pc non si avvia

di **zeal94** » 09/02/11 23:34

salve, come da titolo il pc non si avvia fa la schermata della scheda madre iniziale e poi si ferma quando lampeggia il simbolo "_" ho windows xp serivice pack 2, ho pensato di formatta con il recovery ma non mi fa entrare neanche in modalita provvisoria quindi non sono riuscito a formattare, che posso fare? magari se è possibile anche recuperare i file che ho dentro... grazie in anticipatamente per le risposte...

di **antoo69** » 10/02/11 08:07

Per il recupero dei dati dell'hard disk hai due strade, 1 scarichi e installi una versione live di Ubuntu, una volta lanciato il sistema operativo puoi copiare i dati su un supporto esterno. 2 smonti l'hard disk e lo metti in un box per hard disk esterno usb, da 2,5" se si tratta di un portatile,da 3,5" se si tratta di un pc fisso, e poi lo colleghi ad un pc funzionante.
Una volta salvato i dati puoi formattare reinstallando il sistema operativo.

di **zeal94** » 10/02/11 12:49

i dati sono riuscito a recuperarli...
però non so come fare con la formattazione visto che il recovery non mi fa accedere e il cd di installazione quando ho comprato il pc non c'era, infatti ho sempre usato il recovery...

di **antoo69** » 10/02/11 13:42

Quando hai acquistato il pc, avresti dovuto crearti i dvd di ripristino, di solito si creano dopo la prima accensione della macchina, utilizzando il software che il produttore fornisce preinstallato. A questo punto non ti resta che chiamare l'assistenza e farti spedire il dvd (a pagamento) con il sistema operativo idoneo al tuo pc ed alla tua licenza. Per il futuro cerca di creare almeno un'immagine del disco del pc, con appositi software, Norton Ghost o altri anche free.

di **zeal94** » 10/02/11 20:06

mmm... dovrei averlo fatto il dvd di ripristino, devo guardare se sta con tutti gli altri dvd, sarà un impresa xD...
vi farò sapere

di **zeal94** » 11/02/11 15:27

allora...ho trovato il dvd di ripristino e quando mi ha chiesto di fare usare il recovery o entrare in xp ho messo xp, sono entrato e l'antivirus mi ha trovato un virus:
Rootkit.Win32.TDSS.mbr con percorso \DEVICE\HARDDISK0\DR0
ho messo disinfetta e riavvia ma non è cambiato nulla una volta riavviato devo rimettere il dvd di ripristino per entrare e l'antivirus ritrova il virus di prima... ora che mi viene in mente prima che c'è stato questo problema mi ha fatto anche l'errore di generic host process win32...

di **antoo69** » 11/02/11 17:00

Sposto nella sezione Sicurezza e Privacy, sperando che possano darti indicazioni. Comunque è strano, con il dvd di ripristino dovrebbe spianare tutto e riportarti il pc alle condizioni di fabbrica..

di **zeal94** » 11/02/11 17:04

si posso usare il recovery solo che mi fa scegliere la console da usare e c'è Microsoft Xp Media center edition ecc... e sotto console per il ripristino o una cosa del genere se metto la prima mi fa entrare normalmente in xp e visto che ora sono dentro volevo sistemare senza formattare...

di **valeriot90** » 12/02/11 11:04

Sul sito megalab c'è una guida fatta ad hoc che fà proprio al caso tuo:
http://www.megalab.it/6562/i-virus-su-w ... ite-ubuntu

Prova in questo modo e vedi se riesci a risolvere il problema.
Saluti.

di **Luke57** » 12/02/11 13:49

Ciao, scarica tdsskiller e salvalo sul desktop
http://support.kaspersky.com/downloads/ ... killer.zip
Estrai il contenuto sul desktop.Doppio click su
TDSSKILLER.exe per avviare l'applicazione e poi su start scan.
Se un file infetto viene trovato,l'azione di default sarà cure,clicca su continua.
Se un file sospetto viene trovato,l'azione di default sarà skip,clicca su continua.
Se ti viene chiesto di riavviare il pc completa il processo.Clicca su riavvia ora.
Se nessun riavvio è richiesto clicca su report e salva il contenuto in un file di testo.
Se un riavvio è richiesto il report si trova in C:\folder in questa forma "TDSSKiller.[Version]_[Date]_[Time]_log.txt"

Posta il report

di **zeal94** » 13/02/11 02:02

fatto, non sembra cambiato nulla.

ecco il report:

Codice: Seleziona tutto: 2011/02/13 01:55:02.0296 0936 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20 2011/02/13 01:55:02.0984 0936 ================================================================================ 2011/02/13 01:55:02.0984 0936 SystemInfo: 2011/02/13 01:55:02.0984 0936 2011/02/13 01:55:02.0984 0936 OS Version: 5.1.2600 ServicePack: 2.0 2011/02/13 01:55:02.0984 0936 Product type: Workstation 2011/02/13 01:55:02.0984 0936 ComputerName: ANDREA 2011/02/13 01:55:02.0984 0936 UserName: HP_Administrator 2011/02/13 01:55:02.0984 0936 Windows directory: C:\WINDOWS 2011/02/13 01:55:02.0984 0936 System windows directory: C:\WINDOWS 2011/02/13 01:55:02.0984 0936 Processor architecture: Intel x86 2011/02/13 01:55:02.0984 0936 Number of processors: 2 2011/02/13 01:55:02.0984 0936 Page size: 0x1000 2011/02/13 01:55:02.0984 0936 Boot type: Normal boot 2011/02/13 01:55:02.0984 0936 ================================================================================ 2011/02/13 01:55:05.0390 0936 Initialize success 2011/02/13 01:55:09.0109 2292 ================================================================================ 2011/02/13 01:55:09.0109 2292 Scan started 2011/02/13 01:55:09.0109 2292 Mode: Manual; 2011/02/13 01:55:09.0109 2292 ================================================================================ 2011/02/13 01:55:11.0390 2292 ACPI (ad825cb3397c837d1fb91d566d78de04) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/02/13 01:55:11.0500 2292 ACPIEC (49ac5cd87fbdda62f3e25190019e7627) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/02/13 01:55:11.0656 2292 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys 2011/02/13 01:55:11.0781 2292 AF15BDA (3cd15ebaa1d68bc18ce14a26683bc1ec) C:\WINDOWS\system32\DRIVERS\AF15BDA.sys 2011/02/13 01:55:11.0968 2292 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys 2011/02/13 01:55:12.0046 2292 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys 2011/02/13 01:55:12.0234 2292 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/02/13 01:55:12.0421 2292 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/02/13 01:55:12.0468 2292 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/02/13 01:55:12.0500 2292 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/02/13 01:55:12.0578 2292 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/02/13 01:55:12.0640 2292 bb-run (7270d070173b20ac9487ea16bb08b45f) C:\WINDOWS\system32\DRIVERS\bb-run.sys 2011/02/13 01:55:12.0703 2292 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/02/13 01:55:12.0781 2292 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/02/13 01:55:12.0921 2292 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/02/13 01:55:13.0015 2292 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/02/13 01:55:13.0046 2292 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/02/13 01:55:13.0125 2292 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/02/13 01:55:13.0312 2292 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Programmi\SystemRequirementsLab\cpudrv.sys 2011/02/13 01:55:13.0515 2292 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/02/13 01:55:13.0609 2292 dmboot (6570b4c952f0d8fee4c6ef2ff5e10c08) C:\WINDOWS\system32\drivers\dmboot.sys 2011/02/13 01:55:13.0796 2292 dmio (c57d35621782c7f40770f3e5ca20a182) C:\WINDOWS\system32\drivers\dmio.sys 2011/02/13 01:55:13.0890 2292 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/02/13 01:55:13.0953 2292 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys 2011/02/13 01:55:14.0046 2292 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/02/13 01:55:14.0187 2292 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2011/02/13 01:55:14.0234 2292 ELacpi (0923aec043f5d355b4ef0c2b29a362de) C:\WINDOWS\system32\DRIVERS\ELacpi.sys 2011/02/13 01:55:14.0328 2292 ElbyCDFL (c61c83501268b0110b5c5db7e63dee0c) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys 2011/02/13 01:55:14.0390 2292 ElbyCDIO (fa13264eea448b2e1b3a844ae4f75c7a) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys 2011/02/13 01:55:14.0453 2292 ELhid (cbd71e7772f92bfb85ccc302b2deefba) C:\WINDOWS\System32\Drivers\Elhid.sys 2011/02/13 01:55:14.0468 2292 ELkbd (ac75b576c45d144e146fd1f0576a1f53) C:\WINDOWS\System32\Drivers\Elkbd.sys 2011/02/13 01:55:14.0562 2292 ELmon (483cce5e40137d4e437f4def55c80007) C:\WINDOWS\System32\Drivers\Elmon.sys 2011/02/13 01:55:14.0671 2292 ELmou (8e88cafeac0812bf2d15beeedfcce8bd) C:\WINDOWS\System32\Drivers\Elmou.sys 2011/02/13 01:55:14.0812 2292 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/02/13 01:55:14.0921 2292 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys 2011/02/13 01:55:14.0953 2292 Fips (333fbbc71bdcbb46c58a3b51b3d51184) C:\WINDOWS\system32\drivers\Fips.sys 2011/02/13 01:55:15.0000 2292 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys 2011/02/13 01:55:15.0046 2292 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2011/02/13 01:55:15.0078 2292 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/02/13 01:55:15.0125 2292 Ftdisk (f3269a6ee547ea87b949a1cea4816b38) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/02/13 01:55:15.0187 2292 ftsata2 (22399d3ce5840c6082844679cca5d2fc) C:\WINDOWS\system32\DRIVERS\ftsata2.sys 2011/02/13 01:55:15.0250 2292 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2011/02/13 01:55:15.0375 2292 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/02/13 01:55:15.0500 2292 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/02/13 01:55:15.0671 2292 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/02/13 01:55:15.0796 2292 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 2011/02/13 01:55:15.0890 2292 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 2011/02/13 01:55:16.0000 2292 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 2011/02/13 01:55:16.0125 2292 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/02/13 01:55:16.0265 2292 i8042prt (30e64dfa4efaacc8142ea07766181fb4) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/02/13 01:55:16.0359 2292 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 2011/02/13 01:55:16.0453 2292 iaStor (88b1943ecff661f765228099138cf6ab) C:\WINDOWS\system32\DRIVERS\iastor.sys 2011/02/13 01:55:16.0515 2292 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/02/13 01:55:16.0796 2292 IntcAzAudAddService (12f4d2aa29745dc2a403ff42e75cf7fa) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/02/13 01:55:16.0890 2292 IntelIde (7c15b34147134381421d7044479a1d73) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/02/13 01:55:17.0015 2292 intelppm (ebc07787034bbe312020d30198a9f362) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/02/13 01:55:17.0093 2292 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2011/02/13 01:55:17.0125 2292 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/02/13 01:55:17.0156 2292 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/02/13 01:55:17.0234 2292 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/02/13 01:55:17.0359 2292 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/02/13 01:55:17.0500 2292 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/02/13 01:55:17.0625 2292 isapnp (ea3245a8e8758d6b84de189a5caaa75e) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/02/13 01:55:17.0687 2292 ivusb (339dea550cc17283d6fd689ac7e67c57) C:\WINDOWS\system32\DRIVERS\ivusb.sys 2011/02/13 01:55:17.0765 2292 Kbdclass (e883ae6ea0b313e659225aa32e449ce9) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/02/13 01:55:17.0843 2292 kbdhid (24f4d51e89822c349044c28be255c8a5) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/02/13 01:55:17.0921 2292 KL1 (94d67d49bd9503bb1d838405d80f2058) C:\WINDOWS\system32\DRIVERS\kl1.sys 2011/02/13 01:55:17.0937 2292 kl2 (713576569667ac9e0f8556076004a96b) C:\WINDOWS\system32\DRIVERS\kl2.sys 2011/02/13 01:55:18.0046 2292 KLIF (395a295fd9ea657b4a3621e402cc56c5) C:\WINDOWS\system32\DRIVERS\klif.sys 2011/02/13 01:55:18.0156 2292 klim5 (8d6e11bfa9927978d25b1b8029554f07) C:\WINDOWS\system32\DRIVERS\klim5.sys 2011/02/13 01:55:18.0281 2292 klmouflt (3959530f69e19da56f1f24f2c89f1e2c) C:\WINDOWS\system32\DRIVERS\klmouflt.sys 2011/02/13 01:55:18.0343 2292 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys 2011/02/13 01:55:18.0468 2292 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/02/13 01:55:18.0593 2292 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys 2011/02/13 01:55:18.0687 2292 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/02/13 01:55:18.0734 2292 Modem (b30d2db351e3191bd71232036cfe711a) C:\WINDOWS\system32\drivers\Modem.sys 2011/02/13 01:55:18.0812 2292 Mouclass (c458e314b8722253897c94a714c2e0c0) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/02/13 01:55:18.0875 2292 mouhid (d7662f0cf5b77bbbe3202716f5bd5318) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/02/13 01:55:18.0937 2292 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/02/13 01:55:18.0984 2292 MPE (55a9a7e6bb297bf0f5b144029dcb79cc) C:\WINDOWS\system32\DRIVERS\MPE.sys 2011/02/13 01:55:19.0093 2292 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/02/13 01:55:19.0156 2292 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/02/13 01:55:19.0234 2292 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys 2011/02/13 01:55:19.0312 2292 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/02/13 01:55:19.0390 2292 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/02/13 01:55:19.0468 2292 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/02/13 01:55:19.0531 2292 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/02/13 01:55:19.0578 2292 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/02/13 01:55:19.0625 2292 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys 2011/02/13 01:55:19.0718 2292 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/02/13 01:55:19.0796 2292 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys 2011/02/13 01:55:19.0859 2292 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/02/13 01:55:20.0156 2292 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/02/13 01:55:20.0328 2292 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/02/13 01:55:20.0484 2292 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/02/13 01:55:20.0593 2292 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/02/13 01:55:20.0625 2292 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/02/13 01:55:20.0750 2292 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/02/13 01:55:20.0890 2292 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/02/13 01:55:20.0984 2292 nm (60cf8c7192b3614f240838ddbaa4a245) C:\WINDOWS\system32\DRIVERS\NMnt.sys 2011/02/13 01:55:21.0109 2292 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys 2011/02/13 01:55:21.0171 2292 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys 2011/02/13 01:55:21.0265 2292 NPF (6623e51595c0076755c29c00846c4eb2) C:\WINDOWS\system32\drivers\npf.sys 2011/02/13 01:55:21.0343 2292 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys 2011/02/13 01:55:21.0390 2292 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/02/13 01:55:21.0453 2292 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/02/13 01:55:21.0515 2292 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/02/13 01:55:21.0578 2292 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/02/13 01:55:21.0625 2292 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/02/13 01:55:21.0718 2292 Parport (3490ead0612bfd0e7c1b864ee24e6a4a) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/02/13 01:55:21.0781 2292 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/02/13 01:55:21.0812 2292 ParVdm (0dabef655a444cb1e193626fb1d24b9f) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/02/13 01:55:21.0875 2292 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys 2011/02/13 01:55:21.0921 2292 PCI (91fc1d483d900b1c0600a08b871c39d5) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/02/13 01:55:21.0968 2292 PCIIde (b2df00d650fd6c4ee781740ed3c8e67f) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/02/13 01:55:22.0046 2292 Pcmcia (28f3538a2091993a03506311a05053e8) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/02/13 01:55:22.0484 2292 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/02/13 01:55:22.0562 2292 PQNTDrv (4228630829c0e521c43d882a00533374) C:\WINDOWS\system32\drivers\PQNTDrv.sys 2011/02/13 01:55:22.0656 2292 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys 2011/02/13 01:55:22.0781 2292 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/02/13 01:55:22.0859 2292 pspdisp (30c867c08b13e66710e3210c8938e902) C:\WINDOWS\system32\DRIVERS\pspdisp.sys 2011/02/13 01:55:22.0984 2292 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/02/13 01:55:23.0015 2292 PxHelp20 (97b735de4e3cd44c71c8cb09bdbf07b7) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/02/13 01:55:23.0140 2292 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/02/13 01:55:23.0187 2292 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/02/13 01:55:23.0250 2292 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/02/13 01:55:23.0281 2292 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/02/13 01:55:23.0359 2292 Rdbss (809ca45caa9072b3176ad44579d7f688) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/02/13 01:55:23.0500 2292 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/02/13 01:55:23.0562 2292 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/02/13 01:55:23.0656 2292 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/02/13 01:55:23.0734 2292 redbook (a8eee004a16af1d583d9de9f6de250e0) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/02/13 01:55:23.0843 2292 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 2011/02/13 01:55:23.0953 2292 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/02/13 01:55:24.0015 2292 Serial (dbab3260e7eb3398cb87267d1410fad4) C:\WINDOWS\system32\drivers\Serial.sys 2011/02/13 01:55:24.0218 2292 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/02/13 01:55:24.0375 2292 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/02/13 01:55:24.0453 2292 snapman (bd3863c139f3380a9f44fb188feefc6e) C:\WINDOWS\system32\DRIVERS\snapman.sys 2011/02/13 01:55:24.0687 2292 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys 2011/02/13 01:55:24.0843 2292 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys 2011/02/13 01:55:24.0843 2292 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b 2011/02/13 01:55:24.0843 2292 sptd - detected Locked file (1) 2011/02/13 01:55:24.0859 2292 sr (896f566afc498077172eae8a50e8baf8) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/02/13 01:55:24.0968 2292 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/02/13 01:55:25.0093 2292 StkAMini (69a926dbca12046633e3d6e6d46e7087) C:\WINDOWS\system32\Drivers\StkAMini.sys 2011/02/13 01:55:25.0218 2292 StkScan (83406fb18cb0abfec501add986d63572) C:\WINDOWS\system32\Drivers\StkScan.sys 2011/02/13 01:55:25.0281 2292 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/02/13 01:55:25.0359 2292 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/02/13 01:55:25.0453 2292 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys 2011/02/13 01:55:25.0718 2292 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/02/13 01:55:25.0828 2292 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/02/13 01:55:26.0031 2292 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/02/13 01:55:26.0062 2292 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/02/13 01:55:26.0156 2292 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/02/13 01:55:26.0234 2292 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys 2011/02/13 01:55:26.0312 2292 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys 2011/02/13 01:55:26.0390 2292 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys 2011/02/13 01:55:26.0500 2292 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys 2011/02/13 01:55:26.0593 2292 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/02/13 01:55:26.0687 2292 usbehci (7481d843e672b51039b7e8a161b746b8) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/02/13 01:55:26.0765 2292 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/02/13 01:55:26.0828 2292 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/02/13 01:55:26.0906 2292 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/02/13 01:55:27.0000 2292 usbser (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOWS\system32\drivers\usbser.sys 2011/02/13 01:55:27.0078 2292 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys 2011/02/13 01:55:27.0125 2292 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/02/13 01:55:27.0187 2292 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/02/13 01:55:27.0250 2292 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys 2011/02/13 01:55:27.0328 2292 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys 2011/02/13 01:55:27.0437 2292 VolSnap (698869e82c57169f2140c04a272bf12b) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/02/13 01:55:27.0531 2292 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/02/13 01:55:27.0687 2292 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 2011/02/13 01:55:27.0968 2292 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/02/13 01:55:28.0109 2292 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 2011/02/13 01:55:28.0296 2292 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/02/13 01:55:28.0375 2292 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/02/13 01:55:28.0468 2292 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/02/13 01:55:28.0562 2292 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/02/13 01:55:28.0562 2292 ================================================================================ 2011/02/13 01:55:28.0562 2292 Scan finished 2011/02/13 01:55:28.0562 2292 ================================================================================ 2011/02/13 01:55:28.0578 2120 Detected object count: 2 2011/02/13 01:55:30.0375 2120 Locked file(sptd) - User select action: Skip 2011/02/13 01:55:30.0375 2120 \HardDisk0 - will be cured after reboot 2011/02/13 01:55:30.0375 2120 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 2011/02/13 01:55:33.0000 3504 Deinitialize success

di **Luke57** » 13/02/11 15:01

Ciao, ti giro pari pari una risposta data in un caso simile al tuo, dato che anche l'eliminazione del rootkit tdss non è servita a niente:
Proviamo a fare una scansione con Rescue Disk della Kaspersky
http://rescuedisk.kaspersky-labs.com/re ... /updatable
l'immagine iso dev'essere masterizzata su CD.
Verifica poi che il computer esegua il boot da CD, all'URL trovi una dettagliata guida per poterlo configurare http://www.istitutomajorana.it/index.ph ... &Itemid=33

Una volta settato la corretta sequenza di boot, non devi fare altro che inserire nel lettore il CD precedentemente masterizzato e seguire i passaggi.

Se hai problemi puoi guardare la guida presente all'URL
http://support.kaspersky.com/viruses/re ... =208282484
terminata la scansione riavvia il pc e fai sapere.

di **zeal94** » 14/02/11 16:51

niente da fare, ho scaricato, eseguito tutti i passaggi e scansionato ma non ha trovato niente, il problema c'è ancora :|.

di **nikita75** » 14/02/11 17:32

http://spywareremovalguides.com/rootkit ... moval.html

vedi se puo' esserti d'aiuto questo link ......

Il distruttivo Trojan si e incorporare il sistema di elaborare i file di Windows per nascondere le sue attività dal-Virus programmi di scansione anti. Il rootkit è progettato per infettare il master boot record (MBR) del computer che rende il sistema instabile e possibili programma o sistema operativo (OS) si blocca. Il suo obiettivo principale, naturalmente, è quello di fornire agli hacker l'accesso remoto al computer aprendo una porta porta posteriore, che compromette la vostra identità e dati sensibili come account di posta elettronica, le password degli account on-line banking, le informazioni della carta di credito, e di altri importanti dati potenzialmente.

Ricordate sempre prevenire è meglio che curare. Quindi, mantenere il sistema operativo Windows e software anti-virus costantemente aggiornato, ma se si è infettati da questo rootkit brutto, le istruzioni sono di seguito dettagliate su come rimuovere Rootkit Win32.tdss.mbr.

-------------------------------------------------------------------------------------------------------------------------------
Disattiva Ripristino configurazione di sistema (se si utilizza Windows XP e ME)

• Fine Rootkit processo Win32.tdss.mbr file (clic destro sulla barra delle applicazioni → aprire il Task Manager fare clic sulla scheda Processi → → fare clic destro sul Trojan identificati → Termina processo)

RkLYLyoM.exe
podmena.exe
file.exe
~. Exe
7-v3av.exe
csrssc.exe
72631899.exe
1776260179.exe
ucxmykkc.exe
..........................

di **Luke57** » 14/02/11 18:35

Ciao, il rootkit Tdss dovrebbe essere stato eliminato da tdss.killer come si evince dal report.
Scarica combofix

http://www.bleepingcomputer.com/downloa ... s/combofix

qui tutorial sull'utilizzo
http://www.bleepingcomputer.com/combofi ... e-combofix

al termine della scansione posta il report, indipendentemente dall'esito, che trovi in C:\combofix.txt.

di **zeal94** » 14/02/11 18:46

no di quei file nel task manager non ci sono.

di **zeal94** » 15/02/11 01:10

ecco qua il report:

Codice: Seleziona tutto: ComboFix 11-02-13.04 - HP_Administrator 15/02/2011 0.43.09.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.2039.524 [GMT 1:00] Eseguito da: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\HP_Administrator\Dati applicazioni\Adobe\plugs c:\documents and settings\HP_Administrator\Dati applicazioni\Adobe\plugs\KB13747671.exe c:\documents and settings\HP_Administrator\Dati applicazioni\Adobe\plugs\KB13747843.exe c:\documents and settings\HP_Administrator\Dati applicazioni\Adobe\plugs\KB13747921.exe c:\documents and settings\HP_Administrator\Dati applicazioni\OfferBox c:\documents and settings\HP_Administrator\Dati applicazioni\OfferBox\config.xml c:\documents and settings\HP_Administrator\Dati applicazioni\QUAD Backups c:\documents and settings\HP_Administrator\Dati applicazioni\QUAD Backups\02.11.2011,14-52-50\Automatic.reg c:\documents and settings\HP_Administrator\Dati applicazioni\QUAD Backups\11.07.2010,13-23-42\Automatic.reg c:\documents and settings\HP_Administrator\Dati applicazioni\QUAD Backups\12.09.2010,23-29-46\Automatic.reg c:\documents and settings\HP_Administrator\Dati applicazioni\QUAD Backups\12.10.2010,17-55-02\Automatic.reg c:\documents and settings\HP_Administrator\Dati applicazioni\QUAD Backups\12.10.2010,18-34-28\Automatic.reg c:\documents and settings\HP_Administrator\Dati applicazioni\QUAD Backups\12.17.2010,20-35-38\Automatic.reg c:\documents and settings\HP_Administrator\Desktop\QUAD Registry Cleaner.lnk c:\documents and settings\HP_Administrator\Menu Avvio\Programmi\QUAD Utilities c:\documents and settings\HP_Administrator\Menu Avvio\Programmi\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner website.lnk c:\documents and settings\HP_Administrator\Menu Avvio\Programmi\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.lnk c:\documents and settings\HP_Administrator\Menu Avvio\Programmi\QUAD Utilities\QUAD Registry Cleaner\Uninstall QUAD Registry Cleaner.lnk c:\documents and settings\HP_Administrator\Recent\Thumbs.db c:\programmi\QUAD Utilities c:\programmi\QUAD Utilities\QUAD Registry Cleaner\program.log c:\programmi\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner website.url c:\programmi\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe c:\programmi\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe.BAK c:\programmi\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe c:\programmi\QUAD Utilities\QUAD Registry Cleaner\Styles\Vista.cjstyles c:\programmi\QUAD Utilities\QUAD Registry Cleaner\uninst.exe c:\programmi\QUAD Utilities\QUAD Registry Cleaner\Vista Scheduler.dll c:\windows\system32\AutoRun.inf c:\windows\system32\drivers\npf.sys c:\windows\system32\Packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\wpcap.dll D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Driver/Servizi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_NPF ((((((((((((((((((((((((( Files Creati Da 2011-01-15 al 2011-02-15 ))))))))))))))))))))))))))))))))))) . 2011-02-14 16:34 . 2011-02-14 16:40 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0 2011-02-08 23:54 . 2011-02-08 23:54 -------- d-----w- C:\spoolerlogs 2011-02-07 18:16 . 2011-02-07 18:16 -------- d-----w- c:\programmi\VS Revo Group 2011-02-07 18:16 . 2011-02-07 18:16 -------- d-----w- c:\programmi\Recuva 2011-02-07 18:16 . 2011-02-07 18:16 -------- d-----w- c:\programmi\GSmartControl 2011-02-07 18:10 . 2011-02-07 18:10 -------- d-----w- c:\documents and settings\HP_Administrator\Dati applicazioni\Qlock 2011-02-07 18:09 . 2011-02-07 18:09 -------- d-----w- c:\programmi\Qlock 2011-02-07 18:07 . 2011-02-07 18:17 -------- d-----w- C:\My Lockbox 2011-02-07 18:06 . 2010-01-06 17:23 142648 ----a-w- c:\windows\system32\fsproflt.exe 2011-02-07 18:06 . 2008-06-05 18:37 43792 ----a-w- c:\windows\system32\drivers\FSPFltd.sys 2011-02-07 17:57 . 2011-02-11 13:55 -------- d-----w- c:\programmi\SpeedFan 2011-02-07 17:56 . 2011-02-11 13:52 -------- d-----w- c:\programmi\Core Temp 2011-02-06 21:57 . 2011-02-06 21:57 -------- d-----w- c:\documents and settings\HP_Administrator\Impostazioni locali\Dati applicazioni\Alexander_Nikiforov 2011-02-06 21:57 . 2011-02-06 21:57 -------- d-----w- c:\documents and settings\HP_Administrator\Dati applicazioni\MP3SkypeRecorder 2011-02-06 21:57 . 2011-02-06 21:57 -------- d-----w- c:\programmi\MP3 Skype Recorder 2011-02-06 21:11 . 2011-02-12 15:15 -------- d-----w- c:\documents and settings\HP_Administrator\Dati applicazioni\AstoundStereoExpander 2011-02-06 21:11 . 2011-02-12 15:15 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP 2011-01-24 14:44 . 2011-01-24 14:44 -------- d-----w- c:\programmi\Runtime Software 2011-01-24 14:44 . 2004-07-15 23:16 32768 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\Objectps.dll 2011-01-24 14:44 . 2004-07-15 23:18 172032 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll 2011-01-24 14:44 . 2004-07-15 23:19 266240 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll 2011-01-24 14:44 . 2004-07-15 23:20 69715 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll 2011-01-24 14:44 . 2004-07-15 23:18 5632 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe 2011-01-24 14:44 . 2004-07-15 23:20 733184 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll 2011-01-24 14:43 . 2011-01-24 14:43 180356 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll 2011-01-24 14:43 . 2011-01-24 14:43 303236 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll 2011-01-20 23:50 . 2011-02-03 21:49 -------- d-----w- c:\documents and settings\HP_Administrator\Dati applicazioni\FileZilla 2011-01-20 23:50 . 2011-01-20 23:50 -------- d-----w- c:\programmi\FileZilla FTP Client 2011-01-20 22:20 . 2011-01-20 22:20 166976 ----a-w- c:\windows\system32\drivers\snapman.sys 2011-01-20 22:19 . 2011-01-20 22:19 -------- d-----w- c:\programmi\Acronis 2011-01-20 22:19 . 2011-01-20 22:20 -------- d-----w- c:\programmi\File comuni\Acronis 2011-01-20 21:49 . 2011-01-20 21:49 -------- d-----w- c:\documents and settings\HP_Administrator\Impostazioni locali\Dati applicazioni\Help 2011-01-20 20:44 . 2009-03-02 22:47 49233 ----a-w- c:\windows\system32\fat32format.exe 2011-01-20 20:02 . 2011-01-20 20:02 -------- d-----w- c:\programmi\PowerQuest 2011-01-17 00:57 . 2011-01-17 00:57 -------- d-----w- c:\programmi\Microsoft.NET . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-11 15:41 . 2010-10-30 23:22 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2010-12-22 20:25 . 2010-12-22 20:25 28672 ----a-w- c:\windows\system32\AF15BDAEX.dll 2010-12-22 20:25 . 2010-12-22 20:25 306816 ----a-w- c:\windows\system32\drivers\AF15BDA.sys 2010-12-13 23:48 . 2010-12-13 23:48 457248 ----a-w- c:\windows\system32\nvuninst.exe 2010-12-13 23:48 . 2010-12-13 23:48 457248 ----a-w- c:\windows\system32\nvuawy.exe 2010-12-13 23:48 . 2010-12-13 23:48 151552 ----a-w- c:\windows\system32\NVCOAWY.DLL 2010-12-12 20:23 . 2010-12-12 20:23 29184 ----a-r- c:\documents and settings\HP_Administrator\Dati applicazioni\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe 2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts 2006-05-03 09:06 163328 --sha-r- c:\windows\system32\flvDX.dll 2007-02-21 10:47 31232 --sha-r- c:\windows\system32\msfDX.dll . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 c:\documents and settings\HP_Administrator\Menu Avvio\Programmi\Esecuzione automatica\ PSPdisp.lnk - c:\programmi\PSPdisp\bin\app\PSPdisp.exe [2009-12-11 676352] qlock.lnk - c:\programmi\Qlock\qlock.exe [2009-2-14 4142080] c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\ TMMonitor.lnk - c:\programmi\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2010-11-1 258048] c:\documents and settings\Default User\Menu Avvio\Programmi\Esecuzione automatica\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-10-10 27136] PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-10-10 27136] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programmi\\TVersity\\Media Server\\MediaServer.exe"= "c:\\Programmi\\PSPdisp\\bin\\app\\PSPdisp.exe"= "c:\\Programmi\\eMule\\emule.exe"= "c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"= "c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Programmi\\iTunes\\iTunes.exe"= "c:\\Programmi\\Messenger\\msmsgs.exe"= "c:\\Programmi\\TeamViewer\\Version6\\TeamViewer.exe"= "c:\\Programmi\\TeamViewer\\Version6\\TeamViewer_Service.exe"= "c:\\Programmi\\ArcSoft\\TotalMedia 3.5\\TotalMedia.exe"= "c:\\Programmi\\AstoundStereo\\astoundstereo.exe"= "c:\\Programmi\\AstoundStereo\\aseproc.exe"= "c:\\Programmi\\Skype\\Phone\\Skype.exe"= R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [31/10/2010 14.33.53 717296] R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [09/06/2010 17.43.52 11352] R2 hddledd;hddledd;c:\programmi\HddLed\hddledd.exe [21/08/2009 22.12.18 49152] R2 OS Selector;Acronis OS Selector Activator;c:\programmi\Acronis\DiskDirector\OSS\reinstall_svc.exe [25/10/2010 16.47.18 2163456] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [07/05/2010 12.06.26 32856] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/11/2009 20.27.24 19472] R3 pspdisp;pspdisp;c:\windows\system32\drivers\pspdisp.sys [04/08/2009 17.04.18 3072] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13.16.28 130384] S3 cpudrv;cpudrv;c:\programmi\SystemRequirementsLab\cpudrv.sys [18/12/2009 10.58.52 11336] S3 EuMusDesignVirtualAudioCableWdm_gna;GenAudio AstoundSound (WDM);c:\windows\system32\DRIVERS\vacgnakd.sys --> c:\windows\system32\DRIVERS\vacgnakd.sys [?] S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [10/03/2010 8.18.20 24216] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13.16.28 753504] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 . Contenuto della cartella 'Scheduled Tasks' 2011-02-11 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2011-02-15 c:\windows\Tasks\RegistryBooster.job - c:\programmi\Uniblue\RegistryBooster\rbmonitor.exe [2010-12-07 23:03] . . ------- Scansione supplementare ------- . uStart Page = hxxp://search.babylon.com/home uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=IT_IT&c=64&bd=PAVILION&pf=desktop mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=64&bd=PAVILION&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=IT_IT&c=64&bd=PAVILION&pf=desktop uInternet Connection Wizard,ShellNext = hxxp://info.babylon.com/welcome/?howtouse=1&first=1&ver=8.0.9.4&uid=N/A&uil=11&btp=2&guid={D5EE63CE-362A-4BA8-8B79-C5DE9F8478F7}&email=N/A IE: &Cerca con Google - c:\programmi\Google\GoogleToolbar1.dll/cmsearch.html IE: &Traduci parola in italiano - c:\programmi\Google\GoogleToolbar1.dll/cmwordtrans.html IE: Link a ritroso - c:\programmi\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Pagine simili - c:\programmi\Google\GoogleToolbar1.dll/cmsimilar.html IE: Versione cache della pagina - c:\programmi\Google\GoogleToolbar1.dll/cmcache.html . - - - - CHIAVI ORFANE RIMOSSE - - - - SafeBoot-WudfPf SafeBoot-WudfRd ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-15 01:03 Windows 5.1.2600 Service Pack 2 NTFS scansione processi nascosti ... scansione entrate autostart nascoste ... Scansione files nascosti ... Scansione completata con successo Files nascosti: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Data] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Networking] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Networking 4.0.0.0] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Data Provider for Oracle] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Data Provider for SqlServer] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Memory Cache 4.0] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NETFramework] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Abiosdsk] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\abp480n5] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACDaemon] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPI] "ImagePath"="system32\DRIVERS\ACPI.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPIEC] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\adpu160m] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aec] "ImagePath"="system32\drivers\aec.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AF15BDA] "ImagePath"="system32\DRIVERS\AF15BDA.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Afc] "ImagePath"="system32\drivers\Afc.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AFD] "ImagePath"="\SystemRoot\System32\drivers\afd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Aha154x] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78u2] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78xx] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Alerter] "ServiceDll"="%SystemRoot%\system32\alrsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALG] "ImagePath"="%SystemRoot%\System32\alg.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AliIde] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\amsint] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Apple Mobile Device] "ImagePath"="\"c:\programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AppMgmt] "ServiceDll"="%SystemRoot%\System32\appmgmts.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Arp1394] "ImagePath"="system32\DRIVERS\arp1394.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ARSVC] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3350p] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3550] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET_1.1.4322] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET_2.0.50727] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET_4.0.30319] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aspnet_state] "ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AsyncMac] "ImagePath"="system32\DRIVERS\asyncmac.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atapi] "ImagePath"="system32\DRIVERS\atapi.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atdisk] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atmarpc] "ImagePath"="system32\DRIVERS\atmarpc.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AudioSrv] "ServiceDll"="%SystemRoot%\System32\audiosrv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\audstub] "ImagePath"="system32\DRIVERS\audstub.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Autodata Limited License Service] "ImagePath"="\"c:\programmi\File comuni\Autodata Limited Shared\Service\ADCDLicSvc.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVP] "ImagePath"="\"c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe\" -r" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BattC] "MofImagePath"="System32\Drivers\battc.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bb-run] "ImagePath"="system32\DRIVERS\bb-run.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Beep] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BITS] "ServiceDll"="%systemroot%\system32\qmgr.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Browser] "ServiceDll"="%SystemRoot%\System32\browser.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme] "ImagePath"="\??\c:\docume~1\HP_ADM~1\IMPOST~1\Temp\catchme.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cbidf2k] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CCDECODE] "ImagePath"="system32\DRIVERS\CCDECODE.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cd20xrnt] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdaudio] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdfs] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdrom] "ImagePath"="system32\DRIVERS\cdrom.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Changer] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CiSvc] "ImagePath"="%SystemRoot%\system32\cisvc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ClipSrv] "ImagePath"="%SystemRoot%\system32\clipsrv.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clr_optimization_v2.0.50727_32] "ImagePath"="c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clr_optimization_v4.0.30319_32] "ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmdIde] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\COMSysApp] "ImagePath"="c:\windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentFilter] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentIndex] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cpqarray] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cpudrv] "ImagePath"="\??\c:\programmi\SystemRequirementsLab\cpudrv.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CryptSvc] "ServiceDll"="%SystemRoot%\System32\cryptsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac2w2k] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac960nt] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DcomLaunch] "ServiceDll"="%SystemRoot%\system32\rpcss.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dhcp] "ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Disk] "ImagePath"="system32\DRIVERS\disk.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmadmin] "ImagePath"="%SystemRoot%\System32\dmadmin.exe /com" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmboot] "ImagePath"="System32\drivers\dmboot.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmio] "ImagePath"="System32\drivers\dmio.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmload] "ImagePath"="System32\drivers\dmload.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserver] "ServiceDll"="%SystemRoot%\System32\dmserver.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMusic] "ImagePath"="system32\drivers\DMusic.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dnscache] "ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dpti2o] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drmkaud] "ImagePath"="system32\drivers\drmkaud.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\E100B] "ImagePath"="system32\DRIVERS\e100b325.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ehRecvr] "ImagePath"="c:\windows\eHome\ehRecvr.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ehSched] "ImagePath"="c:\windows\eHome\ehSched.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ELacpi] "ImagePath"="system32\DRIVERS\ELacpi.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ElbyCDFL] "ImagePath"="System32\Drivers\ElbyCDFL.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ElbyCDIO] "ImagePath"="System32\Drivers\ElbyCDIO.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ELhid] "ImagePath"="\??\c:\windows\System32\Drivers\Elhid.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ELkbd] "ImagePath"="\??\c:\windows\System32\Drivers\Elkbd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ELmon] "ImagePath"="\??\c:\windows\System32\Drivers\Elmon.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ELmou] "ImagePath"="\??\c:\windows\System32\Drivers\Elmou.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ELService] "ImagePath"="c:\programmi\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ERSvc] "ServiceDll"="%SystemRoot%\System32\ersvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EuMusDesignVirtualAudioCableWdm_gna] "ImagePath"="system32\DRIVERS\vacgnakd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Eventlog] "ImagePath"="%SystemRoot%\system32\services.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem] "ServiceDll"="c:\windows\system32\es.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fax] "ImagePath"="%systemroot%\system32\fxssvc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr] "ImagePath"="system32\DRIVERS\fltMgr.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FontCache3.0.0.0] "ImagePath"="c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk] "ImagePath"="system32\DRIVERS\ftdisk.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ftsata2] "ImagePath"="system32\DRIVERS\ftsata2.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GEARAspiWDM] "ImagePath"="system32\DRIVERS\GEARAspiWDM.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc] "ImagePath"="system32\DRIVERS\msgpc.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HDAudBus] "ImagePath"="system32\DRIVERS\HDAudBus.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hddledd] "ImagePath"="c:\programmi\HddLed\hddledd.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc] "ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ] "ServiceDll"="%SystemRoot%\System32\hidserv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidUsb] "ImagePath"="system32\DRIVERS\hidusb.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpqcxs08] "ServiceDll"="c:\programmi\HP\Digital Imaging\bin\hpqcxs08.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HPZid412] "ImagePath"="system32\DRIVERS\HPZid412.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HPZipr12] "ImagePath"="system32\DRIVERS\HPZipr12.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HPZius12] "ImagePath"="system32\DRIVERS\HPZius12.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP] "ImagePath"="System32\Drivers\HTTP.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter] "ServiceDll"="%SystemRoot%\System32\w3ssl.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt] "ImagePath"="system32\DRIVERS\i8042prt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IAANTMON] "ImagePath"="c:\programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ialm] "ImagePath"="system32\DRIVERS\ialmnt5.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iaStor] "ImagePath"="System32\DRIVERS\iastor.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IDriverT] "ImagePath"="\"c:\programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\idsvc] "ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi] "ImagePath"="system32\DRIVERS\imapi.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService] "ImagePath"="%systemroot%\system32\imapi.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntcAzAudAddService] "ImagePath"="system32\drivers\RtkHDAud.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde] "ImagePath"="system32\DRIVERS\intelide.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\intelppm] "ImagePath"="system32\DRIVERS\intelppm.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw] "ImagePath"="system32\DRIVERS\Ip6Fw.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver] "ImagePath"="system32\DRIVERS\ipfltdrv.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp] "ImagePath"="system32\DRIVERS\ipinip.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat] "ImagePath"="system32\DRIVERS\ipnat.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iPod Service] "ImagePath"="c:\programmi\iPod\bin\iPodService.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec] "ImagePath"="system32\DRIVERS\ipsec.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM] "ImagePath"="system32\DRIVERS\irenum.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp] "ImagePath"="system32\DRIVERS\isapnp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ivusb] "ImagePath"="system32\DRIVERS\ivusb.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\JavaQuickStarterService] "ImagePath"="\"c:\programmi\Java\jre6\bin\jqs.exe\" -service -config \"c:\programmi\Java\jre6\lib\deploy\jqs\jqs.conf\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass] "ImagePath"="system32\DRIVERS\kbdclass.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kbdhid] "ImagePath"="system32\DRIVERS\kbdhid.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KL1] "ImagePath"="system32\DRIVERS\kl1.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kl2] "ImagePath"="system32\DRIVERS\kl2.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KLIF] "ImagePath"="system32\DRIVERS\klif.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\klim5] "ImagePath"="system32\DRIVERS\klim5.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\klmouflt] "ImagePath"="system32\DRIVERS\klmouflt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer] "ImagePath"="system32\drivers\kmixer.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver] "ServiceDll"="%SystemRoot%\System32\srvsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation] "ServiceDll"="%SystemRoot%\System32\wkssvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LightScribeService] "ImagePath"="\"c:\programmi\File comuni\LightScribe\LSSrvc.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts] "ServiceDll"="%SystemRoot%\System32\lmhsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\McrdSvc] "ImagePath"="c:\windows\ehome\mcrdsvc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger] "ServiceDll"="%SystemRoot%\System32\msgsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MHN] "ServiceDll"="%SystemRoot%\System32\mhn.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MHNDRV] "ImagePath"="system32\DRIVERS\mhndrv.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc] "ImagePath"="c:\windows\system32\mnmsrvc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass] "ImagePath"="system32\DRIVERS\mouclass.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid] "ImagePath"="system32\DRIVERS\mouhid.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MPE] "ImagePath"="system32\DRIVERS\MPE.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV] "ImagePath"="system32\DRIVERS\mrxdav.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb] "ImagePath"="system32\DRIVERS\mrxsmb.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC] "ImagePath"="c:\windows\system32\msdtc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC Bridge 3.0.0.0] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC Bridge 4.0.0.0] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer] "ImagePath"="%systemroot%\system32\msiexec.exe /V" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV] "ImagePath"="system32\drivers\MSKSSRV.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK] "ImagePath"="system32\drivers\MSPCLOCK.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM] "ImagePath"="system32\drivers\MSPQM.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios] "ImagePath"="system32\DRIVERS\mssmbios.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSTEE] "ImagePath"="system32\drivers\MSTEE.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NABTSFEC] "ImagePath"="system32\DRIVERS\NABTSFEC.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisIP] "ImagePath"="system32\DRIVERS\NdisIP.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi] "ImagePath"="system32\DRIVERS\ndistapi.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio] "ImagePath"="system32\DRIVERS\ndisuio.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan] "ImagePath"="system32\DRIVERS\ndiswan.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nero BackItUp Scheduler 3] "ImagePath"="c:\programmi\Nero\Nero8\Nero BackItUp\NBService.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Net Driver HPZ12] "ServiceDll"="c:\windows\system32\HPZinw12.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS] "ImagePath"="system32\DRIVERS\netbios.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT] "ImagePath"="system32\DRIVERS\netbt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE] "ImagePath"="%SystemRoot%\system32\netdde.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm] "ImagePath"="%SystemRoot%\system32\netdde.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman] "ServiceDll"="%SystemRoot%\System32\netman.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetTcpPortSharing] "ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIC1394] "ImagePath"="system32\DRIVERS\nic1394.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla] "ServiceDll"="%SystemRoot%\System32\mswsock.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nm] "ImagePath"="system32\DRIVERS\NMnt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NMIndexingService] "ImagePath"="\"c:\programmi\File comuni\Nero\Lib\NMIndexingService.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nmwcd] "ImagePath"="system32\drivers\ccdcmb.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nmwcdc] "ImagePath"="system32\drivers\ccdcmbo.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc] "ServiceDll"="%SystemRoot%\system32\ntmssvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt] "ImagePath"="system32\DRIVERS\nwlnkflt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd] "ImagePath"="system32\DRIVERS\nwlnkfwd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ohci1394] "ImagePath"="system32\DRIVERS\ohci1394.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OS Selector] "ImagePath"="c:\programmi\Acronis\DiskDirector\OSS\reinstall_svc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport] "ImagePath"="system32\DRIVERS\parport.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pccsmcfd] "ImagePath"="system32\DRIVERS\pccsmcfd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI] "ImagePath"="system32\DRIVERS\pci.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde] "ImagePath"="system32\DRIVERS\pciide.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay] "ImagePath"="%SystemRoot%\system32\services.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pml Driver HPZ12] "ServiceDll"="c:\windows\system32\HPZipm12.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport] "ImagePath"="system32\DRIVERS\raspptp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PQNTDrv] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ps2] "ImagePath"="system32\DRIVERS\PS2.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched] "ImagePath"="system32\DRIVERS\psched.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pspdisp] "ImagePath"="system32\DRIVERS\pspdisp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink] "ImagePath"="system32\DRIVERS\ptilink.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PxHelp20] "ImagePath"="System32\Drivers\PxHelp20.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd] "ImagePath"="system32\DRIVERS\rasacd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto] "ServiceDll"="%SystemRoot%\System32\rasauto.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp] "ImagePath"="system32\DRIVERS\rasl2tp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan] "ServiceDll"="%SystemRoot%\System32\rasmans.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe] "ImagePath"="system32\DRIVERS\raspppoe.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti] "ImagePath"="system32\DRIVERS\raspti.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss] "ImagePath"="system32\DRIVERS\rdbss.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD] "ImagePath"="System32\DRIVERS\RDPCDD.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdpdr] "ImagePath"="system32\DRIVERS\rdpdr.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr] "ImagePath"="c:\windows\system32\sessmgr.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook] "ImagePath"="system32\DRIVERS\redbook.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess] "ServiceDll"="%SystemRoot%\System32\mprdim.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteRegistry] "ServiceDll"="%SystemRoot%\system32\regsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rpcapd] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator] "ImagePath"="%SystemRoot%\system32\locator.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs] "ServiceDll"="%SystemRoot%\System32\rpcss.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP] "ImagePath"="%SystemRoot%\system32\rsvp.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rtl8139] "ImagePath"="system32\DRIVERS\RTL8139.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr] "ImagePath"="%SystemRoot%\System32\SCardSvr.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule] "ServiceDll"="%SystemRoot%\system32\schedsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv] "ImagePath"="system32\DRIVERS\secdrv.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon] "ServiceDll"="%SystemRoot%\System32\seclogon.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS] "ServiceDll"="%SystemRoot%\system32\sens.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceLayer] "ImagePath"="\"c:\programmi\PC Connectivity Solution\ServiceLayer.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelEndpoint 4.0.0.0] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelOperation 3.0.0.0] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelOperation 4.0.0.0] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelService 3.0.0.0] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelService 4.0.0.0] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess] "ServiceDll"="%SystemRoot%\System32\ipnathlp.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SLIP] "ImagePath"="system32\DRIVERS\SLIP.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMSvcHost 3.0.0.0] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMSvcHost 4.0.0.0] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\snapman] "ImagePath"="system32\DRIVERS\snapman.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter] "ImagePath"="system32\drivers\splitter.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler] "ImagePath"="%SystemRoot%\system32\spoolsv.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sptd] "ImagePath"="System32\Drivers\sptd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr] "ImagePath"="system32\DRIVERS\sr.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice] "ServiceDll"="%SystemRoot%\system32\srsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv] "ImagePath"="system32\DRIVERS\srv.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV] "ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc] "ServiceDll"="%SystemRoot%\system32\wiaservc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\StkAMini] "ImagePath"="System32\Drivers\StkAMini.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\StkASSrv] "ImagePath"="%SystemRoot%\System32\StkASv2K.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\StkScan] "ImagePath"="System32\Drivers\StkScan.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\streamip] "ImagePath"="system32\DRIVERS\StreamIP.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum] "ImagePath"="system32\DRIVERS\swenum.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi] "ImagePath"="system32\drivers\swmidi.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv] "ImagePath"="c:\windows\system32\dllhost.exe /Processid:{A2FDE3D4-233A-4A4C-9901-62D8D5026A21}" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio] "ImagePath"="system32\drivers\sysaudio.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog] "ImagePath"="%SystemRoot%\system32\smlogsvc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv] "ServiceDll"="%SystemRoot%\System32\tapisrv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip] "ImagePath"="system32\DRIVERS\tcpip.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD] "ImagePath"="system32\DRIVERS\termdd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService] "ServiceDll"="%SystemRoot%\System32\termsrv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr] "ImagePath"="c:\windows\system32\tlntsvr.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks] "ServiceDll"="%SystemRoot%\system32\trkwks.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TVersityMediaServer] "ImagePath"="\"c:\programmi\TVersity\Media Server\MediaServer.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update] "ImagePath"="system32\DRIVERS\update.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost] "ServiceDll"="%SystemRoot%\System32\upnphost.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upperdev] "ImagePath"="system32\DRIVERS\usbser_lowerflt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS] "ImagePath"="%SystemRoot%\System32\ups.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usb] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbaudio] "ImagePath"="system32\drivers\usbaudio.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp] "ImagePath"="system32\DRIVERS\usbccgp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci] "ImagePath"="system32\DRIVERS\usbehci.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub] "ImagePath"="system32\DRIVERS\usbhub.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbprint] "ImagePath"="system32\DRIVERS\usbprint.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbscan] "ImagePath"="system32\DRIVERS\usbscan.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbser] "ImagePath"="system32\drivers\usbser.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UsbserFilt] "ImagePath"="system32\DRIVERS\usbser_lowerfltj.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbstor] "ImagePath"="system32\DRIVERS\USBSTOR.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbuhci] "ImagePath"="system32\DRIVERS\usbuhci.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave] "ImagePath"="\SystemRoot\System32\drivers\vga.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde] "ImagePath"="system32\DRIVERS\viaide.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS] "ImagePath"="%SystemRoot%\System32\vssvc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time] "ServiceDll"="%systemroot%\system32\w32time.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp] "ImagePath"="system32\DRIVERS\wanarp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wdf01000] "ImagePath"="system32\DRIVERS\Wdf01000.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud] "ImagePath"="system32\drivers\wdmaud.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient] "ServiceDll"="%SystemRoot%\System32\webclnt.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Windows Workflow Foundation 4.0.0.0] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt] "ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN] "ServiceDll"="c:\windows\system32\mspmsnsv.dll" -- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmi] "ServiceDll"="%SystemRoot%\System32\advapi32.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv] "ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WMPNetworkSvc] "ImagePath"="\"c:\programmi\Windows Media Player\WMPNetwk.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WpdUsb] "ImagePath"="system32\DRIVERS\wpdusb.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WPFFontCache_v0400] "ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WS2IFSL] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc] "ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WSTCODEC] "ImagePath"="system32\DRIVERS\WSTCODEC.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv] "ServiceDll"="c:\windows\system32\wuauserv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf] "ImagePath"="system32\DRIVERS\WudfPf.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd] "ImagePath"="system32\DRIVERS\wudfrd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc] "ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC] "ServiceDll"="%SystemRoot%\System32\wzcsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov] "ServiceDll"="%SystemRoot%\System32\xmlprov.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{0CF7416A-7241-4A51-8C83-EE53315F0065}] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{0EE214D1-9EA4-4692-9E10-6C5583F4A02F}] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{4966FECC-ED76-4390-B5DC-5C63B9C3A761}] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{D4B64137-F5DD-4FEE-9B97-ED4B347F34B9}] . --------------------- CHIAVI DI REGISTRO BLOCCATE --------------------- [HKEY_USERS\S-1-5-21-3817752834-3721942044-1359567235-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{73C7A247-807B-9E7A-A6D8-B9547B2E2F8A}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- Dlls caricate dai processi in esecuzione --------------------- - - - - - - - > 'explorer.exe'(1408) c:\programmi\Windows Media Player\wmpband.dll c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll c:\programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr c:\programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Altri processi in esecuzione ------------------------ . c:\programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\programmi\File comuni\Autodata Limited Shared\Service\ADCDLicSvc.exe c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe c:\programmi\Java\jre6\bin\jqs.exe c:\programmi\File comuni\LightScribe\LSSrvc.exe c:\windows\ehome\ehtray.exe c:\windows\RTHDCPL.EXE c:\windows\system32\hkcmd.exe c:\windows\system32\igfxpers.exe c:\programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe c:\programmi\HP DigitalMedia Archive\DMAScheduler.exe c:\programmi\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe c:\programmi\HP\HP Software Update\HPwuSchd2.exe c:\programmi\Java\jre6\bin\jusched.exe c:\programmi\iTunes\iTunesHelper.exe c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe c:\programmi\HddLed\hddled.exe c:\programmi\File comuni\Nero\Lib\NMBgMonitor.exe c:\windows\System32\StkASv2K.exe c:\programmi\TVersity\Media Server\MediaServer.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe c:\programmi\File comuni\Nero\Lib\NMIndexingService.exe c:\programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe c:\windows\eHome\ehmsas.exe c:\programmi\Mozilla Firefox\firefox.exe c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtblfs.exe . ************************************************************************** . Ora fine scansione: 2011-02-15 01:09:29 - Il pc è stato riavviato ComboFix-quarantined-files.txt 2011-02-15 00:09 Pre-Run: 33.803.075.584 byte disponibili Post-Run: 35.887.288.320 byte disponibili WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe [boot loader] timeout=2 [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect - - End Of File - - D8AA992158980D5A1E5CD94E31385EDA

mi ha cancellato un paio di programmi, ma non so perche xD...

di **Luke57** » 16/02/11 09:45

Ciao, dal report non mi pare di vedere infezioni, Scarica otl.exe da qui:
http://oldtimer.geekstogo.com/OTL.exe
Esegui il file OTL.exe
(Dopo aver eseguito OTL, sui sistemi Windows 7 e Windows Vista si dovrà rispondere in modo affermativo alla comparsa del messaggio di avviso di UAC.)
Metti la spunta nelle caselle:
sotto Outpout spunta "minimal" poi spunta:
"Scan all users"
Processes ---->Use safe list
Services ----> Use safe list
Standard Registry ----> All
Lop check
Purity check
Clicca sulla freccettina di File Age e seleziona 60 Days
Clicca su Run scan
Finita la scansione che potrebbe impiegare diverso tempo, OTL produrrà due file di log (OTL.txt ed Extras.txt), memorizzati nella medesima cartella del programma.
Inserisci questi file qui:
http://wikisend.com/
(con sfoglia per scegliere il file e poi upoload per scaricarlo; indica poi, in un prossimo post i link che wikisend ti fornirà per poter vedere i report.

di **zeal94** » 17/02/11 17:10

ecco qui.

Extras.Txt
OTL.Txt

di **Luke57** » 19/02/11 18:20

Ciao, scusa il ritardo ma nel report non ho trovato niente di minaccioso.

pc non si avvia

pc non si avvia

Re: pc non si avvia

Re: pc non si avvia

Re: pc non si avvia

Re: pc non si avvia

Re: pc non si avvia

Re: pc non si avvia

Re: pc non si avvia

Re: pc non si avvia

Re: pc non si avvia

Re: pc non si avvia

Re: pc non si avvia

Re: pc non si avvia

Re: pc non si avvia

Re: pc non si avvia

Re: pc non si avvia

Re: pc non si avvia

Re: pc non si avvia

Re: pc non si avvia

Re: pc non si avvia

Topic correlati a "pc non si avvia":

Chi c’è in linea