Condividi:        

Tutto nel PC è sparito nel nulla

Risolvi qui i tuoi problemi legati a Windows '95, '98, ME, NT, 2000, XP, 2003, Vista...

Moderatori: m.paolo, antoo69, -> EleKtrA <-

Tutto nel PC è sparito nel nulla

Postdi popy91 » 22/04/12 20:16

Buonasera amici, vi scrivo mentre (a stento) cerco di non farmi prendere da una crisi di nervi. Vi spiego cosa è successo.

Stasera volevo creare una rete fra il mio PC ed il nuovo MacBook (dal quale scrivo), in modo da poter modificare i file presenti sul fisso anche quando ero dal portatile.
Provo svariati metodi per crearla fra quelli trovati in internet, ma niente. In uno mi dice che l'indirizzo IP non è corretto, con un altro non mi ci metto neanche perché la laurea in ingegneria non la ho ed, anzi, è già tanto se capisco come accendere l'abat-jour, ecc.
Tutto questo finché non trovo una guida che mi sembra semplice pure per me, ovvero quella qui presente: http://www.tuttologia.com/mac/2011/12/l ... -mac-e-pc/
Nonostante tutto però, ho i problemi anche con questo metodo.

Sconsolato, decido di arrendermi e di eliminare la rete creata (Z:), siccome dal MacBook non la vedevo.

Per eliminarla però (il danno credo sia stato questo), una volta effettuato il percorso cartella>proprietà>condivisione>condividi... ho selezionato, pensando di eliminare la rete, sotto alla scritta "nome" la riga dove era presente il nome del mio PC (che era anche il nome della nuova rete!) ed ho premuto Canc.

Improvvisamente il PC si riavvia ed una volta acceso trovo tutto come se il PC fosse stato appena comprato. Quindi mi metto a piangere.

Decido di effettuare un punto di ripristino. Impiega circa dieci minuti per farlo, il PC si riavvia di nuovo e quando si accende vedo uno sfondo del desktop tutto nero, con però tutte le cartelle che c'erano fino ad un'ora fa. Ringrazio gli dei. Al momento però di aprire le cartelle, niente... tutte vuote. Gli unici file presenti sono quelli nel desktop, che però se ci clicc o sopra mi danno errore, ed i collegamenti, che non si aprono.

Le uniche cose che riesco a vedere sono i film che tenevo in E: (non in C:).
In E: è altresì presente quello che credo sia il backup automatico che il PC faceva.

Sapete dirmi cosa fare? Non so spiegarvi il mio livello di disperazione, è una settimana che faccio riassunti per gli esami ed ho perso tutto...

Vi prego, aiutatemi. Il PC ha Windows 7.
popy91
Utente Junior
 
Post: 58
Iscritto il: 16/05/07 14:41

Sponsor
 

Re: Tutto nel PC è sparito nel nulla

Postdi popy91 » 23/04/12 06:48

Aggiungo informazioni:

Stanotte ho lasciato il PC acceso in modo che effettuasse il ripristino da backup (cioè quello presente in E:, che ha effettuato ieri sera alle 19) ma stamattina ho trovato tutto fermo perché mi diceva che non c'era più spazio disponibile (in E:... ma non dovrebbe ripristinare tutto in C: anche se il backup è stato fatto in E:?!).
PASSO INDIETRO: Sono furbo e ieri sera ho cliccato su Esegui backup, invece che su Ripristina file personali... Stamattina ho provato a cliccare su Ripristina file personali ma niente, scelgo il backup in E:, fa tutto e tutto rimane come prima.

Altra cosa che ho notato è che se vado in computer, sotto a C: c'è scritto: "156 GB disponibile su 465 GB" ... Adesso, a me sembra un po' strano che ci sia così tanta memoria occupata nonostante non ci siano file nel PC... no?
Ho cercato su Google e alla voce "file scomparsi ma presenti" ci sono parecchi risultati. Ditemi che può essere il mio caso, vi prego.
popy91
Utente Junior
 
Post: 58
Iscritto il: 16/05/07 14:41

Re: Tutto nel PC è sparito nel nulla

Postdi popy91 » 23/04/12 06:55

Altra cosa:

Se apro il Menù e vado su Cerca programmi e file, non trova niente in nessun caso. Se poi clicc o Ulteriori risultati mi dice "Impossibile accedere al dispositivo, al percorso o al file specificato. E' probabile che non si disponga delle autorizzazioni necessarie."

Inoltre se sempre dal menu clicc o su Documenti, Immagini, Musica ecc. non mi apre niente, ma devo andarci attraverso la cartella Computer che è l'unica che mi apre.
popy91
Utente Junior
 
Post: 58
Iscritto il: 16/05/07 14:41

Re: Tutto nel PC è sparito nel nulla

Postdi FrancescoFDAC » 23/04/12 12:26

Scarica Unhide: http://download.bleepingcomputer.com/grinler/unhide.exe
● posiziona il file scaricato sul Desktop
● esegui il programma con un doppio click
● attendi pazientemente il termine della scansione
● clicca sul pulsante OK
riavvia il sistema
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: Tutto nel PC è sparito nel nulla

Postdi popy91 » 23/04/12 13:39

Grazie Francesco, cosa farebbe questo programma? Appena torno a casa faccio tutto.

Cmq revoco quanto detto: dopo il Ripristino dei file personali, se vado in C: vedo tutti i file (musica, immagini, video, documenti office) però con un simboletto strano sopra che mi sembra voglia dire che devo aprire i file come amministratore (appena arrivo a casa vi mando lo screenshot).

Quindi il pericolo di aver perso tutto pare scampato, il problema adesso è che cmq per aprire i documenti devo passare da Computer, perché se clicco sulle icone del desktop non succede niente; internet inoltre da lì non funziona.
popy91
Utente Junior
 
Post: 58
Iscritto il: 16/05/07 14:41

Re: Tutto nel PC è sparito nel nulla

Postdi popy91 » 23/04/12 16:13

Il simbolo di cui parlavo è un lucchetto sopra l'icona che fa sì che venga chiesta l'autorizzazione. Tutta via non è presente in tutte le cartelle (non so in base a quale principio oO).

I problemi ad ora sono quindi:
-internet non va
-non riesco ad aprire i programmi dal pannello menù
-per accedere ai file devo passare per Computer>C:
-riesco ad aprire solo i file nella cui icona compare il lucchetto, gli altri no (tranne qualche eccezione che non si capisce, forse per il formato...?)

Prima di usare quel programma, Francesco, copio le cose importanti su hard disk esterno, non si sa mai viste le mie abilità informatiche...
popy91
Utente Junior
 
Post: 58
Iscritto il: 16/05/07 14:41

Re: Tutto nel PC è sparito nel nulla

Postdi popy91 » 24/04/12 18:43

FRANCESCO MA IO TI AMO VIOLENTEMENTE!!! Fatti dare un bacioooooooooooooooooooooooooooo :D
popy91
Utente Junior
 
Post: 58
Iscritto il: 16/05/07 14:41

Re: Tutto nel PC è sparito nel nulla

Postdi popy91 » 24/04/12 20:43

Purtroppo al riavvio tutto è tornato come prima. :( Che posso fare?
Qui mi sa che vengo preso per deficiente perché sto facendo solo dei gran monologhi.. <3
popy91
Utente Junior
 
Post: 58
Iscritto il: 16/05/07 14:41

Re: Tutto nel PC è sparito nel nulla

Postdi FrancescoFDAC » 25/04/12 13:16

Strano che Unhide non abbia funzionato.
Prova a riavviare nuovamente, ed a rieseguirlo ancora una volta.

Francesco
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: Tutto nel PC è sparito nel nulla

Postdi popy91 » 25/04/12 13:23

Ho provato due volte ma niente, quando riaccendo tutto come prima, magari provo a farlo in modalità provvisoria?
popy91
Utente Junior
 
Post: 58
Iscritto il: 16/05/07 14:41

Re: Tutto nel PC è sparito nel nulla

Postdi FrancescoFDAC » 25/04/12 13:48

Prova in provvisoria.
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: Tutto nel PC è sparito nel nulla

Postdi popy91 » 26/04/12 07:53

Ieri ho lanciato Unhide in modalità provvisoria, dopo ho riavviato e mi sono ritrovato sul desktop non so come un programma dal nome SMART_HDD. Da quel che ho capito è un virus che si finge antivirus... Ieri sera ho fatto andare il mio antivirus dopo aver lanciato Rkill (letto in un blog) e mentre scansionava ho visto che l'icona di questo SMART_HDD era sparita dal desktop. Ma stamattina rieccolo che mi riempie di messaggi... Che odissea...

Dite che dovrei aprire un nuovo topic per capire come debellare questo pirlone?

PS: Ho toccato tante di quelle cose che adesso le icone sul desktop ci sono, anche se la metà sono più chiare, mezze trasparenti... Ma comunque per andare nelle varie cartelle devo sempre passare per C: e poi per Utenti ecc... e adesso pure lì la maggior parte delle cartelle e dei file hanno le icone chiare.
Non so, è meglio risolvere prima il problema del virus e poi pensare al problema iniziale?

Gracias
popy91
Utente Junior
 
Post: 58
Iscritto il: 16/05/07 14:41

Re: Tutto nel PC è sparito nel nulla

Postdi FrancescoFDAC » 26/04/12 12:26

Scarica ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
● posiziona il file scaricato sul Desktop
disattiva l'Antivirus in uso, dall'icona presente sulla Traybar (accanto all'orologio di Windows)
disattiva il Firewall eventualmente installato, dall'icona presente sulla Traybar (accanto all'orologio di Windows)

Eseguiti i passaggi indicati sopra:
● lancia ComboFix con un doppio click
● una volta avviato clicca il pulsante Accetto: conferma cliccando Ok due volte
● segui le istruzioni che verranno rilasciate per eseguire la scansione:
"Tipicamente non impiega più di 10 minuti
Su pc molto infetti il tempo di scansione può raddoppiare facilmente"
● nel caso tu abbia Windows XP, verrà richiesta l'installazione della Console di ripristino di emergenza: non la installare (clicca il pulsante No)
senza eseguire nessuna altra operazione, lascia che il tool completi il suo lavoro

Note - durante la scansione:
● potrebbero comparire alcuni file sul Desktop, e poi eliminati
● spariranno, per un attimo, tutte le icone presenti sul Desktop: nulla di cui preoccuparsi
● potrebbe venire rilasciato un messaggio in relazione all'Antivirus in uso: prosegui ignorando il messaggio
● il firewall potrebbe rilasciare un avviso circa la rimozione di alcuni driver: consenti
● potrebbe apparire sul Desktop l'icona di Internet Explorer

Quando ComboFix avrà concluso l'operazione di scansione:
● il sistema verrà riavviato automaticamente: in caso contrario, riavvialo te
● vai in Disco Locale C:, cerca il file di testo dal nome ComboFix.txt ed allegalo

Nota - riguardo al programma:
● per eseguire correttamente ComboFix su Windows Vista e Windows Seven, clicca con il tasto destro del mouse sull'icona del programma e, dal menù contestuale, scegli la voce Esegui come Amministratore
sUBs, la software house che distribuisce ComboFix, non è responsabile di qualsiasi danno causato dopo l'utilizzo del programma stesso.
Esso non dovrebbe essere utilizzato a meno che non venga espressamente richiesto da un esperto
ComboFix disabilita l'esecuzione automatica delle unità USB (Chiavette, Hard Disk Esterni, Lettori MP3...) per prevenire future minacce: quando inserisci una Pendrive, dovrai avviarla manualmente dalle Risorse del computer.
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: Tutto nel PC è sparito nel nulla

Postdi popy91 » 26/04/12 14:31

Il contenuto del file ComboFix.txt è:

"ComboFix 12-04-26.01 - QuadCore 26/04/2012 14:37:05.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.2047.1048 [GMT 2:00]
Eseguito da: F:\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
c:\program files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe
c:\program files\Common Files\Apple\Internet Services\ubd.exe
c:\programdata\qxeCetVahH9MCf
c:\users\QuadCore\AppData\Local\TempDIR
c:\users\QuadCore\AppData\Local\TempDIR\BetterInstaller.exe
c:\users\QuadCore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD\SMART HDD.lnk
c:\users\QuadCore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD\Uninstall SMART HDD.lnk
c:\users\QuadCore\AppData\Roaming\OfferBox
c:\users\QuadCore\AppData\Roaming\OfferBox\config.dat
c:\users\QuadCore\AppData\Roaming\OfferBox\config.xml
c:\windows\IsUn0410.exe
c:\windows\security\Database\tmp.edb
c:\windows\system32\urttemp
c:\windows\system32\urttemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2012-03-26 al 2012-04-26 )))))))))))))))))))))))))))))))))))
.
.
2012-04-26 12:49 . 2012-04-26 12:50 -------- d-----w- c:\users\QuadCore\AppData\Local\temp
2012-04-26 12:49 . 2012-04-26 12:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-26 12:42 . 2012-04-26 12:42 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{40BC28EE-7118-456F-8F77-C3C0E1CF0793}\offreg.dll
2012-04-25 17:03 . 2012-04-25 20:42 -------- d-----w- c:\program files\Anvisoft
2012-04-25 16:01 . 2012-04-25 20:41 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2012-04-25 15:42 . 2012-04-25 15:42 247296 ----a-w- c:\programdata\qxeCetVahH9MCf.exe
2012-04-25 15:23 . 2012-04-25 15:23 -------- d-----w- c:\windows\Sun
2012-04-24 14:51 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{40BC28EE-7118-456F-8F77-C3C0E1CF0793}\mpengine.dll
2012-04-12 16:13 . 2012-04-12 16:13 -------- d-----w- c:\program files\Common Files\Skype
2012-04-11 21:15 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 21:15 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 21:15 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 21:15 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 21:15 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 21:15 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-06 11:41 . 2012-04-06 11:41 -------- d-----w- c:\windows\it
2012-04-06 11:36 . 2012-04-06 11:36 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\7b50a1d01cd13e901\DSETUP.dll
2012-04-06 11:36 . 2012-04-06 11:36 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\7b50a1d01cd13e901\DXSETUP.exe
2012-04-06 11:36 . 2012-04-06 11:36 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\7b50a1d01cd13e901\dsetup32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-25 21:14 . 2011-05-31 17:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-08 16:50 . 2012-03-08 16:50 49016 ----a-w- c:\windows\system32\sirenacm.dll
2012-03-08 16:37 . 2012-03-08 16:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-02-23 08:18 . 2010-12-17 11:24 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 05:34 . 2012-03-14 07:52 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-14 07:52 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-14 07:52 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 10:01 . 2012-02-15 10:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 10:01 . 2012-02-15 10:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-10 05:38 . 2012-03-14 07:53 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-07 09:02 . 2012-02-07 09:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 03:54 . 2012-03-14 07:53 2343424 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"RayV"="c:\program files\RayV\RayV\RayV.exe" [2011-02-15 3442552]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"<NO NAME>"= 0
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^QuadCore^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^My 190.lnk]
path=c:\users\QuadCore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\My 190.lnk
backup=c:\windows\pss\My 190.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^QuadCore^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Ritaglio schermata e avvio di OneNote 2007.lnk]
path=c:\users\QuadCore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ritaglio schermata e avvio di OneNote 2007.lnk
backup=c:\windows\pss\Ritaglio schermata e avvio di OneNote 2007.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-06 00:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Live! Cam Manager]
2007-06-07 13:01 155648 ------w- c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
2009-11-16 08:03 2054360 ----a-w- c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2011-07-14 09:20 137536 ----atw- c:\users\QuadCore\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-12-18 11:17 136176 ----atw- c:\users\QuadCore\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 17:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 03:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2011-03-01 21:14 190808 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RayV]
2011-02-15 14:01 3442552 ----a-w- c:\program files\RayV\RayV\RayV.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RESTART_STICKY_NOTES]
2009-07-14 01:14 354304 ----a-w- c:\windows\System32\StikyNot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 06:55 17148552 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0350Mon.exe]
2007-06-04 17:02 32768 ----a-w- c:\windows\V0350Mon.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 CompFilter;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbusflt.sys [2011-05-26 22176]
R3 netr73;Driver scheda LAN wireless USB RT73 per Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-17 1343400]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-12-18 95896]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-05-26 442656]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 17792]
S3 VF0350Afx;VF0350 Audio FX;c:\windows\system32\Drivers\V0350Afx.sys [2007-06-10 142656]
S3 VF0350Vfx;VF0350 Video FX;c:\windows\system32\DRIVERS\V0350VFx.sys [2007-03-05 7424]
S3 VF0350Vid;Live! Cam Video IM (VF0350);c:\windows\system32\DRIVERS\V0350Vid.sys [2007-05-10 170368]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-04-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2961886350-3764760892-1381135177-1000Core.job
- c:\users\QuadCore\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-08 09:20]
.
2012-04-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2961886350-3764760892-1381135177-1000UA.job
- c:\users\QuadCore\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-08 09:20]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2961886350-3764760892-1381135177-1000Core.job
- c:\users\QuadCore\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-18 11:17]
.
2012-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2961886350-3764760892-1381135177-1000UA.job
- c:\users\QuadCore\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-18 11:17]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss ... 1e8c9a950f
uInternet Settings,ProxyOverride = *.local
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
TCP: DhcpNameServer = 192.168.0.1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-10 - (no file)
HKCU-Run-Media Finder - c:\program files\Media Finder\MF.exe
HKCU-Run-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe
HKCU-Run-ApplePhotoStreams - c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
HKCU-Run-iCloudServices - c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe
HKCU-Run-com.apple.dav.bookmarks.daemon - c:\program files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
HKLM-Run-APSDaemon - c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
MSConfigStartUp-APSDaemon - c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
MSConfigStartUp-USBToolTip - c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
AddRemove-Cambridge- English Grammar in Use - c:\cambri~1\EGU\Remove.exe
AddRemove-L&H Power Translator Pro 7.0 - c:\windows\ISUN0410.EXE
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-2961886350-3764760892-1381135177-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-2961886350-3764760892-1381135177-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2961886350-3764760892-1381135177-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2961886350-3764760892-1381135177-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2961886350-3764760892-1381135177-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2961886350-3764760892-1381135177-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-2961886350-3764760892-1381135177-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2961886350-3764760892-1381135177-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2961886350-3764760892-1381135177-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2961886350-3764760892-1381135177-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2961886350-3764760892-1381135177-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2961886350-3764760892-1381135177-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2961886350-3764760892-1381135177-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2961886350-3764760892-1381135177-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2961886350-3764760892-1381135177-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2961886350-3764760892-1381135177-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:88,4f,c9,1b,c1,5f,af,ef,19,3b,1a,39,1a,4f,1e,45,1e,a3,30,b4,fe,89,7b,
9d,c6,0c,bf,09,c1,23,fb,04,e4,14,5b,1c,fc,d1,09,81,91,1f,ce,ec,5a,d0,90,be,\
"??"=hex:da,84,b4,09,0b,f1,ac,a9,d6,d2,82,f7,bb,f6,de,cd
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2012-04-26 14:52:24
ComboFix-quarantined-files.txt 2012-04-26 12:52
.
Pre-Run: 169.012.326.400 byte disponibili
Post-Run: 177.491.443.712 byte disponibili
.
- - End Of File - - 34098337327DF619B2D6D005D0F5D7D7"

SMART_HDD pare essere sparito!

Al momento i problemi che il pc presenta sono:

-Una volta finita la scansionedi di ComboFix riuscivo a vedere lo sfondo del desktop. Quando ho riavviato però è tornato tutto nero;
-Molti programmi non partono (Skype -quando provo ad entrare mi dice: Non è possibile avviare Skype. Ti sei già autenticato su questo computer. Esci e riprova.-, Msn -Quando entro vedo il simboletto che gira e non finisce più ed alla fine mi da errore-, StickyNotes, HyperCam...). Altri sì, non capisco in base a quale criterio;
-Non funziona l'opzione Cerca del Menù;
-Per aprire i file devo passare sempre da Computer > C: (i file che sono sul desktop li vedo ma non riesco ad aprirli). Questo perché non posso andare per esempio su Immagini passando dal menù Start e poi cliccando su Immagini (né Musica, Documenti e Video), perché non apre nulla. Anche quando clicco su Computer (quello me lo apre dal menù Start), nella colonna di sinistra sotto a "Raccolte", documenti, immagini, musica e video hanno un'icona azzurrina che se clicco non mi fa aprire niente;
-Sulle icone di molti file (non tutti, chissà perché?) è presente il simboletto del lucchetto;
-Sono nati dei file doppioni di file che avevo nel pc, il cui nome inizia con ~$, seguito dal nome originale del file.

Comunque grazie ancora!
popy91
Utente Junior
 
Post: 58
Iscritto il: 16/05/07 14:41

Re: Tutto nel PC è sparito nel nulla

Postdi popy91 » 28/04/12 18:43

UP (?)
popy91
Utente Junior
 
Post: 58
Iscritto il: 16/05/07 14:41

Re: Tutto nel PC è sparito nel nulla

Postdi FrancescoFDAC » 29/04/12 12:21

Ciao.

Script personalizzato di ComboFix

Avviso: non eseguire ComboFix di tua iniziativa; questo tool non è un giocattolo e non è adatto ad un uso quotidiano.

Apri il Block Note: Start> Tutti i programmi> Accessori> Blocco note
● all'interno del nuovo documento di testo, copia ed incolla le seguenti righe:


Codice: Seleziona tutto
File::
c:\programdata\qxeCetVahH9MCf.exe



● chiama questo file CFScript.txt, e posizionalo sul Desktop

Molto importante! Disabilita temporaneamente il tuo antivirus e firewall prima di seguire la procedura indicata. Potrebbero infatti interferire con ComboFix o rimuovere alcuni dei suoi file incorporati che possono portare a risultati imprevedibili.
Facendo riferimento all'immagine presente qui sotto, trascina con il puntatore del mouse CFScript.txt sull'icona di ComboFix
ComboFix ora eseguirà una scansione del tuo sistema. Una volta terminata, potrebbe riavviare automaticamente il sistema: in caso contrario, procedi tu manualmente.
A questo punto, il programma produrrà un Report. Copia ed incolla il log nel tuo prossimo post.

Immagine

Nota - riguardo alla procedura:
● non toccare assolutamente il mouse e la tastiera durante la scansione: potrebbe interrompersi
N.B :
● se viene visualizzato l'errore: Operazione non valida tentata su una chiave di registro che è stato contrassegnato per l'eliminazione, dovrai semplicemente riavviare il sistema e ripetere lo Script
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: Tutto nel PC è sparito nel nulla

Postdi popy91 » 29/04/12 16:53

Stamattina ho rifatto andare Unhide ed ora vedo tutto! Non so come mai l'altro ieri l'ho fatto due volte e non sia successo niente... Adesso però l'unico problema è che il pc è sensibilmente più lento (o forse è solo perché sta creando il backup da circa quattro ore?).

Rimangono poi la marea di file il cui nome inizia per ~$ (alcuni li ho eliminati ed ho visto che i file di cui sono doppioni continuano a vedersi... non faccio casini se li cancello tutti, vero?) + alcuni file (sempre dove tengo sopratuttto documenti Office) che si chiamano tipo "~WRL0005.tmp" (cosa cavolo sono?!) ed infine questi belin di lucchetti sulle icone... ho cercato su internet e mi sembra di aver capito che sia un problema di condivisione dei file, solo che non vorrei fare danni e aspetto un vostro consiglio. :)

Grazie mille cmq Francesco, il procedimento del tuo ultimo post posso evitarlo a questo punto vero?
popy91
Utente Junior
 
Post: 58
Iscritto il: 16/05/07 14:41

Re: Tutto nel PC è sparito nel nulla

Postdi FrancescoFDAC » 29/04/12 17:03

No, fai pure quello che ti ho detto nell' ultimo post, il PC è ancora infetto da quel file.

Esegui anche questo controllo, per sicurezza;
Scarica Kaspersky TDSS Killer: http://support.kaspersky.com/downloads/ ... killer.exe
● posiziona il file scaricato sul Desktop
● clicca due volte sul file TDSSKiller.exe per avviare l'applicazione
● successivamente premi il pulsante Start scan

Nota - riguardo al programma:
● non cliccare sul pulsante Stop scan per nessun motivo, la scansione si interromperebbe

Giunti a questo punto, inizia la scansione del sistema alla ricerca di software malevolo:
● se viene trovato un file infetto, l'azione di default sarà Cure: clicca quindi su Continua
● se viene trovato un file sospetto, l'azione di default sarà Skip: clicca quindi su Continua
● se non viene rilevato nulla, chiudi semplicemente il programma al termine della scansione

Una volta terminata la scansione, si presenterà una di queste due opzioni:
non è necessario il riavvio del sistema: allega il Report situato nel Disco Locale C:\, di nome TDSSKiller.[Version]_[Date]_[Time]_log.txt
● è necessario riavviare il sistema: clicca su Riavvia ora, infine allega il risultato della scansione (si trova nello stesso percorso menzionato poco fa')


I file di Word sono quelli che il programma crea, sono temporanei e alla chiusura dei documenti stessi dovrebbero sparire, a meno che non hai smanettato le impostazioni del software.

Non ti avevo detto di eseguire Unhide, ne di fare di testa tua, ma evidentemente non avevi capito..

Ora esegui ComboFix e TDSS Killer, e allega i due log.

Francesco
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: Tutto nel PC è sparito nel nulla

Postdi popy91 » 29/04/12 20:26

Risultato ComboFix:


ComboFix 12-04-29.01 - QuadCore 29/04/2012 20:52:25.2.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.2047.1208 [GMT 2:00]
Eseguito da: c:\users\QuadCore\Desktop\ComboFix.exe
Opzioni usate :: c:\users\QuadCore\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *Disabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\qxeCetVahH9MCf.exe"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\qxeCetVahH9MCf.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2012-03-28 al 2012-04-29 )))))))))))))))))))))))))))))))))))
.
.
2012-04-29 19:36 . 2012-04-29 19:36 -------- d-----w- c:\users\QuadCore\AppData\Local\temp
2012-04-29 19:36 . 2012-04-29 19:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-28 20:11 . 2012-04-28 20:11 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9724957E-139D-4F63-A893-6A064AA30E49}\offreg.dll
2012-04-28 17:49 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9724957E-139D-4F63-A893-6A064AA30E49}\mpengine.dll
2012-04-25 17:03 . 2012-04-25 20:42 -------- d-----w- c:\program files\Anvisoft
2012-04-25 16:01 . 2012-04-25 20:41 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2012-04-25 15:23 . 2012-04-25 15:23 -------- d-----w- c:\windows\Sun
2012-04-12 16:13 . 2012-04-12 16:13 -------- d-----w- c:\program files\Common Files\Skype
2012-04-11 21:15 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 21:15 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 21:15 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 21:15 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 21:15 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 21:15 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-06 11:41 . 2012-04-06 11:41 -------- d-----w- c:\windows\it
2012-04-06 11:36 . 2012-04-06 11:36 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\7b50a1d01cd13e901\DSETUP.dll
2012-04-06 11:36 . 2012-04-06 11:36 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\7b50a1d01cd13e901\DXSETUP.exe
2012-04-06 11:36 . 2012-04-06 11:36 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\7b50a1d01cd13e901\dsetup32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-25 21:14 . 2011-05-31 17:08 414368 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-08 16:50 . 2012-03-08 16:50 49016 ------w- c:\windows\system32\sirenacm.dll
2012-03-08 16:37 . 2012-03-08 16:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-02-23 08:18 . 2010-12-17 11:24 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 05:34 . 2012-03-14 07:52 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-14 07:52 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-14 07:52 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 10:01 . 2012-02-15 10:01 4547944 ------w- c:\windows\system32\usbaaplrc.dll
2012-02-15 10:01 . 2012-02-15 10:01 43520 ------w- c:\windows\system32\drivers\usbaapl.sys
2012-02-10 05:38 . 2012-03-14 07:53 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-07 09:02 . 2012-02-07 09:02 1070352 ------w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 03:54 . 2012-03-14 07:53 2343424 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-04-05 17356424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"<NO NAME>"= 0
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^QuadCore^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^My 190.lnk]
path=c:\users\QuadCore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\My 190.lnk
backup=c:\windows\pss\My 190.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^QuadCore^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Ritaglio schermata e avvio di OneNote 2007.lnk]
path=c:\users\QuadCore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ritaglio schermata e avvio di OneNote 2007.lnk
backup=c:\windows\pss\Ritaglio schermata e avvio di OneNote 2007.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-06 00:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Live! Cam Manager]
2007-06-07 13:01 155648 ------w- c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2011-07-14 09:20 137536 ----atw- c:\users\QuadCore\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-12-18 11:17 136176 ----atw- c:\users\QuadCore\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 17:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2011-03-01 21:14 190808 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RayV]
2011-02-15 14:01 3442552 ----a-w- c:\program files\RayV\RayV\RayV.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RESTART_STICKY_NOTES]
2009-07-14 01:14 354304 ----a-w- c:\windows\System32\StikyNot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0350Mon.exe]
2007-06-04 17:02 32768 ----a-w- c:\windows\V0350Mon.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-04-05 158856]
R3 netr73;Driver scheda LAN wireless USB RT73 per Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-17 1343400]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-12-18 95896]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-05-26 442656]
S3 CompFilter;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbusflt.sys [2011-05-26 22176]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 17792]
S3 VF0350Afx;VF0350 Audio FX;c:\windows\system32\Drivers\V0350Afx.sys [2007-06-10 142656]
S3 VF0350Vfx;VF0350 Video FX;c:\windows\system32\DRIVERS\V0350VFx.sys [2007-03-05 7424]
S3 VF0350Vid;Live! Cam Video IM (VF0350);c:\windows\system32\DRIVERS\V0350Vid.sys [2007-05-10 170368]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-04-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2961886350-3764760892-1381135177-1000Core.job
- c:\users\QuadCore\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-08 09:20]
.
2012-04-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2961886350-3764760892-1381135177-1000UA.job
- c:\users\QuadCore\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-08 09:20]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2961886350-3764760892-1381135177-1000Core.job
- c:\users\QuadCore\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-18 11:17]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2961886350-3764760892-1381135177-1000UA.job
- c:\users\QuadCore\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-18 11:17]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss ... 1e8c9a950f
uInternet Settings,ProxyOverride = *.local
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
TCP: DhcpNameServer = 192.168.0.1
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-2961886350-3764760892-1381135177-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-2961886350-3764760892-1381135177-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2961886350-3764760892-1381135177-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2961886350-3764760892-1381135177-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2961886350-3764760892-1381135177-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2961886350-3764760892-1381135177-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-2961886350-3764760892-1381135177-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2961886350-3764760892-1381135177-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2961886350-3764760892-1381135177-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2961886350-3764760892-1381135177-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2961886350-3764760892-1381135177-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2961886350-3764760892-1381135177-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2961886350-3764760892-1381135177-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2961886350-3764760892-1381135177-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2961886350-3764760892-1381135177-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2961886350-3764760892-1381135177-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:88,4f,c9,1b,c1,5f,af,ef,19,3b,1a,39,1a,4f,1e,45,1e,a3,30,b4,fe,89,7b,
9d,c6,0c,bf,09,c1,23,fb,04,e4,14,5b,1c,fc,d1,09,81,91,1f,ce,ec,5a,d0,90,be,\
"??"=hex:da,84,b4,09,0b,f1,ac,a9,d6,d2,82,f7,bb,f6,de,cd
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2012-04-29 21:40:26
ComboFix-quarantined-files.txt 2012-04-29 19:40
ComboFix2.txt 2012-04-26 12:52
.
Pre-Run: 211.190.263.808 byte disponibili
Post-Run: 210.768.297.984 byte disponibili
.
- - End Of File - - 9539620042D77F0A49C0E46F9A406C94
popy91
Utente Junior
 
Post: 58
Iscritto il: 16/05/07 14:41

Re: Tutto nel PC è sparito nel nulla

Postdi popy91 » 29/04/12 20:53

Risultato di TDSSKiller (ma è normale che la scansione sia durata solo 23 secondi?!):


22:04:00.0111 5056 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
22:04:00.0954 5056 ============================================================
22:04:00.0954 5056 Current date / time: 2012/04/29 22:04:00.0954
22:04:00.0954 5056 SystemInfo:
22:04:00.0954 5056
22:04:00.0954 5056 OS Version: 6.1.7601 ServicePack: 1.0
22:04:00.0954 5056 Product type: Workstation
22:04:00.0954 5056 ComputerName: POPY
22:04:00.0954 5056 UserName: QuadCore
22:04:00.0954 5056 Windows directory: C:\Windows
22:04:00.0954 5056 System windows directory: C:\Windows
22:04:00.0954 5056 Processor architecture: Intel x86
22:04:00.0954 5056 Number of processors: 4
22:04:00.0954 5056 Page size: 0x1000
22:04:00.0954 5056 Boot type: Normal boot
22:04:00.0954 5056 ============================================================
22:04:02.0108 5056 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
22:04:02.0108 5056 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:04:02.0155 5056 ============================================================
22:04:02.0155 5056 \Device\Harddisk0\DR0:
22:04:02.0155 5056 MBR partitions:
22:04:02.0155 5056 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:04:02.0155 5056 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
22:04:02.0155 5056 \Device\Harddisk1\DR1:
22:04:02.0155 5056 MBR partitions:
22:04:02.0155 5056 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
22:04:02.0155 5056 ============================================================
22:04:02.0186 5056 C: <-> \Device\Harddisk0\DR0\Partition1
22:04:02.0576 5056 E: <-> \Device\Harddisk1\DR1\Partition0
22:04:02.0576 5056 ============================================================
22:04:02.0576 5056 Initialize success
22:04:02.0576 5056 ============================================================
22:04:04.0978 5200 ============================================================
22:04:04.0978 5200 Scan started
22:04:04.0978 5200 Mode: Manual;
22:04:04.0978 5200 ============================================================
22:04:06.0632 5200 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
22:04:06.0632 5200 1394ohci - ok
22:04:06.0679 5200 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
22:04:06.0679 5200 ACPI - ok
22:04:06.0741 5200 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
22:04:06.0741 5200 AcpiPmi - ok
22:04:06.0804 5200 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
22:04:06.0804 5200 adfs - ok
22:04:07.0194 5200 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:04:07.0194 5200 AdobeARMservice - ok
22:04:07.0303 5200 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
22:04:07.0334 5200 adp94xx - ok
22:04:07.0365 5200 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
22:04:07.0396 5200 adpahci - ok
22:04:07.0428 5200 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
22:04:07.0428 5200 adpu320 - ok
22:04:07.0459 5200 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
22:04:07.0459 5200 AeLookupSvc - ok
22:04:07.0521 5200 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
22:04:07.0521 5200 AFD - ok
22:04:07.0568 5200 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
22:04:07.0568 5200 agp440 - ok
22:04:07.0615 5200 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
22:04:07.0615 5200 aic78xx - ok
22:04:07.0646 5200 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
22:04:07.0646 5200 ALG - ok
22:04:07.0677 5200 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
22:04:07.0693 5200 aliide - ok
22:04:07.0740 5200 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
22:04:07.0740 5200 amdagp - ok
22:04:07.0755 5200 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
22:04:07.0755 5200 amdide - ok
22:04:07.0786 5200 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
22:04:07.0786 5200 AmdK8 - ok
22:04:07.0802 5200 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
22:04:07.0802 5200 AmdPPM - ok
22:04:07.0833 5200 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
22:04:07.0849 5200 amdsata - ok
22:04:07.0864 5200 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
22:04:07.0864 5200 amdsbs - ok
22:04:07.0896 5200 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
22:04:07.0896 5200 amdxata - ok
22:04:07.0942 5200 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
22:04:07.0942 5200 AppID - ok
22:04:07.0958 5200 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
22:04:07.0958 5200 AppIDSvc - ok
22:04:08.0036 5200 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
22:04:08.0036 5200 Appinfo - ok
22:04:08.0254 5200 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:04:08.0254 5200 Apple Mobile Device - ok
22:04:08.0301 5200 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
22:04:08.0301 5200 arc - ok
22:04:08.0317 5200 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
22:04:08.0317 5200 arcsas - ok
22:04:08.0379 5200 aspnet_state (39cdcb109bf200cc8a05b9c7e6272d11) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:04:08.0379 5200 aspnet_state - ok
22:04:08.0410 5200 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
22:04:08.0410 5200 AsyncMac - ok
22:04:08.0457 5200 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
22:04:08.0457 5200 atapi - ok
22:04:08.0504 5200 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
22:04:08.0520 5200 AudioEndpointBuilder - ok
22:04:08.0535 5200 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
22:04:08.0535 5200 Audiosrv - ok
22:04:08.0582 5200 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
22:04:08.0582 5200 AxInstSV - ok
22:04:08.0613 5200 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
22:04:08.0629 5200 b06bdrv - ok
22:04:08.0676 5200 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
22:04:08.0691 5200 b57nd60x - ok
22:04:08.0738 5200 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
22:04:08.0754 5200 BDESVC - ok
22:04:08.0769 5200 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
22:04:08.0769 5200 Beep - ok
22:04:08.0832 5200 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
22:04:08.0863 5200 BFE - ok
22:04:08.0925 5200 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
22:04:08.0925 5200 BITS - ok
22:04:08.0956 5200 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
22:04:08.0956 5200 blbdrive - ok
22:04:09.0066 5200 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
22:04:09.0081 5200 Bonjour Service - ok
22:04:09.0190 5200 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
22:04:09.0190 5200 bowser - ok
22:04:09.0206 5200 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:04:09.0206 5200 BrFiltLo - ok
22:04:09.0284 5200 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:04:09.0284 5200 BrFiltUp - ok
22:04:09.0440 5200 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
22:04:09.0440 5200 BridgeMP - ok
22:04:09.0471 5200 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
22:04:09.0487 5200 Browser - ok
22:04:09.0518 5200 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
22:04:09.0534 5200 Brserid - ok
22:04:09.0565 5200 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
22:04:09.0565 5200 BrSerWdm - ok
22:04:09.0580 5200 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:04:09.0580 5200 BrUsbMdm - ok
22:04:09.0596 5200 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
22:04:09.0596 5200 BrUsbSer - ok
22:04:09.0612 5200 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
22:04:09.0612 5200 BTHMODEM - ok
22:04:09.0658 5200 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
22:04:09.0674 5200 bthserv - ok
22:04:09.0736 5200 catchme - ok
22:04:09.0783 5200 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
22:04:09.0783 5200 cdfs - ok
22:04:09.0846 5200 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
22:04:09.0861 5200 cdrom - ok
22:04:09.0908 5200 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
22:04:09.0908 5200 CertPropSvc - ok
22:04:09.0924 5200 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
22:04:09.0924 5200 circlass - ok
22:04:09.0939 5200 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
22:04:09.0955 5200 CLFS - ok
22:04:10.0017 5200 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:04:10.0017 5200 clr_optimization_v2.0.50727_32 - ok
22:04:10.0111 5200 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:04:10.0142 5200 clr_optimization_v4.0.30319_32 - ok
22:04:10.0158 5200 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
22:04:10.0158 5200 CmBatt - ok
22:04:10.0204 5200 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
22:04:10.0204 5200 cmdide - ok
22:04:10.0251 5200 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
22:04:10.0251 5200 CNG - ok
22:04:10.0314 5200 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
22:04:10.0314 5200 Compbatt - ok
22:04:10.0360 5200 CompFilter (c8df7d2e5a97082e0ca87ca07caf4619) C:\Windows\system32\DRIVERS\lvbusflt.sys
22:04:10.0360 5200 CompFilter - ok
22:04:10.0407 5200 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
22:04:10.0407 5200 CompositeBus - ok
22:04:10.0407 5200 COMSysApp - ok
22:04:10.0423 5200 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
22:04:10.0423 5200 crcdisk - ok
22:04:10.0470 5200 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
22:04:10.0470 5200 CryptSvc - ok
22:04:10.0548 5200 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
22:04:10.0563 5200 DcomLaunch - ok
22:04:10.0594 5200 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
22:04:10.0610 5200 defragsvc - ok
22:04:10.0657 5200 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
22:04:10.0657 5200 DfsC - ok
22:04:10.0688 5200 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
22:04:10.0704 5200 Dhcp - ok
22:04:10.0719 5200 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
22:04:10.0719 5200 discache - ok
22:04:10.0766 5200 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
22:04:10.0766 5200 Disk - ok
22:04:10.0797 5200 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
22:04:10.0797 5200 Dnscache - ok
22:04:10.0828 5200 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
22:04:10.0844 5200 dot3svc - ok
22:04:10.0891 5200 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
22:04:10.0891 5200 Dot4 - ok
22:04:10.0953 5200 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\drivers\Dot4Prt.sys
22:04:10.0953 5200 Dot4Print - ok
22:04:10.0969 5200 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
22:04:10.0969 5200 dot4usb - ok
22:04:11.0000 5200 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
22:04:11.0016 5200 DPS - ok
22:04:11.0047 5200 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
22:04:11.0047 5200 drmkaud - ok
22:04:11.0109 5200 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
22:04:11.0125 5200 DXGKrnl - ok
22:04:11.0140 5200 eamon (af82dc664e3d8e2cba3b95e68f6448a7) C:\Windows\system32\DRIVERS\eamon.sys
22:04:11.0140 5200 eamon - ok
22:04:11.0187 5200 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
22:04:11.0187 5200 EapHost - ok
22:04:11.0359 5200 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
22:04:11.0437 5200 ebdrv - ok
22:04:11.0546 5200 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
22:04:11.0546 5200 EFS - ok
22:04:11.0577 5200 ehdrv (686a799c1bf1b18941994daf9f45db06) C:\Windows\system32\DRIVERS\ehdrv.sys
22:04:11.0577 5200 ehdrv - ok
22:04:11.0655 5200 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
22:04:11.0686 5200 ehRecvr - ok
22:04:11.0702 5200 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
22:04:11.0702 5200 ehSched - ok
22:04:11.0780 5200 EhttpSrv (9329ba45c8b97485926a171e34c2abb8) C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
22:04:11.0780 5200 EhttpSrv - ok
22:04:11.0827 5200 ekrn (3543c6195d5ed4eda0316d3e1ba0e6ee) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
22:04:11.0827 5200 ekrn - ok
22:04:11.0952 5200 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
22:04:11.0952 5200 elxstor - ok
22:04:11.0983 5200 epfwwfpr (8700eadc8bdfa27d948fcc43ee0ae434) C:\Windows\system32\DRIVERS\epfwwfpr.sys
22:04:11.0983 5200 epfwwfpr - ok
22:04:12.0014 5200 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
22:04:12.0014 5200 ErrDev - ok
22:04:12.0076 5200 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
22:04:12.0092 5200 EventSystem - ok
22:04:12.0123 5200 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
22:04:12.0123 5200 exfat - ok
22:04:12.0139 5200 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
22:04:12.0139 5200 fastfat - ok
22:04:12.0201 5200 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
22:04:12.0217 5200 Fax - ok
22:04:12.0232 5200 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
22:04:12.0232 5200 fdc - ok
22:04:12.0232 5200 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
22:04:12.0232 5200 fdPHost - ok
22:04:12.0248 5200 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
22:04:12.0248 5200 FDResPub - ok
22:04:12.0264 5200 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
22:04:12.0264 5200 FileInfo - ok
22:04:12.0279 5200 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
22:04:12.0279 5200 Filetrace - ok
22:04:12.0373 5200 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:04:12.0388 5200 FLEXnet Licensing Service - ok
22:04:12.0404 5200 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
22:04:12.0404 5200 flpydisk - ok
22:04:12.0420 5200 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
22:04:12.0420 5200 FltMgr - ok
22:04:12.0482 5200 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
22:04:12.0498 5200 FontCache - ok
22:04:12.0560 5200 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:04:12.0560 5200 FontCache3.0.0.0 - ok
22:04:12.0576 5200 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
22:04:12.0576 5200 FsDepends - ok
22:04:12.0607 5200 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
22:04:12.0607 5200 Fs_Rec - ok
22:04:12.0654 5200 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
22:04:12.0654 5200 fvevol - ok
22:04:12.0685 5200 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:04:12.0685 5200 gagp30kx - ok
22:04:12.0716 5200 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:04:12.0716 5200 GEARAspiWDM - ok
22:04:12.0778 5200 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
22:04:12.0794 5200 gpsvc - ok
22:04:12.0810 5200 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
22:04:12.0810 5200 hcw85cir - ok
22:04:12.0872 5200 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
22:04:12.0888 5200 HdAudAddService - ok
22:04:12.0919 5200 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
22:04:12.0919 5200 HDAudBus - ok
22:04:12.0934 5200 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
22:04:12.0934 5200 HidBatt - ok
22:04:12.0950 5200 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
22:04:12.0950 5200 HidBth - ok
22:04:12.0981 5200 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
22:04:12.0981 5200 HidIr - ok
22:04:13.0012 5200 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
22:04:13.0012 5200 hidserv - ok
22:04:13.0075 5200 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
22:04:13.0075 5200 HidUsb - ok
22:04:13.0106 5200 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
22:04:13.0106 5200 hkmsvc - ok
22:04:13.0153 5200 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
22:04:13.0168 5200 HomeGroupListener - ok
22:04:13.0215 5200 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
22:04:13.0215 5200 HomeGroupProvider - ok
22:04:13.0434 5200 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
22:04:13.0434 5200 hpqcxs08 - ok
22:04:13.0465 5200 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
22:04:13.0465 5200 hpqddsvc - ok
22:04:13.0527 5200 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
22:04:13.0527 5200 HpSAMD - ok
22:04:13.0590 5200 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
22:04:13.0590 5200 HTTP - ok
22:04:13.0621 5200 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
22:04:13.0621 5200 hwpolicy - ok
22:04:13.0652 5200 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
22:04:13.0668 5200 i8042prt - ok
22:04:13.0699 5200 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
22:04:13.0714 5200 iaStorV - ok
22:04:13.0808 5200 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:04:13.0839 5200 idsvc - ok
22:04:13.0933 5200 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
22:04:13.0933 5200 iirsp - ok
22:04:13.0995 5200 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
22:04:14.0011 5200 IKEEXT - ok
22:04:14.0026 5200 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
22:04:14.0026 5200 intelide - ok
22:04:14.0058 5200 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
22:04:14.0058 5200 intelppm - ok
22:04:14.0104 5200 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
22:04:14.0104 5200 IPBusEnum - ok
22:04:14.0120 5200 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:04:14.0120 5200 IpFilterDriver - ok
22:04:14.0182 5200 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
22:04:14.0198 5200 iphlpsvc - ok
22:04:14.0229 5200 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
22:04:14.0229 5200 IPMIDRV - ok
22:04:14.0245 5200 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
22:04:14.0245 5200 IPNAT - ok
22:04:14.0385 5200 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
22:04:14.0401 5200 iPod Service - ok
22:04:14.0432 5200 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
22:04:14.0432 5200 IRENUM - ok
22:04:14.0463 5200 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
22:04:14.0463 5200 isapnp - ok
22:04:14.0510 5200 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
22:04:14.0510 5200 iScsiPrt - ok
22:04:14.0557 5200 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:04:14.0557 5200 kbdclass - ok
22:04:14.0619 5200 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
22:04:14.0619 5200 kbdhid - ok
22:04:14.0650 5200 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:04:14.0650 5200 KeyIso - ok
22:04:14.0682 5200 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
22:04:14.0682 5200 KSecDD - ok
22:04:14.0728 5200 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
22:04:14.0728 5200 KSecPkg - ok
22:04:14.0775 5200 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
22:04:14.0791 5200 KtmRm - ok
22:04:14.0900 5200 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
22:04:14.0916 5200 LanmanServer - ok
22:04:14.0947 5200 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
22:04:14.0947 5200 LanmanWorkstation - ok
22:04:14.0978 5200 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
22:04:14.0994 5200 lltdio - ok
22:04:15.0025 5200 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
22:04:15.0025 5200 lltdsvc - ok
22:04:15.0056 5200 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
22:04:15.0056 5200 lmhosts - ok
22:04:15.0087 5200 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:04:15.0087 5200 LSI_FC - ok
22:04:15.0103 5200 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:04:15.0103 5200 LSI_SAS - ok
22:04:15.0118 5200 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:04:15.0118 5200 LSI_SAS2 - ok
22:04:15.0134 5200 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:04:15.0150 5200 LSI_SCSI - ok
22:04:15.0165 5200 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
22:04:15.0165 5200 luafv - ok
22:04:15.0228 5200 LVRS (c4fd8055f421a8e6f49259a0bf59c40d) C:\Windows\system32\DRIVERS\lvrs.sys
22:04:15.0228 5200 LVRS - ok
22:04:15.0477 5200 LVUVC (bab6dba71defbc9d147afc15cdc9563f) C:\Windows\system32\DRIVERS\lvuvc.sys
22:04:15.0508 5200 LVUVC - ok
22:04:15.0680 5200 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\Windows\system32\DRIVERS\MarvinBus.sys
22:04:15.0680 5200 MarvinBus - ok
22:04:15.0727 5200 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
22:04:15.0727 5200 Mcx2Svc - ok
22:04:15.0820 5200 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
22:04:15.0836 5200 MDM - ok
22:04:15.0883 5200 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
22:04:15.0883 5200 megasas - ok
22:04:15.0930 5200 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
22:04:15.0945 5200 MegaSR - ok
22:04:16.0008 5200 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
22:04:16.0008 5200 Microsoft Office Groove Audit Service - ok
22:04:16.0039 5200 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
22:04:16.0039 5200 MMCSS - ok
22:04:16.0054 5200 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
22:04:16.0054 5200 Modem - ok
22:04:16.0086 5200 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
22:04:16.0086 5200 monitor - ok
22:04:16.0117 5200 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
22:04:16.0117 5200 mouclass - ok
22:04:16.0148 5200 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
22:04:16.0148 5200 mouhid - ok
22:04:16.0179 5200 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
22:04:16.0179 5200 mountmgr - ok
22:04:16.0226 5200 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
22:04:16.0226 5200 mpio - ok
22:04:16.0242 5200 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
22:04:16.0242 5200 mpsdrv - ok
22:04:16.0304 5200 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
22:04:16.0335 5200 MpsSvc - ok
22:04:16.0382 5200 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
22:04:16.0382 5200 MRxDAV - ok
22:04:16.0429 5200 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:04:16.0429 5200 mrxsmb - ok
22:04:16.0476 5200 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:04:16.0491 5200 mrxsmb10 - ok
22:04:16.0507 5200 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:04:16.0507 5200 mrxsmb20 - ok
22:04:16.0554 5200 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
22:04:16.0554 5200 msahci - ok
22:04:16.0569 5200 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
22:04:16.0569 5200 msdsm - ok
22:04:16.0585 5200 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
22:04:16.0585 5200 MSDTC - ok
22:04:16.0616 5200 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
22:04:16.0616 5200 Msfs - ok
22:04:16.0632 5200 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
22:04:16.0632 5200 mshidkmdf - ok
22:04:16.0678 5200 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
22:04:16.0678 5200 msisadrv - ok
22:04:16.0710 5200 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
22:04:16.0725 5200 MSiSCSI - ok
22:04:16.0725 5200 msiserver - ok
22:04:16.0741 5200 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
22:04:16.0741 5200 MSKSSRV - ok
22:04:16.0756 5200 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
22:04:16.0756 5200 MSPCLOCK - ok
22:04:16.0772 5200 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
22:04:16.0772 5200 MSPQM - ok
22:04:16.0788 5200 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
22:04:16.0788 5200 MsRPC - ok
22:04:16.0834 5200 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
22:04:16.0834 5200 mssmbios - ok
22:04:16.0850 5200 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
22:04:16.0866 5200 MSTEE - ok
22:04:16.0881 5200 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
22:04:16.0881 5200 MTConfig - ok
22:04:16.0897 5200 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\Windows\system32\DRIVERS\ASACPI.sys
22:04:16.0897 5200 MTsensor - ok
22:04:16.0912 5200 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
22:04:16.0912 5200 Mup - ok
22:04:16.0959 5200 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
22:04:16.0975 5200 napagent - ok
22:04:17.0006 5200 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
22:04:17.0006 5200 NativeWifiP - ok
22:04:17.0100 5200 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
22:04:17.0115 5200 NDIS - ok
22:04:17.0131 5200 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
22:04:17.0131 5200 NdisCap - ok
22:04:17.0146 5200 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
22:04:17.0146 5200 NdisTapi - ok
22:04:17.0193 5200 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
22:04:17.0193 5200 Ndisuio - ok
22:04:17.0224 5200 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
22:04:17.0224 5200 NdisWan - ok
22:04:17.0271 5200 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
22:04:17.0271 5200 NDProxy - ok
22:04:17.0412 5200 Nero BackItUp Scheduler 4.0 (c7f5c284b6f46fcaf6910ea4e644700b) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
22:04:17.0412 5200 Nero BackItUp Scheduler 4.0 - ok
22:04:17.0490 5200 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
22:04:17.0490 5200 Net Driver HPZ12 - ok
22:04:17.0505 5200 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
22:04:17.0505 5200 NetBIOS - ok
22:04:17.0552 5200 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
22:04:17.0552 5200 NetBT - ok
22:04:17.0568 5200 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:04:17.0583 5200 Netlogon - ok
22:04:17.0630 5200 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
22:04:17.0646 5200 Netman - ok
22:04:17.0661 5200 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
22:04:17.0677 5200 netprofm - ok
22:04:17.0724 5200 netr73 (76b1157ef850830c5ece61d3e591ca8b) C:\Windows\system32\DRIVERS\netr73.sys
22:04:17.0739 5200 netr73 - ok
22:04:17.0802 5200 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:04:17.0802 5200 NetTcpPortSharing - ok
22:04:17.0833 5200 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
22:04:17.0833 5200 nfrd960 - ok
22:04:17.0880 5200 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
22:04:17.0895 5200 NlaSvc - ok
22:04:17.0958 5200 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\Windows\system32\drivers\npf.sys
22:04:17.0958 5200 NPF - ok
22:04:17.0973 5200 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
22:04:17.0973 5200 Npfs - ok
22:04:17.0973 5200 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
22:04:17.0973 5200 nsi - ok
22:04:17.0989 5200 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
22:04:17.0989 5200 nsiproxy - ok
22:04:18.0082 5200 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
22:04:18.0114 5200 Ntfs - ok
22:04:18.0114 5200 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
22:04:18.0114 5200 Null - ok
22:04:18.0176 5200 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
22:04:18.0192 5200 NVENETFD - ok
22:04:18.0691 5200 nvlddmkm (6ef47521dce982602a25afb41dd13d4f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:04:18.0769 5200 nvlddmkm - ok
22:04:18.0894 5200 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
22:04:18.0894 5200 nvraid - ok
22:04:18.0925 5200 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
22:04:18.0925 5200 nvstor - ok
22:04:18.0987 5200 nvsvc (725754030d809ed7f802399ac5b0ad3d) C:\Windows\system32\nvvsvc.exe
22:04:19.0003 5200 nvsvc - ok
22:04:19.0034 5200 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
22:04:19.0034 5200 nv_agp - ok
22:04:19.0128 5200 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:04:19.0143 5200 odserv - ok
22:04:19.0174 5200 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
22:04:19.0174 5200 ohci1394 - ok
22:04:19.0206 5200 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:04:19.0221 5200 ose - ok
22:04:19.0252 5200 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
22:04:19.0268 5200 p2pimsvc - ok
22:04:19.0299 5200 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
22:04:19.0315 5200 p2psvc - ok
22:04:19.0362 5200 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
22:04:19.0362 5200 Parport - ok
22:04:19.0393 5200 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
22:04:19.0393 5200 partmgr - ok
22:04:19.0408 5200 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
22:04:19.0408 5200 Parvdm - ok
22:04:19.0424 5200 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
22:04:19.0424 5200 PcaSvc - ok
22:04:19.0440 5200 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
22:04:19.0455 5200 pci - ok
22:04:19.0455 5200 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
22:04:19.0455 5200 pciide - ok
22:04:19.0471 5200 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
22:04:19.0471 5200 pcmcia - ok
22:04:19.0486 5200 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
22:04:19.0486 5200 pcw - ok
22:04:19.0533 5200 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
22:04:19.0549 5200 PEAUTH - ok
22:04:19.0674 5200 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
22:04:19.0705 5200 pla - ok
22:04:19.0830 5200 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
22:04:19.0830 5200 PlugPlay - ok
22:04:19.0892 5200 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
22:04:19.0892 5200 Pml Driver HPZ12 - ok
22:04:19.0908 5200 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
22:04:19.0923 5200 PNRPAutoReg - ok
22:04:19.0939 5200 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
22:04:19.0939 5200 PNRPsvc - ok
22:04:19.0970 5200 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
22:04:19.0970 5200 PolicyAgent - ok
22:04:20.0001 5200 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
22:04:20.0017 5200 Power - ok
22:04:20.0064 5200 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
22:04:20.0064 5200 PptpMiniport - ok
22:04:20.0079 5200 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
22:04:20.0079 5200 Processor - ok
22:04:20.0126 5200 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
22:04:20.0142 5200 ProfSvc - ok
22:04:20.0173 5200 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:04:20.0173 5200 ProtectedStorage - ok
22:04:20.0204 5200 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
22:04:20.0204 5200 Psched - ok
22:04:20.0266 5200 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
22:04:20.0266 5200 PxHelp20 - ok
22:04:20.0344 5200 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
22:04:20.0376 5200 ql2300 - ok
22:04:20.0454 5200 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
22:04:20.0454 5200 ql40xx - ok
22:04:20.0500 5200 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
22:04:20.0516 5200 QWAVE - ok
22:04:20.0532 5200 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
22:04:20.0532 5200 QWAVEdrv - ok
22:04:20.0547 5200 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
22:04:20.0547 5200 RasAcd - ok
22:04:20.0578 5200 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:04:20.0578 5200 RasAgileVpn - ok
22:04:20.0594 5200 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
22:04:20.0594 5200 RasAuto - ok
22:04:20.0625 5200 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:04:20.0625 5200 Rasl2tp - ok
22:04:20.0688 5200 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
22:04:20.0703 5200 RasMan - ok
22:04:20.0719 5200 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
22:04:20.0719 5200 RasPppoe - ok
22:04:20.0734 5200 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
22:04:20.0734 5200 RasSstp - ok
22:04:20.0781 5200 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
22:04:20.0797 5200 rdbss - ok
22:04:20.0797 5200 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
22:04:20.0797 5200 rdpbus - ok
22:04:20.0828 5200 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:04:20.0828 5200 RDPCDD - ok
22:04:20.0859 5200 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
22:04:20.0859 5200 RDPENCDD - ok
22:04:20.0875 5200 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
22:04:20.0875 5200 RDPREFMP - ok
22:04:20.0922 5200 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
22:04:20.0922 5200 RDPWD - ok
22:04:20.0984 5200 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
22:04:20.0984 5200 rdyboost - ok
22:04:21.0000 5200 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
22:04:21.0000 5200 RemoteAccess - ok
22:04:21.0015 5200 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
22:04:21.0015 5200 RemoteRegistry - ok
22:04:21.0093 5200 rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files\WinPcap\rpcapd.exe
22:04:21.0093 5200 rpcapd - ok
22:04:21.0124 5200 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
22:04:21.0124 5200 RpcEptMapper - ok
22:04:21.0140 5200 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
22:04:21.0140 5200 RpcLocator - ok
22:04:21.0187 5200 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
22:04:21.0202 5200 RpcSs - ok
22:04:21.0249 5200 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
22:04:21.0249 5200 rspndr - ok
22:04:21.0280 5200 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:04:21.0280 5200 SamSs - ok
22:04:21.0327 5200 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
22:04:21.0327 5200 sbp2port - ok
22:04:21.0343 5200 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
22:04:21.0358 5200 SCardSvr - ok
22:04:21.0374 5200 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
22:04:21.0374 5200 scfilter - ok
22:04:21.0452 5200 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
22:04:21.0468 5200 Schedule - ok
22:04:21.0499 5200 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
22:04:21.0514 5200 SCPolicySvc - ok
22:04:21.0546 5200 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
22:04:21.0561 5200 SDRSVC - ok
22:04:21.0577 5200 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:04:21.0577 5200 secdrv - ok
22:04:21.0624 5200 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
22:04:21.0624 5200 seclogon - ok
22:04:21.0639 5200 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
22:04:21.0639 5200 SENS - ok
22:04:21.0670 5200 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
22:04:21.0670 5200 SensrSvc - ok
22:04:21.0686 5200 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
22:04:21.0702 5200 Serenum - ok
22:04:21.0733 5200 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
22:04:21.0733 5200 Serial - ok
22:04:21.0764 5200 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
22:04:21.0764 5200 sermouse - ok
22:04:21.0811 5200 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
22:04:21.0811 5200 SessionEnv - ok
22:04:21.0842 5200 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
22:04:21.0842 5200 sffdisk - ok
22:04:21.0858 5200 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
22:04:21.0858 5200 sffp_mmc - ok
22:04:21.0873 5200 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
22:04:21.0873 5200 sffp_sd - ok
22:04:21.0889 5200 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
22:04:21.0889 5200 sfloppy - ok
22:04:21.0936 5200 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
22:04:21.0951 5200 SharedAccess - ok
22:04:21.0982 5200 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
22:04:21.0998 5200 ShellHWDetection - ok
22:04:22.0029 5200 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
22:04:22.0045 5200 sisagp - ok
22:04:22.0060 5200 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:04:22.0060 5200 SiSRaid2 - ok
22:04:22.0076 5200 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
22:04:22.0092 5200 SiSRaid4 - ok
22:04:22.0216 5200 SkypeUpdate (68ea68d03bf58389fe6ad2b38fad798c) C:\Program Files\Skype\Updater\Updater.exe
22:04:22.0216 5200 SkypeUpdate - ok
22:04:22.0279 5200 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
22:04:22.0279 5200 Smb - ok
22:04:22.0326 5200 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
22:04:22.0326 5200 SNMPTRAP - ok
22:04:22.0357 5200 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
22:04:22.0357 5200 spldr - ok
22:04:22.0419 5200 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
22:04:22.0435 5200 Spooler - ok
22:04:22.0778 5200 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
22:04:22.0840 5200 sppsvc - ok
22:04:22.0996 5200 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
22:04:22.0996 5200 sppuinotify - ok
22:04:23.0090 5200 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
22:04:23.0090 5200 srv - ok
22:04:23.0168 5200 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
22:04:23.0199 5200 srv2 - ok
22:04:23.0246 5200 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
22:04:23.0246 5200 srvnet - ok
22:04:23.0293 5200 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
22:04:23.0308 5200 SSDPSRV - ok
22:04:23.0324 5200 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
22:04:23.0340 5200 SstpSvc - ok
22:04:23.0355 5200 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
22:04:23.0355 5200 stexstor - ok
22:04:23.0449 5200 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
22:04:23.0464 5200 StiSvc - ok
22:04:23.0511 5200 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
22:04:23.0511 5200 swenum - ok
22:04:23.0542 5200 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
22:04:23.0558 5200 swprv - ok
22:04:23.0870 5200 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
22:04:23.0886 5200 SysMain - ok
22:04:23.0932 5200 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
22:04:23.0932 5200 TabletInputService - ok
22:04:23.0979 5200 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
22:04:23.0995 5200 TapiSrv - ok
22:04:23.0995 5200 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
22:04:24.0010 5200 TBS - ok
22:04:24.0120 5200 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
22:04:24.0151 5200 Tcpip - ok
22:04:24.0276 5200 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
22:04:24.0276 5200 TCPIP6 - ok
22:04:24.0369 5200 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
22:04:24.0369 5200 tcpipreg - ok
22:04:24.0400 5200 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
22:04:24.0400 5200 TDPIPE - ok
22:04:24.0416 5200 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
22:04:24.0416 5200 TDTCP - ok
22:04:24.0447 5200 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
22:04:24.0463 5200 tdx - ok
22:04:24.0494 5200 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
22:04:24.0494 5200 TermDD - ok
22:04:24.0556 5200 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
22:04:24.0572 5200 TermService - ok
22:04:24.0588 5200 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
22:04:24.0588 5200 Themes - ok
22:04:24.0619 5200 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
22:04:24.0619 5200 THREADORDER - ok
22:04:24.0650 5200 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
22:04:24.0650 5200 TrkWks - ok
22:04:24.0697 5200 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
22:04:24.0712 5200 TrustedInstaller - ok
22:04:24.0744 5200 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:04:24.0744 5200 tssecsrv - ok
22:04:24.0790 5200 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
22:04:24.0790 5200 TsUsbFlt - ok
22:04:24.0853 5200 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
22:04:24.0868 5200 tunnel - ok
22:04:24.0900 5200 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
22:04:24.0900 5200 uagp35 - ok
22:04:24.0931 5200 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
22:04:24.0946 5200 udfs - ok
22:04:24.0978 5200 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
22:04:24.0978 5200 UI0Detect - ok
22:04:25.0009 5200 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
22:04:25.0009 5200 uliagpkx - ok
22:04:25.0056 5200 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
22:04:25.0056 5200 umbus - ok
22:04:25.0102 5200 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
22:04:25.0102 5200 UmPass - ok
22:04:25.0274 5200 UMVPFSrv (5b27bac376642259825a6131879d760b) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
22:04:25.0274 5200 UMVPFSrv - ok
22:04:25.0305 5200 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
22:04:25.0321 5200 upnphost - ok
22:04:25.0368 5200 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
22:04:25.0368 5200 USBAAPL - ok
22:04:25.0414 5200 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
22:04:25.0414 5200 usbaudio - ok
22:04:25.0414 5200 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
22:04:25.0430 5200 usbccgp - ok
22:04:25.0461 5200 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
22:04:25.0461 5200 usbcir - ok
22:04:25.0477 5200 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
22:04:25.0477 5200 usbehci - ok
22:04:25.0508 5200 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
22:04:25.0524 5200 usbhub - ok
22:04:25.0539 5200 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
22:04:25.0539 5200 usbohci - ok
22:04:25.0570 5200 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
22:04:25.0570 5200 usbprint - ok
22:04:25.0586 5200 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
22:04:25.0586 5200 usbscan - ok
22:04:25.0617 5200 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:04:25.0617 5200 USBSTOR - ok
22:04:25.0633 5200 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
22:04:25.0633 5200 usbuhci - ok
22:04:25.0648 5200 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
22:04:25.0648 5200 UxSms - ok
22:04:25.0680 5200 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:04:25.0680 5200 VaultSvc - ok
22:04:25.0695 5200 VCSVADHWSer (b2abab4ca46bad182e27763dc19c780f) C:\Windows\system32\DRIVERS\vcsvad.sys
22:04:25.0695 5200 VCSVADHWSer - ok
22:04:25.0742 5200 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
22:04:25.0742 5200 vdrvroot - ok
22:04:25.0789 5200 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
22:04:25.0820 5200 vds - ok
22:04:25.0867 5200 VF0350Afx (e8532ccc886588219bceb3ea6f9f5339) C:\Windows\system32\Drivers\V0350Afx.sys
22:04:25.0867 5200 VF0350Afx - ok
22:04:25.0882 5200 VF0350Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\V0350VFx.sys
22:04:25.0882 5200 VF0350Vfx - ok
22:04:25.0914 5200 VF0350Vid (0bfd58f9ad1e953f475526e12b81a85a) C:\Windows\system32\DRIVERS\V0350Vid.sys
22:04:25.0914 5200 VF0350Vid - ok
22:04:25.0945 5200 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
22:04:25.0945 5200 vga - ok
22:04:25.0960 5200 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
22:04:25.0960 5200 VgaSave - ok
22:04:25.0992 5200 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
22:04:26.0007 5200 vhdmp - ok
22:04:26.0023 5200 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
22:04:26.0038 5200 viaagp - ok
22:04:26.0054 5200 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
22:04:26.0054 5200 ViaC7 - ok
22:04:26.0070 5200 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
22:04:26.0070 5200 viaide - ok
22:04:26.0101 5200 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
22:04:26.0101 5200 volmgr - ok
22:04:26.0132 5200 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
22:04:26.0148 5200 volmgrx - ok
22:04:26.0163 5200 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
22:04:26.0163 5200 volsnap - ok
22:04:26.0194 5200 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
22:04:26.0194 5200 vsmraid - ok
22:04:26.0272 5200 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
22:04:26.0288 5200 VSS - ok
22:04:26.0304 5200 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
22:04:26.0304 5200 vwifibus - ok
22:04:26.0319 5200 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
22:04:26.0319 5200 vwififlt - ok
22:04:26.0350 5200 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
22:04:26.0366 5200 W32Time - ok
22:04:26.0382 5200 WacomPen (de3721e89c653aa281428c8a69745d90)

continua
popy91
Utente Junior
 
Post: 58
Iscritto il: 16/05/07 14:41

Prossimo

Torna a Sistemi Operativi Windows


Topic correlati a "Tutto nel PC è sparito nel nulla":


Chi c’è in linea

Visitano il forum: Nessuno e 38 ospiti