Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

pc non si avvia

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

pc non si avvia

Postdi zeal94 » 09/02/11 23:34

salve, come da titolo il pc non si avvia fa la schermata della scheda madre iniziale e poi si ferma quando lampeggia il simbolo "_" ho windows xp serivice pack 2, ho pensato di formatta con il recovery ma non mi fa entrare neanche in modalita provvisoria quindi non sono riuscito a formattare, che posso fare? magari se è possibile anche recuperare i file che ho dentro... grazie in anticipatamente per le risposte...
Avatar utente
zeal94
Utente Junior
 
Post: 44
Iscritto il: 31/10/10 00:25

Sponsor
 

Re: pc non si avvia

Postdi antoo69 » 10/02/11 08:07

Per il recupero dei dati dell'hard disk hai due strade, 1 scarichi e installi una versione live di Ubuntu, una volta lanciato il sistema operativo puoi copiare i dati su un supporto esterno. 2 smonti l'hard disk e lo metti in un box per hard disk esterno usb, da 2,5" se si tratta di un portatile,da 3,5" se si tratta di un pc fisso, e poi lo colleghi ad un pc funzionante.
Una volta salvato i dati puoi formattare reinstallando il sistema operativo.
dai un pesce ad un uomo e lo sfamerai per un giorno.
insegna ad un uomo a pescare e lo sfamerai per tutta la vita.

Dell Alienware M17x
Avatar utente
antoo69
Moderatore
 
Post: 2106
Iscritto il: 28/04/09 16:40
Località: PARMA

Re: pc non si avvia

Postdi zeal94 » 10/02/11 12:49

i dati sono riuscito a recuperarli...
però non so come fare con la formattazione visto che il recovery non mi fa accedere e il cd di installazione quando ho comprato il pc non c'era, infatti ho sempre usato il recovery...
Avatar utente
zeal94
Utente Junior
 
Post: 44
Iscritto il: 31/10/10 00:25

Re: pc non si avvia

Postdi antoo69 » 10/02/11 13:42

Quando hai acquistato il pc, avresti dovuto crearti i dvd di ripristino, di solito si creano dopo la prima accensione della macchina, utilizzando il software che il produttore fornisce preinstallato. A questo punto non ti resta che chiamare l'assistenza e farti spedire il dvd (a pagamento) con il sistema operativo idoneo al tuo pc ed alla tua licenza. Per il futuro cerca di creare almeno un'immagine del disco del pc, con appositi software, Norton Ghost o altri anche free.
dai un pesce ad un uomo e lo sfamerai per un giorno.
insegna ad un uomo a pescare e lo sfamerai per tutta la vita.

Dell Alienware M17x
Avatar utente
antoo69
Moderatore
 
Post: 2106
Iscritto il: 28/04/09 16:40
Località: PARMA

Re: pc non si avvia

Postdi zeal94 » 10/02/11 20:06

mmm... dovrei averlo fatto il dvd di ripristino, devo guardare se sta con tutti gli altri dvd, sarà un impresa xD...
vi farò sapere
Avatar utente
zeal94
Utente Junior
 
Post: 44
Iscritto il: 31/10/10 00:25

Re: pc non si avvia

Postdi zeal94 » 11/02/11 15:27

allora...ho trovato il dvd di ripristino e quando mi ha chiesto di fare usare il recovery o entrare in xp ho messo xp, sono entrato e l'antivirus mi ha trovato un virus:
Rootkit.Win32.TDSS.mbr con percorso \DEVICE\HARDDISK0\DR0
ho messo disinfetta e riavvia ma non è cambiato nulla una volta riavviato devo rimettere il dvd di ripristino per entrare e l'antivirus ritrova il virus di prima... ora che mi viene in mente prima che c'è stato questo problema mi ha fatto anche l'errore di generic host process win32...
Avatar utente
zeal94
Utente Junior
 
Post: 44
Iscritto il: 31/10/10 00:25

Re: pc non si avvia

Postdi antoo69 » 11/02/11 17:00

Sposto nella sezione Sicurezza e Privacy, sperando che possano darti indicazioni. Comunque è strano, con il dvd di ripristino dovrebbe spianare tutto e riportarti il pc alle condizioni di fabbrica..
dai un pesce ad un uomo e lo sfamerai per un giorno.
insegna ad un uomo a pescare e lo sfamerai per tutta la vita.

Dell Alienware M17x
Avatar utente
antoo69
Moderatore
 
Post: 2106
Iscritto il: 28/04/09 16:40
Località: PARMA

Re: pc non si avvia

Postdi zeal94 » 11/02/11 17:04

si posso usare il recovery solo che mi fa scegliere la console da usare e c'è Microsoft Xp Media center edition ecc... e sotto console per il ripristino o una cosa del genere se metto la prima mi fa entrare normalmente in xp e visto che ora sono dentro volevo sistemare senza formattare...
Avatar utente
zeal94
Utente Junior
 
Post: 44
Iscritto il: 31/10/10 00:25

Re: pc non si avvia

Postdi valeriot90 » 12/02/11 11:04

Sul sito megalab c'è una guida fatta ad hoc che fà proprio al caso tuo:
http://www.megalab.it/6562/i-virus-su-w ... ite-ubuntu

Prova in questo modo e vedi se riesci a risolvere il problema.
Saluti.
valeriot90
Utente Senior
 
Post: 477
Iscritto il: 08/05/09 20:19
Località: localhost 127.0.0.1

Re: pc non si avvia

Postdi Luke57 » 12/02/11 13:49

Ciao, scarica tdsskiller e salvalo sul desktop
http://support.kaspersky.com/downloads/ ... killer.zip
Estrai il contenuto sul desktop.Doppio click su
TDSSKILLER.exe per avviare l'applicazione e poi su start scan.
Se un file infetto viene trovato,l'azione di default sarà cure,clicca su continua.
Se un file sospetto viene trovato,l'azione di default sarà skip,clicca su continua.
Se ti viene chiesto di riavviare il pc completa il processo.Clicca su riavvia ora.
Se nessun riavvio è richiesto clicca su report e salva il contenuto in un file di testo.
Se un riavvio è richiesto il report si trova in C:\folder in questa forma "TDSSKiller.[Version]_[Date]_[Time]_log.txt"

Posta il report
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: pc non si avvia

Postdi zeal94 » 13/02/11 02:02

fatto, non sembra cambiato nulla.

ecco il report:

Codice: Seleziona tutto
2011/02/13 01:55:02.0296 0936   TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
2011/02/13 01:55:02.0984 0936   ================================================================================
2011/02/13 01:55:02.0984 0936   SystemInfo:
2011/02/13 01:55:02.0984 0936   
2011/02/13 01:55:02.0984 0936   OS Version: 5.1.2600 ServicePack: 2.0
2011/02/13 01:55:02.0984 0936   Product type: Workstation
2011/02/13 01:55:02.0984 0936   ComputerName: ANDREA
2011/02/13 01:55:02.0984 0936   UserName: HP_Administrator
2011/02/13 01:55:02.0984 0936   Windows directory: C:\WINDOWS
2011/02/13 01:55:02.0984 0936   System windows directory: C:\WINDOWS
2011/02/13 01:55:02.0984 0936   Processor architecture: Intel x86
2011/02/13 01:55:02.0984 0936   Number of processors: 2
2011/02/13 01:55:02.0984 0936   Page size: 0x1000
2011/02/13 01:55:02.0984 0936   Boot type: Normal boot
2011/02/13 01:55:02.0984 0936   ================================================================================
2011/02/13 01:55:05.0390 0936   Initialize success
2011/02/13 01:55:09.0109 2292   ================================================================================
2011/02/13 01:55:09.0109 2292   Scan started
2011/02/13 01:55:09.0109 2292   Mode: Manual;
2011/02/13 01:55:09.0109 2292   ================================================================================
2011/02/13 01:55:11.0390 2292   ACPI            (ad825cb3397c837d1fb91d566d78de04) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/13 01:55:11.0500 2292   ACPIEC          (49ac5cd87fbdda62f3e25190019e7627) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/02/13 01:55:11.0656 2292   aec             (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/02/13 01:55:11.0781 2292   AF15BDA         (3cd15ebaa1d68bc18ce14a26683bc1ec) C:\WINDOWS\system32\DRIVERS\AF15BDA.sys
2011/02/13 01:55:11.0968 2292   Afc             (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
2011/02/13 01:55:12.0046 2292   AFD             (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/02/13 01:55:12.0234 2292   Arp1394         (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/02/13 01:55:12.0421 2292   AsyncMac        (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/13 01:55:12.0468 2292   atapi           (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/13 01:55:12.0500 2292   Atmarpc         (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/13 01:55:12.0578 2292   audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/13 01:55:12.0640 2292   bb-run          (7270d070173b20ac9487ea16bb08b45f) C:\WINDOWS\system32\DRIVERS\bb-run.sys
2011/02/13 01:55:12.0703 2292   Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/13 01:55:12.0781 2292   cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/13 01:55:12.0921 2292   CCDECODE        (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/02/13 01:55:13.0015 2292   Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/13 01:55:13.0046 2292   Cdfs            (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/13 01:55:13.0125 2292   Cdrom           (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/13 01:55:13.0312 2292   cpudrv          (d01f685f8b4598d144b0cce9ff95d8d5) C:\Programmi\SystemRequirementsLab\cpudrv.sys
2011/02/13 01:55:13.0515 2292   Disk            (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/13 01:55:13.0609 2292   dmboot          (6570b4c952f0d8fee4c6ef2ff5e10c08) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/13 01:55:13.0796 2292   dmio            (c57d35621782c7f40770f3e5ca20a182) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/13 01:55:13.0890 2292   dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/13 01:55:13.0953 2292   DMusic          (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/13 01:55:14.0046 2292   drmkaud         (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/13 01:55:14.0187 2292   E100B           (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/02/13 01:55:14.0234 2292   ELacpi          (0923aec043f5d355b4ef0c2b29a362de) C:\WINDOWS\system32\DRIVERS\ELacpi.sys
2011/02/13 01:55:14.0328 2292   ElbyCDFL        (c61c83501268b0110b5c5db7e63dee0c) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
2011/02/13 01:55:14.0390 2292   ElbyCDIO        (fa13264eea448b2e1b3a844ae4f75c7a) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
2011/02/13 01:55:14.0453 2292   ELhid           (cbd71e7772f92bfb85ccc302b2deefba) C:\WINDOWS\System32\Drivers\Elhid.sys
2011/02/13 01:55:14.0468 2292   ELkbd           (ac75b576c45d144e146fd1f0576a1f53) C:\WINDOWS\System32\Drivers\Elkbd.sys
2011/02/13 01:55:14.0562 2292   ELmon           (483cce5e40137d4e437f4def55c80007) C:\WINDOWS\System32\Drivers\Elmon.sys
2011/02/13 01:55:14.0671 2292   ELmou           (8e88cafeac0812bf2d15beeedfcce8bd) C:\WINDOWS\System32\Drivers\Elmou.sys
2011/02/13 01:55:14.0812 2292   Fastfat         (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/13 01:55:14.0921 2292   Fdc             (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2011/02/13 01:55:14.0953 2292   Fips            (333fbbc71bdcbb46c58a3b51b3d51184) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/13 01:55:15.0000 2292   Flpydisk        (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/02/13 01:55:15.0046 2292   FltMgr          (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/02/13 01:55:15.0078 2292   Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/13 01:55:15.0125 2292   Ftdisk          (f3269a6ee547ea87b949a1cea4816b38) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/13 01:55:15.0187 2292   ftsata2         (22399d3ce5840c6082844679cca5d2fc) C:\WINDOWS\system32\DRIVERS\ftsata2.sys
2011/02/13 01:55:15.0250 2292   GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/02/13 01:55:15.0375 2292   Gpc             (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/13 01:55:15.0500 2292   HDAudBus        (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/02/13 01:55:15.0671 2292   HidUsb          (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/13 01:55:15.0796 2292   HPZid412        (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/02/13 01:55:15.0890 2292   HPZipr12        (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/02/13 01:55:16.0000 2292   HPZius12        (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/02/13 01:55:16.0125 2292   HTTP            (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/13 01:55:16.0265 2292   i8042prt        (30e64dfa4efaacc8142ea07766181fb4) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/13 01:55:16.0359 2292   ialm            (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/02/13 01:55:16.0453 2292   iaStor          (88b1943ecff661f765228099138cf6ab) C:\WINDOWS\system32\DRIVERS\iastor.sys
2011/02/13 01:55:16.0515 2292   Imapi           (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/13 01:55:16.0796 2292   IntcAzAudAddService (12f4d2aa29745dc2a403ff42e75cf7fa) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/02/13 01:55:16.0890 2292   IntelIde        (7c15b34147134381421d7044479a1d73) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/02/13 01:55:17.0015 2292   intelppm        (ebc07787034bbe312020d30198a9f362) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/02/13 01:55:17.0093 2292   Ip6Fw           (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/02/13 01:55:17.0125 2292   IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/13 01:55:17.0156 2292   IpInIp          (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/13 01:55:17.0234 2292   IpNat           (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/13 01:55:17.0359 2292   IPSec           (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/13 01:55:17.0500 2292   IRENUM          (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/13 01:55:17.0625 2292   isapnp          (ea3245a8e8758d6b84de189a5caaa75e) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/13 01:55:17.0687 2292   ivusb           (339dea550cc17283d6fd689ac7e67c57) C:\WINDOWS\system32\DRIVERS\ivusb.sys
2011/02/13 01:55:17.0765 2292   Kbdclass        (e883ae6ea0b313e659225aa32e449ce9) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/13 01:55:17.0843 2292   kbdhid          (24f4d51e89822c349044c28be255c8a5) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/02/13 01:55:17.0921 2292   KL1             (94d67d49bd9503bb1d838405d80f2058) C:\WINDOWS\system32\DRIVERS\kl1.sys
2011/02/13 01:55:17.0937 2292   kl2             (713576569667ac9e0f8556076004a96b) C:\WINDOWS\system32\DRIVERS\kl2.sys
2011/02/13 01:55:18.0046 2292   KLIF            (395a295fd9ea657b4a3621e402cc56c5) C:\WINDOWS\system32\DRIVERS\klif.sys
2011/02/13 01:55:18.0156 2292   klim5           (8d6e11bfa9927978d25b1b8029554f07) C:\WINDOWS\system32\DRIVERS\klim5.sys
2011/02/13 01:55:18.0281 2292   klmouflt        (3959530f69e19da56f1f24f2c89f1e2c) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
2011/02/13 01:55:18.0343 2292   kmixer          (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/13 01:55:18.0468 2292   KSecDD          (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/13 01:55:18.0593 2292   MHNDRV          (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/02/13 01:55:18.0687 2292   mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/13 01:55:18.0734 2292   Modem           (b30d2db351e3191bd71232036cfe711a) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/13 01:55:18.0812 2292   Mouclass        (c458e314b8722253897c94a714c2e0c0) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/13 01:55:18.0875 2292   mouhid          (d7662f0cf5b77bbbe3202716f5bd5318) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/13 01:55:18.0937 2292   MountMgr        (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/13 01:55:18.0984 2292   MPE             (55a9a7e6bb297bf0f5b144029dcb79cc) C:\WINDOWS\system32\DRIVERS\MPE.sys
2011/02/13 01:55:19.0093 2292   MRxDAV          (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/13 01:55:19.0156 2292   MRxSmb          (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/13 01:55:19.0234 2292   Msfs            (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/13 01:55:19.0312 2292   MSKSSRV         (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/13 01:55:19.0390 2292   MSPCLOCK        (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/13 01:55:19.0468 2292   MSPQM           (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/13 01:55:19.0531 2292   mssmbios        (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/13 01:55:19.0578 2292   MSTEE           (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/02/13 01:55:19.0625 2292   Mup             (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/13 01:55:19.0718 2292   NABTSFEC        (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/02/13 01:55:19.0796 2292   NDIS            (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/13 01:55:19.0859 2292   NdisIP          (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/02/13 01:55:20.0156 2292   NdisTapi        (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/13 01:55:20.0328 2292   Ndisuio         (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/13 01:55:20.0484 2292   NdisWan         (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/13 01:55:20.0593 2292   NDProxy         (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/13 01:55:20.0625 2292   NetBIOS         (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/13 01:55:20.0750 2292   NetBT           (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/13 01:55:20.0890 2292   NIC1394         (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/02/13 01:55:20.0984 2292   nm              (60cf8c7192b3614f240838ddbaa4a245) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2011/02/13 01:55:21.0109 2292   nmwcd           (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys
2011/02/13 01:55:21.0171 2292   nmwcdc          (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2011/02/13 01:55:21.0265 2292   NPF             (6623e51595c0076755c29c00846c4eb2) C:\WINDOWS\system32\drivers\npf.sys
2011/02/13 01:55:21.0343 2292   Npfs            (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/13 01:55:21.0390 2292   Ntfs            (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/13 01:55:21.0453 2292   Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/13 01:55:21.0515 2292   NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/13 01:55:21.0578 2292   NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/13 01:55:21.0625 2292   ohci1394        (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/02/13 01:55:21.0718 2292   Parport         (3490ead0612bfd0e7c1b864ee24e6a4a) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/13 01:55:21.0781 2292   PartMgr         (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/13 01:55:21.0812 2292   ParVdm          (0dabef655a444cb1e193626fb1d24b9f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/13 01:55:21.0875 2292   pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2011/02/13 01:55:21.0921 2292   PCI             (91fc1d483d900b1c0600a08b871c39d5) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/13 01:55:21.0968 2292   PCIIde          (b2df00d650fd6c4ee781740ed3c8e67f) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/13 01:55:22.0046 2292   Pcmcia          (28f3538a2091993a03506311a05053e8) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/13 01:55:22.0484 2292   PptpMiniport    (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/13 01:55:22.0562 2292   PQNTDrv         (4228630829c0e521c43d882a00533374) C:\WINDOWS\system32\drivers\PQNTDrv.sys
2011/02/13 01:55:22.0656 2292   Ps2             (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
2011/02/13 01:55:22.0781 2292   PSched          (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/13 01:55:22.0859 2292   pspdisp         (30c867c08b13e66710e3210c8938e902) C:\WINDOWS\system32\DRIVERS\pspdisp.sys
2011/02/13 01:55:22.0984 2292   Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/13 01:55:23.0015 2292   PxHelp20        (97b735de4e3cd44c71c8cb09bdbf07b7) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/02/13 01:55:23.0140 2292   RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/13 01:55:23.0187 2292   Rasl2tp         (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/13 01:55:23.0250 2292   RasPppoe        (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/13 01:55:23.0281 2292   Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/13 01:55:23.0359 2292   Rdbss           (809ca45caa9072b3176ad44579d7f688) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/13 01:55:23.0500 2292   RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/13 01:55:23.0562 2292   rdpdr           (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/02/13 01:55:23.0656 2292   RDPWD           (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/13 01:55:23.0734 2292   redbook         (a8eee004a16af1d583d9de9f6de250e0) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/13 01:55:23.0843 2292   rtl8139         (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/02/13 01:55:23.0953 2292   Secdrv          (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/13 01:55:24.0015 2292   Serial          (dbab3260e7eb3398cb87267d1410fad4) C:\WINDOWS\system32\drivers\Serial.sys
2011/02/13 01:55:24.0218 2292   Sfloppy         (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/13 01:55:24.0375 2292   SLIP            (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/02/13 01:55:24.0453 2292   snapman         (bd3863c139f3380a9f44fb188feefc6e) C:\WINDOWS\system32\DRIVERS\snapman.sys
2011/02/13 01:55:24.0687 2292   splitter        (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/13 01:55:24.0843 2292   sptd            (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
2011/02/13 01:55:24.0843 2292   Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2011/02/13 01:55:24.0843 2292   sptd - detected Locked file (1)
2011/02/13 01:55:24.0859 2292   sr              (896f566afc498077172eae8a50e8baf8) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/13 01:55:24.0968 2292   Srv             (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/13 01:55:25.0093 2292   StkAMini        (69a926dbca12046633e3d6e6d46e7087) C:\WINDOWS\system32\Drivers\StkAMini.sys
2011/02/13 01:55:25.0218 2292   StkScan         (83406fb18cb0abfec501add986d63572) C:\WINDOWS\system32\Drivers\StkScan.sys
2011/02/13 01:55:25.0281 2292   streamip        (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/02/13 01:55:25.0359 2292   swenum          (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/13 01:55:25.0453 2292   swmidi          (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/13 01:55:25.0718 2292   sysaudio        (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/13 01:55:25.0828 2292   Tcpip           (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/13 01:55:26.0031 2292   TDPIPE          (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/13 01:55:26.0062 2292   TDTCP           (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/13 01:55:26.0156 2292   TermDD          (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/13 01:55:26.0234 2292   Udfs            (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/13 01:55:26.0312 2292   Update          (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/13 01:55:26.0390 2292   upperdev        (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2011/02/13 01:55:26.0500 2292   usbaudio        (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/02/13 01:55:26.0593 2292   usbccgp         (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/13 01:55:26.0687 2292   usbehci         (7481d843e672b51039b7e8a161b746b8) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/13 01:55:26.0765 2292   usbhub          (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/13 01:55:26.0828 2292   usbprint        (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/02/13 01:55:26.0906 2292   usbscan         (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/13 01:55:27.0000 2292   usbser          (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOWS\system32\drivers\usbser.sys
2011/02/13 01:55:27.0078 2292   UsbserFilt      (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
2011/02/13 01:55:27.0125 2292   usbstor         (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/13 01:55:27.0187 2292   usbuhci         (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/02/13 01:55:27.0250 2292   VgaSave         (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/02/13 01:55:27.0328 2292   ViaIde          (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/02/13 01:55:27.0437 2292   VolSnap         (698869e82c57169f2140c04a272bf12b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/13 01:55:27.0531 2292   Wanarp          (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/13 01:55:27.0687 2292   Wdf01000        (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/02/13 01:55:27.0968 2292   wdmaud          (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/13 01:55:28.0109 2292   WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/02/13 01:55:28.0296 2292   WSTCODEC        (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/02/13 01:55:28.0375 2292   WudfPf          (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/02/13 01:55:28.0468 2292   WudfRd          (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/02/13 01:55:28.0562 2292   \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/02/13 01:55:28.0562 2292   ================================================================================
2011/02/13 01:55:28.0562 2292   Scan finished
2011/02/13 01:55:28.0562 2292   ================================================================================
2011/02/13 01:55:28.0578 2120   Detected object count: 2
2011/02/13 01:55:30.0375 2120   Locked file(sptd) - User select action: Skip
2011/02/13 01:55:30.0375 2120   \HardDisk0 - will be cured after reboot
2011/02/13 01:55:30.0375 2120   Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/02/13 01:55:33.0000 3504   Deinitialize success
Avatar utente
zeal94
Utente Junior
 
Post: 44
Iscritto il: 31/10/10 00:25

Re: pc non si avvia

Postdi Luke57 » 13/02/11 15:01

Ciao, ti giro pari pari una risposta data in un caso simile al tuo, dato che anche l'eliminazione del rootkit tdss non è servita a niente:
Proviamo a fare una scansione con Rescue Disk della Kaspersky
http://rescuedisk.kaspersky-labs.com/re ... /updatable
l'immagine iso dev'essere masterizzata su CD.
Verifica poi che il computer esegua il boot da CD, all'URL trovi una dettagliata guida per poterlo configurare http://www.istitutomajorana.it/index.ph ... &Itemid=33

Una volta settato la corretta sequenza di boot, non devi fare altro che inserire nel lettore il CD precedentemente masterizzato e seguire i passaggi.

Se hai problemi puoi guardare la guida presente all'URL
http://support.kaspersky.com/viruses/re ... =208282484
terminata la scansione riavvia il pc e fai sapere.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: pc non si avvia

Postdi zeal94 » 14/02/11 16:51

niente da fare, ho scaricato, eseguito tutti i passaggi e scansionato ma non ha trovato niente, il problema c'è ancora :|.
Avatar utente
zeal94
Utente Junior
 
Post: 44
Iscritto il: 31/10/10 00:25

Re: pc non si avvia

Postdi nikita75 » 14/02/11 17:32

http://spywareremovalguides.com/rootkit ... moval.html

vedi se puo' esserti d'aiuto questo link ......

Il distruttivo Trojan si e incorporare il sistema di elaborare i file di Windows per nascondere le sue attività dal-Virus programmi di scansione anti. Il rootkit è progettato per infettare il master boot record (MBR) del computer che rende il sistema instabile e possibili programma o sistema operativo (OS) si blocca. Il suo obiettivo principale, naturalmente, è quello di fornire agli hacker l'accesso remoto al computer aprendo una porta porta posteriore, che compromette la vostra identità e dati sensibili come account di posta elettronica, le password degli account on-line banking, le informazioni della carta di credito, e di altri importanti dati potenzialmente.

Ricordate sempre prevenire è meglio che curare. Quindi, mantenere il sistema operativo Windows e software anti-virus costantemente aggiornato, ma se si è infettati da questo rootkit brutto, le istruzioni sono di seguito dettagliate su come rimuovere Rootkit Win32.tdss.mbr.

-------------------------------------------------------------------------------------------------------------------------------
Disattiva Ripristino configurazione di sistema (se si utilizza Windows XP e ME)

• Fine Rootkit processo Win32.tdss.mbr file (clic destro sulla barra delle applicazioni → aprire il Task Manager fare clic sulla scheda Processi → → fare clic destro sul Trojan identificati → Termina processo)

RkLYLyoM.exe
podmena.exe
file.exe
~. Exe
7-v3av.exe
csrssc.exe
72631899.exe
1776260179.exe
ucxmykkc.exe
..........................
Avatar utente
nikita75
Utente Senior
 
Post: 4387
Iscritto il: 31/07/09 13:36

Re: pc non si avvia

Postdi Luke57 » 14/02/11 18:35

Ciao, il rootkit Tdss dovrebbe essere stato eliminato da tdss.killer come si evince dal report.
Scarica combofix

http://www.bleepingcomputer.com/downloa ... s/combofix

qui tutorial sull'utilizzo
http://www.bleepingcomputer.com/combofi ... e-combofix

al termine della scansione posta il report, indipendentemente dall'esito, che trovi in C:\combofix.txt.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: pc non si avvia

Postdi zeal94 » 14/02/11 18:46

no di quei file nel task manager non ci sono.
Avatar utente
zeal94
Utente Junior
 
Post: 44
Iscritto il: 31/10/10 00:25

Re: pc non si avvia

Postdi zeal94 » 15/02/11 01:10

ecco qua il report:
Codice: Seleziona tutto
ComboFix 11-02-13.04 - HP_Administrator 15/02/2011   0.43.09.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.39.1040.18.2039.524 [GMT 1:00]
Eseguito da: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Administrator\Dati applicazioni\Adobe\plugs
c:\documents and settings\HP_Administrator\Dati applicazioni\Adobe\plugs\KB13747671.exe
c:\documents and settings\HP_Administrator\Dati applicazioni\Adobe\plugs\KB13747843.exe
c:\documents and settings\HP_Administrator\Dati applicazioni\Adobe\plugs\KB13747921.exe
c:\documents and settings\HP_Administrator\Dati applicazioni\OfferBox
c:\documents and settings\HP_Administrator\Dati applicazioni\OfferBox\config.xml
c:\documents and settings\HP_Administrator\Dati applicazioni\QUAD Backups
c:\documents and settings\HP_Administrator\Dati applicazioni\QUAD Backups\02.11.2011,14-52-50\Automatic.reg
c:\documents and settings\HP_Administrator\Dati applicazioni\QUAD Backups\11.07.2010,13-23-42\Automatic.reg
c:\documents and settings\HP_Administrator\Dati applicazioni\QUAD Backups\12.09.2010,23-29-46\Automatic.reg
c:\documents and settings\HP_Administrator\Dati applicazioni\QUAD Backups\12.10.2010,17-55-02\Automatic.reg
c:\documents and settings\HP_Administrator\Dati applicazioni\QUAD Backups\12.10.2010,18-34-28\Automatic.reg
c:\documents and settings\HP_Administrator\Dati applicazioni\QUAD Backups\12.17.2010,20-35-38\Automatic.reg
c:\documents and settings\HP_Administrator\Desktop\QUAD Registry Cleaner.lnk
c:\documents and settings\HP_Administrator\Menu Avvio\Programmi\QUAD Utilities
c:\documents and settings\HP_Administrator\Menu Avvio\Programmi\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner website.lnk
c:\documents and settings\HP_Administrator\Menu Avvio\Programmi\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.lnk
c:\documents and settings\HP_Administrator\Menu Avvio\Programmi\QUAD Utilities\QUAD Registry Cleaner\Uninstall QUAD Registry Cleaner.lnk
c:\documents and settings\HP_Administrator\Recent\Thumbs.db
c:\programmi\QUAD Utilities
c:\programmi\QUAD Utilities\QUAD Registry Cleaner\program.log
c:\programmi\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner website.url
c:\programmi\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe
c:\programmi\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe.BAK
c:\programmi\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
c:\programmi\QUAD Utilities\QUAD Registry Cleaner\Styles\Vista.cjstyles
c:\programmi\QUAD Utilities\QUAD Registry Cleaner\uninst.exe
c:\programmi\QUAD Utilities\QUAD Registry Cleaner\Vista Scheduler.dll
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
D:\Autorun.inf

.
(((((((((((((((((((((((((((((((((((((((   Driver/Servizi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


(((((((((((((((((((((((((   Files Creati Da 2011-01-15 al 2011-02-15  )))))))))))))))))))))))))))))))))))
.

2011-02-14 16:34 . 2011-02-14 16:40   --------   d---a-w-   C:\Kaspersky Rescue Disk 10.0
2011-02-08 23:54 . 2011-02-08 23:54   --------   d-----w-   C:\spoolerlogs
2011-02-07 18:16 . 2011-02-07 18:16   --------   d-----w-   c:\programmi\VS Revo Group
2011-02-07 18:16 . 2011-02-07 18:16   --------   d-----w-   c:\programmi\Recuva
2011-02-07 18:16 . 2011-02-07 18:16   --------   d-----w-   c:\programmi\GSmartControl
2011-02-07 18:10 . 2011-02-07 18:10   --------   d-----w-   c:\documents and settings\HP_Administrator\Dati applicazioni\Qlock
2011-02-07 18:09 . 2011-02-07 18:09   --------   d-----w-   c:\programmi\Qlock
2011-02-07 18:07 . 2011-02-07 18:17   --------   d-----w-   C:\My Lockbox
2011-02-07 18:06 . 2010-01-06 17:23   142648   ----a-w-   c:\windows\system32\fsproflt.exe
2011-02-07 18:06 . 2008-06-05 18:37   43792   ----a-w-   c:\windows\system32\drivers\FSPFltd.sys
2011-02-07 17:57 . 2011-02-11 13:55   --------   d-----w-   c:\programmi\SpeedFan
2011-02-07 17:56 . 2011-02-11 13:52   --------   d-----w-   c:\programmi\Core Temp
2011-02-06 21:57 . 2011-02-06 21:57   --------   d-----w-   c:\documents and settings\HP_Administrator\Impostazioni locali\Dati applicazioni\Alexander_Nikiforov
2011-02-06 21:57 . 2011-02-06 21:57   --------   d-----w-   c:\documents and settings\HP_Administrator\Dati applicazioni\MP3SkypeRecorder
2011-02-06 21:57 . 2011-02-06 21:57   --------   d-----w-   c:\programmi\MP3 Skype Recorder
2011-02-06 21:11 . 2011-02-12 15:15   --------   d-----w-   c:\documents and settings\HP_Administrator\Dati applicazioni\AstoundStereoExpander
2011-02-06 21:11 . 2011-02-12 15:15   --------   d---a-w-   c:\documents and settings\All Users\Dati applicazioni\TEMP
2011-01-24 14:44 . 2011-01-24 14:44   --------   d-----w-   c:\programmi\Runtime Software
2011-01-24 14:44 . 2004-07-15 23:16   32768   ----a-w-   c:\programmi\File comuni\InstallShield\Professional\RunTime\Objectps.dll
2011-01-24 14:44 . 2004-07-15 23:18   172032   ----a-w-   c:\programmi\File comuni\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2011-01-24 14:44 . 2004-07-15 23:19   266240   ----a-w-   c:\programmi\File comuni\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2011-01-24 14:44 . 2004-07-15 23:20   69715   ----a-w-   c:\programmi\File comuni\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2011-01-24 14:44 . 2004-07-15 23:18   5632   ----a-w-   c:\programmi\File comuni\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2011-01-24 14:44 . 2004-07-15 23:20   733184   ----a-w-   c:\programmi\File comuni\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2011-01-24 14:43 . 2011-01-24 14:43   180356   ----a-w-   c:\programmi\File comuni\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2011-01-24 14:43 . 2011-01-24 14:43   303236   ----a-w-   c:\programmi\File comuni\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2011-01-20 23:50 . 2011-02-03 21:49   --------   d-----w-   c:\documents and settings\HP_Administrator\Dati applicazioni\FileZilla
2011-01-20 23:50 . 2011-01-20 23:50   --------   d-----w-   c:\programmi\FileZilla FTP Client
2011-01-20 22:20 . 2011-01-20 22:20   166976   ----a-w-   c:\windows\system32\drivers\snapman.sys
2011-01-20 22:19 . 2011-01-20 22:19   --------   d-----w-   c:\programmi\Acronis
2011-01-20 22:19 . 2011-01-20 22:20   --------   d-----w-   c:\programmi\File comuni\Acronis
2011-01-20 21:49 . 2011-01-20 21:49   --------   d-----w-   c:\documents and settings\HP_Administrator\Impostazioni locali\Dati applicazioni\Help
2011-01-20 20:44 . 2009-03-02 22:47   49233   ----a-w-   c:\windows\system32\fat32format.exe
2011-01-20 20:02 . 2011-01-20 20:02   --------   d-----w-   c:\programmi\PowerQuest
2011-01-17 00:57 . 2011-01-17 00:57   --------   d-----w-   c:\programmi\Microsoft.NET

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-11 15:41 . 2010-10-30 23:22   16968   ----a-w-   c:\windows\system32\drivers\hitmanpro35.sys
2010-12-22 20:25 . 2010-12-22 20:25   28672   ----a-w-   c:\windows\system32\AF15BDAEX.dll
2010-12-22 20:25 . 2010-12-22 20:25   306816   ----a-w-   c:\windows\system32\drivers\AF15BDA.sys
2010-12-13 23:48 . 2010-12-13 23:48   457248   ----a-w-   c:\windows\system32\nvuninst.exe
2010-12-13 23:48 . 2010-12-13 23:48   457248   ----a-w-   c:\windows\system32\nvuawy.exe
2010-12-13 23:48 . 2010-12-13 23:48   151552   ----a-w-   c:\windows\system32\NVCOAWY.DLL
2010-12-12 20:23 . 2010-12-12 20:23   29184   ----a-r-   c:\documents and settings\HP_Administrator\Dati applicazioni\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe
2010-11-29 16:38 . 2010-11-29 16:38   94208   ----a-w-   c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38   69632   ----a-w-   c:\windows\system32\QuickTime.qts
2006-05-03 09:06   163328   --sha-r-   c:\windows\system32\flvDX.dll
2007-02-21 10:47   31232   --sha-r-   c:\windows\system32\msfDX.dll
.

(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

c:\documents and settings\HP_Administrator\Menu Avvio\Programmi\Esecuzione automatica\
PSPdisp.lnk - c:\programmi\PSPdisp\bin\app\PSPdisp.exe [2009-12-11 676352]
qlock.lnk - c:\programmi\Qlock\qlock.exe [2009-2-14 4142080]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
TMMonitor.lnk - c:\programmi\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2010-11-1 258048]

c:\documents and settings\Default User\Menu Avvio\Programmi\Esecuzione automatica\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-10-10 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-10-10 27136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\TVersity\\Media Server\\MediaServer.exe"=
"c:\\Programmi\\PSPdisp\\bin\\app\\PSPdisp.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Programmi\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Programmi\\ArcSoft\\TotalMedia 3.5\\TotalMedia.exe"=
"c:\\Programmi\\AstoundStereo\\astoundstereo.exe"=
"c:\\Programmi\\AstoundStereo\\aseproc.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [31/10/2010 14.33.53 717296]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [09/06/2010 17.43.52 11352]
R2 hddledd;hddledd;c:\programmi\HddLed\hddledd.exe [21/08/2009 22.12.18 49152]
R2 OS Selector;Acronis OS Selector Activator;c:\programmi\Acronis\DiskDirector\OSS\reinstall_svc.exe [25/10/2010 16.47.18 2163456]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [07/05/2010 12.06.26 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/11/2009 20.27.24 19472]
R3 pspdisp;pspdisp;c:\windows\system32\drivers\pspdisp.sys [04/08/2009 17.04.18 3072]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13.16.28 130384]
S3 cpudrv;cpudrv;c:\programmi\SystemRequirementsLab\cpudrv.sys [18/12/2009 10.58.52 11336]
S3 EuMusDesignVirtualAudioCableWdm_gna;GenAudio AstoundSound (WDM);c:\windows\system32\DRIVERS\vacgnakd.sys --> c:\windows\system32\DRIVERS\vacgnakd.sys [?]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [10/03/2010 8.18.20 24216]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13.16.28 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08
.
Contenuto della cartella 'Scheduled Tasks'

2011-02-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2011-02-15 c:\windows\Tasks\RegistryBooster.job
- c:\programmi\Uniblue\RegistryBooster\rbmonitor.exe [2010-12-07 23:03]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://search.babylon.com/home
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=IT_IT&c=64&bd=PAVILION&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=IT_IT&c=64&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://info.babylon.com/welcome/?howtouse=1&first=1&ver=8.0.9.4&uid=N/A&uil=11&btp=2&guid={D5EE63CE-362A-4BA8-8B79-C5DE9F8478F7}&email=N/A
IE: &Cerca con Google - c:\programmi\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Traduci parola in italiano - c:\programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Link a ritroso - c:\programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Pagine simili - c:\programmi\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Versione cache della pagina - c:\programmi\Google\GoogleToolbar1.dll/cmcache.html
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

SafeBoot-WudfPf
SafeBoot-WudfRd



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-15 01:03
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Data]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Networking]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Networking 4.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Data Provider for Oracle]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Data Provider for SqlServer]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Memory Cache 4.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NETFramework]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Abiosdsk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\abp480n5]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACDaemon]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPI]
"ImagePath"="system32\DRIVERS\ACPI.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPIEC]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\adpu160m]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aec]
"ImagePath"="system32\drivers\aec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AF15BDA]
"ImagePath"="system32\DRIVERS\AF15BDA.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Afc]
"ImagePath"="system32\drivers\Afc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AFD]
"ImagePath"="\SystemRoot\System32\drivers\afd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Aha154x]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78u2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78xx]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Alerter]
"ServiceDll"="%SystemRoot%\system32\alrsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AliIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\amsint]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Apple Mobile Device]
"ImagePath"="\"c:\programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Arp1394]
"ImagePath"="system32\DRIVERS\arp1394.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ARSVC]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3350p]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3550]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET_1.1.4322]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET_2.0.50727]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET_4.0.30319]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aspnet_state]
"ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atapi]
"ImagePath"="system32\DRIVERS\atapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atdisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atmarpc]
"ImagePath"="system32\DRIVERS\atmarpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\audiosrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\audstub]
"ImagePath"="system32\DRIVERS\audstub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Autodata Limited License Service]
"ImagePath"="\"c:\programmi\File comuni\Autodata Limited Shared\Service\ADCDLicSvc.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVP]
"ImagePath"="\"c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe\" -r"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BattC]
"MofImagePath"="System32\Drivers\battc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bb-run]
"ImagePath"="system32\DRIVERS\bb-run.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Beep]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BITS]
"ServiceDll"="%systemroot%\system32\qmgr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme]
"ImagePath"="\??\c:\docume~1\HP_ADM~1\IMPOST~1\Temp\catchme.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cbidf2k]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CCDECODE]
"ImagePath"="system32\DRIVERS\CCDECODE.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cd20xrnt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdaudio]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Changer]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CiSvc]
"ImagePath"="%SystemRoot%\system32\cisvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ClipSrv]
"ImagePath"="%SystemRoot%\system32\clipsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clr_optimization_v2.0.50727_32]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clr_optimization_v4.0.30319_32]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmdIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\COMSysApp]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentFilter]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentIndex]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cpqarray]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cpudrv]
"ImagePath"="\??\c:\programmi\SystemRequirementsLab\cpudrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CryptSvc]
"ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac2w2k]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac960nt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dhcp]
"ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Disk]
"ImagePath"="system32\DRIVERS\disk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmadmin]
"ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmboot]
"ImagePath"="System32\drivers\dmboot.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmio]
"ImagePath"="System32\drivers\dmio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmload]
"ImagePath"="System32\drivers\dmload.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserver]
"ServiceDll"="%SystemRoot%\System32\dmserver.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMusic]
"ImagePath"="system32\drivers\DMusic.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dpti2o]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\E100B]
"ImagePath"="system32\DRIVERS\e100b325.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ehRecvr]
"ImagePath"="c:\windows\eHome\ehRecvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ehSched]
"ImagePath"="c:\windows\eHome\ehSched.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ELacpi]
"ImagePath"="system32\DRIVERS\ELacpi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ElbyCDFL]
"ImagePath"="System32\Drivers\ElbyCDFL.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ElbyCDIO]
"ImagePath"="System32\Drivers\ElbyCDIO.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ELhid]
"ImagePath"="\??\c:\windows\System32\Drivers\Elhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ELkbd]
"ImagePath"="\??\c:\windows\System32\Drivers\Elkbd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ELmon]
"ImagePath"="\??\c:\windows\System32\Drivers\Elmon.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ELmou]
"ImagePath"="\??\c:\windows\System32\Drivers\Elmou.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ELService]
"ImagePath"="c:\programmi\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ERSvc]
"ServiceDll"="%SystemRoot%\System32\ersvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EuMusDesignVirtualAudioCableWdm_gna]
"ImagePath"="system32\DRIVERS\vacgnakd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Eventlog]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]
"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fax]
"ImagePath"="%systemroot%\system32\fxssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]
"ImagePath"="system32\DRIVERS\fltMgr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FontCache3.0.0.0]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ftsata2]
"ImagePath"="system32\DRIVERS\ftsata2.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GEARAspiWDM]
"ImagePath"="system32\DRIVERS\GEARAspiWDM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hddledd]
"ImagePath"="c:\programmi\HddLed\hddledd.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpqcxs08]
"ServiceDll"="c:\programmi\HP\Digital Imaging\bin\hpqcxs08.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HPZid412]
"ImagePath"="system32\DRIVERS\HPZid412.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HPZipr12]
"ImagePath"="system32\DRIVERS\HPZipr12.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HPZius12]
"ImagePath"="system32\DRIVERS\HPZius12.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IAANTMON]
"ImagePath"="c:\programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ialm]
"ImagePath"="system32\DRIVERS\ialmnt5.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iaStor]
"ImagePath"="System32\DRIVERS\iastor.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IDriverT]
"ImagePath"="\"c:\programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\idsvc]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntcAzAudAddService]
"ImagePath"="system32\drivers\RtkHDAud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]
"ImagePath"="system32\DRIVERS\intelide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]
"ImagePath"="system32\DRIVERS\Ip6Fw.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iPod Service]
"ImagePath"="c:\programmi\iPod\bin\iPodService.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ivusb]
"ImagePath"="system32\DRIVERS\ivusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\JavaQuickStarterService]
"ImagePath"="\"c:\programmi\Java\jre6\bin\jqs.exe\" -service -config \"c:\programmi\Java\jre6\lib\deploy\jqs\jqs.conf\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KL1]
"ImagePath"="system32\DRIVERS\kl1.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kl2]
"ImagePath"="system32\DRIVERS\kl2.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KLIF]
"ImagePath"="system32\DRIVERS\klif.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\klim5]
"ImagePath"="system32\DRIVERS\klim5.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\klmouflt]
"ImagePath"="system32\DRIVERS\klmouflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LightScribeService]
"ImagePath"="\"c:\programmi\File comuni\LightScribe\LSSrvc.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\McrdSvc]
"ImagePath"="c:\windows\ehome\mcrdsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MHN]
"ServiceDll"="%SystemRoot%\System32\mhn.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MHNDRV]
"ImagePath"="system32\DRIVERS\mhndrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]
"ImagePath"="c:\windows\system32\mnmsrvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MPE]
"ImagePath"="system32\DRIVERS\MPE.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]
"ImagePath"="c:\windows\system32\msdtc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC Bridge 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC Bridge 4.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NABTSFEC]
"ImagePath"="system32\DRIVERS\NABTSFEC.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisIP]
"ImagePath"="system32\DRIVERS\NdisIP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nero BackItUp Scheduler 3]
"ImagePath"="c:\programmi\Nero\Nero8\Nero BackItUp\NBService.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Net Driver HPZ12]
"ServiceDll"="c:\windows\system32\HPZinw12.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetTcpPortSharing]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIC1394]
"ImagePath"="system32\DRIVERS\nic1394.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nm]
"ImagePath"="system32\DRIVERS\NMnt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NMIndexingService]
"ImagePath"="\"c:\programmi\File comuni\Nero\Lib\NMIndexingService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nmwcd]
"ImagePath"="system32\drivers\ccdcmb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nmwcdc]
"ImagePath"="system32\drivers\ccdcmbo.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ohci1394]
"ImagePath"="system32\DRIVERS\ohci1394.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OS Selector]
"ImagePath"="c:\programmi\Acronis\DiskDirector\OSS\reinstall_svc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]
"ImagePath"="system32\DRIVERS\parport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pccsmcfd]
"ImagePath"="system32\DRIVERS\pccsmcfd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pml Driver HPZ12]
"ServiceDll"="c:\windows\system32\HPZipm12.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PQNTDrv]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ps2]
"ImagePath"="system32\DRIVERS\PS2.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pspdisp]
"ImagePath"="system32\DRIVERS\pspdisp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PxHelp20]
"ImagePath"="System32\Drivers\PxHelp20.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdpdr]
"ImagePath"="system32\DRIVERS\rdpdr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]
"ImagePath"="c:\windows\system32\sessmgr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rpcapd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rtl8139]
"ImagePath"="system32\DRIVERS\RTL8139.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceLayer]
"ImagePath"="\"c:\programmi\PC Connectivity Solution\ServiceLayer.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelEndpoint 4.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelOperation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelOperation 4.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelService 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelService 4.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SLIP]
"ImagePath"="system32\DRIVERS\SLIP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMSvcHost 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMSvcHost 4.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\snapman]
"ImagePath"="system32\DRIVERS\snapman.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sptd]
"ImagePath"="System32\Drivers\sptd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]
"ServiceDll"="%SystemRoot%\system32\srsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\StkAMini]
"ImagePath"="System32\Drivers\StkAMini.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\StkASSrv]
"ImagePath"="%SystemRoot%\System32\StkASv2K.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\StkScan]
"ImagePath"="System32\Drivers\StkScan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\streamip]
"ImagePath"="system32\DRIVERS\StreamIP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{A2FDE3D4-233A-4A4C-9901-62D8D5026A21}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr]
"ImagePath"="c:\windows\system32\tlntsvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TVersityMediaServer]
"ImagePath"="\"c:\programmi\TVersity\Media Server\MediaServer.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upperdev]
"ImagePath"="system32\DRIVERS\usbser_lowerflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usb]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbaudio]
"ImagePath"="system32\drivers\usbaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbser]
"ImagePath"="system32\drivers\usbser.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UsbserFilt]
"ImagePath"="system32\DRIVERS\usbser_lowerfltj.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbstor]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde]
"ImagePath"="system32\DRIVERS\viaide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wdf01000]
"ImagePath"="system32\DRIVERS\Wdf01000.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Windows Workflow Foundation 4.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN]
"ServiceDll"="c:\windows\system32\mspmsnsv.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmi]
"ServiceDll"="%SystemRoot%\System32\advapi32.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv]
"ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WMPNetworkSvc]
"ImagePath"="\"c:\programmi\Windows Media Player\WMPNetwk.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WpdUsb]
"ImagePath"="system32\DRIVERS\wpdusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WPFFontCache_v0400]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WS2IFSL]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WSTCODEC]
"ImagePath"="system32\DRIVERS\WSTCODEC.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv]
"ServiceDll"="c:\windows\system32\wuauserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="system32\DRIVERS\WudfPf.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="system32\DRIVERS\wudfrd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{0CF7416A-7241-4A51-8C83-EE53315F0065}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{0EE214D1-9EA4-4692-9E10-6C5583F4A02F}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{4966FECC-ED76-4390-B5DC-5C63B9C3A761}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{D4B64137-F5DD-4FEE-9B97-ED4B347F34B9}]
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-3817752834-3721942044-1359567235-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{73C7A247-807B-9E7A-A6D8-B9547B2E2F8A}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(1408)
c:\programmi\Windows Media Player\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programmi\File comuni\Autodata Limited Shared\Service\ADCDLicSvc.exe
c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\windows\ehome\ehtray.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\hkcmd.exe
c:\windows\system32\igfxpers.exe
c:\programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe
c:\programmi\HP DigitalMedia Archive\DMAScheduler.exe
c:\programmi\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
c:\programmi\HP\HP Software Update\HPwuSchd2.exe
c:\programmi\Java\jre6\bin\jusched.exe
c:\programmi\iTunes\iTunesHelper.exe
c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
c:\programmi\HddLed\hddled.exe
c:\programmi\File comuni\Nero\Lib\NMBgMonitor.exe
c:\windows\System32\StkASv2K.exe
c:\programmi\TVersity\Media Server\MediaServer.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\programmi\File comuni\Nero\Lib\NMIndexingService.exe
c:\programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
c:\windows\eHome\ehmsas.exe
c:\programmi\Mozilla Firefox\firefox.exe
c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtblfs.exe
.
**************************************************************************
.
Ora fine scansione: 2011-02-15  01:09:29 - Il pc è stato riavviato
ComboFix-quarantined-files.txt  2011-02-15 00:09

Pre-Run: 33.803.075.584 byte disponibili
Post-Run: 35.887.288.320 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

- - End Of File - - D8AA992158980D5A1E5CD94E31385EDA


mi ha cancellato un paio di programmi, ma non so perche xD...
Avatar utente
zeal94
Utente Junior
 
Post: 44
Iscritto il: 31/10/10 00:25

Re: pc non si avvia

Postdi Luke57 » 16/02/11 09:45

Ciao, dal report non mi pare di vedere infezioni, Scarica otl.exe da qui:
http://oldtimer.geekstogo.com/OTL.exe
Esegui il file OTL.exe
(Dopo aver eseguito OTL, sui sistemi Windows 7 e Windows Vista si dovrà rispondere in modo affermativo alla comparsa del messaggio di avviso di UAC.)
Metti la spunta nelle caselle:
sotto Outpout spunta "minimal" poi spunta:
"Scan all users"
Processes ---->Use safe list
Services ----> Use safe list
Standard Registry ----> All
Lop check
Purity check
Clicca sulla freccettina di File Age e seleziona 60 Days
Clicca su Run scan
Finita la scansione che potrebbe impiegare diverso tempo, OTL produrrà due file di log (OTL.txt ed Extras.txt), memorizzati nella medesima cartella del programma.
Inserisci questi file qui:
http://wikisend.com/
(con sfoglia per scegliere il file e poi upoload per scaricarlo; indica poi, in un prossimo post i link che wikisend ti fornirà per poter vedere i report.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: pc non si avvia

Postdi zeal94 » 17/02/11 17:10

Avatar utente
zeal94
Utente Junior
 
Post: 44
Iscritto il: 31/10/10 00:25

Re: pc non si avvia

Postdi Luke57 » 19/02/11 18:20

Ciao, scusa il ritardo ma nel report non ho trovato niente di minaccioso.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Prossimo

Torna a Sicurezza e Privacy


Topic correlati a "pc non si avvia":


Chi c’è in linea

Visitano il forum: Nessuno e 16 ospiti