problema barra di windows

[rizzinicola]

il problema è questo spero che mi possiate aiutare:
accendo il netbook con windws 7 starter e non mi compare il menu di avvio, ma il problema è che c'è ma non si vede, sta sotto sotto dove finisce lo schermo e per andare a START devo scendere sotto col mouse e quando finisce lo schermo vado circa 2 cm ancora giù (senza vedere), clicco e si apre il menu ma comunque non vedo la fascia di sotto dove appunto c'è il tasto start, la barra, l'orologio, ecc.
Per favore aiutatemi, sto impazzendo! grazie

[rizzinicola]

ho già fatto il ripristino del sistema,ho modificato anche la risoluzione e premetto che non ho fatto operazioni nei giorni scorsi che avrebbero potuto eliminare qualche file di sistema o provocare tali errori.
grazie

[FrancescoFDAC]

Se riesci ad accedere in modalità provvisoria:
Scarica ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
● posiziona il file scaricato sul Desktop
● disattiva l'Antivirus in uso, dall'icona presente sulla Traybar (accanto all'orologio di Windows)
● disattiva il Firewall eventualmente installato, dall'icona presente sulla Traybar (accanto all'orologio di Windows)

Eseguiti i passaggi indicati sopra:
● lancia ComboFix con un doppio click
● segui le istruzioni che verranno rilasciate per eseguire la scansione
● in caso tu abbia Windows XP, verrà richiesta l'installazione della Console di ripristino di emergenza: non la installare
● senza eseguire nessuna altra operazione, lascia che il tool completi il suo lavoro

Note - durante la scansione:
● potrebbero comparire alcuni file sul Desktop, e poi eliminati
● spariranno, per un attimo, tutte le icone presenti sul Desktop: nulla di cui preoccuparsi
● potrebbe venire rilasciato un messaggio in relazione all'Antivirus in uso: prosegui ignorando il messaggio
● il firewall potrebbe rilasciare un avviso circa la rimozione di alcuni driver: consenti
● potrebbe apparire sul Desktop l'icona di Internet Explorer

Quando ComboFix avrà concluso l'operazione di scansione:
● il sistema verrà riavviato automaticamente: in caso contrario, riavvialo te
● vai in Disco Locale C:, cerca il file di testo dal nome ComboFix.txt ed allegalo

Nota - riguardo al programma:
● per eseguire correttamente ComboFix su Windows Vista e Windows Seven, clicca con il tasto destro del mouse sull'icona del programma e, dal menù contestuale, scegli la voce Esegui come Amministratore
● sUBs, la software house che distribuisce ComboFix, non è responsabile di qualsiasi danno causato da te dopo l'utilizzo del software stesso.
Lo stesso vale per me; questo tool non è un giocattolo e non è destinato all'utilizzo quotidiano. Esso non dovrebbe essere utilizzato a meno che non venga espressamente richiesto da un esperto
● ComboFix disabilita l'esecuzione automatica delle unità USB (Chiavette, Hard Disk Esterni, Lettori MP3...) per prevenire future minacce: quando inserisci una Pendrive, sarai costretto ad avviarla dalle Risorse del computer. Una precauzione in più, una possibile minaccia in meno

Quindi:
Scarica Unhide: http://download.bleepingcomputer.com/grinler/unhide.exe
● posiziona il file scaricato sul Desktop
● esegui il programma con un doppio click
● attendi pazientemente il termine della scansione
● clicca sul pulsante OK
● riavvia il sistema

[rizzinicola]

ho fatto le operazioni che mi hai consigliato ma ancora niente, come posso fare?

[FrancescoFDAC]

Se avessi fatto le operazioni che ti ho detto di fare, a quest'ora avresti già allegato il log.

Attendo il log.

[rizzinicola]

questo è il file combo, grazie mille:


ComboFix 12-03-08.02 - Nicola 08/03/2012 14:59:45.1.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.39.1040.18.1013.348 [GMT 1:00]
Eseguito da: c:\users\Nicola\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2012-02-08 al 2012-03-08 )))))))))))))))))))))))))))))))))))
.
.
2012-03-08 14:14 . 2012-03-08 14:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-08 08:52 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-03-08 08:52 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-03-08 08:52 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-03-08 08:52 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-12 20:18 . 2011-12-12 07:51 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-07-27 21:41 1493160 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-07-27 1493160]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-07-27 1493160]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-12 8546848]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-04-08 908368]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]
"Acer ePower Management"="c:\program files\eMachines\eMachines Power Management\ePowerTray.exe" [2010-02-05 715296]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-07-27 397992]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
"EPSON Stylus D68 Series"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE" [2005-01-25 98304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-12-26 22:36 136176 ----atw- c:\users\Nicola\AppData\Local\Google\Update\GoogleUpdate.exe
.
R2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-09-23 463824]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2010-03-02 82384]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-05-18 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011-05-18 8576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-15 36000]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-05-07 218688]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2010-04-08 312400]
S2 ePowerSvc;Acer ePower Service;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe [2010-02-05 735776]
S2 KMService;KMService;c:\windows\system32\srvany.exe [2011-05-07 8192]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2010-01-28 243232]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-03-04 67624]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2498602541-601839000-361440516-1000Core.job
- c:\users\Nicola\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-26 22:36]
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2498602541-601839000-361440516-1000UA.job
- c:\users\Nicola\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-26 22:36]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
mStart Page = hxxp://homepage.emachines.com/rdr.aspx? ... 5r46k2r641
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\program files\PokerStars.IT\PokerStarsUpdate.exe
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
TCP: Interfaces\{B095368B-5204-4B19-8906-587285F94FA6}: DhcpNameServer = 151.99.125.2 151.99.125.3
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
BHO-{D53B8DD0-C993-1DA5-C3BC-9D7665EBD278} - (no file)
Toolbar-Locked - (no file)
HKLM-Run-evhlzqxwntx - c:\windows\system32\oohfrsqyqehhmww.dll
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-2498602541-601839000-361440516-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-2498602541-601839000-361440516-1000)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.eml.14"
.
[HKEY_USERS\S-1-5-21-2498602541-601839000-361440516-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (S-1-5-21-2498602541-601839000-361440516-1000)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.vcf.14"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2012-03-08 15:19:46
ComboFix-quarantined-files.txt 2012-03-08 14:19
.
Pre-Run: 99.551.113.216 byte disponibili
Post-Run: 99.537.047.552 byte disponibili
.
- - End Of File - - 5EC4C1FC83A9D63CBFB3DDB6E49D7087

[Alex8080]

esatto

[rizzinicola]

e quindi? cosa dovrei fare ora? vi prego aiutatemi

[FrancescoFDAC]

Ciao, disinstalla Ask.com (toolbar + Updater)

Il problema permane?

[rizzinicola]

nei programmi non ce l'ho
come lo disinstallo?

[rizzinicola]

per favore aiutatemi sono disperato

[FrancescoFDAC]

Riesci ad accedere solo in provvisoria, vero?

Scarica Kaspersky TDSS Killer: http://support.kaspersky.com/downloads/ ... killer.exe
● posiziona il file scaricato sul Desktop
● clicca due volte sul file TDSSKiller.exe per avviare l'applicazione
● successivamente premi il pulsante Start scan

Nota - riguardo al programma:
● non cliccare sul pulsante Stop scan per nessun motivo, la scansione si interromperebbe

Giunti a questo punto, inizia la scansione del sistema alla ricerca di software malevolo:
● se viene trovato un file infetto, l'azione di default sarà Cure: clicca quindi su Continua
● se viene trovato un file sospetto, l'azione di default sarà Skip: clicca quindi su Continua
● se non viene rilevato nulla, chiudi semplicemente il programma al termine della scansione

Una volta terminata la scansione, si presenterà una di queste due opzioni:
● non è necessario il riavvio del sistema: allega il Report situato nel Disco Locale C:\, di nome TDSSKiller.[Version]_[Date]_[Time]_log.txt
● è necessario riavviare il sistema: clicca su Riavvia ora, infine allega il risultato della scansione (si trova nello stesso percorso menzionato poco fa')


E:

Scarica Kaspersky Virus Removal Tool: http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool
Nota - riguardo al programma:
● l'installer di Kaspersky Virus Removal Tool è costituito da un file di dimensioni maggiori di 100 mb: per cui, se hai una connessione non ADSL, armati di pazienza

Una volta scaricato ed installato il software:
● verrà creata una cartella sul Desktop, chiamata Virus Removal Tool
● verrà mostrata la schermata principale del tool: metti la spunta su tutte le voci disponibili
● clicca, in basso a destra, sul bottone Avvia scansione
● terminata la scansione, in caso di rilevazione di infezioni, clicca su Neutralizza tutto
● si apriranno delle finestre: potrai scegliere se Cancellare o Disinfettare
● metti la spunta su Applica a tutti e clicca su Quarantena
● clicca sul tasto Reports: salva il file di log sul Desktop, e allegalo
● alla chiusura del programma, Kaspersky Virus Removal Tool chiederà di essere rimosso: acconsenti

[rizzinicola]

questo è il report del primo file:


18:55:42.0485 1424 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
18:55:42.0532 1424 ============================================================
18:55:42.0532 1424 Current date / time: 2012/03/09 18:55:42.0532
18:55:42.0532 1424 SystemInfo:
18:55:42.0532 1424
18:55:42.0532 1424 OS Version: 6.1.7601 ServicePack: 1.0
18:55:42.0532 1424 Product type: Workstation
18:55:42.0532 1424 ComputerName: NICOLA-PC
18:55:42.0532 1424 UserName: Nicola
18:55:42.0532 1424 Windows directory: C:\Windows
18:55:42.0532 1424 System windows directory: C:\Windows
18:55:42.0532 1424 Processor architecture: Intel x86
18:55:42.0532 1424 Number of processors: 2
18:55:42.0532 1424 Page size: 0x1000
18:55:42.0532 1424 Boot type: Safe boot
18:55:42.0532 1424 ============================================================
18:55:44.0138 1424 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:55:44.0154 1424 Drive \Device\Harddisk1\DR1 - Size: 0xEEB00000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:55:44.0154 1424 \Device\Harddisk0\DR0:
18:55:44.0154 1424 MBR used
18:55:44.0154 1424 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A03C22, BlocksNum 0x32FCD
18:55:44.0154 1424 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A36BEF, BlocksNum 0x10FE2AC1
18:55:44.0154 1424 \Device\Harddisk1\DR1:
18:55:44.0154 1424 MBR used
18:55:44.0154 1424 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x7757E0
18:55:44.0279 1424 Initialize success
18:55:44.0279 1424 ============================================================
18:55:58.0428 1484 ============================================================
18:55:58.0428 1484 Scan started
18:55:58.0428 1484 Mode: Manual; SigCheck; TDLFS;
18:55:58.0428 1484 ============================================================
18:55:58.0880 1484 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
18:56:00.0253 1484 1394ohci - ok
18:56:00.0456 1484 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
18:56:00.0487 1484 ACPI - ok
18:56:00.0565 1484 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
18:56:00.0706 1484 AcpiPmi - ok
18:56:00.0908 1484 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
18:56:00.0955 1484 adp94xx - ok
18:56:01.0002 1484 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
18:56:01.0033 1484 adpahci - ok
18:56:01.0064 1484 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
18:56:01.0096 1484 adpu320 - ok
18:56:01.0205 1484 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
18:56:01.0298 1484 AFD - ok
18:56:01.0361 1484 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
18:56:01.0392 1484 agp440 - ok
18:56:01.0470 1484 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
18:56:01.0501 1484 aic78xx - ok
18:56:01.0610 1484 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
18:56:01.0642 1484 aliide - ok
18:56:01.0657 1484 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
18:56:01.0688 1484 amdagp - ok
18:56:01.0720 1484 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
18:56:01.0751 1484 amdide - ok
18:56:01.0782 1484 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
18:56:01.0860 1484 AmdK8 - ok
18:56:01.0876 1484 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
18:56:01.0922 1484 AmdPPM - ok
18:56:01.0969 1484 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
18:56:02.0000 1484 amdsata - ok
18:56:02.0047 1484 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
18:56:02.0078 1484 amdsbs - ok
18:56:02.0094 1484 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
18:56:02.0125 1484 amdxata - ok
18:56:02.0266 1484 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
18:56:02.0468 1484 AppID - ok
18:56:02.0656 1484 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
18:56:02.0687 1484 arc - ok
18:56:02.0702 1484 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
18:56:02.0749 1484 arcsas - ok
18:56:02.0796 1484 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
18:56:02.0999 1484 AsyncMac - ok
18:56:03.0155 1484 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
18:56:03.0186 1484 atapi - ok
18:56:03.0311 1484 athr (8d6e8178ab4379c932c34a109d27c5a9) C:\Windows\system32\DRIVERS\athr.sys
18:56:03.0467 1484 athr - ok
18:56:03.0685 1484 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
18:56:03.0748 1484 avgntflt - ok
18:56:03.0841 1484 avipbb (475fbb85956534720858ae72010c0a43) C:\Windows\system32\DRIVERS\avipbb.sys
18:56:03.0857 1484 avipbb - ok
18:56:03.0888 1484 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
18:56:03.0904 1484 avkmgr - ok
18:56:03.0997 1484 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
18:56:04.0060 1484 b06bdrv - ok
18:56:04.0122 1484 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
18:56:04.0169 1484 b57nd60x - ok
18:56:04.0309 1484 BCM43XX (f4d388dc3ff004aee886762d5cec7783) C:\Windows\system32\DRIVERS\bcmwl6.sys
18:56:04.0465 1484 BCM43XX - ok
18:56:04.0637 1484 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
18:56:04.0730 1484 Beep - ok
18:56:04.0840 1484 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
18:56:04.0886 1484 blbdrive - ok
18:56:04.0933 1484 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
18:56:04.0980 1484 bowser - ok
18:56:04.0996 1484 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:56:05.0058 1484 BrFiltLo - ok
18:56:05.0089 1484 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:56:05.0152 1484 BrFiltUp - ok
18:56:05.0230 1484 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
18:56:05.0292 1484 Brserid - ok
18:56:05.0323 1484 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
18:56:05.0370 1484 BrSerWdm - ok
18:56:05.0386 1484 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:56:05.0448 1484 BrUsbMdm - ok
18:56:05.0479 1484 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
18:56:05.0542 1484 BrUsbSer - ok
18:56:05.0557 1484 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
18:56:05.0604 1484 BTHMODEM - ok
18:56:05.0698 1484 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
18:56:05.0791 1484 cdfs - ok
18:56:05.0869 1484 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
18:56:05.0916 1484 cdrom - ok
18:56:06.0010 1484 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
18:56:06.0056 1484 circlass - ok
18:56:06.0103 1484 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
18:56:06.0150 1484 CLFS - ok
18:56:06.0306 1484 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
18:56:06.0353 1484 CmBatt - ok
18:56:06.0415 1484 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
18:56:06.0431 1484 cmdide - ok
18:56:06.0493 1484 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
18:56:06.0571 1484 CNG - ok
18:56:06.0618 1484 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
18:56:06.0649 1484 Compbatt - ok
18:56:06.0712 1484 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
18:56:06.0758 1484 CompositeBus - ok
18:56:06.0805 1484 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
18:56:06.0836 1484 crcdisk - ok
18:56:06.0946 1484 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
18:56:07.0008 1484 DfsC - ok
18:56:07.0070 1484 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
18:56:07.0164 1484 discache - ok
18:56:07.0242 1484 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
18:56:07.0258 1484 Disk - ok
18:56:07.0351 1484 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
18:56:07.0414 1484 drmkaud - ok
18:56:07.0538 1484 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:56:07.0570 1484 dtsoftbus01 - ok
18:56:07.0632 1484 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
18:56:07.0694 1484 DXGKrnl - ok
18:56:07.0850 1484 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
18:56:08.0022 1484 ebdrv - ok
18:56:08.0194 1484 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
18:56:08.0240 1484 elxstor - ok
18:56:08.0303 1484 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
18:56:08.0350 1484 ErrDev - ok
18:56:08.0428 1484 EUCR (d8e44d8daf4dac7dc6f8d14313eac823) C:\Windows\system32\DRIVERS\EUCR6SK.SYS
18:56:08.0459 1484 EUCR - ok
18:56:08.0521 1484 ewusbnet - ok
18:56:08.0584 1484 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
18:56:08.0662 1484 exfat - ok
18:56:08.0708 1484 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
18:56:08.0802 1484 fastfat - ok
18:56:08.0896 1484 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
18:56:08.0942 1484 fdc - ok
18:56:09.0005 1484 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
18:56:09.0036 1484 FileInfo - ok
18:56:09.0067 1484 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
18:56:09.0145 1484 Filetrace - ok
18:56:09.0223 1484 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
18:56:09.0254 1484 flpydisk - ok
18:56:09.0317 1484 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
18:56:09.0348 1484 FltMgr - ok
18:56:09.0410 1484 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
18:56:09.0442 1484 FsDepends - ok
18:56:09.0535 1484 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
18:56:09.0551 1484 fssfltr - ok
18:56:09.0613 1484 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
18:56:09.0629 1484 Fs_Rec - ok
18:56:09.0707 1484 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
18:56:09.0754 1484 fvevol - ok
18:56:09.0847 1484 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:56:09.0863 1484 gagp30kx - ok
18:56:09.0925 1484 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
18:56:09.0972 1484 hcw85cir - ok
18:56:10.0066 1484 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
18:56:10.0128 1484 HdAudAddService - ok
18:56:10.0190 1484 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
18:56:10.0253 1484 HDAudBus - ok
18:56:10.0315 1484 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
18:56:10.0362 1484 HidBatt - ok
18:56:10.0378 1484 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
18:56:10.0424 1484 HidBth - ok
18:56:10.0471 1484 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
18:56:10.0534 1484 HidIr - ok
18:56:10.0627 1484 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
18:56:10.0674 1484 HidUsb - ok
18:56:10.0768 1484 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
18:56:10.0799 1484 HpSAMD - ok
18:56:10.0877 1484 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
18:56:10.0970 1484 HTTP - ok
18:56:11.0017 1484 hwdatacard - ok
18:56:11.0080 1484 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
18:56:11.0111 1484 hwpolicy - ok
18:56:11.0158 1484 hwusbdev - ok
18:56:11.0189 1484 hwusbfake - ok
18:56:11.0282 1484 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
18:56:11.0329 1484 i8042prt - ok
18:56:11.0438 1484 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys
18:56:11.0470 1484 iaStor - ok
18:56:11.0532 1484 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
18:56:11.0563 1484 iaStorV - ok
18:56:11.0782 1484 igfx (ba41e1bba410212ce6d30e0dac47972b) C:\Windows\system32\DRIVERS\igdkmd32.sys
18:56:12.0031 1484 igfx - ok
18:56:12.0203 1484 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
18:56:12.0234 1484 iirsp - ok
18:56:12.0406 1484 IntcAzAudAddService (947318c01c648a054a05dbd1c7f73e3b) C:\Windows\system32\drivers\RTKVHDA.sys
18:56:12.0593 1484 IntcAzAudAddService - ok
18:56:12.0671 1484 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
18:56:12.0686 1484 intelide - ok
18:56:12.0733 1484 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
18:56:12.0780 1484 intelppm - ok
18:56:12.0842 1484 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:56:12.0920 1484 IpFilterDriver - ok
18:56:12.0998 1484 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
18:56:13.0045 1484 IPMIDRV - ok
18:56:13.0108 1484 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
18:56:13.0186 1484 IPNAT - ok
18:56:13.0248 1484 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
18:56:13.0342 1484 IRENUM - ok
18:56:13.0388 1484 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
18:56:13.0420 1484 isapnp - ok
18:56:13.0498 1484 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
18:56:13.0529 1484 iScsiPrt - ok
18:56:13.0622 1484 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
18:56:13.0654 1484 kbdclass - ok
18:56:13.0732 1484 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
18:56:13.0794 1484 kbdhid - ok
18:56:13.0888 1484 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
18:56:13.0919 1484 KSecDD - ok
18:56:13.0950 1484 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
18:56:13.0981 1484 KSecPkg - ok
18:56:14.0075 1484 L1C (4566fd5f4416e7fef3600e4b30d086c3) C:\Windows\system32\DRIVERS\L1C62x86.sys
18:56:14.0090 1484 L1C - ok
18:56:14.0200 1484 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
18:56:14.0278 1484 lltdio - ok
18:56:14.0324 1484 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:56:14.0356 1484 LSI_FC - ok
18:56:14.0387 1484 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:56:14.0418 1484 LSI_SAS - ok
18:56:14.0449 1484 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:56:14.0480 1484 LSI_SAS2 - ok
18:56:14.0512 1484 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:56:14.0543 1484 LSI_SCSI - ok
18:56:14.0590 1484 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
18:56:14.0683 1484 luafv - ok
18:56:14.0792 1484 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
18:56:14.0808 1484 megasas - ok
18:56:14.0855 1484 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
18:56:14.0886 1484 MegaSR - ok
18:56:14.0980 1484 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
18:56:15.0073 1484 Modem - ok
18:56:15.0151 1484 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
18:56:15.0214 1484 monitor - ok
18:56:15.0292 1484 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
18:56:15.0307 1484 mouclass - ok
18:56:15.0385 1484 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
18:56:15.0432 1484 mouhid - ok
18:56:15.0479 1484 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
18:56:15.0510 1484 mountmgr - ok
18:56:15.0572 1484 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
18:56:15.0604 1484 mpio - ok
18:56:15.0650 1484 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
18:56:15.0744 1484 mpsdrv - ok
18:56:15.0806 1484 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
18:56:15.0853 1484 MRxDAV - ok
18:56:15.0931 1484 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:56:16.0009 1484 mrxsmb - ok
18:56:16.0072 1484 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:56:16.0134 1484 mrxsmb10 - ok
18:56:16.0165 1484 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:56:16.0212 1484 mrxsmb20 - ok
18:56:16.0274 1484 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
18:56:16.0290 1484 msahci - ok
18:56:16.0352 1484 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
18:56:16.0384 1484 msdsm - ok
18:56:16.0462 1484 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
18:56:16.0540 1484 Msfs - ok
18:56:16.0571 1484 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
18:56:16.0633 1484 mshidkmdf - ok
18:56:16.0664 1484 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
18:56:16.0680 1484 msisadrv - ok
18:56:16.0789 1484 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
18:56:16.0883 1484 MSKSSRV - ok
18:56:16.0945 1484 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
18:56:17.0023 1484 MSPCLOCK - ok
18:56:17.0070 1484 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
18:56:17.0148 1484 MSPQM - ok
18:56:17.0195 1484 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
18:56:17.0226 1484 MsRPC - ok
18:56:17.0288 1484 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
18:56:17.0304 1484 mssmbios - ok
18:56:17.0366 1484 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
18:56:17.0460 1484 MSTEE - ok
18:56:17.0522 1484 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
18:56:17.0569 1484 MTConfig - ok
18:56:17.0616 1484 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
18:56:17.0632 1484 Mup - ok
18:56:17.0725 1484 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
18:56:17.0788 1484 NativeWifiP - ok
18:56:17.0866 1484 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
18:56:17.0928 1484 NDIS - ok
18:56:18.0006 1484 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
18:56:18.0100 1484 NdisCap - ok
18:56:18.0162 1484 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
18:56:18.0240 1484 NdisTapi - ok
18:56:18.0334 1484 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
18:56:18.0412 1484 Ndisuio - ok
18:56:18.0458 1484 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
18:56:18.0552 1484 NdisWan - ok
18:56:18.0599 1484 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
18:56:18.0677 1484 NDProxy - ok
18:56:18.0755 1484 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
18:56:18.0848 1484 NetBIOS - ok
18:56:18.0911 1484 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
18:56:18.0989 1484 NetBT - ok
18:56:19.0098 1484 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
18:56:19.0114 1484 nfrd960 - ok
18:56:19.0207 1484 nmwcd (cfe3462a9e94a57dcd9676f6b7fe7f67) C:\Windows\system32\drivers\ccdcmb.sys
18:56:19.0301 1484 nmwcd - ok
18:56:19.0332 1484 nmwcdc (8f2a94f991f8c73cec26b4b5620d1edc) C:\Windows\system32\drivers\ccdcmbo.sys
18:56:19.0441 1484 nmwcdc - ok
18:56:19.0535 1484 nmwcdnsu (99145c5d4b6c4d6f5ce83ee6abffe294) C:\Windows\system32\drivers\nmwcdnsu.sys
18:56:19.0613 1484 nmwcdnsu - ok
18:56:19.0660 1484 nmwcdnsuc (faee7b61c6885b091cec1ff06da2e1ab) C:\Windows\system32\drivers\nmwcdnsuc.sys
18:56:19.0753 1484 nmwcdnsuc - ok
18:56:19.0800 1484 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
18:56:19.0878 1484 Npfs - ok
18:56:19.0940 1484 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
18:56:20.0018 1484 nsiproxy - ok
18:56:20.0096 1484 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
18:56:20.0206 1484 Ntfs - ok
18:56:20.0252 1484 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
18:56:20.0330 1484 Null - ok
18:56:20.0393 1484 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
18:56:20.0440 1484 nvraid - ok
18:56:20.0471 1484 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
18:56:20.0502 1484 nvstor - ok
18:56:20.0549 1484 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
18:56:20.0564 1484 nv_agp - ok
18:56:20.0627 1484 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
18:56:20.0689 1484 ohci1394 - ok
18:56:20.0861 1484 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
18:56:20.0892 1484 Parport - ok
18:56:20.0954 1484 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
18:56:20.0986 1484 partmgr - ok
18:56:21.0001 1484 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
18:56:21.0048 1484 Parvdm - ok
18:56:21.0126 1484 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
18:56:21.0188 1484 pccsmcfd - ok
18:56:21.0251 1484 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
18:56:21.0282 1484 pci - ok
18:56:21.0329 1484 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
18:56:21.0360 1484 pciide - ok
18:56:21.0391 1484 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
18:56:21.0422 1484 pcmcia - ok
18:56:21.0485 1484 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
18:56:21.0516 1484 pcw - ok
18:56:21.0563 1484 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
18:56:21.0672 1484 PEAUTH - ok
18:56:21.0812 1484 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
18:56:21.0906 1484 PptpMiniport - ok
18:56:21.0968 1484 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
18:56:22.0015 1484 Processor - ok
18:56:22.0109 1484 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
18:56:22.0218 1484 Psched - ok
18:56:22.0312 1484 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
18:56:22.0405 1484 ql2300 - ok
18:56:22.0436 1484 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
18:56:22.0468 1484 ql40xx - ok
18:56:22.0530 1484 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
18:56:22.0577 1484 QWAVEdrv - ok
18:56:22.0608 1484 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
18:56:22.0702 1484 RasAcd - ok
18:56:22.0780 1484 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:56:22.0858 1484 RasAgileVpn - ok
18:56:22.0904 1484 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:56:22.0982 1484 Rasl2tp - ok
18:56:23.0045 1484 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
18:56:23.0123 1484 RasPppoe - ok
18:56:23.0170 1484 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
18:56:23.0263 1484 RasSstp - ok
18:56:23.0326 1484 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
18:56:23.0419 1484 rdbss - ok
18:56:23.0466 1484 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
18:56:23.0513 1484 rdpbus - ok
18:56:23.0560 1484 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:56:23.0638 1484 RDPCDD - ok
18:56:23.0700 1484 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
18:56:23.0778 1484 RDPENCDD - ok
18:56:23.0825 1484 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
18:56:23.0903 1484 RDPREFMP - ok
18:56:23.0950 1484 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
18:56:24.0028 1484 RDPWD - ok
18:56:24.0106 1484 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
18:56:24.0152 1484 rdyboost - ok
18:56:24.0277 1484 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
18:56:24.0371 1484 rspndr - ok
18:56:24.0464 1484 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
18:56:24.0496 1484 sbp2port - ok
18:56:24.0558 1484 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
18:56:24.0636 1484 scfilter - ok
18:56:24.0683 1484 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:56:24.0745 1484 secdrv - ok
18:56:24.0808 1484 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
18:56:24.0839 1484 Serenum - ok
18:56:24.0870 1484 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
18:56:24.0901 1484 Serial - ok
18:56:24.0964 1484 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
18:56:25.0010 1484 sermouse - ok
18:56:25.0151 1484 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
18:56:25.0182 1484 sffdisk - ok
18:56:25.0213 1484 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
18:56:25.0260 1484 sffp_mmc - ok
18:56:25.0291 1484 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
18:56:25.0354 1484 sffp_sd - ok
18:56:25.0416 1484 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
18:56:25.0447 1484 sfloppy - ok
18:56:25.0494 1484 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
18:56:25.0525 1484 sisagp - ok
18:56:25.0572 1484 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:56:25.0603 1484 SiSRaid2 - ok
18:56:25.0634 1484 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
18:56:25.0666 1484 SiSRaid4 - ok
18:56:25.0728 1484 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
18:56:25.0806 1484 Smb - ok
18:56:25.0853 1484 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
18:56:25.0884 1484 spldr - ok
18:56:26.0009 1484 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
18:56:26.0087 1484 srv - ok
18:56:26.0134 1484 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
18:56:26.0196 1484 srv2 - ok
18:56:26.0227 1484 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
18:56:26.0274 1484 srvnet - ok
18:56:26.0383 1484 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
18:56:26.0399 1484 ssmdrv - ok
18:56:26.0430 1484 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
18:56:26.0461 1484 stexstor - ok
18:56:26.0508 1484 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
18:56:26.0539 1484 swenum - ok
18:56:26.0586 1484 SynTP (5cdd124913e91c7f79b4d5cae1c7c4de) C:\Windows\system32\DRIVERS\SynTP.sys
18:56:26.0617 1484 SynTP - ok
18:56:26.0742 1484 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
18:56:26.0867 1484 Tcpip - ok
18:56:26.0960 1484 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
18:56:27.0023 1484 TCPIP6 - ok
18:56:27.0101 1484 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
18:56:27.0194 1484 tcpipreg - ok
18:56:27.0272 1484 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
18:56:27.0366 1484 TDPIPE - ok
18:56:27.0413 1484 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
18:56:27.0491 1484 TDTCP - ok
18:56:27.0553 1484 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
18:56:27.0647 1484 tdx - ok
18:56:27.0694 1484 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
18:56:27.0725 1484 TermDD - ok
18:56:27.0834 1484 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:56:27.0912 1484 tssecsrv - ok
18:56:28.0006 1484 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
18:56:28.0052 1484 TsUsbFlt - ok
18:56:28.0162 1484 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
18:56:28.0240 1484 tunnel - ok
18:56:28.0302 1484 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
18:56:28.0318 1484 uagp35 - ok
18:56:28.0380 1484 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
18:56:28.0474 1484 udfs - ok
18:56:28.0536 1484 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
18:56:28.0567 1484 uliagpkx - ok
18:56:28.0645 1484 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
18:56:28.0692 1484 umbus - ok
18:56:28.0786 1484 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
18:56:28.0832 1484 UmPass - ok
18:56:28.0895 1484 upperdev (ec01da44b090d2651fc032c8b9257232) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
18:56:28.0973 1484 upperdev - ok
18:56:29.0035 1484 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
18:56:29.0066 1484 usbccgp - ok
18:56:29.0144 1484 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
18:56:29.0176 1484 usbcir - ok
18:56:29.0222 1484 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
18:56:29.0254 1484 usbehci - ok
18:56:29.0332 1484 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
18:56:29.0378 1484 usbhub - ok
18:56:29.0425 1484 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
18:56:29.0472 1484 usbohci - ok
18:56:29.0550 1484 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
18:56:29.0597 1484 usbprint - ok
18:56:29.0690 1484 usbser (31181de6190b39fc8007dffd1a48ffd6) C:\Windows\system32\drivers\usbser.sys
18:56:29.0737 1484 usbser - ok
18:56:29.0784 1484 UsbserFilt (4abd37cfbd710e64f01f9da8710c73f7) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
18:56:29.0846 1484 UsbserFilt - ok
18:56:29.0909 1484 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:56:29.0971 1484 USBSTOR - ok
18:56:30.0018 1484 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
18:56:30.0080 1484 usbuhci - ok
18:56:30.0158 1484 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
18:56:30.0221 1484 usbvideo - ok
18:56:30.0299 1484 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
18:56:30.0330 1484 vdrvroot - ok
18:56:30.0392 1484 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
18:56:30.0455 1484 vga - ok
18:56:30.0502 1484 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
18:56:30.0580 1484 VgaSave - ok
18:56:30.0626 1484 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
18:56:30.0658 1484 vhdmp - ok
18:56:30.0751 1484 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
18:56:30.0782 1484 viaagp - ok
18:56:30.0814 1484 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
18:56:30.0860 1484 ViaC7 - ok
18:56:30.0876 1484 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
18:56:30.0907 1484 viaide - ok
18:56:30.0970 1484 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
18:56:30.0985 1484 volmgr - ok
18:56:31.0048 1484 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
18:56:31.0079 1484 volmgrx - ok
18:56:31.0157 1484 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
18:56:31.0188 1484 volsnap - ok
18:56:31.0266 1484 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
18:56:31.0297 1484 vsmraid - ok
18:56:31.0375 1484 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
18:56:31.0422 1484 vwifibus - ok
18:56:31.0500 1484 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
18:56:31.0547 1484 vwififlt - ok
18:56:31.0594 1484 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
18:56:31.0640 1484 vwifimp - ok
18:56:31.0734 1484 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
18:56:31.0765 1484 WacomPen - ok
18:56:31.0828 1484 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:56:31.0906 1484 WANARP - ok
18:56:31.0906 1484 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:56:31.0984 1484 Wanarpv6 - ok
18:56:32.0046 1484 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
18:56:32.0077 1484 Wd - ok
18:56:32.0124 1484 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:56:32.0171 1484 Wdf01000 - ok
18:56:32.0296 1484 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
18:56:32.0374 1484 WfpLwf - ok
18:56:32.0405 1484 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
18:56:32.0420 1484 WIMMount - ok
18:56:32.0592 1484 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
18:56:32.0639 1484 WinUsb - ok
18:56:32.0748 1484 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
18:56:32.0795 1484 WmiAcpi - ok
18:56:32.0888 1484 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
18:56:32.0982 1484 ws2ifsl - ok
18:56:33.0060 1484 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
18:56:33.0138 1484 WudfPf - ok
18:56:33.0216 1484 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:56:33.0310 1484 WUDFRd - ok
18:56:33.0372 1484 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:56:33.0637 1484 \Device\Harddisk0\DR0 - ok
18:56:33.0653 1484 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
18:56:33.0871 1484 \Device\Harddisk1\DR1 - ok
18:56:33.0887 1484 Boot (0x1200) (0699e1621108d0240c430f70a52a1edc) \Device\Harddisk0\DR0\Partition0
18:56:33.0887 1484 \Device\Harddisk0\DR0\Partition0 - ok
18:56:33.0902 1484 Boot (0x1200) (ad741c242f312039ce8030d0f1dc3933) \Device\Harddisk0\DR0\Partition1
18:56:33.0902 1484 \Device\Harddisk0\DR0\Partition1 - ok
18:56:33.0918 1484 Boot (0x1200) (95c3f4ef9c2552751a8c5c08978f5b58) \Device\Harddisk1\DR1\Partition0
18:56:33.0918 1484 \Device\Harddisk1\DR1\Partition0 - ok
18:56:33.0918 1484 ============================================================
18:56:33.0918 1484 Scan finished
18:56:33.0918 1484 ============================================================
18:56:33.0949 1476 Detected object count: 0
18:56:33.0949 1476 Actual detected object count: 0
18:59:35.0518 1408 Deinitialize success

[rizzinicola]

e questo è il report del virus tool spero si capisca:

Results of system analysis

Kaspersky Virus Removal Tool 11.0.0.1245 (database released 09/03/2012; 03:33)

List of processes

File name PID Description Copyright MD5 Information
Detected:67, recognized as trusted 67
Module name Handle Description Copyright MD5 Used by processes
Modules detected:560, recognized as trusted 560
Kernel Space Modules Viewer

Module Base address Size in memory Description Manufacturer
C:\Windows\System32\Drivers\dump_dumpfve.sys
Script: Quarantine, Delete, BC delete 80F3F000 011000 (69632)
C:\Windows\System32\Drivers\dump_iaStor.sys
Script: Quarantine, Delete, BC delete 8B65B000 0DA000 (892928)
Modules detected - 187, recognized as trusted - 185
Services

Service Description Status File Group Dependencies
Detected - 151, recognized as trusted - 151
Drivers

Service Description Status File Group Dependencies
ewusbnet
Driver: Unload, Delete, Disable, BC delete HUAWEI USB-NDIS miniport Not started C:\Windows\system32\DRIVERS\ewusbnet.sys
Script: Quarantine, Delete, BC delete NDIS
hwdatacard
Driver: Unload, Delete, Disable, BC delete Huawei DataCard USB Modem and USB Serial Not started C:\Windows\system32\DRIVERS\ewusbmdm.sys
Script: Quarantine, Delete, BC delete
hwusbdev
Driver: Unload, Delete, Disable, BC delete Huawei DataCard USB PNP Device Not started C:\Windows\system32\DRIVERS\ewusbdev.sys
Script: Quarantine, Delete, BC delete
hwusbfake
Driver: Unload, Delete, Disable, BC delete Huawei DataCard USB Fake Not started C:\Windows\system32\DRIVERS\ewusbfake.sys
Script: Quarantine, Delete, BC delete
Detected - 261, recognized as trusted - 257
Autoruns

File name Status Startup method Description
C:\Program Files\Common Files\Microsoft Shared\DW\DW.EXE
Script: Quarantine, Delete, BC delete -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft Visual Studio Tools for Applications, EventMessageFile
C:\Users\Nicola\AppData\Local\Temp\NEventMessages.dll
Script: Quarantine, Delete, BC delete -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Nokia M Platform, EventMessageFile
C:\Users\Nicola\AppData\Local\Temp\_uninst_81817423.bat
Script: Quarantine, Delete, BC delete Active Shortcut in Autoruns folder C:\Users\Nicola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\, C:\Users\Nicola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_81817423.lnk,
C:\Windows\system32\psxss.exe
Script: Quarantine, Delete, BC delete -- Registry key HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Posix
progman.exe
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, shell
Delete
rdpclip
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd, StartupPrograms
Delete
vgafix.fon
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, fixedfon.fon
Delete
vgaoem.fon
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, oemfonts.fon
Delete
vgasys.fon
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, fonts.fon
Delete
Autoruns items detected - 633, recognized as trusted - 624
Microsoft Internet Explorer extension modules (BHOs, Toolbars ...)

File name Type Description Manufacturer CLSID
BHO {D53B8DD0-C993-1DA5-C3BC-9D7665EBD278}
Delete
Extension module {0000036B-C524-4050-81A0-243669A86B9F}
Delete
Extension module {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}
Delete
Extension module {2670000A-7350-4f3c-8081-5663EE0C6C49}
Delete
Extension module {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
Delete
Elements detected - 13, recognized as trusted - 8
Windows Explorer extension modules

File name Destination Description Manufacturer CLSID
WLMD Message Handler {0563DB41-F538-4B37-A92D-4659049B7766}
Delete
Context Menu Shell Extension {84058084-7609-44D1-B3CC-7A9436CB6D92}
Delete
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Delete
Elements detected - 45, recognized as trusted - 42
Printing system extensions (print monitors, providers)

File name Type Name Description Manufacturer
Elements detected - 8, recognized as trusted - 8
Task Scheduler jobs

File name Job name Job status Description Manufacturer
Elements detected - 0, recognized as trusted - 0
SPI/LSP settings

Namespace providers (NSP)
Provider Status EXE file Description GUID
Detected - 8, recognized as trusted - 8
Transport protocol providers (TSP, LSP)
Provider EXE file Description
Detected - 24, recognized as trusted - 24
Results of automatic SPI settings check
LSP settings checked. No errors detected
TCP/UDP ports

Port Status Remote Host Remote Port Application Notes
TCP ports
135 LISTENING 0.0.0.0 0 [820] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
139 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
445 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
1688 LISTENING 0.0.0.0 0 [1928] c:\windows\kmservice.exe
Script: Quarantine, Delete, BC delete, Terminate
5357 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
49152 LISTENING 0.0.0.0 0 [520] c:\windows\system32\wininit.exe
Script: Quarantine, Delete, BC delete, Terminate
49153 LISTENING 0.0.0.0 0 [916] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
49154 LISTENING 0.0.0.0 0 [1000] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
49155 LISTENING 0.0.0.0 0 [624] c:\windows\system32\lsass.exe
Script: Quarantine, Delete, BC delete, Terminate
49156 LISTENING 0.0.0.0 0 [616] c:\windows\system32\services.exe
Script: Quarantine, Delete, BC delete, Terminate
UDP ports
137 LISTENING -- -- [4] System
Script: Quarantine, Delete, BC delete, Terminate
138 LISTENING -- -- [4] System
Script: Quarantine, Delete, BC delete, Terminate
500 LISTENING -- -- [1000] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1900 LISTENING -- -- [3260] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1900 LISTENING -- -- [3260] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
3702 LISTENING -- -- [1136] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
3702 LISTENING -- -- [1136] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
3702 LISTENING -- -- [3260] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
3702 LISTENING -- -- [3260] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4500 LISTENING -- -- [1000] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
5355 LISTENING -- -- [1256] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
65338 LISTENING -- -- [3020] c:\program files\windows sidebar\sidebar.exe
Script: Quarantine, Delete, BC delete, Terminate
65339 LISTENING -- -- [3260] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
65341 LISTENING -- -- [1136] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
65344 LISTENING -- -- [3260] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
65345 LISTENING -- -- [3260] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
Downloaded Program Files (DPF)

File name Description Manufacturer CLSID Source URL
Elements detected - 4, recognized as trusted - 4
Control Panel Applets (CPL)

File name Description Manufacturer
Elements detected - 22, recognized as trusted - 22
Active Setup

File name Description Manufacturer CLSID
Elements detected - 9, recognized as trusted - 9
HOSTS file

Hosts file record
Protocols and handlers

File name Type Description Manufacturer CLSID
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
Elements detected - 19, recognized as trusted - 16
Suspicious objects

File Description Type
C:\Windows\system32\DRIVERS\6088245drv.sys
Script: Quarantine, Delete, BC delete Suspicion for Rootkit Kernel-mode hook

Main script of analysis
Windows version: Windows 7 Starter, Build=7601, SP="Service Pack 1"
System Restore: enabled
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
IAT modification detected: CreateProcessA - 005E0010<>75D82082
IAT modification detected: GetModuleFileNameA - 005E0080<>75DCD75A
IAT modification detected: FreeLibrary - 005E00F0<>75DCEF67
IAT modification detected: GetModuleFileNameW - 005E0160<>75DCEF35
IAT modification detected: CreateProcessW - 005E01D0<>75D8204D
IAT modification detected: LoadLibraryW - 005E02B0<>75DCEF42
IAT modification detected: LoadLibraryA - 005E0320<>75DCDC65
IAT modification detected: GetProcAddress - 005E0390<>75DCCC94
Analysis: ntdll.dll, export table found in section .text
Analysis: user32.dll, export table found in section .text
Analysis: advapi32.dll, export table found in section .text
Analysis: ws2_32.dll, export table found in section .text
Analysis: wininet.dll, export table found in section .text
Analysis: rasapi32.dll, export table found in section .text
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
Driver loaded successfully
SDT found (RVA=15FA80)
Kernel ntoskrnl.exe found in memory at address 81C0F000
SDT = 81D6EA80
KiST = 81C6B72C (401)
Function NtAdjustPrivilegesToken (0C) intercepted (81E7A17A->AA990E36), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtAlpcConnectPort (16) intercepted (81E2C1A3->AA993074), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtAlpcCreatePort (17) intercepted (81E74B00->AA9932EE), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtAlpcSendWaitReceivePort (27) intercepted (81E5BB6B->AA993564), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtClose (32) intercepted (81E53776->AA99174A), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtConnectPort (3B) intercepted (81E489EC->AA99257E), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtCreateEvent (40) intercepted (81E3BA33->AA992AC8), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtCreateFile (42) intercepted (81E5A50F->AA991A26), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtCreateMutant (4A) intercepted (81E7B07E->AA9929AE), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtCreateNamedPipeFile (4B) intercepted (81E7E637->AA990A24), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtCreatePort (4D) intercepted (81E79BE7->AA992882), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtCreateSection (54) intercepted (81E6277E->AA990BCC), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtCreateSemaphore (55) intercepted (81E3A355->AA992BE8), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtCreateThread (57) intercepted (81EE1592->AA9913D0), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtCreateThreadEx (58) intercepted (81E6A6A7->AA9914CE), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtCreateUserProcess (5D) intercepted (81E32B1E->AA9937AE), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtCreateWaitablePort (5E) intercepted (81DA354F->AA992918), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtDebugActiveProcess (60) intercepted (81EB3D48->AA9942D6), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtDeviceIoControlFile (6B) intercepted (81E1CDD5->AA991EA8), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtDuplicateObject (6F) intercepted (81E6675B->AA9954E4), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtFsControlFile (86) intercepted (81E52DC8->AA991CB6), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtLoadDriver (9B) intercepted (81DB03C4->AA9943C8), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtMapViewOfSection (A8) intercepted (81E45A13->AA994B30), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtOpenEvent (B1) intercepted (81E3BE1C->AA992B5E), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtOpenFile (B3) intercepted (81E6577E->AA9917CC), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtOpenMutant (BB) intercepted (81E5C82A->AA992A3E), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtOpenProcess (BE) intercepted (81E27E3F->AA991074), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtOpenSection (C2) intercepted (81E748A0->AA9948CA), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtOpenSemaphore (C3) intercepted (81DDD12C->AA992C7E), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtOpenThread (C6) intercepted (81E7D9A8->AA990F64), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtQueryDirectoryObject (E0) intercepted (81E21F90->AA993868), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtQuerySection (FE) intercepted (81E3A244->AA994E6A), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtQueueApcThread (10D) intercepted (81DF6911->AA99475C), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtReplaceKey (124) intercepted (81EA18D2->AA98F6DE), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtReplyPort (126) intercepted (81E4E57C->AA992FE2), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtReplyWaitReceivePort (127) intercepted (81E6AAB8->AA992EA8), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtRequestWaitReplyPort (12B) intercepted (81E2A475->AA994070), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtRestoreKey (12E) intercepted (81E95FC2->AA98FA56), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtResumeThread (130) intercepted (81E37D9B->AA995386), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtSaveKey (135) intercepted (81E961C0->AA98F676), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtSecureConnectPort (138) intercepted (81E3A456->AA9922C4), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtSetContextThread (13C) intercepted (81EE2697->AA9915EC), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtSetInformationToken (150) intercepted (81E51311->AA99390A), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtSetSecurityObject (15B) intercepted (81E58A1E->AA994566), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtSetSystemInformation (15E) intercepted (81DF359C->AA994FBA), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtSuspendProcess (16E) intercepted (81EE3253->AA9950AC), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtSuspendThread (16F) intercepted (81E9D1E3->AA9951E6), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtSystemDebugControl (170) intercepted (81DF7924->AA9941FA), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtTerminateProcess (172) intercepted (81E2831E->AA99121A), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtTerminateThread (173) intercepted (81E3F7DC->AA991170), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtUnmapViewOfSection (181) intercepted (81E683AE->AA994D0E), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtWriteVirtualMemory (18F) intercepted (81E5813B->AA991306), hook C:\Windows\system32\DRIVERS\6088245drv.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Functions checked: 401, intercepted: 52, restored: 52
1.3 Checking IDT and SYSENTER
Analysis for CPU 1
Analysis for CPU 2
CmpCallCallBacks = 00000000
Checking IDT and SYSENTER - complete
1.4 Searching for masking processes and drivers
Checking not performed: extended monitoring driver (AVZPM) is not installed
1.5 Checking of IRP handlers
Driver loaded successfully
Checking - complete
>> Services: potentially dangerous service allowed: TermService (Servizi Desktop remoto)
>> Services: potentially dangerous service allowed: SSDPSRV (Individuazione SSDP)
>> Services: potentially dangerous service allowed: Schedule (Utilitа di pianificazione)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
>> Disable HDD autorun
>> Disable autorun from network drives
>> Disable CD/DVD autorun
>> Disable removable media autorun
>> Windows Explorer - show extensions of known file types
System Analysis in progress

System Analysis - complete


Script commands


Add commands to script:
Blocking hooks using Anti-Rootkit
Enable AVZGuard
Operations with AVZPM (true=enable,false=disable)
BootCleaner - import list of deleted files
BootCleaner - import all
Registry cleanup after deleting files
ExecuteWizard ('TSW',2,3,true) - Running Troubleshooting wizard
BootCleaner - activate
Reboot
Insert template for QuarantineFile() - quarantining file
Insert template for BC_QrFile() - quarantining file via BootCleaner
Insert template for DeleteFile() - deleting file
Insert template for DelCLSID() - deleting CLSID item from registry
Additional operations:
Performance tweaking: disable service TermService (Servizi Desktop remoto)
Performance tweaking: disable service SSDPSRV (Individuazione SSDP)
Performance tweaking: disable service Schedule (Utilitа di pianificazione)
Security tweaking: disable CD autorun
Security tweaking: disable administrative shares
Security tweaking: disable anonymous user access
Security: disable sending Remote Assistant queries

File list

[FrancescoFDAC]

Ciao. Hai sempre Gli stessi problemi?

[rizzinicola]

Ciao. Hai sempre Gli stessi problemi?

sì aiutatemi per favore

[FrancescoFDAC]

Il tuo PC è impestato di Rootkit, non so se potremo salvarlo dalla formattazione.

Vediamo se c'è Zero Access:
Scarica Anti Zero Access: http://anywhere.webrootcloudav.com/antizeroaccess.exe
● posiziona il file scaricato sul Desktop
● avvia il programma con un doppio click
● clicca Y e poi batti Invio, per avviare la scansione
● finita la scansione dovrebbe rilevare (se presente nel tuo sistema) il Rootkit ZeroAccess
● allega il report

Scarica ESET Sirefef Remover: http://download.eset.com/special/encycl ... emover.exe
● posiziona il file scaricato sul Desktop
● avvia il programma con un doppio click
● segui le istruzioni che verranno rilasciate per completare l'operazione di rimozione del Rootkit ZeroAccess
● comunica se il rootkit è stato rilevato o meno dal tool

Nota: nelle ultime varianti, l'infezione accennata oltre ad infettare l'MBR, e creare una partizione di pochi MB nascosta nel Disco rigido, ha il brutto vizio di distruggere la connessione ad Internet.

Quindi, se aprendo Gestione Disco in questo modo:
"Clicca sul pulsante Start, scegli Pannello di controllo, Sistema e manutenzione, Strumenti di amministrazione e quindi fai doppio click su Gestione computer. Se viene chiesto di specificare una password di amministratore o di confermare, digita la password o conferma.
Nel riquadro di spostamento clicca su Gestione disco"

Se ti ritrovi una partizione di pochi MegaByte (da 2 a 10 per intenderci) fammelo sapere nel tuo prossimo messaggio, allegando una immagine esplicativa.

[rizzinicola]

Ciao. Hai sempre Gli stessi problemi?

con Anti Zero Access mi dice alla fine della scansione che non c'è nessun rootkit nel mio sistema