ----a-w- d:\windows\system32\WindowsAccessBridge.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-12-04 00:14 321752 ----a-w- d:\dossier seven\avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="d:\dossier seven\avast\avastUI.exe" [2013-12-04 3568312]
"AdobeAAMUpdater-1.0"="d:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="d:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="d:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"GrooveMonitor"="d:\dossier seven\office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AvastUI.exe"="d:\dossier seven\avast\AvastUI.exe" [2013-12-04 3568312]
"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
d:\users\doums\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
taskeng.exe [2013-12-3 1446912]
.
d:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - d:\program files\RALINK\Common\RaUI.exe -s [2012-12-29 1040384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 05:22 59240 ----a-w- d:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 ----a-w- d:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2012-12-03 22:35 967608 ----a-w- d:\dossier seven\drivers sasung\Kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2012-12-03 22:35 309688 ----a-w- d:\dossier seven\drivers sasung\Kies\KiesTrayAgent.exe
.
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;d:\windows\system32\Drivers\ssadadb.sys [2012-06-27 30312]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);d:\windows\system32\DRIVERS\ssudbus.sys [2012-09-20 83168]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;d:\windows\system32\DRIVERS\MijXfilt.sys [2012-05-12 99400]
R3 netr28;Ralink 802.11n Extensible Wireless Driver;d:\windows\system32\DRIVERS\netr28.sys [x]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;d:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
R3 npggsvc;nProtect GameGuard Service;d:\windows\system32\GameMon.des [2013-07-22 5148240]
R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;d:\windows\system32\DRIVERS\RTL85n86.sys [2009-07-13 311808]
R3 ScpVBus;Scp Virtual Bus Driver;d:\windows\system32\DRIVERS\ScpVBus.sys [2013-05-05 33024]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);d:\windows\system32\DRIVERS\ssadbus.sys [2012-06-27 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);d:\windows\system32\DRIVERS\ssadmdfl.sys [2012-06-27 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;d:\windows\system32\DRIVERS\ssadmdm.sys [2012-06-27 136808]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);d:\windows\system32\DRIVERS\ssadserd.sys [2012-06-27 114280]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);d:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 181344]
R3 SwitchBoard;SwitchBoard;d:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 sptd;sptd;d:\windows\System32\Drivers\sptd.sys [2010-11-09 691696]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;d:\windows\system32\drivers\aswSnx.sys [2013-12-04 774392]
S1 aswSP;aswSP;d:\windows\system32\drivers\aswSP.sys [2013-11-08 403440]
S2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [2013-12-04 35656]
S2 aswMonFlt;aswMonFlt;d:\windows\system32\drivers\aswMonFlt.sys [2013-12-04 70384]
S2 NPF;NetGroup Packet Filter Driver;d:\windows\system32\drivers\npf.sys [2010-06-25 35088]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-05 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3452680746-145448129-3087113149-1000Core.job
- d:\users\doums\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-19 23:59]
.
2013-12-06 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3452680746-145448129-3087113149-1000UA.job
- d:\users\doums\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-19 23:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://
IE: E&xport to Microsoft Excel - d:\dossie~1\office\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.27.40.241 212.27.40.240
FF - ProfilePath - d:\users\doums\AppData\Roaming\Mozilla\Firefox\Profiles\dumjs7ta.default\
FF - prefs.js: browser.startup.homepage - hxxp://randomc.net/2013/09/18/fall-2013-preview/
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-PDT - c:\users\Public\taskeng.exe
HKLM-Run-Planificateur - c:\users\Public\taskeng.exe
HKLM-Explorer_Run-Planfi - c:\users\Public\taskeng.exe
SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
MSConfigStartUp-PDT - c:\users\Public\taskeng.exe
MSConfigStartUp-Planificateur - c:\users\Public\taskeng.exe
AddRemove-Windows Grep_is1 - d:\program files\searchtxt\unins000.exe
AddRemove-01_Simmental - d:\dossier seven\drivers sasung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - d:\dossier seven\drivers sasung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - d:\dossier seven\drivers sasung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - d:\dossier seven\drivers sasung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - d:\dossier seven\drivers sasung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - d:\dossier seven\drivers sasung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - d:\dossier seven\drivers sasung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - d:\dossier seven\drivers sasung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-20_NXP_Driver - d:\dossier seven\drivers sasung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-24_flashusbdriver - d:\dossier seven\drivers sasung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - d:\dossier seven\drivers sasung\USB Drivers\25_escape\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="d:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3452680746-145448129-3087113149-1000_Classes\BitTorrent\Shell\O(uQ*Q*à‹eàŽËœSb*_à¥â€¹B*T*‡eà¶N(*&*Q*)*\Command]
@="\"d:\\dossier seven\\qqq\\QQDownload.exe\" /BT=\"%1\""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BitTorrent\Shell\O(uQ*Q*à‹eàŽËœSb*_à¥â€¹B*T*‡eà¶N(*&*Q*)*\Command]
@="\"d:\\dossier seven\\qqq\\QQDownload.exe\" /BT=\"%1\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-12-06 19:30:14
ComboFix-quarantined-files.txt 2013-12-06 18:30
.
Pre-Run: 14,069,637,120 bytes free
Post-Run: 13,726,461,952 bytes free
.
- - End Of File - - AA7899BB52237FDC6906BBFC51CA59B3
A36C5E4F47E84449FF07ED3517B43A31
#20760
vérifie que ceci soit vraiment des images et récupère-les dans le dossier de quarantaine de combofix si tu y tiens

D:\DSC03231.jpg
D:\DSC03265.jpg
D:\DSC03356.jpg
D:\DSC03380.jpg
D:\DSC03384.jpg
D:\DSC03388.jpg
D:\DSC03389(2).jpg
D:\DSC03389.jpg

quarantaine de combofix => C:\Qoobox

Bonsoir g3n-h@ckm@n, J'ai effectivement ré[…]

suspicion de contamination

ok très bien, merci

ZHPDiag détecte des problèmes

Bonjour Jacques, Peux tu transmettre ton rapport[…]

Bonjour pas de réponse je ferme