Analyse COMBOFIX pour désinstaller GAMEO

Fermé
will14 - 8 mai 2014 à 14:20
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 - 8 mai 2014 à 14:25
Bonjour,


En installant dropbox, gomeo s'est installé.
J'ai appliqué la méthode proposée sur comment ça marche.net (https://www.commentcamarche.net/faq/2490-supprimer-les-adwares-publicites-intempestives-pop-up-etc

et j'ai utilisé Combofix. Le tutoriel recommande de poster le rapport sur ce forum pour vérifier si un CFscript (je ne sais pas ce que c'est) est nécessaire.
Quelqu'un peut-il m'aider et analyser le rapport ?

Merci d'avance pour votre aide,
Cordialement,
Will




ComboFix 14-05-07.03 - STEPHANE 08/05/2014 13:42:38.1.4 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.3949.2088 [GMT 2:00]
Lancé depuis: c:\users\STEPHANE\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
c:\programdata\3b3d36242733372d442337_c
c:\programdata\SPL1710.tmp
c:\programdata\SPL1A50.tmp
c:\programdata\SPL213D.tmp
c:\programdata\SPL3ECA.tmp
c:\programdata\SPL5EC2.tmp
c:\programdata\SPL62C3.tmp
c:\programdata\SPL6540.tmp
c:\programdata\SPL695.tmp
c:\programdata\SPL82CE.tmp
c:\programdata\SPL890E.tmp
c:\programdata\SPLA3E9.tmp
c:\programdata\SPLB0B.tmp
c:\programdata\SPLBD46.tmp
c:\programdata\SPLC144.tmp
c:\programdata\SPLDB7F.tmp
c:\programdata\SPLFC38.tmp
c:\programdata\SPLFCE2.tmp
c:\users\STEPHANE\Desktop\Search.lnk
c:\windows\msvcr71.dll
D:\install.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2014-04-08 au 2014-05-08 ))))))))))))))))))))))))))))))))))))
.
.
2014-05-08 11:53 . 2014-05-08 11:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-08 11:07 . 2014-05-08 11:07 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-08 11:07 . 2014-05-08 11:07 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-05-08 11:07 . 2014-05-08 11:07 -------- d-----w- c:\programdata\Malwarebytes
2014-05-08 11:07 . 2014-04-03 07:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-08 11:07 . 2014-04-03 07:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-08 11:07 . 2014-04-03 07:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-08 10:54 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-05-08 10:54 . 2014-05-08 11:04 -------- d-----w- C:\AdwCleaner
2014-05-08 06:51 . 2014-05-08 11:28 -------- d-----w- c:\users\STEPHANE\AppData\Roaming\GameoUpdater
2014-05-08 06:51 . 2014-05-08 11:31 -------- d-----w- c:\users\STEPHANE\AppData\Local\Gameo
2014-05-08 06:50 . 2014-05-08 06:50 -------- d-----w- c:\users\STEPHANE\AppData\Roaming\1O1L1I1PtF1F1C1N
2014-05-08 06:49 . 2014-05-08 11:31 -------- d-----w- c:\program files\004
2014-05-08 06:48 . 2014-05-08 11:34 -------- d-----r- c:\users\STEPHANE\Dropbox
2014-05-08 06:46 . 2014-05-08 11:34 -------- d-----w- c:\users\STEPHANE\AppData\Roaming\Dropbox
2014-05-08 00:09 . 2014-05-08 00:09 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2BDFB811-56DB-4EF9-9CEE-35B3878AA242}\offreg.dll
2014-05-06 06:28 . 2014-04-17 03:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2BDFB811-56DB-4EF9-9CEE-35B3878AA242}\mpengine.dll
2014-05-03 05:45 . 2014-04-29 14:01 23547904 ----a-w- c:\windows\system32\mshtml.dll
2014-05-03 05:45 . 2014-04-29 13:40 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-03 05:45 . 2014-04-29 12:34 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-04-30 21:27 . 2014-05-04 18:27 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2014-04-18 07:06 . 2014-03-06 06:00 359936 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2014-04-18 07:06 . 2014-03-06 05:50 257536 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll
2014-04-18 07:06 . 2014-03-06 08:32 574976 ----a-w- c:\windows\system32\ieui.dll
2014-04-18 07:06 . 2014-03-06 08:57 548352 ----a-w- c:\windows\system32\vbscript.dll
2014-04-18 07:06 . 2014-03-06 08:02 455168 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-04-18 07:04 . 2014-03-06 08:11 5784064 ----a-w- c:\windows\system32\jscript9.dll
2014-04-18 07:04 . 2014-03-06 07:46 4254720 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-04-09 06:14 . 2014-03-04 09:44 243712 ----a-w- c:\windows\system32\wow64.dll
2014-04-09 06:14 . 2014-03-04 09:44 1163264 ----a-w- c:\windows\system32\kernel32.dll
2014-04-09 06:14 . 2014-03-04 09:44 362496 ----a-w- c:\windows\system32\wow64win.dll
2014-04-09 06:14 . 2014-03-04 09:44 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2014-04-09 06:14 . 2014-03-04 09:16 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2014-04-09 06:14 . 2014-03-04 09:44 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2014-04-09 06:14 . 2014-03-04 09:17 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2014-04-09 06:14 . 2014-03-04 09:16 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2014-04-09 06:14 . 2014-03-04 08:09 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2014-04-09 06:14 . 2014-03-04 08:09 2048 ----a-w- c:\windows\SysWow64\user.exe
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-08 10:58 . 2012-02-29 06:44 45056 ----a-w- c:\windows\system32\acovcnt.exe
2014-04-29 09:42 . 2012-04-12 05:39 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-29 09:42 . 2011-06-05 21:40 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-10 06:02 . 2010-05-09 16:40 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-03-31 07:35 . 2010-02-20 12:42 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-04 09:17 . 2014-04-09 06:14 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-02-28 14:16 . 2014-02-28 14:16 61736 ----a-w- c:\windows\system32\drivers\netfilter64.sys
2010-09-17 17:08 . 2010-09-17 17:08 823138 ----a-w- c:\program files (x86)\installer.exe
2010-08-20 17:21 . 2010-08-20 17:20 34456880 ----a-w- c:\program files (x86)\QuickTimeInstaller.exe
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\STEPHANE\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\STEPHANE\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\STEPHANE\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"PureSync"="c:\program files (x86)\PureSync\PureSyncTray.exe" [2011-10-29 833600]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-05-23 311152]
"AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-05-23 1561968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-11 98304]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2009-08-20 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2013-02-28 4767304]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SMSTray"="c:\program files (x86)\Samsung\EmoDio\SMSTray.exe" [2009-03-21 484888]
"HipServ Agent"="c:\program files (x86)\NETGEAR\Stora Desktop Applications\HipServAgent\HipServAgent.exe" [2009-12-11 2437376]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
.
c:\users\STEPHANE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\STEPHANE\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-8 32668056]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-3 1080608]
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe -d [2010-1-25 12862]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-16 329944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxecserv.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 aswVmm;aswVmm; [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 usbser64;Neato Robotics USB Driver;c:\windows\system32\DRIVERS\usbser.sys;c:\windows\SYSNATIVE\DRIVERS\usbser.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 netfilter64;netfilter64;c:\windows\system32\drivers\netfilter64.sys;c:\windows\SYSNATIVE\drivers\netfilter64.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe;c:\windows\SYSNATIVE\lxeccoms.exe [x]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe;c:\program files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 GUCI_AVS;ASUS USB2.0 UVC VGA WebCam;c:\windows\system32\DRIVERS\GUCI_AVS.sys;c:\windows\SYSNATIVE\DRIVERS\GUCI_AVS.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
.
.
Contenu du dossier 'Tâches planifiées'
.
2014-05-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 09:42]
.
2014-05-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2202323046-838265067-374583697-1002Core.job
- c:\users\STEPHANE\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-21 14:28]
.
2014-05-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2202323046-838265067-374583697-1002UA.job
- c:\users\STEPHANE\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-21 14:28]
.
2014-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-27 12:28]
.
2014-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-27 12:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-02-28 08:35 133840 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-04-28 17:55 164016 ----a-w- c:\users\STEPHANE\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-04-28 17:55 164016 ----a-w- c:\users\STEPHANE\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-04-28 17:55 164016 ----a-w- c:\users\STEPHANE\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-04-28 17:55 164016 ----a-w- c:\users\STEPHANE\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EeeStorageBackup"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2009-11-26 1732608]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-11-27 487424]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"GUCI_AVS"="c:\windows\PixArt\PAP7501\GUCI_AVS.exe" [2009-09-17 314880]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"lxecmon.exe"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe" [2010-01-18 770728]
"EzPrint"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe" [2010-01-18 139944]
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.27.40.241 212.27.40.240
FF - ProfilePath - c:\users\STEPHANE\AppData\Roaming\Mozilla\Firefox\Profiles\6dco762r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL -
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-!{82E1477C-B154-48D3-9891-33D83C26BCD3} - (no file)
Toolbar-!{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-!{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
Wow6432Node-HKCU-Run-KiesPDLR - c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
Wow6432Node-HKLM-Run-NPSStartup - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
AddRemove-ASUSUSBDEVIC - c:\windows\uninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-FinalMediaPlayer_is1 - c:\program files (x86)\FinalMediaPlayer\unins000.exe
AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr
AddRemove-Trusted Software Assistant_is1 - c:\program files (x86)\File Type Assistant\unins000.exe
AddRemove-Gameo Updater - c:\users\STEPHANE\AppData\Roaming\GameoUpdater\UpdateProc\UpdateTask.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2014-05-08 14:07:09
ComboFix-quarantined-files.txt 2014-05-08 12:07
.
Avant-CF: 48 936 202 240 octets libres
Après-CF: 49 146 355 712 octets libres
.
- - End Of File - - A9F719FE8905E9A88FEFEB690311DCEF
5C616939100B85E558DA92B899A0FC36
A voir également:

1 réponse

Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 660
Modifié par Malekal_morte- le 8/05/2014 à 14:25
Salut,

Tu as installé des adwares et programmes parasites sur ton PC qui ouvrent des publicités et ralentissent l'ordinateur et les navigateurs WEB.
Voici la procédure à suivre pour les supprimer :


Combofix n'est pas vraiment efficace pour ce type d'infection.


Télécharge https://www.malekal.com/adwcleaner-supprimer-virus-adwares-pup/?t=33839&start= AdwCleaner ( d'Xplode ) sur ton bureau.
Sur la page d'AdwCleaner, à droite, clic sur la disquette grise avec la flèche verte pour lancer le téléchargement.
Lance AdwCleaner, clique sur [Scanner].
Le scan peux durer plusieurs minutes, patienter.
Une fois le scan terminé, clique sur [Nettoyer]

Une fois le nettoyage terminé, un rapport s'ouvrira. Copie/colle le contenu du rapport dans ta prochaine réponse par un copier/coller.
Si cela ne fonctionne pas, utilise le site http://pjjoint.malekal.com pour héberger le rapport, donne le lien du rapport dans un nouveau message.

Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt



puis réinitialise tes navigateurs:
==================================
Réinitialise tes navigateurs et ou manuellement reparamètre tes navigateurs WEB (page de démarrage, moteur de recherche etc) mais aussi supprimer/désactiver les extensions inutiles/parasites :
* Internet Explorer et modules complémentaires / moteurs de recherche : https://forum.malekal.com/viewtopic.php?t=41399&start=
* Firefox : https://www.malekal.com/reparer-firefox/?t=36057&start=
* Google Chrome : https://www.malekal.com/reparer-google-chrome/?t=35837&start=


Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
0