Avast znalazł ROOTKITA

[Zdziwiony 0]

Witam. Przed chwilą AVAST wyświetlił mi ten oto komunikat: link

I tu moje pytanie czy to żeczywiście rootkit czy fauszywy alarm ?

Usunąć ten plik czy nie ?

Dodam, że wczoraj wszystko było ok. Dawałem nawet znajomemu log z OTL(wczoraj!) do sprawdzenia i podobno było ok.

Mój system windows 7 Home premium (legalny)

Antywirus: Avast 7 free

 

Proszę o pomoc

[filutka78 11]

Daj log z >TDSSKiller

 

F.

[Zdziwiony 0]

Ten program nic nie znalazł.

 

LOG:

16:53:54.0389 1112 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24

16:53:54.0627 1112 ============================================================

16:53:54.0627 1112 Current date / time: 2012/10/01 16:53:54.0627

16:53:54.0627 1112 SystemInfo:

16:53:54.0627 1112

16:53:54.0627 1112 OS Version: 6.1.7601 ServicePack: 1.0

16:53:54.0627 1112 Product type: Workstation

16:53:54.0627 1112 ComputerName: ŁUKASZ-KOMPUTER

16:53:54.0628 1112 UserName: Łukasz

16:53:54.0628 1112 Windows directory: C:\Windows

16:53:54.0628 1112 System windows directory: C:\Windows

16:53:54.0628 1112 Running under WOW64

16:53:54.0628 1112 Processor architecture: Intel x64

16:53:54.0628 1112 Number of processors: 2

16:53:54.0628 1112 Page size: 0x1000

16:53:54.0628 1112 Boot type: Normal boot

16:53:54.0628 1112 ============================================================

16:53:55.0346 1112 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0x38080, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040

16:53:55.0453 1112 ============================================================

16:53:55.0453 1112 \Device\Harddisk0\DR0:

16:53:55.0453 1112 MBR partitions:

16:53:55.0453 1112 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

16:53:55.0453 1112 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31D800

16:53:55.0453 1112 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC350000, BlocksNum 0x2E035800

16:53:55.0453 1112 ============================================================

16:53:55.0485 1112 C: <-> \Device\Harddisk0\DR0\Partition2

16:53:55.0515 1112 D: <-> \Device\Harddisk0\DR0\Partition3

16:53:55.0515 1112 ============================================================

16:53:55.0515 1112 Initialize success

16:53:55.0515 1112 ============================================================

16:53:56.0470 1532 ============================================================

16:53:56.0470 1532 Scan started

16:53:56.0470 1532 Mode: Manual;

16:53:56.0470 1532 ============================================================

16:53:57.0017 1532 ================ Scan system memory ========================

16:53:57.0017 1532 System memory - ok

16:53:57.0018 1532 ================ Scan services =============================

16:53:57.0147 1532 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

16:53:57.0149 1532 1394ohci - ok

16:53:57.0220 1532 [ 3044D0F3FEB9FFE8BC953D8F34B5B504 ] A2DDA D:\Emsisoft\Run\a2ddax64.sys

16:53:57.0221 1532 A2DDA - ok

16:53:57.0250 1532 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

16:53:57.0254 1532 ACPI - ok

16:53:57.0261 1532 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

16:53:57.0262 1532 AcpiPmi - ok

16:53:57.0341 1532 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

16:53:57.0342 1532 AdobeARMservice - ok

16:53:57.0440 1532 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

16:53:57.0442 1532 AdobeFlashPlayerUpdateSvc - ok

16:53:57.0493 1532 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

16:53:57.0497 1532 adp94xx - ok

16:53:57.0518 1532 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys

16:53:57.0521 1532 adpahci - ok

16:53:57.0542 1532 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

16:53:57.0545 1532 adpu320 - ok

16:53:57.0574 1532 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

16:53:57.0575 1532 AeLookupSvc - ok

16:53:57.0625 1532 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

16:53:57.0630 1532 AFD - ok

16:53:57.0649 1532 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

16:53:57.0650 1532 agp440 - ok

16:53:57.0670 1532 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

16:53:57.0672 1532 ALG - ok

16:53:57.0678 1532 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

16:53:57.0680 1532 aliide - ok

16:53:57.0720 1532 [ B3B263B419FC9E7B1D41E61FDAE45BD9 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

16:53:57.0723 1532 AMD External Events Utility - ok

16:53:57.0791 1532 AMD FUEL Service - ok

16:53:57.0805 1532 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

16:53:57.0806 1532 amdide - ok

16:53:57.0829 1532 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys

16:53:57.0830 1532 amdiox64 - ok

16:53:57.0858 1532 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

16:53:57.0859 1532 AmdK8 - ok

16:53:58.0042 1532 [ 9A6E9363F7A5E5A06629D9DDC76EE6B5 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys

16:53:58.0114 1532 amdkmdag - ok

16:53:58.0142 1532 [ 957A4C13E1981B1701E600EF1E823C68 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys

16:53:58.0146 1532 amdkmdap - ok

16:53:58.0161 1532 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys

16:53:58.0162 1532 AmdPPM - ok

16:53:58.0189 1532 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

16:53:58.0190 1532 amdsata - ok

16:53:58.0220 1532 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

16:53:58.0222 1532 amdsbs - ok

16:53:58.0242 1532 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

16:53:58.0243 1532 amdxata - ok

16:53:58.0283 1532 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

16:53:58.0284 1532 AppID - ok

16:53:58.0305 1532 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

16:53:58.0307 1532 AppIDSvc - ok

16:53:58.0325 1532 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

16:53:58.0326 1532 Appinfo - ok

16:53:58.0334 1532 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys

16:53:58.0336 1532 arc - ok

16:53:58.0345 1532 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys

16:53:58.0346 1532 arcsas - ok

16:53:58.0408 1532 [ 68726474C69B738EAC3A62E06B33ADDC ] AsIO C:\Windows\syswow64\drivers\AsIO.sys

16:53:58.0409 1532 AsIO - ok

16:53:58.0446 1532 [ 55142B4F7A7E4C9C151C6000A6BF7809 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys

16:53:58.0447 1532 aswFsBlk - ok

16:53:58.0478 1532 [ AA9FDE3D630160B47DAB21BF8250111C ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys

16:53:58.0479 1532 aswMonFlt - ok

16:53:58.0485 1532 [ 2A6675C24DF5159A9506CD13ECE5ABE9 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys

16:53:58.0486 1532 aswRdr - ok

16:53:58.0510 1532 [ 4E38475BDB51A867CCBA7D5DF7FDFC0C ] aswSnx C:\Windows\system32\drivers\aswSnx.sys

16:53:58.0517 1532 aswSnx - ok

16:53:58.0548 1532 [ 9A49D80D65451AF22913AEF772CC3DA9 ] aswSP C:\Windows\system32\drivers\aswSP.sys

16:53:58.0552 1532 aswSP - ok

16:53:58.0560 1532 [ C3EC420451AC5300A22190AE38418FBA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys

16:53:58.0561 1532 aswTdi - ok

16:53:58.0574 1532 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

16:53:58.0575 1532 AsyncMac - ok

16:53:58.0582 1532 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

16:53:58.0584 1532 atapi - ok

16:53:58.0607 1532 [ 940E5B876251E04FFFE058AD71FE0F1C ] AtcL001 C:\Windows\system32\DRIVERS\l160x64.sys

16:53:58.0608 1532 AtcL001 - ok

16:53:58.0655 1532 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys

16:53:58.0656 1532 AtiHDAudioService - ok

16:53:58.0708 1532 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

16:53:58.0714 1532 AudioEndpointBuilder - ok

16:53:58.0733 1532 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

16:53:58.0738 1532 AudioSrv - ok

16:53:58.0775 1532 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe

16:53:58.0776 1532 avast! Antivirus - ok

16:53:58.0805 1532 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

16:53:58.0807 1532 AxInstSV - ok

16:53:58.0838 1532 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys

16:53:58.0843 1532 b06bdrv - ok

16:53:58.0861 1532 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

16:53:58.0864 1532 b57nd60a - ok

16:53:58.0883 1532 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

16:53:58.0885 1532 BDESVC - ok

16:53:58.0899 1532 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

16:53:58.0899 1532 Beep - ok

16:53:58.0945 1532 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

16:53:58.0951 1532 BFE - ok

16:53:58.0991 1532 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

16:53:59.0001 1532 BITS - ok

16:53:59.0022 1532 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

16:53:59.0024 1532 blbdrive - ok

16:53:59.0052 1532 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

16:53:59.0054 1532 bowser - ok

16:53:59.0086 1532 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

16:53:59.0087 1532 BrFiltLo - ok

16:53:59.0094 1532 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

16:53:59.0095 1532 BrFiltUp - ok

16:53:59.0123 1532 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

16:53:59.0125 1532 Browser - ok

16:53:59.0136 1532 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

16:53:59.0139 1532 Brserid - ok

16:53:59.0146 1532 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

16:53:59.0148 1532 BrSerWdm - ok

16:53:59.0153 1532 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

16:53:59.0155 1532 BrUsbMdm - ok

16:53:59.0162 1532 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

16:53:59.0163 1532 BrUsbSer - ok

16:53:59.0210 1532 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Program Files (x86)\Browny02\BrYNSvc.exe

16:53:59.0213 1532 BrYNSvc - ok

16:53:59.0220 1532 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

16:53:59.0222 1532 BTHMODEM - ok

16:53:59.0259 1532 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

16:53:59.0260 1532 bthserv - ok

16:53:59.0278 1532 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

16:53:59.0280 1532 cdfs - ok

16:53:59.0307 1532 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

16:53:59.0310 1532 cdrom - ok

16:53:59.0332 1532 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

16:53:59.0335 1532 CertPropSvc - ok

16:53:59.0352 1532 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys

16:53:59.0353 1532 circlass - ok

16:53:59.0370 1532 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

16:53:59.0375 1532 CLFS - ok

16:53:59.0441 1532 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

16:53:59.0442 1532 clr_optimization_v2.0.50727_32 - ok

16:53:59.0483 1532 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

16:53:59.0484 1532 clr_optimization_v2.0.50727_64 - ok

16:53:59.0542 1532 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

16:53:59.0544 1532 clr_optimization_v4.0.30319_32 - ok

16:53:59.0557 1532 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

16:53:59.0560 1532 clr_optimization_v4.0.30319_64 - ok

16:53:59.0608 1532 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys

16:53:59.0609 1532 CmBatt - ok

16:53:59.0692 1532 [ CEE48CCC4D561DDB19C72F9FB55D28D5 ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

16:53:59.0713 1532 cmdAgent - ok

16:53:59.0754 1532 [ 0599D5A458D4E0E37AB84E9D1C5C73E5 ] cmdGuard C:\Windows\system32\DRIVERS\cmdguard.sys

16:53:59.0759 1532 cmdGuard - ok

16:53:59.0783 1532 [ 2D3E08C7106F748F9EFF3DEC14142D3E ] cmdHlp C:\Windows\system32\DRIVERS\cmdhlp.sys

16:53:59.0784 1532 cmdHlp - ok

16:53:59.0832 1532 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

16:53:59.0833 1532 cmdide - ok

16:53:59.0952 1532 [ 2835BF2A864CDE9184C80CF4E6A485F9 ] cmuda3 C:\Windows\system32\drivers\cmudax3.sys

16:53:59.0961 1532 cmuda3 - ok

16:53:59.0983 1532 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

16:53:59.0988 1532 CNG - ok

16:53:59.0995 1532 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

16:53:59.0996 1532 Compbatt - ok

16:54:00.0019 1532 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

16:54:00.0020 1532 CompositeBus - ok

16:54:00.0043 1532 COMSysApp - ok

16:54:00.0059 1532 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

16:54:00.0060 1532 crcdisk - ok

16:54:00.0093 1532 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll

16:54:00.0096 1532 CryptSvc - ok

16:54:00.0130 1532 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

16:54:00.0139 1532 DcomLaunch - ok

16:54:00.0161 1532 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

16:54:00.0165 1532 defragsvc - ok

16:54:00.0173 1532 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

16:54:00.0176 1532 DfsC - ok

16:54:00.0209 1532 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

16:54:00.0214 1532 Dhcp - ok

16:54:00.0231 1532 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

16:54:00.0232 1532 discache - ok

16:54:00.0248 1532 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys

16:54:00.0250 1532 Disk - ok

16:54:00.0273 1532 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

16:54:00.0276 1532 Dnscache - ok

16:54:00.0290 1532 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

16:54:00.0294 1532 dot3svc - ok

16:54:00.0310 1532 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

16:54:00.0314 1532 DPS - ok

16:54:00.0344 1532 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

16:54:00.0345 1532 drmkaud - ok

16:54:00.0376 1532 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

16:54:00.0384 1532 DXGKrnl - ok

16:54:00.0398 1532 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

16:54:00.0400 1532 EapHost - ok

16:54:00.0467 1532 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys

16:54:00.0491 1532 ebdrv - ok

16:54:00.0509 1532 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

16:54:00.0513 1532 EFS - ok

16:54:00.0569 1532 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

16:54:00.0575 1532 ehRecvr - ok

16:54:00.0586 1532 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

16:54:00.0588 1532 ehSched - ok

16:54:00.0624 1532 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys

16:54:00.0628 1532 elxstor - ok

16:54:00.0648 1532 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

16:54:00.0649 1532 ErrDev - ok

16:54:00.0696 1532 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

16:54:00.0701 1532 EventSystem - ok

16:54:00.0724 1532 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

16:54:00.0727 1532 exfat - ok

16:54:00.0738 1532 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

16:54:00.0741 1532 fastfat - ok

16:54:00.0772 1532 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

16:54:00.0778 1532 Fax - ok

16:54:00.0816 1532 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

16:54:00.0816 1532 fdc - ok

16:54:00.0840 1532 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

16:54:00.0843 1532 fdPHost - ok

16:54:00.0853 1532 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

16:54:00.0856 1532 FDResPub - ok

16:54:00.0862 1532 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

16:54:00.0864 1532 FileInfo - ok

16:54:00.0870 1532 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

16:54:00.0872 1532 Filetrace - ok

16:54:00.0879 1532 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

16:54:00.0880 1532 flpydisk - ok

16:54:00.0891 1532 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

16:54:00.0895 1532 FltMgr - ok

16:54:00.0936 1532 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

16:54:00.0947 1532 FontCache - ok

16:54:00.0996 1532 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

16:54:00.0997 1532 FontCache3.0.0.0 - ok

16:54:01.0004 1532 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

16:54:01.0006 1532 FsDepends - ok

16:54:01.0028 1532 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

16:54:01.0029 1532 Fs_Rec - ok

16:54:01.0063 1532 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

16:54:01.0066 1532 fvevol - ok

16:54:01.0091 1532 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

16:54:01.0092 1532 gagp30kx - ok

16:54:01.0131 1532 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

16:54:01.0138 1532 gpsvc - ok

16:54:01.0158 1532 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

16:54:01.0159 1532 hcw85cir - ok

16:54:01.0182 1532 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

16:54:01.0185 1532 HdAudAddService - ok

16:54:01.0194 1532 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

16:54:01.0196 1532 HDAudBus - ok

16:54:01.0202 1532 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

16:54:01.0204 1532 HidBatt - ok

16:54:01.0213 1532 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys

16:54:01.0215 1532 HidBth - ok

16:54:01.0222 1532 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys

16:54:01.0223 1532 HidIr - ok

16:54:01.0240 1532 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

16:54:01.0243 1532 hidserv - ok

16:54:01.0269 1532 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys

16:54:01.0270 1532 HidUsb - ok

16:54:01.0287 1532 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

16:54:01.0291 1532 hkmsvc - ok

16:54:01.0301 1532 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

16:54:01.0306 1532 HomeGroupListener - ok

16:54:01.0330 1532 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

16:54:01.0335 1532 HomeGroupProvider - ok

16:54:01.0349 1532 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

16:54:01.0351 1532 HpSAMD - ok

16:54:01.0391 1532 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

16:54:01.0397 1532 HTTP - ok

16:54:01.0424 1532 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

16:54:01.0426 1532 hwpolicy - ok

16:54:01.0433 1532 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

16:54:01.0435 1532 i8042prt - ok

16:54:01.0456 1532 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

16:54:01.0460 1532 iaStorV - ok

16:54:01.0508 1532 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

16:54:01.0515 1532 idsvc - ok

16:54:01.0523 1532 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys

16:54:01.0524 1532 iirsp - ok

16:54:01.0580 1532 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

16:54:01.0589 1532 IKEEXT - ok

16:54:01.0621 1532 [ EFFF0AFD27CC97BF0E5E0BAB78419DE7 ] inspect C:\Windows\system32\DRIVERS\inspect.sys

16:54:01.0622 1532 inspect - ok

16:54:01.0638 1532 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

16:54:01.0639 1532 intelide - ok

16:54:01.0657 1532 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys

16:54:01.0658 1532 intelppm - ok

16:54:01.0665 1532 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

16:54:01.0669 1532 IPBusEnum - ok

16:54:01.0677 1532 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

16:54:01.0679 1532 IpFilterDriver - ok

16:54:01.0702 1532 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

16:54:01.0708 1532 iphlpsvc - ok

16:54:01.0716 1532 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

16:54:01.0717 1532 IPMIDRV - ok

16:54:01.0727 1532 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

16:54:01.0729 1532 IPNAT - ok

16:54:01.0745 1532 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

16:54:01.0746 1532 IRENUM - ok

16:54:01.0752 1532 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

16:54:01.0754 1532 isapnp - ok

16:54:01.0773 1532 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

16:54:01.0776 1532 iScsiPrt - ok

16:54:01.0789 1532 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

16:54:01.0792 1532 kbdclass - ok

16:54:01.0802 1532 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

16:54:01.0803 1532 kbdhid - ok

16:54:01.0817 1532 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

16:54:01.0820 1532 KeyIso - ok

16:54:01.0851 1532 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

16:54:01.0853 1532 KSecDD - ok

16:54:01.0866 1532 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

16:54:01.0868 1532 KSecPkg - ok

16:54:01.0876 1532 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

16:54:01.0877 1532 ksthunk - ok

16:54:01.0908 1532 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

16:54:01.0914 1532 KtmRm - ok

16:54:01.0950 1532 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

16:54:01.0957 1532 LanmanServer - ok

16:54:01.0978 1532 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

16:54:01.0984 1532 LanmanWorkstation - ok

16:54:02.0001 1532 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

16:54:02.0003 1532 lltdio - ok

16:54:02.0029 1532 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

16:54:02.0034 1532 lltdsvc - ok

16:54:02.0053 1532 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

16:54:02.0057 1532 lmhosts - ok

16:54:02.0074 1532 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

16:54:02.0076 1532 LSI_FC - ok

16:54:02.0093 1532 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

16:54:02.0094 1532 LSI_SAS - ok

16:54:02.0101 1532 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

16:54:02.0103 1532 LSI_SAS2 - ok

16:54:02.0111 1532 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

16:54:02.0113 1532 LSI_SCSI - ok

16:54:02.0130 1532 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

16:54:02.0132 1532 luafv - ok

16:54:02.0165 1532 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

16:54:02.0168 1532 Mcx2Svc - ok

16:54:02.0176 1532 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys

16:54:02.0178 1532 megasas - ok

16:54:02.0188 1532 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

16:54:02.0191 1532 MegaSR - ok

16:54:02.0207 1532 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

16:54:02.0211 1532 MMCSS - ok

16:54:02.0226 1532 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

16:54:02.0227 1532 Modem - ok

16:54:02.0243 1532 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

16:54:02.0244 1532 monitor - ok

16:54:02.0257 1532 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

16:54:02.0259 1532 mouclass - ok

16:54:02.0269 1532 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\drivers\mouhid.sys

16:54:02.0270 1532 mouhid - ok

16:54:02.0277 1532 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

16:54:02.0279 1532 mountmgr - ok

16:54:02.0320 1532 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

16:54:02.0322 1532 MozillaMaintenance - ok

16:54:02.0331 1532 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

16:54:02.0333 1532 mpio - ok

16:54:02.0341 1532 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

16:54:02.0343 1532 mpsdrv - ok

16:54:02.0367 1532 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

16:54:02.0376 1532 MpsSvc - ok

16:54:02.0385 1532 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

16:54:02.0387 1532 MRxDAV - ok

16:54:02.0412 1532 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

16:54:02.0415 1532 mrxsmb - ok

16:54:02.0431 1532 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

16:54:02.0435 1532 mrxsmb10 - ok

16:54:02.0452 1532 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

16:54:02.0454 1532 mrxsmb20 - ok

16:54:02.0461 1532 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

16:54:02.0462 1532 msahci - ok

16:54:02.0471 1532 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

16:54:02.0473 1532 msdsm - ok

16:54:02.0488 1532 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

16:54:02.0493 1532 MSDTC - ok

16:54:02.0511 1532 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

16:54:02.0512 1532 Msfs - ok

16:54:02.0527 1532 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

16:54:02.0528 1532 mshidkmdf - ok

16:54:02.0541 1532 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

16:54:02.0542 1532 msisadrv - ok

16:54:02.0583 1532 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

16:54:02.0587 1532 MSiSCSI - ok

16:54:02.0594 1532 msiserver - ok

16:54:02.0609 1532 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

16:54:02.0610 1532 MSKSSRV - ok

16:54:02.0628 1532 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

16:54:02.0630 1532 MSPCLOCK - ok

16:54:02.0657 1532 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

16:54:02.0659 1532 MSPQM - ok

16:54:02.0683 1532 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

16:54:02.0687 1532 MsRPC - ok

16:54:02.0697 1532 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

16:54:02.0699 1532 mssmbios - ok

16:54:02.0712 1532 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

16:54:02.0714 1532 MSTEE - ok

16:54:02.0735 1532 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

16:54:02.0736 1532 MTConfig - ok

16:54:02.0772 1532 [ 2219A3D695405E7BA2186BA6B9EDE14A ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys

16:54:02.0773 1532 MTsensor - ok

16:54:02.0796 1532 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

16:54:02.0797 1532 Mup - ok

16:54:02.0823 1532 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

16:54:02.0831 1532 napagent - ok

16:54:02.0860 1532 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

16:54:02.0864 1532 NativeWifiP - ok

16:54:02.0902 1532 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

16:54:02.0910 1532 NDIS - ok

16:54:02.0926 1532 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

16:54:02.0927 1532 NdisCap - ok

16:54:02.0945 1532 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

16:54:02.0946 1532 NdisTapi - ok

16:54:02.0955 1532 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

16:54:02.0957 1532 Ndisuio - ok

16:54:02.0966 1532 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

16:54:02.0969 1532 NdisWan - ok

16:54:02.0977 1532 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

16:54:02.0978 1532 NDProxy - ok

16:54:02.0984 1532 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

16:54:02.0985 1532 NetBIOS - ok

16:54:02.0996 1532 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

16:54:03.0000 1532 NetBT - ok

16:54:03.0009 1532 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

16:54:03.0012 1532 Netlogon - ok

16:54:03.0058 1532 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

16:54:03.0065 1532 Netman - ok

16:54:03.0084 1532 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

16:54:03.0091 1532 netprofm - ok

16:54:03.0117 1532 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

16:54:03.0119 1532 NetTcpPortSharing - ok

16:54:03.0142 1532 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

16:54:03.0144 1532 nfrd960 - ok

16:54:03.0154 1532 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

16:54:03.0160 1532 NlaSvc - ok

16:54:03.0167 1532 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

16:54:03.0169 1532 Npfs - ok

16:54:03.0185 1532 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

16:54:03.0189 1532 nsi - ok

16:54:03.0195 1532 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

16:54:03.0197 1532 nsiproxy - ok

16:54:03.0252 1532 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

16:54:03.0266 1532 Ntfs - ok

16:54:03.0280 1532 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

16:54:03.0281 1532 Null - ok

16:54:03.0307 1532 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

16:54:03.0309 1532 nvraid - ok

16:54:03.0328 1532 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

16:54:03.0330 1532 nvstor - ok

16:54:03.0358 1532 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

16:54:03.0358 1532 nv_agp - ok

16:54:03.0366 1532 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

16:54:03.0368 1532 ohci1394 - ok

16:54:03.0401 1532 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

16:54:03.0408 1532 p2pimsvc - ok

16:54:03.0439 1532 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

16:54:03.0445 1532 p2psvc - ok

16:54:03.0455 1532 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys

16:54:03.0457 1532 Parport - ok

16:54:03.0483 1532 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

16:54:03.0483 1532 partmgr - ok

16:54:03.0503 1532 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

16:54:03.0512 1532 PcaSvc - ok

16:54:03.0526 1532 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

16:54:03.0528 1532 pci - ok

16:54:03.0541 1532 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

16:54:03.0543 1532 pciide - ok

16:54:03.0565 1532 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

16:54:03.0567 1532 pcmcia - ok

16:54:03.0576 1532 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

16:54:03.0577 1532 pcw - ok

16:54:03.0594 1532 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

16:54:03.0600 1532 PEAUTH - ok

16:54:03.0657 1532 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

16:54:03.0660 1532 PerfHost - ok

16:54:03.0716 1532 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

16:54:03.0730 1532 pla - ok

16:54:03.0764 1532 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

16:54:03.0772 1532 PlugPlay - ok

16:54:03.0785 1532 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

16:54:03.0789 1532 PNRPAutoReg - ok

16:54:03.0810 1532 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

16:54:03.0816 1532 PNRPsvc - ok

16:54:03.0841 1532 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

16:54:03.0847 1532 PolicyAgent - ok

16:54:03.0865 1532 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

16:54:03.0871 1532 Power - ok

16:54:03.0917 1532 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

16:54:03.0919 1532 PptpMiniport - ok

16:54:03.0944 1532 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys

16:54:03.0946 1532 Processor - ok

16:54:03.0981 1532 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

16:54:03.0985 1532 ProfSvc - ok

16:54:04.0000 1532 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

16:54:04.0004 1532 ProtectedStorage - ok

16:54:04.0014 1532 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

16:54:04.0017 1532 Psched - ok

16:54:04.0050 1532 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

16:54:04.0065 1532 ql2300 - ok

16:54:04.0073 1532 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

16:54:04.0075 1532 ql40xx - ok

16:54:04.0117 1532 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

16:54:04.0123 1532 QWAVE - ok

16:54:04.0130 1532 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

16:54:04.0132 1532 QWAVEdrv - ok

16:54:04.0145 1532 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

16:54:04.0146 1532 RasAcd - ok

16:54:04.0174 1532 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

16:54:04.0175 1532 RasAgileVpn - ok

16:54:04.0185 1532 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

16:54:04.0190 1532 RasAuto - ok

16:54:04.0197 1532 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

16:54:04.0199 1532 Rasl2tp - ok

16:54:04.0240 1532 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

16:54:04.0247 1532 RasMan - ok

16:54:04.0258 1532 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

16:54:04.0260 1532 RasPppoe - ok

16:54:04.0267 1532 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

16:54:04.0269 1532 RasSstp - ok

16:54:04.0286 1532 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

16:54:04.0290 1532 rdbss - ok

16:54:04.0306 1532 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys

16:54:04.0307 1532 rdpbus - ok

16:54:04.0325 1532 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

16:54:04.0326 1532 RDPCDD - ok

16:54:04.0342 1532 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

16:54:04.0343 1532 RDPENCDD - ok

16:54:04.0353 1532 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

16:54:04.0354 1532 RDPREFMP - ok

16:54:04.0389 1532 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

16:54:04.0392 1532 RDPWD - ok

16:54:04.0401 1532 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

16:54:04.0404 1532 rdyboost - ok

16:54:04.0433 1532 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

16:54:04.0437 1532 RemoteAccess - ok

16:54:04.0465 1532 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

16:54:04.0471 1532 RemoteRegistry - ok

16:54:04.0508 1532 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

16:54:04.0513 1532 RpcEptMapper - ok

16:54:04.0542 1532 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

16:54:04.0545 1532 RpcLocator - ok

16:54:04.0564 1532 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

16:54:04.0572 1532 RpcSs - ok

16:54:04.0607 1532 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

16:54:04.0608 1532 rspndr - ok

16:54:04.0617 1532 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

16:54:04.0620 1532 SamSs - ok

16:54:04.0628 1532 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

16:54:04.0630 1532 sbp2port - ok

16:54:04.0656 1532 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

16:54:04.0662 1532 SCardSvr - ok

16:54:04.0674 1532 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

16:54:04.0676 1532 scfilter - ok

16:54:04.0703 1532 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

16:54:04.0716 1532 Schedule - ok

16:54:04.0741 1532 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

16:54:04.0743 1532 SCPolicySvc - ok

16:54:04.0754 1532 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

16:54:04.0761 1532 SDRSVC - ok

16:54:04.0774 1532 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

16:54:04.0776 1532 secdrv - ok

16:54:04.0791 1532 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

16:54:04.0796 1532 seclogon - ok

16:54:04.0805 1532 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

16:54:04.0810 1532 SENS - ok

16:54:04.0821 1532 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

16:54:04.0826 1532 SensrSvc - ok

16:54:04.0842 1532 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys

16:54:04.0844 1532 Serenum - ok

16:54:04.0866 1532 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys

16:54:04.0868 1532 Serial - ok

16:54:04.0876 1532 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys

16:54:04.0877 1532 sermouse - ok

16:54:04.0904 1532 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

16:54:04.0910 1532 SessionEnv - ok

16:54:04.0916 1532 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

16:54:04.0918 1532 sffdisk - ok

16:54:04.0953 1532 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

16:54:04.0954 1532 sffp_mmc - ok

16:54:04.0961 1532 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

16:54:04.0962 1532 sffp_sd - ok

16:54:04.0969 1532 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

16:54:04.0970 1532 sfloppy - ok

16:54:05.0004 1532 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

16:54:05.0010 1532 SharedAccess - ok

16:54:05.0030 1532 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

16:54:05.0038 1532 ShellHWDetection - ok

16:54:05.0050 1532 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

16:54:05.0052 1532 SiSRaid2 - ok

16:54:05.0060 1532 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

16:54:05.0062 1532 SiSRaid4 - ok

16:54:05.0094 1532 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

16:54:05.0096 1532 SkypeUpdate - ok

16:54:05.0124 1532 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

16:54:05.0126 1532 Smb - ok

16:54:05.0157 1532 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

16:54:05.0162 1532 SNMPTRAP - ok

16:54:05.0180 1532 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

16:54:05.0182 1532 spldr - ok

16:54:05.0215 1532 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

16:54:05.0224 1532 Spooler - ok

16:54:05.0289 1532 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

16:54:05.0318 1532 sppsvc - ok

16:54:05.0334 1532 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

16:54:05.0339 1532 sppuinotify - ok

16:54:05.0370 1532 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

16:54:05.0375 1532 srv - ok

16:54:05.0390 1532 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

16:54:05.0394 1532 srv2 - ok

16:54:05.0407 1532 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

16:54:05.0409 1532 srvnet - ok

16:54:05.0437 1532 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

16:54:05.0442 1532 SSDPSRV - ok

16:54:05.0456 1532 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

16:54:05.0461 1532 SstpSvc - ok

16:54:05.0481 1532 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys

16:54:05.0483 1532 stexstor - ok

16:54:05.0525 1532 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

16:54:05.0534 1532 stisvc - ok

16:54:05.0566 1532 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

16:54:05.0567 1532 swenum - ok

16:54:05.0591 1532 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

16:54:05.0599 1532 swprv - ok

16:54:05.0636 1532 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

16:54:05.0652 1532 SysMain - ok

16:54:05.0669 1532 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

16:54:05.0675 1532 TabletInputService - ok

16:54:05.0689 1532 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

16:54:05.0696 1532 TapiSrv - ok

16:54:05.0707 1532 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

16:54:05.0713 1532 TBS - ok

16:54:05.0770 1532 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys

16:54:05.0784 1532 Tcpip - ok

16:54:05.0827 1532 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

16:54:05.0842 1532 TCPIP6 - ok

16:54:05.0864 1532 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

16:54:05.0866 1532 tcpipreg - ok

16:54:05.0887 1532 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

16:54:05.0889 1532 TDPIPE - ok

16:54:05.0913 1532 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

16:54:05.0914 1532 TDTCP - ok

16:54:05.0930 1532 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

16:54:05.0932 1532 tdx - ok

16:54:05.0940 1532 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

16:54:05.0941 1532 TermDD - ok

16:54:05.0976 1532 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

16:54:05.0984 1532 TermService - ok

16:54:06.0001 1532 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

16:54:06.0006 1532 Themes - ok

16:54:06.0016 1532 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

16:54:06.0020 1532 THREADORDER - ok

16:54:06.0032 1532 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

16:54:06.0038 1532 TrkWks - ok

16:54:06.0092 1532 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

16:54:06.0094 1532 TrustedInstaller - ok

16:54:06.0108 1532 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

16:54:06.0109 1532 tssecsrv - ok

16:54:06.0141 1532 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

16:54:06.0143 1532 TsUsbFlt - ok

16:54:06.0157 1532 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

16:54:06.0159 1532 TsUsbGD - ok

16:54:06.0177 1532 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

16:54:06.0179 1532 tunnel - ok

16:54:06.0186 1532 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

16:54:06.0188 1532 uagp35 - ok

16:54:06.0199 1532 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

16:54:06.0203 1532 udfs - ok

16:54:06.0222 1532 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

16:54:06.0227 1532 UI0Detect - ok

16:54:06.0246 1532 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

16:54:06.0248 1532 uliagpkx - ok

16:54:06.0265 1532 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

16:54:06.0266 1532 umbus - ok

16:54:06.0284 1532 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys

16:54:06.0285 1532 UmPass - ok

16:54:06.0303 1532 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

16:54:06.0311 1532 upnphost - ok

16:54:06.0331 1532 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

16:54:06.0333 1532 usbccgp - ok

16:54:06.0342 1532 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

16:54:06.0344 1532 usbcir - ok

16:54:06.0357 1532 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

16:54:06.0358 1532 usbehci - ok

16:54:06.0374 1532 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

16:54:06.0378 1532 usbhub - ok

16:54:06.0392 1532 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

16:54:06.0394 1532 usbohci - ok

16:54:06.0407 1532 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

16:54:06.0409 1532 usbprint - ok

16:54:06.0431 1532 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

16:54:06.0432 1532 usbscan - ok

16:54:06.0446 1532 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

16:54:06.0448 1532 USBSTOR - ok

16:54:06.0464 1532 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

16:54:06.0465 1532 usbuhci - ok

16:54:06.0492 1532 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

16:54:06.0497 1532 UxSms - ok

16:54:06.0509 1532 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

16:54:06.0512 1532 VaultSvc - ok

16:54:06.0524 1532 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

16:54:06.0525 1532 vdrvroot - ok

16:54:06.0552 1532 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

16:54:06.0561 1532 vds - ok

16:54:06.0573 1532 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

16:54:06.0574 1532 vga - ok

16:54:06.0580 1532 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

16:54:06.0582 1532 VgaSave - ok

16:54:06.0593 1532 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

16:54:06.0596 1532 vhdmp - ok

16:54:06.0602 1532 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

16:54:06.0604 1532 viaide - ok

16:54:06.0627 1532 [ FB2643A01A538C2E4625CDE64E51680F ] videX64 C:\Windows\system32\DRIVERS\videX64.sys

16:54:06.0629 1532 videX64 - ok

16:54:06.0640 1532 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

16:54:06.0642 1532 volmgr - ok

16:54:06.0655 1532 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

16:54:06.0659 1532 volmgrx - ok

16:54:06.0671 1532 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

16:54:06.0675 1532 volsnap - ok

16:54:06.0693 1532 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

16:54:06.0696 1532 vsmraid - ok

16:54:06.0736 1532 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

16:54:06.0753 1532 VSS - ok

16:54:06.0760 1532 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

16:54:06.0763 1532 vwifibus - ok

16:54:06.0774 1532 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

16:54:06.0782 1532 W32Time - ok

16:54:06.0801 1532 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys

16:54:06.0803 1532 WacomPen - ok

16:54:06.0812 1532 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

16:54:06.0814 1532 WANARP - ok

16:54:06.0829 1532 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

16:54:06.0831 1532 Wanarpv6 - ok

16:54:06.0874 1532 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

16:54:06.0884 1532 WatAdminSvc - ok

16:54:06.0921 1532 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

16:54:06.0937 1532 wbengine - ok

16:54:06.0946 1532 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

16:54:06.0953 1532 WbioSrvc - ok

16:54:06.0966 1532 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

16:54:06.0974 1532 wcncsvc - ok

16:54:06.0987 1532 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

16:54:06.0993 1532 WcsPlugInService - ok

16:54:07.0013 1532 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys

16:54:07.0015 1532 Wd - ok

16:54:07.0031 1532 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

16:54:07.0037 1532 Wdf01000 - ok

16:54:07.0045 1532 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

16:54:07.0051 1532 WdiServiceHost - ok

16:54:07.0062 1532 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

16:54:07.0066 1532 WdiSystemHost - ok

16:54:07.0087 1532 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

16:54:07.0094 1532 WebClient - ok

16:54:07.0104 1532 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

16:54:07.0110 1532 Wecsvc - ok

16:54:07.0126 1532 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

16:54:07.0132 1532 wercplsupport - ok

16:54:07.0149 1532 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

16:54:07.0155 1532 WerSvc - ok

16:54:07.0165 1532 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

16:54:07.0167 1532 WfpLwf - ok

16:54:07.0183 1532 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

16:54:07.0185 1532 WIMMount - ok

16:54:07.0198 1532 WinDefend - ok

16:54:07.0206 1532 WinHttpAutoProxySvc - ok

16:54:07.0255 1532 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

16:54:07.0259 1532 Winmgmt - ok

16:54:07.0314 1532 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

16:54:07.0332 1532 WinRM - ok

16:54:07.0381 1532 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

16:54:07.0393 1532 Wlansvc - ok

16:54:07.0509 1532 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

16:54:07.0527 1532 wlidsvc - ok

16:54:07.0558 1532 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

16:54:07.0560 1532 WmiAcpi - ok

16:54:07.0594 1532 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

16:54:07.0597 1532 wmiApSrv - ok

16:54:07.0621 1532 WMPNetworkSvc - ok

16:54:07.0647 1532 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

16:54:07.0651 1532 WPCSvc - ok

16:54:07.0667 1532 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

16:54:07.0673 1532 WPDBusEnum - ok

16:54:07.0686 1532 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

16:54:07.0687 1532 ws2ifsl - ok

16:54:07.0704 1532 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll

16:54:07.0711 1532 wscsvc - ok

16:54:07.0716 1532 WSearch - ok

16:54:07.0779 1532 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

16:54:07.0802 1532 wuauserv - ok

16:54:07.0811 1532 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

16:54:07.0813 1532 WudfPf - ok

16:54:07.0833 1532 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

16:54:07.0836 1532 WUDFRd - ok

16:54:07.0849 1532 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

16:54:07.0856 1532 wudfsvc - ok

16:54:07.0879 1532 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

16:54:07.0886 1532 WwanSvc - ok

16:54:07.0928 1532 [ FE48AE43D06C1CF6EC1244FA3562D203 ] xfiltx64 C:\Windows\system32\DRIVERS\xfiltx64.sys

16:54:07.0930 1532 xfiltx64 - ok

16:54:07.0950 1532 ================ Scan global ===============================

16:54:07.0976 1532 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

16:54:08.0002 1532 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

16:54:08.0020 1532 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

16:54:08.0051 1532 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

16:54:08.0087 1532 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

16:54:08.0094 1532 [Global] - ok

16:54:08.0095 1532 ================ Scan MBR ==================================

16:54:08.0105 1532 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

16:54:08.0286 1532 \Device\Harddisk0\DR0 - ok

16:54:08.0287 1532 ================ Scan VBR ==================================

16:54:08.0291 1532 [ 3E141289925F3D299E7341CA13B2EA9B ] \Device\Harddisk0\DR0\Partition1

16:54:08.0293 1532 \Device\Harddisk0\DR0\Partition1 - ok

16:54:08.0307 1532 [ 431B0B4F09BB2DE7B63B2BB376EA3F68 ] \Device\Harddisk0\DR0\Partition2

16:54:08.0309 1532 \Device\Harddisk0\DR0\Partition2 - ok

16:54:08.0326 1532 [ D5E3BD367A61C9C73C9B49F3C5FC6139 ] \Device\Harddisk0\DR0\Partition3

16:54:08.0328 1532 \Device\Harddisk0\DR0\Partition3 - ok

16:54:08.0328 1532 ============================================================

16:54:08.0328 1532 Scan finished

16:54:08.0328 1532 ============================================================

16:54:08.0343 1676 Detected object count: 0

16:54:08.0343 1676 Actual detected object count: 0

 

Jednak fałszywy alarm ?

 

Przeskanowałem GMER-em i też nic

[filutka78 11]

Myślałam, że TDSSKiller sprawdzi ten plik, ale wcale go nie znalazł, więc i nie sprawdził.

W takim razie musimy zaufać Avastowi, i pozwolić na usunięcie tego (choć wg mnie to może być prawidłowy plik).

 

F.

[Zdziwiony 0]

heh. jakos boję się zaufać avasto-wi bo nie chcę mieć przymusowej reinstalki systemu Może jeszcze ktoś coś o tym powie ?

 

Dodaje jeszcze logi z malwarebytsa

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org

 

Wersja bazy: v2012.10.01.05

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Łukasz :: ŁUKASZ-KOMPUTER [administrator]

 

2012-10-01 17:04:29

mbam-log-2012-10-01 (17-04-29).txt

 

Typ skanowania: Szybkie skanowanie

Zaznaczone opcje skanowania: Pamięć | Rozruch | Rejestr | System plików | Heurystyka/Dodatkowe | Heuristyka/Shuriken | PUP | PUM

Odznaczone opcje skanowania: P2P

Przeskanowano obiektów: 196252

Upłynęło: 2 minut(y), 40 sekund(y)

 

Wykrytych procesów w pamięci: 0

(Nie znaleziono zagrożeń)

 

Wykrytych modułów w pamięci: 0

(Nie znaleziono zagrożeń)

 

Wykrytych kluczy rejestru: 0

(Nie znaleziono zagrożeń)

 

Wykrytych wartości rejestru: 0

(Nie znaleziono zagrożeń)

 

Wykryte wpisy rejestru systemowego: 0

(Nie znaleziono zagrożeń)

 

wykrytych folderów: 0

(Nie znaleziono zagrożeń)

 

Wykrytych plików: 0

(Nie znaleziono zagrożeń)

 

(zakończone)

 

A i zeskanowałem jeszcze Comodo cleaning essentials też nic...

[Zdziwiony 0]

Ponoć ten rootkit to plik: SWDUMon.sys

Odkryłem ukryte pliki w opcjach folderów wszedłem w ten folder gdzie ten plik powinien być i było tego sporo z rozszerzeniem .sys ale tego pliku nie...

 

hmm... emsisoft emergency kit też nic a nic nie widzi heh..

 

Już nie wiem usuwać czy nie...

 

Wczorajsze wieczorne logi z OTL-a. Po ich zrobieniu wyłączyłem kompa. A dziś ten rootkit...

OTL logfile created on: 2012-09-30 18:25:23 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Łukasz\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

 

3,00 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 54,89% Memory free

6,00 Gb Paging File | 4,40 Gb Available in Paging File | 73,44% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 97,56 Gb Total Space | 76,52 Gb Free Space | 78,44% Space Free | Partition Type: NTFS

Drive D: | 368,10 Gb Total Space | 344,43 Gb Free Space | 93,57% Space Free | Partition Type: NTFS

 

Computer Name: ŁUKASZ-KOMPUTER | User Name: Łukasz | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2012-09-30 18:20:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Łukasz\Downloads\OTL.exe

PRC - [2012-09-07 17:26:19 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2012-08-21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2012-08-21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2012-07-27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2010-02-09 16:43:16 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe

PRC - [2010-01-25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2012-09-07 17:26:18 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2009-02-27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - [2012-08-21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2012-08-06 12:24:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)

SRV:64bit: - [2012-07-28 04:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2012-03-11 21:13:24 | 002,815,496 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)

SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012-09-21 13:00:07 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012-09-07 17:26:18 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012-07-27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012-07-13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010-01-25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)

SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012-09-01 22:08:27 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)

DRV:64bit: - [2012-08-21 11:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2012-08-21 11:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)

DRV:64bit: - [2012-08-21 11:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)

DRV:64bit: - [2012-08-21 11:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2012-08-21 11:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)

DRV:64bit: - [2012-08-21 11:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2012-07-28 06:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2012-07-28 03:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2012-05-14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010-11-21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010-11-21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010-02-18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)

DRV:64bit: - [2009-10-13 02:15:52 | 000,061,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\l160x64.sys -- (AtcL001)

DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2000-01-01 02:00:00 | 001,155,072 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudax3.sys -- (cmuda3)

DRV:64bit: - [2000-01-01 02:00:00 | 000,026,776 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\xfiltx64.sys -- (xfiltx64)

DRV:64bit: - [2000-01-01 02:00:00 | 000,015,000 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\videX64.sys -- (videX64)

DRV - [2012-09-27 14:55:42 | 000,023,208 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- D:\Emsisoft\Run\a2ddax64.sys -- (A2DDA)

DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

 

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.15

FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10

FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120910

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-09-07 17:26:19 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-09-07 17:26:19 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

 

[2012-08-26 19:11:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Łukasz\AppData\Roaming\mozilla\Extensions

[2012-09-20 18:17:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Łukasz\AppData\Roaming\mozilla\Firefox\Profiles\o20romgw.default\extensions

[2012-09-20 18:17:41 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Łukasz\AppData\Roaming\mozilla\Firefox\Profiles\o20romgw.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2012-09-16 16:31:07 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Łukasz\AppData\Roaming\mozilla\Firefox\Profiles\o20romgw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2012-08-26 19:55:15 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Łukasz\AppData\Roaming\mozilla\firefox\profiles\o20romgw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2012-09-14 14:19:08 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Łukasz\AppData\Roaming\mozilla\firefox\profiles\o20romgw.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi

[2012-09-07 17:26:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

File not found (No name found) -- C:\USERS\ĹUKASZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O20ROMGW.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}

File not found (No name found) -- C:\USERS\ĹUKASZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O20ROMGW.DEFAULT\EXTENSIONS\{B9DB16A4-6EDC-47EC-A1F4-B86292ED211D}

File not found (No name found) -- C:\USERS\ĹUKASZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O20ROMGW.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI

[2012-09-07 17:26:19 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012-07-14 03:22:43 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml

[2012-07-14 03:22:43 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml

[2012-07-14 03:22:43 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml

[2012-07-14 03:22:43 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml

[2012-07-14 03:22:43 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml

[2012-07-14 03:22:43 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml

 

O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O4:64bit: - HKLM..\Run: [CmPCIaudio] C:\Windows\Syswow64\CMICNFG3.dll (C-Media Corporation)

O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81D10CC4-3B37-4A49-9459-DBA1FBA8BF1E}: NameServer = 217.30.137.200 217.30.129.149

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)

O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012-09-30 17:46:02 | 000,000,000 | ---D | C] -- C:\Users\Łukasz\Desktop\Angielski

[2012-09-30 17:45:36 | 000,000,000 | ---D | C] -- C:\Users\Łukasz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\English Line Steps MegaPack

[2012-09-30 17:45:19 | 000,000,000 | ---D | C] -- C:\Windows\English Line Steps MegaPack

[2012-09-27 21:29:59 | 000,000,000 | ---D | C] -- C:\Users\Łukasz\AppData\Roaming\Process Hacker 2

[2012-09-27 21:20:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2

[2012-09-27 21:20:58 | 000,000,000 | ---D | C] -- C:\Program Files\Process Hacker 2

[2012-09-25 16:55:23 | 000,000,000 | ---D | C] -- C:\Users\Łukasz\AppData\Local\STARGAZE_IMAGE_CACHE

[2012-09-25 16:23:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO

[2012-09-25 16:23:09 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO

[2012-09-25 16:21:28 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA

[2012-09-25 16:20:13 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO

[2012-09-25 16:20:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo

[2012-09-24 20:15:12 | 000,000,000 | ---D | C] -- C:\Users\Łukasz\AppData\Local\BiniSoft.org

[2012-09-23 19:57:09 | 000,000,000 | ---D | C] -- C:\Users\Łukasz\AppData\Roaming\Malwarebytes

[2012-09-23 19:57:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012-09-23 19:57:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012-09-23 19:56:59 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012-09-23 19:56:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012-09-21 15:03:34 | 000,000,000 | -H-D | C] -- C:\Users\Łukasz\Documents\Freemake_do_not_remove_this_folder634838366145517578

[2012-09-21 14:57:18 | 000,000,000 | -H-D | C] -- C:\Users\Łukasz\Documents\Freemake_do_not_remove_this_folder634838362380517578

[2012-09-20 16:36:14 | 001,155,072 | ---- | C] (C-Media Inc) -- C:\Windows\SysNative\drivers\cmudax3.sys

[2012-09-20 16:27:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIA

[2012-09-20 16:25:42 | 000,000,000 | ---D | C] -- C:\Users\Łukasz\AppData\Local\SlimWare Utilities Inc

[2012-09-20 16:24:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers

[2012-09-20 16:24:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlimDrivers

[2012-09-16 17:39:35 | 000,000,000 | -H-D | C] -- C:\Users\Łukasz\Documents\Freemake_do_not_remove_this_folder634834139753431953

[2012-09-15 21:11:12 | 000,000,000 | -H-D | C] -- C:\Users\Łukasz\Documents\Freemake_do_not_remove_this_folder634833402729716796

[2012-09-14 20:55:31 | 000,000,000 | -H-D | C] -- C:\Users\Łukasz\Documents\Freemake_do_not_remove_this_folder

[2012-09-14 20:55:12 | 000,000,000 | ---D | C] -- C:\Users\Łukasz\Documents\Freemake

[2012-09-14 20:55:11 | 000,000,000 | ---D | C] -- C:\Users\Łukasz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake

[2012-09-14 20:55:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake

[2012-09-14 20:55:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake

[2012-09-14 16:11:36 | 000,000,000 | ---D | C] -- C:\Windows\pl

[2012-09-14 16:11:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

[2012-09-14 16:10:27 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2012-09-14 16:10:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live

[2012-09-14 16:07:43 | 000,000,000 | ---D | C] -- C:\Users\Łukasz\AppData\Local\Windows Live

[2012-09-14 16:07:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live

[2012-09-08 13:10:06 | 000,000,000 | ---D | C] -- C:\Users\Łukasz\dwhelper

[2012-09-08 12:39:05 | 000,000,000 | ---D | C] -- C:\Users\Łukasz\Documents\FFOutput

[2012-09-08 12:34:25 | 000,000,000 | ---D | C] -- C:\Users\Łukasz\AppData\Roaming\vlc

[2012-09-08 12:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2012-09-08 12:33:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN

[2012-09-07 17:26:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2012-09-01 22:10:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS

[2012-09-01 22:09:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS

[2012-09-01 22:09:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield

[2012-09-01 20:08:33 | 000,000,000 | R--D | C] -- C:\Users\Łukasz\Documents\Scanned Documents

[2012-09-01 20:08:33 | 000,000,000 | ---D | C] -- C:\Users\Łukasz\Documents\Fax

[2012-09-01 20:05:51 | 000,000,000 | R--D | C] -- C:\Users\Łukasz\AppData\Roaming\Brother

 

========== Files - Modified Within 30 Days ==========

 

[2012-09-30 17:47:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012-09-30 17:38:00 | 000,031,251 | ---- | M] () -- C:\Users\Łukasz\Desktop\Prasówka.odt

[2012-09-30 16:43:46 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012-09-30 16:43:46 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012-09-30 16:39:58 | 001,549,696 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012-09-30 16:39:58 | 000,697,674 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat

[2012-09-30 16:39:58 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012-09-30 16:39:58 | 000,134,784 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat

[2012-09-30 16:39:58 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012-09-30 16:35:28 | 000,438,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012-09-30 16:35:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012-09-30 16:35:12 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys

[2012-09-27 22:18:07 | 000,002,107 | ---- | M] () -- C:\Users\Łukasz\Desktop\Process Hacker 2.lnk

[2012-09-27 19:17:03 | 000,000,830 | ---- | M] () -- C:\Users\Łukasz\Desktop\Emsisoft.lnk

[2012-09-27 17:04:10 | 000,001,011 | ---- | M] () -- C:\Users\Łukasz\Desktop\CCleaner.lnk

[2012-09-25 16:23:25 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk

[2012-09-23 19:57:01 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012-09-21 13:32:18 | 000,000,839 | ---- | M] () -- C:\Users\Łukasz\Desktop\Speccy.lnk

[2012-09-20 16:36:42 | 000,000,771 | ---- | M] () -- C:\Windows\Cmicnfg3.ini.imi

[2012-09-20 16:36:42 | 000,000,376 | ---- | M] () -- C:\Windows\Cmicnfg3.ini.cfl

[2012-09-20 16:36:42 | 000,000,138 | ---- | M] () -- C:\Windows\System\Dlap.pfx

[2012-09-20 16:36:16 | 000,000,710 | ---- | M] () -- C:\Windows\System\Cmicnfg3.ini

[2012-09-20 16:24:58 | 000,002,467 | ---- | M] () -- C:\Users\Public\Desktop\SlimDrivers.lnk

[2012-09-14 20:55:11 | 000,000,779 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk

[2012-09-13 19:00:03 | 000,002,133 | ---- | M] () -- C:\Users\Łukasz\Desktop\ControlCenter3.lnk

[2012-09-07 19:22:45 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2012-09-07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012-09-01 22:09:22 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini

[2012-09-01 22:08:27 | 000,024,576 | ---- | M] () -- C:\Windows\SysWow64\AsIO.dll

[2012-09-01 22:08:27 | 000,015,416 | ---- | M] () -- C:\Windows\SysNative\drivers\ASACPI.sys

[2012-09-01 22:08:27 | 000,013,368 | ---- | M] () -- C:\Windows\SysWow64\drivers\AsIO.sys

[2012-09-01 19:48:24 | 000,000,017 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\resmon.resmoncfg

 

========== Files Created - No Company Name ==========

 

[2012-09-30 17:37:58 | 000,031,251 | ---- | C] () -- C:\Users\Łukasz\Desktop\Prasówka.odt

[2012-09-27 21:20:59 | 000,002,107 | ---- | C] () -- C:\Users\Łukasz\Desktop\Process Hacker 2.lnk

[2012-09-27 19:17:03 | 000,000,830 | ---- | C] () -- C:\Users\Łukasz\Desktop\Emsisoft.lnk

[2012-09-27 17:04:10 | 000,001,011 | ---- | C] () -- C:\Users\Łukasz\Desktop\CCleaner.lnk

[2012-09-25 16:23:25 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk

[2012-09-23 19:57:01 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012-09-21 13:32:18 | 000,000,839 | ---- | C] () -- C:\Users\Łukasz\Desktop\Speccy.lnk

[2012-09-21 13:00:07 | 000,000,930 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012-09-20 16:24:58 | 000,002,467 | ---- | C] () -- C:\Users\Public\Desktop\SlimDrivers.lnk

[2012-09-14 20:55:11 | 000,000,779 | ---- | C] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk

[2012-09-14 16:11:27 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk

[2012-09-14 16:11:20 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk

[2012-09-13 19:00:03 | 000,002,133 | ---- | C] () -- C:\Users\Łukasz\Desktop\ControlCenter3.lnk

[2012-09-01 22:10:23 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll

[2012-09-01 22:10:23 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys

[2012-09-01 22:09:49 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys

[2012-09-01 22:09:49 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys

[2012-09-01 22:09:22 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

[2012-09-01 19:48:24 | 000,000,017 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\resmon.resmoncfg

[2012-08-31 17:53:12 | 000,000,404 | ---- | C] () -- C:\Windows\BRWMARK.INI

[2012-08-26 19:32:21 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP6.dll

[2012-08-26 19:32:13 | 000,000,376 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfl

[2012-08-26 19:31:41 | 000,002,123 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfg

[2012-08-26 19:31:41 | 000,000,771 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi

[2012-08-26 19:30:20 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2012-07-28 03:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2012-07-28 03:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2011-09-13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

 

========== ZeroAccess Check ==========

 

[2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

========== LOP Check ==========

 

 

[2012-08-27 10:01:53 | 000,000,000 | ---D | M] -- C:\Users\Łukasz\AppData\Roaming\Gadu-Gadu 10

[2012-08-27 15:30:26 | 000,000,000 | ---D | M] -- C:\Users\Łukasz\AppData\Roaming\Need for Speed World

[2012-08-27 11:39:43 | 000,000,000 | ---D | M] -- C:\Users\Łukasz\AppData\Roaming\OpenFM

[2012-08-27 09:37:27 | 000,000,000 | ---D | M] -- C:\Users\Łukasz\AppData\Roaming\OpenOffice.ux.pl

[2012-09-27 21:29:59 | 000,000,000 | ---D | M] -- C:\Users\Łukasz\AppData\Roaming\Process Hacker 2

 

========== Purity Check ==========

 

 

 

< End of report >

 

 

 

BARDZO PROSZĘ O POMOC czy usuwać czy nie

[vhp 222]

Odkryłem ukryte pliki w opcjach folderów wszedłem w ten folder gdzie ten plik powinien być i było tego sporo z rozszerzeniem .sys ale tego pliku nie...

A systemowe odkryłeś?

 

Już nie wiem usuwać czy nie...

Wyluzuj. Na razie nie usuwaj. To prawdodpobnie fałszywy alarm.

[Zdziwiony 0]

A systemowe odkryłeś?

 

 

 

Tak systemowe też odkryłem i piku nie widać w tym folderze ani w ogóle, chciałem go wysłać na virus total a tak nie mam jak.

 

A i jak na razie minęła już godzina a ze strony avasta aktualizacji sygnatur brak...

[Mich486 0]

Moim zdaniem nie ma czym się martwić.

Przecież to Avast...

[Zdziwiony 0]

A ten plik ?

 

hmm... zamknąlem ten komunikat i zrobiłem skan po rootkicie ani śladu...

WTF?!

 

o co temu avastowi chodzi ?

 

No cóż przeskanuje system przy uruchomieniu i zobaczymy hmm...

 

dziwne...

[Zdziwiony 0]

heh... ten avast zrobiłem pełny skan przy uruchomieniu i nic już nie znalazł dziwne...

Fałszywy alarm ?!

[Zdziwiony 0]

heh... Dziwne przed chwilą uruchomiłem jeszcze Kaspersky Rescue Disk i przeskanowałem kompa z tego mini systemu i nic. Avast też już nic nie znalazł. Co to w takim razie miało być ten plik, nie usunąłem go a tera Avast nie chce go znaleźć (na tych samych sygnaturach) ?! Co o tym myślicie ?

 

Co to był za plik, którego tera nie można znaleźć?

 

SWDUMon.sys

 

Proszę jeszcze o sprawdzenie powyższych logów.

[Zdziwiony 0]

Temat CHYBA do zamknięcia, bo znalazłem coś TAKIEGO a instalowałem SlimDrivers więc to CHYBA będzie to. Jak myślicie ?

[Gość]

Plik jako taki na pewno jest czysty: http://f.virscan.org/SWDUMon.sys.html

Na wszelki wypadek możesz jeszcze zrobić skanowanie na rootkity: http://www.bezpieczenstwosystemow.pl/index.php?topic=20.0

[Zdziwiony 0]

yea znalazłem ten plik avast już też uważa że jest czysty Fałszywy alarm. Temat do zamknięcia