system
17
2011/07/15 00:58:14.0859 0424 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/15 00:58:15.0093 0424 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/15 00:58:15.0234 0424 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/15 00:58:15.0312 0424 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/15 00:58:15.0375 0424 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/15 00:58:15.0500 0424 tifm21 (9179e07503630d6fb2e4162ff0196191) C:\WINDOWS\system32\drivers\tifm21.sys
2011/07/15 00:58:15.0578 0424 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/07/15 00:58:15.0703 0424 UDFReadr (e3f66ac25ac2a0b7fda19df4651def82) C:\WINDOWS\system32\drivers\UDFReadr.sys
2011/07/15 00:58:15.0922 0424 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/15 00:58:16.0015 0424 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/07/15 00:58:16.0109 0424 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/15 00:58:16.0328 0424 USBAAPL (60a68a5ea173a97971ee9f1ff49eb2b3) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/07/15 00:58:16.0375 0424 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/15 00:58:16.0453 0424 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/15 00:58:16.0515 0424 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/15 00:58:16.0578 0424 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/07/15 00:58:16.0640 0424 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/07/15 00:58:16.0687 0424 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/15 00:58:16.0750 0424 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/15 00:58:16.0922 0424 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/15 00:58:17.0000 0424 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/07/15 00:58:17.0047 0424 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/07/15 00:58:17.0093 0424 VolSnap (7c38f81f40d61d1607ddb62fe5817bb9) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/15 00:58:17.0109 0424 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7c38f81f40d61d1607ddb62fe5817bb9, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
2011/07/15 00:58:17.0125 0424 VolSnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/07/15 00:58:17.0187 0424 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/15 00:58:17.0281 0424 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/07/15 00:58:17.0406 0424 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/15 00:58:17.0547 0424 winachsf (5ea185425bfcbc2d4b96d673d8c4deaf) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/07/15 00:58:17.0890 0424 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/07/15 00:58:18.0094 0424 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/07/15 00:58:18.0281 0424 yukonwxp (4322c32ced8c4772e039616dcbf01d3f) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
2011/07/15 00:58:18.0359 0424 MBR (0x1B8) (b20939cd98b7710036274839082ae757) \Device\Harddisk0\DR0
2011/07/15 00:58:18.0406 0424 Boot (0x1200) (721545867655d71e23427f93f7dadcc1) \Device\Harddisk0\DR0\Partition0
2011/07/15 00:58:18.0437 0424 Boot (0x1200) (31fef3c3c6f88dd25df20cb93a518dab) \Device\Harddisk0\DR0\Partition1
2011/07/15 00:58:18.0453 0424 ================================================================================
2011/07/15 00:58:18.0453 0424 Scan finished
2011/07/15 00:58:18.0453 0424 ================================================================================
2011/07/15 00:58:18.0500 3748 Detected object count: 1
2011/07/15 00:58:18.0500 3748 Actual detected object count: 1
2011/07/15 00:59:36.0645 3748 VolSnap (7c38f81f40d61d1607ddb62fe5817bb9) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/15 00:59:36.0645 3748 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7c38f81f40d61d1607ddb62fe5817bb9, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
2011/07/15 00:59:37.0270 3748 Backup copy not found, trying to cure infected file…
2011/07/15 00:59:37.0270 3748 Cure success, using it…
2011/07/15 00:59:37.0364 3748 C:\WINDOWS\system32\drivers\VolSnap.sys - will be cured after reboot
2011/07/15 00:59:37.0364 3748 Rootkit.Win32.TDSS.tdl3(VolSnap) - User select action: Cure
2011/07/15 00:59:57.0521 2936 Deinitialize success