Se connecter / S'enregistrer
Votre question

Trojan tres coriace

Tags :
  • Système d'exploitation
  • Sécurité
Dernière réponse : dans Sécurité et virus
22 Juillet 2011 10:01:04

Bonjour,
j'ai un gros virus depuis quelques jours qui empeche mon ordinateur de fonctionner correctment. Il desactive mon antivirus, et m'empeche de lancer des programmes similaires...
Je suis sur win7

Pouvez vous m'aider, j'ai besoin de mon ordinateur pour mon job..

merci

Autres pages sur : trojan tres coriace

a c 1024 8 Sécurité
22 Juillet 2011 10:27:23

Bonjour,

Nous allons établir un 1er diagnostic avec cet outil, suis bien les instructions indiquées :

OTL :

  • Télécharge OTL de Old_Timer et enregistre le sur le Bureau
  • Ferme toutes les autres fenêtres et double-clique sur OTL.exe
    /!\ Sous Vista et Windows 7, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
  • Vérifie que les cases Tous les utilisateurs, Recherche Lop et Recherche Purity soient cochées
  • Dans le cadre Personnalisation, copie-colle l'intégralité de ce qui suit
    netsvcs
    msconfig
    drivers32
    /md5start
    explorer.exe
    wininit.exe
    winlogon.exe
    userinit.exe
    svchost.exe
    /md5stop
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    nslookup http://www.google.fr /c
    CREATERESTOREPOINT

  • Clique ensuite sur Analyse et patiente le temps du scan

  • A la fin de l'analyse, les rapports OTL.txt et Extras.txt s'affichent
  • Les rapports étant trop longs pour le forum, héberge-les sur ce site cijoint.fr et indique les liens fournis dans ta réponse.
    Les rapports sont sauvegardés sur le Bureau.

    @+
    22 Juillet 2011 10:45:47

    le virus ferme le programme lorsque je clique sur analyse....je suis en mode sans echec et je le lance en admin....
    ca commence bien ;) 
    Contenus similaires
    22 Juillet 2011 11:15:32

    je n'ai plus le droit a votre aide?
    a c 1024 8 Sécurité
    22 Juillet 2011 11:48:01

    Bonjour,

    Si si ... je m'étais juste un peu absentée.

    Essaye ceci :

    RogueKiller :

  • Télécharge RogueKiller de Tigzy et enregistre-le sur ton Bureau

    [#ff0000]/!\ Renomme le fichier obtenu en Winlogon.exe[/#ff]

  • [#FF0000]/!\ Important -> Quitte tous les programmes en cours[/#FF]

  • Double-clique sur Winlogon.exe sur ton Bureau
    [#FF0000]/!\ Sous Vista et Windows 7[/#FF], il faut lancer le fichier par [#FF0000]clic-droit -> Exécuter en tant qu'administrateur[/#FF]

  • Tape 1 quand c'est demandé et valide

  • Copie-colle le contenu du rapport RKreport.txt dans ta prochaine réponse

    [#FF3000]Si le programme a été bloqué, ne pas hésiter à essayer plusieurs fois[/#FF]


    Ne redémarre pas le PC tant que je n'ai pas répondu.

    @+



    [#ff9000]Edit guigui : BBCode[/#ff]
    22 Juillet 2011 11:52:25

    voila le rapport

    RogueKiller V5.2.7 [30/06/2011] par Tigzy
    contact sur http://www.sur-la-toile.com
    mail: tigzyRK<at>gmail<dot>com
    Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueK...

    Systeme d'exploitation: Windows 7 (6.1.7600 ) 32 bits version
    Demarrage : Mode sans echec
    Utilisateur: ediz [Droits d'admin]
    Mode: Recherche -- Date : 22/07/2011 11:51:10

    Processus malicieux: 0

    Entrees de registre: 0

    Fichier HOSTS:
    127.0.0.1 activate.adobe.com
    127.0.0.1 practivate.adobe.com
    127.0.0.1 practivate.adobe.com
    127.0.0.1 ereg.adobe.com
    127.0.0.1 activate.wip3.adobe.com
    127.0.0.1 wip3.adobe.com
    127.0.0.1 3dns-3.adobe.com
    127.0.0.1 3dns-2.adobe.com
    127.0.0.1 adobe-dns.adobe.com
    127.0.0.1 adobe-dns-2.adobe.com
    127.0.0.1 adobe-dns-3.adobe.com
    127.0.0.1 ereg.wip3.adobe.com
    127.0.0.1 activate-sea.adobe.com
    127.0.0.1 wwis-dubc1-vip60.adobe.com
    127.0.0.1 activate-sjc0.adobe.com
    127.0.0.1 adobe.activate.com


    Termine : << RKreport[9].txt >>
    RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
    RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt



    a c 1024 8 Sécurité
    22 Juillet 2011 11:54:46

    Bonjour,

    Bon RogueKiller ne trouve pas grand'chose, mais tu l'as passé en Mode sans échec.

    Tu peux tenter en Mode normal s'il te plaît ?

    @+

    Edit : Ca fait la 9ième fois que tu passes RogueKiller.
    Tu peux me poster les 1ers rapports RKreport[1].txt ; RKreport[2].txt, merci.
    22 Juillet 2011 12:09:53

    je sais j'avais deja essayer avant sur un autre forum mais la personne ne me reponds plus et j'ai toujours mon virus...

    RogueKiller V5.2.7 [30/06/2011] par Tigzy
    contact sur http://www.sur-la-toile.com
    mail: tigzyRK<at>gmail<dot>com
    Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueK...

    Systeme d'exploitation: Windows 7 (6.1.7600 ) 32 bits version
    Demarrage : Mode normal
    Utilisateur: ediz [Droits d'admin]
    Mode: Recherche -- Date : 22/07/2011 12:05:11

    Processus malicieux: 1
    [SUSP PATH] FLVSrvLib.dll -- C:\Users\ediz\AppData\Local\FLVService\lib\FLVSrvLib.dll -> UNLOADED

    Entrees de registre: 0

    Fichier HOSTS:
    127.0.0.1 activate.adobe.com
    127.0.0.1 practivate.adobe.com
    127.0.0.1 practivate.adobe.com
    127.0.0.1 ereg.adobe.com
    127.0.0.1 activate.wip3.adobe.com
    127.0.0.1 wip3.adobe.com
    127.0.0.1 3dns-3.adobe.com
    127.0.0.1 3dns-2.adobe.com
    127.0.0.1 adobe-dns.adobe.com
    127.0.0.1 adobe-dns-2.adobe.com
    127.0.0.1 adobe-dns-3.adobe.com
    127.0.0.1 ereg.wip3.adobe.com
    127.0.0.1 activate-sea.adobe.com
    127.0.0.1 wwis-dubc1-vip60.adobe.com
    127.0.0.1 activate-sjc0.adobe.com
    127.0.0.1 adobe.activate.com


    Termine : << RKreport[11].txt >>
    RKreport[10].txt ; RKreport[11].txt ; RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ;
    RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ;
    RKreport[9].txt



    premier rapport

    RogueKiller V5.2.7 [30/06/2011] par Tigzy
    contact sur http://www.sur-la-toile.com
    mail: tigzyRK<at>gmail<dot>com
    Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueK...

    Systeme d'exploitation: Windows 7 (6.1.7600 ) 32 bits version
    Demarrage : Mode sans echec
    Utilisateur: ediz [Droits d'admin]
    Mode: Recherche -- Date : 20/07/2011 18:01:50

    Processus malicieux: 1
    [SUSP PATH] HelpPane.exe -- c:\windows\helppane.exe -> KILLED

    Entrees de registre: 9
    [SUSP PATH] HKCU\[...]\Run : Facebook Update ("C:\Users\ediz\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver) -> FOUND
    [SUSP PATH] HKLM\[...]\Run : Panda Security URL Filtering ("C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe") -> FOUND
    [SUSP PATH] HKUS\S-1-5-21-1825224032-1265911557-2456511187-1000[...]\Run : Facebook Update ("C:\Users\ediz\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver) -> FOUND
    [SUSP PATH] FacebookUpdateTaskUserS-1-5-21-1825224032-1265911557-2456511187-1000UA.job : c:\users\ediz\appdata\local\facebook\update\facebookupdate.exe -> FOUND
    [SUSP PATH] FacebookUpdateTaskUserS-1-5-21-1825224032-1265911557-2456511187-1000Core.job : c:\users\ediz\appdata\local\facebook\update\facebookupdate.exe -> FOUND
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    Fichier HOSTS:
    127.0.0.1 activate.adobe.com
    127.0.0.1 practivate.adobe.com
    127.0.0.1 practivate.adobe.com
    127.0.0.1 ereg.adobe.com
    127.0.0.1 activate.wip3.adobe.com
    127.0.0.1 wip3.adobe.com
    127.0.0.1 3dns-3.adobe.com
    127.0.0.1 3dns-2.adobe.com
    127.0.0.1 adobe-dns.adobe.com
    127.0.0.1 adobe-dns-2.adobe.com
    127.0.0.1 adobe-dns-3.adobe.com
    127.0.0.1 ereg.wip3.adobe.com
    127.0.0.1 activate-sea.adobe.com
    127.0.0.1 wwis-dubc1-vip60.adobe.com
    127.0.0.1 activate-sjc0.adobe.com
    127.0.0.1 adobe.activate.com


    Termine : << RKreport[1].txt >>
    RKreport[1].txt



    2eme rapport

    RogueKiller V5.2.7 [30/06/2011] par Tigzy
    contact sur http://www.sur-la-toile.com
    mail: tigzyRK<at>gmail<dot>com
    Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueK...

    Systeme d'exploitation: Windows 7 (6.1.7600 ) 32 bits version
    Demarrage : Mode normal
    Utilisateur: ediz [Droits d'admin]
    Mode: Recherche -- Date : 21/07/2011 17:52:17

    Processus malicieux: 2
    [SUSP PATH] FLVSrvLib.dll -- C:\Users\ediz\AppData\Local\FLVService\lib\FLVSrvLib.dll -> UNLOADED
    [SUSP PATH] avast.setup -- c:\users\ediz\appdata\local\temp\_av_sfx.tm~a03636\avast.setup -> KILLED

    Entrees de registre: 2
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

    Fichier HOSTS:
    127.0.0.1 activate.adobe.com
    127.0.0.1 practivate.adobe.com
    127.0.0.1 practivate.adobe.com
    127.0.0.1 ereg.adobe.com
    127.0.0.1 activate.wip3.adobe.com
    127.0.0.1 wip3.adobe.com
    127.0.0.1 3dns-3.adobe.com
    127.0.0.1 3dns-2.adobe.com
    127.0.0.1 adobe-dns.adobe.com
    127.0.0.1 adobe-dns-2.adobe.com
    127.0.0.1 adobe-dns-3.adobe.com
    127.0.0.1 ereg.wip3.adobe.com
    127.0.0.1 activate-sea.adobe.com
    127.0.0.1 wwis-dubc1-vip60.adobe.com
    127.0.0.1 activate-sjc0.adobe.com
    127.0.0.1 adobe.activate.com


    Termine : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt



    a c 1024 8 Sécurité
    22 Juillet 2011 12:36:14

    Bonjour,

    Tu peux m'indiquer le lien sur cet autre forum, s'il te plaît.

    Relance Roguekiller avec l'option 2, puis une seconde fois avec l'option 3 et tu postes les rapports obtenus.

    Ensuite, fais ceci :

    TDSSKiller :


  • Télécharge [#00a9ff]TDSSKiller.zip[#00a9ff] de Kaspersky et enregistre-le sur ton Bureau

  • Décompresse le fichier TDSSKiller.zip par clic-droit -> Extraire
    Logiciel de décompression en cas de besoin [#00a9ff]7-Zip[#00a9ff]

  • Dans le dossier TDSSKiller, double-clique sur TDSSKiller.exe
    [#ff0094]/!\ Sous Vista et Windows 7[#ff0094], il faut lancer le fichier par [#ff0094]clic-droit -> Exécuter en tant qu'administrateur[#ff0094]

  • Clique sur Start scan pour lancer l'analyse. Laisse travailler l'outil sans l'interrompre.

  • En fin d'analyse, si l'outil a trouvé des éléments suspects ou malicieux, vérifie que :
    Citation :
    Si TDSS.tdl2 est détecté, l'option delete soit cochée par défaut
    Si TDSS.tdl3 est détecté, l'option Cure soit bien cochée
    Si TDSS.tdl4 (mbr) est détecté, l'option Cure soit bien cochée
    Si Suspicious file est indiqué, l'option Skip soit cochée




  • Clique ensuite sur Continue, puis clique sur Reboot computer

  • Au redémarrage, poste le rapport TDSSKiller.Version_Date_Heure_log.txt dans ta réponse sur le forum
    Le rapport TDSSKiller.Version_Date_Heure_log.txt est enregistré sous C:\TDSSKiller.Version_Date_Heure_log.txt

    @+
    22 Juillet 2011 12:43:59

    voici deja les 2 rapports:

    RogueKiller V5.2.7 [30/06/2011] par Tigzy
    contact sur http://www.sur-la-toile.com
    mail: tigzyRK<at>gmail<dot>com
    Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueK...

    Systeme d'exploitation: Windows 7 (6.1.7600 ) 32 bits version
    Demarrage : Mode normal
    Utilisateur: ediz [Droits d'admin]
    Mode: Suppression -- Date : 22/07/2011 12:41:57

    Processus malicieux: 1
    [SUSP PATH] FLVSrvLib.dll -- C:\Users\ediz\AppData\Local\FLVService\lib\FLVSrvLib.dll -> UNLOADED

    Entrees de registre: 0

    Fichier HOSTS:
    127.0.0.1 localhost


    Termine : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt



    et le 2eme...

    RogueKiller V5.2.7 [30/06/2011] par Tigzy
    contact sur http://www.sur-la-toile.com
    mail: tigzyRK<at>gmail<dot>com
    Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueK...

    Systeme d'exploitation: Windows 7 (6.1.7600 ) 32 bits version
    Demarrage : Mode normal
    Utilisateur: ediz [Droits d'admin]
    Mode: HOSTS RAZ -- Date : 22/07/2011 12:42:22

    Processus malicieux: 1
    [SUSP PATH] FLVSrvLib.dll -- C:\Users\ediz\AppData\Local\FLVService\lib\FLVSrvLib.dll -> UNLOADED

    Fichier HOSTS:
    127.0.0.1 localhost


    Nouveau fichier HOSTS:
    127.0.0.1 localhost

    Termine : << RKreport[3].txt >>
    RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt



    22 Juillet 2011 12:51:37

    Rapport TDSSKILLER:

    2011/07/22 12:45:11.0981 2812 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
    2011/07/22 12:45:13.0994 2812 ================================================================================
    2011/07/22 12:45:13.0994 2812 SystemInfo:
    2011/07/22 12:45:13.0994 2812
    2011/07/22 12:45:13.0994 2812 OS Version: 6.1.7600 ServicePack: 0.0
    2011/07/22 12:45:13.0994 2812 Product type: Workstation
    2011/07/22 12:45:13.0994 2812 ComputerName: EDIZ-PC
    2011/07/22 12:45:14.0353 2812 UserName: ediz
    2011/07/22 12:45:14.0353 2812 Windows directory: C:\Windows
    2011/07/22 12:45:14.0353 2812 System windows directory: C:\Windows
    2011/07/22 12:45:14.0353 2812 Processor architecture: Intel x86
    2011/07/22 12:45:14.0353 2812 Number of processors: 2
    2011/07/22 12:45:14.0353 2812 Page size: 0x1000
    2011/07/22 12:45:14.0353 2812 Boot type: Normal boot
    2011/07/22 12:45:14.0353 2812 ================================================================================
    2011/07/22 12:45:16.0349 2812 Initialize success
    2011/07/22 12:45:19.0282 2412 ================================================================================
    2011/07/22 12:45:19.0282 2412 Scan started
    2011/07/22 12:45:19.0282 2412 Mode: Manual;
    2011/07/22 12:45:19.0282 2412 ================================================================================
    2011/07/22 12:45:21.0061 2412 1286091439 (88473c7ff4698e92bc7177415e14d666) C:\Windows\system32\drivers\1286091439.sys
    2011/07/22 12:45:21.0061 2412 Suspicious file (NoAccess): C:\Windows\system32\drivers\1286091439.sys. md5: 88473c7ff4698e92bc7177415e14d666
    2011/07/22 12:45:21.0076 2412 1286091439 - detected LockedFile.Multi.Generic (1)
    2011/07/22 12:45:21.0123 2412 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
    2011/07/22 12:45:21.0310 2412 a2acc (71574a98093d94bdbb3cb74e272d29a5) C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
    2011/07/22 12:45:21.0622 2412 a2injectiondriver (b4fba42bdd499eb94423166d65b67b93) C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys
    2011/07/22 12:45:21.0700 2412 a2util (2da26eb05b5495d3b2ee36456c239fb7) C:\Program Files\Emsisoft Anti-Malware\a2util32.sys
    2011/07/22 12:45:21.0841 2412 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
    2011/07/22 12:45:21.0903 2412 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
    2011/07/22 12:45:21.0950 2412 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/07/22 12:45:22.0028 2412 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/07/22 12:45:22.0059 2412 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/07/22 12:45:22.0231 2412 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
    2011/07/22 12:45:22.0277 2412 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
    2011/07/22 12:45:22.0324 2412 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    2011/07/22 12:45:22.0387 2412 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
    2011/07/22 12:45:22.0418 2412 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
    2011/07/22 12:45:22.0433 2412 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
    2011/07/22 12:45:22.0465 2412 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/07/22 12:45:22.0496 2412 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/07/22 12:45:22.0527 2412 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
    2011/07/22 12:45:22.0558 2412 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/07/22 12:45:22.0589 2412 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
    2011/07/22 12:45:22.0621 2412 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
    2011/07/22 12:45:22.0699 2412 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    2011/07/22 12:45:22.0714 2412 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/07/22 12:45:22.0855 2412 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\Windows\system32\drivers\aswFsBlk.sys
    2011/07/22 12:45:23.0057 2412 aswFW (1ad83bfec454d43992a5b4333abc8769) C:\Windows\system32\drivers\aswFW.sys
    2011/07/22 12:45:23.0229 2412 aswMonFlt (b0f137f664f10829cd2380b0e20e7c29) C:\Windows\system32\drivers\aswMonFlt.sys
    2011/07/22 12:45:23.0369 2412 aswNdis (7b948e3657bea62e437bc46ca6ef6012) C:\Windows\system32\DRIVERS\aswNdis.sys
    2011/07/22 12:45:23.0463 2412 aswNdis2 (892e24024f23b9fdeffeddddffbaf1ea) C:\Windows\system32\drivers\aswNdis2.sys
    2011/07/22 12:45:23.0557 2412 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\Windows\system32\drivers\aswRdr.sys
    2011/07/22 12:45:23.0744 2412 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\Windows\system32\drivers\aswSnx.sys
    2011/07/22 12:45:23.0853 2412 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\Windows\system32\drivers\aswSP.sys
    2011/07/22 12:45:23.0962 2412 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\Windows\system32\drivers\aswTdi.sys
    2011/07/22 12:45:24.0009 2412 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/07/22 12:45:24.0056 2412 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
    2011/07/22 12:45:24.0321 2412 ATE_PROCMON (8492eaadb882c0f0b38a40dee1206445) C:\Program Files\Anti Trojan Elite\ATEPMon.sys
    2011/07/22 12:45:24.0493 2412 athr (b01751cc563aecac09bbe36aaa21fbef) C:\Windows\system32\DRIVERS\athr.sys
    2011/07/22 12:45:24.0820 2412 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    2011/07/22 12:45:24.0883 2412 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    2011/07/22 12:45:24.0945 2412 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    2011/07/22 12:45:25.0023 2412 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/07/22 12:45:25.0101 2412 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
    2011/07/22 12:45:25.0148 2412 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/07/22 12:45:25.0163 2412 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/07/22 12:45:25.0210 2412 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    2011/07/22 12:45:25.0241 2412 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/07/22 12:45:25.0273 2412 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/07/22 12:45:25.0304 2412 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/07/22 12:45:25.0335 2412 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/07/22 12:45:25.0382 2412 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/07/22 12:45:25.0413 2412 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/07/22 12:45:25.0444 2412 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    2011/07/22 12:45:25.0491 2412 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    2011/07/22 12:45:25.0553 2412 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/07/22 12:45:25.0585 2412 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
    2011/07/22 12:45:25.0647 2412 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
    2011/07/22 12:45:25.0694 2412 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/07/22 12:45:25.0725 2412 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
    2011/07/22 12:45:25.0756 2412 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/07/22 12:45:25.0819 2412 CSC (d93b9f7eb347f42a5ea0e32f33f6c93b) C:\Windows\system32\drivers\csc.sys
    2011/07/22 12:45:25.0819 2412 Suspicious file (Forged): C:\Windows\system32\drivers\csc.sys. Real md5: d93b9f7eb347f42a5ea0e32f33f6c93b, Fake md5: 27c9490bdd0ae48911ab8cf1932591ed
    2011/07/22 12:45:25.0834 2412 CSC - detected ForgedFile.Multi.Generic (1)
    2011/07/22 12:45:25.0959 2412 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
    2011/07/22 12:45:26.0021 2412 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    2011/07/22 12:45:26.0053 2412 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    2011/07/22 12:45:26.0099 2412 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    2011/07/22 12:45:26.0177 2412 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    2011/07/22 12:45:26.0271 2412 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/07/22 12:45:26.0427 2412 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    2011/07/22 12:45:26.0630 2412 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/07/22 12:45:26.0677 2412 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
    2011/07/22 12:45:26.0739 2412 ETD (249d08177b2080163e600c3424f1a6af) C:\Windows\system32\DRIVERS\ETD.sys
    2011/07/22 12:45:26.0848 2412 ewusbnet (5b250a1be34d4fde35287eec297104a7) C:\Windows\system32\DRIVERS\ewusbnet.sys
    2011/07/22 12:45:26.0942 2412 ew_hwusbdev (e98a64c7f106740a38fb2b78197816f8) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
    2011/07/22 12:45:27.0020 2412 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    2011/07/22 12:45:27.0067 2412 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    2011/07/22 12:45:27.0098 2412 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    2011/07/22 12:45:27.0160 2412 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    2011/07/22 12:45:27.0191 2412 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    2011/07/22 12:45:27.0238 2412 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/07/22 12:45:27.0269 2412 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    2011/07/22 12:45:27.0316 2412 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    2011/07/22 12:45:27.0347 2412 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/07/22 12:45:27.0425 2412 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/07/22 12:45:27.0472 2412 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/07/22 12:45:27.0613 2412 GDBehave (7b07fb63a6bbad4debc5fa1df5349087) C:\Windows\system32\drivers\GDBehave.sys
    2011/07/22 12:45:27.0659 2412 GDMnIcpt (5dfba6993b046d3f7df603b485444be3) C:\Windows\system32\drivers\MiniIcpt.sys
    2011/07/22 12:45:27.0706 2412 GdNetMon (25cbe62c4f000e1e9939afc534f3e239) C:\Windows\system32\drivers\GdNetMon32.sys
    2011/07/22 12:45:27.0800 2412 GDPkIcpt (a4fe42fea9b5270d92c951420861a060) C:\Windows\system32\drivers\PktIcpt.sys
    2011/07/22 12:45:27.0940 2412 gdwfpcd (98ac393b9cc58ec82226d6505086d02b) C:\Windows\system32\drivers\gdwfpcd32.sys
    2011/07/22 12:45:28.0018 2412 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/07/22 12:45:28.0205 2412 ghaio (31b40f40e09513addc460f6a297ad474) C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
    2011/07/22 12:45:28.0439 2412 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
    2011/07/22 12:45:28.0502 2412 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    2011/07/22 12:45:28.0549 2412 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
    2011/07/22 12:45:28.0611 2412 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/07/22 12:45:28.0642 2412 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/07/22 12:45:28.0673 2412 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/07/22 12:45:28.0705 2412 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    2011/07/22 12:45:28.0736 2412 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/07/22 12:45:28.0845 2412 HookCentre (7a19e6cb7cddd9d5b5c0c49930628e80) C:\Windows\system32\drivers\HookCentre.sys
    2011/07/22 12:45:28.0876 2412 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
    2011/07/22 12:45:28.0939 2412 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
    2011/07/22 12:45:29.0032 2412 huawei_enumerator (22a4b14530194fc57c1c849fb5afee17) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
    2011/07/22 12:45:29.0048 2412 hwdatacard (0b3957226ec94b1ecb7b9348bb535a23) C:\Windows\system32\DRIVERS\ewusbmdm.sys
    2011/07/22 12:45:29.0095 2412 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
    2011/07/22 12:45:29.0141 2412 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/07/22 12:45:29.0173 2412 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
    2011/07/22 12:45:29.0547 2412 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
    2011/07/22 12:45:29.0812 2412 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/07/22 12:45:29.0859 2412 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
    2011/07/22 12:45:29.0890 2412 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/07/22 12:45:29.0921 2412 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/07/22 12:45:29.0968 2412 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    2011/07/22 12:45:29.0999 2412 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    2011/07/22 12:45:30.0046 2412 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    2011/07/22 12:45:30.0077 2412 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
    2011/07/22 12:45:30.0124 2412 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/07/22 12:45:30.0265 2412 ivusb (994ebb45c4b438e1f6ea0b958ae9b9a3) C:\Windows\system32\DRIVERS\ivusb.sys
    2011/07/22 12:45:30.0374 2412 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/07/22 12:45:30.0483 2412 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/07/22 12:45:30.0592 2412 kbfiltr (3eb803312987ff44265c87cb960df6ab) C:\Windows\system32\DRIVERS\kbfiltr.sys
    2011/07/22 12:45:30.0623 2412 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
    2011/07/22 12:45:30.0686 2412 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/07/22 12:45:30.0748 2412 L1E (8c804b1ffad1efa952b747e8285c3b76) C:\Windows\system32\DRIVERS\L1E62x86.sys
    2011/07/22 12:45:30.0826 2412 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/07/22 12:45:30.0889 2412 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/07/22 12:45:30.0920 2412 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/07/22 12:45:30.0951 2412 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/07/22 12:45:30.0982 2412 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/07/22 12:45:31.0091 2412 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    2011/07/22 12:45:31.0232 2412 LVRS (b6e1ccd6572984adcae68439afd07011) C:\Windows\system32\DRIVERS\lvrs.sys
    2011/07/22 12:45:31.0559 2412 LVUVC (6c42815dd57e397f0cd988304b5eb4b3) C:\Windows\system32\DRIVERS\lvuvc.sys
    2011/07/22 12:45:31.0731 2412 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    2011/07/22 12:45:31.0778 2412 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/07/22 12:45:31.0840 2412 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    2011/07/22 12:45:31.0871 2412 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    2011/07/22 12:45:31.0903 2412 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/07/22 12:45:31.0934 2412 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/07/22 12:45:31.0965 2412 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
    2011/07/22 12:45:31.0996 2412 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
    2011/07/22 12:45:32.0027 2412 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    2011/07/22 12:45:32.0074 2412 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
    2011/07/22 12:45:32.0152 2412 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/07/22 12:45:32.0293 2412 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/07/22 12:45:32.0371 2412 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/07/22 12:45:32.0417 2412 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
    2011/07/22 12:45:32.0449 2412 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
    2011/07/22 12:45:32.0495 2412 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    2011/07/22 12:45:32.0527 2412 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/07/22 12:45:32.0558 2412 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
    2011/07/22 12:45:32.0605 2412 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/07/22 12:45:32.0636 2412 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/07/22 12:45:32.0651 2412 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    2011/07/22 12:45:32.0698 2412 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    2011/07/22 12:45:32.0729 2412 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/07/22 12:45:32.0776 2412 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    2011/07/22 12:45:32.0807 2412 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/07/22 12:45:32.0885 2412 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
    2011/07/22 12:45:32.0932 2412 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    2011/07/22 12:45:32.0995 2412 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/07/22 12:45:33.0041 2412 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
    2011/07/22 12:45:33.0073 2412 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/07/22 12:45:33.0104 2412 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/07/22 12:45:33.0135 2412 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/07/22 12:45:33.0166 2412 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/07/22 12:45:33.0197 2412 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
    2011/07/22 12:45:33.0291 2412 Netaapl (7afd0e39ab15cb355487b7cc19f4e2c5) C:\Windows\system32\DRIVERS\netaapl.sys
    2011/07/22 12:45:33.0322 2412 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    2011/07/22 12:45:33.0353 2412 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
    2011/07/22 12:45:33.0416 2412 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/07/22 12:45:33.0463 2412 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    2011/07/22 12:45:33.0494 2412 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    2011/07/22 12:45:33.0619 2412 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
    2011/07/22 12:45:33.0728 2412 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    2011/07/22 12:45:33.0759 2412 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
    2011/07/22 12:45:33.0790 2412 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
    2011/07/22 12:45:33.0853 2412 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
    2011/07/22 12:45:33.0884 2412 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/07/22 12:45:33.0946 2412 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    2011/07/22 12:45:33.0977 2412 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
    2011/07/22 12:45:34.0009 2412 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    2011/07/22 12:45:34.0055 2412 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
    2011/07/22 12:45:34.0087 2412 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
    2011/07/22 12:45:34.0133 2412 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/07/22 12:45:34.0180 2412 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    2011/07/22 12:45:34.0211 2412 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    2011/07/22 12:45:34.0321 2412 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/07/22 12:45:34.0352 2412 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    2011/07/22 12:45:34.0414 2412 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    2011/07/22 12:45:34.0555 2412 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
    2011/07/22 12:45:34.0679 2412 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/07/22 12:45:34.0757 2412 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/07/22 12:45:34.0804 2412 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    2011/07/22 12:45:34.0835 2412 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/07/22 12:45:34.0882 2412 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/07/22 12:45:34.0913 2412 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/07/22 12:45:34.0960 2412 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/07/22 12:45:34.0991 2412 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/07/22 12:45:35.0038 2412 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/07/22 12:45:35.0085 2412 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/07/22 12:45:35.0101 2412 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/07/22 12:45:35.0163 2412 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
    2011/07/22 12:45:35.0194 2412 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    2011/07/22 12:45:35.0225 2412 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    2011/07/22 12:45:35.0272 2412 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
    2011/07/22 12:45:35.0335 2412 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
    2011/07/22 12:45:35.0475 2412 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\Windows\system32\Drivers\RimUsb.sys
    2011/07/22 12:45:35.0569 2412 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/07/22 12:45:35.0631 2412 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
    2011/07/22 12:45:35.0678 2412 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
    2011/07/22 12:45:35.0709 2412 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/07/22 12:45:35.0771 2412 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/07/22 12:45:35.0818 2412 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    2011/07/22 12:45:35.0834 2412 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    2011/07/22 12:45:35.0865 2412 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/07/22 12:45:35.0912 2412 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
    2011/07/22 12:45:35.0927 2412 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    2011/07/22 12:45:35.0959 2412 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2011/07/22 12:45:35.0974 2412 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/07/22 12:45:36.0115 2412 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
    2011/07/22 12:45:36.0146 2412 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/07/22 12:45:36.0193 2412 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/07/22 12:45:36.0224 2412 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    2011/07/22 12:45:36.0255 2412 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    2011/07/22 12:45:36.0427 2412 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\system32\Drivers\sptd.sys
    2011/07/22 12:45:36.0427 2412 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
    2011/07/22 12:45:36.0458 2412 sptd - detected LockedFile.Multi.Generic (1)
    2011/07/22 12:45:36.0598 2412 srv (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys
    2011/07/22 12:45:36.0770 2412 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys
    2011/07/22 12:45:36.0879 2412 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/07/22 12:45:36.0957 2412 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/07/22 12:45:37.0019 2412 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
    2011/07/22 12:45:37.0051 2412 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
    2011/07/22 12:45:37.0082 2412 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
    2011/07/22 12:45:37.0285 2412 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
    2011/07/22 12:45:37.0409 2412 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/07/22 12:45:37.0456 2412 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
    2011/07/22 12:45:37.0503 2412 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
    2011/07/22 12:45:37.0519 2412 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
    2011/07/22 12:45:37.0565 2412 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
    2011/07/22 12:45:37.0612 2412 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
    2011/07/22 12:45:37.0768 2412 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/07/22 12:45:37.0831 2412 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/07/22 12:45:37.0862 2412 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/07/22 12:45:37.0909 2412 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
    2011/07/22 12:45:37.0955 2412 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
    2011/07/22 12:45:37.0987 2412 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
    2011/07/22 12:45:38.0018 2412 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    2011/07/22 12:45:38.0174 2412 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
    2011/07/22 12:45:38.0299 2412 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
    2011/07/22 12:45:38.0361 2412 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/07/22 12:45:38.0392 2412 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
    2011/07/22 12:45:38.0439 2412 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/07/22 12:45:38.0501 2412 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/07/22 12:45:38.0533 2412 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/07/22 12:45:38.0564 2412 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/07/22 12:45:38.0595 2412 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/07/22 12:45:38.0657 2412 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/07/22 12:45:38.0720 2412 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
    2011/07/22 12:45:38.0813 2412 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
    2011/07/22 12:45:38.0907 2412 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/07/22 12:45:38.0954 2412 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    2011/07/22 12:45:39.0001 2412 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
    2011/07/22 12:45:39.0016 2412 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
    2011/07/22 12:45:39.0063 2412 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    2011/07/22 12:45:39.0094 2412 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
    2011/07/22 12:45:39.0203 2412 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
    2011/07/22 12:45:39.0250 2412 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
    2011/07/22 12:45:39.0281 2412 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
    2011/07/22 12:45:39.0344 2412 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    2011/07/22 12:45:39.0375 2412 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
    2011/07/22 12:45:39.0437 2412 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/07/22 12:45:39.0500 2412 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
    2011/07/22 12:45:39.0547 2412 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
    2011/07/22 12:45:39.0562 2412 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
    2011/07/22 12:45:39.0687 2412 wacmoumonitor (f24ee97511fb901189e11cbbd51605ba) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
    2011/07/22 12:45:39.0781 2412 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
    2011/07/22 12:45:39.0843 2412 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/07/22 12:45:39.0905 2412 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\Windows\system32\DRIVERS\wacomvhid.sys
    2011/07/22 12:45:39.0952 2412 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/07/22 12:45:39.0968 2412 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/07/22 12:45:40.0077 2412 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    2011/07/22 12:45:40.0139 2412 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    2011/07/22 12:45:40.0217 2412 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/07/22 12:45:40.0264 2412 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    2011/07/22 12:45:40.0420 2412 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
    2011/07/22 12:45:40.0498 2412 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/07/22 12:45:40.0561 2412 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/07/22 12:45:40.0654 2412 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
    2011/07/22 12:45:40.0717 2412 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/07/22 12:45:40.0841 2412 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    2011/07/22 12:45:40.0857 2412 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR4
    2011/07/22 12:45:40.0951 2412 Boot (0x1200) (56a816d2bbf9c232075c8c2773ab3643) \Device\Harddisk0\DR0\Partition0
    2011/07/22 12:45:40.0966 2412 Boot (0x1200) (a1146f0827b65baa534dda5675e8c649) \Device\Harddisk1\DR4\Partition0
    2011/07/22 12:45:40.0982 2412 ================================================================================
    2011/07/22 12:45:40.0982 2412 Scan finished
    2011/07/22 12:45:40.0982 2412 ================================================================================
    2011/07/22 12:45:40.0997 5580 Detected object count: 3
    2011/07/22 12:45:40.0997 5580 Actual detected object count: 3
    2011/07/22 12:46:39.0279 5580 LockedFile.Multi.Generic(1286091439) - User select action: Skip
    2011/07/22 12:46:39.0279 5580 ForgedFile.Multi.Generic(CSC) - User select action: Skip
    2011/07/22 12:46:39.0279 5580 LockedFile.Multi.Generic(sptd) - User select action: Skip
    2011/07/22 12:47:07.0156 1708 ================================================================================
    2011/07/22 12:47:07.0156 1708 Scan started
    2011/07/22 12:47:07.0156 1708 Mode: Manual;
    2011/07/22 12:47:07.0156 1708 ================================================================================
    2011/07/22 12:47:07.0890 1708 1286091439 (88473c7ff4698e92bc7177415e14d666) C:\Windows\system32\drivers\1286091439.sys
    2011/07/22 12:47:07.0890 1708 Suspicious file (NoAccess): C:\Windows\system32\drivers\1286091439.sys. md5: 88473c7ff4698e92bc7177415e14d666
    2011/07/22 12:47:07.0905 1708 1286091439 - detected LockedFile.Multi.Generic (1)
    2011/07/22 12:47:07.0952 1708 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
    2011/07/22 12:47:08.0108 1708 a2acc (71574a98093d94bdbb3cb74e272d29a5) C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
    2011/07/22 12:47:08.0186 1708 a2injectiondriver (b4fba42bdd499eb94423166d65b67b93) C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys
    2011/07/22 12:47:08.0233 1708 a2util (2da26eb05b5495d3b2ee36456c239fb7) C:\Program Files\Emsisoft Anti-Malware\a2util32.sys
    2011/07/22 12:47:08.0342 1708 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
    2011/07/22 12:47:08.0389 1708 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
    2011/07/22 12:47:08.0436 1708 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/07/22 12:47:08.0467 1708 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/07/22 12:47:08.0498 1708 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/07/22 12:47:08.0545 1708 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
    2011/07/22 12:47:08.0576 1708 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
    2011/07/22 12:47:08.0623 1708 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    2011/07/22 12:47:08.0654 1708 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
    2011/07/22 12:47:08.0685 1708 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
    2011/07/22 12:47:08.0716 1708 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
    2011/07/22 12:47:08.0748 1708 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/07/22 12:47:08.0779 1708 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/07/22 12:47:08.0810 1708 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
    2011/07/22 12:47:08.0841 1708 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/07/22 12:47:08.0872 1708 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
    2011/07/22 12:47:08.0904 1708 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
    2011/07/22 12:47:08.0950 1708 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    2011/07/22 12:47:08.0982 1708 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/07/22 12:47:09.0044 1708 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\Windows\system32\drivers\aswFsBlk.sys
    2011/07/22 12:47:09.0075 1708 aswFW (1ad83bfec454d43992a5b4333abc8769) C:\Windows\system32\drivers\aswFW.sys
    2011/07/22 12:47:09.0169 1708 aswMonFlt (b0f137f664f10829cd2380b0e20e7c29) C:\Windows\system32\drivers\aswMonFlt.sys
    2011/07/22 12:47:09.0231 1708 aswNdis (7b948e3657bea62e437bc46ca6ef6012) C:\Windows\system32\DRIVERS\aswNdis.sys
    2011/07/22 12:47:09.0309 1708 aswNdis2 (892e24024f23b9fdeffeddddffbaf1ea) C:\Windows\system32\drivers\aswNdis2.sys
    2011/07/22 12:47:09.0356 1708 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\Windows\system32\drivers\aswRdr.sys
    2011/07/22 12:47:09.0403 1708 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\Windows\system32\drivers\aswSnx.sys
    2011/07/22 12:47:09.0465 1708 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\Windows\system32\drivers\aswSP.sys
    2011/07/22 12:47:09.0528 1708 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\Windows\system32\drivers\aswTdi.sys
    2011/07/22 12:47:09.0574 1708 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/07/22 12:47:09.0606 1708 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
    2011/07/22 12:47:09.0824 1708 ATE_PROCMON (8492eaadb882c0f0b38a40dee1206445) C:\Program Files\Anti Trojan Elite\ATEPMon.sys
    2011/07/22 12:47:09.0980 1708 athr (b01751cc563aecac09bbe36aaa21fbef) C:\Windows\system32\DRIVERS\athr.sys
    2011/07/22 12:47:10.0136 1708 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    2011/07/22 12:47:10.0183 1708 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    2011/07/22 12:47:10.0230 1708 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    2011/07/22 12:47:10.0292 1708 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/07/22 12:47:10.0370 1708 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
    2011/07/22 12:47:10.0401 1708 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/07/22 12:47:10.0417 1708 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/07/22 12:47:10.0464 1708 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    2011/07/22 12:47:10.0495 1708 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/07/22 12:47:10.0526 1708 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/07/22 12:47:10.0542 1708 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/07/22 12:47:10.0573 1708 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/07/22 12:47:10.0620 1708 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/07/22 12:47:10.0651 1708 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/07/22 12:47:10.0698 1708 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    2011/07/22 12:47:10.0729 1708 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    2011/07/22 12:47:10.0760 1708 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/07/22 12:47:10.0807 1708 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
    2011/07/22 12:47:10.0838 1708 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
    2011/07/22 12:47:10.0869 1708 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/07/22 12:47:10.0900 1708 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
    2011/07/22 12:47:10.0947 1708 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/07/22 12:47:10.0994 1708 CSC (d93b9f7eb347f42a5ea0e32f33f6c93b) C:\Windows\system32\drivers\csc.sys
    2011/07/22 12:47:10.0994 1708 Suspicious file (Forged): C:\Windows\system32\drivers\csc.sys. Real md5: d93b9f7eb347f42a5ea0e32f33f6c93b, Fake md5: 27c9490bdd0ae48911ab8cf1932591ed
    2011/07/22 12:47:10.0994 1708 CSC - detected ForgedFile.Multi.Generic (1)
    2011/07/22 12:47:11.0041 1708 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
    2011/07/22 12:47:11.0072 1708 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    2011/07/22 12:47:11.0119 1708 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    2011/07/22 12:47:11.0166 1708 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    2011/07/22 12:47:11.0259 1708 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    2011/07/22 12:47:11.0353 1708 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/07/22 12:47:11.0509 1708 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    2011/07/22 12:47:11.0587 1708 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/07/22 12:47:11.0618 1708 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
    2011/07/22 12:47:11.0696 1708 ETD (249d08177b2080163e600c3424f1a6af) C:\Windows\system32\DRIVERS\ETD.sys
    2011/07/22 12:47:11.0774 1708 ewusbnet (5b250a1be34d4fde35287eec297104a7) C:\Windows\system32\DRIVERS\ewusbnet.sys
    2011/07/22 12:47:11.0852 1708 ew_hwusbdev (e98a64c7f106740a38fb2b78197816f8) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
    2011/07/22 12:47:11.0899 1708 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    2011/07/22 12:47:11.0930 1708 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    2011/07/22 12:47:11.0977 1708 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    2011/07/22 12:47:12.0008 1708 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    2011/07/22 12:47:12.0039 1708 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    2011/07/22 12:47:12.0070 1708 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/07/22 12:47:12.0102 1708 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    2011/07/22 12:47:12.0133 1708 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    2011/07/22 12:47:12.0164 1708 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/07/22 12:47:12.0242 1708 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/07/22 12:47:12.0289 1708 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/07/22 12:47:12.0351 1708 GDBehave (7b07fb63a6bbad4debc5fa1df5349087) C:\Windows\system32\drivers\GDBehave.sys
    2011/07/22 12:47:12.0398 1708 GDMnIcpt (5dfba6993b046d3f7df603b485444be3) C:\Windows\system32\drivers\MiniIcpt.sys
    2011/07/22 12:47:12.0445 1708 GdNetMon (25cbe62c4f000e1e9939afc534f3e239) C:\Windows\system32\drivers\GdNetMon32.sys
    2011/07/22 12:47:12.0523 1708 GDPkIcpt (a4fe42fea9b5270d92c951420861a060) C:\Windows\system32\drivers\PktIcpt.sys
    2011/07/22 12:47:12.0601 1708 gdwfpcd (98ac393b9cc58ec82226d6505086d02b) C:\Windows\system32\drivers\gdwfpcd32.sys
    2011/07/22 12:47:12.0679 1708 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/07/22 12:47:12.0850 1708 ghaio (31b40f40e09513addc460f6a297ad474) C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
    2011/07/22 12:47:13.0022 1708 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
    2011/07/22 12:47:13.0069 1708 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    2011/07/22 12:47:13.0100 1708 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
    2011/07/22 12:47:13.0131 1708 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/07/22 12:47:13.0162 1708 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/07/22 12:47:13.0194 1708 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/07/22 12:47:13.0225 1708 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    2011/07/22 12:47:13.0365 1708 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/07/22 12:47:13.0443 1708 HookCentre (7a19e6cb7cddd9d5b5c0c49930628e80) C:\Windows\system32\drivers\HookCentre.sys
    2011/07/22 12:47:13.0506 1708 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
    2011/07/22 12:47:13.0552 1708 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
    2011/07/22 12:47:13.0615 1708 huawei_enumerator (22a4b14530194fc57c1c849fb5afee17) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
    2011/07/22 12:47:13.0693 1708 hwdatacard (0b3957226ec94b1ecb7b9348bb535a23) C:\Windows\system32\DRIVERS\ewusbmdm.sys
    2011/07/22 12:47:13.0740 1708 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
    2011/07/22 12:47:13.0786 1708 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/07/22 12:47:13.0833 1708 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
    2011/07/22 12:47:14.0130 1708 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
    2011/07/22 12:47:14.0676 1708 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/07/22 12:47:14.0738 1708 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
    2011/07/22 12:47:14.0769 1708 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/07/22 12:47:14.0800 1708 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/07/22 12:47:14.0832 1708 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    2011/07/22 12:47:14.0863 1708 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    2011/07/22 12:47:14.0910 1708 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    2011/07/22 12:47:14.0941 1708 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
    2011/07/22 12:47:14.0988 1708 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/07/22 12:47:15.0097 1708 ivusb (994ebb45c4b438e1f6ea0b958ae9b9a3) C:\Windows\system32\DRIVERS\ivusb.sys
    2011/07/22 12:47:15.0190 1708 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/07/22 12:47:15.0222 1708 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/07/22 12:47:15.0284 1708 kbfiltr (3eb803312987ff44265c87cb960df6ab) C:\Windows\system32\DRIVERS\kbfiltr.sys
    2011/07/22 12:47:15.0362 1708 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
    2011/07/22 12:47:15.0456 1708 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/07/22 12:47:15.0565 1708 L1E (8c804b1ffad1efa952b747e8285c3b76) C:\Windows\system32\DRIVERS\L1E62x86.sys
    2011/07/22 12:47:15.0674 1708 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/07/22 12:47:15.0752 1708 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/07/22 12:47:15.0783 1708 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/07/22 12:47:15.0861 1708 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/07/22 12:47:15.0908 1708 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/07/22 12:47:15.0939 1708 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    2011/07/22 12:47:16.0002 1708 LVRS (b6e1ccd6572984adcae68439afd07011) C:\Windows\system32\DRIVERS\lvrs.sys
    2011/07/22 12:47:16.0204 1708 LVUVC (6c42815dd57e397f0cd988304b5eb4b3) C:\Windows\system32\DRIVERS\lvuvc.sys
    2011/07/22 12:47:16.0267 1708 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    2011/07/22 12:47:16.0298 1708 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/07/22 12:47:16.0329 1708 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    2011/07/22 12:47:16.0360 1708 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    2011/07/22 12:47:16.0392 1708 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/07/22 12:47:16.0423 1708 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/07/22 12:47:16.0454 1708 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
    2011/07/22 12:47:16.0501 1708 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
    2011/07/22 12:47:16.0548 1708 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    2011/07/22 12:47:16.0594 1708 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
    2011/07/22 12:47:16.0672 1708 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/07/22 12:47:16.0750 1708 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/07/22 12:47:16.0797 1708 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/07/22 12:47:16.0828 1708 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
    2011/07/22 12:47:16.0875 1708 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
    2011/07/22 12:47:16.0906 1708 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    2011/07/22 12:47:16.0953 1708 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/07/22 12:47:16.0984 1708 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
    2011/07/22 12:47:17.0062 1708 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/07/22 12:47:17.0109 1708 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/07/22 12:47:17.0140 1708 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    2011/07/22 12:47:17.0187 1708 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    2011/07/22 12:47:17.0234 1708 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/07/22 12:47:17.0250 1708 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    2011/07/22 12:47:17.0281 1708 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/07/22 12:47:17.0359 1708 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
    2011/07/22 12:47:17.0421 1708 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    2011/07/22 12:47:17.0468 1708 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/07/22 12:47:17.0515 1708 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
    2011/07/22 12:47:17.0593 1708 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/07/22 12:47:17.0640 1708 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/07/22 12:47:17.0686 1708 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/07/22 12:47:17.0733 1708 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/07/22 12:47:17.0780 1708 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
    2011/07/22 12:47:17.0858 1708 Netaapl (7afd0e39ab15cb355487b7cc19f4e2c5) C:\Windows\system32\DRIVERS\netaapl.sys
    2011/07/22 12:47:17.0967 1708 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    2011/07/22 12:47:18.0014 1708 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
    2011/07/22 12:47:18.0061 1708 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/07/22 12:47:18.0092 1708 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    2011/07/22 12:47:18.0139 1708 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    2011/07/22 12:47:18.0201 1708 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
    2011/07/22 12:47:18.0232 1708 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    2011/07/22 12:47:18.0264 1708 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
    2011/07/22 12:47:18.0295 1708 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
    2011/07/22 12:47:18.0326 1708 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
    2011/07/22 12:47:18.0404 1708 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/07/22 12:47:18.0482 1708 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    2011/07/22 12:47:18.0513 1708 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
    2011/07/22 12:47:18.0607 1708 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    2011/07/22 12:47:18.0654 1708 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
    2011/07/22 12:47:18.0685 1708 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
    2011/07/22 12:47:18.0716 1708 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/07/22 12:47:18.0763 1708 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    2011/07/22 12:47:18.0794 1708 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    2011/07/22 12:47:18.0950 1708 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/07/22 12:47:18.0997 1708 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    2011/07/22 12:47:19.0044 1708 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    2011/07/22 12:47:19.0106 1708 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
    2011/07/22 12:47:19.0184 1708 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/07/22 12:47:19.0215 1708 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/07/22 12:47:19.0309 1708 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    2011/07/22 12:47:19.0387 1708 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/07/22 12:47:19.0434 1708 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/07/22 12:47:19.0465 1708 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/07/22 12:47:19.0496 1708 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/07/22 12:47:19.0527 1708 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/07/22 12:47:19.0558 1708 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/07/22 12:47:19.0590 1708 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/07/22 12:47:19.0621 1708 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/07/22 12:47:19.0668 1708 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
    2011/07/22 12:47:19.0683 1708 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    2011/07/22 12:47:19.0714 1708 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    2011/07/22 12:47:19.0746 1708 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
    2011/07/22 12:47:19.0777 1708 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
    2011/07/22 12:47:19.0870 1708 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\Windows\system32\Drivers\RimUsb.sys
    2011/07/22 12:47:19.0948 1708 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/07/22 12:47:19.0995 1708 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
    2011/07/22 12:47:20.0042 1708 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
    2011/07/22 12:47:20.0073 1708 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/07/22 12:47:20.0120 1708 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/07/22 12:47:20.0167 1708 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    2011/07/22 12:47:20.0182 1708 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    2011/07/22 12:47:20.0214 1708 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/07/22 12:47:20.0260 1708 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
    2011/07/22 12:47:20.0276 1708 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    2011/07/22 12:47:20.0292 1708 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2011/07/22 12:47:20.0323 1708 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/07/22 12:47:20.0354 1708 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DR
    a c 1024 8 Sécurité
    22 Juillet 2011 13:14:43

    Re,

    Il est là, le vilain
    Citation :
    2011/07/22 12:45:21.0061 2412 Suspicious file (NoAccess): C:\Windows\system32\drivers\1286091439.sys. md5: 88473c7ff4698e92bc7177415e14d666
    2011/07/22 12:46:39.0279 5580 ForgedFile.Multi.Generic(CSC) - User select action: Skip


    Seulement, il est locké.

    On va quand même tenter avec TDDSKiller.

    Relance TDSSKiller et quand il trouve ce C:\Windows\system32\drivers\1286091439.sys, tu choisis Delete au lieu de Skip.

    Tu postes le nouveau rapport.

    @+
    22 Juillet 2011 13:23:02

    voila le rapport:

    2011/07/22 13:18:59.0686 2460 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
    2011/07/22 13:18:59.0811 2460 ================================================================================
    2011/07/22 13:18:59.0811 2460 SystemInfo:
    2011/07/22 13:18:59.0811 2460
    2011/07/22 13:18:59.0811 2460 OS Version: 6.1.7600 ServicePack: 0.0
    2011/07/22 13:18:59.0811 2460 Product type: Workstation
    2011/07/22 13:18:59.0811 2460 ComputerName: EDIZ-PC
    2011/07/22 13:18:59.0858 2460 UserName: ediz
    2011/07/22 13:18:59.0858 2460 Windows directory: C:\Windows
    2011/07/22 13:18:59.0858 2460 System windows directory: C:\Windows
    2011/07/22 13:18:59.0874 2460 Processor architecture: Intel x86
    2011/07/22 13:18:59.0874 2460 Number of processors: 2
    2011/07/22 13:18:59.0874 2460 Page size: 0x1000
    2011/07/22 13:18:59.0874 2460 Boot type: Normal boot
    2011/07/22 13:18:59.0874 2460 ================================================================================
    2011/07/22 13:19:01.0184 2460 Initialize success
    2011/07/22 13:19:06.0613 0588 ================================================================================
    2011/07/22 13:19:06.0613 0588 Scan started
    2011/07/22 13:19:06.0613 0588 Mode: Manual;
    2011/07/22 13:19:06.0613 0588 ================================================================================
    2011/07/22 13:19:07.0986 0588 1286091439 (88473c7ff4698e92bc7177415e14d666) C:\Windows\system32\drivers\1286091439.sys
    2011/07/22 13:19:07.0986 0588 Suspicious file (NoAccess): C:\Windows\system32\drivers\1286091439.sys. md5: 88473c7ff4698e92bc7177415e14d666
    2011/07/22 13:19:08.0001 0588 1286091439 - detected LockedFile.Multi.Generic (1)
    2011/07/22 13:19:08.0048 0588 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
    2011/07/22 13:19:08.0220 0588 a2acc (71574a98093d94bdbb3cb74e272d29a5) C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
    2011/07/22 13:19:08.0547 0588 a2injectiondriver (b4fba42bdd499eb94423166d65b67b93) C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys
    2011/07/22 13:19:08.0641 0588 a2util (2da26eb05b5495d3b2ee36456c239fb7) C:\Program Files\Emsisoft Anti-Malware\a2util32.sys
    2011/07/22 13:19:08.0766 0588 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
    2011/07/22 13:19:08.0797 0588 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
    2011/07/22 13:19:08.0828 0588 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/07/22 13:19:08.0937 0588 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/07/22 13:19:09.0031 0588 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/07/22 13:19:09.0280 0588 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
    2011/07/22 13:19:09.0312 0588 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
    2011/07/22 13:19:09.0358 0588 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    2011/07/22 13:19:09.0421 0588 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
    2011/07/22 13:19:09.0452 0588 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
    2011/07/22 13:19:09.0483 0588 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
    2011/07/22 13:19:09.0499 0588 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/07/22 13:19:09.0530 0588 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/07/22 13:19:09.0561 0588 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
    2011/07/22 13:19:09.0592 0588 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/07/22 13:19:09.0624 0588 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
    2011/07/22 13:19:09.0655 0588 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
    2011/07/22 13:19:09.0733 0588 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    2011/07/22 13:19:09.0764 0588 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/07/22 13:19:09.0858 0588 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\Windows\system32\drivers\aswFsBlk.sys
    2011/07/22 13:19:10.0029 0588 aswFW (1ad83bfec454d43992a5b4333abc8769) C:\Windows\system32\drivers\aswFW.sys
    2011/07/22 13:19:10.0591 0588 aswMonFlt (b0f137f664f10829cd2380b0e20e7c29) C:\Windows\system32\drivers\aswMonFlt.sys
    2011/07/22 13:19:10.0731 0588 aswNdis (7b948e3657bea62e437bc46ca6ef6012) C:\Windows\system32\DRIVERS\aswNdis.sys
    2011/07/22 13:19:10.0825 0588 aswNdis2 (892e24024f23b9fdeffeddddffbaf1ea) C:\Windows\system32\drivers\aswNdis2.sys
    2011/07/22 13:19:10.0950 0588 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\Windows\system32\drivers\aswRdr.sys
    2011/07/22 13:19:11.0152 0588 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\Windows\system32\drivers\aswSnx.sys
    2011/07/22 13:19:11.0215 0588 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\Windows\system32\drivers\aswSP.sys
    2011/07/22 13:19:11.0340 0588 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\Windows\system32\drivers\aswTdi.sys
    2011/07/22 13:19:11.0402 0588 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/07/22 13:19:11.0433 0588 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
    2011/07/22 13:19:11.0683 0588 ATE_PROCMON (8492eaadb882c0f0b38a40dee1206445) C:\Program Files\Anti Trojan Elite\ATEPMon.sys
    2011/07/22 13:19:11.0886 0588 athr (b01751cc563aecac09bbe36aaa21fbef) C:\Windows\system32\DRIVERS\athr.sys
    2011/07/22 13:19:12.0182 0588 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    2011/07/22 13:19:12.0229 0588 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    2011/07/22 13:19:12.0338 0588 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    2011/07/22 13:19:12.0400 0588 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/07/22 13:19:12.0494 0588 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
    2011/07/22 13:19:12.0525 0588 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/07/22 13:19:12.0541 0588 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/07/22 13:19:12.0588 0588 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    2011/07/22 13:19:12.0603 0588 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/07/22 13:19:12.0650 0588 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/07/22 13:19:12.0666 0588 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/07/22 13:19:12.0697 0588 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/07/22 13:19:12.0744 0588 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/07/22 13:19:12.0775 0588 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/07/22 13:19:12.0822 0588 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    2011/07/22 13:19:12.0868 0588 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    2011/07/22 13:19:12.0915 0588 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/07/22 13:19:12.0946 0588 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
    2011/07/22 13:19:13.0009 0588 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
    2011/07/22 13:19:13.0040 0588 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/07/22 13:19:13.0071 0588 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
    2011/07/22 13:19:13.0102 0588 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/07/22 13:19:13.0180 0588 CSC (d93b9f7eb347f42a5ea0e32f33f6c93b) C:\Windows\system32\drivers\csc.sys
    2011/07/22 13:19:13.0180 0588 Suspicious file (Forged): C:\Windows\system32\drivers\csc.sys. Real md5: d93b9f7eb347f42a5ea0e32f33f6c93b, Fake md5: 27c9490bdd0ae48911ab8cf1932591ed
    2011/07/22 13:19:13.0180 0588 CSC - detected ForgedFile.Multi.Generic (1)
    2011/07/22 13:19:13.0321 0588 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
    2011/07/22 13:19:13.0368 0588 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    2011/07/22 13:19:13.0399 0588 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    2011/07/22 13:19:13.0461 0588 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    2011/07/22 13:19:13.0539 0588 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    2011/07/22 13:19:13.0633 0588 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/07/22 13:19:13.0789 0588 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    2011/07/22 13:19:13.0960 0588 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/07/22 13:19:13.0992 0588 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
    2011/07/22 13:19:14.0070 0588 ETD (249d08177b2080163e600c3424f1a6af) C:\Windows\system32\DRIVERS\ETD.sys
    2011/07/22 13:19:14.0226 0588 ewusbnet (5b250a1be34d4fde35287eec297104a7) C:\Windows\system32\DRIVERS\ewusbnet.sys
    2011/07/22 13:19:14.0319 0588 ew_hwusbdev (e98a64c7f106740a38fb2b78197816f8) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
    2011/07/22 13:19:14.0428 0588 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    2011/07/22 13:19:14.0506 0588 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    2011/07/22 13:19:14.0569 0588 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    2011/07/22 13:19:14.0631 0588 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    2011/07/22 13:19:14.0694 0588 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    2011/07/22 13:19:14.0756 0588 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/07/22 13:19:14.0803 0588 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    2011/07/22 13:19:14.0850 0588 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    2011/07/22 13:19:14.0896 0588 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/07/22 13:19:14.0990 0588 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/07/22 13:19:15.0037 0588 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/07/22 13:19:15.0146 0588 GDBehave (7b07fb63a6bbad4debc5fa1df5349087) C:\Windows\system32\drivers\GDBehave.sys
    2011/07/22 13:19:15.0208 0588 GDMnIcpt (5dfba6993b046d3f7df603b485444be3) C:\Windows\system32\drivers\MiniIcpt.sys
    2011/07/22 13:19:15.0240 0588 GdNetMon (25cbe62c4f000e1e9939afc534f3e239) C:\Windows\system32\drivers\GdNetMon32.sys
    2011/07/22 13:19:15.0333 0588 GDPkIcpt (a4fe42fea9b5270d92c951420861a060) C:\Windows\system32\drivers\PktIcpt.sys
    2011/07/22 13:19:15.0520 0588 gdwfpcd (98ac393b9cc58ec82226d6505086d02b) C:\Windows\system32\drivers\gdwfpcd32.sys
    2011/07/22 13:19:15.0614 0588 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/07/22 13:19:15.0801 0588 ghaio (31b40f40e09513addc460f6a297ad474) C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
    2011/07/22 13:19:16.0020 0588 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
    2011/07/22 13:19:16.0067 0588 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    2011/07/22 13:19:16.0129 0588 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
    2011/07/22 13:19:16.0191 0588 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/07/22 13:19:16.0254 0588 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/07/22 13:19:16.0301 0588 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/07/22 13:19:16.0332 0588 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    2011/07/22 13:19:16.0379 0588 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/07/22 13:19:16.0472 0588 HookCentre (7a19e6cb7cddd9d5b5c0c49930628e80) C:\Windows\system32\drivers\HookCentre.sys
    2011/07/22 13:19:16.0503 0588 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
    2011/07/22 13:19:16.0550 0588 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
    2011/07/22 13:19:16.0675 0588 huawei_enumerator (22a4b14530194fc57c1c849fb5afee17) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
    2011/07/22 13:19:16.0706 0588 hwdatacard (0b3957226ec94b1ecb7b9348bb535a23) C:\Windows\system32\DRIVERS\ewusbmdm.sys
    2011/07/22 13:19:16.0737 0588 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
    2011/07/22 13:19:16.0784 0588 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/07/22 13:19:16.0831 0588 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
    2011/07/22 13:19:17.0190 0588 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
    2011/07/22 13:19:17.0455 0588 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/07/22 13:19:17.0486 0588 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
    2011/07/22 13:19:17.0517 0588 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/07/22 13:19:17.0549 0588 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/07/22 13:19:17.0595 0588 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    2011/07/22 13:19:17.0627 0588 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    2011/07/22 13:19:17.0689 0588 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    2011/07/22 13:19:17.0720 0588 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
    2011/07/22 13:19:17.0767 0588 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/07/22 13:19:17.0923 0588 ivusb (994ebb45c4b438e1f6ea0b958ae9b9a3) C:\Windows\system32\DRIVERS\ivusb.sys
    2011/07/22 13:19:18.0017 0588 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/07/22 13:19:18.0110 0588 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/07/22 13:19:18.0219 0588 kbfiltr (3eb803312987ff44265c87cb960df6ab) C:\Windows\system32\DRIVERS\kbfiltr.sys
    2011/07/22 13:19:18.0313 0588 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
    2011/07/22 13:19:18.0375 0588 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/07/22 13:19:18.0438 0588 L1E (8c804b1ffad1efa952b747e8285c3b76) C:\Windows\system32\DRIVERS\L1E62x86.sys
    2011/07/22 13:19:18.0547 0588 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/07/22 13:19:18.0609 0588 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/07/22 13:19:18.0641 0588 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/07/22 13:19:18.0672 0588 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/07/22 13:19:18.0719 0588 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/07/22 13:19:18.0828 0588 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    2011/07/22 13:19:18.0937 0588 LVRS (b6e1ccd6572984adcae68439afd07011) C:\Windows\system32\DRIVERS\lvrs.sys
    2011/07/22 13:19:19.0249 0588 LVUVC (6c42815dd57e397f0cd988304b5eb4b3) C:\Windows\system32\DRIVERS\lvuvc.sys
    2011/07/22 13:19:19.0436 0588 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    2011/07/22 13:19:19.0483 0588 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/07/22 13:19:19.0561 0588 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    2011/07/22 13:19:19.0592 0588 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    2011/07/22 13:19:19.0623 0588 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/07/22 13:19:19.0655 0588 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/07/22 13:19:19.0670 0588 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
    2011/07/22 13:19:19.0717 0588 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
    2011/07/22 13:19:19.0748 0588 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    2011/07/22 13:19:19.0795 0588 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
    2011/07/22 13:19:19.0889 0588 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/07/22 13:19:19.0982 0588 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/07/22 13:19:20.0045 0588 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/07/22 13:19:20.0091 0588 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
    2011/07/22 13:19:20.0123 0588 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
    2011/07/22 13:19:20.0169 0588 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    2011/07/22 13:19:20.0201 0588 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/07/22 13:19:20.0232 0588 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
    2011/07/22 13:19:20.0279 0588 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/07/22 13:19:20.0310 0588 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/07/22 13:19:20.0325 0588 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    2011/07/22 13:19:20.0372 0588 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    2011/07/22 13:19:20.0403 0588 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/07/22 13:19:20.0450 0588 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    2011/07/22 13:19:20.0481 0588 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/07/22 13:19:20.0559 0588 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
    2011/07/22 13:19:20.0622 0588 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    2011/07/22 13:19:20.0669 0588 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/07/22 13:19:20.0715 0588 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
    2011/07/22 13:19:20.0762 0588 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/07/22 13:19:20.0793 0588 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/07/22 13:19:20.0825 0588 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/07/22 13:19:20.0856 0588 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/07/22 13:19:20.0887 0588 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
    2011/07/22 13:19:20.0981 0588 Netaapl (7afd0e39ab15cb355487b7cc19f4e2c5) C:\Windows\system32\DRIVERS\netaapl.sys
    2011/07/22 13:19:21.0027 0588 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    2011/07/22 13:19:21.0074 0588 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
    2011/07/22 13:19:21.0121 0588 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/07/22 13:19:21.0168 0588 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    2011/07/22 13:19:21.0199 0588 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    2011/07/22 13:19:21.0293 0588 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
    2011/07/22 13:19:21.0417 0588 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    2011/07/22 13:19:21.0480 0588 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
    2011/07/22 13:19:21.0511 0588 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
    2011/07/22 13:19:21.0542 0588 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
    2011/07/22 13:19:21.0573 0588 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/07/22 13:19:21.0636 0588 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    2011/07/22 13:19:21.0667 0588 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
    2011/07/22 13:19:21.0698 0588 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    2011/07/22 13:19:21.0745 0588 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
    2011/07/22 13:19:21.0776 0588 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
    2011/07/22 13:19:21.0823 0588 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/07/22 13:19:21.0870 0588 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    2011/07/22 13:19:21.0917 0588 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    2011/07/22 13:19:22.0010 0588 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/07/22 13:19:22.0041 0588 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    2011/07/22 13:19:22.0104 0588 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    2011/07/22 13:19:22.0244 0588 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
    2011/07/22 13:19:22.0322 0588 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/07/22 13:19:22.0416 0588 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/07/22 13:19:22.0463 0588 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    2011/07/22 13:19:22.0494 0588 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/07/22 13:19:22.0541 0588 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/07/22 13:19:22.0572 0588 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/07/22 13:19:22.0603 0588 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/07/22 13:19:22.0634 0588 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/07/22 13:19:22.0681 0588 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/07/22 13:19:22.0712 0588 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/07/22 13:19:22.0743 0588 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/07/22 13:19:22.0806 0588 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
    2011/07/22 13:19:22.0821 0588 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    2011/07/22 13:19:22.0868 0588 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    2011/07/22 13:19:22.0899 0588 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
    2011/07/22 13:19:22.0931 0588 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
    2011/07/22 13:19:23.0071 0588 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\Windows\system32\Drivers\RimUsb.sys
    2011/07/22 13:19:23.0133 0588 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/07/22 13:19:23.0180 0588 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
    2011/07/22 13:19:23.0243 0588 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
    2011/07/22 13:19:23.0289 0588 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/07/22 13:19:23.0336 0588 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/07/22 13:19:23.0383 0588 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    2011/07/22 13:19:23.0414 0588 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    2011/07/22 13:19:23.0430 0588 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/07/22 13:19:23.0477 0588 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
    2011/07/22 13:19:23.0508 0588 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    2011/07/22 13:19:23.0523 0588 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2011/07/22 13:19:23.0555 0588 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/07/22 13:19:23.0617 0588 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
    2011/07/22 13:19:23.0648 0588 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/07/22 13:19:23.0695 0588 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/07/22 13:19:23.0726 0588 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    2011/07/22 13:19:23.0773 0588 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    2011/07/22 13:19:23.0960 0588 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\system32\Drivers\sptd.sys
    2011/07/22 13:19:23.0960 0588 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
    2011/07/22 13:19:23.0976 0588 sptd - detected LockedFile.Multi.Generic (1)
    2011/07/22 13:19:24.0085 0588 srv (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys
    2011/07/22 13:19:24.0241 0588 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys
    2011/07/22 13:19:24.0335 0588 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/07/22 13:19:24.0397 0588 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/07/22 13:19:24.0459 0588 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
    2011/07/22 13:19:24.0506 0588 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
    2011/07/22 13:19:24.0537 0588 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
    2011/07/22 13:19:24.0771 0588 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
    2011/07/22 13:19:24.0865 0588 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/07/22 13:19:24.0927 0588 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
    2011/07/22 13:19:24.0959 0588 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
    2011/07/22 13:19:24.0990 0588 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
    2011/07/22 13:19:25.0037 0588 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
    2011/07/22 13:19:25.0083 0588 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
    2011/07/22 13:19:25.0271 0588 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/07/22 13:19:25.0333 0588 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/07/22 13:19:25.0364 0588 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/07/22 13:19:25.0411 0588 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
    2011/07/22 13:19:25.0473 0588 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
    2011/07/22 13:19:25.0505 0588 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
    2011/07/22 13:19:25.0536 0588 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    2011/07/22 13:19:25.0645 0588 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
    2011/07/22 13:19:25.0739 0588 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
    2011/07/22 13:19:25.0785 0588 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/07/22 13:19:25.0832 0588 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
    2011/07/22 13:19:25.0879 0588 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/07/22 13:19:25.0926 0588 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/07/22 13:19:25.0973 0588 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/07/22 13:19:26.0004 0588 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/07/22 13:19:26.0035 0588 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/07/22 13:19:26.0066 0588 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/07/22 13:19:26.0144 0588 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
    2011/07/22 13:19:26.0207 0588 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
    2011/07/22 13:19:26.0253 0588 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/07/22 13:19:26.0285 0588 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    2011/07/22 13:19:26.0331 0588 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
    2011/07/22 13:19:26.0347 0588 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
    2011/07/22 13:19:26.0378 0588 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    2011/07/22 13:19:26.0409 0588 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
    2011/07/22 13:19:26.0456 0588 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
    2011/07/22 13:19:26.0472 0588 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
    2011/07/22 13:19:26.0550 0588 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
    2011/07/22 13:19:26.0612 0588 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    2011/07/22 13:19:26.0643 0588 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
    2011/07/22 13:19:26.0706 0588 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/07/22 13:19:26.0753 0588 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
    2011/07/22 13:19:26.0784 0588 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
    2011/07/22 13:19:26.0815 0588 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
    2011/07/22 13:19:26.0893 0588 wacmoumonitor (f24ee97511fb901189e11cbbd51605ba) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
    2011/07/22 13:19:26.0987 0588 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
    2011/07/22 13:19:27.0049 0588 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/07/22 13:19:27.0127 0588 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\Windows\system32\DRIVERS\wacomvhid.sys
    2011/07/22 13:19:27.0174 0588 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/07/22 13:19:27.0189 0588 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/07/22 13:19:27.0252 0588 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    2011/07/22 13:19:27.0299 0588 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    2011/07/22 13:19:27.0361 0588 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/07/22 13:19:27.0392 0588 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    2011/07/22 13:19:27.0486 0588 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
    2011/07/22 13:19:27.0564 0588 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/07/22 13:19:27.0642 0588 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/07/22 13:19:27.0720 0588 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
    2011/07/22 13:19:27.0782 0588 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/07/22 13:19:27.0907 0588 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    2011/07/22 13:19:27.0938 0588 Boot (0x1200) (56a816d2bbf9c232075c8c2773ab3643) \Device\Harddisk0\DR0\Partition0
    2011/07/22 13:19:27.0938 0588 ================================================================================
    2011/07/22 13:19:27.0938 0588 Scan finished
    2011/07/22 13:19:27.0938 0588 ================================================================================
    2011/07/22 13:19:27.0954 3336 Detected object count: 3
    2011/07/22 13:19:27.0954 3336 Actual detected object count: 3
    2011/07/22 13:19:42.0665 3336 HKLM\SYSTEM\ControlSet001\services\1286091439 - will be deleted after reboot
    2011/07/22 13:19:42.0680 3336 HKLM\SYSTEM\ControlSet002\services\1286091439 - will be deleted after reboot
    2011/07/22 13:19:42.0774 3336 HKLM\SYSTEM\ControlSet003\services\1286091439 - will be deleted after reboot
    2011/07/22 13:19:42.0821 3336 C:\Windows\system32\drivers\1286091439.sys - will be deleted after reboot
    2011/07/22 13:19:42.0821 3336 LockedFile.Multi.Generic(1286091439) - User select action: Delete
    2011/07/22 13:19:42.0836 3336 ForgedFile.Multi.Generic(CSC) - User select action: Skip
    2011/07/22 13:19:42.0836 3336 LockedFile.Multi.Generic(sptd) - User select action: Skip
    2011/07/22 13:19:48.0234 3464 Deinitialize success
    a c 1024 8 Sécurité
    22 Juillet 2011 14:10:15

    Re,


    Citation :
    2011/07/22 13:19:42.0665 3336 HKLM\SYSTEM\ControlSet001\services\1286091439 - will be deleted after reboot
    2011/07/22 13:19:42.0680 3336 HKLM\SYSTEM\ControlSet002\services\1286091439 - will be deleted after reboot
    2011/07/22 13:19:42.0774 3336 HKLM\SYSTEM\ControlSet003\services\1286091439 - will be deleted after reboot
    2011/07/22 13:19:42.0821 3336 C:\Windows\system32\drivers\1286091439.sys - will be deleted after reboot
    2011/07/22 13:19:42.0821 3336 LockedFile.Multi.Generic(1286091439) - User select action: Delete


    Le système a bien redémarré pour la suppression de C:\Windows\system32\drivers\1286091439.sys ?

    Est-ce que maintenant tu peux exécuter OTL ?

    @+
    22 Juillet 2011 14:52:52

    oui il a redemarre, apres dire au'il a bien redemarre je sais pas vraimant, il est encore lent et je ne peux pas lancer OTL....

    on fais quoi maintenant?
    a c 1024 8 Sécurité
    22 Juillet 2011 15:15:08

    Re,

    Bon, on va essayer autre chose.

    ComboFix :

    /!\ComboFix est un outil puissant qui ne doit pas être employé à la légère. Cette procédure a été créée spécifiquement pour cet utilisateur. Si vous n'êtes pas cet utilisateur, ne la lancez pas au risque d'endommager sérieusement votre installation de Windows /!\

  • Télécharge ComboFix de sUBs et enregistre-le sur ton Bureau (et nulle part ailleurs, impérativement sur le Bureau)
    /!\ Ferme toutes les applications en cours et désactive toute protection résidente
  • Sous Vista et Windows 7, il est recommandé de désactiver UAC (Contrôle de Comptes Utilisateurs)
    Désactiver UAC sous Vista
    Désactiver UAC sous Windows 7
  • Prends connaissance de ce tutoriel et imprime-le au besoin
  • Sauvegarde tes données importantes
  • Clique sur ComboFix.exe pour lancer l'application
  • Accepte la licence d'utilisation et laisse toi guider par le programme
  • Autorise ComboFix à se connecter à internet pour les mises à jour si le programme le demande
  • Surtout, laisse l'outil travailler sans rien toucher
  • Le système va redémarrer, puis le rapport Combofix.txt va s'afficher. Poste le contenu de ce rapport dans ta prochaine réponse
    Le rapport est sauvegardé sous :C:\Combofix.txt

    @+
    22 Juillet 2011 15:30:00

    Votre PC est infecte par Rootkit.ZeroAccess! Il s'est insere dans la pile tcp/ip. C'est une infection partiulierement compliquee.....
    22 Juillet 2011 15:34:43

    mais il n'y a pas de rapport en .txt
    a c 1024 8 Sécurité
    22 Juillet 2011 15:59:51

    Re,

    Tu n'as aucun rapport sous C:.
    Tu peux revérifier, s'il te plaît.

    Je te conseille vivement si ce n'est pas déjà fait de sauvegarder tes données au plus vite.

    Dis-moi si tu trouves le rapport.

    @+
    22 Juillet 2011 16:05:05

    non je n'ai vraiment rien....
    a c 1024 8 Sécurité
    22 Juillet 2011 16:09:34

    Re,

    Combofix est allé jusqu'où ? jusqu'à la fin ?

    Tu ne peux toujours pas exécuter OTL ?

    Au besoin, supprime celui que tu as téléchargé et re-commence le téléchargement de OTL.exe sur ton Bureau.

    @+
    22 Juillet 2011 16:19:52

    OTL scanne, je tenvoi les resultats des aue possible
    22 Juillet 2011 17:07:50

    OTL logfile created on: 22/07/2011 16:18:32 - Run 1
    OTL by OldTimer - Version 3.2.26.1 Folder = I:\
    Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    2,97 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 65,16% Memory free
    5,93 Gb Paging File | 4,94 Gb Available in Paging File | 83,29% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 298,09 Gb Total Space | 31,73 Gb Free Space | 10,64% Space Free | Partition Type: NTFS
    Drive I: | 7,53 Gb Total Space | 7,48 Gb Free Space | 99,36% Space Free | Partition Type: FAT32

    Computer Name: EDIZ-PC | User Name: ediz | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/07/22 10:37:22 | 000,579,584 | ---- | M] (OldTimer Tools) -- I:\zdf.exe
    PRC - [2011/03/24 08:11:25 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Freecorder\FLVSrvc.exe
    PRC - [2011/03/22 23:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    PRC - [2011/03/01 23:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    PRC - [2011/03/01 23:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    PRC - [2011/02/23 16:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2011/01/20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
    PRC - [2010/06/29 06:57:58 | 004,247,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
    PRC - [2010/01/05 20:00:40 | 000,256,640 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
    PRC - [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/07/23 10:30:06 | 000,544,768 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
    PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2009/07/14 03:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
    PRC - [2009/07/14 03:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
    PRC - [2005/07/06 15:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/07/22 15:31:39 | 000,018,432 | ---- | M] (Applian Technologies, Inc.) -- C:\Users\ediz\AppData\Local\FLVService\lib\FLVSrvLib.dll
    MOD - [2011/07/22 10:37:22 | 000,579,584 | ---- | M] (OldTimer Tools) -- I:\zdf.exe
    MOD - [2011/04/14 19:01:48 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.5570_none_509463cabcb6ef2a\msvcr90.dll
    MOD - [2011/04/11 14:26:52 | 000,213,696 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll
    MOD - [2011/02/23 16:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
    MOD - [2010/08/21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (wlidsvc)
    SRV - File not found [Auto | Stopped] -- -- (UMVPFSrv)
    SRV - File not found [Auto | Stopped] -- -- (TouchServicePen)
    SRV - File not found [Auto | Stopped] -- -- (TGCM_ImportWiFiSvc)
    SRV - File not found [Auto | Stopped] -- -- (TabletServicePen)
    SRV - File not found [On_Demand | Stopped] -- -- (iPod Service)
    SRV - File not found [Auto | Stopped] -- -- (Hamachi2Svc)
    SRV - File not found [On_Demand | Stopped] -- -- (gupdatem) Service Google Update (gupdatem)
    SRV - File not found [Auto | Stopped] -- -- (gupdate) Service Google Update (gupdate)
    SRV - File not found [Disabled | Stopped] -- -- (GDScan)
    SRV - File not found [On_Demand | Stopped] -- -- (FLEXnet Licensing Service)
    SRV - File not found [Auto | Stopped] -- -- (Bonjour Service)
    SRV - File not found [Disabled | Stopped] -- -- (AVKWCtl)
    SRV - File not found [Auto | Stopped] -- -- (AVKService)
    SRV - File not found [Auto | Stopped] -- -- (AVKProxy)
    SRV - File not found [Auto | Stopped] -- -- (ASLDRService)
    SRV - File not found [Auto | Stopped] -- -- (Apple Mobile Device)
    SRV - File not found [Auto | Stopped] -- -- (AFBAgent)
    SRV - File not found [Auto | Stopped] -- -- (a2AntiMalware)
    SRV - [2011/06/29 22:48:24 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai\netsession_win_e477fed.dll -- (Akamai)
    SRV - [2011/02/23 16:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2011/02/23 16:04:17 | 000,121,000 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
    SRV - [2010/10/03 02:02:32 | 001,343,400 | ---- | M] () [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
    SRV - [2007/08/03 12:24:54 | 000,125,496 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)


    ========== Driver Services (All) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
    DRV - File not found [Kernel | Auto | Stopped] -- -- (ATE_PROCMON)
    DRV - [2011/07/19 15:15:46 | 000,048,344 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PktIcpt.sys -- (GDPkIcpt)
    DRV - [2011/07/19 15:15:02 | 000,039,640 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\HookCentre.sys -- (HookCentre)
    DRV - [2011/07/19 15:15:01 | 000,074,456 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\MiniIcpt.sys -- (GDMnIcpt)
    DRV - [2011/07/19 15:15:00 | 000,037,720 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\GDBehave.sys -- (GDBehave)
    DRV - [2011/05/10 08:06:08 | 000,042,496 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
    DRV - [2011/04/01 05:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 600(UVC)
    DRV - [2011/04/01 05:09:48 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
    DRV - [2011/03/02 18:43:21 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV - [2011/02/23 15:57:38 | 000,101,976 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)
    DRV - [2011/02/23 15:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2011/02/23 15:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2011/02/23 15:56:41 | 000,192,728 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)
    DRV - [2011/02/23 15:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2011/02/23 15:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2011/02/23 15:55:03 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2011/02/23 15:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2011/02/23 14:34:54 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\aswNdis.sys -- (aswNdis)
    DRV - [2011/02/23 07:06:11 | 000,311,296 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srv.sys -- (srv)
    DRV - [2011/02/23 07:05:57 | 000,309,760 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srv2.sys -- (srv2)
    DRV - [2011/02/23 07:05:48 | 000,113,664 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet)
    DRV - [2011/02/23 07:05:41 | 000,221,696 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10)
    DRV - [2011/02/23 07:05:35 | 000,095,744 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20)
    DRV - [2011/02/23 07:05:31 | 000,123,392 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxsmb.sys -- (mrxsmb)
    DRV - [2011/02/23 07:05:25 | 000,069,632 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bowser.sys -- (bowser)
    DRV - [2011/02/20 21:30:06 | 000,073,728 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys -- (a2acc)
    DRV - [2010/10/05 13:26:10 | 000,016,240 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
    DRV - [2010/10/05 13:26:02 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
    DRV - [2010/10/05 13:26:00 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
    DRV - [2010/10/03 15:04:46 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2010/09/05 12:25:22 | 000,041,928 | ---- | M] (Emsi Software GmbH) [File_System | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys -- (a2injectiondriver)
    DRV - [2010/08/25 20:31:30 | 009,024,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
    DRV - [2010/07/29 01:25:02 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
    DRV - [2010/06/14 08:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tcpip.sys -- (TCPIP6)
    DRV - [2010/06/14 08:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tcpip.sys -- (Tcpip)
    DRV - [2010/05/05 09:40:32 | 000,011,776 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2util32.sys -- (a2util)
    DRV - [2010/04/19 20:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
    DRV - [2010/04/09 09:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
    DRV - [2010/04/07 11:05:00 | 000,204,800 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
    DRV - [2010/03/25 04:08:38 | 000,105,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2010/03/20 05:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
    DRV - [2010/03/04 06:04:40 | 000,146,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
    DRV - [2010/02/03 16:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
    DRV - [2009/12/11 09:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
    DRV - [2009/10/05 16:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2009/10/02 06:06:59 | 000,728,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl)
    DRV - [2009/09/26 07:58:35 | 000,194,488 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\fvevol.sys -- (fvevol)
    DRV - [2009/07/29 15:30:52 | 000,087,040 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ETD.sys -- (ETD)
    DRV - [2009/07/20 17:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
    DRV - [2009/07/14 03:26:21 | 000,249,408 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Running] -- C:\Windows\System32\clfs.sys -- (CLFS) Journal commun (CLFS)
    DRV - [2009/07/14 03:26:21 | 000,019,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\compbatt.sys -- (Compbatt)
    DRV - [2009/07/14 03:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
    DRV - [2009/07/14 03:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
    DRV - [2009/07/14 03:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
    DRV - [2009/07/14 03:26:15 | 000,274,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ACPI.sys -- (ACPI)
    DRV - [2009/07/14 03:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
    DRV - [2009/07/14 03:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
    DRV - [2009/07/14 03:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
    DRV - [2009/07/14 03:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
    DRV - [2009/07/14 03:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
    DRV - [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\agp440.sys -- (agp440)
    DRV - [2009/07/14 03:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
    DRV - [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\atapi.sys -- (atapi)
    DRV - [2009/07/14 03:26:15 | 000,014,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdide.sys -- (amdide)
    DRV - [2009/07/14 03:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
    DRV - [2009/07/14 03:20:45 | 000,153,680 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\pci.sys -- (pci)
    DRV - [2009/07/14 03:20:45 | 000,012,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\pciide.sys -- (pciide)
    DRV - [2009/07/14 03:20:44 | 001,210,432 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\ntfs.sys -- (Ntfs)
    DRV - [2009/07/14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ndis.sys -- (NDIS)
    DRV - [2009/07/14 03:20:44 | 000,186,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\msiscsi.sys -- (iScsiPrt)
    DRV - [2009/07/14 03:20:44 | 000,162,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC)
    DRV - [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
    DRV - [2009/07/14 03:20:44 | 000,130,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\mpio.sys -- (mpio)
    DRV - [2009/07/14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
    DRV - [2009/07/14 03:20:44 | 000,115,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\msdsm.sys -- (msdsm)
    DRV - [2009/07/14 03:20:44 | 000,105,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nv_agp.sys -- (nv_agp)
    DRV - [2009/07/14 03:20:44 | 000,078,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mountmgr.sys -- (mountmgr)
    DRV - [2009/07/14 03:20:44 | 000,056,912 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\partmgr.sys -- (partmgr)
    DRV - [2009/07/14 03:20:44 | 000,049,728 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\mup.sys -- (Mup)
    DRV - [2009/07/14 03:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
    DRV - [2009/07/14 03:20:44 | 000,041,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mouclass.sys -- (mouclass)
    DRV - [2009/07/14 03:20:44 | 000,028,240 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\mssmbios.sys -- (mssmbios)
    DRV - [2009/07/14 03:20:44 | 000,027,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\msahci.sys -- (msahci)
    DRV - [2009/07/14 03:20:43 | 000,013,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\msisadrv.sys -- (msisadrv)
    DRV - [2009/07/14 03:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
    DRV - [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
    DRV - [2009/07/14 03:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
    DRV - [2009/07/14 03:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2009/07/14 03:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
    DRV - [2009/07/14 03:20:36 | 000,067,664 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecdd.sys -- (KSecDD)
    DRV - [2009/07/14 03:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
    DRV - [2009/07/14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\isapnp.sys -- (isapnp)
    DRV - [2009/07/14 03:20:36 | 000,042,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbdclass.sys -- (kbdclass)
    DRV - [2009/07/14 03:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
    DRV - [2009/07/14 03:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
    DRV - [2009/07/14 03:20:36 | 000,015,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\intelide.sys -- (intelide)
    DRV - [2009/07/14 03:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
    DRV - [2009/07/14 03:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
    DRV - [2009/07/14 03:20:28 | 000,198,208 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\fltmgr.sys -- (FltMgr)
    DRV - [2009/07/14 03:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
    DRV - [2009/07/14 03:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
    DRV - [2009/07/14 03:20:28 | 000,058,448 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\fileinfo.sys -- (FileInfo)
    DRV - [2009/07/14 03:20:28 | 000,057,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\gagp30kx.sys -- (gagp30kx)
    DRV - [2009/07/14 03:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
    DRV - [2009/07/14 03:20:28 | 000,022,096 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\DRIVERS\crcdisk.sys -- (crcdisk)
    DRV - [2009/07/14 03:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\disk.sys -- (Disk)
    DRV - [2009/07/14 03:19:11 | 000,297,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx)
    DRV - [2009/07/14 03:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
    DRV - [2009/07/14 03:19:11 | 000,057,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\uliagpkx.sys -- (uliagpkx)
    DRV - [2009/07/14 03:19:11 | 000,019,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\wd.sys -- (Wd)
    DRV - [2009/07/14 03:19:10 | 000,445,008 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\Wdf01000.sys -- (Wdf01000)
    DRV - [2009/07/14 03:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\volsnap.sys -- (volsnap)
    DRV - [2009/07/14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
    DRV - [2009/07/14 03:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
    DRV - [2009/07/14 03:19:10 | 000,055,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\uagp35.sys -- (uagp35)
    DRV - [2009/07/14 03:19:10 | 000,053,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaagp.sys -- (viaagp)
    DRV - [2009/07/14 03:19:10 | 000,053,312 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\volmgr.sys -- (volmgr)
    DRV - [2009/07/14 03:19:10 | 000,051,776 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\termdd.sys -- (TermDD)
    DRV - [2009/07/14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
    DRV - [2009/07/14 03:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
    DRV - [2009/07/14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
    DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/07/14 03:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
    DRV - [2009/07/14 03:19:10 | 000,012,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\swenum.sys -- (swenum)
    DRV - [2009/07/14 03:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
    DRV - [2009/07/14 03:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
    DRV - [2009/07/14 03:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
    DRV - [2009/07/14 03:19:04 | 000,085,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sbp2port.sys -- (sbp2port)
    DRV - [2009/07/14 03:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
    DRV - [2009/07/14 03:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
    DRV - [2009/07/14 03:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
    DRV - [2009/07/14 03:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
    DRV - [2009/07/14 03:19:03 | 000,180,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\pcmcia.sys -- (pcmcia)
    DRV - [2009/07/14 03:19:03 | 000,052,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2009/07/14 03:19:03 | 000,017,472 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\spldr.sys -- (spldr)
    DRV - [2009/07/14 03:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
    DRV - [2009/07/14 02:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2009/07/14 02:41:15 | 000,586,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH)
    DRV - [2009/07/14 02:17:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\usbprint.sys -- (usbprint)
    DRV - [2009/07/14 02:02:58 | 000,133,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpdr.sys -- (RDPDR)
    DRV - [2009/07/14 02:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
    DRV - [2009/07/14 02:01:55 | 000,177,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpwd.sys -- (RDPWD)
    DRV - [2009/07/14 02:01:51 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv)
    DRV - [2009/07/14 02:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
    DRV - [2009/07/14 02:01:40 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPCDD.sys -- (RDPCDD)
    DRV - [2009/07/14 02:01:39 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD)
    DRV - [2009/07/14 02:01:37 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdtcp.sys -- (TDTCP)
    DRV - [2009/07/14 02:01:37 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdpipe.sys -- (TDPIPE)
    DRV - [2009/07/14 01:55:24 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\modem.sys -- (Modem)
    DRV - [2009/07/14 01:55:02 | 000,063,488 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wanarp.sys -- (Wanarpv6)
    DRV - [2009/07/14 01:55:02 | 000,063,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wanarp.sys -- (WANARP)
    DRV - [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ws2ifsl.sys -- (ws2ifsl)
    DRV - [2009/07/14 01:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
    DRV - [2009/07/14 01:54:58 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rassstp.sys -- (RasSstp) Miniport WAN (SSTP)
    DRV - [2009/07/14 01:54:53 | 000,077,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\raspppoe.sys -- (RasPppoe)
    DRV - [2009/07/14 01:54:48 | 000,073,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\raspptp.sys -- (PptpMiniport) Miniport WAN (PPTP)
    DRV - [2009/07/14 01:54:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\asyncmac.sys -- (AsyncMac)
    DRV - [2009/07/14 01:54:40 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rasacd.sys -- (RasAcd)
    DRV - [2009/07/14 01:54:35 | 000,118,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndiswan.sys -- (NdisWan)
    DRV - [2009/07/14 01:54:34 | 000,078,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rasl2tp.sys -- (Rasl2tp) Miniport WAN (L2TP)
    DRV - [2009/07/14 01:54:29 | 000,101,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ipnat.sys -- (IPNAT)
    DRV - [2009/07/14 01:54:29 | 000,058,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ipfltdrv.sys -- (IpFilterDriver)
    DRV - [2009/07/14 01:54:27 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndproxy.sys -- (NDProxy)
    DRV - [2009/07/14 01:54:24 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndistapi.sys -- (NdisTapi)
    DRV - [2009/07/14 01:54:14 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg)
    DRV - [2009/07/14 01:54:13 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\qwavedrv.sys -- (QWAVEdrv)
    DRV - [2009/07/14 01:54:03 | 000,108,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel)
    DRV - [2009/07/14 01:53:58 | 000,104,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\pacer.sys -- (Psched)
    DRV - [2009/07/14 01:53:54 | 000,036,352 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\netbios.sys -- (NetBIOS)
    DRV - [2009/07/14 01:53:51 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndisuio.sys -- (Ndisuio)
    DRV - [2009/07/14 01:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
    DRV - [2009/07/14 01:53:41 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smb.sys -- (Smb) Protocoles TCP/IP et TCP/IPv6 orienté messages (session SMB)
    DRV - [2009/07/14 01:53:27 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irenum.sys -- (IRENUM)
    DRV - [2009/07/14 01:53:20 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr)
    DRV - [2009/07/14 01:53:19 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio)
    DRV - [2009/07/14 01:52:53 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv)
    DRV - [2009/07/14 01:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
    DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
    DRV - [2009/07/14 01:52:09 | 000,258,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbhub.sys -- (usbhub)
    DRV - [2009/07/14 01:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
    DRV - [2009/07/14 01:52:03 | 000,267,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP)
    DRV - [2009/07/14 01:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
    DRV - [2009/07/14 01:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
    DRV - [2009/07/14 01:51:47 | 000,304,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService)
    DRV - [2009/07/14 01:51:39 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\umbus.sys -- (umbus)
    DRV - [2009/07/14 01:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
    DRV - [2009/07/14 01:51:34 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bthmodem.sys -- (BTHMODEM)
    DRV - [2009/07/14 01:51:33 | 000,091,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\hidbth.sys -- (HidBth)
    DRV - [2009/07/14 01:51:31 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbccgp.sys -- (usbccgp)
    DRV - [2009/07/14 01:51:29 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ohci1394.sys -- (ohci1394) 1394 OHCI Compliant Host Controller (Legacy)
    DRV - [2009/07/14 01:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2009/07/14 01:51:19 | 000,074,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBSTOR.SYS -- (USBSTOR)
    DRV - [2009/07/14 01:51:18 | 000,086,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
    DRV - [2009/07/14 01:51:17 | 000,037,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\circlass.sys -- (circlass)
    DRV - [2009/07/14 01:51:14 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbehci.sys -- (usbehci)
    DRV - [2009/07/14 01:51:14 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\usbohci.sys -- (usbohci)
    DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2009/07/14 01:51:10 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbuhci.sys -- (usbuhci)
    DRV - [2009/07/14 01:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
    DRV - [2009/07/14 01:51:05 | 000,037,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\hidir.sys -- (HidIr)
    DRV - [2009/07/14 01:51:04 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hidusb.sys -- (HidUsb)
    DRV - [2009/07/14 01:50:57 | 000,005,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\drmkaud.sys -- (drmkaud)
    DRV - [2009/07/14 01:50:56 | 000,108,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2009/07/14 01:50:45 | 000,132,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WUDFRd.sys -- (WUDFRd)
    DRV - [2009/07/14 01:50:17 | 000,092,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WUDFPf.sys -- (WudfPf)
    DRV - [2009/07/14 01:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
    DRV - [2009/07/14 01:46:53 | 000,021,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\wacompen.sys -- (WacomPen)
    DRV - [2009/07/14 01:45:52 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sfloppy.sys -- (sfloppy)
    DRV - [2009/07/14 01:45:52 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sffp_sd.sys -- (sffp_sd)
    DRV - [2009/07/14 01:45:52 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sffp_mmc.sys -- (sffp_mmc)
    DRV - [2009/07/14 01:45:52 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sffdisk.sys -- (sffdisk)
    DRV - [2009/07/14 01:45:45 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\fdc.sys -- (fdc)
    DRV - [2009/07/14 01:45:45 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\flpydisk.sys -- (flpydisk)
    DRV - [2009/07/14 01:45:35 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\parport.sys -- (Parport)
    DRV - [2009/07/14 01:45:33 | 000,083,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
    DRV - [2009/07/14 01:45:29 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\system32\DRIVERS\parvdm.sys -- (Parvdm)
    DRV - [2009/07/14 01:45:28 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serenum.sys -- (Serenum)
    DRV - [2009/07/14 01:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
    DRV - [2009/07/14 01:45:09 | 000,028,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid)
    DRV - [2009/07/14 01:45:08 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mouhid.sys -- (mouhid)
    DRV - [2009/07/14 01:45:08 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sermouse.sys -- (sermouse)
    DRV - [2009/07/14 01:45:08 | 000,008,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mskssrv.sys -- (MSKSSRV)
    DRV - [2009/07/14 01:45:08 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mstee.sys -- (MSTEE)
    DRV - [2009/07/14 01:45:08 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mspclock.sys -- (MSPCLOCK)
    DRV - [2009/07/14 01:45:07 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mspqm.sys -- (MSPQM)
    DRV - [2009/07/14 01:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\beep.sys -- (Beep)
    DRV - [2009/07/14 01:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
    DRV - [2009/07/14 01:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
    DRV - [2009/07/14 01:30:59 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\IPMIDrv.sys -- (IPMIDRV)
    DRV - [2009/07/14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
    DRV - [2009/07/14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
    DRV - [2009/07/14 01:25:59 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\monitor.sys -- (monitor)
    DRV - [2009/07/14 01:25:51 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vga.sys -- (VgaSave)
    DRV - [2009/07/14 01:25:49 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vgapnp.sys -- (vga)
    DRV - [2009/07/14 01:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
    DRV - [2009/07/14 01:23:04 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
    DRV - [2009/07/14 01:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
    DRV - [2009/07/14 01:19:19 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\errdev.sys -- (ErrDev)
    DRV - [2009/07/14 01:19:18 | 000,014,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CmBatt.sys -- (CmBatt)
    DRV - [2009/07/14 01:19:17 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\wmiacpi.sys -- (WmiAcpi)
    DRV - [2009/07/14 01:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
    DRV - [2009/07/14 01:15:45 | 000,086,528 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\system32\drivers\luafv.sys -- (luafv)
    DRV - [2009/07/14 01:15:29 | 000,028,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace)
    DRV - [2009/07/14 01:15:13 | 000,387,584 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\csc.sys -- (CSC)
    DRV - [2009/07/14 01:14:29 | 000,241,664 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\rdbss.sys -- (rdbss)
    DRV - [2009/07/14 01:14:26 | 000,115,712 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\system32\drivers\mrxdav.sys -- (MRxDAV)
    DRV - [2009/07/14 01:14:17 | 000,078,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC)
    DRV - [2009/07/14 01:14:09 | 000,246,784 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
    DRV - [2009/07/14 01:14:03 | 000,142,336 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\exfat.sys -- (exfat)
    DRV - [2009/07/14 01:14:02 | 000,148,480 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\fastfat.sys -- (fastfat)
    DRV - [2009/07/14 01:12:59 | 000,513,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\http.sys -- (HTTP)
    DRV - [2009/07/14 01:12:38 | 000,338,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\afd.sys -- (AFD)
    DRV - [2009/07/14 01:12:21 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\netbt.sys -- (NetBT)
    DRV - [2009/07/14 01:12:11 | 000,074,240 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tdx.sys -- (tdx)
    DRV - [2009/07/14 01:12:08 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy)
    DRV - [2009/07/14 01:11:32 | 000,035,328 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\npfs.sys -- (Npfs)
    DRV - [2009/07/14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrom.sys -- (cdrom)
    DRV - [2009/07/14 01:11:26 | 000,022,528 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\msfs.sys -- (Msfs)
    DRV - [2009/07/14 01:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\i8042prt.sys -- (i8042prt)
    DRV - [2009/07/14 01:11:15 | 000,070,656 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\cdfs.sys -- (cdfs)
    DRV - [2009/07/14 01:11:12 | 000,004,608 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\null.sys -- (Null)
    DRV - [2009/07/14 01:11:04 | 000,055,296 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdk8.sys -- (AmdK8)
    DRV - [2009/07/14 01:11:04 | 000,053,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\intelppm.sys -- (intelppm)
    DRV - [2009/07/14 01:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viac7.sys -- (ViaC7)
    DRV - [2009/07/14 01:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
    DRV - [2009/07/14 01:11:04 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\processr.sys -- (Processor)
    DRV - [2009/07/14 00:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/07/14 00:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
    DRV - [2009/07/14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
    DRV - [2009/07/14 00:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
    DRV - [2009/07/14 00:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
    DRV - [2009/07/14 00:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
    DRV - [2009/07/14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
    DRV - [2009/07/14 00:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
    DRV - [2009/07/14 00:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
    DRV - [2009/07/14 00:02:47 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
    DRV - [2009/07/13 22:50:20 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
    DRV - [2009/05/18 13:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV - [2009/04/17 04:00:00 | 000,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
    DRV - [2007/08/03 20:26:22 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
    DRV - [2007/07/31 02:39:00 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
    DRV - [2007/05/14 17:17:16 | 000,022,656 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RimUsb.sys -- (RimUsb)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1825224032-1265911557-2456511187-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    IE - HKU\S-1-5-21-1825224032-1265911557-2456511187-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
    IE - HKU\S-1-5-21-1825224032-1265911557-2456511187-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mystart.com/?pr=vmn&id=pandasecuritytb&v=2_0
    IE - HKU\S-1-5-21-1825224032-1265911557-2456511187-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
    IE - HKU\S-1-5-21-1825224032-1265911557-2456511187-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
    IE - HKU\S-1-5-21-1825224032-1265911557-2456511187-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B3 09 3D 13 7D 62 CB 01 [binary data]
    IE - HKU\S-1-5-21-1825224032-1265911557-2456511187-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-1825224032-1265911557-2456511187-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-1825224032-1265911557-2456511187-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT106093...{searchTerms}"
    FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT1060933&SearchSource=..."
    FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.5
    FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11
    FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.4.0024
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=panda&type=panda2_0ya..."

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@t-immersion.com/DFusionHomeWebPlugIn: C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\ediz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/21 18:15:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/05 11:18:14 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/06 11:12:30 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/07/13 11:00:13 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

    [2011/04/05 17:33:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ediz\AppData\Roaming\mozilla\Extensions
    [2011/04/05 17:33:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ediz\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2011/06/28 16:42:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ediz\AppData\Roaming\mozilla\Firefox\Profiles\y0q58nwu.default\extensions
    [2011/05/04 16:19:19 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\ediz\AppData\Roaming\mozilla\Firefox\Profiles\y0q58nwu.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
    [2011/07/05 10:13:13 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Users\ediz\AppData\Roaming\mozilla\Firefox\Profiles\y0q58nwu.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
    [2011/06/27 09:20:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\ediz\AppData\Roaming\mozilla\Firefox\Profiles\y0q58nwu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2011/05/05 11:18:50 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\ediz\AppData\Roaming\mozilla\Firefox\Profiles\y0q58nwu.default\extensions\DTToolbar@toolbarnet.com
    [2011/05/04 16:19:16 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\ediz\AppData\Roaming\mozilla\Firefox\Profiles\y0q58nwu.default\extensions\engine@conduit.com
    [2010/11/09 02:08:46 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\ediz\AppData\Roaming\mozilla\Firefox\Profiles\y0q58nwu.default\extensions\support@predictad.com
    [2011/06/28 16:42:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ediz\AppData\Roaming\mozilla\Firefox\Profiles\y0q58nwu.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin\PandaSecurityTb_2.0.0.10\$TEMP\$[56]\extensions
    [2011/06/28 16:42:56 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Users\ediz\AppData\Roaming\mozilla\Firefox\Profiles\y0q58nwu.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin\PandaSecurityTb_2.0.0.10\$TEMP\$[56]\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
    [2011/03/15 13:22:18 | 000,000,923 | ---- | M] () -- C:\Users\ediz\AppData\Roaming\Mozilla\Firefox\Profiles\y0q58nwu.default\searchplugins\conduit.xml
    [2011/03/02 18:42:58 | 000,002,059 | ---- | M] () -- C:\Users\ediz\AppData\Roaming\Mozilla\Firefox\Profiles\y0q58nwu.default\searchplugins\daemon-search.xml
    [2011/07/19 15:15:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
    [2011/03/11 13:09:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    File not found (No name found) --
    () (No name found) -- C:\USERS\EDIZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y0Q58NWU.DEFAULT\EXTENSIONS\{340C2BBC-CE74-4362-90B5-7C26312808EF}.XPI
    () (No name found) -- C:\USERS\EDIZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y0Q58NWU.DEFAULT\EXTENSIONS\YTVDW@PGPORT.COM.XPI
    [2011/05/05 11:18:12 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/03/11 13:08:53 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2010/01/01 10:00:00 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
    [2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2010/01/01 10:00:00 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
    [2010/01/01 10:00:00 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
    [2010/01/01 10:00:00 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml

    O1 HOSTS File: ([2011/07/22 12:42:22 | 000,000,843 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
    O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
    O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
    O3 - HKU\S-1-5-21-1825224032-1265911557-2456511187-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
    O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Anti Trojan Elite] File not found
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
    O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
    O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
    O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKU\S-1-5-21-1825224032-1265911557-2456511187-1000..\Run: [AdobeBridge] File not found
    O4 - HKU\S-1-5-21-1825224032-1265911557-2456511187-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lit
    a c 1024 8 Sécurité
    22 Juillet 2011 18:26:55

    Bonjour,

    OTL a été exécuté depuis un support I: et renommé en zdf.exe ?

    Tu penseras à me poster le rapport Extras.txt ?

    Désinstalle G Data et Panda Antivirus via Programmes et fonctionnalités

    Le rapport Combofix existe bien
    Citation :
    [2011/07/22 15:59:40 | 000,000,000 | --SD | C] -- C:\ComboFix

    Poste-le, s'il te plaît.

    Correctif OTL :

    Tu exécutes OTL depuis ton Bureau.

  • /!\ Important -> Branche tous les périphériques externes (clés, disques durs ....)
  • Ferme toutes les autres fenêtres et double-clique sur OTL.exe
    /!\ Sous Vista et Windows 7, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
  • Copie l'intégralité de ce code ci-dessous

    :OTL
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT1060933&SearchSource=13"
    [2011/05/04 16:19:16 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\ediz\AppData\Roaming\mozilla\Firefox\Profiles\y0q58nwu.default\extensions\engine@conduit.com
    [2010/11/09 02:08:46 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\ediz\AppData\Roaming\mozilla\Firefox\Profiles\y0q58nwu.default\extensions\support@predictad.com
    [2011/03/15 13:22:18 | 000,000,923 | ---- | M] () -- C:\Users\ediz\AppData\Roaming\Mozilla\Firefox\Profiles\y0q58nwu.default\searchplugins\conduit.xml
    O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen)
    O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
    [2011/07/22 15:31:20 | 000,000,302 | -HS- | M] () -- C:\Windows\tasks\cpxpovlmqy.job
    [2011/07/22 10:37:22 | 000,579,584 | ---- | M] () -- C:\Users\ediz\Desktop\hihi.exe
    [2011/07/20 18:00:40 | 000,516,608 | ---- | M] () -- C:\Users\ediz\Desktop\dfgr-5.2.7.exe
    [1 C:\Users\ediz\Documents\*.tmp files -> C:\Users\ediz\Documents\*.tmp -> ]
    [1 C:\Users\ediz\Desktop\*.tmp files -> C:\Users\ediz\Desktop\*.tmp -> ]
    [1 C:\Users\ediz\AppData\Local\*.tmp files -> C:\Users\ediz\AppData\Local\*.tmp -> ]
    @Alternate Data Stream - 184 bytes -> C:\ProgramData\TEMP:07BF512B
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:890CC2F3

    :files
    C:\Windows\tasks\cpxpovlmqy.job
    C:\Users\ediz\Desktop\hihi.exe
    C:\Users\ediz\Desktop\dfgr-5.2.7.exe

    :Commands
    [PURITY]
    [EMPTYTEMP]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]


  • Colle l'intégralité du code dans le cadre Personnalisation
  • Clique ensuite sur le bouton Correction

  • L'outil lance la suppression, ne pas l'interrompre
  • Si l'outil te demande de redémarrer le PC, tu acceptes
  • Poste le contenu du rapport situé dans C:\_OTL\MovedFiles\********_******.log
    les *** sont des chiffres représentant la date [MoisJourAnnée] et l'heure

    Ensuite tu relances TDSSKiller, pour voir ce qu'il dit (tu postes le rapport obtenu).

    @+
    22 Juillet 2011 18:37:43

    oui j'ai du renommer le programme pour pouvoir le lancer... c'est grave?

    Sinon pour les deux rapport jai lancer une recherche et il n'y a rien ...jai un combo fix mais lorsque je le copie il me dis que le fichier pese 16Go...

    je fais lanalyse maintenant!
    22 Juillet 2011 18:48:49

    je t'envoi comment le rapport de OTL en .log? je peux pas l'envoyer avec cijoint.fr.....

    voici le rapport de TDSSkiller

    2011/07/22 18:44:40.0300 3888 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
    2011/07/22 18:44:40.0394 3888 ================================================================================
    2011/07/22 18:44:40.0394 3888 SystemInfo:
    2011/07/22 18:44:40.0394 3888
    2011/07/22 18:44:40.0394 3888 OS Version: 6.1.7600 ServicePack: 0.0
    2011/07/22 18:44:40.0394 3888 Product type: Workstation
    2011/07/22 18:44:40.0394 3888 ComputerName: EDIZ-PC
    2011/07/22 18:44:40.0394 3888 UserName: ediz
    2011/07/22 18:44:40.0394 3888 Windows directory: C:\Windows
    2011/07/22 18:44:40.0394 3888 System windows directory: C:\Windows
    2011/07/22 18:44:40.0394 3888 Processor architecture: Intel x86
    2011/07/22 18:44:40.0394 3888 Number of processors: 2
    2011/07/22 18:44:40.0394 3888 Page size: 0x1000
    2011/07/22 18:44:40.0394 3888 Boot type: Normal boot
    2011/07/22 18:44:40.0394 3888 ================================================================================
    2011/07/22 18:44:47.0304 3888 Initialize success
    2011/07/22 18:44:53.0716 0348 ================================================================================
    2011/07/22 18:44:53.0716 0348 Scan started
    2011/07/22 18:44:53.0716 0348 Mode: Manual;
    2011/07/22 18:44:53.0716 0348 ================================================================================
    2011/07/22 18:44:55.0276 0348 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
    2011/07/22 18:44:55.0541 0348 a2acc (71574a98093d94bdbb3cb74e272d29a5) C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
    2011/07/22 18:44:55.0900 0348 a2injectiondriver (b4fba42bdd499eb94423166d65b67b93) C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys
    2011/07/22 18:44:55.0994 0348 a2util (2da26eb05b5495d3b2ee36456c239fb7) C:\Program Files\Emsisoft Anti-Malware\a2util32.sys
    2011/07/22 18:44:56.0337 0348 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
    2011/07/22 18:44:56.0415 0348 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
    2011/07/22 18:44:56.0664 0348 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/07/22 18:44:56.0836 0348 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/07/22 18:44:56.0867 0348 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/07/22 18:44:56.0961 0348 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
    2011/07/22 18:44:57.0086 0348 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
    2011/07/22 18:44:57.0382 0348 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    2011/07/22 18:44:57.0678 0348 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
    2011/07/22 18:44:57.0912 0348 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
    2011/07/22 18:44:58.0037 0348 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
    2011/07/22 18:44:58.0271 0348 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/07/22 18:44:58.0708 0348 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/07/22 18:44:59.0114 0348 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
    2011/07/22 18:44:59.0597 0348 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/07/22 18:44:59.0925 0348 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
    2011/07/22 18:45:00.0237 0348 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
    2011/07/22 18:45:00.0627 0348 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    2011/07/22 18:45:00.0986 0348 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/07/22 18:45:01.0781 0348 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\Windows\system32\drivers\aswFsBlk.sys
    2011/07/22 18:45:02.0608 0348 aswFW (1ad83bfec454d43992a5b4333abc8769) C:\Windows\system32\drivers\aswFW.sys
    2011/07/22 18:45:02.0998 0348 aswMonFlt (b0f137f664f10829cd2380b0e20e7c29) C:\Windows\system32\drivers\aswMonFlt.sys
    2011/07/22 18:45:03.0404 0348 aswNdis (7b948e3657bea62e437bc46ca6ef6012) C:\Windows\system32\DRIVERS\aswNdis.sys
    2011/07/22 18:45:03.0825 0348 aswNdis2 (892e24024f23b9fdeffeddddffbaf1ea) C:\Windows\system32\drivers\aswNdis2.sys
    2011/07/22 18:45:04.0121 0348 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\Windows\system32\drivers\aswRdr.sys
    2011/07/22 18:45:04.0589 0348 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\Windows\system32\drivers\aswSnx.sys
    2011/07/22 18:45:04.0823 0348 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\Windows\system32\drivers\aswSP.sys
    2011/07/22 18:45:04.0979 0348 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\Windows\system32\drivers\aswTdi.sys
    2011/07/22 18:45:05.0603 0348 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/07/22 18:45:06.0477 0348 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
    2011/07/22 18:45:07.0397 0348 athr (b01751cc563aecac09bbe36aaa21fbef) C:\Windows\system32\DRIVERS\athr.sys
    2011/07/22 18:45:08.0380 0348 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    2011/07/22 18:45:08.0723 0348 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    2011/07/22 18:45:09.0020 0348 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    2011/07/22 18:45:09.0472 0348 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/07/22 18:45:09.0956 0348 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
    2011/07/22 18:45:10.0190 0348 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/07/22 18:45:10.0658 0348 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/07/22 18:45:11.0110 0348 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    2011/07/22 18:45:11.0313 0348 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/07/22 18:45:11.0890 0348 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/07/22 18:45:12.0405 0348 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/07/22 18:45:12.0779 0348 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/07/22 18:45:13.0731 0348 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/07/22 18:45:14.0090 0348 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/07/22 18:45:14.0480 0348 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    2011/07/22 18:45:14.0963 0348 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    2011/07/22 18:45:15.0899 0348 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/07/22 18:45:16.0289 0348 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
    2011/07/22 18:45:16.0632 0348 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
    2011/07/22 18:45:16.0866 0348 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/07/22 18:45:17.0007 0348 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
    2011/07/22 18:45:17.0147 0348 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/07/22 18:45:17.0428 0348 CSC (d93b9f7eb347f42a5ea0e32f33f6c93b) C:\Windows\system32\drivers\csc.sys
    2011/07/22 18:45:17.0444 0348 Suspicious file (Forged): C:\Windows\system32\drivers\csc.sys. Real md5: d93b9f7eb347f42a5ea0e32f33f6c93b, Fake md5: 27c9490bdd0ae48911ab8cf1932591ed
    2011/07/22 18:45:17.0475 0348 CSC - detected ForgedFile.Multi.Generic (1)
    2011/07/22 18:45:17.0771 0348 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
    2011/07/22 18:45:18.0036 0348 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    2011/07/22 18:45:18.0302 0348 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    2011/07/22 18:45:18.0567 0348 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    2011/07/22 18:45:18.0738 0348 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    2011/07/22 18:45:18.0988 0348 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/07/22 18:45:19.0487 0348 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    2011/07/22 18:45:19.0799 0348 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/07/22 18:45:19.0846 0348 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
    2011/07/22 18:45:19.0955 0348 ETD (249d08177b2080163e600c3424f1a6af) C:\Windows\system32\DRIVERS\ETD.sys
    2011/07/22 18:45:20.0174 0348 ewusbnet (5b250a1be34d4fde35287eec297104a7) C:\Windows\system32\DRIVERS\ewusbnet.sys
    2011/07/22 18:45:20.0532 0348 ew_hwusbdev (e98a64c7f106740a38fb2b78197816f8) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
    2011/07/22 18:45:20.0735 0348 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    2011/07/22 18:45:21.0000 0348 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    2011/07/22 18:45:21.0219 0348 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    2011/07/22 18:45:21.0484 0348 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    2011/07/22 18:45:21.0999 0348 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    2011/07/22 18:45:22.0186 0348 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/07/22 18:45:22.0248 0348 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    2011/07/22 18:45:22.0404 0348 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    2011/07/22 18:45:22.0560 0348 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/07/22 18:45:22.0732 0348 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/07/22 18:45:22.0935 0348 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/07/22 18:45:23.0262 0348 GDBehave (7b07fb63a6bbad4debc5fa1df5349087) C:\Windows\system32\drivers\GDBehave.sys
    2011/07/22 18:45:23.0543 0348 GDMnIcpt (5dfba6993b046d3f7df603b485444be3) C:\Windows\system32\drivers\MiniIcpt.sys
    2011/07/22 18:45:23.0746 0348 GDPkIcpt (a4fe42fea9b5270d92c951420861a060) C:\Windows\system32\drivers\PktIcpt.sys
    2011/07/22 18:45:24.0136 0348 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/07/22 18:45:24.0432 0348 ghaio (31b40f40e09513addc460f6a297ad474) C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
    2011/07/22 18:45:24.0698 0348 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
    2011/07/22 18:45:24.0822 0348 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    2011/07/22 18:45:25.0025 0348 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
    2011/07/22 18:45:25.0337 0348 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/07/22 18:45:25.0587 0348 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/07/22 18:45:25.0696 0348 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/07/22 18:45:25.0743 0348 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    2011/07/22 18:45:25.0790 0348 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/07/22 18:45:25.0883 0348 HookCentre (7a19e6cb7cddd9d5b5c0c49930628e80) C:\Windows\system32\drivers\HookCentre.sys
    2011/07/22 18:45:25.0914 0348 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
    2011/07/22 18:45:25.0977 0348 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
    2011/07/22 18:45:26.0055 0348 huawei_enumerator (22a4b14530194fc57c1c849fb5afee17) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
    2011/07/22 18:45:26.0086 0348 hwdatacard (0b3957226ec94b1ecb7b9348bb535a23) C:\Windows\system32\DRIVERS\ewusbmdm.sys
    2011/07/22 18:45:26.0133 0348 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
    2011/07/22 18:45:26.0180 0348 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/07/22 18:45:26.0226 0348 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
    2011/07/22 18:45:26.0554 0348 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
    2011/07/22 18:45:26.0804 0348 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/07/22 18:45:26.0850 0348 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
    2011/07/22 18:45:26.0897 0348 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/07/22 18:45:26.0928 0348 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/07/22 18:45:26.0960 0348 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    2011/07/22 18:45:27.0022 0348 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    2011/07/22 18:45:27.0069 0348 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    2011/07/22 18:45:27.0100 0348 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
    2011/07/22 18:45:27.0147 0348 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/07/22 18:45:27.0256 0348 ivusb (994ebb45c4b438e1f6ea0b958ae9b9a3) C:\Windows\system32\DRIVERS\ivusb.sys
    2011/07/22 18:45:27.0318 0348 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/07/22 18:45:27.0365 0348 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/07/22 18:45:27.0459 0348 kbfiltr (3eb803312987ff44265c87cb960df6ab) C:\Windows\system32\DRIVERS\kbfiltr.sys
    2011/07/22 18:45:27.0521 0348 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
    2011/07/22 18:45:27.0584 0348 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/07/22 18:45:27.0662 0348 L1E (8c804b1ffad1efa952b747e8285c3b76) C:\Windows\system32\DRIVERS\L1E62x86.sys
    2011/07/22 18:45:27.0740 0348 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/07/22 18:45:27.0786 0348 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/07/22 18:45:27.0818 0348 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/07/22 18:45:27.0849 0348 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/07/22 18:45:27.0896 0348 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/07/22 18:45:27.0974 0348 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    2011/07/22 18:45:28.0098 0348 LVRS (b6e1ccd6572984adcae68439afd07011) C:\Windows\system32\DRIVERS\lvrs.sys
    2011/07/22 18:45:28.0332 0348 LVUVC (6c42815dd57e397f0cd988304b5eb4b3) C:\Windows\system32\DRIVERS\lvuvc.sys
    2011/07/22 18:45:28.0566 0348 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    2011/07/22 18:45:28.0613 0348 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/07/22 18:45:28.0707 0348 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    2011/07/22 18:45:28.0738 0348 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    2011/07/22 18:45:28.0769 0348 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/07/22 18:45:28.0785 0348 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/07/22 18:45:28.0816 0348 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
    2011/07/22 18:45:28.0863 0348 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
    2011/07/22 18:45:28.0894 0348 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    2011/07/22 18:45:28.0925 0348 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
    2011/07/22 18:45:29.0019 0348 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/07/22 18:45:29.0144 0348 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/07/22 18:45:29.0253 0348 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/07/22 18:45:29.0315 0348 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
    2011/07/22 18:45:29.0362 0348 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
    2011/07/22 18:45:29.0409 0348 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    2011/07/22 18:45:29.0440 0348 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/07/22 18:45:29.0471 0348 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
    2011/07/22 18:45:29.0502 0348 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/07/22 18:45:29.0534 0348 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/07/22 18:45:29.0565 0348 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    2011/07/22 18:45:29.0596 0348 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    2011/07/22 18:45:29.0643 0348 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/07/22 18:45:29.0658 0348 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    2011/07/22 18:45:29.0705 0348 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/07/22 18:45:29.0783 0348 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
    2011/07/22 18:45:29.0830 0348 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    2011/07/22 18:45:29.0877 0348 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/07/22 18:45:29.0924 0348 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
    2011/07/22 18:45:29.0971 0348 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/07/22 18:45:30.0002 0348 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/07/22 18:45:30.0033 0348 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/07/22 18:45:30.0064 0348 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/07/22 18:45:30.0095 0348 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
    2011/07/22 18:45:30.0173 0348 Netaapl (7afd0e39ab15cb355487b7cc19f4e2c5) C:\Windows\system32\DRIVERS\netaapl.sys
    2011/07/22 18:45:30.0189 0348 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    2011/07/22 18:45:30.0236 0348 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
    2011/07/22 18:45:30.0298 0348 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/07/22 18:45:30.0329 0348 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    2011/07/22 18:45:30.0376 0348 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    2011/07/22 18:45:30.0439 0348 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
    2011/07/22 18:45:30.0563 0348 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    2011/07/22 18:45:30.0610 0348 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
    2011/07/22 18:45:30.0673 0348 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
    2011/07/22 18:45:30.0688 0348 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
    2011/07/22 18:45:30.0719 0348 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/07/22 18:45:30.0797 0348 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    2011/07/22 18:45:30.0829 0348 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
    2011/07/22 18:45:30.0860 0348 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    2011/07/22 18:45:30.0922 0348 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
    2011/07/22 18:45:30.0969 0348 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
    2011/07/22 18:45:31.0016 0348 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/07/22 18:45:31.0063 0348 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    2011/07/22 18:45:31.0094 0348 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    2011/07/22 18:45:31.0203 0348 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/07/22 18:45:31.0234 0348 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    2011/07/22 18:45:31.0297 0348 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    2011/07/22 18:45:31.0421 0348 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
    2011/07/22 18:45:31.0515 0348 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/07/22 18:45:31.0593 0348 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/07/22 18:45:31.0640 0348 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    2011/07/22 18:45:31.0687 0348 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/07/22 18:45:31.0733 0348 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/07/22 18:45:31.0765 0348 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/07/22 18:45:31.0796 0348 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/07/22 18:45:31.0827 0348 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/07/22 18:45:31.0889 0348 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/07/22 18:45:31.0921 0348 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/07/22 18:45:31.0952 0348 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/07/22 18:45:31.0999 0348 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
    2011/07/22 18:45:32.0014 0348 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    2011/07/22 18:45:32.0061 0348 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    2011/07/22 18:45:32.0092 0348 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
    2011/07/22 18:45:32.0123 0348 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
    2011/07/22 18:45:32.0279 0348 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\Windows\system32\Drivers\RimUsb.sys
    2011/07/22 18:45:32.0357 0348 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/07/22 18:45:32.0404 0348 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
    2011/07/22 18:45:32.0451 0348 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
    2011/07/22 18:45:32.0482 0348 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/07/22 18:45:32.0529 0348 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/07/22 18:45:32.0576 0348 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    2011/07/22 18:45:32.0607 0348 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    2011/07/22 18:45:32.0623 0348 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/07/22 18:45:32.0669 0348 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
    2011/07/22 18:45:32.0685 0348 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    2011/07/22 18:45:32.0716 0348 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2011/07/22 18:45:32.0732 0348 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/07/22 18:45:32.0779 0348 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
    2011/07/22 18:45:32.0810 0348 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/07/22 18:45:32.0841 0348 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/07/22 18:45:32.0857 0348 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    2011/07/22 18:45:32.0903 0348 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    2011/07/22 18:45:33.0091 0348 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\system32\Drivers\sptd.sys
    2011/07/22 18:45:33.0091 0348 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
    2011/07/22 18:45:33.0106 0348 sptd - detected LockedFile.Multi.Generic (1)
    2011/07/22 18:45:33.0231 0348 srv (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys
    2011/07/22 18:45:33.0371 0348 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys
    2011/07/22 18:45:33.0449 0348 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/07/22 18:45:33.0496 0348 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/07/22 18:45:33.0559 0348 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
    2011/07/22 18:45:33.0590 0348 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
    2011/07/22 18:45:33.0621 0348 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
    2011/07/22 18:45:33.0839 0348 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
    2011/07/22 18:45:33.0949 0348 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/07/22 18:45:34.0011 0348 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
    2011/07/22 18:45:34.0058 0348 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
    2011/07/22 18:45:34.0073 0348 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
    2011/07/22 18:45:34.0120 0348 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
    2011/07/22 18:45:34.0151 0348 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
    2011/07/22 18:45:34.0385 0348 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/07/22 18:45:34.0448 0348 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/07/22 18:45:34.0479 0348 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/07/22 18:45:34.0526 0348 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
    2011/07/22 18:45:34.0588 0348 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
    2011/07/22 18:45:34.0619 0348 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
    2011/07/22 18:45:34.0635 0348 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    2011/07/22 18:45:34.0822 0348 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
    2011/07/22 18:45:34.0916 0348 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
    2011/07/22 18:45:34.0994 0348 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/07/22 18:45:35.0056 0348 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
    2011/07/22 18:45:35.0103 0348 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/07/22 18:45:35.0212 0348 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/07/22 18:45:35.0259 0348 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/07/22 18:45:35.0290 0348 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/07/22 18:45:35.0321 0348 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/07/22 18:45:35.0353 0348 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/07/22 18:45:35.0415 0348 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
    2011/07/22 18:45:35.0477 0348 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
    2011/07/22 18:45:35.0524 0348 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/07/22 18:45:35.0555 0348 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    2011/07/22 18:45:35.0587 0348 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
    2011/07/22 18:45:35.0618 0348 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
    2011/07/22 18:45:35.0649 0348 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    2011/07/22 18:45:35.0680 0348 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
    2011/07/22 18:45:35.0711 0348 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
    2011/07/22 18:45:35.0743 0348 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
    2011/07/22 18:45:35.0774 0348 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
    2011/07/22 18:45:35.0852 0348 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    2011/07/22 18:45:35.0883 0348 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
    2011/07/22 18:45:35.0930 0348 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/07/22 18:45:35.0992 0348 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
    2011/07/22 18:45:36.0008 0348 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
    2011/07/22 18:45:36.0039 0348 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
    2011/07/22 18:45:36.0133 0348 wacmoumonitor (f24ee97511fb901189e11cbbd51605ba) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
    2011/07/22 18:45:36.0226 0348 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
    2011/07/22 18:45:36.0320 0348 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/07/22 18:45:36.0413 0348 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\Windows\system32\DRIVERS\wacomvhid.sys
    2011/07/22 18:45:36.0445 0348 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/07/22 18:45:36.0460 0348 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/07/22 18:45:36.0538 0348 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    2011/07/22 18:45:36.0585 0348 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    2011/07/22 18:45:36.0663 0348 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/07/22 18:45:36.0725 0348 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    2011/07/22 18:45:36.0835 0348 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
    2011/07/22 18:45:36.0881 0348 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/07/22 18:45:36.0944 0348 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/07/22 18:45:37.0037 0348 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
    2011/07/22 18:45:37.0100 0348 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/07/22 18:45:37.0256 0348 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    2011/07/22 18:45:37.0287 0348 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
    2011/07/22 18:45:37.0381 0348 Boot (0x1200) (56a816d2bbf9c232075c8c2773ab3643) \Device\Harddisk0\DR0\Partition0
    2011/07/22 18:45:37.0381 0348 Boot (0x1200) (6c0d106edffa6d8cdee9a2fdc26b0ede) \Device\Harddisk1\DR1\Partition0
    2011/07/22 18:45:37.0396 0348 ================================================================================
    2011/07/22 18:45:37.0396 0348 Scan finished
    2011/07/22 18:45:37.0396 0348 ================================================================================
    2011/07/22 18:45:37.0412 2792 Detected object count: 2
    2011/07/22 18:45:37.0412 2792 Actual detected object count: 2
    2011/07/22 18:45:44.0650 2792 ForgedFile.Multi.Generic(CSC) - User select action: Skip
    2011/07/22 18:45:44.0650 2792 LockedFile.Multi.Generic(sptd) - User select action: Skip
    22 Juillet 2011 18:52:22

    voila le rapport OTL:

    All processes killed
    ========== OTL ==========
    Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT106093...{searchTerms}" removed from browser.search.defaulturl
    Prefs.js: "http://search.conduit.com/?ctid=CT1060933&SearchSource=..." removed from browser.startup.homepage
    C:\Users\ediz\AppData\Roaming\mozilla\Firefox\Profiles\y0q58nwu.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
    C:\Users\ediz\AppData\Roaming\mozilla\Firefox\Profiles\y0q58nwu.default\extensions\engine@conduit.com\META-INF folder moved successfully.
    C:\Users\ediz\AppData\Roaming\mozilla\Firefox\Profiles\y0q58nwu.default\extensions\engine@conduit.com\lib folder moved successfully.
    C:\Users\ediz\AppData\Roaming\mozilla\Firefox\Profiles\y0q58nwu.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
    C:\Users\ediz\AppData\Roaming\mozilla\Firefox\Profiles\y0q58nwu.default\extensions\engine@conduit.com\defaults folder moved successfully.
    C:\Users\ediz\AppData\Roaming\mozilla\Firefox\Profiles\y0q58nwu.default\extensions\engine@conduit.com\components folder moved successfully.
    C:\Users\ediz\AppData\Roaming\mozilla\Firefox\Profiles\y0q58nwu.default\extensions\engine@conduit.com\chrome folder moved successfully.
    C:\Users\ediz\AppData\Roaming\mozilla\Firefox\Profiles\y0q58nwu.default\extensions\engine@conduit.com folder moved successfully.
    C:\Users\ediz\AppData\Roaming\mozilla\Firefox\Profiles\y0q58nwu.default\extensions\support@predictad.com\defaults\preferences folder moved successfully.
    C:\Users\ediz\AppData\Roaming\mozilla\Firefox\Profiles\y0q58nwu.default\extensions\support@predictad.com\defaults folder moved successfully.
    C:\Users\ediz\AppData\Roaming\mozilla\Firefox\Profiles\y0q58nwu.default\extensions\support@predictad.com\chrome\content folder moved successfully.
    C:\Users\ediz\AppData\Roaming\mozilla\Firefox\Profiles\y0q58nwu.default\extensions\support@predictad.com\chrome folder moved successfully.
    C:\Users\ediz\AppData\Roaming\mozilla\Firefox\Profiles\y0q58nwu.default\extensions\support@predictad.com folder moved successfully.
    C:\Users\ediz\AppData\Roaming\Mozilla\Firefox\Profiles\y0q58nwu.default\searchplugins\conduit.xml moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0124123D-61B4-456f-AF86-78C53A0790C5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ deleted successfully.
    C:\Program Files\AutocompletePro\AutocompletePro.dll moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0124123D-61B4-456f-AF86-78C53A0790C5} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0124123D-61B4-456f-AF86-78C53A0790C5}\ not found.
    C:\Windows\Tasks\cpxpovlmqy.job moved successfully.
    C:\Users\ediz\Desktop\hihi.exe moved successfully.
    C:\Users\ediz\Desktop\dfgr-5.2.7.exe moved successfully.
    C:\Users\ediz\Documents\PDRMUSIC.TMP folder deleted successfully.
    C:\Users\ediz\Desktop\~WRL0635.tmp deleted successfully.
    C:\Users\ediz\AppData\Local\BIT7102.tmp deleted successfully.
    ADS C:\ProgramData\TEMP:07BF512B deleted successfully.
    ADS C:\ProgramData\TEMP:890CC2F3 deleted successfully.
    ========== FILES ==========
    File\Folder C:\Windows\tasks\cpxpovlmqy.job not found.
    File\Folder C:\Users\ediz\Desktop\hihi.exe not found.
    File\Folder C:\Users\ediz\Desktop\dfgr-5.2.7.exe not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56468 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: ediz
    ->Temp folder emptied: 1563037923 bytes
    ->Temporary Internet Files folder emptied: 12390048 bytes
    ->Java cache emptied: 9914393 bytes
    ->FireFox cache emptied: 55068738 bytes
    ->Google Chrome cache emptied: 41538717 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 109828 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 48140555 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 1 650,00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: ediz
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0,00 mb



    OTL by OldTimer - Version 3.2.26.1 log created on 07222011_183909

    Files\Folders moved on Reboot...
    C:\Users\ediz\AppData\Local\Temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb moved successfully.
    C:\Windows\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb moved successfully.

    Registry entries deleted on Reboot...
    a c 1024 8 Sécurité
    22 Juillet 2011 19:53:27

    Re,

    Citation :
    jai un combo fix mais lorsque je le copie il me dis que le fichier pese 16Go...

    C'est quoi, c'est un dossier ComboFix qui pèse 16 Go ?
    Ça me paraît curieux, tout de même.

  • Télécharge SEAF de C_XX sur ton Bureau
  • Double-clique sur SEAF.exe pour lancer l'outil (il ne nécessite pas d'installation)
    /!\ Sous Vista et Windows 7, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
  • Dans la case de la Recherche, tape combofix et clique sur Lancer la recherche
  • Laisse l'outil analyser ton système
  • Poste le contenu du rapport SEAFlog.txt qui s'affiche dans ta réponse
    Le rapport est enregistré sous C:\SEAFlog.txt

    Comment se comporte le système maintenant ?

    Le système a bien redémarré après le fix OTL ?

    @+
    22 Juillet 2011 19:58:45

    L'ordinateur semble etre plus rapide mais c'est peu etre juste une impression
    22 Juillet 2011 19:59:53

    et voici le rapport:

    1. ========================= SEAF 1.0.1.0 - C_XX
    2.
    3. CommencÈ ‡: 19:56:09 le 22/07/2011
    4.
    5. Valeur(s) recherchÈe(s):
    6. combofix
    7.
    8. LÈgende: TC => Date de crÈation, TM => Date de modification, DA => Dernier accËs
    9.
    10.
    11. ====== Fichier(s) ======
    12.
    13.
    14. "C:\ComboFix\ComboFix-Download.cfxxe" [ ARCHIVE|READONLY | 236 Ko ]
    15. TC: 31/08/2000,02:00:00 | TM: 31/08/2000,02:00:00 | DA: 22/07/2011,15:58:56
    16.
    17.
    18. =========================
    19.
    20.
    21. "C:\ComboFix\ndis_combofix.dat" [ ARCHIVE | 283 o ]
    22. TC: 24/12/2009,10:12:40 | TM: 24/12/2009,10:12:40 | DA: 22/07/2011,15:58:57
    23.
    24.
    25. =========================
    26.
    27.
    28. "C:\Users\ediz\Desktop\ComboFix.exe" [ READONLY | 4154 Ko ]
    29. TC: 22/07/2011,15:19:18 | TM: 22/07/2011,15:17:36 | DA: 22/07/2011,15:19:18
    30.
    31.
    32. =========================
    33.
    34.
    35. =========================
    36.
    37. Fin ‡: 19:58:43 le 22/07/2011
    38. 334449 …lÈments analysÈs
    39.
    40. =========================
    41. E.O.F
    a c 1024 8 Sécurité
    22 Juillet 2011 20:52:00

    Bonjour,

    Bon, c'est bizarre que OTL voit le fichier Combofix.txt et pas SEAF .... et toi non plus d'ailleurs.
    De toute façon le fichier à l'air vide.

    Malwarebyte's Anti-Malware :


  • Télécharge et installe Malwarebyte's Anti-Malware (clique sur Download Free version)
  • A la fin de l'installation, veille à ce que l'option Mettre à jour Malwarebytes' Anti-Malware soit cochée
  • Clique sur Terminer
  • Lance Malwarebyte's en double-cliquant sur l'icône sur le bureau
    /!\ Sous Vista et Windows 7, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
  • Les Mises à jour se téléchargent, puis ouvre Malwarebyte's
  • Dans l'onglet Recherche, coche Exécuter un examen complet puis clique sur Rechercher
  • Sélectionne ton disque dur, puis clique sur Lancer l'examen
  • A la fin du scan, clique sur Afficher les résultats
  • Pour supprimer les éléments détectés, clique sur Supprimer la sélection
  • Si un redémarrage est demandé, clique sur Yes
  • Le rapport mbam-log[date-heure].txt s'ouvre, copie-colle le contenu de ce rapport dans ta réponse sur le forum

    Puis tu relances OTL pour générer un nouveau rapport s'il te plaît.
    Mais télécharge une nouvelle version OTL et enregistre-la directement sur ton Bureau.
    On vérifiera ainsi si maintenant l'outil fonctionne normalement.
    Tu postes le rapport bien sûr.

    Je ne pourrais maintenant te répondre que demain en fin de matinée.

    @+
    23 Juillet 2011 10:38:03

    je n'arrive pas a me connecter au net.... ca doit etre le virus...je ne peux donc pas faire les mises a jours....
    a c 1024 8 Sécurité
    23 Juillet 2011 12:07:14

    Bonjour,

    C'est en redémarrant le PC ce matin, que tu t'es aperçu que la connexion ne se faisait plus ?

    Tu as tenté de réparer via le Centre de réseau et partage ?

    Vérifie aussi qu'un proxy ne se soit pas installé.

    Pour désactiver le proxy sous IE dans Options internet :
    Sélectionne l'onglet Connexion puis clique sur le bouton Paramètres réseau.
    Dans la nouvelle fenêtre, sous Serveur Proxy, décoche la case Utiliser un serveur Proxy puis clique sur OK autant de fois que nécessaire pour fermer toutes les fenêtres.


    Sous Firefox, dans Outils/Options/Avancé sélectionne l'onglet Réseau.
    Sous la rubrique Connexion, clique sur Paramètres.
    Coche la case Pas de proxy puis clique sur OK autant de fois que nécessaire pour fermer toutes les fenêtres.

    @+

    PS : pour info, je serais absente jusqu'à demain.
    23 Juillet 2011 12:17:09

    non non Internet ne marche plus depuis un moment... je vous ecris depuis un ordinateur du travail... suis aller au boulot pour reparer mon ordinateur...
    je suis en train de faire lanalyse Malyarebytes... qui est peu longue....
    a c 1024 8 Sécurité
    23 Juillet 2011 18:18:45

    Bonjour ediz,

    J'ai pu finalement me libérer un peu.

    Après Malwarebytes, quand tu relanceras OTL selon la procédure indiquée plus haut, remplace par ce qui suit le copier-coller dans le cadre Personnalisation :

    netsvcs
    msconfig
    drivers32
    /md5start
    explorer.exe
    wininit.exe
    winlogon.exe
    userinit.exe
    svchost.exe
    csc.sys
    /md5stop
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    hklm\system\CurrentControlSet\Control\Session Manager\SubSystems /s
    nslookup http://www.google.fr /c
    CREATERESTOREPOINT


    En complément, fais aussi ce qui suit :

    Télécharge SystemLook à partir d'un des liens ci dessous sur ton Bureau
    Download Mirror
    Download Mirror #2

  • Clique sur SystemLook.exe pour le lançer
    /!\ Sous Vista et Windows 7, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
  • Copie-colle le contenu du cadre ci dessous dans le cadre blanc de SystemLook
    :filefind
    csc.sys

  • Clique sur le bouton Look
  • Patiente le temps de la recherche, le Bloc-note s'ouvre avec les résultats de l'analyse
  • Copie-colle le contenu de ce rapport dans ta prochaine réponse
    Le rapport SystemLook.txt est enregistré sur le Bureau

    @+
    24 Juillet 2011 13:39:38

    l'ordinateur redemmare a chaque fois que je lance anti malwarebytes....
    24 Juillet 2011 14:23:35

    voici le rapport OTL:

    OTL logfile created on: 24/07/2011 13:42:06 - Run 2
    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\ediz\Desktop
    Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    2,97 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 69,04% Memory free
    5,93 Gb Paging File | 4,92 Gb Available in Paging File | 82,93% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 298,09 Gb Total Space | 32,59 Gb Free Space | 10,93% Space Free | Partition Type: NTFS

    Computer Name: EDIZ-PC | User Name: ediz | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/07/22 10:37:22 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\ediz\Desktop\zdf.exe
    PRC - [2011/07/14 09:07:21 | 000,137,536 | ---- | M] (Facebook Inc.) -- C:\Users\ediz\AppData\Local\Facebook\Update\FacebookUpdate.exe
    PRC - [2011/03/24 08:11:25 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Freecorder\FLVSrvc.exe
    PRC - [2011/03/22 23:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    PRC - [2011/03/01 23:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    PRC - [2011/03/01 23:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    PRC - [2011/02/23 16:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2011/01/20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
    PRC - [2010/09/08 07:22:30 | 000,721,408 | ---- | M] (Autodesk Inc) -- C:\Program Files\Autodesk\SketchBookPro2011\SketchBookSnapshot.exe
    PRC - [2010/01/21 17:20:06 | 001,422,168 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
    PRC - [2010/01/05 20:00:40 | 000,256,640 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
    PRC - [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/07/23 10:30:06 | 000,544,768 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
    PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2009/07/14 03:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
    PRC - [2009/07/14 03:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
    PRC - [2005/07/06 15:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/07/23 16:37:21 | 000,018,432 | ---- | M] (Applian Technologies, Inc.) -- C:\Users\ediz\AppData\Local\FLVService\lib\FLVSrvLib.dll
    MOD - [2011/07/22 10:37:22 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\ediz\Desktop\zdf.exe
    MOD - [2011/04/14 19:01:48 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.5570_none_509463cabcb6ef2a\msvcr90.dll
    MOD - [2011/04/11 14:26:52 | 000,213,696 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll
    MOD - [2011/02/23 16:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
    MOD - [2010/08/21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (wlidsvc)
    SRV - File not found [Auto | Stopped] -- -- (UMVPFSrv)
    SRV - File not found [Auto | Stopped] -- -- (TouchServicePen)
    SRV - File not found [Auto | Stopped] -- -- (TGCM_ImportWiFiSvc)
    SRV - File not found [Auto | Stopped] -- -- (TabletServicePen)
    SRV - File not found [On_Demand | Stopped] -- -- (iPod Service)
    SRV - File not found [Auto | Stopped] -- -- (Hamachi2Svc)
    SRV - File not found [On_Demand | Stopped] -- -- (gupdatem) Service Google Update (gupdatem)
    SRV - File not found [Auto | Stopped] -- -- (gupdate) Service Google Update (gupdate)
    SRV - File not found [Disabled | Stopped] -- -- (GDScan)
    SRV - File not found [On_Demand | Stopped] -- -- (FLEXnet Licensing Service)
    SRV - File not found [Auto | Stopped] -- -- (Bonjour Service)
    SRV - File not found [Disabled | Stopped] -- -- (AVKWCtl)
    SRV - File not found [Auto | Stopped] -- -- (AVKService)
    SRV - File not found [Auto | Stopped] -- -- (AVKProxy)
    SRV - File not found [Auto | Stopped] -- -- (ASLDRService)
    SRV - File not found [Auto | Stopped] -- -- (Apple Mobile Device)
    SRV - File not found [Auto | Stopped] -- -- (AFBAgent)
    SRV - File not found [Auto | Stopped] -- -- (a2AntiMalware)
    SRV - [2011/06/29 22:48:24 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai\netsession_win_e477fed.dll -- (Akamai)
    SRV - [2011/02/23 16:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2011/02/23 16:04:17 | 000,121,000 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
    SRV - [2010/10/03 02:02:32 | 001,343,400 | ---- | M] () [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
    SRV - [2007/08/03 12:24:54 | 000,125,496 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/07/19 15:15:46 | 000,048,344 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PktIcpt.sys -- (GDPkIcpt)
    DRV - [2011/07/19 15:15:02 | 000,039,640 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\HookCentre.sys -- (HookCentre)
    DRV - [2011/07/19 15:15:01 | 000,074,456 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\MiniIcpt.sys -- (GDMnIcpt)
    DRV - [2011/07/19 15:15:00 | 000,037,720 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\GDBehave.sys -- (GDBehave)
    DRV - [2011/04/01 05:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 600(UVC)
    DRV - [2011/04/01 05:09:48 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
    DRV - [2011/03/02 18:43:21 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV - [2011/02/23 15:57:38 | 000,101,976 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)
    DRV - [2011/02/23 15:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2011/02/23 15:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2011/02/23 15:56:41 | 000,192,728 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)
    DRV - [2011/02/23 15:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2011/02/23 15:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2011/02/23 15:55:03 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2011/02/23 15:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2011/02/23 14:34:54 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\aswNdis.sys -- (aswNdis)
    DRV - [2011/02/20 21:30:06 | 000,073,728 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys -- (a2acc)
    DRV - [2010/10/05 13:26:10 | 000,016,240 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
    DRV - [2010/10/05 13:26:02 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
    DRV - [2010/10/05 13:26:00 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
    DRV - [2010/09/05 12:25:22 | 000,041,928 | ---- | M] (Emsi Software GmbH) [File_System | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys -- (a2injectiondriver)
    DRV - [2010/07/29 01:25:02 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
    DRV - [2010/05/05 09:40:32 | 000,011,776 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2util32.sys -- (a2util)
    DRV - [2010/04/19 20:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
    DRV - [2010/04/09 09:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
    DRV - [2010/04/07 11:05:00 | 000,204,800 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
    DRV - [2010/03/25 04:08:38 | 000,105,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2010/03/20 05:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
    DRV - [2010/02/03 16:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
    DRV - [2009/10/05 16:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2009/07/20 17:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
    DRV - [2009/07/14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
    DRV - [2009/07/14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
    DRV - [2009/07/14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
    DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
    DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2009/07/14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
    DRV - [2009/07/14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
    DRV - [2009/07/14 01:15:13 | 000,387,584 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\csc.sys -- (CSC)
    DRV - [2009/07/14 00:02:47 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
    DRV - [2007/08/03 20:26:22 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
    DRV - [2007/07/31 02:39:00 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1825224032-1265911557-2456511187-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    IE - HKU\S-1-5-21-1825224032-1265911557-2456511187-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
    IE - HKU\S-1-5-21-1825224032-1265911557-2456511187-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mystart.com/?pr=vmn&id=pandasecuritytb&v=2_0
    IE - HKU\S-1-5-21-1825224032-1265911557-2456511187-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
    IE - HKU\S-1-5-21-1825224032-1265911557-2456511187-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
    IE - HKU\S-1-5-21-1825224032-1265911557-2456511187-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B3 09 3D 13 7D 62 CB 01 [binary data]
    IE - HKU\S-1-5-21-1825224032-1265911557-2456511187-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-1825224032-1265911557-2456511187-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-1825224032-1265911557-2456511187-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: ""
    FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.5
    FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11
    FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.4.0024
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT106093..."

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@t-immersion.com/DFusionHomeWebPlugIn: C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\ediz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/21 18:15:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/05 11:18:14 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/06 11:12:30 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/07/13 11:00:13 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

    [2011/04/05 17:33:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ediz\AppData\Roaming\mozilla\Extensions
    [2011/04/05 17:33:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ediz\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2011/07/22 18:39:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ediz\AppData\Roaming\mozilla\Firefox\Profiles\y0q58nwu.default\extensions
    [2011/05/04 16:19:19 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\ediz\AppData\Roaming\mozilla\Firefox\Profiles\y0q58nwu.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
    [2011/07/05 10:13:13 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Users\ediz\AppData\Roaming\mozilla\Firefox\Profiles\y0q58nwu.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
    [2011/06/27 09:20:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\ediz\AppData\Roaming\mozilla\Firefox\Profiles\y0q58nwu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2011/05/05 11:18:50 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\ediz\AppData\Roaming\mozilla\Firefox\Profiles\y0q58nwu.default\extensions\DTToolbar@toolbarnet.com
    [2011/06/28 16:42:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ediz\AppData\Roaming\mozilla\Firefox\Profiles\y0q58nwu.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin\PandaSecurityTb_2.0.0.10\$TEMP\$[56]\extensions
    [2011/06/28 16:42:56 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Users\ediz\AppData\Roaming\mozilla\Firefox\Profiles\y0q58nwu.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin\PandaSecurityTb_2.0.0.10\$TEMP\$[56]\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
    [2011/03/02 18:42:58 | 000,002,059 | ---- | M] () -- C:\Users\ediz\AppData\Roaming\Mozilla\Firefox\Profiles\y0q58nwu.default\searchplugins\daemon-search.xml
    [2011/07/19 15:15:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
    [2011/03/11 13:09:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    File not found (No name found) --
    [2011/07/21 18:15:15 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    () (No name found) -- C:\USERS\EDIZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y0Q58NWU.DEFAULT\EXTENSIONS\{340C2BBC-CE74-4362-90B5-7C26312808EF}.XPI
    () (No name found) -- C:\USERS\EDIZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y0Q58NWU.DEFAULT\EXTENSIONS\YTVDW@PGPORT.COM.XPI
    [2011/05/05 11:18:12 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/03/11 13:08:53 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2010/01/01 10:00:00 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
    [2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2010/01/01 10:00:00 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
    [2010/01/01 10:00:00 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
    [2010/01/01 10:00:00 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml

    O1 HOSTS File: ([2011/07/22 12:42:22 | 000,000,843 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
    O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
    O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
    O3 - HKU\S-1-5-21-1825224032-1265911557-2456511187-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
    O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Anti Trojan Elite] File not found
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
    O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
    O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
    O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKU\S-1-5-21-1825224032-1265911557-2456511187-1000..\Run: [AdobeBridge] File not found
    O4 - HKU\S-1-5-21-1825224032-1265911557-2456511187-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-1825224032-1265911557-2456511187-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\S-1-5-21-1825224032-1265911557-2456511187-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
    O7 - HKU\S-1-5-21-1825224032-1265911557-2456511187-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000050 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000051 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000052 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000053 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000054 - File not found
    O13 - gopher Prefix: missing
    O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control)
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sourc... (BDSCANONLINE Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-wind... (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-wind... (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-wind... (Java Plug-in 1.6.0_24)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{b284a4f2-5c27-11e0-b165-90e6ba163d16}\Shell - "" = AutoRun
    O33 - MountPoints2\{b284a4f2-5c27-11e0-b165-90e6ba163d16}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe
    O33 - MountPoints2\E\Shell\setup\command - "" = E:\setup.exe
    O33 - MountPoints2\H\Shell - "" = AutoRun
    O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe
    O33 - MountPoints2\I\Shell - "" = AutoRun
    O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\EE3AutoRun.exe
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    MsConfig - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    MsConfig - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
    MsConfig - StartUpReg: BCSSync - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    MsConfig - StartUpReg: BitTorrent DNA - hkey= - key= - C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
    MsConfig - StartUpReg: HControlUser - hkey= - key= - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
    MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found
    MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
    MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
    MsConfig - StartUpReg: Persistence - hkey= - key= - File not found
    MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
    MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
    MsConfig - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    MsConfig - State: "startup" - 2

    Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.DIVX - C:\Windows\System32\divx.dll (DivX, Inc.)
    Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
    Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
    Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
    Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
    Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/07/24 13:26:09 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Local\{35D223CA-1715-456D-8674-C419F3EA67D7}
    [2011/07/23 14:45:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
    [2011/07/23 14:45:44 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag
    [2011/07/23 13:08:12 | 002,540,574 | ---- | C] (Nicolas Coolman ) -- C:\Users\ediz\Desktop\ZHPDiag2.exe
    [2011/07/23 10:33:20 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\ediz\Desktop\mbam-setup-1.51.1.1800(2).exe
    [2011/07/23 10:26:20 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Local\{69AA183D-BAA4-458A-BCC3-6794F778F91D}
    [2011/07/22 20:29:46 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Local\{D4E33AF5-D37C-4D97-9DFD-7A90A58D79A3}
    [2011/07/22 20:02:18 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Local\{0F940A79-9258-46DA-ADF6-62834884E065}
    [2011/07/22 19:55:57 | 000,000,000 | ---D | C] -- C:\Program Files\SEAF
    [2011/07/22 19:55:51 | 000,498,868 | ---- | C] (C_XX) -- C:\Users\ediz\Desktop\SEAF.exe
    [2011/07/22 18:43:34 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Local\{7DF73A1A-D58E-43DC-A146-7B919938AACD}
    [2011/07/22 18:39:09 | 000,000,000 | ---D | C] -- C:\_OTL
    [2011/07/22 16:11:40 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\ediz\Desktop\zdf.exe
    [2011/07/22 15:59:40 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2011/07/22 15:32:24 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Local\{832EAD4D-2B6F-4927-A035-71EFE2DB90F6}
    [2011/07/22 15:22:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/07/22 15:22:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/07/22 15:22:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/07/22 15:21:47 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/07/22 15:21:33 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/07/22 15:19:18 | 004,153,924 | R--- | C] (Swearware) -- C:\Users\ediz\Desktop\ComboFix.exe
    [2011/07/22 15:05:11 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Local\{5D7FA6E4-261A-4CDD-89AA-5601D2B50AF7}
    [2011/07/22 14:52:32 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Local\{F4B4E9E0-E7DE-4297-85E6-9278F8F0249C}
    [2011/07/22 13:21:50 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Local\{A1494902-6327-46B7-8D33-34804504298D}
    [2011/07/22 12:50:38 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Local\{B2A9A033-C082-427A-9C0C-3B1D17F0B986}
    [2011/07/22 12:44:46 | 001,436,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\ediz\Desktop\TDSSKiller.exe
    [2011/07/22 12:03:45 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Local\{E6C9B5B5-764D-4BF9-99B4-DF7692495879}
    [2011/07/21 18:16:00 | 000,301,528 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2011/07/21 18:16:00 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2011/07/21 18:16:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
    [2011/07/21 18:15:57 | 000,101,976 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys
    [2011/07/21 18:15:33 | 000,192,728 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
    [2011/07/21 18:15:32 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2011/07/21 18:15:32 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2011/07/21 18:15:28 | 000,371,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2011/07/21 18:15:26 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2011/07/21 18:15:13 | 000,040,648 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2011/07/21 18:15:13 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
    [2011/07/21 18:15:12 | 000,190,016 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2011/07/21 17:50:34 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Local\{8CB6593B-3330-4D82-9062-1426C406B4E2}
    [2011/07/20 18:01:50 | 000,000,000 | ---D | C] -- C:\Users\ediz\Desktop\RK_Quarantine
    [2011/07/20 16:31:13 | 000,000,000 | ---D | C] -- C:\UsbFix
    [2011/07/20 16:03:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojancheck 6
    [2011/07/20 16:03:13 | 000,000,000 | ---D | C] -- C:\Program Files\Trojancheck 6
    [2011/07/20 15:51:36 | 000,000,000 | ---D | C] -- C:\Program Files\Anti Trojan Elite
    [2011/07/20 14:29:07 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Local\{13CCA827-3BB6-444F-8173-EB60C3C6884B}
    [2011/07/20 08:21:43 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Local\{460D0342-6421-470B-9458-BB61520C269B}
    [2011/07/20 08:17:25 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Local\{CCE4C7D0-09A9-4FFF-9D75-ACFFA569E010}
    [2011/07/19 15:29:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
    [2011/07/19 15:29:03 | 000,000,000 | ---D | C] -- C:\Users\ediz\Documents\Anti-Malware
    [2011/07/19 15:29:02 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
    [2011/07/19 15:15:46 | 000,048,344 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys
    [2011/07/19 15:15:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data AntiVirus 2012
    [2011/07/19 15:15:02 | 000,039,640 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys
    [2011/07/19 15:15:01 | 000,074,456 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys
    [2011/07/19 15:15:00 | 000,037,720 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys
    [2011/07/19 15:14:57 | 000,052,440 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys
    [2011/07/19 15:12:21 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA
    [2011/07/19 15:12:21 | 000,000,000 | ---D | C] -- C:\Program Files\G Data
    [2011/07/19 15:12:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\G Data
    [2011/07/19 14:49:22 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Local\Downloaded Installations
    [2011/07/19 10:41:51 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Local\{8C34237F-EB9F-431C-981C-512C2666FFA6}
    [2011/07/19 10:27:17 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Local\{D62AA610-DA84-4E72-B58F-44B95630F686}
    [2011/07/19 10:08:44 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Local\{F4B9CF48-A0FB-4AA2-9B0B-F6276852136C}
    [2011/07/19 09:45:48 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Local\{63AF7305-1A6A-4656-B544-0AB054D1F86F}
    [2011/07/19 09:22:58 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Local\{B07255BE-C85E-4C98-A419-E4BDD8309314}
    [2011/07/19 09:15:29 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Local\{59D7E70D-30D9-48FF-BFBA-F3D005393659}
    [2011/07/19 09:10:56 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Local\{E92D7D7B-1407-4848-8533-66EC350704A6}
    [2011/07/18 18:00:50 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2011/07/18 18:00:50 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2011/07/18 14:48:15 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Local\{43674F49-8819-484A-87AF-FD0218602E57}
    [2011/07/18 10:47:43 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Local\{0B52C696-0487-47C5-B201-4CDD862AD999}
    [2011/07/15 13:21:03 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Local\MotionDSP
    [2011/07/15 13:20:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\vReveal
    [2011/07/15 13:20:18 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Roaming\MotionDSP
    [2011/07/15 13:19:46 | 000,000,000 | ---D | C] -- C:\Program Files\vReveal 3
    [2011/07/14 17:19:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\proDAD
    [2011/07/14 17:19:36 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Roaming\proDAD
    [2011/07/14 17:19:33 | 000,000,000 | ---D | C] -- C:\Program Files\proDAD
    [2011/07/14 13:56:36 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\2d3
    [2011/07/14 13:56:31 | 000,000,000 | ---D | C] -- C:\Program Files\2d3
    [2011/07/14 13:54:26 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
    [2011/07/13 22:02:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2011/07/13 21:30:44 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Local\{E30543C6-1AF9-4693-854C-22BD7E7EB47C}
    [2011/07/08 10:25:47 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Local\Facebook
    [2011/07/06 21:52:15 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Local\{6C7B8902-7FBA-4642-A965-CB0E50A16C64}
    [2011/07/06 17:17:28 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Roaming\Total Immersion
    [2011/07/06 09:55:34 | 000,000,000 | ---D | C] -- C:\Users\ediz\Desktop\SITES
    [2011/07/05 14:25:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TissotAR
    [2011/07/05 14:25:33 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Roaming\tissot
    [2011/07/05 14:25:07 | 000,000,000 | ---D | C] -- C:\Program Files\TissotAR
    [2011/07/04 16:55:54 | 000,000,000 | ---D | C] -- C:\Users\ediz\Desktop\FINAL_BAYER
    [2011/07/04 10:06:43 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Local\{72C1B2C3-1D1A-4034-B27C-A28B9482ED93}
    [2011/06/30 09:38:22 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Local\{8A47B044-14CE-4117-B83E-EC83F259F52F}
    [2011/06/29 18:15:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trapcode 3DStroke
    [2011/06/29 18:08:47 | 000,000,000 | ---D | C] -- C:\Program Files\Trapcode
    [2011/06/29 18:08:47 | 000,000,000 | ---D | C] -- C:\Presets
    [2011/06/29 17:24:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
    [2011/06/29 17:24:33 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
    [2011/06/29 17:23:49 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Local\{05F79BAF-D635-478B-8691-10E3AD9830B6}
    [2011/06/29 17:14:43 | 000,000,000 | ---D | C] -- C:\Users\ediz\Desktop\After_Effetcs
    [2011/06/29 17:08:39 | 000,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
    [2011/06/29 10:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS4
    [2011/06/29 10:53:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
    [2011/06/29 10:46:46 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Local\{EFB80655-2EDF-4204-B0AD-31C4E7BD1B5D}
    [2011/06/29 10:30:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
    [2011/06/29 10:30:33 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
    [2011/06/29 09:38:57 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Local\{1FB065C6-999E-45D7-9E31-0F3D8AC4656D}
    [2011/06/28 22:39:36 | 000,000,000 | ---D | C] -- C:\Users\ediz\Desktop\ZIK
    [2011/06/28 17:16:02 | 000,000,000 | ---D | C] -- C:\MoTemp
    [2011/06/28 16:44:51 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Roaming\Panda Security
    [2011/06/28 16:43:48 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Local\panda2_0dn
    [2011/06/28 16:43:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security URL Filtering
    [2011/06/28 16:41:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
    [2011/06/28 16:41:42 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
    [2011/06/28 16:40:51 | 000,000,000 | ---D | C] -- C:\temp
    [2011/06/28 10:23:37 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Roaming\avidemux
    [2011/06/28 10:23:18 | 000,000,000 | ---D | C] -- C:\Program Files\Avidemux 2.5
    [2011/06/28 09:41:38 | 000,000,000 | ---D | C] -- C:\Users\ediz\Desktop\STICK-28-06-11
    [2011/06/28 09:35:47 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Local\{77E1EB61-C62F-4661-BCEB-3A6B21A66381}
    [2011/06/27 21:35:55 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Local\{3864F748-7AAD-49A2-AEAE-6C95FA2B870A}
    [2011/06/27 15:59:57 | 000,000,000 | ---D | C] -- C:\Users\ediz\Desktop\ll VERY NICE ll
    [2011/06/27 10:20:20 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Roaming\Fit3DLive
    [2011/06/27 10:05:54 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Immersion
    [2011/06/27 10:05:53 | 000,000,000 | ---D | C] -- C:\Program Files\Total Immersion
    [2011/06/27 09:23:03 | 000,000,000 | ---D | C] -- C:\Users\ediz\Desktop\download Helper
    [2011/06/27 09:22:43 | 000,000,000 | ---D | C] -- C:\Users\ediz\dwhelper
    [2011/06/27 09:11:20 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Local\{AD389719-6E8D-4563-A21E-C861DCEC36B5}
    [2011/06/26 13:48:51 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Local\{58B3CD12-C064-4F1A-B674-2CB2F3FC17CB}
    [2011/06/25 11:32:59 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Local\{14B6736A-0AD2-4BF9-A62F-BC1C0A6ED654}
    [2011/06/24 21:43:32 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Local\{E5B0E50D-3FF6-4284-BAE0-245A96F29401}
    [2011/06/24 17:23:47 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2011/06/24 17:22:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2011/06/24 17:22:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2011/06/24 17:22:07 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2011/06/24 17:03:29 | 000,000,000 | ---D | C] -- C:\Users\ediz\AppData\Roaming\Autodesk
    [2011/06/24 17:03:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
    [2011/06/24 17:03:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Alias
    [2011/06/24 17:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
    [2010/10/05 18:40:10 | 000,013,880 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
    [2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

    ========== Files - Modified Within 30 Days ==========

    [2011/07/24 13:37:39 | 001,315,986 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
    [2011/07/24 13:37:39 | 000,822,192 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/07/24 13:37:39 | 000,339,178 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
    [2011/07/24 13:37:39 | 000,308,970 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/07/24 13:26:01 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/07/24 13:26:01 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/07/24 13:25:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/07/23 15:24:48 | 417,288,315 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/07/23 15:24:45 | 2388,459,520 | -HS- | M] () -- C:\hiberfil.sys
    [2011/07/23 13:07:06 | 002,540,574 | ---- | M] (Nicolas Coolman ) -- C:\Users\ediz\Desktop\ZHPDiag2.exe
    [2011/07/23 13:06:28 | 000,302,592 | ---- | M] () -- C:\Users\ediz\Desktop\vvjqrhhv.exe
    [2011/07/23 12:28:39 | 000,010,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/07/23 12:28:39 | 000,010,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/07/23 10:34:16 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/07/23 10:30:48 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\ediz\Desktop\mbam-setup-1.51.1.1800(2).exe
    [2011/07/22 19:54:30 | 000,498,868 | ---- | M] (C_XX) -- C:\Users\ediz\Desktop\SEAF.exe
    [2011/07/22 15:17:36 | 004,153,924 | R--- | M] (Swearware) -- C:\Users\ediz\Desktop\ComboFix.exe
    [2011/07/22 12:43:00 | 001,383,430 | ---- | M] () -- C:\Users\ediz\Desktop\tdsskiller.zip
    [2011/07/22 10:37:22 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\ediz\Desktop\zdf.exe
    [2011/07/22 10:37:22 | 000,579,584 | ---- | M] () -- C:\Users\ediz\Desktop\OTL.exe
    [2011/07/21 18:16:00 | 000,001,998 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
    [2011/07/21 18:15:26 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2011/07/20 18:00:40 | 000,516,608 | ---- | M] () -- C:\Users\ediz\Desktop\dfgr-5.2.7.exe
    [2011/07/20 16:48:08 | 000,302,592 | ---- | M] () -- C:\Users\ediz\Desktop\4p4486o5.exe
    [2011/07/20 16:03:13 | 000,000,973 | ---- | M] () -- C:\Users\ediz\Desktop\Trojancheck.lnk
    [2011/07/19 16:09:22 | 000,027,623 | ---- | M] () -- C:\Users\ediz\Desktop\rr.JPG
    [2011/07/19 15:29:36 | 000,001,077 | ---- | M] () -- C:\Users\ediz\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
    [2011/07/19 15:29:36 | 000,001,053 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
    [2011/07/19 15:15:46 | 000,048,344 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys
    [2011/07/19 15:15:02 | 000,039,640 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys
    [2011/07/19 15:15:01 | 000,074,456 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys
    [2011/07/19 15:15:00 | 000,037,720 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys
    [2011/07/19 15:14:57 | 000,052,440 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys
    [2011/07/18 15:40:58 | 002,318,783 | ---- | M] () -- C:\Users\ediz\Desktop\31 On the Prowl (from Soul Sisters).mp3
    [2011/07/18 15:04:00 | 003,513,962 | ---- | M] () -- C:\Users\ediz\Desktop\Air.MP3
    [2011/07/18 10:44:37 | 006,339,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/07/15 10:11:22 | 000,000,132 | ---- | M] () -- C:\Users\ediz\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2011/07/14 17:19:42 | 000,000,306 | ---- | M] () -- C:\Users\Public\Desktop\Mercalli Tips.lnk
    [2011/07/13 15:37:51 | 000,568,662 | ---- | M] () -- C:\Users\ediz\Desktop\Lindner_3D_02.tif
    [2011/07/13 13:19:34 | 000,462,825 | ---- | M] () -- C:\Users\ediz\Desktop\loch.png
    [2011/07/13 12:41:44 | 000,002,151 | ---- | M] () -- C:\Windows\System32\AutoRunFilter.ini
    [2011/07/13 12:13:39 | 000,045,116 | ---- | M] () -- C:\Users\ediz\Desktop\zdf.JPG
    [2011/07/13 11:18:03 | 000,073,912 | ---- | M] () -- C:\Users\ediz\Desktop\tee.JPG
    [2011/07/13 11:00:41 | 000,002,060 | ---- | M] () -- C:\Users\ediz\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
    [2011/07/12 17:59:18 | 000,022,963 | ---- | M] () -- C:\Users\ediz\Desktop\Capture2.JPG
    [2011/07/12 17:52:13 | 000,021,638 | ---- | M] () -- C:\Users\ediz\Desktop\Capture.JPG
    [2011/07/12 17:51:17 | 003,437,159 | ---- | M] () -- C:\Users\ediz\Desktop\piouf.pdf
    [2011/07/11 16:58:52 | 001,436,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\ediz\Desktop\TDSSKiller.exe
    [2011/07/07 17:39:54 | 000,035,132 | ---- | M] () -- C:\Users\ediz\Desktop\instagram-actions-by-dbox.atn
    [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/07/06 17:17:43 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
    [2011/07/06 11:50:53 | 000,016,384 | ---- | M] () -- C:\Users\ediz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/07/06 09:15:37 | 005,451,598 | ---- | M] () -- C:\Users\ediz\Desktop\KPMG_Deutschland_2010.pdf
    [2011/07/05 16:17:11 | 000,053,248 | ---- | M] () -- C:\Users\ediz\Desktop\SansTitre.MSWMM
    [2011/07/01 10:45:08 | 001,129,707 | ---- | M] () -- C:\Users\ediz\Desktop\ss.inx
    [2011/06/29 18:13:03 | 000,036,868 | ---- | M] () -- C:\Program Files\uninst-Lux.exe
    [2011/06/29 18:08:47 | 000,036,868 | ---- | M] () -- C:\Program Files\uninst-Particular.exe
    [2011/06/29 09:40:38 | 000,001,472 | ---- | M] () -- C:\Windows\System32\ServiceFilter.ini
    [2011/06/28 16:25:19 | 000,081,984 | ---- | M] () -- C:\Windows\System32\bdod.bin
    [2011/06/28 10:23:26 | 000,001,004 | ---- | M] () -- C:\Users\Public\Desktop\Avidemux 2.5.lnk
    [2011/06/26 08:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe
    [2011/06/25 15:30:24 | 012,374,016 | ---- | M] () -- C:\Users\ediz\Desktop\glowAcademy.indd
    [2011/06/24 17:03:28 | 000,002,126 | ---- | M] () -- C:\Users\ediz\Application Data\Microsoft\Internet Explorer\Quick Launch\Autodesk SketchBookPro 2011.lnk
    [2011/06/24 17:03:28 | 000,002,102 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk SketchBookPro 2011.lnk
    [2011/06/24 17:03:22 | 000,002,105 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SketchBook Snapshot.lnk

    ========== Files Created - No Company Name ==========

    [2011/07/23 13:08:08 | 000,302,592 | ---- | C] () -- C:\Users\ediz\Desktop\vvjqrhhv.exe
    [2011/07/23 10:34:16 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/07/22 20:40:09 | 000,516,608 | ---- | C] () -- C:\Users\ediz\Desktop\dfgr-5.2.7.exe
    [2011/07/22 15:22:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/07/22 15:22:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/07/22 15:22:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/07/22 15:22:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/07/22 15:22:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/07/22 12:44:38 | 001,383,430 | ---- | C] () -- C:\Users\ediz\Desktop\tdsskiller.zip
    [2011/07/22 10:38:44 | 000,579,584 | ---- | C] () -- C:\Users\ediz\Desktop\OTL.exe
    [2011/07/21 18:16:00 | 000,001,998 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
    [2011/07/20 16:59:25 | 000,302,592 | ---- | C] () -- C:\Users\ediz\Desktop\4p4486o5.exe
    [2011/07/20 16:03:13 | 000,000,973 | ---- | C] () -- C:\Users\ediz\Desktop\Trojancheck.lnk
    [2011/07/19 16:09:21 | 000,027,623 | ---- | C] () -- C:\Users\ediz\Desktop\rr.JPG
    [2011/07/19 15:29:36 | 000,001,077 | ---- | C] () -- C:\Users\ediz\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
    [2011/07/19 15:29:35 | 000,001,053 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
    [2011/07/19 13:57:12 | 417,288,315 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2011/07/18 15:41:23 | 002,318,783 | ---- | C] () -- C:\Users\ediz\Desktop\31 On the Prowl (from Soul Sisters).mp3
    [2011/07/18 15:04:00 | 003,513,962 | ---- | C] () -- C:\Users\ediz\Desktop\Air.MP3
    [2011/07/14 17:19:42 | 000,000,306 | ---- | C] () -- C:\Users\Public\Desktop\Mercalli Tips.lnk
    [2011/07/14 16:28:35 | 000,035,132 | ---- | C] () -- C:\Users\ediz\Desktop\instagram-actions-by-dbox.atn
    [2011/07/13 15:37:36 | 000,568,662 | ---- | C] () -- C:\Users\ediz\Desktop\Lindner_3D_02.tif
    [2011/07/13 13:19:53 | 000,462,825 | ---- | C] () -- C:\Users\ediz\Desktop\loch.png
    [2011/07/13 12:13:38 | 000,045,116 | ---- | C] () -- C:\Users\ediz\Desktop\zdf.JPG
    [2011/07/13 11:18:00 | 000,073,912 | ---- | C] () -- C:\Users\ediz\Desktop\tee.JPG
    [2011/07/13 11:00:42 | 000,002,048 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
    [2011/07/12 17:59:18 | 000,022,963 | ---- | C] () -- C:\Users\ediz\Desktop\Capture2.JPG
    [2011/07/12 17:52:12 | 000,021,638 | ---- | C] () -- C:\Users\ediz\Desktop\Capture.JPG
    [2011/07/12 17:51:16 | 003,437,159 | ---- | C] () -- C:\Users\ediz\Desktop\piouf.pdf
    [2011/07/06 09:15:36 | 005,451,598 | ---- | C] () -- C:\Users\ediz\Desktop\KPMG_Deutschland_2010.pdf
    [2011/07/05 16:17:10 | 000,053,248 | ---- | C] () -- C:\Users\ediz\Desktop\SansTitre.MSWMM
    [2011/07/01 10:45:07 | 001,129,707 | ---- | C] () -- C:\Users\ediz\Desktop\ss.inx
    [2011/06/29 18:13:03 | 000,036,868 | ---- | C] () -- C:\Program Files\uninst-Lux.exe
    [2011/06/29 18:08:47 | 000,036,868 | ---- | C] () -- C:\Program Files\uninst-Particular.exe
    [2011/06/28 10:23:26 | 000,001,004 | ---- | C] () -- C:\Users\Public\Desktop\Avidemux 2.5.lnk
    [2011/06/24 17:03:28 | 000,002,126 | ---- | C] () -- C:\Users\ediz\Application Data\Microsoft\Internet Explorer\Quick Launch\Autodesk SketchBookPro 2011.lnk
    [2011/06/24 17:03:28 | 000,002,102 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk SketchBookPro 2011.lnk
    [2011/06/24 17:03:22 | 000,002,105 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SketchBook Snapshot.lnk
    [2011/04/28 15:28:40 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
    [2011/04/01 05:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
    [2011/04/01 05:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
    [2011/04/01 05:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
    [2011/04/01 04:56:00 | 000,027,872 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
    [2011/03/22 23:58:22 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
    [2011/03/11 18:55:00 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
    [2011/03/05 19:24:15 | 000,000,082 | ---- | C] () -- C:\Windows\SIERRA.INI
    [2011/03/05 19:23:28 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
    [2011/03/05 19:23:28 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
    [2011/03/05 19:23:28 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
    [2011/01/21 20:12:24 | 000,081,984 | ---- | C] () -- C:\Windows\System32\bdod.bin
    [2011/01/19 01:16:56 | 000,016,384 | ---- | C] () -- C:\Users\ediz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/01/04 15:59:40 | 000,001,456 | ---- | C] () -- C:\Users\ediz\AppData\Local\Adobe Enregistrer pour le Web 12.0 Prefs
    [2010/11/21 15:36:35 | 000,000,132 | ---- | C] () -- C:\Users\ediz\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
    [2010/10/06 21:32:31 | 000,000,036 | ---- | C] () -- C:\Users\ediz\AppData\Local\housecall.guid.cache
    [2010/10/05 19:25:23 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
    [2010/10/05 19:07:13 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
    [2010/10/05 19:02:25 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
    [2010/10/05 18:54:01 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
    [2010/10/05 18:54:01 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
    [2010/10/05 18:54:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
    [2010/10/05 18:52:06 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
    [2010/10/05 18:43:07 | 000,002,151 | ---- | C] () -- C:\Windows\System32\AutoRunFilter.ini
    [2010/10/05 18:43:07 | 000,001,472 | ---- | C] () -- C:\Windows\System32\ServiceFilter.ini
    [2010/10/05 18:43:07 | 000,000,105 | ---- | C] () -- C:\Windows\System32\FastBoot.ini
    [2010/10/05 18:43:07 | 000,000,080 | ---- | C] () -- C:\Windows\System32\Defrag.ini
    [2010/10/05 18:43:07 | 000,000,052 | ---- | C] () -- C:\Windows\System32\RemoveFont.ini
    [2010/10/05 18:43:07 | 000,000,015 | ---- | C] () -- C:\Windows\System32\BootTime.ini
    [2010/10/05 14:57:10 | 000,293,920 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
    [2010/10/05 14:43:43 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2010/10/03 13:34:06 | 001,315,986 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
    [2010/10/03 13:34:06 | 000,344,522 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
    [2010/10/03 13:34:06 | 000,339,178 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
    [2010/10/03 13:34:06 | 000,038,160 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
    [2010/10/03 00:56:07 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
    [2010/10/03 00:56:07 | 000,593,920 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2010/10/03 00:56:07 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2010/10/03 00:56:06 | 000,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
    [2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
    [2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
    [2009/10/28 15:29:40 | 000,000,940 | ---- | C] () -- C:\Windows\bdoscandellang.ini
    [2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/14 06:33:53 | 006,339,736 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2009/07/14 04:05:48 | 000,822,192 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2009/07/14 04:05:48 | 000,308,970 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2009/07/14 04:05:48 | 000,031,548 | ---- | C]
    24 Juillet 2011 14:26:41

    et le rapport SystemLook

    SystemLook 04.09.10 by jpshortstuff
    Log created at 14:23 on 24/07/2011 by ediz
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "csc.sys"
    C:\Windows\System32\drivers\csc.sys --a---- 387584 bytes [23:15 13/07/2009] [23:15 13/07/2009] D93B9F7EB347F42A5EA0E32F33F6C93B
    C:\Windows\winsxs\x86_microsoft-windows-offlinefiles-core_31bf3856ad364e35_6.1.7600.16385_none_9e1e9f0abd3adf87\csc.sys --a---- 387584 bytes [23:15 13/07/2009] [23:15 13/07/2009] D93B9F7EB347F42A5EA0E32F33F6C93B

    -= EOF =-
    a c 1024 8 Sécurité
    24 Juillet 2011 14:27:35

    Bonjour,

    Oui, mais à force de poster partout, ça n'arrange pas ton système, n'est-ce-pas ?
    Parce qu'entre hier matin et aujourd'hui, tu as fait d'autres manipulations sur ce PC.

    J'espère que dans tout ça, tu as sauvegardé tes données importantes ?

    As-tu ouvert encore un autre sujet sur un autre forum, hormis celui sur CCM hier ?

    Les bénévoles qui aident sur les forums prennent sur leur temps libre, donc on répond quand on peut.
    En l’occurrence cet après-midi, je ne suis pas tout à fait disponible.

    @+
    24 Juillet 2011 14:34:38

    Je sais bien... c'est juste que j'aimerai reparer mon ordinateur au plus vite, hier je n'ai pas fais grand chose, voir rien du tout vu que la personne a vu que tu m'aidais deja...

    Pour les donnes, je dois acheter un disque dur externe demain...je ne veux pas infecter mon disque dur externe que j'ai pour le moment....

    Je n'ai pas ouvert d'autre sujet pour mon probleme....

    On va pouvoir s'occuper quqnd de mon probleme? Que je sache si je dois rester ou non au boulot....
    24 Juillet 2011 14:39:18

    Si tu ne peux pas aujourd'hui je comprend mais dis le moi juste, je suis venu expres au travail pour m'occuper de mon ordinateur...

    merci tout de meme pour le temps que tu prend pour m'aider!

    Ediz
    a c 1024 8 Sécurité
    24 Juillet 2011 14:40:12

    Re,

    Si, tu as procédé à des modifications importantes hier via TDSSKiller.

    Je veux bien continuer à t'aider, mais cela risque d'être par intermittence, j'ai du monde à la maison.

    Désinstalle totalement tout émulateur comme comme Daemon Tools, Alcohol ......

    Puis relance Combofix comme indiqué plus haut
    Quand le message annonçant le Rootkit ZeroAccess apparaît, tu ne dois pas refermer la fenêtre par la croix, mais cliquer impérativement sur OK .
    C'est à ce moment-là que le scan va se lancer.

    Tu postes le rapport obtenu.

    @+
    24 Juillet 2011 15:38:11

    ComboFix 11-07-22.01 - ediz 24/07/2011 15:02:44.1.2 - x86
    Microsoft Windows†7 …dition IntÈgrale 6.1.7600.0.1252.33.1033.18.3037.2231 [GMT 2:00]
    LancÈ depuis: C:\Users\ediz\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))


    C:\install.exe
    C:\Program Files\AutocompletePro
    C:\Program Files\AutocompletePro\chrome\autocompleteprochrome.crx
    C:\Program Files\AutocompletePro\FireFoxExtension.exe
    C:\Program Files\AutocompletePro\InstTracker.exe
    C:\Program Files\AutocompletePro\support@predictad.com\chrome.manifest
    C:\Program Files\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
    C:\Program Files\AutocompletePro\support@predictad.com\chrome\content\options.js
    C:\Program Files\AutocompletePro\support@predictad.com\chrome\content\options.xul
    C:\Program Files\AutocompletePro\support@predictad.com\chrome\content\utils.js
    C:\Program Files\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
    C:\Program Files\AutocompletePro\support@predictad.com\install.rdf
    C:\Program Files\AutocompletePro\unins000.dat
    C:\Program Files\AutocompletePro\unins000.exe
    C:\ProgramData\Amazon.ico
    C:\ProgramData\QuickStores.ico
    C:\Users\ediz\AppData\Roaming\Microsoft\Windows\Recent\more albums on etalonhiphop.blogspot.com.url
    C:\Windows\assembly\GAC_MSIL\desktop.ini


    ((((((((((((((((((((((((((((( Fichiers crÈÈs du 2011-06-24 au 2011-07-24 ))))))))))))))))))))))))))))))))))))


    2011-07-24 13:24:32 . 2011-07-24 13:24:32 -------- d-----w- C:\Users\Default\AppData\Local\temp
    2011-07-23 12:45:44 . 2011-07-23 12:45:45 -------- d-----w- C:\Program Files\ZHPDiag
    2011-07-22 17:55:57 . 2011-07-22 17:55:57 -------- d-----w- C:\Program Files\SEAF
    2011-07-22 16:39:09 . 2011-07-22 16:39:09 -------- d-----w- C:\_OTL
    2011-07-21 16:16:00 . 2011-02-23 13:56:45 301528 ----a-w- C:\Windows\system32\drivers\aswSP.sys
    2011-07-21 16:16:00 . 2011-02-23 13:54:55 19544 ----a-w- C:\Windows\system32\drivers\aswFsBlk.sys
    2011-07-21 16:15:57 . 2011-02-23 13:57:38 101976 ----a-w- C:\Windows\system32\drivers\aswFW.sys
    2011-07-21 16:15:33 . 2011-02-23 13:56:41 192728 ----a-w- C:\Windows\system32\drivers\aswNdis2.sys
    2011-07-21 16:15:32 . 2011-02-23 13:55:49 49240 ----a-w- C:\Windows\system32\drivers\aswTdi.sys
    2011-07-21 16:15:32 . 2011-02-23 13:55:10 25432 ----a-w- C:\Windows\system32\drivers\aswRdr.sys
    2011-07-21 16:15:28 . 2011-02-23 13:56:55 371544 ----a-w- C:\Windows\system32\drivers\aswSnx.sys
    2011-07-21 16:15:26 . 2011-02-23 13:55:03 53592 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys
    2011-07-21 16:15:13 . 2011-02-23 14:04:21 40648 ----a-w- C:\Windows\avastSS.scr
    2011-07-21 16:15:13 . 2011-02-23 12:34:54 12112 ----a-w- C:\Windows\system32\drivers\aswNdis.sys
    2011-07-21 16:15:12 . 2011-02-23 14:04:17 190016 ----a-w- C:\Windows\system32\aswBoot.exe
    2011-07-20 14:31:13 . 2011-07-20 14:36:35 -------- d-----w- C:\UsbFix
    2011-07-20 14:03:13 . 2011-07-20 14:07:28 -------- d-----w- C:\Program Files\Trojancheck 6
    2011-07-20 13:51:36 . 2011-07-22 13:00:29 -------- d-----w- C:\Program Files\Anti Trojan Elite
    2011-07-19 13:29:02 . 2011-07-20 23:18:14 -------- d-----w- C:\Program Files\Emsisoft Anti-Malware
    2011-07-19 13:15:46 . 2011-07-19 13:15:46 48344 ----a-w- C:\Windows\system32\drivers\PktIcpt.sys
    2011-07-19 13:15:02 . 2011-07-19 13:15:02 39640 ----a-w- C:\Windows\system32\drivers\HookCentre.sys
    2011-07-19 13:15:01 . 2011-07-19 13:15:01 74456 ----a-w- C:\Windows\system32\drivers\MiniIcpt.sys
    2011-07-19 13:15:00 . 2011-07-19 13:15:00 37720 ----a-w- C:\Windows\system32\drivers\GDBehave.sys
    2011-07-19 13:14:57 . 2011-07-19 13:14:57 52440 ----a-w- C:\Windows\system32\drivers\gdwfpcd32.sys
    2011-07-19 13:12:21 . 2011-07-22 13:04:06 -------- d-----w- C:\ProgramData\G DATA
    2011-07-19 13:12:21 . 2011-07-22 13:04:06 -------- d-----w- C:\Program Files\Common Files\G Data
    2011-07-19 13:12:21 . 2011-07-19 13:12:21 -------- d-----w- C:\Program Files\G Data
    2011-07-19 12:49:22 . 2011-07-19 12:49:22 -------- d-----w- C:\Users\ediz\AppData\Local\Downloaded Installations
    2011-07-18 16:00:50 . 2011-07-21 16:15:09 -------- d-----w- C:\ProgramData\AVAST Software
    2011-07-18 16:00:50 . 2011-07-20 17:29:01 -------- d-----w- C:\Program Files\AVAST Software
    2011-07-18 13:04:55 . 2011-06-07 15:55:46 7074640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{575DE178-9F5D-4A62-B0E7-216A1913851E}\mpengine.dll
    2011-07-15 11:21:03 . 2011-07-15 11:21:03 -------- d-----w- C:\Users\ediz\AppData\Local\MotionDSP
    2011-07-15 11:20:18 . 2011-07-15 11:20:18 -------- d-----w- C:\Users\ediz\AppData\Roaming\MotionDSP
    2011-07-15 11:19:46 . 2011-07-15 11:20:18 -------- d-----w- C:\Program Files\vReveal 3
    2011-07-14 15:19:36 . 2011-07-14 15:19:36 -------- d-----w- C:\Users\ediz\AppData\Roaming\proDAD
    2011-07-14 15:19:33 . 2011-07-14 15:19:33 -------- d-----w- C:\Program Files\proDAD
    2011-07-14 11:56:31 . 2011-07-14 11:56:31 -------- d-----w- C:\Program Files\2d3
    2011-07-14 11:54:26 . 2011-07-14 11:54:26 -------- d-----w- C:\Windows\Downloaded Installations
    2011-07-08 08:25:47 . 2011-07-08 08:27:27 -------- d-----w- C:\Users\ediz\AppData\Local\Facebook
    2011-07-06 15:17:28 . 2011-07-06 15:17:28 -------- d-----w- C:\Users\ediz\AppData\Roaming\Total Immersion
    2011-07-05 12:25:33 . 2011-07-05 12:28:31 -------- d-----w- C:\Users\ediz\AppData\Roaming\tissot
    2011-07-05 12:25:07 . 2011-07-05 12:25:33 -------- d-----w- C:\Program Files\TissotAR
    2011-06-29 16:13:03 . 2011-06-29 16:13:03 36868 ----a-w- C:\Program Files\uninst-Lux.exe
    2011-06-29 16:08:47 . 2011-06-29 16:15:58 -------- d-----w- C:\Program Files\Trapcode
    2011-06-29 16:08:47 . 2011-06-29 16:08:47 36868 ----a-w- C:\Program Files\uninst-Particular.exe
    2011-06-29 16:08:47 . 2011-06-29 16:08:47 -------- d-----w- C:\Presets
    2011-06-29 15:24:33 . 2011-06-29 15:24:35 -------- d-----w- C:\Program Files\LogMeIn Hamachi
    2011-06-29 15:08:39 . 2004-03-29 14:23:44 90112 ----a-w- C:\Windows\unvise32.exe
    2011-06-29 08:53:48 . 2011-06-29 08:53:48 -------- d-----w- C:\Program Files\Common Files\Macrovision Shared
    2011-06-29 08:30:33 . 2011-06-29 08:30:38 -------- d-----w- C:\Program Files\Adobe Media Player
    2011-06-28 15:16:02 . 2011-06-28 15:16:02 -------- d-----w- C:\MoTemp
    2011-06-28 14:44:51 . 2011-06-28 14:44:51 -------- d-----w- C:\Users\ediz\AppData\Roaming\Panda Security
    2011-06-28 14:43:48 . 2011-06-28 14:46:48 -------- d-----w- C:\Users\ediz\AppData\Local\panda2_0dn
    2011-06-28 14:43:42 . 2011-07-20 12:45:31 -------- d-----w- C:\ProgramData\Panda Security URL Filtering
    2011-06-28 14:41:42 . 2011-07-19 13:08:43 -------- d-----w- C:\Program Files\Panda Security
    2011-06-28 14:41:42 . 2011-06-28 14:41:42 -------- d-----w- C:\ProgramData\Panda Security
    2011-06-28 14:40:51 . 2011-06-28 14:41:11 -------- d-----w- C:\temp
    2011-06-28 08:23:37 . 2011-06-28 08:24:40 -------- d-----w- C:\Users\ediz\AppData\Roaming\avidemux
    2011-06-28 08:23:18 . 2011-06-28 08:23:37 -------- d-----w- C:\Program Files\Avidemux 2.5
    2011-06-27 08:20:20 . 2011-06-27 08:20:32 -------- d-----w- C:\Users\ediz\AppData\Roaming\Fit3DLive
    2011-06-27 08:05:53 . 2011-06-27 08:05:53 -------- d-----w- C:\Program Files\Total Immersion
    2011-06-27 07:22:43 . 2011-06-27 07:22:57 -------- d-----w- C:\Users\ediz\dwhelper
    2011-06-24 15:23:47 . 2011-06-24 15:23:48 -------- d-----w- C:\Program Files\Apple Software Update
    2011-06-24 15:22:07 . 2011-06-24 15:22:51 -------- d-----w- C:\Program Files\iTunes
    2011-06-24 15:22:07 . 2011-06-24 15:22:07 -------- d-----w- C:\Program Files\iPod
    2011-06-24 15:03:29 . 2011-06-24 15:03:29 -------- d-----w- C:\Users\ediz\AppData\Roaming\Autodesk
    2011-06-24 15:03:23 . 2011-06-24 15:06:59 -------- d-----w- C:\ProgramData\Alias
    2011-06-24 15:01:41 . 2011-06-24 15:01:41 -------- d-----w- C:\Program Files\Autodesk
    .


    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

    2011-07-06 17:52:42 . 2011-01-17 09:21:11 41272 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
    2011-07-06 17:52:42 . 2011-01-17 09:21:04 22712 ----a-w- C:\Windows\system32\drivers\mbam.sys
    2011-06-21 04:09:00 . 2011-06-21 08:16:49 200976 ----a-w- C:\Windows\system32\drivers\tmcomm.sys
    2011-06-03 15:08:36 . 2011-06-03 15:08:36 53248 ----a-r- C:\Users\ediz\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2011-05-24 17:14:10 . 2010-10-02 22:15:54 222080 ------w- C:\Windows\system32\MpSigStub.exe
    2011-05-10 06:06:08 . 2011-05-10 06:06:08 4517664 ----a-w- C:\Windows\system32\usbaaplrc.dll
    2011-05-10 06:06:08 . 2011-05-10 06:06:08 42496 ----a-w- C:\Windows\system32\drivers\usbaapl.sys
    2011-05-04 14:10:04 . 2011-05-04 14:10:19 737280 ----a-w- C:\Windows\iun6002.exe
    2011-05-05 09:18:12 . 2011-03-21 17:02:57 142296 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll


    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.

    [-] 2011-01-04 12:30:01 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\user32.dll
    [7] 2009-07-14 01:16:17 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* les ÈlÈments vides & les ÈlÈments initiaux lÈgitimes ne sont pas listÈs
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
    2011-05-13 13:25:04 86696 ----a-w- C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2011-05-13 13:25:04 86696]

    [HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-02-23 14:04:11 122512 ----a-w- C:\Program Files\AVAST Software\Avast\ashShell.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 00:54:18 4240760]
    "RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe" [2009-07-14 01:14:41 354304]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 16:04:56 47904]
    "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2010-08-25 18:45:44 136216]
    "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 21:07:44 932288]
    "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 13:49:28 249064]
    "Freecorder FLV Service"="C:\Program Files\Freecorder\FLVSrvc.exe" [2011-03-24 06:11:25 167936]
    "UpdatePDRShortCut"="C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 20:15:16 218408]
    "LWS"="C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-01 21:14:08 190808]
    "AdobeCS4ServiceManager"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 05:58:34 611712]
    "LogMeIn Hamachi Ui"="C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 15:29:54 1951112]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2010-11-29 16:38:18 421888]
    "avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2011-02-23 14:04:20 3451496]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    SketchBook Snapshot.lnk - C:\Program Files\Autodesk\SketchBookPro2011\SketchBookSnapshot.exe [2010-9-8 721408]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    SetupExecute REG_MULTI_SZ \0

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-20 21:07:44 932288 ----a-r- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-01-31 08:44:43 35760 ----a-w- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
    2010-03-06 01:44:40 500208 ------w- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
    2010-02-22 02:57:06 406992 ----a-w- C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
    2010-01-21 15:22:24 91520 ----a-w- C:\Program Files\Microsoft Office\Office14\BCSSync.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
    2010-10-05 15:09:13 323392 ----a-w- C:\Program Files\DNA\btdna.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControlUser]
    2009-06-19 08:29:42 105016 ----a-w- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2010-08-25 18:45:36 171032 ----a-w- C:\Windows\System32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-06-07 15:51:12 421160 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2010-11-10 00:54:18 4240760 ----a-w- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2010-08-25 18:45:40 170520 ----a-w- C:\Windows\System32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 16:38:18 421888 ----a-w- C:\Program Files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2011-06-15 13:02:58 15141768 ----a-r- C:\Program Files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
    2010-02-19 11:37:14 517096 ----a-w- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

    R2 a2AntiMalware;Emsisoft Anti-Malware 5.1 - Service;C:\Program Files\Emsisoft Anti-Malware\a2service.exe [x]
    R2 AFBAgent;AFBAgent;C:\Windows\system32\FBAgent.exe [x]
    R2 ATE_PROCMON;ATE_PROCMON;C:\Program Files\Anti Trojan Elite\ATEPMon.sys [x]
    R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2011-02-23 14:04:17 121000]
    R2 AVKProxy;G Data AntiVirus Proxy;C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe [x]
    R2 AVKService;Planificateur G Data;C:\Program Files\G Data\AntiVirus\AVK\AVKService.exe [x]
    R2 gupdate;Service Google Update (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [x]
    R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [x]
    R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [x]
    R2 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe [x]
    R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [x]
    R2 UMVPFSrv;UMVPFSrv;C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
    R3 a2acc;a2acc;C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [2011-02-20 19:30:06 73728]
    R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys [2009-07-29 13:30:52 87040]
    R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [2010-03-20 03:56:04 101504]
    R3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\system32\DRIVERS\ewusbnet.sys [2010-04-07 09:05:00 204800]
    R3 GDPkIcpt;GDPkIcpt;C:\Windows\system32\drivers\PktIcpt.sys [2011-07-19 13:15:46 48344]
    R3 gupdatem;Service Google Update (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [x]
    R3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys [2010-07-28 23:25:02 25112]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 15:51:12 30963576]
    R3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl.sys [2010-04-19 18:29:20 18432]
    R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 18:37:50 4640000]
    R3 SwitchBoard;SwitchBoard;C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 11:37:14 517096]
    R3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys [2010-10-05 11:26:10 16240]
    R3 WatAdminSvc;WatAdminSvc; [x]
    R4 AVKWCtl;G Data Filesystem Monitor;C:\Program Files\G Data\AntiVirus\AVK\AVKWCtl.exe [x]
    R4 GDScan;G†Data Scanner;C:\Program Files\Common Files\G Data\GDScan\GDScan.exe [x]
    S0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys [2011-02-23 12:34:54 12112]
    S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
    S0 GDBehave;GDBehave;C:\Windows\system32\drivers\GDBehave.sys [2011-07-19 13:15:00 37720]
    S1 a2injectiondriver;a2injectiondriver;C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [2010-09-05 10:25:22 41928]
    S1 a2util;a-squared Malware-IDS utility driver;C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [2010-05-05 07:40:32 11776]
    S1 aswFW;avast! TDI Firewall driver; [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 GDMnIcpt;GDMnIcpt;C:\Windows\system32\drivers\MiniIcpt.sys [2011-07-19 13:15:01 74456]
    S1 HookCentre;HookCentre;C:\Windows\system32\drivers\HookCentre.sys [2011-07-19 13:15:02 39640]
    S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 23:52:04 48128]
    S2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe [2009-07-14 01:14:41 20992]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys [2011-02-23 13:55:03 53592]
    S3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2010-04-09 07:24:12 63616]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-13 23:52:10 14336]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai

    Contenu du dossier 'T‚ches planifiÈes'


    ------- Examen supplÈmentaire -------

    uStart Page = hxxp://www.mystart.com/?pr=vmn&id=pandasecuritytb&v=2_0
    mStart Page = about:blank
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
    IE: Ajouter la cible du lien ‡ un fichier PDF existant - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Ajouter ‡ un fichier PDF existant - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir au format Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la cible du lien au format Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
    FF - ProfilePath - C:\Users\ediz\AppData\Roaming\Mozilla\Firefox\Profiles\y0q58nwu.default\
    FF - prefs.js: browser.search.defaulturl -
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&q=

    - - - - ORPHELINS SUPPRIMES - - - -

    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    HKCU-Run-AdobeBridge - (no file)
    HKLM-Run-Anti Trojan Elite - C:\Program Files\Anti Trojan Elite\TJEnder.exe
    SafeBoot-42957469.sys
    SafeBoot-43886240.sys
    SafeBoot-rpcnet
    AddRemove-AutocompletePro3_is1 - C:\Program Files\AutocompletePro\unins000.exe
    AddRemove-HijackThis - I:\HijackThis.exe
    AddRemove-{dfc307dd-ab9f-4f7b-844c-a97d6e70cac4}_is1 - C:\Users\ediz\AppData\Roaming\Fit3DLive\Browser\unins000.exe


    24 Juillet 2011 15:38:47

    ComboFix 11-07-22.01 - ediz 24/07/2011 15:02:44.1.2 - x86
    Microsoft Windows†7 …dition IntÈgrale 6.1.7600.0.1252.33.1033.18.3037.2231 [GMT 2:00]
    LancÈ depuis: c:\users\ediz\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\program files\AutocompletePro
    c:\program files\AutocompletePro\chrome\autocompleteprochrome.crx
    c:\program files\AutocompletePro\FireFoxExtension.exe
    c:\program files\AutocompletePro\InstTracker.exe
    c:\program files\AutocompletePro\support@predictad.com\chrome.manifest
    c:\program files\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
    c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.js
    c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.xul
    c:\program files\AutocompletePro\support@predictad.com\chrome\content\utils.js
    c:\program files\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
    c:\program files\AutocompletePro\support@predictad.com\install.rdf
    c:\program files\AutocompletePro\unins000.dat
    c:\program files\AutocompletePro\unins000.exe
    c:\programdata\Amazon.ico
    c:\programdata\QuickStores.ico
    c:\users\ediz\AppData\Roaming\Microsoft\Windows\Recent\more albums on etalonhiphop.blogspot.com.url
    c:\windows\assembly\GAC_MSIL\desktop.ini
    .
    .
    ((((((((((((((((((((((((((((( Fichiers crÈÈs du 2011-06-24 au 2011-07-24 ))))))))))))))))))))))))))))))))))))
    .
    .
    2011-07-24 13:24 . 2011-07-24 13:24 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-07-23 12:45 . 2011-07-23 12:45 -------- d-----w- c:\program files\ZHPDiag
    2011-07-22 17:55 . 2011-07-22 17:55 -------- d-----w- c:\program files\SEAF
    2011-07-22 16:39 . 2011-07-22 16:39 -------- d-----w- C:\_OTL
    2011-07-21 16:16 . 2011-02-23 13:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-07-21 16:16 . 2011-02-23 13:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-07-21 16:15 . 2011-02-23 13:57 101976 ----a-w- c:\windows\system32\drivers\aswFW.sys
    2011-07-21 16:15 . 2011-02-23 13:56 192728 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
    2011-07-21 16:15 . 2011-02-23 13:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-07-21 16:15 . 2011-02-23 13:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-07-21 16:15 . 2011-02-23 13:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-07-21 16:15 . 2011-02-23 13:55 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-07-21 16:15 . 2011-02-23 14:04 40648 ----a-w- c:\windows\avastSS.scr
    2011-07-21 16:15 . 2011-02-23 12:34 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
    2011-07-21 16:15 . 2011-02-23 14:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
    2011-07-20 14:31 . 2011-07-20 14:36 -------- d-----w- C:\UsbFix
    2011-07-20 14:03 . 2011-07-20 14:07 -------- d-----w- c:\program files\Trojancheck 6
    2011-07-20 13:51 . 2011-07-22 13:00 -------- d-----w- c:\program files\Anti Trojan Elite
    2011-07-19 13:29 . 2011-07-20 23:18 -------- d-----w- c:\program files\Emsisoft Anti-Malware
    2011-07-19 13:15 . 2011-07-19 13:15 48344 ----a-w- c:\windows\system32\drivers\PktIcpt.sys
    2011-07-19 13:15 . 2011-07-19 13:15 39640 ----a-w- c:\windows\system32\drivers\HookCentre.sys
    2011-07-19 13:15 . 2011-07-19 13:15 74456 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
    2011-07-19 13:15 . 2011-07-19 13:15 37720 ----a-w- c:\windows\system32\drivers\GDBehave.sys
    2011-07-19 13:14 . 2011-07-19 13:14 52440 ----a-w- c:\windows\system32\drivers\gdwfpcd32.sys
    2011-07-19 13:12 . 2011-07-22 13:04 -------- d-----w- c:\programdata\G DATA
    2011-07-19 13:12 . 2011-07-22 13:04 -------- d-----w- c:\program files\Common Files\G Data
    2011-07-19 13:12 . 2011-07-19 13:12 -------- d-----w- c:\program files\G Data
    2011-07-19 12:49 . 2011-07-19 12:49 -------- d-----w- c:\users\ediz\AppData\Local\Downloaded Installations
    2011-07-18 16:00 . 2011-07-21 16:15 -------- d-----w- c:\programdata\AVAST Software
    2011-07-18 16:00 . 2011-07-20 17:29 -------- d-----w- c:\program files\AVAST Software
    2011-07-18 13:04 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{575DE178-9F5D-4A62-B0E7-216A1913851E}\mpengine.dll
    2011-07-15 11:21 . 2011-07-15 11:21 -------- d-----w- c:\users\ediz\AppData\Local\MotionDSP
    2011-07-15 11:20 . 2011-07-15 11:20 -------- d-----w- c:\users\ediz\AppData\Roaming\MotionDSP
    2011-07-15 11:19 . 2011-07-15 11:20 -------- d-----w- c:\program files\vReveal 3
    2011-07-14 15:19 . 2011-07-14 15:19 -------- d-----w- c:\users\ediz\AppData\Roaming\proDAD
    2011-07-14 15:19 . 2011-07-14 15:19 -------- d-----w- c:\program files\proDAD
    2011-07-14 11:56 . 2011-07-14 11:56 -------- d-----w- c:\program files\2d3
    2011-07-14 11:54 . 2011-07-14 11:54 -------- d-----w- c:\windows\Downloaded Installations
    2011-07-08 08:25 . 2011-07-08 08:27 -------- d-----w- c:\users\ediz\AppData\Local\Facebook
    2011-07-06 15:17 . 2011-07-06 15:17 -------- d-----w- c:\users\ediz\AppData\Roaming\Total Immersion
    2011-07-05 12:25 . 2011-07-05 12:28 -------- d-----w- c:\users\ediz\AppData\Roaming\tissot
    2011-07-05 12:25 . 2011-07-05 12:25 -------- d-----w- c:\program files\TissotAR
    2011-06-29 16:13 . 2011-06-29 16:13 36868 ----a-w- c:\program files\uninst-Lux.exe
    2011-06-29 16:08 . 2011-06-29 16:15 -------- d-----w- c:\program files\Trapcode
    2011-06-29 16:08 . 2011-06-29 16:08 36868 ----a-w- c:\program files\uninst-Particular.exe
    2011-06-29 16:08 . 2011-06-29 16:08 -------- d-----w- C:\Presets
    2011-06-29 15:24 . 2011-06-29 15:24 -------- d-----w- c:\program files\LogMeIn Hamachi
    2011-06-29 15:08 . 2004-03-29 14:23 90112 ----a-w- c:\windows\unvise32.exe
    2011-06-29 08:53 . 2011-06-29 08:53 -------- d-----w- c:\program files\Common Files\Macrovision Shared
    2011-06-29 08:30 . 2011-06-29 08:30 -------- d-----w- c:\program files\Adobe Media Player
    2011-06-28 15:16 . 2011-06-28 15:16 -------- d-----w- C:\MoTemp
    2011-06-28 14:44 . 2011-06-28 14:44 -------- d-----w- c:\users\ediz\AppData\Roaming\Panda Security
    2011-06-28 14:43 . 2011-06-28 14:46 -------- d-----w- c:\users\ediz\AppData\Local\panda2_0dn
    2011-06-28 14:43 . 2011-07-20 12:45 -------- d-----w- c:\programdata\Panda Security URL Filtering
    2011-06-28 14:41 . 2011-07-19 13:08 -------- d-----w- c:\program files\Panda Security
    2011-06-28 14:41 . 2011-06-28 14:41 -------- d-----w- c:\programdata\Panda Security
    2011-06-28 14:40 . 2011-06-28 14:41 -------- d-----w- C:\temp
    2011-06-28 08:23 . 2011-06-28 08:24 -------- d-----w- c:\users\ediz\AppData\Roaming\avidemux
    2011-06-28 08:23 . 2011-06-28 08:23 -------- d-----w- c:\program files\Avidemux 2.5
    2011-06-27 08:20 . 2011-06-27 08:20 -------- d-----w- c:\users\ediz\AppData\Roaming\Fit3DLive
    2011-06-27 08:05 . 2011-06-27 08:05 -------- d-----w- c:\program files\Total Immersion
    2011-06-27 07:22 . 2011-06-27 07:22 -------- d-----w- c:\users\ediz\dwhelper
    2011-06-24 15:23 . 2011-06-24 15:23 -------- d-----w- c:\program files\Apple Software Update
    2011-06-24 15:22 . 2011-06-24 15:22 -------- d-----w- c:\program files\iTunes
    2011-06-24 15:22 . 2011-06-24 15:22 -------- d-----w- c:\program files\iPod
    2011-06-24 15:03 . 2011-06-24 15:03 -------- d-----w- c:\users\ediz\AppData\Roaming\Autodesk
    2011-06-24 15:03 . 2011-06-24 15:06 -------- d-----w- c:\programdata\Alias
    2011-06-24 15:01 . 2011-06-24 15:01 -------- d-----w- c:\program files\Autodesk
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-07-06 17:52 . 2011-01-17 09:21 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-07-06 17:52 . 2011-01-17 09:21 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-21 04:09 . 2011-06-21 08:16 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2011-06-03 15:08 . 2011-06-03 15:08 53248 ----a-r- c:\users\ediz\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2011-05-24 17:14 . 2010-10-02 22:15 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-05-10 06:06 . 2011-05-10 06:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
    2011-05-10 06:06 . 2011-05-10 06:06 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2011-05-04 14:10 . 2011-05-04 14:10 737280 ----a-w- c:\windows\iun6002.exe
    2011-05-05 09:18 . 2011-03-21 17:02 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2011-01-04 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
    [7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ÈlÈments vides & les ÈlÈments initiaux lÈgitimes ne sont pas listÈs
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
    2011-05-13 13:25 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2011-05-13 86696]
    .
    [HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-02-23 14:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
    "RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
    "UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
    "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-01 190808]
    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    SketchBook Snapshot.lnk - c:\program files\Autodesk\SketchBookPro2011\SketchBookSnapshot.exe [2010-9-8 721408]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    SetupExecute REG_MULTI_SZ \0
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
    2010-03-06 01:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
    2010-02-22 02:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
    2010-01-21 15:22 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
    2010-10-05 15:09 323392 ----a-w- c:\program files\DNA\btdna.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControlUser]
    2009-06-19 08:29 105016 ----a-w- c:\program files\ASUS\ATK Hotkey\HControlUser.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2010-08-25 18:45 171032 ----a-w- c:\windows\System32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-06-07 15:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2010-11-10 00:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2010-08-25 18:45 170520 ----a-w- c:\windows\System32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2011-06-15 13:02 15141768 ----a-r- c:\program files\Skype\Phone\Skype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
    2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    .
    R2 a2AntiMalware;Emsisoft Anti-Malware 5.1 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [x]
    R2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
    R2 ATE_PROCMON;ATE_PROCMON;c:\program files\Anti Trojan Elite\ATEPMon.sys [x]
    R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2011-02-23 121000]
    R2 AVKProxy;G Data AntiVirus Proxy;c:\program files\Common Files\G Data\AVKProxy\AVKProxy.exe [x]
    R2 AVKService;Planificateur G Data;c:\program files\G Data\AntiVirus\AVK\AVKService.exe [x]
    R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]
    R2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [x]
    R2 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;c:\program files\o2\Mobile Connection Manager\ImpWiFiSvc.exe [x]
    R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [x]
    R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
    R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2011-02-20 73728]
    R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-07-29 87040]
    R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-03-20 101504]
    R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-04-07 204800]
    R3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2011-07-19 48344]
    R3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 25112]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2010-04-19 18432]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
    R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-10-05 16240]
    R3 WatAdminSvc;WatAdminSvc; [x]
    R4 AVKWCtl;G Data Filesystem Monitor;c:\program files\G Data\AntiVirus\AVK\AVKWCtl.exe [x]
    R4 GDScan;G†Data Scanner;c:\program files\Common Files\G Data\GDScan\GDScan.exe [x]
    S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2011-02-23 12112]
    S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
    S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2011-07-19 37720]
    S1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [2010-09-05 41928]
    S1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [2010-05-05 11776]
    S1 aswFW;avast! TDI Firewall driver; [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2011-07-19 74456]
    S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2011-07-19 39640]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-02-23 53592]
    S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-04-09 63616]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contenu du dossier 'T‚ches planifiÈes'
    .
    .
    ------- Examen supplÈmentaire -------
    .
    uStart Page = hxxp://www.mystart.com/?pr=vmn&id=pandasecuritytb&v=2_0
    mStart Page = about:blank
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Ajouter la cible du lien ‡ un fichier PDF existant - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Ajouter ‡ un fichier PDF existant - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir au format Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
    FF - ProfilePath - c:\users\ediz\AppData\Roaming\Mozilla\Firefox\Profiles\y0q58nwu.default\
    FF - prefs.js: browser.search.defaulturl -
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&q=
    .
    - - - - ORPHELINS SUPPRIMES - - - -
    .
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    HKCU-Run-AdobeBridge - (no file)
    HKLM-Run-Anti Trojan Elite - c:\program files\Anti Trojan Elite\TJEnder.exe
    SafeBoot-42957469.sys
    SafeBoot-43886240.sys
    SafeBoot-rpcnet
    AddRemove-AutocompletePro3_is1 - c:\program files\AutocompletePro\unins000.exe
    AddRemove-HijackThis - I:\HijackThis.exe
    AddRemove-{dfc307dd-ab9f-4f7b-844c-a97d6e70cac4}_is1 - c:\users\ediz\AppData\Roaming\Fit3DLive\Browser\unins000.exe
    .
    .
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------
    .
    [HKEY_USERS\S-1-5-21-1825224032-1265911557-2456511187-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (S-1-5-21-1825224032-1265911557-2456511187-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="ThunderbirdEML"
    .
    [HKEY_USERS\S-1-5-21-1825224032-1265911557-2456511187-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\*PNP81f8\0000]
    @DACL=(02 0000)
    "Service"="1286091439"
    "ClassGUID"="{4D36E97D-E325-11CE-BFC1-08002BE10318}"
    "Class"="System"
    "DeviceDesc"="PCI bus"
    "Mfg"="Technologies Inc"
    "LocationInformation"="on Microsoft ACPI-Compliant System"
    "ConfigFlags"=dword:00000000
    "Capabilities"=dword:00000000
    "ContainerID"="{00000000-0000-0000-FFFF-FFFFFFFFFFFF}"
    .
    --------------------- DLLs chargÈes dans les processus actifs ---------------------
    .
    - - - - - - - > 'lsass.exe'(580)
    c:\windows\system32\mswsock.dll
    mswsock.DLL 74dc0000 245760 \\?\globalroot\systemroot\system32\mswsock.DLL
    .
    - - - - - - - > 'explorer.exe'(1256)
    c:\users\ediz\AppData\Local\FLVService\lib\FLVSrvLib.dll
    c:\windows\system32\CmdLineExt.dll
    c:\windows\system32\dhcpcsvc6.DLL
    c:\windows\system32\msacm32.drv
    c:\windows\System32\wlanutil.dll
    c:\program files\Common Files\Adobe\Shell\CS4\idicon.dll
    .
    Heure de fin: 2011-07-24 15:36:30
    ComboFix-quarantined-files.txt 2011-07-24 13:36
    .
    Avant-CF: 34†844†631†040 octets libres
    AprËs-CF: 34†127†769†600 octets libres
    .
    - - End Of File - - 18449795E66CD75F5D7138B6ADD458EF
    24 Juillet 2011 15:39:12

    voila les rapport obtenus a la fin de ComboFix
    a c 1024 8 Sécurité
    24 Juillet 2011 15:49:02

    Re,

    Excuse, je n'avais pas vu que tu avais posté des rapports pendant que je te répondais.

    Je regarde ça et je te donnes réponse.

    Tu peux me faire le point sur le comportement du PC, s'il te plaît ?

    @+
    a c 1024 8 Sécurité
    24 Juillet 2011 15:52:09

    Excuse le double post.

    Le dernier rapport OTL posté n'est pas complet, il faut l'héberger sur ci-joint.fr.

    Merci
    a c 1024 8 Sécurité
    24 Juillet 2011 16:35:06

    Re,

    Tu n'oublieras pas de répondre aux précédentes questions, s'il te plaît :
    Citation :
    Tu peux me faire le point sur le comportement du PC, s'il te plaît ?
    Le dernier rapport OTL posté n'est pas complet, il faut l'héberger sur ci-joint.fr


    D'autre part quand tu as exécuté ComboFix, tu as bien le message d'avertissement pour ZeroAccess ?

    Fais ce qui suit :

    1) Préparation du Live CD Reatogo :

  • Depuis un PC sain, peu importe son système d'exploitation, télécharge OTLPENet.exe et enregistre-le sur le Bureau.
    Le téléchargement du fichier (121 Mo) peut prendre du temps selon ton débit Internet
  • Insère un CD vierge dans le lecteur/graveur CD/DVD et double-clique sur OTLPENet.exe
    /!\ Sous Vista et Windows 7, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
  • Valide par Oui à la demande de gravure du CD

  • Patiente le temps de la décompression. ImgBurn se lance et grave le CD automatiquement
  • Un message de réussite doit apparaître. Clique sur OK et referme les fenêtres.


    2) Utilisation de OTLPE :

  • Insère le CD Reatogo dans le lecteur du PC infecté et démarre sur le lecteur
  • L'environnement Reatogo démarre

  • Le système d'exploitation du CD se charge en mémoire. Patiente, cela peut prendre plusieurs minutes

  • Le Bureau REATOGO-X-PE apparaît

  • Si besoin, tu devrais avoir ta connexion Internet active et pouvoir te connecter sur le forum
  • Double-clique sur l'icône OTLPE
  • Clique sur Oui pour Do you wish to load Remote user profile(s) for scanning ?

  • Sélectionne ta session, vérifie que Automatically Load All Remaining Users soit coché et clique sur OK

    Si tu as Windows Vista ou 7, tu peux avoir ce message : "RunScanner Error - Target is not windows 2000 or later", il faut donc aller et sélectionner jusqu'au dossier c:\windows dans l'arborescence en dessous de local disk (c: )
  • OTLPE s'ouvre

  • Dans le cadre Custom Scans/Fixes, copie-colle l'intégralité de ce qui suit
    netsvcs
    msconfig
    drivers32
    /md5start
    explorer.exe
    wininit.exe
    winlogon.exe
    userinit.exe
    svchost.exe
    csc.sys
    /md5stop
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    hklm\system\CurrentControlSet\Control\Session Manager\SubSystems /s
    nslookup http://www.google.fr /c
    CREATERESTOREPOINT

  • Clique ensuite sur Run Scan et patiente le temps du scan
  • Le rapport OTL.txt s'affiche
  • Héberge le rapport sur ce site cijoint.fr et indique le lien fourni dans ta réponse
    Le rapport est sauvegardé sous My Computer -> C:\OTL.txt.

    @+
        • 1 / 2
        • 2
        • Dernier
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS