trojan: rapport combofix

[charlaire]

Bonjour,

Il y a quelques jours, une alerte d' avira antivir me signale :

"Dans le fichier 'C:\Windows\Temp\3b2b7ebf.tmp'

un virus ou un programme indésirable 'TR/Ransom.Digitala.aqf' [trojan] a été détecté.

Action exécutée : Refuser l'accès". suivie d'une 2eme alerte :

"Dans le fichier 'C:\Windows\Temp\90663b91.tmp'

un virus ou un programme indésirable 'TR/Ransom.Digitala.arp' [trojan] a été détecté.

Action exécutée : Refuser l'accès". J'ai redémarré le PC, mais rebelote dés que je lance une page internet.

donc j'ai fait une analyse compléte qui a repris les mêmes alertes, puis j'ai fait une analyse avec : ccleaner, spybot, malwarebyte, et AVG anti-antispyware : aucun ne signale de probléme, j'ai fait une analyse en ligne RAS.

J'ai fait des recherches sur google, j'ai trouvé des solutions pour des particuliers, mais il faut passer par un rapport hijackis...mais le changement sur le registre ne correspond pas à mon probléme.

J'ai essayé de restaurer à une date antérieure ça ne change pas les choses (mais peut-être n'ai-je pas fait comme il faut).

J'ai essayé en supprimer le dossier temporaires dans windows/temp...

Mais aucune de mes manipulations ne me débarrasse de ce trojan.

J'ai suivi les conseils d'un forum "les delliens", qui m'a demandé de faire combofix, je leur ai envoyé mon rapport mais malheureusement ils séchent.

Pourriez-vous me dire ce que vous en pensez ?

 

ComboFix 10-07-15.03 - Sand 16/07/2010 18:32:28.1.2 - x86

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3066.1971 [GMT 2:00]

Lancé depuis: c:\users\Sand\Desktop\ComboFix.exe

SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\system volume information\SystemRestore

c:\system volume information\SystemRestore\FRStaging\Windows\bthservsdp.dat

c:\system volume information\SystemRestore\FRStaging\Windows\inf\drvindex.dat

c:\system volume information\SystemRestore\FRStaging\Windows\inf\INFCACHE.1

c:\system volume information\SystemRestore\FRStaging\Windows\inf\infpub.dat

c:\system volume information\SystemRestore\FRStaging\Windows\inf\infstor.dat

c:\system volume information\SystemRestore\FRStaging\Windows\inf\infstrng.dat

c:\system volume information\SystemRestore\FRStaging\Windows\inf\WmiApRpl\0009\WmiApRpl.ini

c:\system volume information\SystemRestore\FRStaging\Windows\inf\WmiApRpl\000C\WmiApRpl.ini

c:\system volume information\SystemRestore\FRStaging\Windows\inf\WmiApRpl\WmiApRpl.h

c:\system volume information\SystemRestore\FRStaging\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb

c:\system volume information\SystemRestore\FRStaging\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb

c:\system volume information\SystemRestore\FRStaging\Windows\System32\catroot2\edb.chk

c:\users\Sand\AppData\Roaming\.#

c:\windows\system32\st326047.dll

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2010-06-16 au 2010-07-16 ))))))))))))))))))))))))))))))))))))

.

 

2010-07-15 16:27 . 2010-07-15 16:27 95232 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\pcswpcsi.exe

2010-07-15 16:27 . 2010-07-15 16:27 8192 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstCCD.exe

2010-07-15 16:27 . 2010-07-15 16:27 61440 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstPCSFEMsi.exe

2010-07-15 16:27 . 2010-07-15 16:27 10240 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstPCS.exe

2010-07-14 19:52 . 2010-07-14 20:01 -------- d-----w- c:\programdata\PC Tools

2010-07-14 19:49 . 2010-07-14 19:52 -------- d-----w- c:\users\Sand\AppData\Roaming\GetRightToGo

2010-07-14 11:36 . 2010-07-14 15:09 -------- d-----w- c:\windows\system32\MpEngineStore

2010-06-24 19:31 . 2010-06-24 19:31 -------- d-----w- c:\program files\Microsoft.NET

2010-06-22 20:19 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-06-22 20:19 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll

2010-06-22 20:19 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll

2010-06-22 20:19 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2010-06-22 20:19 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll

2010-06-22 18:48 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2010-06-22 18:48 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-16 16:22 . 2009-12-30 10:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2010-07-15 20:35 . 2008-11-25 10:21 12 ----a-w- c:\windows\bthservsdp.dat

2010-07-15 19:32 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-07-15 16:27 . 2010-02-06 15:07 -------- d-----w- c:\programdata\Installations

2010-07-14 20:26 . 2008-01-21 08:40 679042 ----a-w- c:\windows\system32\perfh00C.dat

2010-07-14 20:26 . 2008-01-21 08:40 126626 ----a-w- c:\windows\system32\perfc00C.dat

2010-07-14 15:35 . 2010-05-14 21:08 -------- d-----w- c:\users\Sand\AppData\Roaming\vlc

2010-06-09 09:42 . 2010-06-09 09:42 653576 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2010-06-03 20:41 . 2009-04-18 08:33 6944 ----a-w- c:\users\Sand\AppData\Local\d3d9caps.dat

2010-05-29 16:00 . 2009-04-05 15:12 19380 ----a-w- c:\users\Sand\AppData\Roaming\wklnhst.dat

2010-05-26 17:06 . 2010-06-14 15:32 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-05-26 14:47 . 2010-06-14 15:32 289792 ----a-w- c:\windows\system32\atmfd.dll

2010-05-21 12:14 . 2009-10-02 18:45 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-05-15 15:38 . 2010-05-15 15:39 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-05-04 05:59 . 2010-06-14 15:39 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-04 05:55 . 2010-06-14 15:39 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-05-04 05:55 . 2010-06-14 15:39 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-05-04 04:31 . 2010-06-14 15:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2010-05-01 14:13 . 2010-06-14 15:30 2037248 ----a-w- c:\windows\system32\win32k.sys

2010-04-23 14:13 . 2010-05-26 08:15 2048 ----a-w- c:\windows\system32\tzres.dll

2008-11-25 10:31 . 2008-11-25 10:31 74 --sha-r- c:\windows\CT4CET.bin

2008-11-25 18:44 . 2008-11-25 18:43 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]

2009-10-15 08:53 165184 ----a-w- c:\program files\SFR\Kit\SFRNavErrorHelper.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"Connexion SFR 9props.exe"="c:\program files\SFR\Kit\9props.exe" [2009-10-15 959808]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-08-25 200704]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

"WheelMouse"="c:\advanc~1\wh_exec.exe" [2007-03-11 86016]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-08-25 442460]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-07-04 132392]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]

"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

 

c:\users\Invit‚\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]

 

c:\users\Sand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-5 752168]

QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-31 1616976]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2008-11-25 10:38 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]

c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central]

2008-06-03 14:54 446635 ----a-w- c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2009-12-08 18:57 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SightSpeed]

2008-08-15 21:03 4812664 ----a-w- c:\program files\Dell Video Chat\DellVideoChat.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

2010-05-07 12:36 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(b):4f,f8,42,f6,70,30,ca,01

 

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]

R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]

R1 xdovzsps;xdovzsps;c:\windows\system32\drivers\xdovzsps.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys [x]

R3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys [x]

R3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;c:\windows\system32\DRIVERS\CnxTgNW.sys [x]

R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-08 30192]

R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]

R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\aestsrv.exe [2008-08-25 73728]

S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-23 155648]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-05-07 92008]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-06-16 29736]

S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2008-08-25 54784]

S3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-08-25 203264]

S3 NETw5v32;Pilote de carte Intel® Wireless WiFi Link pour Windows Vista 32 bits ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-07-04 3663360]

S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2009-03-06 133632]

S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2009-03-08 280096]

S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [2007-01-25 6784]

 

 

--- Autres Services/Pilotes en mémoire ---

 

*Deregistered* - lxwaq

*Deregistered* - tescsx

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contenu du dossier 'Tâches planifiées'

 

2010-07-15 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job

- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-12-30 14:31]

 

2010-07-16 c:\windows\Tasks\User_Feed_Synchronization-{07B1D66E-69A3-4D78-BCFF-A4571AB5CEF8}.job

- c:\windows\system32\msfeedssync.exe [2010-06-14 04:30]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.sfr.fr/kit/adsl/

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

FF - ProfilePath - c:\users\Sand\AppData\Roaming\Mozilla\Firefox\Profiles\m7c2vd9e.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405725&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2405725&SearchSource=13

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- PARAMETRES FIREFOX ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHELINS SUPPRIMES - - - -

 

SafeBoot-AVG Anti-Spyware Driver

MSConfigStartUp-ISW - c:\program files\CheckPoint\ZAForceField\ForceField.exe

MSConfigStartUp-NokiaMusic FastStart - c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-07-16 18:40

Windows 6.0.6002 Service Pack 2 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lxwaq]

 

--

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tescsx]

 

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Heure de fin: 2010-07-16 18:43:49

ComboFix-quarantined-files.txt 2010-07-16 16:43

 

Avant-CF: 215 298 510 848 octets libres

Après-CF: 214 488 924 160 octets libres

 

Current=1 Default=1 Failed=0 LastKnownGood=45 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45

- - End Of File - - CA1F7AFC05D3D053F85FCA9E3FC0F7C3