problema con WIN32

[samuele76]

Salve a tutti, sono nuovo quindi mi presento mi chiamo Samuele e sono di Modena.
da qualche giorno all'apertura di windows mi appare una finestra che dice
Generic Host Process for Win32 Services

eventtype:BEX P1: svchost.exe P2.......

non mi appare più l'icona della connessione e non mi fa fare più il ripristino ad un punto di arresto precedente.

ho un XP SP2, ora gli ho messo anche l'aggiornamento SP£ ma nulla è cambiato.
avevo provato ad installare un aggiornamento di windowssegnalato su un altro topic per un problema analogo ma non ha funzionato

allego (speramdo possa servire) il Logfile di HijackThis

Scan saved at 16.39.39, on 11/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Microsoft SQL Server\MSSQL$CAMBRIDGESOFT\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\carpserv.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\Thrustmaster\FunAccess\PSPAP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Samuele\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.unimore.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmi\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [PSPAP] C:\Programmi\Thrustmaster\FunAccess\PSPAP.exe min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (MSN Games – Hearts) - http://zone.msn.com/bingame/zpagames...z.cab70018.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/bingame/zpagames...p.cab56961.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B02F64C-517E-4AA8-83A9-8E6F743B857A}: NameServer = 212.216.112.112,212.216.172.62
O17 - HKLM\System\CCS\Services\Tcpip\..\{676204D5-393C-4059-851F-E3E6CFD1101E}: NameServer = 85.255.113.125;85.255.112.214
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0CC0E13-6CF5-4E18-8358-AFBF095CC42F}: NameServer = 85.255.113.125;85.255.112.214
O17 - HKLM\System\CCS\Services\Tcpip\..\{C93D3765-616D-46C9-A718-1096E70253C7}: NameServer = 85.255.113.125;85.255.112.214
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF2A1D75-535D-49A4-B849-9BCE31805F3F}: NameServer = 85.255.113.125;85.255.112.214
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.125;85.255.112.214
O17 - HKLM\System\CS1\Services\Tcpip\..\{1B02F64C-517E-4AA8-83A9-8E6F743B857A}: NameServer = 212.216.112.112,212.216.172.62
O17 - HKLM\System\CS2\Services\Tcpip\..\{1B02F64C-517E-4AA8-83A9-8E6F743B857A}: NameServer = 212.216.112.112,212.216.172.62
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.113.125;85.255.112.214
O17 - HKLM\System\CS3\Services\Tcpip\..\{1B02F64C-517E-4AA8-83A9-8E6F743B857A}: NameServer = 212.216.112.112,212.216.172.62
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.113.125;85.255.112.214
O17 - HKLM\System\CS4\Services\Tcpip\..\{1B02F64C-517E-4AA8-83A9-8E6F743B857A}: NameServer = 212.216.112.112,212.216.172.62
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: NameServer = 85.255.113.125;85.255.112.214
O17 - HKLM\System\CS5\Services\Tcpip\..\{1B02F64C-517E-4AA8-83A9-8E6F743B857A}: NameServer = 212.216.112.112,212.216.172.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.125;85.255.112.214
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 9292 bytes

grazie in anticipo della risposta

[Deifobe]

Fixa:

O17 - HKLM\System\CCS\Services\Tcpip\..\{676204D5-393C-4059-851F-E3E6CFD1101E}: NameServer = 85.255.113.125;85.255.112.214
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0CC0E13-6CF5-4E18-8358-AFBF095CC42F}: NameServer = 85.255.113.125;85.255.112.214
O17 - HKLM\System\CCS\Services\Tcpip\..\{C93D3765-616D-46C9-A718-1096E70253C7}: NameServer = 85.255.113.125;85.255.112.214
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF2A1D75-535D-49A4-B849-9BCE31805F3F}: NameServer = 85.255.113.125;85.255.112.214
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.125;85.255.112.214
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.113.125;85.255.112.214
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.113.125;85.255.112.214
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: NameServer = 85.255.113.125;85.255.112.214
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.125;85.255.112.214

(quindi tutte le voci O17 => 85.255.113.125)

esegi una scansione con Avira_AntiRootkit_tool (devi indicarmi se e cosa trova)


scarica SystemScan - disconnetti il pc da internet => disattiva l'antivirus => esegui systemscan => clicca su "Scan Now". Finita la scansione, riattiva l'antivirus

carica il rapporto che trovi sul desktop su Savefile e posta il link ottenuto.

nota: systemscan viene riconosciuto come infetto per il tipo di scansione effettuata (è un falso positivo). La procedura postata è sicura.

[samuele76]

Grazie Deifobe.
Allora questo è il report di Avira
vira AntiRootkit Tool - Beta (1.0.1.17)

================================================== ================================================== ====
- Scan started venerdì 12 dicembre 2008 - 16.02.00
================================================== ================================================== ====

--------------------------------------------------------------------------------------------------------
Configuration:
--------------------------------------------------------------------------------------------------------
- [X] Scan files
- [X] Scan registry
- [X] Scan processes
- [ ] Fast scan
- Working disk total size : 38.15 GB
- Working disk free size : 1.72 GB (4 %)
--------------------------------------------------------------------------------------------------------

Results:
Hidden file : c:\documents and settings\samuele\cookies\samuele@rockyou[2].txt
Hidden file : c:\windows\system32\drivers\msqpdxpqltoiqh.sys
Hidden key : HKEY_USERS\.DEFAULT\msqpdxvx
Hidden key : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\m sqpdxserv.sys\modules
Hidden value : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\m sqpdxserv.sys -> start
Hidden value : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\m sqpdxserv.sys -> type
Hidden value : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\m sqpdxserv.sys -> imagepath
Hidden value : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\m sqpdxserv.sys -> group
Hidden key : HKEY_LOCAL_MACHINE\System\ControlSet003\Services\m sqpdxserv.sys\modules
Hidden value : HKEY_LOCAL_MACHINE\System\ControlSet003\Services\m sqpdxserv.sys -> start
Hidden value : HKEY_LOCAL_MACHINE\System\ControlSet003\Services\m sqpdxserv.sys -> type
Hidden value : HKEY_LOCAL_MACHINE\System\ControlSet003\Services\m sqpdxserv.sys -> imagepath
Hidden value : HKEY_LOCAL_MACHINE\System\ControlSet003\Services\m sqpdxserv.sys -> group
Hidden key : HKEY_LOCAL_MACHINE\System\ControlSet004\Services\m sqpdxserv.sys\modules
Hidden value : HKEY_LOCAL_MACHINE\System\ControlSet004\Services\m sqpdxserv.sys -> start
Hidden value : HKEY_LOCAL_MACHINE\System\ControlSet004\Services\m sqpdxserv.sys -> type
Hidden value : HKEY_LOCAL_MACHINE\System\ControlSet004\Services\m sqpdxserv.sys -> imagepath
Hidden value : HKEY_LOCAL_MACHINE\System\ControlSet004\Services\m sqpdxserv.sys -> group
Hidden key : HKEY_LOCAL_MACHINE\System\ControlSet005\Services\m sqpdxserv.sys\modules
Hidden value : HKEY_LOCAL_MACHINE\System\ControlSet005\Services\m sqpdxserv.sys -> start
Hidden value : HKEY_LOCAL_MACHINE\System\ControlSet005\Services\m sqpdxserv.sys -> type
Hidden value : HKEY_LOCAL_MACHINE\System\ControlSet005\Services\m sqpdxserv.sys -> imagepath
Hidden value : HKEY_LOCAL_MACHINE\System\ControlSet005\Services\m sqpdxserv.sys -> group
Hidden key : HKEY_LOCAL_MACHINE\Software\Classes\msqpdxvx
Hidden key : HKEY_USERS\S-1-5-21-1715567821-1417001333-725345543-1003\msqpdxvx

--------------------------------------------------------------------------------------------------------
Files: 2/125912
Registry items: 23/438834
Processes: 0/39
Scan time: 00:17:50
--------------------------------------------------------------------------------------------------------
Active processes:
- txjaoxqq.exe (PID 2452) (Avira AntiRootkit Tool - Beta)
- iexplore.exe (PID 300)
- taskmgr.exe (PID 1152)
- System (PID 4)
- SMSS.EXE (PID 680)
- CSRSS.EXE (PID 744)
- WINLOGON.EXE (PID 768)
- SERVICES.EXE (PID 824)
- LSASS.EXE (PID 836)
- SVCHOST.EXE (PID 1088)
- SVCHOST.EXE (PID 1172)
- SVCHOST.EXE (PID 1280)
- SVCHOST.EXE (PID 1392)
- SPOOLSV.EXE (PID 1552)
- AVGWDSVC.EXE (PID 1664)
- SQLSERVR.EXE (PID 1724)
- EXPLORER.EXE (PID 1828)
- NVSVC32.EXE (PID 1992)
- SVCHOST.EXE (PID 256)
- SVCHOST.EXE (PID 376)
- MIXER.EXE (PID 2032)
- CARPSERV.EXE (PID 248)
- iTunesHelper.exe (PID 1952)
- AVGTRAY.EXE (PID 1972)
- PSPAP.EXE (PID 1968)
- CTFMON.EXE (PID 280)
- MSMSGS.EXE (PID 264)
- WCESCOMM.EXE (PID 460)
- rapimgr.exe (PID 1044)
- AVGRSX.EXE (PID 2648)
- AVGEMC.EXE (PID 2868)
- iPodService.exe (PID 3092)
- alg.exe (PID 3296)
- SVCHOST.EXE (PID 3536)
- SVCHOST.EXE (PID 1412)
- iexplore.exe (PID 2700)
- iexplore.exe (PID 2532)
- zstatus.exe (PID 3708)
- avirarkd.exe (PID 2560)
================================================== ================================================== ====
- Scan finished venerdì 12 dicembre 2008 - 16.19.50

e questo è il link al report di Systemscan
http://www.savefile.com/files/1927433

grazie ancora

[Deifobe]

ciao,
i file e i servizi da eliminare dovrebbero essere questi (non so se in parte li ha già eliminati avira antirootkit):
;
C:\WINDOWS\system32\-f
C:\DOCUME~2\Samuele\IMPOST~1\Temp\390325.tmp
C:\DOCUME~2\Samuele\IMPOST~1\Temp\17.tmp
C:\WINDOWS\SYSTEM32\DRIVERS\msqpdxpqltoiqh.sys
C:\WINDOWS\SYSTEM32\msqpdxosvdbrsr.dll
C:\WINDOWS\SYSTEM32\msqpdxriqpxfum.dll
C:\WINDOWS\system32\drivers\Ndisprot.sys
C:\DOCUME~2\Samuele\IMPOST~1\Temp\ptdtcp.sys
;
HKLM\system\currentcontrolset\services\msqpdxserv. sys
HKLM\system\currentcontrolset\services\Ndisprot.sy s
HKEY_LOCAL_MACHINE\system\controlset001\services\m sqpdxserv.sys
HKEY_LOCAL_MACHINE\system\controlset001\services\N disprot.sys
HKEY_LOCAL_MACHINE\system\controlset002\services\m sqpdxserv.sys
HKEY_LOCAL_MACHINE\system\controlset002\services\N disprot.sys
HKEY_LOCAL_MACHINE\system\controlset001\services\p tdtcp
HKEY_LOCAL_MACHINE\Software\Classes\msqpdxvx
HKEY_USERS\S-1-5-21-1715567821-1417001333-725345543-1003\msqpdxvx
HKEY_USERS\.DEFAULT\msqpdxvx
;

prima di tutto, però, dobbiamo fare dei controlli su Ndisprot

visualizza i file nascosti e vedi se trovi il file c\windows\inf\ndisprot.inf
se c'è, zippalo, caricalo su savefile e mandami il link con un messaggio privato (non metterlo sul forum, mi raccomando)

poi, scarica Registry Search Tool (lo trovi nella pagina) e cerca
Ndisprot
Carica i risultati su savefile e posta il link

vai su Virustotal e analizza il file C:\WINDOWS\system32\-f Posta il link dell'analisi


ciao

[Deifobe]

analizza anche C:\WINDOWS\system32\drivers\Ndisprot.sys e posta il risultato il link dell'analisi
grazie

[samuele76]

eccolo:
analisis/2363abaf6efb99b7f3947c1b3c828811
grazie a te

[Deifobe]

facciamo così:

Scarica e installa malwarebytes.
Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completa, fai clic su OK => Mostra i Risultati.
Assicurarti che tutto sia selezionato e clicca clic su Rimuovi selezionati.
Se ti chiede di riavviare, riavvia per completare il processo di pulizia.

Posta il rapporto.
(dovrebbe rimuovere i vari msqpdxpqltoiqh.sys ecc. ecc., se ancora presenti)

poi posta un nuovo systemscan

zippa il file Ndisprot.sys, carica il .zip su savefile e inviamelo con un messaggio privato (cortesemente, non inserire il link sul forum, mi raccomando)