Goldselection
16-10-2011, 15:51
Parte 2 . . .
.
R0 70872952;70872952 Boot Guard Driver;c:\windows\system32\drivers\70872952.sys [20/02/2010 16.03.38 37392]
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bu s.sys [21/07/2008 14.38.12 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347pr t.sys [21/07/2008 14.38.12 5248]
R0 EnumProcessesDriver;EnumProcessesDriver;c:\windows \system32\drivers\EnumProcessesDriver.sys [20/02/2010 15.27.03 15888]
R0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBe have.sys [08/04/2011 19.46.56 40440]
R0 GDNdisIc;GDNdisIc;c:\windows\system32\drivers\GDNd isIc.sys [08/04/2011 19.46.59 30200]
R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [20/06/2008 12.30.38 212520]
R1 70872951;70872951;c:\windows\system32\drivers\7087 2951.sys [20/02/2010 16.03.38 128016]
R1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\Mini Icpt.sys [08/04/2011 19.46.56 79608]
R1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [08/04/2011 20.42.05 69112]
R1 HookCentre;HookCentre;c:\windows\system32\drivers\ HookCentre.sys [08/04/2011 19.47.23 39544]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sa sdifsv.sys [17/02/2010 11.25.50 12872]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SA SKUTIL.SYS [17/02/2010 11.15.58 66632]
R1 setup_9.0.0.722_20.02.2010_16-04drv;setup_9.0.0.722_20.02.2010_16-04drv;c:\windows\system32\drivers\7087295.sys [20/02/2010 16.03.38 315408]
R2 AVKProxy;Proxy G Data AntiVirus;c:\programmi\File comuni\G Data\AVKProxy\AVKProxy.exe [16/04/2010 13.10.56 1500168]
R2 AVKService;G Data Scheduler;c:\programmi\G Data\InternetSecurity\AVK\AVKService.exe [16/04/2010 13.10.58 464392]
R2 AVKWCtl;G Data Guardiano del file system;c:\programmi\G Data\InternetSecurity\AVK\AVKWCtl.exe [15/03/2010 11.24.00 1371904]
R2 GDFwSvc;G Data Personal Firewall;c:\programmi\G Data\InternetSecurity\Firewall\GDFwSvc.exe [16/04/2010 5.08.54 1613424]
R2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\syste m32\drivers\GDTdiIcpt.sys [08/04/2011 19.46.59 52216]
R3 GDScan;G Data Scanner;c:\programmi\File comuni\G Data\GDScan\GDScan.exe [22/04/2010 13.59.36 448008]
S1 RemoveAny;RemoveAny driver;c:\windows\system32\drivers\RemoveAny.sys [14/09/2010 19.04.46 11392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [18/03/2010 13.16.28 130384]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [03/12/2009 22.23.36 112640]
S3 gUSBSTOi;gUSBSTOi;\??\c:\docume~1\Fabio\IMPOST~1\T emp\gUSBSTOi.sys --> c:\docume~1\Fabio\IMPOST~1\Temp\gUSBSTOi.sys [?]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [15/05/2010 1.03.59 100736]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys --> c:\windows\system32\DRIVERS\ewusbfake.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASE NUM.SYS [17/02/2010 11.15.58 12872]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\documents and settings\Fabio\Documenti\My Completed Downloads\RealTemp_3.00\WinRing0.sys [04/01/2010 2.41.36 14416]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [02/03/2006 14.00.00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [18/03/2010 13.16.28 753504]
S4 amBX Engine;amBX Engine;c:\programmi\amBX\System\amBX_Engine.exe [22/12/2006 11.37.28 427008]
S4 amBX Service;amBX Service;c:\programmi\amBX\System\amBX_Service.exe [22/12/2006 11.35.14 66048]
S4 gupdate1c9f7cc6a072232;Servizio di Google Update (gupdate1c9f7cc6a072232);c:\programmi\Google\Updat e\GoogleUpdate.exe [28/06/2009 10.42.46 133104]
S4 Philips amBX USB HAL;Philips amBX USB HAL;c:\programmi\amBX\Device Drivers\Philips USB\Philips_amBX_USB_HAL.exe [18/04/2007 15.04.40 258048]
S4 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 20.19.58 13592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contenuto della cartella 'Scheduled Tasks'
.
2008-12-14 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B82162 05794.job
- c:\programmi\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]
.
2011-02-27 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-20 08:30]
.
2010-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb710 46a802242.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-06-28 08:42]
.
2010-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-06-28 08:42]
.
2010-11-23 c:\windows\Tasks\LifeChatTask.job
- c:\programmi\Microsoft LifeChat\LifeChat.exe [2009-09-28 11:48]
.
2010-01-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
2011-10-16 c:\windows\Tasks\RegistryBooster.job
- c:\programmi\Uniblue\RegistryBooster\rbmonitor.exe [2011-10-16 13:29]
.
2010-02-20 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programmi\Ask.com\UpdateTask.exe [2009-04-02 18:50]
.
2011-10-16 c:\windows\Tasks\User_Feed_Synchronization-{A3739E57-349A-4F2A-8FFC-9B6CF75162AD}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-MobileConnect - c:\programmi\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
AddRemove-Hospital - c:\windows\unin0410.exe
AddRemove-VV_Outloud_50_It_IT - c:\windows\IsUn0410.exe
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-16 15:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
************************************************** ************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\n pggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,67,d8,66 ,5d,1a,9a,a1,4f,9e,7f,04,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,67,d8,66 ,5d,1a,9a,a1,4f,9e,7f,04,\
.
[HKEY_USERS\S-1-5-21-448539723-1659004503-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:db,bb,41,cf,dc,24,fb,1a,7b,c7,70,47,44,ed,59, d4,13,ec,1f,cb,e1,c0,97,
fc,a1,d2,1e,06,b5,ba,30,9a,eb,e5,a7,11,6b,88,ea,81 ,b3,ff,93,6a,54,c4,7b,3c,\
"??"=hex:32,6d,d5,05,2b,ca,2a,01,87,0a,b0,e0,d8,87,26, f4
.
[HKEY_USERS\S-1-5-21-448539723-1659004503-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:80,a4,ae,80,2f,01,02,e8,b8,d3,3e,9b,dd,6e,f4, bc,84,84,1a,2e,32,
44,09,5f,53,b4,67,37,50,20,23,07,f4,d3,d9,19,74,a2 ,6c,92,5e,1c,2f,b6,7a,36,\
"rkeysecu"=hex:ae,1a,40,fa,f7,70,e5,54,4d,81,b7,10,c2,69,72, cb
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(652)
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2011-10-16 15:26:16
ComboFix-quarantined-files.txt 2011-10-16 13:26
ComboFix2.txt 2010-02-20 11:25
ComboFix3.txt 2010-02-17 11:43
.
Pre-Run: 291.745.976.320 byte disponibili
Post-Run: 291.931.529.216 byte disponibili
.
- - End Of File - - E2DEA0245355D2A1C9DEAC1FB109B6F3