

Scott Halpin
Membres-
Compteur de contenus
36 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par Scott Halpin
-
[Résolu] Infection par Gen:Trojan.Heur.Crifi.@pJfamh6RnpO
Scott Halpin a répondu à un(e) sujet de Scott Halpin dans Analyses et éradication malwares
Je dois avouer que je n'étais pas au courant de l'activation de la restauration système sur D... Sinon, j'ai suivi vos dernières recommandations et créé un nouveau point de restauration. L'ordi tourne correctement et mon antivirus n'a jusqu'à maintenant plus signalé la présence de ce troyen. Merci pour votre aide !! -
[Résolu] Infection par Gen:Trojan.Heur.Crifi.@pJfamh6RnpO
Scott Halpin a répondu à un(e) sujet de Scott Halpin dans Analyses et éradication malwares
Bonjour, Malheureusement, il n'y a pas de rapport "JRT.txt" à la racine du disque dur. Par contre, mon antivirus m'a donnée la chemin complet du troyen en cause -> Fichier : D:\System Volume Information\_restore{E5C20223-3BD0-4AF5-8370-26758CE50F54}\RP825\A0075577.0xe Enfin, voici le rapport de AdwCleaner : # AdwCleaner v2.303 - Rapport créé le 02/07/2013 à 18:03:03 # Mis à jour le 08/06/2013 par Xplode # Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits) # Nom d'utilisateur : utilisateur - UTILISAT-488BE8 # Mode de démarrage : Normal # Exécuté depuis : C:\Documents and Settings\utilisateur\Bureau\adwcleaner.exe # Option [suppression] ***** [services] ***** ***** [Fichiers / Dossiers] ***** ***** [Registre] ***** Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C9A6357B-25CC-4BCF-96C1-78736985D412} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C9A6357B-25CC-4BCF-96C1-78736985D412} Clé Supprimée : HKCU\Software\YahooPartnerToolbar Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{C9A6357B-25CC-4BCF-96C1-78736985D412} Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C9A6357B-25CC-4BCF-96C1-78736985D412}] ***** [Navigateurs] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Le registre ne contient aucune entrée illégitime. -\\ Mozilla Firefox v21.0 (fr) Fichier : C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\9g7h74hf.default\prefs.js C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\9g7h74hf.default\user.js ... Supprimé ! [OK] Le fichier ne contient aucune entrée illégitime. -\\ Google Chrome v27.0.1453.116 Fichier : C:\Documents and Settings\utilisateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] Le fichier ne contient aucune entrée illégitime. ************************* AdwCleaner[s1].txt - [1645 octets] - [02/07/2013 18:03:03] ########## EOF - C:\AdwCleaner[s1].txt - [1705 octets] ########## -
[Résolu] Infection par Gen:Trojan.Heur.Crifi.@pJfamh6RnpO
Scott Halpin a répondu à un(e) sujet de Scott Halpin dans Analyses et éradication malwares
Voici le rapport ZHPFix : Rapport de ZHPFix 2013.6.12.3 par Nicolas Coolman, Update du 12/06/2013 Fichier d'export Registre : Run by utilisateur at 01/07/2013 21:03:42 High Elevated Privileges : OK Windows XP Home Edition Service Pack 3 (Build 2600) Corbeille vidée ========== Clé(s) du Registre ========== SUPPRIME Key: HKCU\Software\AppDataLow\Software\Smartbar SUPPRIME Key: HKLM\Software\Classes\Interface\{6e4c89cf-3061-4ee4-b22a-b7a8aaea5cb3} SUPPRIME Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47 SUPPRIME Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856 SUPPRIME Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494 SUPPRIME Key: HKCU\Software\Conduit ========== Valeur(s) du Registre ========== SUPPRIME FirewallRaz (SP) : %windir%\Network Diagnostic\xpnetdiag.exe SUPPRIME FirewallRaz (SP) : %windir%\system32\sessmgr.exe SUPPRIME FirewallRaz (SP) : E:\fscommand\CKSocketServer.exe SUPPRIME FirewallRaz (DP) : %windir%\Network Diagnostic\xpnetdiag.exe SUPPRIME FirewallRaz (DP) : %windir%\system32\sessmgr.exe Aucune valeur présente dans la clé d'exception du registre (FirewallRaz) ========== Elément(s) de donnée du Registre ========== SUPPRIME R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL ========== Dossier(s) ========== SUPPRIME Temporaires Windows SUPPRIME Flash Cookies ========== Fichier(s) ========== SUPPRIME Temporaires Windows SUPPRIME Flash Cookies ========== Récapitulatif ========== 6 : Clé(s) du Registre 6 : Valeur(s) du Registre 1 : Elément(s) de donnée du Registre 2 : Dossier(s) 2 : Fichier(s) End of clean in 00mn 51s ========== Chemin de fichier rapport ========== C:\ZHP\ZHPFix[R1].txt - 01/07/2013 21:03:42 [1878] Par contre, je n'ai pas de rapport de Junkware Removal Tool sur le bureau. Il y a semble t'il eu un bug lors de la création du rapport. -
[Résolu] Infection par Gen:Trojan.Heur.Crifi.@pJfamh6RnpO
Scott Halpin a répondu à un(e) sujet de Scott Halpin dans Analyses et éradication malwares
Pour l'instant, mon antivirus ne râle plus. Désolé, je n'ai pas d'autres rapports que les deux que j'ai publié (avant & après suppression). Voici le rapport ZHPDiag: Mon lien -
[Résolu] Infection par Gen:Trojan.Heur.Crifi.@pJfamh6RnpO
Scott Halpin a répondu à un(e) sujet de Scott Halpin dans Analyses et éradication malwares
Désolé, j'avais effectué la suppression après l'édition du rapport que je vous avais posté. Voici le Rapport Roguekiller après suppression : RogueKiller V8.6.1 [Jun 29 2013] par Tigzy mail : tigzyRK<at>gmail<dot>com Remontees : hxxp://www.adlice.com/forum/ Site Web : Télécharger RogueKiller (Site Officiel) Blog : tigzy-RK Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version Demarrage : Mode normal Utilisateur : utilisateur [Droits d'admin] Mode : Suppression -- Date : 07/01/2013 18:47:51 | ARK || FAK || MBR | ¤¤¤ Processus malicieux : 0 ¤¤¤ ¤¤¤ Entrees de registre : 1 ¤¤¤ [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0) ¤¤¤ Tâches planifiées : 0 ¤¤¤ ¤¤¤ Entrées Startup : 0 ¤¤¤ ¤¤¤ Navigateurs web : 0 ¤¤¤ ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver : [CHARGE] ¤¤¤ ¤¤¤ Ruches Externes: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: HDT722520DLA380 +++++ --- User --- [MBR] b68f7c9f17ac2244d211d6622a4319d5 [bSP] bb4b6e7bf08741802d3d8785df58a85e : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 24999 Mo 1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 51199155 | Size: 165780 Mo User = LL1 ... OK! User = LL2 ... OK! Termine : << RKreport[0]_D_07012013_184751.txt >> RKreport[0]_S_07012013_184404.txt -
[Résolu] Infection par Gen:Trojan.Heur.Crifi.@pJfamh6RnpO
Scott Halpin a répondu à un(e) sujet de Scott Halpin dans Analyses et éradication malwares
Oui, j'ai effectué une recherche complète avec MBAM. Voici le rapport de Roguekiller : RogueKiller V8.6.1 [Jun 29 2013] par Tigzy mail : tigzyRK<at>gmail<dot>com Remontees : hxxp://www.adlice.com/forum/ Site Web : Télécharger RogueKiller (Site Officiel) Blog : tigzy-RK Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version Demarrage : Mode normal Utilisateur : utilisateur [Droits d'admin] Mode : Recherche -- Date : 07/01/2013 18:44:04 | ARK || FAK || MBR | ¤¤¤ Processus malicieux : 0 ¤¤¤ ¤¤¤ Entrees de registre : 1 ¤¤¤ [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ ¤¤¤ Tâches planifiées : 0 ¤¤¤ ¤¤¤ Entrées Startup : 0 ¤¤¤ ¤¤¤ Navigateurs web : 0 ¤¤¤ ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver : [CHARGE] ¤¤¤ ¤¤¤ Ruches Externes: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: HDT722520DLA380 +++++ --- User --- [MBR] b68f7c9f17ac2244d211d6622a4319d5 [bSP] bb4b6e7bf08741802d3d8785df58a85e : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 24999 Mo 1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 51199155 | Size: 165780 Mo User = LL1 ... OK! User = LL2 ... OK! Termine : << RKreport[0]_S_07012013_184404.txt >> -
Bonjour, mon antivirus orange a détecté ce virus (Gen:Trojan.Heur.Crifi.@pJfamh6RnpO) mais ne semble pas pouvoir le supprimer. J'ai utilisé MBAM sans succès. Voici un rapport HijackThis : Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:43:09, on 01/07/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) FIREFOX: 21.0 (fr) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\fsgk32st.exe C:\Program Files\Orange\Antivirus Firewall\Common\FSMA32.EXE C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\FSGK32.EXE C:\Program Files\Orange\Antivirus Firewall\Common\FSHDLL32.EXE C:\Program Files\Java\jre7\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe C:\Program Files\Orange\Antivirus Firewall\FWES\Program\fsdfwd.exe C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\fssm32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\fsav32.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe C:\Program Files\Orange\Antivirus Firewall\Common\FSM32.EXE C:\WINDOWS\system32\ctfmon.exe D:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Documents and Settings\utilisateur\Application Data\Orange\OrangeInside\one\OrangeInside.exe C:\Program Files\Orange\Orange Installer\OrangeInstaller.exe C:\Program Files\Orange\MailNotifier\MailNotifier.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Orange\Assistance Livebox\AssistanceLivebox.exe C:\Program Files\Orange\Assistance Livebox\dist\ST2.exe D:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe D:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\utilisateur\Bureau\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 01net - informatique high-tech : actu, produits, téléchargement logiciels et jeux R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Portail Orange : Actu, Sport, Assistance Internet, Web Mail Orange R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.fr - Actualités, magazines people & féminin, Outlook et Hotmail R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.fr - Actualités, magazines people & féminin, Outlook et Hotmail R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: ToolbarOrange.InitToolbarBHO - {1d970ed5-3eda-438d-bffd-715931e2775b} - mscoree.dll (file missing) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Orange\Antivirus Firewall\NRS\iescript\baselitmus.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: barre d'outils Orange - {c9a6357b-25cc-4bcf-96c1-78736985d412} - mscoree.dll (file missing) O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Orange\Antivirus Firewall\NRS\iescript\baselitmus.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Orange\Antivirus Firewall\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Orange\Antivirus Firewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [orangeinside] C:\Documents and Settings\utilisateur\Application Data\Orange\OrangeInside\one\OrangeInside.exe O4 - HKCU\..\Run: [Orange Installer] "C:\Program Files\Orange\Orange Installer\OrangeInstaller.exe" O4 - HKCU\..\Run: [MailNotifier] C:\Program Files\Orange\MailNotifier\MailNotifier.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Assistance Livebox.lnk = C:\Program Files\Orange\Assistance Livebox\AssistanceLivebox.exe O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\Documents and Settings\utilisateur\Application Data\Orange\OrangeInside\src\addfavorites_html\addfavorites.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: envoyer le texte sélectionné par sms - C:\Documents and Settings\utilisateur\Application Data\Orange\OrangeInside\src\sendsmsselectedtext_html\sendsmsselectedtext.html O8 - Extra context menu item: envoyer par sms - C:\Documents and Settings\utilisateur\Application Data\Orange\OrangeInside\src\sendsms_html\sendsms.html O8 - Extra context menu item: envoyer un mail - C:\Documents and Settings\utilisateur\Application Data\Orange\OrangeInside\src\sendmail_html\sendmail.html O8 - Extra context menu item: orange.fr - C:\Documents and Settings\utilisateur\Application Data\Orange\OrangeInside\src\orange_html\orange.html O8 - Extra context menu item: rechercher le texte sélectionné - C:\Documents and Settings\utilisateur\Application Data\Orange\OrangeInside\src\selectedsearch_html\selectedsearch.html O8 - Extra context menu item: traduire la page - C:\Documents and Settings\utilisateur\Application Data\Orange\OrangeInside\src\translate_html\translate.html O8 - Extra context menu item: traduire le texte sélectionné - C:\Documents and Settings\utilisateur\Application Data\Orange\OrangeInside\src\translateSelectedText_html\translateSelectedText.html O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Dragon Age: Íà÷àëî — Êîíòåíòíîå îáíîâëåíèå (DAUpdaterSvc) - BioWare - D:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\fsgk32st.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Orange\Antivirus Firewall\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Orange\Antivirus Firewall\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Orange\Antivirus Firewall\ORSP Client\fsorsp.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe -- End of file - 11957 bytes Merci par avance de votre aide.
-
Infecté ??!!
Scott Halpin a répondu à un(e) sujet de Scott Halpin dans Analyses et éradication malwares
Voici le rapport de usbfix: ############################## | UsbFix 7.034 | [Recherche] Utilisateur: Benoit (Administrateur) # PC-DE-BENOIT [Acer Aspire 5610Z] Mis à jour le 25/10/10 par El Desaparecido / C_XX Lancé à 19:43:51 | 29/10/2010 Site Web: TEAM X SCRIPT : UsbFix - AD-Remover - FindyKill Contact: eldesaparecido@teamxscript.org CPU: Genuine Intel® CPU T2080 @ 1.73GHz CPU 2: Genuine Intel® CPU T2080 @ 1.73GHz Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6000 32-Bit) # Internet Explorer 8.0.6001.18928 Pare-feu Windows: Activé Antivirus: AntiVir Desktop 9.0.1.32 [(!) Disabled | Updated] RAM -> 1022 Mo C:\ (%systemdrive%) -> Disque fixe # 70 Go (20 Go libre(s) - 29%) [ACER] # NTFS D:\ -> Disque fixe # 70 Go (38 Go libre(s) - 54%) [DATA] # NTFS E:\ -> CD-ROM F:\ -> Disque amovible # 4 Go (3 Go libre(s) - 71%) [OPTIMA] # FAT32 ################## | Éléments infectieux | ################## | Registre | Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives ################## | Mountpoints2 | ################## | Vaccin | (!) Cet ordinateur n'est pas vacciné! ################## | E.O.F | -
Infecté ??!!
Scott Halpin a répondu à un(e) sujet de Scott Halpin dans Analyses et éradication malwares
Voici le rapport MBAM: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4943 Windows 6.0.6000 Internet Explorer 8.0.6001.18928 25/10/2010 19:42:38 mbam-log-2010-10-25 (19-42-38).txt Type d'examen: Examen complet (C:\|D:\|E:\|) Elément(s) analysé(s): 240568 Temps écoulé: 1 heure(s), 0 minute(s), 49 seconde(s) Processus mémoire infecté(s): 1 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 9 Processus mémoire infecté(s): C:\Users\Public\Documents\Windows\winhelp.exe (Spyware.Passwords.XGen) -> Failed to unload process. Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Users\Public\Documents\Windows\winhelp.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. C:\Users\Benoit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\40VSX1NF\setup[1].exe (Trojan.Hiloti) -> Quarantined and deleted successfully. C:\Users\Benoit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUOEVO00\setup[1].exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. C:\Users\Benoit\AppData\Local\temp\cNQARveAKd.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. C:\Users\Benoit\AppData\Local\temp\WINDOWS_SECURITY_CENTER.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\Benoit\AppData\Local\temp\YhXzUNuBDE.exe (Trojan.Hiloti) -> Quarantined and deleted successfully. C:\Users\Public\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\Users\Public\Documents\Server\server.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\Users\Benoit\Desktop\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully. Ainsi qu'un nouveau rapport hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:51:00, on 25/10/2010 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v8.00 (8.00.6001.18928) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Program Files\Launch Manager\LManager.exe C:\Acer\Empowering Technology\eDSMSNfix.exe C:\Windows\System32\rundll32.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Users\Benoit\AppData\Local\Temp\RtkBtMnt.exe C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\wuauclt.exe C:\Users\Benoit\Desktop\Logiciel anti malware\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! France R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O4 - Global Startup: Empowering Technology Launcher.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O20 - AppInit_DLLs: C:\Windows\System32\eNetHook.dll O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 8238 bytes -
Infecté ??!!
Scott Halpin a répondu à un(e) sujet de Scott Halpin dans Analyses et éradication malwares
J'ai essayé d'executer rkill avec tous les liens mais l'outil est stoppé au lancement... Voilà tout ce que j'ai pu avoir: This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Ran as Benoit on 25/10/2010 at 18:28:59. Services Stopped: Processes terminated by Rkill or while it was running: C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Benoit\Desktop\iExplore.exe Rkill completed on 25/10/2010 at 18:29:04. -
Bonjour, je pense être infecté par un virus, je suis redirigé vers des sites malveillants lorsque je clique sur n'importe quelle adresse internet ??? Je suis sur windows vista 32 bits. Voici un rapport hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:39:32, on 25/10/2010 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v8.00 (8.00.6001.18928) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Program Files\Launch Manager\LManager.exe C:\Acer\Empowering Technology\eDSMSNfix.exe C:\Windows\System32\rundll32.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Users\Public\Documents\Windows\winhelp.exe C:\Windows\ehome\ehmsas.exe C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Users\Benoit\AppData\Local\Temp\RtkBtMnt.exe C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Windows\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Avira\AntiVir Desktop\GUARDGUI.EXE C:\Users\Benoit\Desktop\Logiciel anti malware\HiJackThis.exe C:\Users\Benoit\Desktop\Logiciel anti malware\HiJackThis(2).exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! France R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Bing R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O4 - User Startup: winhelp.exe O4 - Global Startup: Empowering Technology Launcher.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O20 - AppInit_DLLs: C:\Windows\System32\eNetHook.dll O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 8540 bytes Merci d'avance pour votre aide !
-
Security tool...(résolu)
Scott Halpin a répondu à un(e) sujet de Scott Halpin dans Analyses et éradication malwares
Voici le rapport de MBAM: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4698 Windows 6.0.6000 (Safe Mode) Internet Explorer 8.0.6001.18928 26/09/2010 15:53:12 mbam-log-2010-09-26 (15-53-12).txt Type d'examen: Examen rapide Elément(s) analysé(s): 134839 Temps écoulé: 10 minute(s), 12 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 4 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\022561281 (Malware.Packer.Gen) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Users\Benoit\AppData\Local\022561281.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Users\Benoit\AppData\Local\temp\xrmcwnsoea.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\Users\Benoit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Users\Benoit\downloads\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully. ________________________________________________________________________________________________________________________________________________ Puis le rapport de rkill: This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Ran as Benoit on 26/09/2010 at 15:36:16. Services Stopped: Processes terminated by Rkill or while it was running: C:\Users\Benoit\Downloads\iExplore.exe Rkill completed on 26/09/2010 at 15:36:20. Depuis la suppression des virus découvert par MBAM, plus de signe de security tool... -
Bonsoir, je suis victime du virus security tool, il m'empêche d'accéder à hijackthis ou MBAM et je ne sais pas comment m'en débarrasser Je suis sur windows vista et j'ai un système d'exploitation 32 bits... Pouvez vous m'aider !!?
-
infesté par Antispyware Soft
Scott Halpin a répondu à un(e) sujet de Scott Halpin dans Analyses et éradication malwares
Voici le rapport de MBAM: Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Version de la base de données: 3963 Windows 6.0.6000 Internet Explorer 7.0.6000.17037 27/05/2010 21:49:16 mbam-log-2010-05-27 (21-49-16).txt Type d'examen: Examen rapide Elément(s) analysé(s): 103432 Temps écoulé: 6 minute(s), 21 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) ------------------------------------------------------- le rapport de hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:51:15, on 27/05/2010 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.17037) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\conime.exe C:\Windows\explorer.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Benoit\Downloads\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O4 - Global Startup: Empowering Technology Launcher.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O20 - AppInit_DLLs: C:\Windows\System32\eNetHook.dll O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 7747 bytes -
infesté par Antispyware Soft
Scott Halpin a répondu à un(e) sujet de Scott Halpin dans Analyses et éradication malwares
voici le rapport de CB: ComboFix 10-05-26.04 - Benoit 27/05/2010 21:12:49.1.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.1022.419 [GMT 2:00] Lancé depuis: c:\users\Benoit\Downloads\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\Benoit\AppData\Local\2750956343.dll c:\users\Benoit\AppData\Local\vhaitvqap c:\users\Benoit\AppData\Local\vhaitvqap\jssiyrktssd.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2010-04-27 au 2010-05-27 )))))))))))))))))))))))))))))))))))) . 2010-05-27 18:18 . 2010-05-27 18:18 52048 ----a-w- c:\windows\system32\drivers\klmd.sys 2010-05-27 17:59 . 2010-05-27 17:59 -------- d-----w- C:\rsit 2010-05-13 13:39 . 2010-05-13 13:39 -------- d-----w- c:\programdata\Office Genuine Advantage . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-27 19:04 . 2007-08-25 13:03 13072 ----a-w- c:\users\Benoit\AppData\Roaming\nvModes.dat 2010-05-27 19:02 . 2008-06-30 21:01 -------- d-----w- c:\users\Benoit\AppData\Roaming\OpenOffice.org2 2010-05-24 16:01 . 2008-06-30 21:02 1 ----a-w- c:\users\Benoit\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys 2010-05-24 16:00 . 2006-11-02 15:48 690832 ----a-w- c:\windows\system32\perfh00C.dat 2010-05-24 16:00 . 2006-11-02 15:48 117572 ----a-w- c:\windows\system32\perfc00C.dat 2010-05-13 12:30 . 2007-03-28 05:58 -------- d-----w- c:\programdata\Microsoft Help 2010-05-12 09:21 . 2009-10-03 12:28 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-04-26 17:32 . 2010-03-13 18:07 -------- d-----w- c:\users\Benoit\AppData\Roaming\codeblocks 2010-04-24 16:28 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-04-10 12:52 . 2010-04-10 12:52 653576 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2010-04-06 17:27 . 2010-04-06 17:27 -------- d-----w- c:\programdata\avG 2010-04-06 16:00 . 2010-04-06 16:00 8 ----a-w- c:\users\Benoit\AppData\Roaming\ypgmjw.dat 2010-03-29 22:46 . 2010-04-07 12:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-29 22:45 . 2010-04-07 12:30 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-09 16:54 . 2010-04-01 12:56 832512 ----a-w- c:\windows\system32\wininet.dll 2010-03-09 16:50 . 2010-04-01 12:56 56320 ----a-w- c:\windows\system32\iesetup.dll 2010-03-09 16:50 . 2010-04-01 12:56 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-03-09 16:50 . 2010-04-01 12:56 52736 ----a-w- c:\windows\AppPatch\iebrshim.dll 2010-03-09 16:48 . 2010-04-01 12:56 72704 ----a-w- c:\windows\system32\admparse.dll 2010-03-09 14:17 . 2010-04-01 12:56 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2010-03-09 12:43 . 2010-04-01 12:56 48128 ----a-w- c:\windows\system32\mshtmler.dll 2010-03-04 19:24 . 2010-04-18 14:56 434176 ----a-w- c:\windows\system32\vbscript.dll 2010-03-04 14:19 . 2007-08-07 18:56 75240 ----a-w- c:\users\Benoit\AppData\Local\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-24 1232896] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-08-12 1006264] "RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168] "NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-20 90191] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-20 7766016] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-20 81920] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-08 614400] "eDSMSNfix"="c:\acer\Empowering Technology\eDSMSNfix.exe" [2007-02-08 13312] "Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-01-17 151552] "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] c:\users\Benoit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-3-28 528384] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\eNetHook.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-07-13 717296] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] R3 klmd23;klmd23;c:\windows\system32\drivers\klmd.sys [2010-05-27 52048] R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 31232] R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2006-09-19 80744] S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688] S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-07-15 108289] . Contenu du dossier 'Tâches planifiées' 2010-05-27 c:\windows\Tasks\User_Feed_Synchronization-{48C3584E-D98B-4129-95BF-C0C31D351124}.job - c:\windows\system32\msfeedssync.exe [2006-11-02 09:45] . . ------- Examen supplémentaire ------- . uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://fr.fr.acer.yahoo.com uInternet Settings,ProxyServer = http=127.0.0.1:5555 uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Benoit\AppData\Roaming\Mozilla\Firefox\Profiles\88ejxvjd.default\ FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-Acer Tour Reminder - (no file) HKCU-Run-ifrcnfrb - c:\users\Benoit\AppData\Local\vhaitvqap\jssiyrktssd.exe HKLM-Run-ALaunch - c:\acer\ALaunch\AlaunchClient.exe HKLM-Run-Acer Tour - (no file) HKLM-Run-eRecoveryService - (no file) HKLM-Run-SetPanel - c:\acer\APanel\APanel.cmd HKLM-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALuNotify.exe SafeBoot-klmd23.sys SafeBoot-klmdb.sys AddRemove-Audacity_is1 - c:\program files\Audacity\unins000.exe AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9b.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-27 21:21 Windows 6.0.6000 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(748) c:\windows\system32\eNetHook.dll - - - - - - - > 'lsass.exe'(636) c:\windows\system32\eNetHook.dll . Heure de fin: 2010-05-27 21:24:09 ComboFix-quarantined-files.txt 2010-05-27 19:24 Avant-CF: 22 224 347 136 octets libres Après-CF: 22 259 695 616 octets libres - - End Of File - - 217B2E59DCB4AB30EE52C36F28AD92C3 plus de signe du virus ! Merci beaucoup pour votre aide !! -
infesté par Antispyware Soft
Scott Halpin a répondu à un(e) sujet de Scott Halpin dans Analyses et éradication malwares
je procède quand même à la manipulation avec combofix ?? -
infesté par Antispyware Soft
Scott Halpin a répondu à un(e) sujet de Scott Halpin dans Analyses et éradication malwares
Erreur de ma part, un rapport a bien été généré le voici: 20:04:40:710 6064 TDSS rootkit removing tool 2.3.1.0 May 25 2010 12:52:14 20:04:40:710 6064 ================================================================================ 20:04:40:710 6064 SystemInfo: 20:04:40:710 6064 OS Version: 6.0.6000 ServicePack: 0.0 20:04:40:710 6064 Product type: Workstation 20:04:40:711 6064 ComputerName: PC-DE-BENOIT 20:04:40:712 6064 UserName: Benoit 20:04:40:712 6064 Windows directory: C:\Windows 20:04:40:712 6064 Processor architecture: Intel x86 20:04:40:712 6064 Number of processors: 2 20:04:40:712 6064 Page size: 0x1000 20:04:40:725 6064 Boot type: Normal boot 20:04:40:725 6064 ================================================================================ 20:09:20:690 4444 TDSS rootkit removing tool 2.3.1.0 May 25 2010 12:52:14 20:09:20:690 4444 ================================================================================ 20:09:20:690 4444 SystemInfo: 20:09:20:690 4444 OS Version: 6.0.6000 ServicePack: 0.0 20:09:20:690 4444 Product type: Workstation 20:09:20:690 4444 ComputerName: PC-DE-BENOIT 20:09:20:690 4444 UserName: Benoit 20:09:20:690 4444 Windows directory: C:\Windows 20:09:20:690 4444 Processor architecture: Intel x86 20:09:20:690 4444 Number of processors: 2 20:09:20:690 4444 Page size: 0x1000 20:09:20:830 4444 Boot type: Normal boot 20:09:20:830 4444 ================================================================================ 20:09:23:254 4444 Initialize success 20:09:23:254 4444 20:09:23:270 4444 Scanning Services ... 20:09:25:345 4444 Raw services enum returned 436 services 20:09:25:360 4444 Suspicious serv jukua (h: 0, b: 1) 20:09:25:360 4444 20:09:25:360 4444 Hidden service detected! 20:09:25:360 4444 Service name: jukua 20:09:25:360 4444 Image path: 20:09:25:360 4444 Type "delete" (without quotes) to delete it: 20:11:11:931 4444 20:11:11:931 4444 By user detect jukua 20:11:11:954 4444 RegNode HKLM\SYSTEM\ControlSet001\services\jukua infected by TDSS rootkit ... 20:11:11:955 4444 will be deleted on reboot 20:11:12:055 4444 RegNode HKLM\SYSTEM\ControlSet002\services\jukua infected by TDSS rootkit ... 20:11:12:056 4444 will be deleted on reboot 20:11:12:056 4444 !dttws2 220:11:12:085 4444 RegNode HKLM\SYSTEM\ControlSet003\services\jukua infected by TDSS rootkit ... 20:11:12:086 4444 will be deleted on reboot 20:11:12:087 4444 !dttws2 220:11:12:097 4444 RegNode HKLM\SYSTEM\ControlSet004\services\jukua infected by TDSS rootkit ... 20:11:12:097 4444 will be deleted on reboot 20:11:12:098 4444 !dttws2 220:11:12:125 4444 RegNode HKLM\SYSTEM\ControlSet005\services\jukua infected by TDSS rootkit ... 20:11:12:126 4444 will be deleted on reboot 20:11:12:127 4444 !dttws2 220:11:12:152 4444 RegNode HKLM\SYSTEM\ControlSet006\services\jukua infected by TDSS rootkit ... 20:11:12:153 4444 will be deleted on reboot 20:11:12:180 4444 File C:\Windows\system32\drivers\jukua.sys infected by TDSS rootkit ... 20:11:12:180 4444 will be deleted on reboot 20:11:12:181 4444 20:11:12:182 4444 Scanning Drivers ... 20:11:14:201 4444 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys 20:11:14:388 4444 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 20:11:14:581 4444 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 20:11:14:702 4444 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 20:11:14:871 4444 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 20:11:15:158 4444 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys 20:11:15:750 4444 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 20:11:15:852 4444 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 20:11:15:914 4444 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys 20:11:15:969 4444 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 20:11:16:024 4444 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys 20:11:16:082 4444 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 20:11:16:143 4444 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 20:11:16:211 4444 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 20:11:16:256 4444 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 20:11:16:311 4444 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys 20:11:16:371 4444 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys 20:11:16:567 4444 avgio (f1d43170fdd7399ee17ea32d4f868b0c) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 20:11:16:642 4444 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys 20:11:16:732 4444 avipbb (ad9bd66a862116e79cb45bb6be46055f) C:\Windows\system32\DRIVERS\avipbb.sys 20:11:16:824 4444 b57nd60x (8e287eb3a52fd30c999482c576f4a61b) C:\Windows\system32\DRIVERS\b57nd60x.sys 20:11:17:025 4444 BCM43XX (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys 20:11:17:131 4444 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys 20:11:17:193 4444 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys 20:11:17:298 4444 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys 20:11:17:359 4444 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 20:11:17:386 4444 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 20:11:17:415 4444 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 20:11:17:465 4444 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 20:11:17:513 4444 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 20:11:17:555 4444 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 20:11:17:606 4444 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 20:11:17:798 4444 Cam5607 (d8ba0e0ffbce2dd5de110c5146c438b4) C:\Windows\system32\Drivers\BisonC07.sys 20:11:17:874 4444 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys 20:11:17:929 4444 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys 20:11:17:974 4444 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 20:11:18:046 4444 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys 20:11:18:190 4444 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys 20:11:18:213 4444 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys 20:11:18:229 4444 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys 20:11:18:287 4444 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 20:11:18:350 4444 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 20:11:18:378 4444 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys 20:11:18:438 4444 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys 20:11:18:515 4444 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys 20:11:18:699 4444 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys 20:11:18:741 4444 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys 20:11:18:958 4444 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys 20:11:18:998 4444 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 20:11:19:049 4444 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys 20:11:19:242 4444 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 20:11:19:298 4444 EMSCR (1fa3f9df8983873746fa6b72dd7e3c2c) C:\Windows\system32\DRIVERS\EMS7SK.sys 20:11:19:422 4444 ESDCR (9c7487253aad6bf61f9bc83d50e32ccc) C:\Windows\system32\DRIVERS\ESD7SK.sys 20:11:19:464 4444 ESMCR (99589d975da04f8bd31f124428fcc797) C:\Windows\system32\DRIVERS\ESM7SK.sys 20:11:19:545 4444 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys 20:11:19:599 4444 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 20:11:19:665 4444 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys 20:11:19:701 4444 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys 20:11:19:760 4444 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 20:11:19:793 4444 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys 20:11:19:871 4444 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys 20:11:19:922 4444 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 20:11:19:983 4444 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 20:11:20:064 4444 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys 20:11:20:090 4444 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 20:11:20:178 4444 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 20:11:20:249 4444 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys 20:11:20:312 4444 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 20:11:20:382 4444 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 20:11:20:565 4444 HSF_DPV (9efa5fec26cec696a66a891ac90b412d) C:\Windows\system32\DRIVERS\HSX_DPV.sys 20:11:20:667 4444 HSXHWAZL (7e775360ece92156ced6ed3b1daf6208) C:\Windows\system32\DRIVERS\HSXHWAZL.sys 20:11:20:773 4444 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys 20:11:20:901 4444 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 20:11:21:504 4444 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys 20:11:21:779 4444 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 20:11:21:906 4444 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 20:11:22:100 4444 int15 (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Acer\Empowering Technology\eRecovery\int15.sys 20:11:22:742 4444 IntcAzAudAddService (4a705bf2a6f7972f2f2ad8a0d8079f95) C:\Windows\system32\drivers\RTKVHDA.sys 20:11:23:130 4444 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys 20:11:23:161 4444 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys 20:11:23:199 4444 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys 20:11:23:272 4444 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 20:11:23:321 4444 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys 20:11:23:377 4444 irda (f11a90fb3f44f37ad10a4893bb690065) C:\Windows\system32\DRIVERS\irda.sys 20:11:23:433 4444 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys 20:11:23:468 4444 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 20:11:23:525 4444 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys 20:11:23:591 4444 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 20:11:23:649 4444 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 20:11:23:816 4444 jukua (80c6af4f948d4168fc90da1a6f4b6924) C:\Windows\system32\drivers\jukua.sys 20:11:23:817 4444 Suspicious file (NoAccess): C:\Windows\system32\drivers\jukua.sys. md5: 80c6af4f948d4168fc90da1a6f4b6924 20:11:23:923 4444 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys 20:11:23:983 4444 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys 20:11:24:045 4444 klmd23 (0b06b0a25e08df0d536402bce3bde61e) C:\Windows\system32\drivers\klmd.sys 20:11:24:187 4444 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys 20:11:24:238 4444 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys 20:11:24:291 4444 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 20:11:24:324 4444 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 20:11:24:378 4444 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 20:11:24:431 4444 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys 20:11:24:462 4444 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys 20:11:24:491 4444 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 20:11:24:545 4444 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys 20:11:24:632 4444 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys 20:11:24:697 4444 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys 20:11:24:718 4444 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys 20:11:24:743 4444 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys 20:11:24:776 4444 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 20:11:24:860 4444 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys 20:11:24:927 4444 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 20:11:24:996 4444 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys 20:11:25:136 4444 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys 20:11:25:236 4444 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys 20:11:25:285 4444 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys 20:11:25:341 4444 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys 20:11:25:397 4444 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 20:11:25:466 4444 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys 20:11:25:516 4444 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys 20:11:25:544 4444 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys 20:11:25:581 4444 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys 20:11:25:632 4444 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys 20:11:25:682 4444 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys 20:11:25:743 4444 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys 20:11:25:808 4444 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys 20:11:25:989 4444 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys 20:11:26:076 4444 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys 20:11:26:133 4444 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys 20:11:26:230 4444 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys 20:11:26:276 4444 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys 20:11:26:299 4444 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys 20:11:26:381 4444 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys 20:11:26:434 4444 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys 20:11:26:485 4444 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys 20:11:26:910 4444 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys 20:11:27:881 4444 NETw4v32 (1d73499a6664b4da05d750ff83fdb274) C:\Windows\system32\DRIVERS\NETw4v32.sys 20:11:28:167 4444 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 20:11:28:257 4444 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys 20:11:28:340 4444 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys 20:11:28:608 4444 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys 20:11:28:657 4444 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys 20:11:28:702 4444 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 20:11:28:732 4444 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys 20:11:29:136 4444 nvlddmkm (dcb0f735bb78497f6076177eb7d20214) C:\Windows\system32\DRIVERS\nvlddmkm.sys 20:11:29:498 4444 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 20:11:29:590 4444 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 20:11:29:647 4444 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 20:11:29:717 4444 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys 20:11:29:774 4444 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 20:11:29:829 4444 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys 20:11:29:876 4444 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 20:11:29:929 4444 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys 20:11:29:992 4444 pciide (caba65e9c41cd2900d4c92d4f825c5f8) C:\Windows\system32\DRIVERS\pciide.sys 20:11:30:051 4444 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys 20:11:30:372 4444 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 20:11:30:450 4444 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys 20:11:30:505 4444 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 20:11:30:562 4444 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys 20:11:30:629 4444 PSDFilter (c2821f33b846a52fdc25ff554acf11f2) C:\Windows\system32\DRIVERS\psdfilter.sys 20:11:30:647 4444 PSDNServ (28d3a91fe7791b970e6b15c88f98dfbd) C:\Windows\system32\drivers\PSDNServ.sys 20:11:30:713 4444 psdvdisk (3a66f69459052de13ef8a0f77d728a73) C:\Windows\system32\drivers\psdvdisk.sys 20:11:30:801 4444 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 20:11:30:918 4444 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 20:11:30:953 4444 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys 20:11:31:008 4444 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys 20:11:31:150 4444 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys 20:11:31:210 4444 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys 20:11:31:274 4444 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys 20:11:31:336 4444 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys 20:11:31:389 4444 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 20:11:31:436 4444 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys 20:11:31:510 4444 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys 20:11:31:570 4444 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys 20:11:31:636 4444 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 20:11:31:707 4444 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys 20:11:31:768 4444 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 20:11:31:811 4444 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 20:11:31:845 4444 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 20:11:31:937 4444 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys 20:11:32:016 4444 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys 20:11:32:142 4444 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 20:11:32:188 4444 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys 20:11:32:238 4444 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 20:11:32:288 4444 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 20:11:32:355 4444 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 20:11:32:414 4444 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 20:11:32:468 4444 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys 20:11:32:539 4444 SMSCIRDA (ced16c76469ba00e2ab310857cd4c767) C:\Windows\system32\DRIVERS\SMSCirda.sys 20:11:32:575 4444 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys 20:11:32:754 4444 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys 20:11:32:755 4444 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b 20:11:32:823 4444 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys 20:11:32:908 4444 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys 20:11:32:985 4444 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys 20:11:33:050 4444 ssmdrv (3ad0362cf68de3ac500e981700242cca) C:\Windows\system32\DRIVERS\ssmdrv.sys 20:11:33:128 4444 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys 20:11:33:199 4444 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 20:11:33:231 4444 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 20:11:33:265 4444 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 20:11:33:335 4444 SynTP (f7a4250bb3e3afcd4af100e551509352) C:\Windows\system32\DRIVERS\SynTP.sys 20:11:33:565 4444 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys 20:11:33:641 4444 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys 20:11:33:693 4444 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys 20:11:33:721 4444 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys 20:11:33:746 4444 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys 20:11:33:772 4444 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys 20:11:33:831 4444 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys 20:11:33:857 4444 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys 20:11:33:907 4444 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys 20:11:33:961 4444 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys 20:11:33:993 4444 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 20:11:34:055 4444 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys 20:11:34:142 4444 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 20:11:34:194 4444 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 20:11:34:245 4444 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 20:11:34:308 4444 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 20:11:34:366 4444 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys 20:11:34:437 4444 usbaudio (f6bf998ae33e3fb6c7d27f0560f1173f) C:\Windows\system32\drivers\usbaudio.sys 20:11:34:516 4444 usbccgp (0adb101083dfa5039b1e65fb36551ab1) C:\Windows\system32\DRIVERS\usbccgp.sys 20:11:34:566 4444 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 20:11:34:650 4444 usbehci (0e3c51bafaa9e00a870ed20adfdc28e7) C:\Windows\system32\DRIVERS\usbehci.sys 20:11:34:707 4444 usbhub (ec74d1322d1fbff709bdcbe20c703e1b) C:\Windows\system32\DRIVERS\usbhub.sys 20:11:34:766 4444 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 20:11:34:819 4444 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys 20:11:34:887 4444 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS 20:11:34:925 4444 usbuhci (c6b35b6c43751867d95752f1c5c8a3f2) C:\Windows\system32\DRIVERS\usbuhci.sys 20:11:34:947 4444 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 20:11:35:001 4444 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys 20:11:35:032 4444 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 20:11:35:074 4444 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 20:11:35:106 4444 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys 20:11:35:139 4444 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys 20:11:35:198 4444 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys 20:11:35:241 4444 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys 20:11:35:301 4444 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 20:11:35:333 4444 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 20:11:35:405 4444 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys 20:11:35:420 4444 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys 20:11:35:455 4444 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 20:11:35:555 4444 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys 20:11:35:696 4444 winachsf (cf27edac75c87f2b776d9218f02f8301) C:\Windows\system32\DRIVERS\HSX_CNXT.sys 20:11:35:838 4444 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys 20:11:35:908 4444 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys 20:11:35:975 4444 WSVD (2584df81cc9f7e7bd3545691106f8cae) C:\Windows\system32\drivers\WSVD.sys 20:11:36:033 4444 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys 20:11:36:095 4444 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys 20:11:36:146 4444 Reboot required for cure complete.. 20:11:37:180 4444 Cure on reboot scheduled successfully 20:11:37:180 4444 20:11:37:181 4444 Completed 20:11:37:183 4444 20:11:37:184 4444 Results: 20:11:37:186 4444 Registry objects infected / cured / cured on reboot: 6 / 0 / 6 20:11:37:187 4444 File objects infected / cured / cured on reboot: 1 / 0 / 1 20:11:37:188 4444 20:11:37:197 4444 KLMD(ARK) unloaded successfully -
infesté par Antispyware Soft
Scott Halpin a répondu à un(e) sujet de Scott Halpin dans Analyses et éradication malwares
normalement tdsskiller a travaillé oui il m'a demandé de faire un reboot et j'ai accepté -
infesté par Antispyware Soft
Scott Halpin a répondu à un(e) sujet de Scott Halpin dans Analyses et éradication malwares
je n'ai pas trouver le rapport TDSSKiller.txt et forcément le programme ne se lance désormais plus... -
infesté par Antispyware Soft
Scott Halpin a répondu à un(e) sujet de Scott Halpin dans Analyses et éradication malwares
je n'arrive pas à lancer RSIT le programme s'éteint avant que je puisse appuyer sur "continue"... -
infesté par Antispyware Soft
Scott Halpin a répondu à un(e) sujet de Scott Halpin dans Analyses et éradication malwares
Bonjour, désolé dans la précipitation j'ai oublier de mentionner les informations qui aurait pu être importante... Je suis donc sur windows vista 32 bits -
Bonjour, je suis infecté par le virus "Antispyware Soft" et celui-ci m'empêche d'accéder à mon antivirus ou même a MBAM ... pouvez vous m'aidez ?? Merci d'avance. Je n'arrive même pas à activer hijackthis pour poster un rapport...
-
Probléme avec "antivirus vista"
Scott Halpin a répondu à un(e) sujet de Scott Halpin dans Analyses et éradication malwares
Apparemment, le virus a été vaincu !! Merci beaucoup pour votre aide ! -
Probléme avec "antivirus vista"
Scott Halpin a répondu à un(e) sujet de Scott Halpin dans Analyses et éradication malwares
le rapport rkill: This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Ran as Benoit on 07/04/2010 at 14:26:32. Processes terminated by Rkill or while it was running: C:\Users\Benoit\AppData\Local\ave.exe C:\Users\Benoit\AppData\Local\Temp\RtkBtMnt.exe C:\Users\Benoit\AppData\Local\Temp\h7r2pq4.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Benoit\Downloads\rkill.com Rkill completed on 07/04/2010 at 14:26:37. le rapport de MBAM: Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Version de la base de données: 3963 Windows 6.0.6000 Internet Explorer 7.0.6000.17037 07/04/2010 15:58:24 mbam-log-2010-04-07 (15-58-24).txt Type d'examen: Examen complet (C:\|D:\|E:\|) Elément(s) analysé(s): 202855 Temps écoulé: 58 minute(s), 9 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 3 Elément(s) de données du Registre infecté(s): 3 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 19 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hf8wefhuaihf8ewfydiujhfdsfdf (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Benoit\AppData\Local\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Benoit\AppData\Local\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Benoit\AppData\Local\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Users\Benoit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3B60BPF3\hypwhc[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\Benoit\AppData\Local\Temp\winamp.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Benoit\AppData\Local\Temp\~TM3A63.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\Benoit\AppData\Local\Temp\~TM61D1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\Benoit\AppData\Local\Temp\spoolsv.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Benoit\AppData\Local\Temp\drweb.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Benoit\AppData\Local\Temp\ovqyha222i9pu92.exe (Trojan.Clicker) -> Quarantined and deleted successfully. C:\Users\Benoit\AppData\Local\Temp\services.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Benoit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ihaupd32.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\Benoit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wwwmen32.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\System32\drivers\jukua.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Windows\Temp\wpv391270334431.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Benoit\AppData\Local\Temp\h7r2pq4.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Benoit\AppData\Roaming\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully. C:\Users\Benoit\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully. C:\Users\Benoit\AppData\Local\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\Benoit\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\Users\Benoit\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. C:\Users\Benoit\AppData\Local\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. -
Bonjour, j'ai actuellement un virus (appelé antivirus vista) sur mon ordinateur et malgrés mes tentatives d'éradication avec le logiciel malwarebytes anti malware, ce virus reste présent. Pourtant, MBAM a bien detecté des fichiers infectés mais il n'arrive pas à les supprimer lors du redémarrage de l'ordi.... Merci de votre aide !! voici un rapport HijackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:11:34, on 06/04/2010 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.17037) Boot mode: Normal Running processes: C:\Windows\Explorer.EXE C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Users\Benoit\AppData\Local\ave.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Launch Manager\LManager.exe C:\Users\Benoit\wuaucldt.exe C:\Windows\ehome\ehtray.exe C:\Windows\system32\svchost.exe C:\Windows\System32\rundll32.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Acer\Empowering Technology\eDSMSNfix.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Windows\RtHDVCpl.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Users\Benoit\AppData\Local\Temp\RtkBtMnt.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Windows\system32\svchost.exe C:\Users\Benoit\AppData\Local\Temp\h7r2pq4.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\SearchFilterHost.exe C:\Users\Benoit\Downloads\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [setPanel] C:\Acer\APanel\APanel.cmd O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [hf8wefhuaihf8ewfydiujhfdsfdf] C:\Users\Benoit\AppData\Local\Temp\h7r2pq4.exe O4 - HKCU\..\Run: [syncman] c:\users\benoit\wuaucldt.exe O4 - HKCU\..\Run: [Regedit32] C:\Windows\system32\regedit.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Startup: ihaupd32.exe O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O4 - Startup: wwwmen32.exe O4 - Global Startup: Empowering Technology Launcher.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O20 - AppInit_DLLs: eNetHook.dll O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9680 bytes