johnfy
2008-08-21, 00:13
Hi. I need a great help. It's a lot of days that my latop doesn't work fine. After a blue flash the system reboot an frot that moment my internet link doesn't works as usually. It crashes some times or goes very slowly. I tried a lot of antivirus programs but they never found more than the regular troyan or spyware. They clean them but the problems be left. I think I got a rootkit.
Following is the Gmer log of today and the combofix log.
Please help me.
Greetings from Italy.
Gianni
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-08-20 22:56:15
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.14 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xA587F618]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xA587F4D4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xA587F9B2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xA587F0AC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xA587F5AE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xA587EFEC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xA587F050]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xA587F6CE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xA587F68E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xA587F80E]
---- Kernel code sections - GMER 1.0.14 ----
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS Impossibile trovare il file specificato. !
? C:\dfbr3\catchme.sys Impossibile trovare il percorso specificato. !
---- User IAT/EAT - GMER 1.0.14 ----
IAT C:\WINDOWS\system32\services.exe[988] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002
IAT C:\WINDOWS\system32\services.exe[988] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000
---- Devices - GMER 1.0.14 ----
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
---- Registry - GMER 1.0.14 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION D6FE9BDF75474A9DFB4BF9B601CC2C31BC15F53BF9738E78D1DF0902AC4574F034F895F0B668E697A4EB22141AEE7367C1B6213D5580C29C2DD951F41447B853C6B4A23A70BBA8E96D3532113DB416BA59CC55E7E8CC862B80C5B5C3E61867F88DD6F7C133A87DED67977869DD6069CD4737194AA818B729DC0F13703A9585ED0BF6EB9F5649B353A4F6666832EAA692CDC7FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74C5D575E7D6A3B9808C038D530D6EB34520F5C6AF5A60977CA9D829EF6F4FCE6589CD85B6E51D21F8FA3CD952DAA03651D3F1549FD5B5659266034CB36E81F53426EE2A41DDA40424B5F3F849D9909A87662C938C95F5A9E449A3BC036C2216B38671E6E143D9D2C6AC2C50DAFD87B85E2290A272D5DBCF04215DCD12491F08E43872508FD913B0B04287122ABADAF9C2566FA4AAEDF7702313C738FE6CC4C1B62F62588BB573E91A38EE578913ECF107511541607D8D80497226B55134EC7F5877EE147626F9FF4C619598A8F96D88580C7E147261B852EEDFAC53D7552CB88970BB0E23AA22CED610F98980E269DA86548045DADDF723D1F2019278DF992BF6D30FBBBBF98043B5ADA8121A5C043283877AF1BF4C4EA718E0F8DB810CBAD8BD7234277A3E11D1E8C0B086DA21CC
------------------------
ComboFix 08-08-17.01 - alicetuttoincluso 2008-08-20 18:50:41.2 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.351 [GMT 2:00]
Eseguito da: C:\Documents and Settings\alicetuttoincluso\Desktop\dfbr3.exe
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.
((((((((((((((((((((((((( Files Creati Da 2008-07-20 al 2008-08-20 )))))))))))))))))))))))))))))))))))
.
2008-08-20 18:39 . 2006-11-01 13:06 162,616 --a------ C:\RegDelNull.exe
2008-08-19 22:00 . 2008-08-19 22:00 <DIR> d-------- C:\Programmi\Sophos
2008-08-19 21:58 . 2008-08-19 22:00 10,569,766 --a------ C:\WINDOWS\system32\UKYSM
2008-08-19 17:10 . 2008-08-19 22:32 <DIR> d-------- C:\Programmi\AVIConverter
2008-08-18 15:36 . 2008-08-18 15:43 <DIR> d-------- C:\124456
2008-08-16 00:20 . 2008-08-16 00:21 <DIR> d-------- C:\Programmi\Security Task Manager
2008-08-13 17:36 . 2008-08-13 17:42 <DIR> d-------- C:\Programmi\ABC Amber LIT Converter
2008-08-13 17:21 . 2008-08-13 17:21 <DIR> d-------- C:\Programmi\PC TechZone
2008-08-11 21:06 . 2008-08-11 22:08 <DIR> d--hs---- C:\RECYCLER(5)
2008-08-11 19:08 . 2008-08-11 22:09 <DIR> d--hs---- C:\RECYCLER(4)
2008-08-09 12:30 . 2008-08-13 14:47 <DIR> d-------- C:\Programmi\Instant Photo Effects 2
2008-08-08 23:21 . 2008-08-08 23:21 <DIR> d-------- C:\WINDOWS\ERUNT
2008-08-08 23:18 . 2008-08-11 22:09 <DIR> d-------- C:\SDFix
2008-08-07 21:57 . 2008-08-11 22:10 <DIR> d-------- C:\Programmi\True Sword 5
2008-08-06 21:27 . 2008-08-11 22:10 <DIR> d-------- C:\Programmi\RogueRemover FREE
2008-08-03 23:27 . 2008-08-04 01:29 <DIR> d-------- C:\Programmi\EsetOnlineScanner
2008-08-03 21:36 . 2008-08-11 22:10 <DIR> d-------- C:\RECYCLER(3)
2008-07-31 19:58 . 2008-08-19 23:16 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-07-31 19:58 . 2008-07-31 19:58 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-07-31 19:58 . 2008-07-31 19:58 <DIR> d-------- C:\Documents and Settings\alicetuttoincluso\Dati applicazioni\Malwarebytes
2008-07-31 19:58 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-31 19:58 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-31 19:53 . 2008-08-18 00:01 66,048 --a------ C:\mbr.exe
2008-07-29 22:29 . 2008-07-29 22:29 <DIR> d-------- C:\fsaua.data
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-20 15:26 --------- d-----w C:\Programmi\eMule
2008-08-19 21:30 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\SecTaskMan
2008-08-19 21:07 999,815,200 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-19 20:33 11,713,796 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-18 21:05 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-08-18 20:43 --------- d-----w C:\Documents and Settings\alicetuttoincluso\Dati applicazioni\Registry Booster
2008-08-18 15:55 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Uniblue
2008-08-17 21:04 --------- d-----w C:\Programmi\File comuni\LightScribe
2008-08-13 12:21 --------- d-----w C:\Programmi\Coolstreaming_Tool-Bar_v1.0
2008-08-13 08:01 --------- d-----w C:\Documents and Settings\alicetuttoincluso\Dati applicazioni\Tyre
2008-08-12 22:13 --------- d-----w C:\Programmi\Uniblue
2008-08-12 22:13 --------- d-----w C:\Documents and Settings\alicetuttoincluso\Dati applicazioni\Uniblue
2008-08-12 10:29 --------- d-----w C:\Programmi\Spyware Doctor
2008-08-10 14:38 --------- d-----w C:\Programmi\CompeGPS
2008-07-31 20:07 --------- d-----w C:\Programmi\Light Artist
2008-07-31 20:07 --------- d-----w C:\Programmi\Jpeg Enhancer
2008-07-30 06:31 --------- d-----w C:\Programmi\Tyre
2008-07-30 06:31 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Tyre
2008-07-26 18:43 --------- d-----w C:\Programmi\FreePOPs
2008-07-11 19:26 --------- d-----w C:\Programmi\Sonic
2008-07-11 19:25 --------- d-----w C:\Documents and Settings\alicetuttoincluso\Dati applicazioni\SecondLife
2008-07-09 21:30 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-07-09 20:15 --------- d-----w C:\Documents and Settings\alicetuttoincluso\Dati applicazioni\PC Tools
2008-07-09 19:30 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-07-09 19:08 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-07-09 12:16 --------- d-----w C:\Programmi\ESET
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:31 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-07-06 21:04 --------- d-----w C:\Programmi\Cartoonist
2008-07-06 19:10 --------- d-----w C:\Programmi\ICE Mirror
2008-07-01 20:50 --------- d-----w C:\Programmi\SUPERAntiSpyware
2008-07-01 20:50 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-07-01 20:50 --------- d-----w C:\Documents and Settings\alicetuttoincluso\Dati applicazioni\SUPERAntiSpyware.com
2008-07-01 20:48 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2008-07-01 13:37 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Avira
2008-06-30 18:04 --------- d-----w C:\Programmi\XP TCPIP Repair
2008-06-28 09:02 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-06-28 08:36 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-06-26 13:48 49,536 ----a-w C:\WINDOWS\system32\VIRITXPK.SYS
2008-06-26 13:07 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\avg7
2008-06-24 20:22 --------- d-----w C:\Documents and Settings\alicetuttoincluso\Dati applicazioni\BSplayer PRO
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-23 14:57 --------- d-----w C:\Programmi\Panda Security
2008-06-23 13:06 --------- d-----w C:\Programmi\Java
2008-06-23 09:49 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2008-06-22 21:12 --------- d-----w C:\Documents and Settings\LocalService\Dati applicazioni\AdobeUM
2008-06-22 20:48 --------- d-----w C:\Programmi\Eusing Free Registry Cleaner
2008-06-22 12:04 --------- d-----w C:\Programmi\Kaspersky Lab
2008-06-22 11:58 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:39 247,296 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:39 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 218,240 2004-11-04 13:48:00 C:\Programmi\File comuni\Symantec Shared\Security Center\bak\UsrPrmpt.exe
-c--a-w 761,945 2005-11-10 18:04:00 C:\Programmi\Synaptics\SynTP\bak\SynTPEnh.exe
----a-w 774,233 2006-05-19 12:51:16 C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
-c--a-w 15,360 2004-08-19 08:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-19 13:00:00 C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:00 15360]
"WMPNSCFG"="C:\Programmi\Windows Media Player\WMPNSCFG.exe" [2006-11-02 23:56 204288]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 14:51 774233]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:00 15360]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2006-02-15 16:16:02 581693]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\DAP\\DAP.exe"=
"C:\\Programmi\\TerraTec\\TerraTec Home Cinema\\tvtvSetup\\tvtv_Wizard.exe"=
"C:\\Programmi\\TerraTec\\TerraTec Home Cinema\\CinergyDvr.exe"=
"C:\\Programmi\\TerraTec\\TerraTec Home Cinema\\CinergyDvrUpdate\\CinergyDVRUp_Date.exe"=
"C:\\Programmi\\TerraTec\\TerraTec Home Cinema\\CinergyDvrHelper.exe"=
"C:\\Programmi\\Joost\\xulrunner\\tvprunner.exe"=
"C:\\Programmi\\Mozilla Firefox\\firefox.exe"=
R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-03-17 19:23]
S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
S1 is-6TG2Mdrv;is-6TG2Mdrv;C:\WINDOWS\system32\drivers\07957230.sys [2008-03-05 11:41]
S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
S2 is-6TG2M;is-6TG2M;C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-6TG2M\is-6TG2M.exe []
S3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 12:29]
S3 SNDZVMOLYB;SNDZVMOLYB;C:\DOCUME~1\ALICET~1\IMPOST~1\Temp\SNDZVMOLYB.exe []
S3 TTCinergyT2;TerraTec Cinergy T² Driver (TTCinergyT2.sys);C:\WINDOWS\system32\Drivers\TTCinergyT2.sys [2004-09-29 13:24]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fe3712a-311c-11db-85cf-0016417ef8c1}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e8257e4-310d-11db-85c8-0016417ef8c1}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6199df8e-334f-11db-85e6-0014a5b5cab3}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0239ef8-495e-11db-94b6-0014a5e3ede8}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2be3630-3284-11db-85d7-0014a5b5cab3}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8a22842-328b-11db-85da-0014a5b5cab3}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
Contenuto della cartella 'Scheduled Tasks'
2008-08-15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe [2007-01-10 15:42]
2008-08-18 C:\WINDOWS\Tasks\Uniblue SpyEraser.job
- C:\Programmi\Uniblue\SpyEraser\SpyEraser.exe [2008-04-02 09:50]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\alicetuttoincluso\Dati applicazioni\Mozilla\Firefox\Profiles\93t5bhhc.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.it/
FF -: plugin - C:\Programmi\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Programmi\Java\jre1.5.0_14\bin\NPJava11.dll
FF -: plugin - C:\Programmi\Java\jre1.5.0_14\bin\NPJava12.dll
FF -: plugin - C:\Programmi\Java\jre1.5.0_14\bin\NPJava13.dll
FF -: plugin - C:\Programmi\Java\jre1.5.0_14\bin\NPJava14.dll
FF -: plugin - C:\Programmi\Java\jre1.5.0_14\bin\NPJava32.dll
FF -: plugin - C:\Programmi\Java\jre1.5.0_14\bin\NPJPI150_14.dll
FF -: plugin - C:\Programmi\Java\jre1.5.0_14\bin\NPOJI610.dll
FF -: plugin - C:\Programmi\Mozilla Firefox\plugins\npJoostPlugin.dll
FF -: plugin - C:\Programmi\Mozilla Firefox\plugins\npmozax.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-20 18:52:53
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-08-20 18:57:45
ComboFix-quarantined-files.txt 2008-08-20 16:57:34
ComboFix2.txt 2008-08-19 20:46:59
ComboFix3.txt 2008-08-18 13:43:43
ComboFix4.txt 2008-08-17 21:40:47
ComboFix5.txt 2008-08-20 16:50:30
Pre-Run: 26,023,575,552 byte disponibili
Post-Run: 26,010,947,584 byte disponibili
200 --- E O F --- 2008-08-13 20:21:17
-----------------------------------------------------
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
Do NOT run 'fixes' before helpers have analyzed the HJT log (http://forums.spybot.info/showthread.php?t=16806 )
Following is the Gmer log of today and the combofix log.
Please help me.
Greetings from Italy.
Gianni
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-08-20 22:56:15
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.14 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xA587F618]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xA587F4D4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xA587F9B2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xA587F0AC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xA587F5AE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xA587EFEC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xA587F050]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xA587F6CE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xA587F68E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xA587F80E]
---- Kernel code sections - GMER 1.0.14 ----
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS Impossibile trovare il file specificato. !
? C:\dfbr3\catchme.sys Impossibile trovare il percorso specificato. !
---- User IAT/EAT - GMER 1.0.14 ----
IAT C:\WINDOWS\system32\services.exe[988] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002
IAT C:\WINDOWS\system32\services.exe[988] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000
---- Devices - GMER 1.0.14 ----
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
---- Registry - GMER 1.0.14 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION D6FE9BDF75474A9DFB4BF9B601CC2C31BC15F53BF9738E78D1DF0902AC4574F034F895F0B668E697A4EB22141AEE7367C1B6213D5580C29C2DD951F41447B853C6B4A23A70BBA8E96D3532113DB416BA59CC55E7E8CC862B80C5B5C3E61867F88DD6F7C133A87DED67977869DD6069CD4737194AA818B729DC0F13703A9585ED0BF6EB9F5649B353A4F6666832EAA692CDC7FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74C5D575E7D6A3B9808C038D530D6EB34520F5C6AF5A60977CA9D829EF6F4FCE6589CD85B6E51D21F8FA3CD952DAA03651D3F1549FD5B5659266034CB36E81F53426EE2A41DDA40424B5F3F849D9909A87662C938C95F5A9E449A3BC036C2216B38671E6E143D9D2C6AC2C50DAFD87B85E2290A272D5DBCF04215DCD12491F08E43872508FD913B0B04287122ABADAF9C2566FA4AAEDF7702313C738FE6CC4C1B62F62588BB573E91A38EE578913ECF107511541607D8D80497226B55134EC7F5877EE147626F9FF4C619598A8F96D88580C7E147261B852EEDFAC53D7552CB88970BB0E23AA22CED610F98980E269DA86548045DADDF723D1F2019278DF992BF6D30FBBBBF98043B5ADA8121A5C043283877AF1BF4C4EA718E0F8DB810CBAD8BD7234277A3E11D1E8C0B086DA21CC
------------------------
ComboFix 08-08-17.01 - alicetuttoincluso 2008-08-20 18:50:41.2 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.351 [GMT 2:00]
Eseguito da: C:\Documents and Settings\alicetuttoincluso\Desktop\dfbr3.exe
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.
((((((((((((((((((((((((( Files Creati Da 2008-07-20 al 2008-08-20 )))))))))))))))))))))))))))))))))))
.
2008-08-20 18:39 . 2006-11-01 13:06 162,616 --a------ C:\RegDelNull.exe
2008-08-19 22:00 . 2008-08-19 22:00 <DIR> d-------- C:\Programmi\Sophos
2008-08-19 21:58 . 2008-08-19 22:00 10,569,766 --a------ C:\WINDOWS\system32\UKYSM
2008-08-19 17:10 . 2008-08-19 22:32 <DIR> d-------- C:\Programmi\AVIConverter
2008-08-18 15:36 . 2008-08-18 15:43 <DIR> d-------- C:\124456
2008-08-16 00:20 . 2008-08-16 00:21 <DIR> d-------- C:\Programmi\Security Task Manager
2008-08-13 17:36 . 2008-08-13 17:42 <DIR> d-------- C:\Programmi\ABC Amber LIT Converter
2008-08-13 17:21 . 2008-08-13 17:21 <DIR> d-------- C:\Programmi\PC TechZone
2008-08-11 21:06 . 2008-08-11 22:08 <DIR> d--hs---- C:\RECYCLER(5)
2008-08-11 19:08 . 2008-08-11 22:09 <DIR> d--hs---- C:\RECYCLER(4)
2008-08-09 12:30 . 2008-08-13 14:47 <DIR> d-------- C:\Programmi\Instant Photo Effects 2
2008-08-08 23:21 . 2008-08-08 23:21 <DIR> d-------- C:\WINDOWS\ERUNT
2008-08-08 23:18 . 2008-08-11 22:09 <DIR> d-------- C:\SDFix
2008-08-07 21:57 . 2008-08-11 22:10 <DIR> d-------- C:\Programmi\True Sword 5
2008-08-06 21:27 . 2008-08-11 22:10 <DIR> d-------- C:\Programmi\RogueRemover FREE
2008-08-03 23:27 . 2008-08-04 01:29 <DIR> d-------- C:\Programmi\EsetOnlineScanner
2008-08-03 21:36 . 2008-08-11 22:10 <DIR> d-------- C:\RECYCLER(3)
2008-07-31 19:58 . 2008-08-19 23:16 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-07-31 19:58 . 2008-07-31 19:58 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-07-31 19:58 . 2008-07-31 19:58 <DIR> d-------- C:\Documents and Settings\alicetuttoincluso\Dati applicazioni\Malwarebytes
2008-07-31 19:58 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-31 19:58 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-31 19:53 . 2008-08-18 00:01 66,048 --a------ C:\mbr.exe
2008-07-29 22:29 . 2008-07-29 22:29 <DIR> d-------- C:\fsaua.data
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-20 15:26 --------- d-----w C:\Programmi\eMule
2008-08-19 21:30 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\SecTaskMan
2008-08-19 21:07 999,815,200 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-19 20:33 11,713,796 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-18 21:05 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-08-18 20:43 --------- d-----w C:\Documents and Settings\alicetuttoincluso\Dati applicazioni\Registry Booster
2008-08-18 15:55 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Uniblue
2008-08-17 21:04 --------- d-----w C:\Programmi\File comuni\LightScribe
2008-08-13 12:21 --------- d-----w C:\Programmi\Coolstreaming_Tool-Bar_v1.0
2008-08-13 08:01 --------- d-----w C:\Documents and Settings\alicetuttoincluso\Dati applicazioni\Tyre
2008-08-12 22:13 --------- d-----w C:\Programmi\Uniblue
2008-08-12 22:13 --------- d-----w C:\Documents and Settings\alicetuttoincluso\Dati applicazioni\Uniblue
2008-08-12 10:29 --------- d-----w C:\Programmi\Spyware Doctor
2008-08-10 14:38 --------- d-----w C:\Programmi\CompeGPS
2008-07-31 20:07 --------- d-----w C:\Programmi\Light Artist
2008-07-31 20:07 --------- d-----w C:\Programmi\Jpeg Enhancer
2008-07-30 06:31 --------- d-----w C:\Programmi\Tyre
2008-07-30 06:31 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Tyre
2008-07-26 18:43 --------- d-----w C:\Programmi\FreePOPs
2008-07-11 19:26 --------- d-----w C:\Programmi\Sonic
2008-07-11 19:25 --------- d-----w C:\Documents and Settings\alicetuttoincluso\Dati applicazioni\SecondLife
2008-07-09 21:30 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-07-09 20:15 --------- d-----w C:\Documents and Settings\alicetuttoincluso\Dati applicazioni\PC Tools
2008-07-09 19:30 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-07-09 19:08 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-07-09 12:16 --------- d-----w C:\Programmi\ESET
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:31 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-07-06 21:04 --------- d-----w C:\Programmi\Cartoonist
2008-07-06 19:10 --------- d-----w C:\Programmi\ICE Mirror
2008-07-01 20:50 --------- d-----w C:\Programmi\SUPERAntiSpyware
2008-07-01 20:50 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-07-01 20:50 --------- d-----w C:\Documents and Settings\alicetuttoincluso\Dati applicazioni\SUPERAntiSpyware.com
2008-07-01 20:48 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2008-07-01 13:37 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Avira
2008-06-30 18:04 --------- d-----w C:\Programmi\XP TCPIP Repair
2008-06-28 09:02 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-06-28 08:36 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-06-26 13:48 49,536 ----a-w C:\WINDOWS\system32\VIRITXPK.SYS
2008-06-26 13:07 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\avg7
2008-06-24 20:22 --------- d-----w C:\Documents and Settings\alicetuttoincluso\Dati applicazioni\BSplayer PRO
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-23 14:57 --------- d-----w C:\Programmi\Panda Security
2008-06-23 13:06 --------- d-----w C:\Programmi\Java
2008-06-23 09:49 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2008-06-22 21:12 --------- d-----w C:\Documents and Settings\LocalService\Dati applicazioni\AdobeUM
2008-06-22 20:48 --------- d-----w C:\Programmi\Eusing Free Registry Cleaner
2008-06-22 12:04 --------- d-----w C:\Programmi\Kaspersky Lab
2008-06-22 11:58 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:39 247,296 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:39 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 218,240 2004-11-04 13:48:00 C:\Programmi\File comuni\Symantec Shared\Security Center\bak\UsrPrmpt.exe
-c--a-w 761,945 2005-11-10 18:04:00 C:\Programmi\Synaptics\SynTP\bak\SynTPEnh.exe
----a-w 774,233 2006-05-19 12:51:16 C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
-c--a-w 15,360 2004-08-19 08:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-19 13:00:00 C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:00 15360]
"WMPNSCFG"="C:\Programmi\Windows Media Player\WMPNSCFG.exe" [2006-11-02 23:56 204288]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 14:51 774233]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:00 15360]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2006-02-15 16:16:02 581693]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\DAP\\DAP.exe"=
"C:\\Programmi\\TerraTec\\TerraTec Home Cinema\\tvtvSetup\\tvtv_Wizard.exe"=
"C:\\Programmi\\TerraTec\\TerraTec Home Cinema\\CinergyDvr.exe"=
"C:\\Programmi\\TerraTec\\TerraTec Home Cinema\\CinergyDvrUpdate\\CinergyDVRUp_Date.exe"=
"C:\\Programmi\\TerraTec\\TerraTec Home Cinema\\CinergyDvrHelper.exe"=
"C:\\Programmi\\Joost\\xulrunner\\tvprunner.exe"=
"C:\\Programmi\\Mozilla Firefox\\firefox.exe"=
R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-03-17 19:23]
S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
S1 is-6TG2Mdrv;is-6TG2Mdrv;C:\WINDOWS\system32\drivers\07957230.sys [2008-03-05 11:41]
S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
S2 is-6TG2M;is-6TG2M;C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-6TG2M\is-6TG2M.exe []
S3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 12:29]
S3 SNDZVMOLYB;SNDZVMOLYB;C:\DOCUME~1\ALICET~1\IMPOST~1\Temp\SNDZVMOLYB.exe []
S3 TTCinergyT2;TerraTec Cinergy T² Driver (TTCinergyT2.sys);C:\WINDOWS\system32\Drivers\TTCinergyT2.sys [2004-09-29 13:24]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fe3712a-311c-11db-85cf-0016417ef8c1}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e8257e4-310d-11db-85c8-0016417ef8c1}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6199df8e-334f-11db-85e6-0014a5b5cab3}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0239ef8-495e-11db-94b6-0014a5e3ede8}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2be3630-3284-11db-85d7-0014a5b5cab3}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8a22842-328b-11db-85da-0014a5b5cab3}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
Contenuto della cartella 'Scheduled Tasks'
2008-08-15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe [2007-01-10 15:42]
2008-08-18 C:\WINDOWS\Tasks\Uniblue SpyEraser.job
- C:\Programmi\Uniblue\SpyEraser\SpyEraser.exe [2008-04-02 09:50]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\alicetuttoincluso\Dati applicazioni\Mozilla\Firefox\Profiles\93t5bhhc.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.it/
FF -: plugin - C:\Programmi\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Programmi\Java\jre1.5.0_14\bin\NPJava11.dll
FF -: plugin - C:\Programmi\Java\jre1.5.0_14\bin\NPJava12.dll
FF -: plugin - C:\Programmi\Java\jre1.5.0_14\bin\NPJava13.dll
FF -: plugin - C:\Programmi\Java\jre1.5.0_14\bin\NPJava14.dll
FF -: plugin - C:\Programmi\Java\jre1.5.0_14\bin\NPJava32.dll
FF -: plugin - C:\Programmi\Java\jre1.5.0_14\bin\NPJPI150_14.dll
FF -: plugin - C:\Programmi\Java\jre1.5.0_14\bin\NPOJI610.dll
FF -: plugin - C:\Programmi\Mozilla Firefox\plugins\npJoostPlugin.dll
FF -: plugin - C:\Programmi\Mozilla Firefox\plugins\npmozax.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-20 18:52:53
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-08-20 18:57:45
ComboFix-quarantined-files.txt 2008-08-20 16:57:34
ComboFix2.txt 2008-08-19 20:46:59
ComboFix3.txt 2008-08-18 13:43:43
ComboFix4.txt 2008-08-17 21:40:47
ComboFix5.txt 2008-08-20 16:50:30
Pre-Run: 26,023,575,552 byte disponibili
Post-Run: 26,010,947,584 byte disponibili
200 --- E O F --- 2008-08-13 20:21:17
-----------------------------------------------------
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
Do NOT run 'fixes' before helpers have analyzed the HJT log (http://forums.spybot.info/showthread.php?t=16806 )