Results 1 to 2 of 2

Thread: Help me! I got a rootkit?

  1. #1
    Junior Member
    Join Date
    Aug 2008
    Posts
    1

    Default Help me! I got a rootkit?

    Hi. I need a great help. It's a lot of days that my latop doesn't work fine. After a blue flash the system reboot an frot that moment my internet link doesn't works as usually. It crashes some times or goes very slowly. I tried a lot of antivirus programs but they never found more than the regular troyan or spyware. They clean them but the problems be left. I think I got a rootkit.
    Following is the Gmer log of today and the combofix log.
    Please help me.
    Greetings from Italy.
    Gianni
    GMER 1.0.14.14536 - http://www.gmer.net
    Rootkit scan 2008-08-20 22:56:15
    Windows 5.1.2600 Service Pack 2


    ---- System - GMER 1.0.14 ----

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xA587F618]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xA587F4D4]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xA587F9B2]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xA587F0AC]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xA587F5AE]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xA587EFEC]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xA587F050]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xA587F6CE]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xA587F68E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xA587F80E]

    ---- Kernel code sections - GMER 1.0.14 ----

    ? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS Impossibile trovare il file specificato. !
    ? C:\dfbr3\catchme.sys Impossibile trovare il percorso specificato. !

    ---- User IAT/EAT - GMER 1.0.14 ----

    IAT C:\WINDOWS\system32\services.exe[988] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002
    IAT C:\WINDOWS\system32\services.exe[988] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000

    ---- Devices - GMER 1.0.14 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

    ---- Registry - GMER 1.0.14 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION D6FE9BDF75474A9DFB4BF9B601CC2C31BC15F53BF9738E78D1DF0902AC4574F034F895F0B668E697A4EB22141AEE7367C1B6213D5580C29C2DD951F41447B853C6B4A23A70BBA8E96D3532113DB416BA59CC55E7E8CC862B80C5B5C3E61867F88DD6F7C133A87DED67977869DD6069CD4737194AA818B729DC0F13703A9585ED0BF6EB9F5649B353A4F6666832EAA692CDC7FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74C5D575E7D6A3B9808C038D530D6EB34520F5C6AF5A60977CA9D829EF6F4FCE6589CD85B6E51D21F8FA3CD952DAA03651D3F1549FD5B5659266034CB36E81F53426EE2A41DDA40424B5F3F849D9909A87662C938C95F5A9E449A3BC036C2216B38671E6E143D9D2C6AC2C50DAFD87B85E2290A272D5DBCF04215DCD12491F08E43872508FD913B0B04287122ABADAF9C2566FA4AAEDF7702313C738FE6CC4C1B62F62588BB573E91A38EE578913ECF107511541607D8D80497226B55134EC7F5877EE147626F9FF4C619598A8F96D88580C7E147261B852EEDFAC53D7552CB88970BB0E23AA22CED610F98980E269DA86548045DADDF723D1F2019278DF992BF6D30FBBBBF98043B5ADA8121A5C043283877AF1BF4C4EA718E0F8DB810CBAD8BD7234277A3E11D1E8C0B086DA21CC

    ------------------------

    ComboFix 08-08-17.01 - alicetuttoincluso 2008-08-20 18:50:41.2 - NTFSx86 MINIMAL
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.351 [GMT 2:00]
    Eseguito da: C:\Documents and Settings\alicetuttoincluso\Desktop\dfbr3.exe

    ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
    .

    ((((((((((((((((((((((((( Files Creati Da 2008-07-20 al 2008-08-20 )))))))))))))))))))))))))))))))))))
    .

    2008-08-20 18:39 . 2006-11-01 13:06 162,616 --a------ C:\RegDelNull.exe
    2008-08-19 22:00 . 2008-08-19 22:00 <DIR> d-------- C:\Programmi\Sophos
    2008-08-19 21:58 . 2008-08-19 22:00 10,569,766 --a------ C:\WINDOWS\system32\UKYSM
    2008-08-19 17:10 . 2008-08-19 22:32 <DIR> d-------- C:\Programmi\AVIConverter
    2008-08-18 15:36 . 2008-08-18 15:43 <DIR> d-------- C:\124456
    2008-08-16 00:20 . 2008-08-16 00:21 <DIR> d-------- C:\Programmi\Security Task Manager
    2008-08-13 17:36 . 2008-08-13 17:42 <DIR> d-------- C:\Programmi\ABC Amber LIT Converter
    2008-08-13 17:21 . 2008-08-13 17:21 <DIR> d-------- C:\Programmi\PC TechZone
    2008-08-11 21:06 . 2008-08-11 22:08 <DIR> d--hs---- C:\RECYCLER(5)
    2008-08-11 19:08 . 2008-08-11 22:09 <DIR> d--hs---- C:\RECYCLER(4)
    2008-08-09 12:30 . 2008-08-13 14:47 <DIR> d-------- C:\Programmi\Instant Photo Effects 2
    2008-08-08 23:21 . 2008-08-08 23:21 <DIR> d-------- C:\WINDOWS\ERUNT
    2008-08-08 23:18 . 2008-08-11 22:09 <DIR> d-------- C:\SDFix
    2008-08-07 21:57 . 2008-08-11 22:10 <DIR> d-------- C:\Programmi\True Sword 5
    2008-08-06 21:27 . 2008-08-11 22:10 <DIR> d-------- C:\Programmi\RogueRemover FREE
    2008-08-03 23:27 . 2008-08-04 01:29 <DIR> d-------- C:\Programmi\EsetOnlineScanner
    2008-08-03 21:36 . 2008-08-11 22:10 <DIR> d-------- C:\RECYCLER(3)
    2008-07-31 19:58 . 2008-08-19 23:16 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
    2008-07-31 19:58 . 2008-07-31 19:58 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
    2008-07-31 19:58 . 2008-07-31 19:58 <DIR> d-------- C:\Documents and Settings\alicetuttoincluso\Dati applicazioni\Malwarebytes
    2008-07-31 19:58 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-07-31 19:58 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-07-31 19:53 . 2008-08-18 00:01 66,048 --a------ C:\mbr.exe
    2008-07-29 22:29 . 2008-07-29 22:29 <DIR> d-------- C:\fsaua.data

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-20 15:26 --------- d-----w C:\Programmi\eMule
    2008-08-19 21:30 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\SecTaskMan
    2008-08-19 21:07 999,815,200 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
    2008-08-19 20:33 11,713,796 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
    2008-08-18 21:05 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
    2008-08-18 20:43 --------- d-----w C:\Documents and Settings\alicetuttoincluso\Dati applicazioni\Registry Booster
    2008-08-18 15:55 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Uniblue
    2008-08-17 21:04 --------- d-----w C:\Programmi\File comuni\LightScribe
    2008-08-13 12:21 --------- d-----w C:\Programmi\Coolstreaming_Tool-Bar_v1.0
    2008-08-13 08:01 --------- d-----w C:\Documents and Settings\alicetuttoincluso\Dati applicazioni\Tyre
    2008-08-12 22:13 --------- d-----w C:\Programmi\Uniblue
    2008-08-12 22:13 --------- d-----w C:\Documents and Settings\alicetuttoincluso\Dati applicazioni\Uniblue
    2008-08-12 10:29 --------- d-----w C:\Programmi\Spyware Doctor
    2008-08-10 14:38 --------- d-----w C:\Programmi\CompeGPS
    2008-07-31 20:07 --------- d-----w C:\Programmi\Light Artist
    2008-07-31 20:07 --------- d-----w C:\Programmi\Jpeg Enhancer
    2008-07-30 06:31 --------- d-----w C:\Programmi\Tyre
    2008-07-30 06:31 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Tyre
    2008-07-26 18:43 --------- d-----w C:\Programmi\FreePOPs
    2008-07-11 19:26 --------- d-----w C:\Programmi\Sonic
    2008-07-11 19:25 --------- d-----w C:\Documents and Settings\alicetuttoincluso\Dati applicazioni\SecondLife
    2008-07-09 21:30 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
    2008-07-09 20:15 --------- d-----w C:\Documents and Settings\alicetuttoincluso\Dati applicazioni\PC Tools
    2008-07-09 19:30 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
    2008-07-09 19:08 --------- d-----w C:\Programmi\Spybot - Search & Destroy
    2008-07-09 12:16 --------- d-----w C:\Programmi\ESET
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-07-07 20:31 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
    2008-07-06 21:04 --------- d-----w C:\Programmi\Cartoonist
    2008-07-06 19:10 --------- d-----w C:\Programmi\ICE Mirror
    2008-07-01 20:50 --------- d-----w C:\Programmi\SUPERAntiSpyware
    2008-07-01 20:50 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
    2008-07-01 20:50 --------- d-----w C:\Documents and Settings\alicetuttoincluso\Dati applicazioni\SUPERAntiSpyware.com
    2008-07-01 20:48 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
    2008-07-01 13:37 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Avira
    2008-06-30 18:04 --------- d-----w C:\Programmi\XP TCPIP Repair
    2008-06-28 09:02 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
    2008-06-28 08:36 --------- d--h--w C:\Programmi\InstallShield Installation Information
    2008-06-26 13:48 49,536 ----a-w C:\WINDOWS\system32\VIRITXPK.SYS
    2008-06-26 13:07 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\avg7
    2008-06-24 20:22 --------- d-----w C:\Documents and Settings\alicetuttoincluso\Dati applicazioni\BSplayer PRO
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
    2008-06-23 14:57 --------- d-----w C:\Programmi\Panda Security
    2008-06-23 13:06 --------- d-----w C:\Programmi\Java
    2008-06-23 09:49 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
    2008-06-22 21:12 --------- d-----w C:\Documents and Settings\LocalService\Dati applicazioni\AdobeUM
    2008-06-22 20:48 --------- d-----w C:\Programmi\Eusing Free Registry Cleaner
    2008-06-22 12:04 --------- d-----w C:\Programmi\Kaspersky Lab
    2008-06-22 11:58 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
    2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 17:39 247,296 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
    2008-06-20 17:39 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
    2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
    .

    ((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    -c--a-w 218,240 2004-11-04 13:48:00 C:\Programmi\File comuni\Symantec Shared\Security Center\bak\UsrPrmpt.exe

    -c--a-w 761,945 2005-11-10 18:04:00 C:\Programmi\Synaptics\SynTP\bak\SynTPEnh.exe
    ----a-w 774,233 2006-05-19 12:51:16 C:\Programmi\Synaptics\SynTP\SynTPEnh.exe

    -c--a-w 15,360 2004-08-19 08:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
    ----a-w 15,360 2004-08-19 13:00:00 C:\WINDOWS\system32\ctfmon.exe

    .
    ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* i valori vuoti & legittimi/default non sono visualizzati.

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:00 15360]
    "WMPNSCFG"="C:\Programmi\Windows Media Player\WMPNSCFG.exe" [2006-11-02 23:56 204288]
    "SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 14:51 774233]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:00 15360]

    C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
    BTTray.lnk - C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2006-02-15 16:16:02 581693]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2007-04-19 13:41 294912 C:\Programmi\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
    [BU]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
    @="Driver"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Programmi\\eMule\\emule.exe"=
    "C:\\Programmi\\DAP\\DAP.exe"=
    "C:\\Programmi\\TerraTec\\TerraTec Home Cinema\\tvtvSetup\\tvtv_Wizard.exe"=
    "C:\\Programmi\\TerraTec\\TerraTec Home Cinema\\CinergyDvr.exe"=
    "C:\\Programmi\\TerraTec\\TerraTec Home Cinema\\CinergyDvrUpdate\\CinergyDVRUp_Date.exe"=
    "C:\\Programmi\\TerraTec\\TerraTec Home Cinema\\CinergyDvrHelper.exe"=
    "C:\\Programmi\\Joost\\xulrunner\\tvprunner.exe"=
    "C:\\Programmi\\Mozilla Firefox\\firefox.exe"=

    R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-03-17 19:23]
    S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
    S1 is-6TG2Mdrv;is-6TG2Mdrv;C:\WINDOWS\system32\drivers\07957230.sys [2008-03-05 11:41]
    S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
    S2 is-6TG2M;is-6TG2M;C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-6TG2M\is-6TG2M.exe []
    S3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 12:29]
    S3 SNDZVMOLYB;SNDZVMOLYB;C:\DOCUME~1\ALICET~1\IMPOST~1\Temp\SNDZVMOLYB.exe []
    S3 TTCinergyT2;TerraTec Cinergy T² Driver (TTCinergyT2.sys);C:\WINDOWS\system32\Drivers\TTCinergyT2.sys [2004-09-29 13:24]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fe3712a-311c-11db-85cf-0016417ef8c1}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e8257e4-310d-11db-85c8-0016417ef8c1}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6199df8e-334f-11db-85e6-0014a5b5cab3}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0239ef8-495e-11db-94b6-0014a5e3ede8}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2be3630-3284-11db-85d7-0014a5b5cab3}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8a22842-328b-11db-85da-0014a5b5cab3}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
    .
    Contenuto della cartella 'Scheduled Tasks'

    2008-08-15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Programmi\Apple Software Update\SoftwareUpdate.exe [2007-01-10 15:42]

    2008-08-18 C:\WINDOWS\Tasks\Uniblue SpyEraser.job
    - C:\Programmi\Uniblue\SpyEraser\SpyEraser.exe [2008-04-02 09:50]
    .
    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\alicetuttoincluso\Dati applicazioni\Mozilla\Firefox\Profiles\93t5bhhc.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.it/
    FF -: plugin - C:\Programmi\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
    FF -: plugin - C:\Programmi\Java\jre1.5.0_14\bin\NPJava11.dll
    FF -: plugin - C:\Programmi\Java\jre1.5.0_14\bin\NPJava12.dll
    FF -: plugin - C:\Programmi\Java\jre1.5.0_14\bin\NPJava13.dll
    FF -: plugin - C:\Programmi\Java\jre1.5.0_14\bin\NPJava14.dll
    FF -: plugin - C:\Programmi\Java\jre1.5.0_14\bin\NPJava32.dll
    FF -: plugin - C:\Programmi\Java\jre1.5.0_14\bin\NPJPI150_14.dll
    FF -: plugin - C:\Programmi\Java\jre1.5.0_14\bin\NPOJI610.dll
    FF -: plugin - C:\Programmi\Mozilla Firefox\plugins\npJoostPlugin.dll
    FF -: plugin - C:\Programmi\Mozilla Firefox\plugins\npmozax.dll


    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-20 18:52:53
    Windows 5.1.2600 Service Pack 2 NTFS

    scansione processi nascosti ...

    scansione entrate autostart nascoste ...

    Scansione files nascosti ...

    Scansione completata con successo
    Files nascosti: 0

    **************************************************************************
    .
    Ora fine scansione: 2008-08-20 18:57:45
    ComboFix-quarantined-files.txt 2008-08-20 16:57:34
    ComboFix2.txt 2008-08-19 20:46:59
    ComboFix3.txt 2008-08-18 13:43:43
    ComboFix4.txt 2008-08-17 21:40:47
    ComboFix5.txt 2008-08-20 16:50:30

    Pre-Run: 26,023,575,552 byte disponibili
    Post-Run: 26,010,947,584 byte disponibili

    200 --- E O F --- 2008-08-13 20:21:17

    -----------------------------------------------------
    "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

    Do NOT run 'fixes' before helpers have analyzed the HJT log
    Last edited by tashi; 2008-08-21 at 00:29. Reason: moved from Spybot-S&D support, added links

  2. #2
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,252

    Default

    Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
    "BEFORE you POST" (READ this Procedure before Requesting Assistance)
    http://forums.spybot.info/showthread.php?t=288
    All advice given is taken at your own risk.
    Please make sure you have read this information so we are on the same page.

    The Waiting Room
    http://forums.spybot.info/forumdisplay.php?f=37

    Do NOT run 'FIXES' before helpers have analyzed the HJT log
    http://forums.spybot.info/showthread.php?t=16806

    If you still have malware issues, and will take the time to read the instructions posted above and pinned (sticky) to the top of this form, and then post the required HJT log with some information about your malware problem, I will take a look.

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •