Page 6 of 8 FirstFirst ... 2345678 LastLast
Results 51 to 60 of 76

Thread: Java/Agent.DW removal help needed

  1. 2011-12-10, 10:47 #51
    superb1000
    superb1000 is offline
    Member
    Join Date
    Nov 2011
    Posts
    53

    Default

    hi shelf life,


    I have installed wiresharck and as soon as I started monitoring the network card

    I have seen a lot of UDP packets:

    192.168.0.10 Source port: 50808 226.178.217.5 Destination port: 21328

    with this text as data:

    Someone else out there?computer=ADMIN-PC

    did a ip lookup and there is nothing for 226.178.217.5


    IP: 226.178.217.5
    Decimal: 3803371781
    Hostname: 226.178.217.5
    ISP:
    Organization:
    Services: None detected
    Type:


    no info listed, looks very suspicious as well.


    bye
    philippe
  2. 2011-12-10, 15:57 #52
    superb1000
    superb1000 is offline
    Member
    Join Date
    Nov 2011
    Posts
    53

    Default

    hi shelf life,

    I found an interesting TCP stream on the W7 box:

    and a quick internet search on counter.yadro.ru lead me to
    http://about-threats.trendmicro.com/...ROJ_SIREFEF.DD

    that suggest that there is indeed something on the W7 box as well...
    and as it's not detected by Nod32 and Malwarebyte this suggest that there may be some rootkit hiding it...

    do you agree on this deduction ?

    I will try to download the trend micro trial and scan to see if it founds anything !



    bye
    philippe


    GET /hit;icq-com?r;s1600*900*24;uhttp%3A//start.icq.com/;0.5152606634050969 HTTP/1.1

    Host: counter.yadro.ru

    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:8.0) Gecko/20100101 Firefox/8.0

    Accept: image/png,image/*;q=0.8,*/*;q=0.5

    Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3

    Accept-Encoding: gzip, deflate

    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7

    Connection: keep-alive

    Referer: http://start.icq.com/

    Cookie: VID=0sbHfc3KyH0x



    HTTP/1.1 200 OK

    Date: Sat, 10 Dec 2011 14:28:29 GMT

    Server: 0W/0.8c

    Connection: Close

    Content-Type: image/gif

    Content-Length: 43

    Expires: Thu, 09 Dec 2010 20:00:00 GMT

    Pragma: no-cache

    Cache-control: no-cache



    GIF89a.............!.......,...........D..;
  3. 2011-12-10, 16:11 #53
    superb1000
    superb1000 is offline
    Member
    Join Date
    Nov 2011
    Posts
    53

    Default

    In fact there was some TCP anomalies that catch my attention in TCP stream:


    5207 1543.318621 88.212.196.77 192.168.0.10 HTTP 317 [TCP Out-Of-Order] HTTP/1.1 200 OK (GIF89a)

    5205 1543.318424 88.212.196.77 192.168.0.10 TCP 64 [TCP Previous segment lost] http > 51109 [FIN, ACK] Seq=264 Ack=449 Win=8752 Len=0

    5206 1543.318499 192.168.0.10 88.212.196.77 TCP 54 [TCP Dup ACK 5203#1] 51109 > http [ACK] Seq=449 Ack=1 Win=17520 Len=0
  4. 2011-12-10, 16:13 #54
    superb1000
    superb1000 is offline
    Member
    Join Date
    Nov 2011
    Posts
    53

    Default

    Also In Nod32 firewall logs I did notice this:

    it's quite old but may have some meaning...


    25/10/2011 20:54:02 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:52835 UDP
    25/10/2011 20:50:05 Attaque par empoisonnement de cache DNS détectée 80.10.246.129:53 192.168.10.78:59120 UDP
    25/10/2011 20:48:30 Attaque par empoisonnement de cache DNS détectée 80.10.246.129:53 192.168.10.78:52685 UDP
    25/10/2011 20:47:00 Attaque par empoisonnement de cache DNS détectée 80.10.246.129:53 192.168.10.78:53862 UDP
    25/10/2011 20:46:02 Attaque par empoisonnement de cache DNS détectée 80.10.246.129:53 192.168.10.78:62918 UDP
    25/10/2011 20:45:43 Attaque par empoisonnement de cache DNS détectée 80.10.246.129:53 192.168.10.78:55808 UDP
    25/10/2011 20:43:56 Attaque par empoisonnement de cache DNS détectée 80.10.246.129:53 192.168.10.78:62066 UDP
    25/10/2011 20:41:57 Attaque par empoisonnement de cache DNS détectée 80.10.246.129:53 192.168.10.78:51008 UDP
    25/10/2011 20:39:49 Attaque par empoisonnement de cache DNS détectée 80.10.246.129:53 192.168.10.78:55556 UDP
    25/10/2011 20:38:24 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:55628 UDP
    25/10/2011 20:38:13 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:62134 UDP
    25/10/2011 20:37:16 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:54830 UDP
    25/10/2011 20:36:45 Attaque par empoisonnement de cache DNS détectée 80.10.246.129:53 192.168.10.78:56861 UDP
    25/10/2011 20:35:38 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:65005 UDP
    25/10/2011 20:35:30 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:54643 UDP
    25/10/2011 20:34:25 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:59671 UDP
    25/10/2011 20:32:05 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:58150 UDP
    25/10/2011 20:08:20 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:49450 UDP
    25/10/2011 20:07:48 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:63506 UDP
    25/10/2011 20:02:20 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:52915 UDP
    25/10/2011 20:02:16 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:50123 UDP
    25/10/2011 20:02:16 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:59800 UDP
    25/10/2011 19:59:04 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:58612 UDP
    25/10/2011 19:59:04 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:63256 UDP
    25/10/2011 19:59:01 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:61158 UDP
    25/10/2011 19:53:25 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:65446 UDP
    25/10/2011 19:52:21 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:54771 UDP
    25/10/2011 19:50:03 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:55904 UDP
    25/10/2011 19:49:33 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:53274 UDP
    25/10/2011 19:49:26 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:51497 UDP
    25/10/2011 19:47:20 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:58861 UDP
    25/10/2011 19:47:20 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:63831 UDP
    25/10/2011 19:47:13 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:59952 UDP
    25/10/2011 19:47:10 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:54198 UDP
    25/10/2011 19:46:31 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:62620 UDP
    25/10/2011 19:46:29 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:52315 UDP
    25/10/2011 19:45:56 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:55329 UDP
    25/10/2011 19:45:52 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:59383 UDP
    25/10/2011 19:45:49 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:65071 UDP
    25/10/2011 19:45:30 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:60465 UDP
    25/10/2011 19:45:13 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:63475 UDP
    25/10/2011 19:45:09 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:51953 UDP
    25/10/2011 19:45:08 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:61423 UDP
    25/10/2011 19:45:07 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:55122 UDP
    25/10/2011 19:45:02 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:52435 UDP
    25/10/2011 19:44:58 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:60826 UDP
    25/10/2011 19:44:41 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:60840 UDP
    25/10/2011 19:44:37 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:52350 UDP
    25/10/2011 19:44:30 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:61943 UDP
    25/10/2011 19:42:44 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:63464 UDP
    25/10/2011 19:42:38 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:55821 UDP
    25/10/2011 19:41:44 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:60017 UDP
    25/10/2011 19:41:37 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:56390 UDP
  5. 2011-12-11, 15:55 #55
    shelf life
    shelf life is offline
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi,

    Sorry for the delay. this is starting to get confusing jumping from XP to W7. Lets stay with one machine at a time. As far as I know MBAM blocks ranges of ip's based on a list.
    Unless you really are familiar with wireshark then I wouldn't depend on it to determine the presence of malware on your machine. In fact netstat could be just as useful and quicker.
    Did you run combofix on the W7 box?
    How Can I Reduce My Risk?
  6. 2011-12-11, 16:06 #56
    superb1000
    superb1000 is offline
    Member
    Join Date
    Nov 2011
    Posts
    53

    Default

    hi,

    sorry for that, let's do the W7 one.

    I have not run combofix on it yet, maybe I should.

    bye
    philippe
  7. 2011-12-11, 22:01 #57
    superb1000
    superb1000 is offline
    Member
    Join Date
    Nov 2011
    Posts
    53

    Default

    here is the combofix log for the W7 box:

    ComboFix 11-12-10.01 - admin 11/12/2011 17:42:21.1.2 - x86
    Microsoft Windows*7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.3037.1876 [GMT 1:00]
    Lancé depuis: c:\users\admin\Desktop\ComboFix.exe
    AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Spybot - Search & Destroy *Disabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\FullRemove.exe
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
    c:\windows\pkunzip.pif
    c:\windows\pkzip.pif
    c:\windows\security\Database\tmp.edb
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2011-11-11 au 2011-12-11 ))))))))))))))))))))))))))))))))))))
    .
    .
    2011-12-11 15:35 . 2011-12-11 15:35 -------- d-----w- c:\program files\ESET
    2011-12-11 15:28 . 2011-12-11 15:28 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5BF76D04-EEED-4CAA-A11E-563C432BDC39}\offreg.dll
    2011-12-11 15:17 . 2011-12-10 23:09 319456 ----a-w- c:\windows\DIFxAPI.dll
    2011-12-11 15:17 . 2011-12-10 23:09 203600 ----a-w- c:\windows\TmNSCIns.dll
    2011-12-10 23:42 . 2011-12-10 23:42 -------- d-----w- C:\temp
    2011-12-10 23:21 . 2011-12-11 15:14 -------- d-----w- c:\programdata\Trend Micro
    2011-12-10 11:20 . 2011-12-10 11:20 -------- d-----w- c:\users\admin\AppData\Roaming\Wireshark
    2011-12-10 08:40 . 2011-12-10 08:40 -------- d-----w- c:\program files\WinPcap
    2011-12-10 08:38 . 2011-12-10 08:40 -------- d-----w- c:\program files\Wireshark
    2011-12-09 19:19 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5BF76D04-EEED-4CAA-A11E-563C432BDC39}\mpengine.dll
    2011-11-26 16:55 . 2011-12-11 15:29 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-11-26 16:55 . 2009-01-25 12:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
    2011-11-26 16:55 . 2011-11-26 20:13 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
    2011-11-26 16:51 . 2011-11-26 16:51 -------- d-----w- c:\program files\Common Files\Java
    2011-11-26 16:51 . 2011-10-03 04:06 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    2011-11-25 21:14 . 2011-11-25 21:14 -------- d-----w- c:\users\admin\AppData\Roaming\Malwarebytes
    2011-11-25 21:14 . 2011-11-25 21:14 -------- d-----w- c:\programdata\Malwarebytes
    2011-11-25 20:12 . 2011-11-25 20:12 -------- d-----w- c:\program files\ERUNT
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-03 15:01 . 2011-05-22 06:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-03 04:06 . 2010-05-11 21:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-09-29 16:03 . 2011-11-09 20:04 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-09-29 03:37 . 2011-11-09 20:04 2341888 ----a-w- c:\windows\system32\win32k.sys
    2011-11-10 20:43 . 2011-05-07 05:27 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2009-04-02 18:50 809864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-02 809864]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-02 809864]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-07 39408]
    "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-03-09 247728]
    "ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2011-01-05 133432]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-01 98304]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-26 1713448]
    "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
    "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
    "Nexus Radio"="c:\program files\Nexus Radio\Nexus Radio.exe" [2009-11-18 4745216]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
    "SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2011-10-05 3578272]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
    .
    c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
    OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 135664]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-10-05 892336]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-10-05 955816]
    R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-10-05 169624]
    R3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 135664]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-08 1343400]
    S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 50624]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
    S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 33656]
    S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
    S1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files\Spybot - Search & Destroy 2\SDHookDrv32.sys [2011-10-05 38504]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-02 172032]
    S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 163424]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2011-09-22 974944]
    S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
    S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
    S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [2009-08-13 44312]
    S2 Rezip;Rezip;c:\windows\SYSTEM32\Rezip.exe [2009-03-05 311296]
    S2 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-10-05 130976]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
    .
    .
    --- Autres Services/Pilotes en mémoire ---
    .
    *NewlyCreated* - EAMONM
    *NewlyCreated* - EPFWLWF
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2011-12-11 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
    - c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2011-11-26 14:46]
    .
    2011-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 14:43]
    .
    2011-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 14:43]
    .
    2011-12-01 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
    - c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2011-11-26 14:46]
    .
    2011-12-01 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
    - c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2011-11-26 14:46]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://start.icq.com/
    IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
    IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    TCP: DhcpNameServer = 89.2.0.1 89.2.0.2
    FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\08dxgdyg.default\
    FF - prefs.js: browser.search.selectedEngine - ICQ Search
    FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
    FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.1.2&q=
    .
    - - - - ORPHELINS SUPPRIMES - - - -
    .
    Toolbar-Locked - (no file)
    Notify-SDWinLogon - SDWinLogon.dll
    SafeBoot-mcmscsvc
    SafeBoot-MCODS
    AddRemove-LSI Soft Modem - c:\windows\agrsmdel
    .
    .
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Heure de fin: 2011-12-11 17:54:19
    ComboFix-quarantined-files.txt 2011-12-11 16:54
    .
    Avant-CF: 204*131*610*624 octets libres
    Après-CF: 206*505*635*840 octets libres
    .
    - - End Of File - - 51FA2F51D2B79B559F9CDEB185132E04
  8. 2011-12-11, 23:38 #58
    shelf life
    shelf life is offline
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi,

    thanks for the info. Log looks ok. I think you already ran aswmbr, tdsskiller and MBRcheck on the W7 machine? If not, run them now and paste the log in.
    How Can I Reduce My Risk?
  9. 2011-12-12, 08:31 #59
    superb1000
    superb1000 is offline
    Member
    Join Date
    Nov 2011
    Posts
    53

    Default

    hi shelf life

    I did all this scans, but I can re-scan tonight.

    also do you know a web tutorial that explains how to track malware using netsat or wiresharck ?

    also still looking with wiresharck I found this TCP stream that suggest that I am visiting some Host: ad.mail.ru

    my box has a lot of contact with russia this days, when I am not doing any surfing....

    GET /adj/189?a=0&g=1&di=30009&lsp=0&rnd=249930086 HTTP/1.1

    Accept: */*

    Accept-Language: fr-FR

    Accept-Encoding: gzip, deflate

    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0)

    Host: ad.mail.ru

    Connection: Keep-Alive

    Cookie: p=iBwZADTP+AAA; b=rTsCAABjigIAAQBKgMYA



    HTTP/1.1 200 OK

    Server: nginx/1.1.7

    Date: Mon, 12 Dec 2011 06:38:28 GMT

    Content-Type: application/x-javascript; charset=utf-8

    Transfer-Encoding: chunked

    Connection: keep-alive

    Cache-Control: private, no-cache, no-store

    P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"



    aca

    document.write("\r\n<div id=\"rb_flash_div_500346\" class=\"rb_div\"></div>\n<script type=\"text/javascript\">\n(function() {\n var rb_link1 = \"http://r.mail.ru/n74195990?sz=1\";\n\n var rb_swf = \"http://rs.mail.ru/b14070641.swf\";\n var rb_fver = \"8\";\n var rb_width = \"234\";\n var rb_height = \"60\";\n var rb_allowscriptaccess = 0;\n var rb_wmode = \"window\";\n var rb_flash = 0;\n\n var rb_innerhtml = (typeof(window[\'rb_innerhtml\']) != \'undefined\' \&\& window[\'rb_innerhtml\']);\n if (navigator.mimeTypes \&\& navigator.mimeTypes[\"application/x-shockwave-flash\"] ) {\n var plugin = navigator.mimeTypes[\"application/x-shockwave-flash\"].enabledPlugin;\n if (plugin \&\& parseInt(plugin.description.match(/\\d+/)[0]) >= rb_fver)\n rb_flash = 1;\n } else if (typeof window.ActiveXObject != \"undefined\") {\n try {\n var object = new ActiveXObject(\"ShockwaveFlash.ShockwaveFlash\");\n if (object \&\& object.GetVariable(\"$version\") \&\& parseInt(object.GetVariable(\"$version\").match(/\\d+/)[0]) >= rb_fver)\n rb_flash = 1;\n } catch (e) {}\n }\n if (rb_flash) {\n var rb_rnd = Math.round(Math.random() * 1000000000);\n var rb_vars_arr = Array();\n rb_vars_arr.push(\'link1=\'+escape(rb_link1).replace(/\\+/g,\'%2B\'));\n var rb_vars = rb_vars_arr.join(\'\&\');\n var rb_html = \'<div class=\"rb_banner\"><object classid=\"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000\" codebase=\"http://active.macromedia.com/flash2/cabs/swflash.cab#version=\'+rb_fver+\',0,0,0\" id=\"getmov\'+rb_rnd+\'\" width=\"\'+rb_width+\'\" height=\"\'+rb_height+\'\">\'+(rb_allowscriptaccess?\'<param name=\"allowscriptaccess\" value=\"always\" />\':\'\')+\'<param name=\"movie\" value=\"\'+rb_swf+\'\" /><param name=\"quality\" value=\"high\" /><param name=\"wmode\" value=\"\'+rb_wmode+\'\" /><param name=\"FlashVars\" value=\"\'+rb_vars+\'\" /><embed name=\"embed_getmov\'+rb_rnd+\'\" flashvars=\"\'+rb_vars+\'\" \'+(rb_allowscriptaccess?\'allowscriptaccess=\"always\" \':\'\')+\'src=\"\'+rb_swf+\'\" quality=\"high\" wmode=\"\'+rb_wmode+\'\" width=\"\'+rb_width+\'\" height=\"\'+rb_height+\'\" type=\"application/x-shockwave-flash\" pluginspage=\"http://www.macromedia.com/shockwave/download/index.cgiP1_Prod_Version=ShockwaveFlash\" /></object></div>\';\n if (rb_innerhtml) {\n var rb_flash_div = document.getElementById(\"rb_flash_div_500346\");\n rb_flash_div.innerHTML = rb_html;\n }\n else document.write(rb_html);\n }\n else {\n var rb_img_html = \'\';\n if (rb_innerhtml) {\n var rb_flash_div = document.getElementById(\"rb_flash_div_500346\");\n rb_flash_div.innerHTML = rb_img_html;\n }\n else document.write(rb_img_html);\n };\n})();\n</script>\n\n

    3

    ");

    0
  10. 2011-12-12, 18:01 #60
    superb1000
    superb1000 is offline
    Member
    Join Date
    Nov 2011
    Posts
    53

    Default

    here are the latest run for the W7 box:

    17:58:18.0942 27412 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
    17:58:19.0085 27412 ============================================================
    17:58:19.0085 27412 Current date / time: 2011/12/12 17:58:19.0085
    17:58:19.0085 27412 SystemInfo:
    17:58:19.0085 27412
    17:58:19.0085 27412 OS Version: 6.1.7601 ServicePack: 1.0
    17:58:19.0085 27412 Product type: Workstation
    17:58:19.0085 27412 ComputerName: ADMIN-PC
    17:58:19.0086 27412 UserName: admin
    17:58:19.0086 27412 Windows directory: C:\windows
    17:58:19.0086 27412 System windows directory: C:\windows
    17:58:19.0086 27412 Processor architecture: Intel x86
    17:58:19.0086 27412 Number of processors: 2
    17:58:19.0086 27412 Page size: 0x1000
    17:58:19.0086 27412 Boot type: Normal boot
    17:58:19.0086 27412 ============================================================
    17:58:19.0868 27412 Initialize success
    17:58:21.0177 27680 ============================================================
    17:58:21.0177 27680 Scan started
    17:58:21.0177 27680 Mode: Manual;
    17:58:21.0177 27680 ============================================================
    17:58:22.0897 27680 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
    17:58:22.0902 27680 1394ohci - ok
    17:58:22.0978 27680 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
    17:58:22.0983 27680 ACPI - ok
    17:58:23.0121 27680 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
    17:58:23.0123 27680 AcpiPmi - ok
    17:58:23.0187 27680 AdfuUd (9ed5d777a31ee654b0899cd1d2e778ba) C:\windows\system32\Drivers\AdfuUd.sys
    17:58:23.0188 27680 AdfuUd - ok
    17:58:23.0352 27680 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
    17:58:23.0361 27680 adp94xx - ok
    17:58:23.0510 27680 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
    17:58:23.0517 27680 adpahci - ok
    17:58:23.0632 27680 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
    17:58:23.0636 27680 adpu320 - ok
    17:58:23.0748 27680 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
    17:58:23.0760 27680 AFD - ok
    17:58:23.0922 27680 AgereSoftModem (07758c2196a62f207f77556311e7459a) C:\windows\system32\DRIVERS\AGRSM.sys
    17:58:23.0957 27680 AgereSoftModem - ok
    17:58:24.0012 27680 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
    17:58:24.0015 27680 agp440 - ok
    17:58:24.0065 27680 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
    17:58:24.0067 27680 aic78xx - ok
    17:58:24.0243 27680 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
    17:58:24.0247 27680 aliide - ok
    17:58:24.0319 27680 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
    17:58:24.0324 27680 amdagp - ok
    17:58:24.0497 27680 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
    17:58:24.0498 27680 amdide - ok
    17:58:24.0543 27680 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
    17:58:24.0547 27680 AmdK8 - ok
    17:58:24.0565 27680 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
    17:58:24.0568 27680 AmdPPM - ok
    17:58:24.0624 27680 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
    17:58:24.0627 27680 amdsata - ok
    17:58:24.0655 27680 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
    17:58:24.0660 27680 amdsbs - ok
    17:58:24.0708 27680 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
    17:58:24.0709 27680 amdxata - ok
    17:58:24.0770 27680 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
    17:58:24.0773 27680 AppID - ok
    17:58:24.0953 27680 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
    17:58:24.0957 27680 arc - ok
    17:58:24.0974 27680 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
    17:58:24.0978 27680 arcsas - ok
    17:58:25.0017 27680 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
    17:58:25.0019 27680 AsyncMac - ok
    17:58:25.0137 27680 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
    17:58:25.0138 27680 atapi - ok
    17:58:25.0225 27680 athr (7d0a662d7b116169854b4ec941a7822d) C:\windows\system32\DRIVERS\athr.sys
    17:58:25.0260 27680 athr - ok
    17:58:25.0544 27680 atikmdag (745c79700646c3f285cd09775618a04b) C:\windows\system32\DRIVERS\atikmdag.sys
    17:58:25.0658 27680 atikmdag - ok
    17:58:25.0823 27680 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
    17:58:25.0831 27680 b06bdrv - ok
    17:58:25.0868 27680 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
    17:58:25.0874 27680 b57nd60x - ok
    17:58:26.0004 27680 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
    17:58:26.0007 27680 Beep - ok
    17:58:26.0045 27680 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
    17:58:26.0047 27680 blbdrive - ok
    17:58:26.0117 27680 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
    17:58:26.0118 27680 bowser - ok
    17:58:26.0173 27680 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
    17:58:26.0175 27680 BrFiltLo - ok
    17:58:26.0192 27680 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
    17:58:26.0195 27680 BrFiltUp - ok
    17:58:26.0222 27680 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
    17:58:26.0228 27680 Brserid - ok
    17:58:26.0248 27680 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
    17:58:26.0251 27680 BrSerWdm - ok
    17:58:26.0271 27680 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
    17:58:26.0274 27680 BrUsbMdm - ok
    17:58:26.0289 27680 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
    17:58:26.0292 27680 BrUsbSer - ok
    17:58:26.0377 27680 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
    17:58:26.0379 27680 BthEnum - ok
    17:58:26.0444 27680 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
    17:58:26.0446 27680 BTHMODEM - ok
    17:58:26.0525 27680 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
    17:58:26.0529 27680 BthPan - ok
    17:58:26.0621 27680 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys
    17:58:26.0630 27680 BTHPORT - ok
    17:58:26.0747 27680 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys
    17:58:26.0751 27680 BTHUSB - ok
    17:58:26.0848 27680 catchme - ok
    17:58:26.0963 27680 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
    17:58:26.0964 27680 cdfs - ok
    17:58:27.0121 27680 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
    17:58:27.0124 27680 cdrom - ok
    17:58:27.0270 27680 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
    17:58:27.0272 27680 circlass - ok
    17:58:27.0303 27680 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
    17:58:27.0308 27680 CLFS - ok
    17:58:27.0383 27680 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
    17:58:27.0386 27680 CmBatt - ok
    17:58:27.0449 27680 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
    17:58:27.0451 27680 cmdide - ok
    17:58:27.0478 27680 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
    17:58:27.0484 27680 CNG - ok
    17:58:27.0503 27680 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
    17:58:27.0504 27680 Compbatt - ok
    17:58:27.0773 27680 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
    17:58:27.0778 27680 CompositeBus - ok
    17:58:27.0908 27680 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
    17:58:27.0910 27680 crcdisk - ok
    17:58:27.0986 27680 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
    17:58:27.0988 27680 DfsC - ok
    17:58:28.0148 27680 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
    17:58:28.0150 27680 discache - ok
    17:58:28.0209 27680 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
    17:58:28.0212 27680 Disk - ok
    17:58:28.0252 27680 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
    17:58:28.0254 27680 drmkaud - ok
    17:58:28.0330 27680 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
    17:58:28.0353 27680 DXGKrnl - ok
    17:58:28.0501 27680 eamonm (04238864710460c5682e260207d06192) C:\windows\system32\DRIVERS\eamonm.sys
    17:58:28.0506 27680 eamonm - ok
    17:58:28.0718 27680 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
    17:58:28.0821 27680 ebdrv - ok
    17:58:29.0060 27680 ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) C:\windows\system32\DRIVERS\ehdrv.sys
    17:58:29.0067 27680 ehdrv - ok
    17:58:29.0275 27680 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
    17:58:29.0285 27680 elxstor - ok
    17:58:29.0436 27680 epfw (5ba193ca0ae31209aaa39939ce6736b2) C:\windows\system32\DRIVERS\epfw.sys
    17:58:29.0440 27680 epfw - ok
    17:58:29.0626 27680 EpfwLWF (9cefd59c8e5ebfb48165aef54617f539) C:\windows\system32\DRIVERS\EpfwLWF.sys
    17:58:29.0629 27680 EpfwLWF - ok
    17:58:29.0791 27680 epfwwfp (7144a06ac105a2a7302944602e415ec1) C:\windows\system32\DRIVERS\epfwwfp.sys
    17:58:29.0792 27680 epfwwfp - ok
    17:58:29.0834 27680 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
    17:58:29.0836 27680 ErrDev - ok
    17:58:29.0972 27680 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
    17:58:29.0976 27680 exfat - ok
    17:58:30.0002 27680 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
    17:58:30.0007 27680 fastfat - ok
    17:58:30.0126 27680 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
    17:58:30.0129 27680 fdc - ok
    17:58:30.0176 27680 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
    17:58:30.0178 27680 FileInfo - ok
    17:58:30.0195 27680 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
    17:58:30.0198 27680 Filetrace - ok
    17:58:30.0216 27680 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
    17:58:30.0219 27680 flpydisk - ok
    17:58:30.0249 27680 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
    17:58:30.0253 27680 FltMgr - ok
    17:58:30.0295 27680 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
    17:58:30.0298 27680 FsDepends - ok
    17:58:30.0362 27680 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys
    17:58:30.0365 27680 fssfltr - ok
    17:58:30.0469 27680 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
    17:58:30.0472 27680 Fs_Rec - ok
    17:58:30.0546 27680 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
    17:58:30.0551 27680 fvevol - ok
    17:58:30.0690 27680 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
    17:58:30.0693 27680 gagp30kx - ok
    17:58:30.0754 27680 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
    17:58:30.0756 27680 GEARAspiWDM - ok
    17:58:30.0925 27680 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
    17:58:30.0928 27680 hcw85cir - ok
    17:58:30.0987 27680 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
    17:58:30.0993 27680 HdAudAddService - ok
    17:58:31.0062 27680 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
    17:58:31.0066 27680 HDAudBus - ok
    17:58:31.0106 27680 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
    17:58:31.0108 27680 HidBatt - ok
    17:58:31.0137 27680 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
    17:58:31.0139 27680 HidBth - ok
    17:58:31.0164 27680 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
    17:58:31.0167 27680 HidIr - ok
    17:58:31.0239 27680 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\DRIVERS\hidusb.sys
    17:58:31.0241 27680 HidUsb - ok
    17:58:31.0350 27680 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
    17:58:31.0355 27680 HpSAMD - ok
    17:58:31.0429 27680 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
    17:58:31.0438 27680 HTTP - ok
    17:58:31.0483 27680 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
    17:58:31.0484 27680 hwpolicy - ok
    17:58:31.0564 27680 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
    17:58:31.0567 27680 i8042prt - ok
    17:58:31.0614 27680 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
    17:58:31.0616 27680 iaStor - ok
    17:58:31.0709 27680 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
    17:58:31.0715 27680 iaStorV - ok
    17:58:31.0959 27680 igfx (ad626f6964f4d364d226c39e06872dd3) C:\windows\system32\DRIVERS\igdkmd32.sys
    17:58:32.0082 27680 igfx - ok
    17:58:32.0221 27680 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
    17:58:32.0224 27680 iirsp - ok
    17:58:32.0368 27680 IntcAzAudAddService (db96b8bd676bb24bd4f1dc53ca1f182c) C:\windows\system32\drivers\RTKVHDA.sys
    17:58:32.0465 27680 IntcAzAudAddService - ok
    17:58:32.0616 27680 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
    17:58:32.0617 27680 intelide - ok
    17:58:32.0657 27680 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
    17:58:32.0658 27680 intelppm - ok
    17:58:32.0769 27680 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
    17:58:32.0772 27680 IpFilterDriver - ok
    17:58:32.0837 27680 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
    17:58:32.0841 27680 IPMIDRV - ok
    17:58:32.0894 27680 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
    17:58:32.0897 27680 IPNAT - ok
    17:58:33.0052 27680 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
    17:58:33.0054 27680 IRENUM - ok
    17:58:33.0103 27680 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
    17:58:33.0106 27680 isapnp - ok
    17:58:33.0131 27680 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
    17:58:33.0137 27680 iScsiPrt - ok
    17:58:33.0299 27680 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
    17:58:33.0304 27680 kbdclass - ok
    17:58:33.0363 27680 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
    17:58:33.0368 27680 kbdhid - ok
    17:58:33.0439 27680 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\windows\system32\Drivers\ksecdd.sys
    17:58:33.0442 27680 KSecDD - ok
    17:58:33.0477 27680 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\windows\system32\Drivers\ksecpkg.sys
    17:58:33.0481 27680 KSecPkg - ok
    17:58:33.0550 27680 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
    17:58:33.0552 27680 lltdio - ok
    17:58:33.0622 27680 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
    17:58:33.0625 27680 LSI_FC - ok
    17:58:33.0681 27680 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
    17:58:33.0683 27680 LSI_SAS - ok
    17:58:33.0701 27680 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
    17:58:33.0703 27680 LSI_SAS2 - ok
    17:58:33.0733 27680 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
    17:58:33.0736 27680 LSI_SCSI - ok
    17:58:33.0769 27680 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
    17:58:33.0773 27680 luafv - ok
    17:58:33.0931 27680 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
    17:58:33.0934 27680 megasas - ok
    17:58:33.0966 27680 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
    17:58:33.0971 27680 MegaSR - ok
    17:58:33.0992 27680 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
    17:58:33.0993 27680 Modem - ok
    17:58:34.0031 27680 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
    17:58:34.0032 27680 monitor - ok
    17:58:34.0172 27680 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
    17:58:34.0175 27680 mouclass - ok
    17:58:34.0224 27680 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
    17:58:34.0226 27680 mouhid - ok
    17:58:34.0359 27680 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
    17:58:34.0364 27680 mountmgr - ok
    17:58:34.0425 27680 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
    17:58:34.0429 27680 mpio - ok
    17:58:34.0458 27680 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
    17:58:34.0461 27680 mpsdrv - ok
    17:58:34.0514 27680 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
    17:58:34.0518 27680 MRxDAV - ok
    17:58:34.0570 27680 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
    17:58:34.0575 27680 mrxsmb - ok
    17:58:34.0634 27680 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
    17:58:34.0638 27680 mrxsmb10 - ok
    17:58:34.0686 27680 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
    17:58:34.0689 27680 mrxsmb20 - ok
    17:58:34.0732 27680 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
    17:58:34.0734 27680 msahci - ok
    17:58:34.0757 27680 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
    17:58:34.0761 27680 msdsm - ok
    17:58:34.0888 27680 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
    17:58:34.0889 27680 Msfs - ok
    17:58:34.0908 27680 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
    17:58:34.0911 27680 mshidkmdf - ok
    17:58:34.0964 27680 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
    17:58:34.0965 27680 msisadrv - ok
    17:58:35.0084 27680 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
    17:58:35.0087 27680 MSKSSRV - ok
    17:58:35.0103 27680 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
    17:58:35.0105 27680 MSPCLOCK - ok
    17:58:35.0128 27680 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
    17:58:35.0129 27680 MSPQM - ok
    17:58:35.0153 27680 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
    17:58:35.0157 27680 MsRPC - ok
    17:58:35.0286 27680 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
    17:58:35.0287 27680 mssmbios - ok
    17:58:35.0343 27680 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
    17:58:35.0346 27680 MSTEE - ok
    17:58:35.0386 27680 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
    17:58:35.0389 27680 MTConfig - ok
    17:58:35.0424 27680 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
    17:58:35.0426 27680 Mup - ok
    17:58:35.0554 27680 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
    17:58:35.0560 27680 NativeWifiP - ok
    17:58:35.0634 27680 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
    17:58:35.0659 27680 NDIS - ok
    17:58:35.0775 27680 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
    17:58:35.0778 27680 NdisCap - ok
    17:58:35.0803 27680 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
    17:58:35.0806 27680 NdisTapi - ok
    17:58:35.0952 27680 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
    17:58:35.0962 27680 Ndisuio - ok
    17:58:36.0015 27680 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
    17:58:36.0018 27680 NdisWan - ok
    17:58:36.0065 27680 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
    17:58:36.0069 27680 NDProxy - ok
    17:58:36.0111 27680 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
    17:58:36.0113 27680 NetBIOS - ok
    17:58:36.0260 27680 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
    17:58:36.0264 27680 NetBT - ok
    17:58:36.0395 27680 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
    17:58:36.0398 27680 nfrd960 - ok
    17:58:36.0575 27680 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\windows\system32\drivers\npf.sys
    17:58:36.0578 27680 NPF - ok
    17:58:36.0622 27680 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
    17:58:36.0624 27680 Npfs - ok
    17:58:36.0646 27680 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
    17:58:36.0648 27680 nsiproxy - ok
    17:58:36.0755 27680 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
    17:58:36.0789 27680 Ntfs - ok
    17:58:37.0020 27680 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
    17:58:37.0021 27680 Null - ok
    17:58:37.0210 27680 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
    17:58:37.0216 27680 nvraid - ok
    17:58:37.0357 27680 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
    17:58:37.0362 27680 nvstor - ok
    17:58:37.0418 27680 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
    17:58:37.0421 27680 nv_agp - ok
    17:58:37.0579 27680 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
    17:58:37.0584 27680 ohci1394 - ok
    17:58:37.0630 27680 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
    17:58:37.0632 27680 Parport - ok
    17:58:37.0676 27680 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys
    17:58:37.0678 27680 partmgr - ok
    17:58:37.0694 27680 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
    17:58:37.0696 27680 Parvdm - ok
    17:58:37.0757 27680 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
    17:58:37.0760 27680 pci - ok
    17:58:37.0804 27680 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
    17:58:37.0806 27680 pciide - ok
    17:58:37.0838 27680 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
    17:58:37.0843 27680 pcmcia - ok
    17:58:37.0864 27680 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
    17:58:37.0866 27680 pcw - ok
    17:58:37.0900 27680 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
    17:58:37.0909 27680 PEAUTH - ok
    17:58:38.0065 27680 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
    17:58:38.0069 27680 PptpMiniport - ok
    17:58:38.0094 27680 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
    17:58:38.0097 27680 Processor - ok
    17:58:38.0165 27680 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
    17:58:38.0168 27680 Psched - ok
    17:58:38.0206 27680 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
    17:58:38.0240 27680 ql2300 - ok
    17:58:38.0265 27680 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
    17:58:38.0269 27680 ql40xx - ok
    17:58:38.0295 27680 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
    17:58:38.0297 27680 QWAVEdrv - ok
    17:58:38.0332 27680 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
    17:58:38.0334 27680 RasAcd - ok
    17:58:38.0468 27680 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
    17:58:38.0471 27680 RasAgileVpn - ok
    17:58:38.0619 27680 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
    17:58:38.0622 27680 Rasl2tp - ok
    17:58:38.0750 27680 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
    17:58:38.0753 27680 RasPppoe - ok
    17:58:38.0778 27680 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
    17:58:38.0781 27680 RasSstp - ok
    17:58:38.0842 27680 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
    17:58:38.0847 27680 rdbss - ok
    17:58:38.0883 27680 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
    17:58:38.0886 27680 rdpbus - ok
    17:58:38.0938 27680 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
    17:58:38.0939 27680 RDPCDD - ok
    17:58:38.0998 27680 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
    17:58:39.0000 27680 RDPENCDD - ok
    17:58:39.0019 27680 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
    17:58:39.0021 27680 RDPREFMP - ok
    17:58:39.0105 27680 RDPWD (288b06960d78428ff89e811632684e20) C:\windows\system32\drivers\RDPWD.sys
    17:58:39.0110 27680 RDPWD - ok
    17:58:39.0256 27680 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
    17:58:39.0261 27680 rdyboost - ok
    17:58:39.0400 27680 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
    17:58:39.0403 27680 RFCOMM - ok
    17:58:39.0573 27680 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
    17:58:39.0574 27680 rspndr - ok
    17:58:39.0601 27680 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\windows\system32\DRIVERS\Rt86win7.sys
    17:58:39.0606 27680 RTL8167 - ok
    17:58:39.0733 27680 SABI (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys
    17:58:39.0736 27680 SABI - ok
    17:58:39.0793 27680 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
    17:58:39.0797 27680 sbp2port - ok
    17:58:39.0847 27680 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
    17:58:39.0849 27680 scfilter - ok
    17:58:40.0000 27680 SDHookDriver (47dd7bb6b72a5f49e01f53597bcaeac7) C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys
    17:58:40.0003 27680 SDHookDriver - ok
    17:58:40.0140 27680 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
    17:58:40.0141 27680 secdrv - ok
    17:58:40.0290 27680 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
    17:58:40.0619 27680 Serenum - ok
    17:58:40.0859 27680 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
    17:58:40.0863 27680 Serial - ok
    17:58:40.0915 27680 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
    17:58:40.0923 27680 sermouse - ok
    17:58:41.0007 27680 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
    17:58:41.0010 27680 sffdisk - ok
    17:58:41.0034 27680 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
    17:58:41.0037 27680 sffp_mmc - ok
    17:58:41.0055 27680 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
    17:58:41.0058 27680 sffp_sd - ok
    17:58:41.0086 27680 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
    17:58:41.0089 27680 sfloppy - ok
    17:58:41.0149 27680 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
    17:58:41.0151 27680 sisagp - ok
    17:58:41.0289 27680 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
    17:58:41.0293 27680 SiSRaid2 - ok
    17:58:41.0313 27680 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
    17:58:41.0316 27680 SiSRaid4 - ok
    17:58:41.0351 27680 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
    17:58:41.0353 27680 Smb - ok
    17:58:41.0394 27680 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
    17:58:41.0395 27680 spldr - ok
    17:58:41.0460 27680 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
    17:58:41.0464 27680 srv - ok
    17:58:41.0500 27680 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
    17:58:41.0506 27680 srv2 - ok
    17:58:41.0535 27680 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
    17:58:41.0538 27680 srvnet - ok
    17:58:41.0580 27680 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
    17:58:41.0582 27680 stexstor - ok
    17:58:41.0629 27680 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
    17:58:41.0631 27680 swenum - ok
    17:58:41.0775 27680 SynTP (069e5728e565bd401347cb94732c4733) C:\windows\system32\DRIVERS\SynTP.sys
    17:58:41.0780 27680 SynTP - ok
    17:58:41.0892 27680 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\drivers\tcpip.sys
    17:58:41.0927 27680 Tcpip - ok
    17:58:42.0101 27680 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\DRIVERS\tcpip.sys
    17:58:42.0114 27680 TCPIP6 - ok
    17:58:42.0263 27680 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
    17:58:42.0266 27680 tcpipreg - ok
    17:58:42.0326 27680 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
    17:58:42.0329 27680 TDPIPE - ok
    17:58:42.0378 27680 TDTCP (2c10395baa4847f83042813c515cc289) C:\windows\system32\drivers\tdtcp.sys
    17:58:42.0379 27680 TDTCP - ok
    17:58:42.0432 27680 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
    17:58:42.0437 27680 tdx - ok
    17:58:42.0497 27680 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
    17:58:42.0499 27680 TermDD - ok
    17:58:42.0696 27680 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
    17:58:42.0701 27680 tssecsrv - ok
    17:58:42.0768 27680 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
    17:58:42.0772 27680 TsUsbFlt - ok
    17:58:42.0843 27680 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
    17:58:42.0847 27680 tunnel - ok
    17:58:42.0874 27680 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
    17:58:42.0877 27680 uagp35 - ok
    17:58:42.0930 27680 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
    17:58:42.0935 27680 udfs - ok
    17:58:42.0987 27680 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
    17:58:42.0991 27680 uliagpkx - ok
    17:58:43.0061 27680 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
    17:58:43.0066 27680 umbus - ok
    17:58:43.0194 27680 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
    17:58:43.0197 27680 UmPass - ok
    17:58:43.0264 27680 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\windows\system32\Drivers\usbaapl.sys
    17:58:43.0267 27680 USBAAPL - ok
    17:58:43.0336 27680 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
    17:58:43.0341 27680 usbccgp - ok
    17:58:43.0447 27680 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
    17:58:43.0450 27680 usbcir - ok
    17:58:43.0589 27680 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\DRIVERS\usbehci.sys
    17:58:43.0592 27680 usbehci - ok
    17:58:43.0660 27680 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
    17:58:43.0665 27680 usbhub - ok
    17:58:43.0777 27680 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
    17:58:43.0779 27680 usbohci - ok
    17:58:43.0808 27680 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
    17:58:43.0811 27680 usbprint - ok
    17:58:43.0895 27680 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
    17:58:43.0898 27680 usbscan - ok
    17:58:43.0962 27680 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
    17:58:43.0968 27680 USBSTOR - ok
    17:58:44.0031 27680 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\DRIVERS\usbuhci.sys
    17:58:44.0033 27680 usbuhci - ok
    17:58:44.0183 27680 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
    17:58:44.0188 27680 usbvideo - ok
    17:58:44.0253 27680 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
    17:58:44.0256 27680 vdrvroot - ok
    17:58:44.0300 27680 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
    17:58:44.0303 27680 vga - ok
    17:58:44.0321 27680 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
    17:58:44.0324 27680 VgaSave - ok
    17:58:44.0383 27680 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
    17:58:44.0389 27680 vhdmp - ok
    17:58:44.0532 27680 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
    17:58:44.0536 27680 viaagp - ok
    17:58:44.0571 27680 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
    17:58:44.0575 27680 ViaC7 - ok
    17:58:44.0643 27680 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
    17:58:44.0646 27680 viaide - ok
    17:58:44.0672 27680 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
    17:58:44.0674 27680 volmgr - ok
    17:58:44.0697 27680 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
    17:58:44.0703 27680 volmgrx - ok
    17:58:44.0754 27680 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
    17:58:44.0760 27680 volsnap - ok
    17:58:44.0806 27680 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
    17:58:44.0811 27680 vsmraid - ok
    17:58:44.0917 27680 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
    17:58:44.0918 27680 vwifibus - ok
    17:58:44.0942 27680 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
    17:58:44.0945 27680 vwififlt - ok
    17:58:44.0985 27680 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
    17:58:44.0988 27680 WacomPen - ok
    17:58:45.0056 27680 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
    17:58:45.0060 27680 WANARP - ok
    17:58:45.0065 27680 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
    17:58:45.0067 27680 Wanarpv6 - ok
    17:58:45.0155 27680 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
    17:58:45.0156 27680 Wd - ok
    17:58:45.0190 27680 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
    17:58:45.0197 27680 Wdf01000 - ok
    17:58:45.0354 27680 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
    17:58:45.0356 27680 WfpLwf - ok
    17:58:45.0372 27680 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
    17:58:45.0375 27680 WIMMount - ok
    17:58:45.0570 27680 WINUSB (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\drivers\WinUSB.SYS
    17:58:45.0576 27680 WINUSB - ok
    17:58:45.0647 27680 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
    17:58:45.0650 27680 WmiAcpi - ok
    17:58:45.0812 27680 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
    17:58:45.0815 27680 ws2ifsl - ok
    17:58:45.0912 27680 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
    17:58:45.0915 27680 WudfPf - ok
    17:58:45.0978 27680 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
    17:58:45.0982 27680 WUDFRd - ok
    17:58:46.0128 27680 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\windows\system32\DRIVERS\yk62x86.sys
    17:58:46.0135 27680 yukonw7 - ok
    17:58:46.0180 27680 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
    17:58:46.0420 27680 \Device\Harddisk0\DR0 - ok
    17:58:46.0426 27680 Boot (0x1200) (35ad429c41eabd3cb5aa0c137174f74e) \Device\Harddisk0\DR0\Partition0
    17:58:46.0428 27680 \Device\Harddisk0\DR0\Partition0 - ok
    17:58:46.0478 27680 Boot (0x1200) (8ef57f636c3472629962a8279554bffc) \Device\Harddisk0\DR0\Partition1
    17:58:46.0480 27680 \Device\Harddisk0\DR0\Partition1 - ok
    17:58:46.0511 27680 Boot (0x1200) (18763aeac0ee39fec1defec9b7171ab2) \Device\Harddisk0\DR0\Partition2
    17:58:46.0515 27680 \Device\Harddisk0\DR0\Partition2 - ok
    17:58:46.0515 27680 ============================================================
    17:58:46.0515 27680 Scan finished
    17:58:46.0515 27680 ============================================================
    17:58:46.0531 27692 Detected object count: 0
    17:58:46.0531 27692 Actual detected object count: 0
    17:59:27.0807 27284 Deinitialize success
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules