ComboFix 11-05-23.02 - Administrator 23/05/2011 22.29.30.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1023.692 [GMT 2:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\Antivirus\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\HelpAssistant\WINDOWS
.
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Creati Da 2011-04-23 al 2011-05-23 )))))))))))))))))))))))))))))))))))
.
.
2011-05-23 20:15 . 2011-05-23 20:16 -------- d-----w- C:\32788R22FWJFW
2011-05-23 18:31 . 2011-05-23 18:31 89088 ----a-w- C:\mbr.exe
2011-05-20 16:17 . 2011-05-20 16:17 472808 ----a-w- c:\programmi\Mozilla Firefox\plugins\npdeployJava1.dll
2011-05-20 16:17 . 2011-05-20 16:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-19 17:24 . 2011-05-19 19:23 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2011-05-19 17:22 . 2006-06-19 10:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2011-05-19 17:22 . 2006-05-25 12:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2011-05-19 17:22 . 2005-08-25 22:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2011-05-19 17:22 . 2003-02-02 17:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2011-05-19 17:22 . 2002-03-05 22:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2011-05-19 17:22 . 2011-05-19 17:22 -------- d-----w- c:\programmi\Trojan Remover
2011-05-19 17:22 . 2011-05-19 17:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Simply Super Software
2011-05-19 17:22 . 2011-05-19 17:22 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Simply Super Software
2011-05-15 16:36 . 2008-04-13 17:13 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2011-05-15 16:35 . 2006-12-28 10:01 19569 ----a-w- c:\windows\002857_.tmp
2011-05-15 15:58 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-15 15:57 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-05-15 15:57 . 2011-05-15 15:57 -------- d-----w- c:\programmi\AVAST Software
2011-05-15 15:57 . 2011-05-15 15:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AVAST Software
2011-05-15 08:25 . 2011-05-23 18:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-04-29 10:52 . 2011-05-04 17:24 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Gisyix
2011-04-29 10:52 . 2011-05-02 17:52 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Bybuu
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-20 16:17 . 2007-11-02 14:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-10 12:10 . 2007-09-10 15:46 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2008-04-02 15:26 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2007-09-10 15:46 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 12:02 . 2007-09-10 15:46 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-10 12:02 . 2007-09-10 15:46 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-10 11:59 . 2007-09-10 15:46 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2007-09-10 15:46 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-10 11:59 . 2008-04-02 15:26 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2007-10-24 20:36 . 2007-10-24 20:34 23876904 ----a-w- c:\programmi\SkypeSetup.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\programmi\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-22 68856]
"BitTorrent DNA"="c:\programmi\DNA\btdna.exe" [2010-12-15 323392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16116224]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"AVFX Engine"="c:\programmi\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-08-15 24576]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"avast"="c:\programmi\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
"TrojanScanner"="c:\programmi\Trojan Remover\Trjscan.exe" [2010-11-24 1233856]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 11:41 294912 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Hamachi\\hamachi.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\SightSpeed\\SightSpeed.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5311:TCP"= 5311:TCP:messenger
"5283:TCP"= 5283:TCP:messenger
"3389:TCP"= 3389:TCP:Remote Desktop
"24557:UDP"= 24557:UDP:eMule_UDP
"24547:TCP"= 24547:TCP:eMule_TCP
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [15/05/2011 17.58.13 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [02/04/2008 17.26.53 307928]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [29/02/2008 17.03.48 8944]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [29/02/2008 17.03.46 51440]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [02/04/2008 17.26.53 19544]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [06/02/2010 23.14.17 135664]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [06/02/2010 23.14.17 135664]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [16/02/2006 17.51.08 4096]
S3 VF0270Dev;Live! Cam Optia;c:\windows\system32\drivers\V0270Dev.sys [21/10/2007 12.44.14 221152]
S3 VF0270Vfx;VF0270 Video FX;c:\windows\system32\drivers\V0270Vfx.sys [21/10/2007 12.44.14 6912]
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-05-23 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-22 16:57]
.
2011-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-06 21:14]
.
2011-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-06 21:14]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.libero.it/uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\44boro8x.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.libero.it/FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep:
wrc@avast.com - c:\programmi\AVAST Software\Avast\WebRep\FF
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-05-23 22:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
.
C:\## aswSnx private storage
.
Scansione completata con successo
Files nascosti: 1
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(720)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2011-05-23 22:57:48
ComboFix-quarantined-files.txt 2011-05-23 20:57
.
Pre-Run: 22.331.863.040 byte disponibili
Post-Run: 22.519.529.472 byte disponibili
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - B465A6960FA05B88A6B3C6788FDD3170