aiuto rootkit

[anto0peppe]

ragazzi ho appena formattato il mio pc e neanche tempo mi sono beccato un bel rootkit di quello serio ,

me lo dice combofix appena lo avvio mi dice che è necessario riavviare il pc perchè un rootkit sta lavorando!!!

ragazzi come posso fare ??

ho fatto la scansione con panda antirootkit e non me lo trova.....potete aiutarmi?

[anto0peppe]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13.33.27, on 28/01/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17093)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\VEXPLite\viritsvc.exe
C:\Programmi\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast5] "C:\Programmi\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Programmi\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
O23 - Service: VirIT eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLite\viritsvc.exe

--
End of file - 3843 bytes

[Riverside]

me lo dice combofix appena lo avvio mi dice che è necessario riavviare il pc perchè un rootkit sta lavorando!!!

A parte che il log di Hijckthis è pulito, vorrei capire 2 cose:
1) perché usi Combofix;
2) quando Combofix segnala che cè un rootkit che sta lavorando.

[anto0peppe]

uso combofix perchè lo uso sempre nei miei pc perchè mi tiene il pc pulito e secondo me è uno dei pochi programmi che fa bene il suo lavoro....

combofix mi dice che cè il rootkit quando dovrebbe cominciare la scansione

[Riverside]

uso combofix perchè lo uso sempre nei miei pc perchè mi tiene il pc pulito e secondo me è uno dei pochi programmi che fa bene il suo lavoro....

Bah ... ognuno pulisce il computer come crede
[url]combofix mi dice che cè il rootkit quando dovrebbe cominciare la scansione[/quote]
Eseguilo in modalità provvisoria; se lo lascia eseguire, solo per mera curiosità, allega, qui il report che verrà rilasciato

[anto0peppe]

ComboFix 11-01-27.05 - giuseppe 28/01/2011 13.21.17.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1918.1578 [GMT 1:00]
Eseguito da: c:\documents and settings\giuseppe\Desktop\Programmi Utili\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2010-12-28 al 2011-01-28 )))))))))))))))))))))))))))))))))))
.

2011-01-28 00:58 . 2011-01-28 01:16 -------- d-----w- C:\VEXPLite
2011-01-27 23:33 . 2011-01-27 23:36 -------- d-----w- C:\HattrickOrganizer
2011-01-27 23:04 . 2011-01-28 00:51 -------- d-----r- C:\Programmi
2011-01-27 23:02 . 2011-01-27 22:13 -------- d-----w- C:\Documents and Settings

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-30 09:00 . 2010-11-30 09:00 54520 --s-a-w- c:\windows\system32\drivers\VIRAGTLT.sys
2010-11-09 14:51 . 2004-08-19 12:39 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:28 . 2007-01-03 09:56 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:28 . 2007-01-03 09:56 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:28 . 2007-01-03 09:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:28 . 2007-01-03 09:55 17408 ----a-w- c:\windows\system32\corpol.dll
2010-11-02 15:17 . 2001-08-31 10:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
.

((((((((((((((((((((((((((((( SnapShot@2011-01-28_00.36.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-28 12:20 . 2011-01-28 12:20 16384 c:\windows\Temp\Perflib_Perfdata_5cc.dat
- 2007-01-03 09:52 . 2008-04-14 02:13 90112 c:\windows\system32\wshext.dll
+ 2007-01-03 09:52 . 2008-05-09 10:53 90112 c:\windows\system32\wshext.dll
+ 2011-01-27 23:15 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
- 2011-01-27 23:15 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
+ 2004-08-19 12:39 . 2009-10-21 05:38 75776 c:\windows\system32\strmfilt.dll
- 2004-08-19 12:39 . 2008-04-14 02:13 75776 c:\windows\system32\strmfilt.dll
+ 2007-01-03 09:51 . 2010-08-27 05:58 99840 c:\windows\system32\srvsvc.dll
+ 2011-01-27 23:48 . 2007-07-27 22:11 26488 c:\windows\system32\spupdsvc.exe
- 2011-01-27 23:48 . 2007-08-10 07:20 26488 c:\windows\system32\spupdsvc.exe
+ 2007-01-03 09:51 . 2010-08-17 13:17 58880 c:\windows\system32\spoolsv.exe
+ 2011-01-27 23:46 . 2010-02-22 14:27 18808 c:\windows\system32\spmsg.dll
- 2011-01-27 23:46 . 2009-05-26 09:01 18808 c:\windows\system32\spmsg.dll
+ 2011-01-28 00:56 . 2010-05-26 09:45 18816 c:\windows\system32\SAVRKBootTasks.sys
- 2007-01-03 09:56 . 2010-05-04 17:16 44544 c:\windows\system32\pngfilt.dll
+ 2007-01-03 09:56 . 2010-11-06 00:28 44544 c:\windows\system32\pngfilt.dll
- 2001-08-31 10:00 . 2011-01-28 00:16 47592 c:\windows\system32\perfc010.dat
+ 2001-08-31 10:00 . 2011-01-28 11:30 47592 c:\windows\system32\perfc010.dat
- 2001-08-31 10:00 . 2011-01-28 00:16 39992 c:\windows\system32\perfc009.dat
+ 2001-08-31 10:00 . 2011-01-28 11:30 39992 c:\windows\system32\perfc009.dat
+ 2007-01-03 09:56 . 2010-11-06 00:28 52224 c:\windows\system32\msfeedsbs.dll
- 2007-01-03 09:56 . 2010-05-04 17:15 52224 c:\windows\system32\msfeedsbs.dll
- 2007-01-03 09:56 . 2010-05-04 17:15 27648 c:\windows\system32\jsproxy.dll
+ 2007-01-03 09:56 . 2010-11-06 00:28 27648 c:\windows\system32\jsproxy.dll
- 2011-01-27 22:09 . 2008-04-14 02:13 86016 c:\windows\system32\isign32.dll
+ 2011-01-27 22:09 . 2010-11-18 18:12 86016 c:\windows\system32\isign32.dll
+ 2007-01-03 09:56 . 2010-10-21 12:11 13824 c:\windows\system32\ieudinit.exe
- 2007-01-03 09:56 . 2010-04-16 13:24 13824 c:\windows\system32\ieudinit.exe
+ 2004-08-19 12:39 . 2010-11-06 00:28 44544 c:\windows\system32\iernonce.dll
- 2004-08-19 12:39 . 2010-05-04 17:15 44544 c:\windows\system32\iernonce.dll
- 2007-01-03 09:55 . 2010-04-16 13:24 70656 c:\windows\system32\ie4uinit.exe
+ 2007-01-03 09:55 . 2010-11-03 12:24 70656 c:\windows\system32\ie4uinit.exe
+ 2004-08-19 12:39 . 2010-06-17 14:03 80384 c:\windows\system32\iccvid.dll
- 2004-08-19 12:39 . 2008-04-14 02:13 80384 c:\windows\system32\iccvid.dll
- 2007-01-03 09:55 . 2010-05-04 17:15 63488 c:\windows\system32\icardie.dll
+ 2007-01-03 09:55 . 2010-11-06 00:28 63488 c:\windows\system32\icardie.dll
+ 2004-08-19 12:39 . 2009-10-21 05:38 25088 c:\windows\system32\httpapi.dll
+ 2011-01-27 23:02 . 2011-01-28 11:29 95864 c:\windows\system32\FNTCACHE.DAT
+ 2011-01-28 01:27 . 2008-05-09 10:53 90112 c:\windows\system32\dllcache\wshext.dll
+ 2011-01-28 01:30 . 2010-10-11 14:59 45568 c:\windows\system32\dllcache\wab.exe
+ 2011-01-28 01:27 . 2009-10-21 05:38 75776 c:\windows\system32\dllcache\strmfilt.dll
+ 2011-01-28 01:29 . 2010-08-27 05:58 99840 c:\windows\system32\dllcache\srvsvc.dll
+ 2011-01-28 01:28 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
- 2011-01-27 23:25 . 2010-05-04 17:16 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2011-01-27 23:25 . 2010-11-06 00:28 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2011-01-28 01:30 . 2010-11-02 15:17 40960 c:\windows\system32\dllcache\ndproxy.sys
+ 2011-01-27 23:25 . 2010-11-06 00:28 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2011-01-27 23:25 . 2010-05-04 17:15 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2011-01-27 23:25 . 2010-05-04 17:15 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2011-01-27 23:25 . 2010-11-06 00:28 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2011-01-28 01:30 . 2010-11-18 18:12 86016 c:\windows\system32\dllcache\isign32.dll
+ 2011-01-27 23:25 . 2010-10-21 12:11 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2011-01-27 23:25 . 2010-04-16 13:24 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2011-01-27 23:25 . 2010-11-06 00:28 44544 c:\windows\system32\dllcache\iernonce.dll
- 2011-01-27 23:25 . 2010-05-04 17:15 44544 c:\windows\system32\dllcache\iernonce.dll
- 2011-01-27 23:25 . 2010-05-04 17:15 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2011-01-27 23:25 . 2010-11-06 00:28 78336 c:\windows\system32\dllcache\ieencode.dll
- 2011-01-27 23:25 . 2010-04-16 13:24 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2011-01-27 23:25 . 2010-11-03 12:24 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2011-01-27 23:25 . 2010-11-06 00:28 63488 c:\windows\system32\dllcache\icardie.dll
- 2011-01-27 23:25 . 2010-05-04 17:15 63488 c:\windows\system32\dllcache\icardie.dll
+ 2011-01-28 01:27 . 2009-10-21 05:38 25088 c:\windows\system32\dllcache\httpapi.dll
+ 2011-01-27 23:25 . 2010-11-06 00:28 17408 c:\windows\system32\dllcache\corpol.dll
- 2011-01-27 23:25 . 2010-05-04 17:15 17408 c:\windows\system32\dllcache\corpol.dll
+ 2011-01-28 01:34 . 2010-05-04 17:16 44544 c:\windows\ie7updates\KB2416400-IE7\pngfilt.dll
+ 2011-01-28 01:34 . 2010-05-04 17:15 52224 c:\windows\ie7updates\KB2416400-IE7\msfeedsbs.dll
+ 2011-01-28 01:34 . 2010-05-04 17:15 27648 c:\windows\ie7updates\KB2416400-IE7\jsproxy.dll
+ 2011-01-28 01:34 . 2010-04-16 13:24 13824 c:\windows\ie7updates\KB2416400-IE7\ieudinit.exe
+ 2011-01-28 01:34 . 2010-05-04 17:15 44544 c:\windows\ie7updates\KB2416400-IE7\iernonce.dll
+ 2011-01-28 01:34 . 2010-05-04 17:15 78336 c:\windows\ie7updates\KB2416400-IE7\ieencode.dll
+ 2011-01-28 01:34 . 2010-04-16 13:24 70656 c:\windows\ie7updates\KB2416400-IE7\ie4uinit.exe
+ 2011-01-28 01:34 . 2010-05-04 17:15 63488 c:\windows\ie7updates\KB2416400-IE7\icardie.dll
+ 2011-01-28 01:34 . 2010-05-04 17:15 17408 c:\windows\ie7updates\KB2416400-IE7\corpol.dll
+ 2008-05-05 06:25 . 2010-08-27 06:13 5632 c:\windows\system32\xpsp4res.dll
+ 2007-01-03 09:52 . 2008-05-08 11:24 155648 c:\windows\system32\wscript.exe
- 2007-01-03 09:52 . 2008-04-14 02:14 155648 c:\windows\system32\wscript.exe
+ 2007-01-03 09:52 . 2010-06-18 17:45 293888 c:\windows\system32\winsrv.dll
- 2007-01-03 09:52 . 2008-04-14 02:13 293888 c:\windows\system32\winsrv.dll
+ 2004-08-19 12:39 . 2009-08-25 09:18 354816 c:\windows\system32\winhttp.dll
- 2007-01-03 09:56 . 2010-05-04 17:16 233472 c:\windows\system32\webcheck.dll
+ 2007-01-03 09:56 . 2010-11-06 00:28 233472 c:\windows\system32\webcheck.dll
- 2004-08-19 12:39 . 2008-04-14 02:13 406016 c:\windows\system32\usp10.dll
+ 2004-08-19 12:39 . 2010-04-16 15:37 406016 c:\windows\system32\usp10.dll
- 2007-01-03 09:56 . 2010-05-04 17:16 105984 c:\windows\system32\url.dll
+ 2007-01-03 09:56 . 2010-11-06 00:28 105984 c:\windows\system32\url.dll
+ 2007-01-03 09:51 . 2010-08-27 08:02 119808 c:\windows\system32\t2embed.dll
- 2007-01-03 09:51 . 2009-10-15 16:29 119808 c:\windows\system32\t2embed.dll
+ 2007-01-03 09:51 . 2008-05-09 10:53 172032 c:\windows\system32\scrrun.dll
- 2007-01-03 09:51 . 2008-04-14 02:13 172032 c:\windows\system32\scrrun.dll
+ 2007-01-03 09:51 . 2008-05-09 10:53 180224 c:\windows\system32\scrobj.dll
- 2007-01-03 09:51 . 2008-04-14 02:13 180224 c:\windows\system32\scrobj.dll
+ 2004-08-19 12:39 . 2010-06-30 12:31 149504 c:\windows\system32\schannel.dll
+ 2007-01-03 09:51 . 2010-08-16 08:44 590848 c:\windows\system32\rpcrt4.dll
+ 2001-08-31 10:00 . 2011-01-28 11:30 345010 c:\windows\system32\perfh010.dat
- 2001-08-31 10:00 . 2011-01-28 00:16 345010 c:\windows\system32\perfh010.dat
+ 2001-08-31 10:00 . 2011-01-28 11:30 311604 c:\windows\system32\perfh009.dat
- 2001-08-31 10:00 . 2011-01-28 00:16 311604 c:\windows\system32\perfh009.dat
+ 2007-01-03 09:56 . 2010-11-06 00:28 102912 c:\windows\system32\occache.dll
- 2007-01-03 09:56 . 2010-05-04 17:16 102912 c:\windows\system32\occache.dll
- 2011-01-27 22:34 . 2011-01-27 22:34 252080 c:\windows\system32\nvdrsdb1.bin
+ 2011-01-27 22:34 . 2011-01-28 01:43 252080 c:\windows\system32\nvdrsdb1.bin
- 2007-01-03 09:56 . 2010-05-04 17:16 671232 c:\windows\system32\mstime.dll
+ 2007-01-03 09:56 . 2010-11-06 00:28 671232 c:\windows\system32\mstime.dll
- 2007-01-03 09:56 . 2010-05-04 17:16 193024 c:\windows\system32\msrating.dll
+ 2007-01-03 09:56 . 2010-11-06 00:28 193024 c:\windows\system32\msrating.dll
+ 2007-01-03 09:56 . 2010-11-06 00:28 478208 c:\windows\system32\mshtmled.dll
+ 2007-01-03 09:56 . 2010-11-06 00:28 468480 c:\windows\system32\msfeeds.dll
+ 2007-01-03 09:54 . 2010-03-30 11:24 317440 c:\windows\system32\mp4sdecd.dll
- 2007-01-03 09:54 . 2007-01-03 09:54 317440 c:\windows\system32\mp4sdecd.dll
+ 2004-08-19 12:39 . 2010-09-18 11:23 974848 c:\windows\system32\mfc42u.dll
+ 2004-08-19 12:39 . 2010-09-18 06:53 974848 c:\windows\system32\mfc42.dll
+ 2001-08-31 10:00 . 2010-09-18 06:53 953856 c:\windows\system32\mfc40u.dll
+ 2001-08-31 10:00 . 2010-09-18 06:53 954368 c:\windows\system32\mfc40.dll
+ 2011-01-27 22:09 . 2010-06-09 07:43 692736 c:\windows\system32\inetcomm.dll
- 2007-01-03 09:56 . 2010-05-04 17:15 268288 c:\windows\system32\iertutil.dll
+ 2007-01-03 09:56 . 2010-11-06 00:28 268288 c:\windows\system32\iertutil.dll
+ 2007-01-03 09:56 . 2010-11-06 00:28 192512 c:\windows\system32\iepeers.dll
- 2007-01-03 09:56 . 2010-05-04 17:15 192512 c:\windows\system32\iepeers.dll
+ 2007-01-03 09:55 . 2010-11-06 00:28 384512 c:\windows\system32\iedkcs32.dll
- 2007-01-03 09:55 . 2010-05-04 17:15 380928 c:\windows\system32\ieapfltr.dll
+ 2007-01-03 09:55 . 2010-11-06 00:28 380928 c:\windows\system32\ieapfltr.dll
- 2007-01-03 09:55 . 2010-04-16 11:43 161792 c:\windows\system32\ieakui.dll
+ 2007-01-03 09:55 . 2010-10-18 11:06 161792 c:\windows\system32\ieakui.dll
+ 2007-01-03 09:55 . 2010-11-06 00:28 230400 c:\windows\system32\ieaksie.dll
- 2007-01-03 09:55 . 2010-05-04 17:15 230400 c:\windows\system32\ieaksie.dll
- 2007-01-03 09:55 . 2010-05-04 17:15 153088 c:\windows\system32\ieakeng.dll
+ 2007-01-03 09:55 . 2010-11-06 00:28 153088 c:\windows\system32\ieakeng.dll
+ 2007-01-03 09:55 . 2010-11-06 00:28 133120 c:\windows\system32\extmgr.dll
- 2007-01-03 09:55 . 2010-05-04 17:15 133120 c:\windows\system32\extmgr.dll
+ 2007-01-03 09:55 . 2010-11-06 00:28 214528 c:\windows\system32\dxtrans.dll
- 2007-01-03 09:55 . 2010-05-04 17:15 214528 c:\windows\system32\dxtrans.dll
- 2007-01-03 09:55 . 2010-05-04 17:15 347136 c:\windows\system32\dxtmsft.dll
+ 2007-01-03 09:55 . 2010-11-06 00:28 347136 c:\windows\system32\dxtmsft.dll
+ 2007-01-03 09:51 . 2010-08-26 13:39 357248 c:\windows\system32\drivers\srv.sys
+ 2007-01-03 09:48 . 2009-10-20 16:20 265728 c:\windows\system32\drivers\http.sys
+ 2011-01-28 01:27 . 2008-05-08 11:24 155648 c:\windows\system32\dllcache\wscript.exe
+ 2011-01-27 23:10 . 2010-07-16 12:02 221696 c:\windows\system32\dllcache\wordpad.exe
+ 2011-01-28 01:28 . 2010-06-18 17:45 293888 c:\windows\system32\dllcache\winsrv.dll
- 2011-01-27 23:25 . 2010-05-04 17:16 832512 c:\windows\system32\dllcache\wininet.dll
+ 2011-01-27 23:25 . 2010-11-06 00:28 832512 c:\windows\system32\dllcache\wininet.dll
+ 2011-01-27 23:28 . 2009-08-25 09:18 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2011-01-27 23:25 . 2010-11-06 00:28 233472 c:\windows\system32\dllcache\webcheck.dll
- 2011-01-27 23:25 . 2010-05-04 17:16 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2011-01-28 01:28 . 2010-04-16 15:37 406016 c:\windows\system32\dllcache\usp10.dll
- 2011-01-27 23:25 . 2010-05-04 17:16 105984 c:\windows\system32\dllcache\url.dll
+ 2011-01-27 23:25 . 2010-11-06 00:28 105984 c:\windows\system32\dllcache\url.dll
- 2011-01-27 23:19 . 2009-10-15 16:29 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2011-01-27 23:19 . 2010-08-27 08:02 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2011-01-27 23:22 . 2010-08-26 13:39 357248 c:\windows\system32\dllcache\srv.sys
+ 2011-01-28 01:27 . 2008-05-09 10:53 172032 c:\windows\system32\dllcache\scrrun.dll
+ 2011-01-28 01:27 . 2008-05-09 10:53 180224 c:\windows\system32\dllcache\scrobj.dll
+ 2011-01-27 23:30 . 2010-06-30 12:31 149504 c:\windows\system32\dllcache\schannel.dll
+ 2011-01-27 23:28 . 2010-08-16 08:44 590848 c:\windows\system32\dllcache\rpcrt4.dll
+ 2011-01-28 01:31 . 2010-11-09 14:51 249856 c:\windows\system32\dllcache\odbc32.dll
- 2011-01-27 23:25 . 2010-05-04 17:16 102912 c:\windows\system32\dllcache\occache.dll
+ 2011-01-27 23:25 . 2010-11-06 00:28 102912 c:\windows\system32\dllcache\occache.dll
- 2011-01-27 23:25 . 2010-05-04 17:16 671232 c:\windows\system32\dllcache\mstime.dll
+ 2011-01-27 23:25 . 2010-11-06 00:28 671232 c:\windows\system32\dllcache\mstime.dll
- 2011-01-27 23:25 . 2010-05-04 17:16 193024 c:\windows\system32\dllcache\msrating.dll
+ 2011-01-27 23:25 . 2010-11-06 00:28 193024 c:\windows\system32\dllcache\msrating.dll
+ 2011-01-28 01:31 . 2010-11-09 14:51 102400 c:\windows\system32\dllcache\msjro.dll
+ 2011-01-27 23:25 . 2010-11-06 00:28 478208 c:\windows\system32\dllcache\mshtmled.dll
+ 2011-01-27 23:25 . 2010-11-06 00:28 468480 c:\windows\system32\dllcache\msfeeds.dll
+ 2011-01-28 01:31 . 2010-11-09 14:51 200704 c:\windows\system32\dllcache\msadox.dll
+ 2011-01-28 01:31 . 2010-11-09 14:51 180224 c:\windows\system32\dllcache\msadomd.dll
+ 2011-01-28 01:31 . 2010-11-09 14:51 536576 c:\windows\system32\dllcache\msado15.dll
+ 2011-01-28 01:31 . 2010-11-09 14:51 143360 c:\windows\system32\dllcache\msadco.dll
+ 2010-03-30 11:24 . 2010-03-30 11:24 317440 c:\windows\system32\dllcache\mp4sdecd.dll
+ 2010-09-18 11:23 . 2010-09-18 11:23 974848 c:\windows\system32\dllcache\mfc42u.dll
+ 2011-01-28 01:29 . 2010-09-18 06:53 974848 c:\windows\system32\dllcache\mfc42.dll
+ 2011-01-28 01:29 . 2010-09-18 06:53 953856 c:\windows\system32\dllcache\mfc40u.dll
+ 2011-01-28 01:29 . 2010-09-18 06:53 954368 c:\windows\system32\dllcache\mfc40.dll
+ 2011-01-27 23:28 . 2010-06-09 07:43 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2011-01-27 23:25 . 2010-10-18 11:07 634648 c:\windows\system32\dllcache\iexplore.exe
+ 2011-01-27 23:25 . 2010-11-06 00:28 268288 c:\windows\system32\dllcache\iertutil.dll
- 2011-01-27 23:25 . 2010-05-04 17:15 268288 c:\windows\system32\dllcache\iertutil.dll
- 2011-01-27 23:25 . 2010-05-04 17:15 192512 c:\windows\system32\dllcache\iepeers.dll
+ 2011-01-27 23:25 . 2010-11-06 00:28 192512 c:\windows\system32\dllcache\iepeers.dll
+ 2011-01-27 23:25 . 2010-11-06 00:28 384512 c:\windows\system32\dllcache\iedkcs32.dll
- 2011-01-27 23:25 . 2010-05-04 17:15 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2011-01-27 23:25 . 2010-11-06 00:28 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2011-01-27 23:25 . 2010-10-18 11:06 161792 c:\windows\system32\dllcache\ieakui.dll
- 2011-01-27 23:25 . 2010-04-16 11:43 161792 c:\windows\system32\dllcache\ieakui.dll
- 2011-01-27 23:25 . 2010-05-04 17:15 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2011-01-27 23:25 . 2010-11-06 00:28 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2011-01-27 23:25 . 2010-05-04 17:15 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2011-01-27 23:25 . 2010-11-06 00:28 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2011-01-28 01:27 . 2009-10-20 16:20 265728 c:\windows\system32\dllcache\http.sys
- 2011-01-27 23:25 . 2010-05-04 17:15 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2011-01-27 23:25 . 2010-11-06 00:28 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2011-01-27 23:25 . 2010-11-06 00:28 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2011-01-27 23:25 . 2010-05-04 17:15 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2011-01-27 23:25 . 2010-11-06 00:28 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2011-01-27 23:25 . 2010-05-04 17:15 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2011-01-28 01:27 . 2008-05-09 08:45 135168 c:\windows\system32\dllcache\cscript.exe
+ 2011-01-28 01:29 . 2010-08-23 16:12 617472 c:\windows\system32\dllcache\comctl32.dll
+ 2011-01-27 23:30 . 2010-10-28 13:13 290048 c:\windows\system32\dllcache\atmfd.dll
+ 2011-01-27 23:25 . 2010-11-06 00:28 124928 c:\windows\system32\dllcache\advpack.dll
- 2011-01-27 23:25 . 2010-05-04 17:15 124928 c:\windows\system32\dllcache\advpack.dll
+ 2007-01-03 09:48 . 2008-05-09 08:45 135168 c:\windows\system32\cscript.exe
- 2007-01-03 09:48 . 2008-04-14 02:13 617472 c:\windows\system32\comctl32.dll
+ 2007-01-03 09:48 . 2010-08-23 16:12 617472 c:\windows\system32\comctl32.dll
+ 2004-08-19 12:37 . 2010-10-28 13:13 290048 c:\windows\system32\atmfd.dll
- 2007-01-03 09:55 . 2010-05-04 17:15 124928 c:\windows\system32\advpack.dll
+ 2007-01-03 09:55 . 2010-11-06 00:28 124928 c:\windows\system32\advpack.dll
+ 2011-01-28 00:58 . 2011-01-28 00:58 293888 c:\windows\Installer\16476.msi
+ 2011-01-28 01:34 . 2010-05-04 17:16 832512 c:\windows\ie7updates\KB2416400-IE7\wininet.dll
+ 2011-01-28 01:34 . 2010-05-04 17:16 233472 c:\windows\ie7updates\KB2416400-IE7\webcheck.dll
+ 2011-01-28 01:34 . 2010-05-04 17:16 105984 c:\windows\ie7updates\KB2416400-IE7\url.dll
+ 2011-01-28 01:34 . 2010-07-05 13:20 402296 c:\windows\ie7updates\KB2416400-IE7\spuninst\updspapi.dll
+ 2011-01-28 01:34 . 2010-02-22 14:27 233848 c:\windows\ie7updates\KB2416400-IE7\spuninst\spuninst.exe
+ 2011-01-28 01:34 . 2010-05-04 17:16 102912 c:\windows\ie7updates\KB2416400-IE7\occache.dll
+ 2011-01-28 01:34 . 2010-05-04 17:16 671232 c:\windows\ie7updates\KB2416400-IE7\mstime.dll
+ 2011-01-28 01:34 . 2010-05-04 17:16 193024 c:\windows\ie7updates\KB2416400-IE7\msrating.dll
+ 2011-01-28 01:34 . 2010-05-04 17:15 477696 c:\windows\ie7updates\KB2416400-IE7\mshtmled.dll
+ 2011-01-28 01:34 . 2010-05-04 17:15 459264 c:\windows\ie7updates\KB2416400-IE7\msfeeds.dll
+ 2011-01-28 01:34 . 2010-04-16 11:43 634656 c:\windows\ie7updates\KB2416400-IE7\iexplore.exe
+ 2011-01-28 01:34 . 2010-05-04 17:15 268288 c:\windows\ie7updates\KB2416400-IE7\iertutil.dll
+ 2011-01-28 01:34 . 2010-05-04 17:15 192512 c:\windows\ie7updates\KB2416400-IE7\iepeers.dll
+ 2011-01-28 01:34 . 2010-05-04 17:15 385024 c:\windows\ie7updates\KB2416400-IE7\iedkcs32.dll
+ 2011-01-28 01:34 . 2010-05-04 17:15 380928 c:\windows\ie7updates\KB2416400-IE7\ieapfltr.dll
+ 2011-01-28 01:34 . 2010-04-16 11:43 161792 c:\windows\ie7updates\KB2416400-IE7\ieakui.dll
+ 2011-01-28 01:34 . 2010-05-04 17:15 230400 c:\windows\ie7updates\KB2416400-IE7\ieaksie.dll
+ 2011-01-28 01:34 . 2010-05-04 17:15 153088 c:\windows\ie7updates\KB2416400-IE7\ieakeng.dll
+ 2011-01-28 01:34 . 2010-05-04 17:15 133120 c:\windows\ie7updates\KB2416400-IE7\extmgr.dll
+ 2011-01-28 01:34 . 2010-05-04 17:15 214528 c:\windows\ie7updates\KB2416400-IE7\dxtrans.dll
+ 2011-01-28 01:34 . 2010-05-04 17:15 347136 c:\windows\ie7updates\KB2416400-IE7\dxtmsft.dll
+ 2011-01-28 01:34 . 2010-05-04 17:15 124928 c:\windows\ie7updates\KB2416400-IE7\advpack.dll
+ 2011-01-28 01:27 . 2009-10-20 16:20 265728 c:\windows\Driver Cache\i386\http.sys
+ 2011-01-28 01:29 . 2010-08-23 16:12 1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
+ 2007-01-03 09:52 . 2010-10-26 14:05 1853312 c:\windows\system32\win32k.sys
+ 2007-01-03 09:56 . 2010-11-06 00:28 1168384 c:\windows\system32\urlmon.dll
- 2007-01-03 09:56 . 2010-05-04 17:16 1168384 c:\windows\system32\urlmon.dll
+ 2007-01-03 09:53 . 2010-07-27 06:29 8491520 c:\windows\system32\shell32.dll
+ 2007-01-03 09:50 . 2010-07-16 12:05 1287680 c:\windows\system32\ole32.dll
+ 2007-01-03 09:50 . 2010-04-28 05:41 2149888 c:\windows\system32\ntoskrnl.exe
- 2007-01-03 09:50 . 2010-02-16 19:05 2149888 c:\windows\system32\ntoskrnl.exe
- 2006-10-30 15:01 . 2010-02-16 19:05 2028032 c:\windows\system32\ntkrnlpa.exe
+ 2006-10-30 15:01 . 2010-04-28 05:41 2028032 c:\windows\system32\ntkrnlpa.exe
+ 2007-01-03 09:50 . 2010-06-14 07:41 1172480 c:\windows\system32\msxml3.dll
- 2007-01-03 09:50 . 2009-07-31 04:32 1172480 c:\windows\system32\msxml3.dll
+ 2007-01-03 09:56 . 2010-11-06 04:58 3604480 c:\windows\system32\mshtml.dll
+ 2007-01-03 09:56 . 2010-11-06 00:28 6075904 c:\windows\system32\ieframe.dll
+ 2011-01-27 23:29 . 2010-10-26 14:05 1853312 c:\windows\system32\dllcache\win32k.sys
- 2011-01-27 23:25 . 2010-05-04 17:16 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2011-01-27 23:25 . 2010-11-06 00:28 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2011-01-27 23:29 . 2010-07-27 06:29 8491520 c:\windows\system32\dllcache\shell32.dll
+ 2011-01-28 01:28 . 2010-07-16 12:05 1287680 c:\windows\system32\dllcache\ole32.dll
+ 2011-01-27 23:18 . 2010-04-28 18:11 2193664 c:\windows\system32\dllcache\ntoskrnl.exe
- 2011-01-27 23:18 . 2010-02-17 13:05 2193664 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2011-01-27 23:18 . 2010-04-28 05:41 2028032 c:\windows\system32\dllcache\ntkrpamp.exe
- 2011-01-27 23:18 . 2010-02-16 19:05 2028032 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-10 18:02 . 2010-04-28 05:41 2070528 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2009-02-10 18:02 . 2010-02-16 19:05 2070528 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2011-01-27 23:18 . 2010-02-16 19:05 2149888 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2011-01-27 23:18 . 2010-04-28 05:41 2149888 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2011-01-27 23:13 . 2010-06-14 07:41 1172480 c:\windows\system32\dllcache\msxml3.dll
- 2011-01-27 23:13 . 2009-07-31 04:32 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2010-05-04 21:46 . 2010-11-06 04:58 3604480 c:\windows\system32\dllcache\mshtml.dll
+ 2011-01-27 23:18 . 2010-06-18 13:36 3558912 c:\windows\system32\dllcache\moviemk.exe
- 2011-01-27 23:18 . 2009-10-23 15:28 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2011-01-27 23:25 . 2010-11-06 00:28 6075904 c:\windows\system32\dllcache\ieframe.dll
+ 2011-01-28 01:34 . 2010-05-04 17:16 1168384 c:\windows\ie7updates\KB2416400-IE7\urlmon.dll
+ 2011-01-28 01:34 . 2010-05-04 21:46 3600384 c:\windows\ie7updates\KB2416400-IE7\mshtml.dll
+ 2011-01-28 01:34 . 2010-05-04 17:15 6067200 c:\windows\ie7updates\KB2416400-IE7\ieframe.dll
+ 2011-01-27 23:18 . 2010-04-28 18:11 2193664 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2011-01-27 23:18 . 2010-02-17 13:05 2193664 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2011-01-27 23:18 . 2010-02-16 19:05 2028032 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2011-01-27 23:18 . 2010-04-28 05:41 2028032 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-02-10 18:02 . 2010-02-16 19:05 2070528 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-02-10 18:02 . 2010-04-28 05:41 2070528 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2011-01-27 23:18 . 2010-02-16 19:05 2149888 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2011-01-27 23:18 . 2010-04-28 05:41 2149888 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2007-01-03 09:54 . 2009-07-13 22:43 10841088 c:\windows\system32\wmp.dll
+ 2007-01-03 09:54 . 2010-08-25 22:36 10841088 c:\windows\system32\wmp.dll
- 2009-07-13 22:43 . 2009-07-13 22:43 10841088 c:\windows\system32\dllcache\wmp.dll
+ 2009-07-13 22:43 . 2010-08-25 22:36 10841088 c:\windows\system32\dllcache\wmp.dll
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-01-13 08:47 120712 ----a-w- c:\programmi\Alwil Software\Avast5\ashShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"avast5"="c:\programmi\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2010-11-06 124928]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 VIRAGTLT;VIRAGTLT;c:\windows\system32\drivers\VIRAGTLT.sys [30/11/2010 10.00.58 54520]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [28/01/2011 1.11.41 357968]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28/01/2011 0.12.48 294608]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [28/01/2011 1.56.52 18816]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28/01/2011 0.12.48 17744]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programmi\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [30/11/2010 16.20.18 1483072]
R2 viritsvclite;VirIT eXplorer Lite;c:\vexplite\VIRITSVC.EXE [20/07/2010 17.31.00 81920]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programmi\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [07/10/2010 12.34.32 10064]
S3 cpuz134;cpuz134;\??\c:\programmi\CPUID\PC Wizard 2010\pcwiz_x32.sys --> c:\programmi\CPUID\PC Wizard 2010\pcwiz_x32.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\8.tmp --> c:\windows\system32\8.tmp [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Scansione supplementare -------
.
FF - ProfilePath - c:\documents and settings\giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\2va5kkqy.default\
FF - prefs.js: browser.startup.homepage - www.virgilio.it
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: FoxTrick: {9d1f059c-cada-4111-9696-41a62d64e3ba} - %profile%\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programmi\Java\jre6\lib\deploy\jqs\ff
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-nwiz - nwiz.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-28 13:25
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\8.tmp"
.
Ora fine scansione: 2011-01-28 13:27:46
ComboFix-quarantined-files.txt 2011-01-28 12:27
ComboFix2.txt 2011-01-28 00:38

Pre-Run: 310.526.214.144 byte disponibili
Post-Run: 310.514.962.432 byte disponibili

- - End Of File - - 039EABF4374549BD60740E27684802C5

[Riverside]

Dal Report non vedo nessun rootkit (e nessuna eventuale infezione rimossa).

[anto0peppe]

ma qualcosa deve pur esserci ...puoi consigliarmi qualche tool per la rimozione??

sto eseguendo gmer per adesso

[Riverside]

ma qualcosa deve pur esserci ...puoi consigliarmi qualche tool per la rimozione??

Tool per rimuovere che cosa? ..... non si può rimuovere ciò che non esiste.

sto eseguendo gmer per adesso

[anto0peppe]

e allora perchè cmbofix mi dice che cè un rootkit all inizio?

[gahan]

Anto0beppe,

combofix non rileva alcun rootkit.

[anto0peppe]

per carità io credo alle tue parole ma mi spunta una finestra di combofix che mi dice il contrario

[anto0peppe]

per esempio adesso vit it ha trovato un virus nel mio pc ,

mi consigliate di fare una scansione all avvio con avast??

[Riverside]

per esempio adesso vit it ha trovato un virus nel mio pc

nome del virus?

[anto0peppe]

era un exe ed era un trojan

[Riverside]

era un exe ed era un trojan

Se era un .exe ........ da dove lo hai scaricato? ..... nome dell'exe?

[anto0peppe]

guarda adesso non posso dirtelo più perchè virit lo ha cancellato

però adesso sembra essersi stabilizzata la situazione