Condividi:        

problema barra di windows

Hai problemi con i file Zip, vuoi formattare l'HD, non sai come funziona FireFox? O magari ti serve proprio quel programmino di cui non ricordi il nome! Ecco il forum dove poter risolvere i tuoi problemi.

Moderatori: Dylan666, hydra, gahan

problema barra di windows

Postdi rizzinicola » 08/03/12 11:28

il problema è questo spero che mi possiate aiutare:
accendo il netbook con windws 7 starter e non mi compare il menu di avvio, ma il problema è che c'è ma non si vede, sta sotto sotto dove finisce lo schermo e per andare a START devo scendere sotto col mouse e quando finisce lo schermo vado circa 2 cm ancora giù (senza vedere), clicco e si apre il menu ma comunque non vedo la fascia di sotto dove appunto c'è il tasto start, la barra, l'orologio, ecc.
Per favore aiutatemi, sto impazzendo! grazie
rizzinicola
Utente Junior
 
Post: 11
Iscritto il: 08/03/12 11:13

Sponsor
 

Re: problema barra di windows

Postdi rizzinicola » 08/03/12 11:31

ho già fatto il ripristino del sistema,ho modificato anche la risoluzione e premetto che non ho fatto operazioni nei giorni scorsi che avrebbero potuto eliminare qualche file di sistema o provocare tali errori.
grazie
rizzinicola
Utente Junior
 
Post: 11
Iscritto il: 08/03/12 11:13

Re: problema barra di windows

Postdi FrancescoFDAC » 08/03/12 13:45

Se riesci ad accedere in modalità provvisoria:
Scarica ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
● posiziona il file scaricato sul Desktop
disattiva l'Antivirus in uso, dall'icona presente sulla Traybar (accanto all'orologio di Windows)
disattiva il Firewall eventualmente installato, dall'icona presente sulla Traybar (accanto all'orologio di Windows)

Eseguiti i passaggi indicati sopra:
● lancia ComboFix con un doppio click
● segui le istruzioni che verranno rilasciate per eseguire la scansione
● in caso tu abbia Windows XP, verrà richiesta l'installazione della Console di ripristino di emergenza: non la installare
senza eseguire nessuna altra operazione, lascia che il tool completi il suo lavoro

Note - durante la scansione:
● potrebbero comparire alcuni file sul Desktop, e poi eliminati
● spariranno, per un attimo, tutte le icone presenti sul Desktop: nulla di cui preoccuparsi
● potrebbe venire rilasciato un messaggio in relazione all'Antivirus in uso: prosegui ignorando il messaggio
● il firewall potrebbe rilasciare un avviso circa la rimozione di alcuni driver: consenti
● potrebbe apparire sul Desktop l'icona di Internet Explorer

Quando ComboFix avrà concluso l'operazione di scansione:
● il sistema verrà riavviato automaticamente: in caso contrario, riavvialo te
● vai in Disco Locale C:, cerca il file di testo dal nome ComboFix.txt ed allegalo

Nota - riguardo al programma:
● per eseguire correttamente ComboFix su Windows Vista e Windows Seven, clicca con il tasto destro del mouse sull'icona del programma e, dal menù contestuale, scegli la voce Esegui come Amministratore
sUBs, la software house che distribuisce ComboFix, non è responsabile di qualsiasi danno causato da te dopo l'utilizzo del software stesso.
Lo stesso vale per me; questo tool non è un giocattolo e non è destinato all'utilizzo quotidiano. Esso non dovrebbe essere utilizzato a meno che non venga espressamente richiesto da un esperto
ComboFix disabilita l'esecuzione automatica delle unità USB (Chiavette, Hard Disk Esterni, Lettori MP3...) per prevenire future minacce: quando inserisci una Pendrive, sarai costretto ad avviarla dalle Risorse del computer. Una precauzione in più, una possibile minaccia in meno

Quindi:
Scarica Unhide: http://download.bleepingcomputer.com/grinler/unhide.exe
● posiziona il file scaricato sul Desktop
● esegui il programma con un doppio click
● attendi pazientemente il termine della scansione
● clicca sul pulsante OK
riavvia il sistema
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: problema barra di windows

Postdi rizzinicola » 08/03/12 15:47

ho fatto le operazioni che mi hai consigliato ma ancora niente, come posso fare?
rizzinicola
Utente Junior
 
Post: 11
Iscritto il: 08/03/12 11:13

Re: problema barra di windows

Postdi FrancescoFDAC » 08/03/12 18:42

Se avessi fatto le operazioni che ti ho detto di fare, a quest'ora avresti già allegato il log.

Attendo il log.
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: problema barra di windows

Postdi rizzinicola » 09/03/12 11:22

questo è il file combo, grazie mille:


ComboFix 12-03-08.02 - Nicola 08/03/2012 14:59:45.1.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.39.1040.18.1013.348 [GMT 1:00]
Eseguito da: c:\users\Nicola\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2012-02-08 al 2012-03-08 )))))))))))))))))))))))))))))))))))
.
.
2012-03-08 14:14 . 2012-03-08 14:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-08 08:52 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-03-08 08:52 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-03-08 08:52 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-03-08 08:52 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-12 20:18 . 2011-12-12 07:51 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-07-27 21:41 1493160 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-07-27 1493160]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-07-27 1493160]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-12 8546848]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-04-08 908368]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]
"Acer ePower Management"="c:\program files\eMachines\eMachines Power Management\ePowerTray.exe" [2010-02-05 715296]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-07-27 397992]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
"EPSON Stylus D68 Series"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE" [2005-01-25 98304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-12-26 22:36 136176 ----atw- c:\users\Nicola\AppData\Local\Google\Update\GoogleUpdate.exe
.
R2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-09-23 463824]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2010-03-02 82384]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-05-18 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011-05-18 8576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-15 36000]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-05-07 218688]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2010-04-08 312400]
S2 ePowerSvc;Acer ePower Service;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe [2010-02-05 735776]
S2 KMService;KMService;c:\windows\system32\srvany.exe [2011-05-07 8192]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2010-01-28 243232]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-03-04 67624]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2498602541-601839000-361440516-1000Core.job
- c:\users\Nicola\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-26 22:36]
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2498602541-601839000-361440516-1000UA.job
- c:\users\Nicola\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-26 22:36]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
mStart Page = hxxp://homepage.emachines.com/rdr.aspx? ... 5r46k2r641
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\program files\PokerStars.IT\PokerStarsUpdate.exe
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
TCP: Interfaces\{B095368B-5204-4B19-8906-587285F94FA6}: DhcpNameServer = 151.99.125.2 151.99.125.3
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
BHO-{D53B8DD0-C993-1DA5-C3BC-9D7665EBD278} - (no file)
Toolbar-Locked - (no file)
HKLM-Run-evhlzqxwntx - c:\windows\system32\oohfrsqyqehhmww.dll
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-2498602541-601839000-361440516-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-2498602541-601839000-361440516-1000)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.eml.14"
.
[HKEY_USERS\S-1-5-21-2498602541-601839000-361440516-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (S-1-5-21-2498602541-601839000-361440516-1000)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.vcf.14"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2012-03-08 15:19:46
ComboFix-quarantined-files.txt 2012-03-08 14:19
.
Pre-Run: 99.551.113.216 byte disponibili
Post-Run: 99.537.047.552 byte disponibili
.
- - End Of File - - 5EC4C1FC83A9D63CBFB3DDB6E49D7087
rizzinicola
Utente Junior
 
Post: 11
Iscritto il: 08/03/12 11:13

Re: problema barra di windows

Postdi Alex8080 » 09/03/12 12:15

esatto ;)
Alex8080
Newbie
 
Post: 5
Iscritto il: 09/03/12 12:08

Re: problema barra di windows

Postdi rizzinicola » 09/03/12 12:36

e quindi? cosa dovrei fare ora? vi prego aiutatemi
rizzinicola
Utente Junior
 
Post: 11
Iscritto il: 08/03/12 11:13

Re: problema barra di windows

Postdi FrancescoFDAC » 09/03/12 13:50

Ciao, disinstalla Ask.com (toolbar + Updater)

Il problema permane?
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: problema barra di windows

Postdi rizzinicola » 09/03/12 15:13

nei programmi non ce l'ho
come lo disinstallo?
rizzinicola
Utente Junior
 
Post: 11
Iscritto il: 08/03/12 11:13

Re: problema barra di windows

Postdi rizzinicola » 09/03/12 16:07

per favore aiutatemi sono disperato
rizzinicola
Utente Junior
 
Post: 11
Iscritto il: 08/03/12 11:13

Re: problema barra di windows

Postdi FrancescoFDAC » 09/03/12 16:48

Riesci ad accedere solo in provvisoria, vero?

Scarica Kaspersky TDSS Killer: http://support.kaspersky.com/downloads/ ... killer.exe
● posiziona il file scaricato sul Desktop
● clicca due volte sul file TDSSKiller.exe per avviare l'applicazione
● successivamente premi il pulsante Start scan

Nota - riguardo al programma:
● non cliccare sul pulsante Stop scan per nessun motivo, la scansione si interromperebbe

Giunti a questo punto, inizia la scansione del sistema alla ricerca di software malevolo:
● se viene trovato un file infetto, l'azione di default sarà Cure: clicca quindi su Continua
● se viene trovato un file sospetto, l'azione di default sarà Skip: clicca quindi su Continua
● se non viene rilevato nulla, chiudi semplicemente il programma al termine della scansione

Una volta terminata la scansione, si presenterà una di queste due opzioni:
non è necessario il riavvio del sistema: allega il Report situato nel Disco Locale C:\, di nome TDSSKiller.[Version]_[Date]_[Time]_log.txt
● è necessario riavviare il sistema: clicca su Riavvia ora, infine allega il risultato della scansione (si trova nello stesso percorso menzionato poco fa')


E:

Scarica Kaspersky Virus Removal Tool: http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool
Nota - riguardo al programma:
● l'installer di Kaspersky Virus Removal Tool è costituito da un file di dimensioni maggiori di 100 mb: per cui, se hai una connessione non ADSL, armati di pazienza

Una volta scaricato ed installato il software:
● verrà creata una cartella sul Desktop, chiamata Virus Removal Tool
● verrà mostrata la schermata principale del tool: metti la spunta su tutte le voci disponibili
● clicca, in basso a destra, sul bottone Avvia scansione
● terminata la scansione, in caso di rilevazione di infezioni, clicca su Neutralizza tutto
● si apriranno delle finestre: potrai scegliere se Cancellare o Disinfettare
● metti la spunta su Applica a tutti e clicca su Quarantena
● clicca sul tasto Reports: salva il file di log sul Desktop, e allegalo
● alla chiusura del programma, Kaspersky Virus Removal Tool chiederà di essere rimosso: acconsenti
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: problema barra di windows

Postdi rizzinicola » 09/03/12 19:27

questo è il report del primo file:


18:55:42.0485 1424 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
18:55:42.0532 1424 ============================================================
18:55:42.0532 1424 Current date / time: 2012/03/09 18:55:42.0532
18:55:42.0532 1424 SystemInfo:
18:55:42.0532 1424
18:55:42.0532 1424 OS Version: 6.1.7601 ServicePack: 1.0
18:55:42.0532 1424 Product type: Workstation
18:55:42.0532 1424 ComputerName: NICOLA-PC
18:55:42.0532 1424 UserName: Nicola
18:55:42.0532 1424 Windows directory: C:\Windows
18:55:42.0532 1424 System windows directory: C:\Windows
18:55:42.0532 1424 Processor architecture: Intel x86
18:55:42.0532 1424 Number of processors: 2
18:55:42.0532 1424 Page size: 0x1000
18:55:42.0532 1424 Boot type: Safe boot
18:55:42.0532 1424 ============================================================
18:55:44.0138 1424 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:55:44.0154 1424 Drive \Device\Harddisk1\DR1 - Size: 0xEEB00000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:55:44.0154 1424 \Device\Harddisk0\DR0:
18:55:44.0154 1424 MBR used
18:55:44.0154 1424 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A03C22, BlocksNum 0x32FCD
18:55:44.0154 1424 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A36BEF, BlocksNum 0x10FE2AC1
18:55:44.0154 1424 \Device\Harddisk1\DR1:
18:55:44.0154 1424 MBR used
18:55:44.0154 1424 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x7757E0
18:55:44.0279 1424 Initialize success
18:55:44.0279 1424 ============================================================
18:55:58.0428 1484 ============================================================
18:55:58.0428 1484 Scan started
18:55:58.0428 1484 Mode: Manual; SigCheck; TDLFS;
18:55:58.0428 1484 ============================================================
18:55:58.0880 1484 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
18:56:00.0253 1484 1394ohci - ok
18:56:00.0456 1484 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
18:56:00.0487 1484 ACPI - ok
18:56:00.0565 1484 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
18:56:00.0706 1484 AcpiPmi - ok
18:56:00.0908 1484 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
18:56:00.0955 1484 adp94xx - ok
18:56:01.0002 1484 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
18:56:01.0033 1484 adpahci - ok
18:56:01.0064 1484 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
18:56:01.0096 1484 adpu320 - ok
18:56:01.0205 1484 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
18:56:01.0298 1484 AFD - ok
18:56:01.0361 1484 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
18:56:01.0392 1484 agp440 - ok
18:56:01.0470 1484 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
18:56:01.0501 1484 aic78xx - ok
18:56:01.0610 1484 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
18:56:01.0642 1484 aliide - ok
18:56:01.0657 1484 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
18:56:01.0688 1484 amdagp - ok
18:56:01.0720 1484 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
18:56:01.0751 1484 amdide - ok
18:56:01.0782 1484 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
18:56:01.0860 1484 AmdK8 - ok
18:56:01.0876 1484 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
18:56:01.0922 1484 AmdPPM - ok
18:56:01.0969 1484 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
18:56:02.0000 1484 amdsata - ok
18:56:02.0047 1484 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
18:56:02.0078 1484 amdsbs - ok
18:56:02.0094 1484 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
18:56:02.0125 1484 amdxata - ok
18:56:02.0266 1484 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
18:56:02.0468 1484 AppID - ok
18:56:02.0656 1484 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
18:56:02.0687 1484 arc - ok
18:56:02.0702 1484 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
18:56:02.0749 1484 arcsas - ok
18:56:02.0796 1484 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
18:56:02.0999 1484 AsyncMac - ok
18:56:03.0155 1484 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
18:56:03.0186 1484 atapi - ok
18:56:03.0311 1484 athr (8d6e8178ab4379c932c34a109d27c5a9) C:\Windows\system32\DRIVERS\athr.sys
18:56:03.0467 1484 athr - ok
18:56:03.0685 1484 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
18:56:03.0748 1484 avgntflt - ok
18:56:03.0841 1484 avipbb (475fbb85956534720858ae72010c0a43) C:\Windows\system32\DRIVERS\avipbb.sys
18:56:03.0857 1484 avipbb - ok
18:56:03.0888 1484 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
18:56:03.0904 1484 avkmgr - ok
18:56:03.0997 1484 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
18:56:04.0060 1484 b06bdrv - ok
18:56:04.0122 1484 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
18:56:04.0169 1484 b57nd60x - ok
18:56:04.0309 1484 BCM43XX (f4d388dc3ff004aee886762d5cec7783) C:\Windows\system32\DRIVERS\bcmwl6.sys
18:56:04.0465 1484 BCM43XX - ok
18:56:04.0637 1484 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
18:56:04.0730 1484 Beep - ok
18:56:04.0840 1484 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
18:56:04.0886 1484 blbdrive - ok
18:56:04.0933 1484 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
18:56:04.0980 1484 bowser - ok
18:56:04.0996 1484 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:56:05.0058 1484 BrFiltLo - ok
18:56:05.0089 1484 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:56:05.0152 1484 BrFiltUp - ok
18:56:05.0230 1484 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
18:56:05.0292 1484 Brserid - ok
18:56:05.0323 1484 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
18:56:05.0370 1484 BrSerWdm - ok
18:56:05.0386 1484 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:56:05.0448 1484 BrUsbMdm - ok
18:56:05.0479 1484 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
18:56:05.0542 1484 BrUsbSer - ok
18:56:05.0557 1484 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
18:56:05.0604 1484 BTHMODEM - ok
18:56:05.0698 1484 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
18:56:05.0791 1484 cdfs - ok
18:56:05.0869 1484 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
18:56:05.0916 1484 cdrom - ok
18:56:06.0010 1484 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
18:56:06.0056 1484 circlass - ok
18:56:06.0103 1484 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
18:56:06.0150 1484 CLFS - ok
18:56:06.0306 1484 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
18:56:06.0353 1484 CmBatt - ok
18:56:06.0415 1484 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
18:56:06.0431 1484 cmdide - ok
18:56:06.0493 1484 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
18:56:06.0571 1484 CNG - ok
18:56:06.0618 1484 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
18:56:06.0649 1484 Compbatt - ok
18:56:06.0712 1484 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
18:56:06.0758 1484 CompositeBus - ok
18:56:06.0805 1484 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
18:56:06.0836 1484 crcdisk - ok
18:56:06.0946 1484 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
18:56:07.0008 1484 DfsC - ok
18:56:07.0070 1484 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
18:56:07.0164 1484 discache - ok
18:56:07.0242 1484 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
18:56:07.0258 1484 Disk - ok
18:56:07.0351 1484 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
18:56:07.0414 1484 drmkaud - ok
18:56:07.0538 1484 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:56:07.0570 1484 dtsoftbus01 - ok
18:56:07.0632 1484 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
18:56:07.0694 1484 DXGKrnl - ok
18:56:07.0850 1484 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
18:56:08.0022 1484 ebdrv - ok
18:56:08.0194 1484 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
18:56:08.0240 1484 elxstor - ok
18:56:08.0303 1484 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
18:56:08.0350 1484 ErrDev - ok
18:56:08.0428 1484 EUCR (d8e44d8daf4dac7dc6f8d14313eac823) C:\Windows\system32\DRIVERS\EUCR6SK.SYS
18:56:08.0459 1484 EUCR - ok
18:56:08.0521 1484 ewusbnet - ok
18:56:08.0584 1484 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
18:56:08.0662 1484 exfat - ok
18:56:08.0708 1484 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
18:56:08.0802 1484 fastfat - ok
18:56:08.0896 1484 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
18:56:08.0942 1484 fdc - ok
18:56:09.0005 1484 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
18:56:09.0036 1484 FileInfo - ok
18:56:09.0067 1484 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
18:56:09.0145 1484 Filetrace - ok
18:56:09.0223 1484 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
18:56:09.0254 1484 flpydisk - ok
18:56:09.0317 1484 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
18:56:09.0348 1484 FltMgr - ok
18:56:09.0410 1484 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
18:56:09.0442 1484 FsDepends - ok
18:56:09.0535 1484 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
18:56:09.0551 1484 fssfltr - ok
18:56:09.0613 1484 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
18:56:09.0629 1484 Fs_Rec - ok
18:56:09.0707 1484 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
18:56:09.0754 1484 fvevol - ok
18:56:09.0847 1484 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:56:09.0863 1484 gagp30kx - ok
18:56:09.0925 1484 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
18:56:09.0972 1484 hcw85cir - ok
18:56:10.0066 1484 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
18:56:10.0128 1484 HdAudAddService - ok
18:56:10.0190 1484 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
18:56:10.0253 1484 HDAudBus - ok
18:56:10.0315 1484 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
18:56:10.0362 1484 HidBatt - ok
18:56:10.0378 1484 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
18:56:10.0424 1484 HidBth - ok
18:56:10.0471 1484 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
18:56:10.0534 1484 HidIr - ok
18:56:10.0627 1484 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
18:56:10.0674 1484 HidUsb - ok
18:56:10.0768 1484 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
18:56:10.0799 1484 HpSAMD - ok
18:56:10.0877 1484 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
18:56:10.0970 1484 HTTP - ok
18:56:11.0017 1484 hwdatacard - ok
18:56:11.0080 1484 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
18:56:11.0111 1484 hwpolicy - ok
18:56:11.0158 1484 hwusbdev - ok
18:56:11.0189 1484 hwusbfake - ok
18:56:11.0282 1484 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
18:56:11.0329 1484 i8042prt - ok
18:56:11.0438 1484 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys
18:56:11.0470 1484 iaStor - ok
18:56:11.0532 1484 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
18:56:11.0563 1484 iaStorV - ok
18:56:11.0782 1484 igfx (ba41e1bba410212ce6d30e0dac47972b) C:\Windows\system32\DRIVERS\igdkmd32.sys
18:56:12.0031 1484 igfx - ok
18:56:12.0203 1484 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
18:56:12.0234 1484 iirsp - ok
18:56:12.0406 1484 IntcAzAudAddService (947318c01c648a054a05dbd1c7f73e3b) C:\Windows\system32\drivers\RTKVHDA.sys
18:56:12.0593 1484 IntcAzAudAddService - ok
18:56:12.0671 1484 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
18:56:12.0686 1484 intelide - ok
18:56:12.0733 1484 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
18:56:12.0780 1484 intelppm - ok
18:56:12.0842 1484 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:56:12.0920 1484 IpFilterDriver - ok
18:56:12.0998 1484 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
18:56:13.0045 1484 IPMIDRV - ok
18:56:13.0108 1484 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
18:56:13.0186 1484 IPNAT - ok
18:56:13.0248 1484 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
18:56:13.0342 1484 IRENUM - ok
18:56:13.0388 1484 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
18:56:13.0420 1484 isapnp - ok
18:56:13.0498 1484 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
18:56:13.0529 1484 iScsiPrt - ok
18:56:13.0622 1484 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
18:56:13.0654 1484 kbdclass - ok
18:56:13.0732 1484 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
18:56:13.0794 1484 kbdhid - ok
18:56:13.0888 1484 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
18:56:13.0919 1484 KSecDD - ok
18:56:13.0950 1484 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
18:56:13.0981 1484 KSecPkg - ok
18:56:14.0075 1484 L1C (4566fd5f4416e7fef3600e4b30d086c3) C:\Windows\system32\DRIVERS\L1C62x86.sys
18:56:14.0090 1484 L1C - ok
18:56:14.0200 1484 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
18:56:14.0278 1484 lltdio - ok
18:56:14.0324 1484 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:56:14.0356 1484 LSI_FC - ok
18:56:14.0387 1484 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:56:14.0418 1484 LSI_SAS - ok
18:56:14.0449 1484 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:56:14.0480 1484 LSI_SAS2 - ok
18:56:14.0512 1484 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:56:14.0543 1484 LSI_SCSI - ok
18:56:14.0590 1484 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
18:56:14.0683 1484 luafv - ok
18:56:14.0792 1484 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
18:56:14.0808 1484 megasas - ok
18:56:14.0855 1484 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
18:56:14.0886 1484 MegaSR - ok
18:56:14.0980 1484 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
18:56:15.0073 1484 Modem - ok
18:56:15.0151 1484 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
18:56:15.0214 1484 monitor - ok
18:56:15.0292 1484 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
18:56:15.0307 1484 mouclass - ok
18:56:15.0385 1484 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
18:56:15.0432 1484 mouhid - ok
18:56:15.0479 1484 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
18:56:15.0510 1484 mountmgr - ok
18:56:15.0572 1484 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
18:56:15.0604 1484 mpio - ok
18:56:15.0650 1484 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
18:56:15.0744 1484 mpsdrv - ok
18:56:15.0806 1484 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
18:56:15.0853 1484 MRxDAV - ok
18:56:15.0931 1484 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:56:16.0009 1484 mrxsmb - ok
18:56:16.0072 1484 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:56:16.0134 1484 mrxsmb10 - ok
18:56:16.0165 1484 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:56:16.0212 1484 mrxsmb20 - ok
18:56:16.0274 1484 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
18:56:16.0290 1484 msahci - ok
18:56:16.0352 1484 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
18:56:16.0384 1484 msdsm - ok
18:56:16.0462 1484 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
18:56:16.0540 1484 Msfs - ok
18:56:16.0571 1484 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
18:56:16.0633 1484 mshidkmdf - ok
18:56:16.0664 1484 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
18:56:16.0680 1484 msisadrv - ok
18:56:16.0789 1484 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
18:56:16.0883 1484 MSKSSRV - ok
18:56:16.0945 1484 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
18:56:17.0023 1484 MSPCLOCK - ok
18:56:17.0070 1484 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
18:56:17.0148 1484 MSPQM - ok
18:56:17.0195 1484 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
18:56:17.0226 1484 MsRPC - ok
18:56:17.0288 1484 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
18:56:17.0304 1484 mssmbios - ok
18:56:17.0366 1484 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
18:56:17.0460 1484 MSTEE - ok
18:56:17.0522 1484 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
18:56:17.0569 1484 MTConfig - ok
18:56:17.0616 1484 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
18:56:17.0632 1484 Mup - ok
18:56:17.0725 1484 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
18:56:17.0788 1484 NativeWifiP - ok
18:56:17.0866 1484 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
18:56:17.0928 1484 NDIS - ok
18:56:18.0006 1484 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
18:56:18.0100 1484 NdisCap - ok
18:56:18.0162 1484 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
18:56:18.0240 1484 NdisTapi - ok
18:56:18.0334 1484 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
18:56:18.0412 1484 Ndisuio - ok
18:56:18.0458 1484 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
18:56:18.0552 1484 NdisWan - ok
18:56:18.0599 1484 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
18:56:18.0677 1484 NDProxy - ok
18:56:18.0755 1484 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
18:56:18.0848 1484 NetBIOS - ok
18:56:18.0911 1484 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
18:56:18.0989 1484 NetBT - ok
18:56:19.0098 1484 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
18:56:19.0114 1484 nfrd960 - ok
18:56:19.0207 1484 nmwcd (cfe3462a9e94a57dcd9676f6b7fe7f67) C:\Windows\system32\drivers\ccdcmb.sys
18:56:19.0301 1484 nmwcd - ok
18:56:19.0332 1484 nmwcdc (8f2a94f991f8c73cec26b4b5620d1edc) C:\Windows\system32\drivers\ccdcmbo.sys
18:56:19.0441 1484 nmwcdc - ok
18:56:19.0535 1484 nmwcdnsu (99145c5d4b6c4d6f5ce83ee6abffe294) C:\Windows\system32\drivers\nmwcdnsu.sys
18:56:19.0613 1484 nmwcdnsu - ok
18:56:19.0660 1484 nmwcdnsuc (faee7b61c6885b091cec1ff06da2e1ab) C:\Windows\system32\drivers\nmwcdnsuc.sys
18:56:19.0753 1484 nmwcdnsuc - ok
18:56:19.0800 1484 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
18:56:19.0878 1484 Npfs - ok
18:56:19.0940 1484 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
18:56:20.0018 1484 nsiproxy - ok
18:56:20.0096 1484 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
18:56:20.0206 1484 Ntfs - ok
18:56:20.0252 1484 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
18:56:20.0330 1484 Null - ok
18:56:20.0393 1484 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
18:56:20.0440 1484 nvraid - ok
18:56:20.0471 1484 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
18:56:20.0502 1484 nvstor - ok
18:56:20.0549 1484 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
18:56:20.0564 1484 nv_agp - ok
18:56:20.0627 1484 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
18:56:20.0689 1484 ohci1394 - ok
18:56:20.0861 1484 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
18:56:20.0892 1484 Parport - ok
18:56:20.0954 1484 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
18:56:20.0986 1484 partmgr - ok
18:56:21.0001 1484 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
18:56:21.0048 1484 Parvdm - ok
18:56:21.0126 1484 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
18:56:21.0188 1484 pccsmcfd - ok
18:56:21.0251 1484 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
18:56:21.0282 1484 pci - ok
18:56:21.0329 1484 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
18:56:21.0360 1484 pciide - ok
18:56:21.0391 1484 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
18:56:21.0422 1484 pcmcia - ok
18:56:21.0485 1484 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
18:56:21.0516 1484 pcw - ok
18:56:21.0563 1484 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
18:56:21.0672 1484 PEAUTH - ok
18:56:21.0812 1484 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
18:56:21.0906 1484 PptpMiniport - ok
18:56:21.0968 1484 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
18:56:22.0015 1484 Processor - ok
18:56:22.0109 1484 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
18:56:22.0218 1484 Psched - ok
18:56:22.0312 1484 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
18:56:22.0405 1484 ql2300 - ok
18:56:22.0436 1484 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
18:56:22.0468 1484 ql40xx - ok
18:56:22.0530 1484 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
18:56:22.0577 1484 QWAVEdrv - ok
18:56:22.0608 1484 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
18:56:22.0702 1484 RasAcd - ok
18:56:22.0780 1484 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:56:22.0858 1484 RasAgileVpn - ok
18:56:22.0904 1484 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:56:22.0982 1484 Rasl2tp - ok
18:56:23.0045 1484 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
18:56:23.0123 1484 RasPppoe - ok
18:56:23.0170 1484 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
18:56:23.0263 1484 RasSstp - ok
18:56:23.0326 1484 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
18:56:23.0419 1484 rdbss - ok
18:56:23.0466 1484 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
18:56:23.0513 1484 rdpbus - ok
18:56:23.0560 1484 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:56:23.0638 1484 RDPCDD - ok
18:56:23.0700 1484 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
18:56:23.0778 1484 RDPENCDD - ok
18:56:23.0825 1484 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
18:56:23.0903 1484 RDPREFMP - ok
18:56:23.0950 1484 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
18:56:24.0028 1484 RDPWD - ok
18:56:24.0106 1484 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
18:56:24.0152 1484 rdyboost - ok
18:56:24.0277 1484 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
18:56:24.0371 1484 rspndr - ok
18:56:24.0464 1484 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
18:56:24.0496 1484 sbp2port - ok
18:56:24.0558 1484 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
18:56:24.0636 1484 scfilter - ok
18:56:24.0683 1484 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:56:24.0745 1484 secdrv - ok
18:56:24.0808 1484 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
18:56:24.0839 1484 Serenum - ok
18:56:24.0870 1484 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
18:56:24.0901 1484 Serial - ok
18:56:24.0964 1484 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
18:56:25.0010 1484 sermouse - ok
18:56:25.0151 1484 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
18:56:25.0182 1484 sffdisk - ok
18:56:25.0213 1484 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
18:56:25.0260 1484 sffp_mmc - ok
18:56:25.0291 1484 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
18:56:25.0354 1484 sffp_sd - ok
18:56:25.0416 1484 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
18:56:25.0447 1484 sfloppy - ok
18:56:25.0494 1484 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
18:56:25.0525 1484 sisagp - ok
18:56:25.0572 1484 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:56:25.0603 1484 SiSRaid2 - ok
18:56:25.0634 1484 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
18:56:25.0666 1484 SiSRaid4 - ok
18:56:25.0728 1484 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
18:56:25.0806 1484 Smb - ok
18:56:25.0853 1484 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
18:56:25.0884 1484 spldr - ok
18:56:26.0009 1484 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
18:56:26.0087 1484 srv - ok
18:56:26.0134 1484 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
18:56:26.0196 1484 srv2 - ok
18:56:26.0227 1484 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
18:56:26.0274 1484 srvnet - ok
18:56:26.0383 1484 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
18:56:26.0399 1484 ssmdrv - ok
18:56:26.0430 1484 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
18:56:26.0461 1484 stexstor - ok
18:56:26.0508 1484 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
18:56:26.0539 1484 swenum - ok
18:56:26.0586 1484 SynTP (5cdd124913e91c7f79b4d5cae1c7c4de) C:\Windows\system32\DRIVERS\SynTP.sys
18:56:26.0617 1484 SynTP - ok
18:56:26.0742 1484 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
18:56:26.0867 1484 Tcpip - ok
18:56:26.0960 1484 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
18:56:27.0023 1484 TCPIP6 - ok
18:56:27.0101 1484 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
18:56:27.0194 1484 tcpipreg - ok
18:56:27.0272 1484 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
18:56:27.0366 1484 TDPIPE - ok
18:56:27.0413 1484 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
18:56:27.0491 1484 TDTCP - ok
18:56:27.0553 1484 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
18:56:27.0647 1484 tdx - ok
18:56:27.0694 1484 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
18:56:27.0725 1484 TermDD - ok
18:56:27.0834 1484 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:56:27.0912 1484 tssecsrv - ok
18:56:28.0006 1484 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
18:56:28.0052 1484 TsUsbFlt - ok
18:56:28.0162 1484 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
18:56:28.0240 1484 tunnel - ok
18:56:28.0302 1484 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
18:56:28.0318 1484 uagp35 - ok
18:56:28.0380 1484 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
18:56:28.0474 1484 udfs - ok
18:56:28.0536 1484 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
18:56:28.0567 1484 uliagpkx - ok
18:56:28.0645 1484 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
18:56:28.0692 1484 umbus - ok
18:56:28.0786 1484 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
18:56:28.0832 1484 UmPass - ok
18:56:28.0895 1484 upperdev (ec01da44b090d2651fc032c8b9257232) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
18:56:28.0973 1484 upperdev - ok
18:56:29.0035 1484 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
18:56:29.0066 1484 usbccgp - ok
18:56:29.0144 1484 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
18:56:29.0176 1484 usbcir - ok
18:56:29.0222 1484 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
18:56:29.0254 1484 usbehci - ok
18:56:29.0332 1484 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
18:56:29.0378 1484 usbhub - ok
18:56:29.0425 1484 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
18:56:29.0472 1484 usbohci - ok
18:56:29.0550 1484 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
18:56:29.0597 1484 usbprint - ok
18:56:29.0690 1484 usbser (31181de6190b39fc8007dffd1a48ffd6) C:\Windows\system32\drivers\usbser.sys
18:56:29.0737 1484 usbser - ok
18:56:29.0784 1484 UsbserFilt (4abd37cfbd710e64f01f9da8710c73f7) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
18:56:29.0846 1484 UsbserFilt - ok
18:56:29.0909 1484 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:56:29.0971 1484 USBSTOR - ok
18:56:30.0018 1484 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
18:56:30.0080 1484 usbuhci - ok
18:56:30.0158 1484 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
18:56:30.0221 1484 usbvideo - ok
18:56:30.0299 1484 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
18:56:30.0330 1484 vdrvroot - ok
18:56:30.0392 1484 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
18:56:30.0455 1484 vga - ok
18:56:30.0502 1484 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
18:56:30.0580 1484 VgaSave - ok
18:56:30.0626 1484 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
18:56:30.0658 1484 vhdmp - ok
18:56:30.0751 1484 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
18:56:30.0782 1484 viaagp - ok
18:56:30.0814 1484 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
18:56:30.0860 1484 ViaC7 - ok
18:56:30.0876 1484 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
18:56:30.0907 1484 viaide - ok
18:56:30.0970 1484 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
18:56:30.0985 1484 volmgr - ok
18:56:31.0048 1484 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
18:56:31.0079 1484 volmgrx - ok
18:56:31.0157 1484 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
18:56:31.0188 1484 volsnap - ok
18:56:31.0266 1484 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
18:56:31.0297 1484 vsmraid - ok
18:56:31.0375 1484 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
18:56:31.0422 1484 vwifibus - ok
18:56:31.0500 1484 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
18:56:31.0547 1484 vwififlt - ok
18:56:31.0594 1484 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
18:56:31.0640 1484 vwifimp - ok
18:56:31.0734 1484 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
18:56:31.0765 1484 WacomPen - ok
18:56:31.0828 1484 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:56:31.0906 1484 WANARP - ok
18:56:31.0906 1484 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:56:31.0984 1484 Wanarpv6 - ok
18:56:32.0046 1484 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
18:56:32.0077 1484 Wd - ok
18:56:32.0124 1484 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:56:32.0171 1484 Wdf01000 - ok
18:56:32.0296 1484 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
18:56:32.0374 1484 WfpLwf - ok
18:56:32.0405 1484 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
18:56:32.0420 1484 WIMMount - ok
18:56:32.0592 1484 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
18:56:32.0639 1484 WinUsb - ok
18:56:32.0748 1484 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
18:56:32.0795 1484 WmiAcpi - ok
18:56:32.0888 1484 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
18:56:32.0982 1484 ws2ifsl - ok
18:56:33.0060 1484 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
18:56:33.0138 1484 WudfPf - ok
18:56:33.0216 1484 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:56:33.0310 1484 WUDFRd - ok
18:56:33.0372 1484 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:56:33.0637 1484 \Device\Harddisk0\DR0 - ok
18:56:33.0653 1484 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
18:56:33.0871 1484 \Device\Harddisk1\DR1 - ok
18:56:33.0887 1484 Boot (0x1200) (0699e1621108d0240c430f70a52a1edc) \Device\Harddisk0\DR0\Partition0
18:56:33.0887 1484 \Device\Harddisk0\DR0\Partition0 - ok
18:56:33.0902 1484 Boot (0x1200) (ad741c242f312039ce8030d0f1dc3933) \Device\Harddisk0\DR0\Partition1
18:56:33.0902 1484 \Device\Harddisk0\DR0\Partition1 - ok
18:56:33.0918 1484 Boot (0x1200) (95c3f4ef9c2552751a8c5c08978f5b58) \Device\Harddisk1\DR1\Partition0
18:56:33.0918 1484 \Device\Harddisk1\DR1\Partition0 - ok
18:56:33.0918 1484 ============================================================
18:56:33.0918 1484 Scan finished
18:56:33.0918 1484 ============================================================
18:56:33.0949 1476 Detected object count: 0
18:56:33.0949 1476 Actual detected object count: 0
18:59:35.0518 1408 Deinitialize success
rizzinicola
Utente Junior
 
Post: 11
Iscritto il: 08/03/12 11:13

Re: problema barra di windows

Postdi rizzinicola » 09/03/12 19:28

e questo è il report del virus tool spero si capisca:

Results of system analysis

Kaspersky Virus Removal Tool 11.0.0.1245 (database released 09/03/2012; 03:33)

List of processes

File name PID Description Copyright MD5 Information
Detected:67, recognized as trusted 67
Module name Handle Description Copyright MD5 Used by processes
Modules detected:560, recognized as trusted 560
Kernel Space Modules Viewer

Module Base address Size in memory Description Manufacturer
C:\Windows\System32\Drivers\dump_dumpfve.sys
Script: Quarantine, Delete, BC delete 80F3F000 011000 (69632)
C:\Windows\System32\Drivers\dump_iaStor.sys
Script: Quarantine, Delete, BC delete 8B65B000 0DA000 (892928)
Modules detected - 187, recognized as trusted - 185
Services

Service Description Status File Group Dependencies
Detected - 151, recognized as trusted - 151
Drivers

Service Description Status File Group Dependencies
ewusbnet
Driver: Unload, Delete, Disable, BC delete HUAWEI USB-NDIS miniport Not started C:\Windows\system32\DRIVERS\ewusbnet.sys
Script: Quarantine, Delete, BC delete NDIS
hwdatacard
Driver: Unload, Delete, Disable, BC delete Huawei DataCard USB Modem and USB Serial Not started C:\Windows\system32\DRIVERS\ewusbmdm.sys
Script: Quarantine, Delete, BC delete
hwusbdev
Driver: Unload, Delete, Disable, BC delete Huawei DataCard USB PNP Device Not started C:\Windows\system32\DRIVERS\ewusbdev.sys
Script: Quarantine, Delete, BC delete
hwusbfake
Driver: Unload, Delete, Disable, BC delete Huawei DataCard USB Fake Not started C:\Windows\system32\DRIVERS\ewusbfake.sys
Script: Quarantine, Delete, BC delete
Detected - 261, recognized as trusted - 257
Autoruns

File name Status Startup method Description
C:\Program Files\Common Files\Microsoft Shared\DW\DW.EXE
Script: Quarantine, Delete, BC delete -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft Visual Studio Tools for Applications, EventMessageFile
C:\Users\Nicola\AppData\Local\Temp\NEventMessages.dll
Script: Quarantine, Delete, BC delete -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Nokia M Platform, EventMessageFile
C:\Users\Nicola\AppData\Local\Temp\_uninst_81817423.bat
Script: Quarantine, Delete, BC delete Active Shortcut in Autoruns folder C:\Users\Nicola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\, C:\Users\Nicola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_81817423.lnk,
C:\Windows\system32\psxss.exe
Script: Quarantine, Delete, BC delete -- Registry key HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Posix
progman.exe
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, shell
Delete
rdpclip
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd, StartupPrograms
Delete
vgafix.fon
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, fixedfon.fon
Delete
vgaoem.fon
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, oemfonts.fon
Delete
vgasys.fon
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, fonts.fon
Delete
Autoruns items detected - 633, recognized as trusted - 624
Microsoft Internet Explorer extension modules (BHOs, Toolbars ...)

File name Type Description Manufacturer CLSID
BHO {D53B8DD0-C993-1DA5-C3BC-9D7665EBD278}
Delete
Extension module {0000036B-C524-4050-81A0-243669A86B9F}
Delete
Extension module {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}
Delete
Extension module {2670000A-7350-4f3c-8081-5663EE0C6C49}
Delete
Extension module {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
Delete
Elements detected - 13, recognized as trusted - 8
Windows Explorer extension modules

File name Destination Description Manufacturer CLSID
WLMD Message Handler {0563DB41-F538-4B37-A92D-4659049B7766}
Delete
Context Menu Shell Extension {84058084-7609-44D1-B3CC-7A9436CB6D92}
Delete
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Delete
Elements detected - 45, recognized as trusted - 42
Printing system extensions (print monitors, providers)

File name Type Name Description Manufacturer
Elements detected - 8, recognized as trusted - 8
Task Scheduler jobs

File name Job name Job status Description Manufacturer
Elements detected - 0, recognized as trusted - 0
SPI/LSP settings

Namespace providers (NSP)
Provider Status EXE file Description GUID
Detected - 8, recognized as trusted - 8
Transport protocol providers (TSP, LSP)
Provider EXE file Description
Detected - 24, recognized as trusted - 24
Results of automatic SPI settings check
LSP settings checked. No errors detected
TCP/UDP ports

Port Status Remote Host Remote Port Application Notes
TCP ports
135 LISTENING 0.0.0.0 0 [820] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
139 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
445 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
1688 LISTENING 0.0.0.0 0 [1928] c:\windows\kmservice.exe
Script: Quarantine, Delete, BC delete, Terminate
5357 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
49152 LISTENING 0.0.0.0 0 [520] c:\windows\system32\wininit.exe
Script: Quarantine, Delete, BC delete, Terminate
49153 LISTENING 0.0.0.0 0 [916] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
49154 LISTENING 0.0.0.0 0 [1000] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
49155 LISTENING 0.0.0.0 0 [624] c:\windows\system32\lsass.exe
Script: Quarantine, Delete, BC delete, Terminate
49156 LISTENING 0.0.0.0 0 [616] c:\windows\system32\services.exe
Script: Quarantine, Delete, BC delete, Terminate
UDP ports
137 LISTENING -- -- [4] System
Script: Quarantine, Delete, BC delete, Terminate
138 LISTENING -- -- [4] System
Script: Quarantine, Delete, BC delete, Terminate
500 LISTENING -- -- [1000] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1900 LISTENING -- -- [3260] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1900 LISTENING -- -- [3260] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
3702 LISTENING -- -- [1136] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
3702 LISTENING -- -- [1136] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
3702 LISTENING -- -- [3260] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
3702 LISTENING -- -- [3260] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4500 LISTENING -- -- [1000] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
5355 LISTENING -- -- [1256] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
65338 LISTENING -- -- [3020] c:\program files\windows sidebar\sidebar.exe
Script: Quarantine, Delete, BC delete, Terminate
65339 LISTENING -- -- [3260] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
65341 LISTENING -- -- [1136] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
65344 LISTENING -- -- [3260] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
65345 LISTENING -- -- [3260] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
Downloaded Program Files (DPF)

File name Description Manufacturer CLSID Source URL
Elements detected - 4, recognized as trusted - 4
Control Panel Applets (CPL)

File name Description Manufacturer
Elements detected - 22, recognized as trusted - 22
Active Setup

File name Description Manufacturer CLSID
Elements detected - 9, recognized as trusted - 9
HOSTS file

Hosts file record
Protocols and handlers

File name Type Description Manufacturer CLSID
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
Elements detected - 19, recognized as trusted - 16
Suspicious objects

File Description Type
C:\Windows\system32\DRIVERS\6088245drv.sys
Script: Quarantine, Delete, BC delete Suspicion for Rootkit Kernel-mode hook

Main script of analysis
Windows version: Windows 7 Starter, Build=7601, SP="Service Pack 1"
System Restore: enabled
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
IAT modification detected: CreateProcessA - 005E0010<>75D82082
IAT modification detected: GetModuleFileNameA - 005E0080<>75DCD75A
IAT modification detected: FreeLibrary - 005E00F0<>75DCEF67
IAT modification detected: GetModuleFileNameW - 005E0160<>75DCEF35
IAT modification detected: CreateProcessW - 005E01D0<>75D8204D
IAT modification detected: LoadLibraryW - 005E02B0<>75DCEF42
IAT modification detected: LoadLibraryA - 005E0320<>75DCDC65
IAT modification detected: GetProcAddress - 005E0390<>75DCCC94
Analysis: ntdll.dll, export table found in section .text
Analysis: user32.dll, export table found in section .text
Analysis: advapi32.dll, export table found in section .text
Analysis: ws2_32.dll, export table found in section .text
Analysis: wininet.dll, export table found in section .text
Analysis: rasapi32.dll, export table found in section .text
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
Driver loaded successfully
SDT found (RVA=15FA80)
Kernel ntoskrnl.exe found in memory at address 81C0F000
SDT = 81D6EA80
KiST = 81C6B72C (401)
Function NtAdjustPrivilegesToken (0C) intercepted (81E7A17A->AA990E36), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtAlpcConnectPort (16) intercepted (81E2C1A3->AA993074), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtAlpcCreatePort (17) intercepted (81E74B00->AA9932EE), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtAlpcSendWaitReceivePort (27) intercepted (81E5BB6B->AA993564), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtClose (32) intercepted (81E53776->AA99174A), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtConnectPort (3B) intercepted (81E489EC->AA99257E), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtCreateEvent (40) intercepted (81E3BA33->AA992AC8), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtCreateFile (42) intercepted (81E5A50F->AA991A26), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtCreateMutant (4A) intercepted (81E7B07E->AA9929AE), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtCreateNamedPipeFile (4B) intercepted (81E7E637->AA990A24), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtCreatePort (4D) intercepted (81E79BE7->AA992882), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtCreateSection (54) intercepted (81E6277E->AA990BCC), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtCreateSemaphore (55) intercepted (81E3A355->AA992BE8), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtCreateThread (57) intercepted (81EE1592->AA9913D0), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtCreateThreadEx (58) intercepted (81E6A6A7->AA9914CE), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtCreateUserProcess (5D) intercepted (81E32B1E->AA9937AE), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtCreateWaitablePort (5E) intercepted (81DA354F->AA992918), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtDebugActiveProcess (60) intercepted (81EB3D48->AA9942D6), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtDeviceIoControlFile (6B) intercepted (81E1CDD5->AA991EA8), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtDuplicateObject (6F) intercepted (81E6675B->AA9954E4), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtFsControlFile (86) intercepted (81E52DC8->AA991CB6), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtLoadDriver (9B) intercepted (81DB03C4->AA9943C8), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtMapViewOfSection (A8) intercepted (81E45A13->AA994B30), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtOpenEvent (B1) intercepted (81E3BE1C->AA992B5E), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtOpenFile (B3) intercepted (81E6577E->AA9917CC), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtOpenMutant (BB) intercepted (81E5C82A->AA992A3E), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtOpenProcess (BE) intercepted (81E27E3F->AA991074), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtOpenSection (C2) intercepted (81E748A0->AA9948CA), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtOpenSemaphore (C3) intercepted (81DDD12C->AA992C7E), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtOpenThread (C6) intercepted (81E7D9A8->AA990F64), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtQueryDirectoryObject (E0) intercepted (81E21F90->AA993868), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtQuerySection (FE) intercepted (81E3A244->AA994E6A), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtQueueApcThread (10D) intercepted (81DF6911->AA99475C), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtReplaceKey (124) intercepted (81EA18D2->AA98F6DE), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtReplyPort (126) intercepted (81E4E57C->AA992FE2), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtReplyWaitReceivePort (127) intercepted (81E6AAB8->AA992EA8), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtRequestWaitReplyPort (12B) intercepted (81E2A475->AA994070), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtRestoreKey (12E) intercepted (81E95FC2->AA98FA56), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtResumeThread (130) intercepted (81E37D9B->AA995386), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtSaveKey (135) intercepted (81E961C0->AA98F676), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtSecureConnectPort (138) intercepted (81E3A456->AA9922C4), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtSetContextThread (13C) intercepted (81EE2697->AA9915EC), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtSetInformationToken (150) intercepted (81E51311->AA99390A), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtSetSecurityObject (15B) intercepted (81E58A1E->AA994566), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtSetSystemInformation (15E) intercepted (81DF359C->AA994FBA), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtSuspendProcess (16E) intercepted (81EE3253->AA9950AC), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtSuspendThread (16F) intercepted (81E9D1E3->AA9951E6), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtSystemDebugControl (170) intercepted (81DF7924->AA9941FA), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtTerminateProcess (172) intercepted (81E2831E->AA99121A), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtTerminateThread (173) intercepted (81E3F7DC->AA991170), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtUnmapViewOfSection (181) intercepted (81E683AE->AA994D0E), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtWriteVirtualMemory (18F) intercepted (81E5813B->AA991306), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Functions checked: 401, intercepted: 52, restored: 52
1.3 Checking IDT and SYSENTER
Analysis for CPU 1
Analysis for CPU 2
CmpCallCallBacks = 00000000
Checking IDT and SYSENTER - complete
1.4 Searching for masking processes and drivers
Checking not performed: extended monitoring driver (AVZPM) is not installed
1.5 Checking of IRP handlers
Driver loaded successfully
Checking - complete
>> Services: potentially dangerous service allowed: TermService (Servizi Desktop remoto)
>> Services: potentially dangerous service allowed: SSDPSRV (Individuazione SSDP)
>> Services: potentially dangerous service allowed: Schedule (Utilitа di pianificazione)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
>> Disable HDD autorun
>> Disable autorun from network drives
>> Disable CD/DVD autorun
>> Disable removable media autorun
>> Windows Explorer - show extensions of known file types
System Analysis in progress

System Analysis - complete


Script commands


Add commands to script:
Blocking hooks using Anti-Rootkit
Enable AVZGuard
Operations with AVZPM (true=enable,false=disable)
BootCleaner - import list of deleted files
BootCleaner - import all
Registry cleanup after deleting files
ExecuteWizard ('TSW',2,3,true) - Running Troubleshooting wizard
BootCleaner - activate
Reboot
Insert template for QuarantineFile() - quarantining file
Insert template for BC_QrFile() - quarantining file via BootCleaner
Insert template for DeleteFile() - deleting file
Insert template for DelCLSID() - deleting CLSID item from registry
Additional operations:
Performance tweaking: disable service TermService (Servizi Desktop remoto)
Performance tweaking: disable service SSDPSRV (Individuazione SSDP)
Performance tweaking: disable service Schedule (Utilitа di pianificazione)
Security tweaking: disable CD autorun
Security tweaking: disable administrative shares
Security tweaking: disable anonymous user access
Security: disable sending Remote Assistant queries

File list
rizzinicola
Utente Junior
 
Post: 11
Iscritto il: 08/03/12 11:13

Re: problema barra di windows

Postdi FrancescoFDAC » 10/03/12 14:23

Ciao. Hai sempre Gli stessi problemi?
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: problema barra di windows

Postdi rizzinicola » 11/03/12 16:10

FrancescoFDAC ha scritto:Ciao. Hai sempre Gli stessi problemi?


sì aiutatemi per favore
rizzinicola
Utente Junior
 
Post: 11
Iscritto il: 08/03/12 11:13

Re: problema barra di windows

Postdi FrancescoFDAC » 11/03/12 16:22

Il tuo PC è impestato di Rootkit, non so se potremo salvarlo dalla formattazione.

Vediamo se c'è Zero Access:
Scarica Anti Zero Access: http://anywhere.webrootcloudav.com/antizeroaccess.exe
● posiziona il file scaricato sul Desktop
● avvia il programma con un doppio click
● clicca Y e poi batti Invio, per avviare la scansione
● finita la scansione dovrebbe rilevare (se presente nel tuo sistema) il Rootkit ZeroAccess
allega il report

Scarica ESET Sirefef Remover: http://download.eset.com/special/encycl ... emover.exe
● posiziona il file scaricato sul Desktop
● avvia il programma con un doppio click
● segui le istruzioni che verranno rilasciate per completare l'operazione di rimozione del Rootkit ZeroAccess
● comunica se il rootkit è stato rilevato o meno dal tool

Nota: nelle ultime varianti, l'infezione accennata oltre ad infettare l'MBR, e creare una partizione di pochi MB nascosta nel Disco rigido, ha il brutto vizio di distruggere la connessione ad Internet.

Quindi, se aprendo Gestione Disco in questo modo:
"Clicca sul pulsante Start, scegli Pannello di controllo, Sistema e manutenzione, Strumenti di amministrazione e quindi fai doppio click su Gestione computer. Se viene chiesto di specificare una password di amministratore o di confermare, digita la password o conferma.
Nel riquadro di spostamento clicca su Gestione disco"

Se ti ritrovi una partizione di pochi MegaByte (da 2 a 10 per intenderci) fammelo sapere nel tuo prossimo messaggio, allegando una immagine esplicativa.
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: problema barra di windows

Postdi rizzinicola » 12/03/12 12:42

FrancescoFDAC ha scritto:Ciao. Hai sempre Gli stessi problemi?

con Anti Zero Access mi dice alla fine della scansione che non c'è nessun rootkit nel mio sistema
rizzinicola
Utente Junior
 
Post: 11
Iscritto il: 08/03/12 11:13


Torna a Software Windows


Topic correlati a "problema barra di windows":

Problema con il mouse
Autore: crisge73
Forum: Discussioni
Risposte: 9

Chi c’è in linea

Visitano il forum: Nessuno e 23 ospiti