Demande d'analyse

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Messagede naturalganja » 29 Mai 2010, 10:54

un probleme tres genant est que je ne peux pas renommer mes fichiers, un message d'erreur apparait me prevenant que si je renomme le fichier il pourrait devenir inutisilable, et effectivement c'est ce qu'il se passe si je poursuis.
Je dois avouer que la ca commence a faire pas mal de problemes qui n'etaient pas la avant. J'ai vraiment besoin d'aide. merci
Follow your dreams, don't let your dreams follow you...
naturalganja
 
Messages: 23
Inscription: 20 Mai 2010, 11:34

Messagede nickW » 29 Mai 2010, 11:21

Bonjour,

Nouvelles manips:


Étape 1: TDSSKiller (de Kaspersky), installation
Télécharger tdsskiller.zip depuis le lien ci-dessous:
http://support.kaspersky.com/downloads/ ... killer.zip

Extraire de l'archive téléchargée le fichier TDSSKiller.exe et le placer sur le Bureau.


Étape 2: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image avast5!: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), choisir "Gestion des Agents avast!" et désactiver tous les agents de protection


Étape 3: TDSSKiller (de Kaspersky), exécution

Fermer toutes les fenêtres de programme ouvertes (navigateur, traitement de texte, etc...): un redémarrage du PC va se produire.

Faire un double clic sur TDSSKiller.exe pour lancer l'outil.

A la fin de l'analyse, appuyer sur Y comme demandé (redémarrage).
Le rapport s'affiche dans le Bloc-notes. Fermer le Bloc-notes.


Étape 4: Processus de contrôle en temps réel
Important: Si nécessaire, réactiver le module résident de l'antivirus.


Étape 5: OTL (de OldTimer), analyse rapide
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Analyse rapide:
Image


Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 6: Résultats
Envoyer en réponse:
*- le rapport de TDSSKiller (contenu du fichier SystemDrive\TDSSKiller.Version_Date_Heure_log.txt)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport principal de OTL (contenu du fichier OTL.txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede naturalganja » 04 Juin 2010, 18:46

???
Follow your dreams, don't let your dreams follow you...
naturalganja
 
Messages: 23
Inscription: 20 Mai 2010, 11:34

Messagede nickW » 04 Juin 2010, 22:28

Bonsoir,

naturalganja, le Ven 04/06/2010 à 18h46, a écrit:???


Ce qui signifie, en bon français intelligible?

Salut,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede naturalganja » 13 Juin 2010, 13:31

de plus, lors du demarrage du pc, de temps en temps la prise en charge du reseau n'est pas effective, je dois alors redemarrer.
quelle est la prochain etape pour reparer mon pc? comment remedier a ces problemes qi ne sont uniquement apparus lorsque j'ai commence a suivre ce forum.
Follow your dreams, don't let your dreams follow you...
naturalganja
 
Messages: 23
Inscription: 20 Mai 2010, 11:34

Messagede nickW » 14 Juin 2010, 20:42

Bonsoir,

As-tu suivi les étapes décrites dans mon message du Samedi 29/05/2010 à 12h21?

Salut,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede naturalganja » 16 Juin 2010, 21:40

04:29:36:562 3176 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
04:29:36:562 3176 ================================================================================
04:29:36:562 3176 SystemInfo:

04:29:36:562 3176 OS Version: 5.1.2600 ServicePack: 3.0
04:29:36:562 3176 Product type: Workstation
04:29:36:562 3176 ComputerName: ANTOINE
04:29:36:562 3176 UserName: Natural Ganja
04:29:36:562 3176 Windows directory: C:\WINDOWS
04:29:36:562 3176 Processor architecture: Intel x86
04:29:36:562 3176 Number of processors: 2
04:29:36:562 3176 Page size: 0x1000
04:29:36:562 3176 Boot type: Normal boot
04:29:36:562 3176 ================================================================================
04:29:36:921 3176 Initialize success
04:29:36:921 3176
04:29:36:921 3176 Scanning Services ...
04:29:37:109 3176 Raw services enum returned 347 services
04:29:37:140 3176
04:29:37:140 3176 Scanning Drivers ...
04:29:37:406 3176 Aavmker4 (a5246ed2586aa807af0bcf63165a71cc) C:\WINDOWS\system32\drivers\Aavmker4.sys
04:29:37:500 3176 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
04:29:37:562 3176 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
04:29:37:640 3176 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
04:29:37:718 3176 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
04:29:37:937 3176 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
04:29:38:187 3176 AR5416 (e0ee769d14128014965e03b433f5f46e) C:\WINDOWS\system32\DRIVERS\athw.sys
04:29:38:406 3176 AsusACPI (12415a4b61ded200fe9932b47a35fa42) C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
04:29:38:468 3176 aswFsBlk (1b6ed99291ddf5d2501554cc5757aab6) C:\WINDOWS\system32\drivers\aswFsBlk.sys
04:29:38:500 3176 aswMon2 (81432b1a4b31036c822eb967decf613c) C:\WINDOWS\system32\drivers\aswMon2.sys
04:29:38:546 3176 aswRdr (3e2b6112d2766f87eda8466fde86a986) C:\WINDOWS\system32\drivers\aswRdr.sys
04:29:38:609 3176 aswSP (d78b644816db540e103d0b0766fd9967) C:\WINDOWS\system32\drivers\aswSP.sys
04:29:38:656 3176 aswTdi (606d731008d98b6ef946730c597c1642) C:\WINDOWS\system32\drivers\aswTdi.sys
04:29:38:750 3176 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
04:29:38:828 3176 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
04:29:38:890 3176 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
04:29:38:953 3176 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
04:29:39:000 3176 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
04:29:39:078 3176 btaudio (4b43dfe1c1fbb305a1dc5504ef9bb34e) C:\WINDOWS\system32\drivers\btaudio.sys
04:29:39:156 3176 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
04:29:39:234 3176 BTKRNL (70455baffc078b6152d1e52376296467) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
04:29:39:343 3176 BTWDNDIS (485020a1e1fc5c51a800ca69c618d881) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
04:29:39:406 3176 btwhid (949eca9c56f657c06d3166d51f3226c7) C:\WINDOWS\system32\DRIVERS\btwhid.sys
04:29:39:437 3176 BTWUSB (2cfc2bd8785f82a42fcad83de1fa5a36) C:\WINDOWS\system32\Drivers\btwusb.sys
04:29:39:484 3176 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
04:29:39:546 3176 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
04:29:39:625 3176 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
04:29:39:687 3176 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
04:29:39:734 3176 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
04:29:39:828 3176 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
04:29:39:890 3176 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
04:29:40:000 3176 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
04:29:40:062 3176 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
04:29:40:171 3176 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
04:29:40:218 3176 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
04:29:40:281 3176 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
04:29:40:375 3176 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
04:29:40:437 3176 ewusbnet (13d0f39d356e70f0a5e80d7771382245) C:\WINDOWS\system32\DRIVERS\ewusbnet.sys
04:29:40:515 3176 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
04:29:40:562 3176 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
04:29:40:609 3176 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
04:29:40:640 3176 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
04:29:40:703 3176 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
04:29:40:781 3176 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
04:29:40:812 3176 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
04:29:40:875 3176 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
04:29:40:921 3176 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
04:29:40:984 3176 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
04:29:41:062 3176 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
04:29:41:125 3176 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
04:29:41:218 3176 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
04:29:41:312 3176 hwdatacard (8adf5ef39e896a65beded878494ee2b6) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
04:29:41:375 3176 hwusbfake (83026e41d9960430491432dbd6af969a) C:\WINDOWS\system32\DRIVERS\ewusbfake.sys
04:29:41:500 3176 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
04:29:41:750 3176 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
04:29:42:031 3176 iaStor (8ef427c54497c5f8a7a645990e4278c7) C:\WINDOWS\system32\drivers\iaStor.sys
04:29:42:093 3176 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
04:29:42:343 3176 IntcAzAudAddService (afa6853aa949b5e151e4a10f6805b5b2) C:\WINDOWS\system32\drivers\RtkHDAud.sys
04:29:42:609 3176 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
04:29:42:656 3176 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
04:29:42:703 3176 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
04:29:42:765 3176 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
04:29:42:812 3176 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
04:29:42:875 3176 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
04:29:42:937 3176 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
04:29:43:015 3176 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
04:29:43:046 3176 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
04:29:43:109 3176 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
04:29:43:156 3176 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
04:29:43:218 3176 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
04:29:43:281 3176 L1c (6c8658587e91ea25b0fd2e71781ad228) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
04:29:43:359 3176 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
04:29:43:421 3176 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
04:29:43:515 3176 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
04:29:43:640 3176 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
04:29:43:703 3176 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
04:29:43:750 3176 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
04:29:43:828 3176 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
04:29:43:906 3176 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
04:29:43:968 3176 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
04:29:44:015 3176 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
04:29:44:062 3176 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
04:29:44:109 3176 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
04:29:44:171 3176 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
04:29:44:203 3176 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
04:29:44:265 3176 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
04:29:44:296 3176 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
04:29:44:359 3176 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
04:29:44:390 3176 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
04:29:44:468 3176 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
04:29:44:500 3176 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
04:29:44:546 3176 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
04:29:44:593 3176 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
04:29:44:640 3176 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
04:29:44:703 3176 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
04:29:44:734 3176 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
04:29:44:843 3176 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
04:29:44:906 3176 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
04:29:44:968 3176 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
04:29:45:000 3176 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
04:29:45:046 3176 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
04:29:45:093 3176 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
04:29:45:140 3176 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
04:29:45:203 3176 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
04:29:45:250 3176 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
04:29:45:312 3176 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
04:29:45:500 3176 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
04:29:45:531 3176 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
04:29:45:578 3176 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
04:29:45:718 3176 RasAcd (cc30c86ef57857db2e26b3801389b215) C:\WINDOWS\system32\DRIVERS\rasacd.sys
04:29:45:718 3176 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\rasacd.sys. Real md5: cc30c86ef57857db2e26b3801389b215, Fake md5: fe0d99d6f31e4fad8159f690d68ded9c
04:29:45:718 3176 File "C:\WINDOWS\system32\DRIVERS\rasacd.sys" infected by TDSS rootkit ... 04:29:47:203 3176 Backup copy found, using it..
04:29:47:390 3176 will be cured on next reboot
04:29:47:437 3176 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
04:29:47:484 3176 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
04:29:47:546 3176 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
04:29:47:609 3176 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
04:29:47:656 3176 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
04:29:47:703 3176 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
04:29:47:765 3176 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
04:29:47:859 3176 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
04:29:47:921 3176 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
04:29:47:953 3176 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
04:29:48:015 3176 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
04:29:48:093 3176 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
04:29:48:140 3176 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
04:29:48:218 3176 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
04:29:48:250 3176 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
04:29:48:281 3176 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
04:29:48:312 3176 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
04:29:48:406 3176 SynTP (8e25a1dbb8527b2074af9b682f818768) C:\WINDOWS\system32\DRIVERS\SynTP.sys
04:29:48:421 3176 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
04:29:48:500 3176 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
04:29:48:546 3176 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
04:29:48:562 3176 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
04:29:48:578 3176 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
04:29:48:640 3176 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
04:29:48:687 3176 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
04:29:48:750 3176 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
04:29:48:781 3176 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
04:29:48:828 3176 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
04:29:48:875 3176 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
04:29:48:906 3176 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
04:29:48:937 3176 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
04:29:48:984 3176 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
04:29:49:031 3176 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
04:29:49:046 3176 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
04:29:49:093 3176 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
04:29:49:109 3176 uvclf (c019889035cdc1a06f2febc93cbb6897) C:\WINDOWS\system32\DRIVERS\uvclf.sys
04:29:49:125 3176 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
04:29:49:171 3176 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
04:29:49:203 3176 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
04:29:49:250 3176 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
04:29:49:328 3176 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
04:29:49:375 3176 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
04:29:49:421 3176 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
04:29:49:437 3176 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
04:29:49:437 3176 Reboot required for cure complete..
04:29:49:546 3176 Cure on reboot scheduled successfully
04:29:49:546 3176
04:29:49:546 3176 Completed
04:29:49:546 3176
04:29:49:546 3176 Results:
04:29:49:546 3176 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
04:29:49:546 3176 File objects infected / cured / cured on reboot: 1 / 0 / 1
04:29:49:546 3176
04:29:49:562 3176 KLMD(ARK) unloaded successfully
Follow your dreams, don't let your dreams follow you...
naturalganja
 
Messages: 23
Inscription: 20 Mai 2010, 11:34

Messagede naturalganja » 16 Juin 2010, 21:42

OTL logfile created on: 17/06/2010 4:34:19 AM - Run 4
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Natural Ganja\Desktop\Raccourci\anti spyware
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1,015.00 Mb Total Physical Memory | 532.00 Mb Available Physical Memory | 52.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72.06 Gb Total Space | 17.92 Gb Free Space | 24.87% Space Free | Partition Type: NTFS
Drive D: | 72.05 Gb Total Space | 1.25 Gb Free Space | 1.74% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANTOINE
Current User Name: Natural Ganja
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/20 18:20:27 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Natural Ganja\Desktop\Raccourci\anti spyware\OTL.exe
PRC - [2010/05/07 04:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/05/07 04:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/03 02:05:30 | 000,040,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2009/07/03 08:40:30 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2009/06/18 06:18:30 | 003,054,136 | ---- | M] (ASUS) -- C:\WINDOWS\AsScrPro.exe
PRC - [2009/05/19 08:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/05/09 05:07:50 | 000,696,320 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
PRC - [2009/05/09 05:07:26 | 000,118,784 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsTray.exe
PRC - [2009/05/09 04:54:20 | 000,098,304 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsEPCMon.exe
PRC - [2009/04/03 22:20:13 | 002,794,928 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2008/11/15 05:55:56 | 000,376,832 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
PRC - [2008/04/14 20:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/18 21:01:01 | 000,251,312 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2007/12/19 23:07:40 | 000,163,840 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2007/01/31 11:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe


========== Modules (SafeList) ==========

MOD - [2010/05/20 18:20:27 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Natural Ganja\Desktop\Raccourci\anti spyware\OTL.exe
MOD - [2009/03/26 23:35:39 | 000,034,224 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\idmmkb.dll
MOD - [2008/04/14 20:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/05/07 04:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/07 04:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/07 04:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/05 21:18:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/03 08:40:30 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2009/05/19 08:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2007/01/31 11:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - [2010/05/07 04:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/07 04:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/07 04:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/07 04:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/05/07 04:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/07 04:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/08/05 21:18:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/06/29 15:00:50 | 000,112,640 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009/06/29 15:00:50 | 000,102,656 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2009/05/12 17:18:54 | 005,080,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/04/09 21:14:28 | 000,208,816 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/04/09 10:38:30 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/03/14 14:05:26 | 001,528,928 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/03/02 13:03:48 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2008/11/19 09:21:28 | 000,039,040 | ---- | M] (GenesysLogic Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\uvclf.sys -- (uvclf)
DRV - [2008/09/12 13:32:56 | 000,327,192 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2008/08/19 22:16:36 | 000,991,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/08/19 22:16:28 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/08/05 20:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/07/24 17:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008/05/30 11:46:12 | 000,534,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/04/14 20:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/13 21:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/09 03:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI)
DRV - [2008/03/10 18:18:42 | 000,057,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2008/02/04 17:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/12/19 23:32:12 | 005,854,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/01/04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eeepc.asus.com/global
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/"
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:6.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: textlinks@playsushi.com:1.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin File not found
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/05 06:00:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/05 06:00:50 | 000,000,000 | ---D | M]

[2010/02/14 14:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Natural Ganja\Application Data\Mozilla\Extensions
[2010/02/14 14:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Natural Ganja\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/06/16 09:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Natural Ganja\Application Data\Mozilla\Firefox\Profiles\3qgxgwm7.default\extensions
[2010/04/27 15:13:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Natural Ganja\Application Data\Mozilla\Firefox\Profiles\3qgxgwm7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/24 10:57:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Natural Ganja\Application Data\Mozilla\Firefox\Profiles\3qgxgwm7.default\extensions\textlinks@playsushi.com
[2010/06/16 09:03:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/23 13:37:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/23 13:36:44 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/03/25 08:30:30 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/25 08:30:30 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/25 08:30:30 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/25 08:30:30 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2008/04/14 20:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PlaySushi) - {21608B66-026F-4DCB-9244-0DACA328DCED} - C:\Program Files\PlaySushi\PSText.dll ()
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe (SFX TEAM)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SuperHybridEngine.lnk = C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O4 - Startup: C:\Documents and Settings\Natural Ganja\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Go PlaySushi! - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:\Program Files\PlaySushi\PSText.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 86.64.233.82 109.0.64.240
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Natural Ganja\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Natural Ganja\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/02 08:57:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6b630ac8-6d0b-11df-94eb-0025d36614af}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\setup.exe -- [2008/04/14 20:00:00 | 000,023,040 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/06/17 04:28:41 | 000,998,736 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Natural Ganja\Desktop\TDSSKiller.exe
[2010/06/10 01:44:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Natural Ganja\Desktop\The Black Seeds
[2010/06/05 06:04:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/05 06:04:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/05 06:04:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/05 06:00:14 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/06/05 05:56:12 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/05 05:56:08 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/06/02 05:26:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/05/27 22:18:58 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark X6100 Series
[2010/05/27 22:18:56 | 000,479,232 | ---- | C] (Lexmark International Inc.) -- C:\WINDOWS\System32\LXBFJSWR.DLL
[2010/05/27 22:18:55 | 000,352,256 | ---- | C] (Lexmark International Inc.) -- C:\WINDOWS\System32\LXBFUTIL.DLL
[2010/05/27 22:18:54 | 000,090,112 | ---- | C] (Lexmark International Inc.) -- C:\WINDOWS\System32\LXBFCUR.DLL
[2010/05/27 22:18:54 | 000,069,632 | ---- | C] (Lexmark International Inc.) -- C:\WINDOWS\System32\LXBFCU.DLL
[2010/05/27 22:18:49 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe
[2010/05/27 22:18:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Natural Ganja\WINDOWS
[2010/05/27 22:18:23 | 000,000,000 | ---D | C] -- C:\Lxk6100
[2010/05/27 19:21:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/23 13:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/23 13:36:37 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/05/21 13:32:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/05/20 18:26:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/20 18:23:57 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/20 18:23:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Natural Ganja\Application Data\Malwarebytes
[2010/05/20 18:22:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/20 18:22:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/20 18:22:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/20 18:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/20 18:00:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2010/05/20 18:00:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/20 18:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/20 17:17:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Natural Ganja\Local Settings\Application Data\keqghvucp
[2010/05/17 00:43:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Natural Ganja\Desktop\Tofs ipod apres VSO
[2010/05/16 13:16:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Natural Ganja\My Documents\My Music
[2010/05/15 21:03:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Natural Ganja\My Documents\Docs Australia
[2010/05/12 13:19:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Natural Ganja\Desktop\FB
[2010/05/01 18:40:39 | 000,000,000 | ---D | C] -- C:\Casino770
[2010/04/28 20:24:24 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Natural Ganja\PrivacIE
[2010/04/28 00:16:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Natural Ganja\Desktop\Retour
[2010/04/27 23:24:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/04/27 23:20:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Natural Ganja\Application Data\Google
[2010/04/27 23:19:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Natural Ganja\Local Settings\Application Data\Temp
[2010/04/27 23:19:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/04/27 23:19:41 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/04/27 23:19:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Natural Ganja\Local Settings\Application Data\Google
[2010/04/24 10:57:28 | 000,000,000 | ---D | C] -- C:\Program Files\PlaySushi
[2010/04/19 13:49:11 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/04/18 23:43:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Natural Ganja\Tracing
[2010/04/18 09:48:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/04/05 11:49:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Natural Ganja\Application Data\WinRAR
[2010/04/02 12:12:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Natural Ganja\Desktop\Best pictures and videos
[2010/03/31 17:02:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Natural Ganja\Local Settings\Application Data\cache
[2010/03/31 15:17:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Natural Ganja\Local Settings\Application Data\FullTiltPoker
[2010/03/31 15:16:40 | 000,000,000 | ---D | C] -- C:\Program Files\Full Tilt Poker
[2010/03/30 08:32:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Natural Ganja\Application Data\ArcSoft
[2010/03/30 08:31:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Natural Ganja\Application Data\HP SimpleSave Application
[2010/03/28 17:08:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Natural Ganja\Local Settings\Application Data\Identities
[2010/03/26 07:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Natural Ganja\Application Data\vlc
[2010/03/25 07:23:27 | 000,102,656 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbfake.sys
[2010/03/24 10:17:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Natural Ganja\Application Data\FLEXnet
[2010/03/24 10:11:04 | 000,112,640 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys
[2010/03/24 10:10:59 | 000,102,400 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys
[2010/03/24 10:10:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Natural Ganja\Application Data\Vodafone
[2010/03/24 10:10:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Vodafone
[2010/03/24 10:09:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2010/03/24 10:09:38 | 000,000,000 | ---D | C] -- C:\Program Files\Vodafone
[2010/03/24 10:09:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2010/03/24 10:09:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Natural Ganja\Local Settings\Application Data\{6118B561-4CCF-4F70-B358-73ACA4B8FB39}
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/06/17 04:36:41 | 000,521,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/17 04:36:41 | 000,442,024 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/17 04:36:41 | 000,071,810 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/17 04:31:51 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/17 04:31:33 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/17 04:31:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/17 04:31:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/17 04:30:13 | 007,340,032 | -H-- | M] () -- C:\Documents and Settings\Natural Ganja\NTUSER.DAT
[2010/06/17 04:30:13 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Natural Ganja\ntuser.ini
[2010/06/17 03:59:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/16 19:56:47 | 000,149,504 | ---- | M] () -- C:\Documents and Settings\Natural Ganja\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/13 20:32:52 | 012,331,145 | ---- | M] () -- C:\Documents and Settings\Natural Ganja\Desktop\Booka Shade vs Vandalism - Never Say White Rooms (Quinn Master's Bootleg).mp3
[2010/06/13 20:14:57 | 015,271,568 | ---- | M] () -- C:\Documents and Settings\Natural Ganja\Desktop\Perplex & Electra - Toys (Felguk remix).mp3
[2010/06/13 20:09:56 | 006,131,844 | ---- | M] () -- C:\Documents and Settings\Natural Ganja\Desktop\DJ ANTOINE VS PLAYER & REMADY - Work (Main Mix).mp3
[2010/06/13 19:54:23 | 003,863,486 | ---- | M] () -- C:\Documents and Settings\Natural Ganja\Desktop\Janet Jackson & QTip - Got Till Its Gone.mp3
[2010/06/13 19:51:17 | 006,137,955 | ---- | M] () -- C:\Documents and Settings\Natural Ganja\Desktop\Marlon Asher - Ganja Farmer.mp3
[2010/06/13 19:51:04 | 004,402,352 | ---- | M] () -- C:\Documents and Settings\Natural Ganja\Desktop\(Rub A Dub Riddim) Capleton - Same Old Story.mp3
[2010/06/09 23:58:02 | 008,429,828 | ---- | M] () -- C:\Documents and Settings\Natural Ganja\Desktop\Martin Solveig - Cabo Parano(1).mp3
[2010/06/09 23:50:29 | 005,253,801 | ---- | M] () -- C:\Documents and Settings\Natural Ganja\Desktop\le peuple de l'herbe - no escape.mp3
[2010/06/05 06:17:46 | 009,197,568 | ---- | M] () -- C:\Documents and Settings\Natural Ganja\Desktop\Dj Antoine Vs Player & Remady feat MC Roby Rob - Work (Main Mix)ww.mp3
[2010/06/05 05:58:00 | 125,993,280 | ---- | M] () -- C:\Documents and Settings\Natural Ganja\Desktop\DANCEHALL MIX - Sizzla, Capleton, Bounty Killer, Buju Banton, Junior Kelly, Jah Mason, and Much more)(1).mp3
[2010/06/05 05:44:03 | 005,634,274 | ---- | M] () -- C:\Documents and Settings\Natural Ganja\Desktop\kelis-Good Stuff.mp3
[2010/06/05 05:43:15 | 003,298,533 | ---- | M] () -- C:\Documents and Settings\Natural Ganja\Desktop\Kid Bass (Ft. Sincere) - Good Girls Like Rude Boys.MP3
[2010/06/04 10:40:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/31 20:06:52 | 000,000,665 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/31 10:41:12 | 000,998,736 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Natural Ganja\Desktop\TDSSKiller.exe
[2010/05/29 00:14:41 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/05/29 00:14:40 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/28 08:01:42 | 008,509,090 | -H-- | M] () -- C:\Documents and Settings\Natural Ganja\Local Settings\Application Data\IconCache.db
[2010/05/27 22:20:00 | 000,000,101 | ---- | M] () -- C:\WINDOWS\lexstat.ini
[2010/05/24 12:50:56 | 000,293,376 | ---- | M] () -- C:\8793zj4o.exe
[2010/05/20 19:15:55 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/20 18:24:06 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Natural Ganja\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/05/19 18:21:36 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/07 04:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/07 04:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/07 04:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/07 04:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/07 04:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/07 04:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/07 04:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/07 04:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/24 23:58:05 | 000,060,080 | ---- | M] () -- C:\Documents and Settings\Natural Ganja\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/24 22:01:26 | 000,245,512 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/15 21:46:25 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\Natural Ganja\My Documents\cv Antoine.doc
[2010/04/15 13:46:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/15 00:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/04/09 21:18:13 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Natural Ganja\SendTo.mydocs
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/13 19:56:13 | 006,131,844 | ---- | C] () -- C:\Documents and Settings\Natural Ganja\Desktop\DJ ANTOINE VS PLAYER & REMADY - Work (Main Mix).mp3
[2010/06/13 19:54:25 | 015,271,568 | ---- | C] () -- C:\Documents and Settings\Natural Ganja\Desktop\Perplex & Electra - Toys (Felguk remix).mp3
[2010/06/13 19:51:25 | 012,331,145 | ---- | C] () -- C:\Documents and Settings\Natural Ganja\Desktop\Booka Shade vs Vandalism - Never Say White Rooms (Quinn Master's Bootleg).mp3
[2010/06/13 19:50:03 | 006,137,955 | ---- | C] () -- C:\Documents and Settings\Natural Ganja\Desktop\Marlon Asher - Ganja Farmer.mp3
[2010/06/13 19:49:27 | 003,863,486 | ---- | C] () -- C:\Documents and Settings\Natural Ganja\Desktop\Janet Jackson & QTip - Got Till Its Gone.mp3
[2010/06/09 23:59:21 | 004,402,352 | ---- | C] () -- C:\Documents and Settings\Natural Ganja\Desktop\(Rub A Dub Riddim) Capleton - Same Old Story.mp3
[2010/06/09 23:56:37 | 008,429,828 | ---- | C] () -- C:\Documents and Settings\Natural Ganja\Desktop\Martin Solveig - Cabo Parano(1).mp3
[2010/06/09 23:49:19 | 005,253,801 | ---- | C] () -- C:\Documents and Settings\Natural Ganja\Desktop\le peuple de l'herbe - no escape.mp3
[2010/05/27 22:20:00 | 000,000,101 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2010/05/27 22:19:29 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbfvs.dll
[2010/05/27 22:18:59 | 000,000,188 | ---- | C] () -- C:\WINDOWS\System32\lxbfcoin.ini
[2010/05/27 22:18:58 | 000,002,190 | ---- | C] () -- C:\WINDOWS\System32\LXBFDRV.CNT
[2010/05/27 22:18:58 | 000,000,249 | ---- | C] () -- C:\WINDOWS\System32\LXBFMA.CNT
[2010/05/27 22:18:58 | 000,000,019 | ---- | C] () -- C:\WINDOWS\System32\LXBFLPA.CNT
[2010/05/27 22:18:57 | 001,510,655 | ---- | C] () -- C:\WINDOWS\System32\LXBFLPA.HLP
[2010/05/27 22:18:57 | 000,495,089 | ---- | C] () -- C:\WINDOWS\System32\LXBFDRV.HLP
[2010/05/27 22:18:56 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\LXBFIH.EXE
[2010/05/27 22:18:56 | 000,000,447 | ---- | C] () -- C:\WINDOWS\System32\LXBF.LOC
[2010/05/27 22:18:54 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE
[2010/05/27 22:18:53 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBFLCNP.DLL
[2010/05/24 12:50:52 | 000,293,376 | ---- | C] () -- C:\8793zj4o.exe
[2010/05/20 18:24:06 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Natural Ganja\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/05/20 18:00:58 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/27 23:19:54 | 000,000,900 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/27 23:19:53 | 000,000,896 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/25 14:44:50 | 125,993,280 | ---- | C] () -- C:\Documents and Settings\Natural Ganja\Desktop\DANCEHALL MIX - Sizzla, Capleton, Bounty Killer, Buju Banton, Junior Kelly, Jah Mason, and Much more)(1).mp3
[2010/04/24 23:59:51 | 003,298,533 | ---- | C] () -- C:\Documents and Settings\Natural Ganja\Desktop\Kid Bass (Ft. Sincere) - Good Girls Like Rude Boys.MP3
[2010/04/24 23:59:15 | 005,634,274 | ---- | C] () -- C:\Documents and Settings\Natural Ganja\Desktop\kelis-Good Stuff.mp3
[2010/04/24 23:51:20 | 009,197,568 | ---- | C] () -- C:\Documents and Settings\Natural Ganja\Desktop\Dj Antoine Vs Player & Remady feat MC Roby Rob - Work (Main Mix)ww.mp3
[2010/04/13 22:46:36 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\Natural Ganja\My Documents\cv Antoine.doc
[2010/04/09 21:18:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Natural Ganja\SendTo
[2010/01/09 20:00:26 | 000,290,816 | ---- | C] () -- C:\WINDOWS\System32\decdll.dll
[2009/06/18 06:22:12 | 000,021,864 | ---- | C] () -- C:\WINDOWS\AsAcpiSvrLang.ini
[2009/06/18 06:22:12 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini
[2009/04/21 09:02:47 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/04/21 08:04:02 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2009/04/02 07:44:28 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/09/02 22:25:26 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2005/02/18 03:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/18 03:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/15 04:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2010/02/21 14:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/03/17 15:33:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoStitch
[2009/06/18 06:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ralink Driver
[2010/03/24 10:09:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2010/06/05 06:05:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/09 20:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/03/17 15:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Natural Ganja\Application Data\Canon
[2010/06/17 04:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Natural Ganja\Application Data\DMCache
[2010/04/24 00:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Natural Ganja\Application Data\FreeVideoConverter
[2010/05/04 12:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Natural Ganja\Application Data\IDM
[2010/06/13 20:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Natural Ganja\Application Data\LimeWire
[2010/03/14 12:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Natural Ganja\Application Data\Thinstall
[2010/03/24 10:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Natural Ganja\Application Data\Vodafone
[2010/05/26 14:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Natural Ganja\Application Data\VSO

========== Purity Check ==========


<End>
Follow your dreams, don't let your dreams follow you...
naturalganja
 
Messages: 23
Inscription: 20 Mai 2010, 11:34

Messagede nickW » 17 Juin 2010, 01:04

Bonsoir,

Ca, c'est vraiment ce que l'on peut nommer "balancer des logs à la tête de l'interlocuteur"


Donc TDSSKiller a détecté un processus caché et l'a supprimé au redémarrage.
(ce que j'attendais depuis plus de deux semaines!)


Peux-tu me décrire l'état actuel du PC?

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede naturalganja » 17 Juin 2010, 17:41

tout d'abord je voudrais m'excuser pour les precedents messages, je n'avais pas vu qu'il y avait 2 pages... et je pensqais donc que tu ne repondais plus a mes messages et me laissait avec tout ces problemes, d'ou le "???" etc...
pour l'instant je ne peux te dire comment il se comporte, les choses ont l'air d'aller mais c'est sur la duree que je pourrai faire un rapport.
en tout cas merci d'etre encore la
Follow your dreams, don't let your dreams follow you...
naturalganja
 
Messages: 23
Inscription: 20 Mai 2010, 11:34

PrécédenteSuivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 23 invités

cron