www.MegaLab.it

[Hpmezzo]

================================================================
Percorso : C:\Windows\system32\svchost.exe
Hash : 54A47F6B5E09A77E61649109C6A08866
================================================================
Sospetto : http://www.virustotal.com/file-scan/rep ... 1312521190

================================================================
Percorso : C:\Windows\system32\wininit.exe
Hash : B5C5DCAD3899512020D135600129D665
================================================================
http://www.virustotal.com/file-scan/rep ... 1312487886
McAfee-GW-Edition 2010.1D 2011.08.04 Heuristic.BehavesLike.Win32.Suspicious.H


E consigliabile analizzare questi file. Non sono presenti delle voci in virustotal:
================================================================
Percorso : C:\Program Files\Tablet\ISD\ISD_TabletUser.exe
Hash : 3D8C1A39AF2A53535BFFC0950DFC081B
================================================================
================================================================
Percorso : C:\Program Files\Tablet\ISD\ISD_Tablet.exe
Hash : 403ACE4481E11C153C82BFAA1074F996
================================================================
================================================================
Percorso : C:\Program Files\Tablet\CalibrationAssistant.exe
Hash : 647491A1448CAA532C20ADEBAD7C5687
================================================================

Processo che possono presentare componenti rootkit:
================================================================
Percorso : C:\ProgramData\DatacardService\DCService.exe
Hash : CC8B5C964B777F4EC3E89F13B4B5FF0F
================================================================
McAfee-GW-Edition 2010.1D 2011.08.03 Heuristic.BehavesLike.Win32.Rootkit.J

E' consigliabile sostituire il tuo antivirus (provvisoriamente) con questa edizione di McAfee => McAfee-GW-Edition. Aggiorna e fai una scansione.

[Sabbb]

Processo che possono presentare componenti rootkit:
================================================================
Percorso : C:\ProgramData\DatacardService\DCService.exe
Hash : CC8B5C964B777F4EC3E89F13B4B5FF0F
================================================================
McAfee-GW-Edition 2010.1D 2011.08.03 Heuristic.BehavesLike.Win32.Rootkit.J

C:\ProgramData\DatacardService\DCService.exe ce l'ho anche io.E' "legato" all'uso di una qualsiasi Key che fa uso del Mobile Partner. (da sperimentazioni varie fatte in passato) rkill-della Bleepingcomputer me lo ha eliminato-pare senza problemi.

Tuttavia DCService.exe mandandolo su VT risultava pulito per tutti gli antivirus (prima di eseguire rkill)

[Hpmezzo]

Mi sa che sono falsi positivi... Sono rilevati solo da McAfee gli altri non danno segno di vita..

[Sabbb]

Non lo so.Di sicuro DCService.exe lo è

[tyger]

...entrato nel sistema con utente Amministratore ed eseguito gli scan con la voce del menu contestuale "Esegui come Amministratore":

Hpmezzo scrive:
Devi eseguire APS come amministratore ..

posto il log:

Nome utente : Administrator
Tipo S.O : WIN_7
Data : 05\08\2011
================================================================
Percorso : ExecutablePath
Hash : -1
================================================================
================================================================
Percorso : C:\Windows\system32\csrss.exe
Hash : -1
================================================================
================================================================
Percorso : C:\Windows\system32\wininit.exe
Hash : B5C5DCAD3899512020D135600129D665
================================================================
================================================================
Percorso : C:\Windows\system32\services.exe
Hash : -1
================================================================
================================================================
Percorso : C:\Windows\system32\lsass.exe
Hash : -1
================================================================
================================================================
Percorso : C:\Windows\system32\lsm.exe
Hash : -1
================================================================
================================================================
Percorso : C:\Windows\system32\svchost.exe
Hash : 54A47F6B5E09A77E61649109C6A08866
================================================================
================================================================
Percorso : C:\Windows\system32\nvvsvc.exe
Hash : -1
================================================================
================================================================
Percorso : C:\Windows\system32\svchost.exe
Hash : 54A47F6B5E09A77E61649109C6A08866
================================================================
================================================================
Percorso : C:\Windows\System32\svchost.exe
Hash : 54A47F6B5E09A77E61649109C6A08866
================================================================
================================================================
Percorso : C:\Windows\System32\svchost.exe
Hash : 54A47F6B5E09A77E61649109C6A08866
================================================================
================================================================
Percorso : C:\Windows\system32\svchost.exe
Hash : 54A47F6B5E09A77E61649109C6A08866
================================================================
================================================================
Percorso : C:\Windows\system32\svchost.exe
Hash : 54A47F6B5E09A77E61649109C6A08866
================================================================
================================================================
Percorso : C:\Windows\system32\svchost.exe
Hash : 54A47F6B5E09A77E61649109C6A08866
================================================================
================================================================
Percorso : C:\Windows\system32\svchost.exe
Hash : 54A47F6B5E09A77E61649109C6A08866
================================================================
================================================================
Percorso : C:\Program Files\AVAST Software\Avast\AvastSvc.exe
Hash : 20757C632ACA98B73FB022C5B87F3753
================================================================
================================================================
Percorso : C:\Windows\System32\spoolsv.exe
Hash : -1
================================================================
================================================================
Percorso : C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
Hash : ABDD5AD016AFFD34AD40E944CE94BF59
================================================================
================================================================
Percorso : C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
Hash : 1992C2A1867D95AA3A0802539358D162
================================================================
================================================================
Percorso : C:\ProgramData\DatacardService\DCService.exe
Hash : CC8B5C964B777F4EC3E89F13B4B5FF0F
================================================================
================================================================
Percorso : C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe
Hash : 0AF89452A8CE3928168F4E5B2208C68B
================================================================
================================================================
Percorso : C:\Program Files\Microsoft LifeCam\MSCamS64.exe
Hash : A592A054D78750B4D73ABAA4C94DECDF
================================================================
================================================================
Percorso : C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
Hash : 48074A880062F14FDA9ACFCD20D35DB1
================================================================
================================================================
Percorso : C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
Hash : E911095B4E3A6256F5137689C8D96EF9
================================================================
================================================================
Percorso : C:\Windows\system32\svchost.exe
Hash : 54A47F6B5E09A77E61649109C6A08866
================================================================
================================================================
Percorso : C:\Program Files\Tablet\ISD\ISD_Tablet.exe
Hash : 403ACE4481E11C153C82BFAA1074F996
================================================================
================================================================
Percorso : C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
Hash : 7E47C328FC4768CB8BEAFBCFAFA70362
================================================================
================================================================
Percorso : C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
Hash : 70A176BF2ED362862944C371838262F8
================================================================
================================================================
Percorso : C:\Windows\system32\svchost.exe
Hash : 54A47F6B5E09A77E61649109C6A08866
================================================================
================================================================
Percorso : C:\Windows\system32\SearchIndexer.exe
Hash : 622D95520182F6D3D05310D5810CA8B3
================================================================
================================================================
Percorso : C:\Program Files\Windows Media Player\wmpnetwk.exe
Hash : A9F3BFC9345F49614D5859EC95B9E994
================================================================
================================================================
Percorso : C:\Windows\system32\svchost.exe
Hash : 54A47F6B5E09A77E61649109C6A08866
================================================================
================================================================
Percorso : C:\Windows\System32\svchost.exe
Hash : 54A47F6B5E09A77E61649109C6A08866
================================================================
================================================================
Percorso : C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
Hash : A8B7F3818AB65695E3A0BB3279F6DCE6
================================================================
================================================================
Percorso : C:\Windows\system32\DllHost.exe
Hash : A63DC5C2EA944E6657203E0C8EDEAF61
================================================================
================================================================
Percorso : C:\Windows\System32\svchost.exe
Hash : 54A47F6B5E09A77E61649109C6A08866
================================================================
================================================================
Percorso : C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
Hash : 37036C07983EF1024B2FF3C28AAE5700
================================================================
================================================================
Percorso : C:\Windows\system32\SearchProtocolHost.exe
Hash : 89ED7C028A487340B7D93D5A38FDCB54
================================================================
================================================================
Percorso : C:\Windows\system32\SearchFilterHost.exe
Hash : 8A674F9AB20B4937357BF6F5A0938EBF
================================================================
================================================================
Percorso : C:\Windows\system32\csrss.exe
Hash : -1
================================================================
================================================================
Percorso : C:\Windows\system32\winlogon.exe
Hash : -1
================================================================
================================================================
Percorso : C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
Hash : 30255581011C2BCDDE9F4873868839BA
================================================================
================================================================
Percorso : C:\Windows\system32\nvvsvc.exe
Hash : -1
================================================================
================================================================
Percorso : C:\Windows\SYSTEM32\WISPTIS.EXE
Hash : -1
================================================================
================================================================
Percorso : C:\Windows\system32\taskhost.exe
Hash : -1
================================================================
================================================================
Percorso : C:\Windows\SYSTEM32\WISPTIS.EXE
Hash : -1
================================================================
================================================================
Percorso : C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
Hash : 2DC0C4DE960A20BC2840D72E7B98A144
================================================================
================================================================
Percorso : C:\Windows\system32\Dwm.exe
Hash : -1
================================================================
================================================================
Percorso : C:\Windows\Explorer.EXE
Hash : AC4C51EB24AA95B77F705AB159189E24
================================================================
================================================================
Percorso : C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
Hash : 2DC64A3446C8C6E020E781456B46573D
================================================================
================================================================
Percorso : C:\Program Files\Microsoft IntelliPoint\ipoint.exe
Hash : 0080231EC57D26B380F630CC790DAB85
================================================================
================================================================
Percorso : C:\Program Files\ASUS\EeeNoteSync\EeeNoteSync.exe
Hash : 37D10B78704400AF3C791A0F22E38789
================================================================
================================================================
Percorso : C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
Hash : 51C8885B6A00904C0252704C9FB0F43A
================================================================
================================================================
Percorso : C:\Program Files\AVAST Software\Avast\AvastUI.exe
Hash : C8EEF1197422A9165363C3A6B41F94EB
================================================================
================================================================
Percorso : C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
Hash : 0133E5265FDD7063F87856C9BD5156C9
================================================================
================================================================
Percorso : C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
Hash : 33BFCE71F407F24E5DFDB7DD46CE2D6D
================================================================
================================================================
Percorso : C:\Program Files\Tablet\ISD\ISD_TabletUser.exe
Hash : 3D8C1A39AF2A53535BFFC0950DFC081B
================================================================
================================================================
Percorso : C:\Program Files\Tablet\ISD\ISD_Tablet.exe
Hash : 403ACE4481E11C153C82BFAA1074F996
================================================================
================================================================
Percorso : C:\Program Files\Tablet\CalibrationAssistant.exe
Hash : 647491A1448CAA532C20ADEBAD7C5687
================================================================
================================================================
Percorso : C:\Windows\system32\SearchProtocolHost.exe
Hash : 89ED7C028A487340B7D93D5A38FDCB54
================================================================
================================================================
Percorso : C:\Windows\system32\wuauclt.exe
Hash : -1
================================================================
================================================================
Percorso : C:\Problema Google\APS\Scan.exe
Hash : 3735B86F44B525CF8B52C5D8F365157C
================================================================
================================================================
Percorso : C:\Windows\SysWOW64\cmd.exe
Hash : AD7B9C14083B52BC532FBA5948342B98
================================================================
================================================================
Percorso : C:\Windows\system32\conhost.exe
Hash : -1
================================================================
================================================================
Percorso : C:\Windows\SysWOW64\Wbem\WMIC.exe
Hash : A03CF3838775E0801A0894C8BACD2E56
================================================================
================================================================
Percorso : C:\Windows\system32\wbem\wmiprvse.exe
Hash : 4FB491AC8D46AAF22BA8BC5C73DABEF7
================================================================

Come da suggerimento di Sabbb fatto scansione con Hitman Pro 64bit, nessun problema rilevato.
Fatta scannerizzazione con MalwareBytes; non posto il log perché zero trovati.
L'unico che rivela dei problemi, nel file di Hosts, è HiJackThis anche se non dovrebbe essere conpatibile con i 64 bit; il suo log
è identico anche eseguendolo come Amministratore... e Analyze Hosts Controller non fà niente.
...sono sempre a ringraziare tutti per l'interessamento...

[tyger]

... ops!!! non avevo visto la seconda pagina della discussione.
Scusatemi.
Proverò a fare una scansione con McAfee-GW-Edition.

[Sabbb]

Reimpostazione del file Hosts predefinito :Link
Facci sapere se va

[Hpmezzo]

Sabbb ti ricordi la chiave di registro dove era possibile modificare il percorso predefinito del file HOSTS?? Mmm...Dovrei sistemare allora ancora qualcosa in APS come si evince dal log...

[Sabbb]

Sabbb ti ricordi la chiave di registro dove era possibile modificare il percorso predefinito del file HOSTS??

No Emanuele.Dovrei fare una ricerca .Pensaci tu dai..

[Hpmezzo]

Ok..Cosi se non è possibile modificare il file HOSTS che è bloccato anche eseguendolo come amministratore si modifica il percorso del file HOSTS ... C'era una chiave di registro ma porca miseria non me lo ricordo...

[Hpmezzo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
"DataBasePath"=dword:%SystemRoot%\System32\drivers\etc

Volendo si potrebbe cambiare il percorso (cosi facendo si il file hosts contaminato viene annullato) e se ne crea un'altro magari in C:\WINDOWS\System300\etc
Giusta la mia considerazione Sabbb?

[tyger]

Sabbb ha scritto:
Reimpostazione del file Hosts predefinito...

la procedura automatica va a buon fine, ma non cambia niente.
in '...system32/drivers/etc' il file Hosts è uguale a prima.
in '...SysWOW64/drivers' non c'è la 'etc' , non posso quindi nemmeno usare la procedura manuale per rifare l'Hosts.
Non ho capito bene il discorso della chiave di registro; volete aggiornarmi ?

[Hpmezzo]

In pratica visto che non puoi modificare il file hosts modifichi il percorso al fine di annullare quello che non può essere modificato.

[tyger]

...sono riuscito a cambiare il file hosts, però quello in ..system32/etc ;
hijackthis non segnala più di fixare gli indirizzi host :
posto il log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:08:18, on 07/08/2011
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\EXPERTool\TBPANEL.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
I:\Software\Virus\Trojan_Bagle\Troyan_Bagle_Nuovo\MegaLab.it_H_i_J_a_C_k_T_h_I_s.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [GAINWARD] C:\Program Files (x86)\EXPERTool\TBPanel.exe /A
O4 - HKCU\..\Run: [Tesseract-OCR] C:\Program Files (x86)\Tesseract-OCR\tesseract.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Autodesk Content Service - Unknown owner - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: DCService.exe - Unknown owner - C:\ProgramData\DatacardService\DCService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit (mi-raysat_3dsmax2011_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TabletServiceISD - Unknown owner - C:\Program Files\Tablet\ISD\ISD_Tablet.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9978 bytes

la cosa che non riesco proprio a capire, è come mai nella cartella "...SysWOW64/drivers" non c'è la 'etc' che dovrebbe contenere il file hosts
come da istruzioni di "support.microsoft.com".

[Hpmezzo]

Hai un S.O A 64 bit? Solo se hai un sistema a 64bit ti dovrebbe spuntare sa cartella..

[tyger]

Hai un S.O A 64 bit? Solo se hai un sistema a 64bit....

... e si, 64 bit, lo dicevo nel messaggio iniziale con cui aprivo la discussione.

[Hpmezzo]

Non ricordavo..Comunque anche io ho un S.O a 64 bit è il percorso è quello normale .. Come se fosse a 32bit...@WINDIR\system32\drivers\etc...