PDA

Visualizza la versione completa : Log Hijackthis


 
Goldselection
16-10-2011, 12:25
Gent.mi ho provveduto a spulciare e togliere robaccia con Hijackthis nonostante abbia G Data Internet Security 2012 dal mio pc, ma non riesco a togliere il seguente :

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

idee al riguardo ?

Ho disistallato i programmi che avviavano il gameguard come METIN 2 ed LINEAGE 2..

Per toglierlo di torno ?

Saluti e grazie..


Fabio da Bologna

menatwork
16-10-2011, 13:10
ciao puoi postare il log completo?

Goldselection
16-10-2011, 13:55
Certo, nessun file sospetto riscontrato con Gdata IS 2012, Malwarebytes ed Superantispyware :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.52.20, on 16/10/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\G Data\GDScan\GDScan.exe
C:\Programmi\G Data\InternetSecurity\AVK\AVKWCtl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\G Data\AVKProxy\AVKProxy.exe
C:\Programmi\G Data\InternetSecurity\AVK\AVKService.exe
C:\Programmi\G Data\InternetSecurity\Firewall\GDFwSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Programmi\G Data\InternetSecurity\AVKTray\AVKTray.exe
C:\Programmi\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Programmi\3 Internet\3 Internet.exe
C:\Programmi\aMSN\bin\wish.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Fabio\Documenti\My Completed Downloads\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
O2 - BHO: G Data WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programmi\G Data\InternetSecurity\WebFilter\AvkWebIE.dll
O2 - BHO: G Data BankGuard - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Programmi\File comuni\G Data\AVKProxy\BanksafeBHO.dll
O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programmi\G Data\InternetSecurity\WebFilter\AvkWebIE.dll
O3 - Toolbar: Synthema - Traduzione - {627522C4-DD3F-4577-8EF8-C3305DFA2445} - C:\TRADUT~1\TR_IEX~1.DLL
O4 - HKLM\..\Run: [G Data AntiVirus Tray Application] C:\Programmi\G Data\InternetSecurity\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [GDFirewallTray] C:\Programmi\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1299004349593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1299794207312
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BDEECD2-2DAA-450D-B868-0A1DCF5C7D41}: NameServer = 62.13.169.93 62.13.169.92
O17 - HKLM\System\CS1\Services\Tcpip\..\{0BDEECD2-2DAA-450D-B868-0A1DCF5C7D41}: NameServer = 62.13.169.93 62.13.169.92
O23 - Service: Proxy G Data AntiVirus (AVKProxy) - G Data Software AG - C:\Programmi\File comuni\G Data\AVKProxy\AVKProxy.exe
O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Programmi\G Data\InternetSecurity\AVK\AVKService.exe
O23 - Service: G Data Guardiano del file system (AVKWCtl) - G Data Software AG - C:\Programmi\G Data\InternetSecurity\AVK\AVKWCtl.exe
O23 - Service: G Data Personal Firewall (GDFwSvc) - G Data Software AG - C:\Programmi\G Data\InternetSecurity\Firewall\GDFwSvc.exe
O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Programmi\File comuni\G Data\GDScan\GDScan.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

A mio parere è pulito il log tranne per il file missing che non riesco a togliere..

Fabio

menatwork
16-10-2011, 14:14
se vuoi rimuovere tutto quello che appartiene a GameGuard Service devi fare una scansione con combofix

c'e' questa riga sospetta tra l'altro che ho notato

O3 - Toolbar: Synthema - Traduzione - {627522C4-DD3F-4577-8EF8-C3305DFA2445} - C:\TRADUT~1\TR_IEX~1.DLL

non ti obbligo ad eseguire questa scansione ma e' un buon motivo per sbarazzarsi di GameGuard


scarica combofix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) sul desktop

alla richiesta se vuoi installare la recovery console clicca su NO

esegui ComboFix.exe

segui le instruzioni

finita la scansione portati in C:\ e copia/incolla, nella tua prossima risposta, il contenuto del file di testo Combofix.txt

Goldselection
16-10-2011, 14:23
Ottimo allora provvedo con combofix..

per quanto riguarda la riga sospetta, è affidabile, è un programma che utilizzo per la traduzione..

appena ho nuove ti aggiorno..

Fabio

Goldselection
16-10-2011, 15:51
Disattivato GData, ho eseguito COMBOFIX in modalità normale, ecco la prima parte del log :

Parte 1...

ComboFix 11-10-15.04 - Fabio 16/10/2011 14.50.11.3.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.3070.2486 [GMT 2:00]
Eseguito da: c:\documents and settings\Fabio\Desktop\ComboFix.exe
AV: G Data InternetSecurity 2012 *Disabled/Updated* {71310606-6F3B-49F2-9A81-8315AA75FBB3}
FW: G Data Personal Firewall *Disabled* {6E6F4BA6-C07D-443F-A130-0A57DA59A082}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
c:\documents and settings\Fabio\Documenti\~WRL0424.tmp
c:\documents and settings\Fabio\Documenti\~WRL0848.tmp
c:\documents and settings\Fabio\Documenti\~WRL1869.tmp
c:\documents and settings\Fabio\Documenti\~WRL1893.tmp
c:\documents and settings\Fabio\WINDOWS
c:\programmi\Internet Explorer\SET19B.tmp
c:\programmi\Internet Explorer\SET19C.tmp
c:\windows\daemon.dll
c:\windows\IsUn0410.exe
c:\windows\system32\d3d9caps.dat
c:\windows\unin0410.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2011-09-16 al 2011-10-16 )))))))))))))))))))))))))))))))))))
.
.
2011-10-16 09:27 . 2011-10-16 09:27 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-10-16 09:26 . 2011-10-16 09:26 -------- d-----w- c:\documents and settings\Fabio\Impostazioni locali\Dati applicazioni\PackageAware
2011-10-11 12:01 . 2011-10-16 09:07 431299 ----a-w- c:\windows\system32\sig.bin
2011-10-11 07:52 . 2011-09-22 06:35 2056200 ----a-w- c:\windows\system32\GdScrSv.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2011-10-11 08:03 . 2011-04-08 18:42 69112 ----a-w- c:\windows\system32\drivers\GRD.sys
2011-10-11 07:52 . 2011-04-08 17:47 39544 ----a-w- c:\windows\system32\drivers\HookCentre.sys
2011-10-11 07:52 . 2011-04-08 17:46 52216 ----a-w- c:\windows\system32\drivers\GDTdiIcpt.sys
2011-10-11 07:52 . 2011-04-08 17:46 30200 ----a-w- c:\windows\system32\drivers\GDNdisIc.sys
2011-10-11 07:52 . 2011-04-08 17:46 79608 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2011-10-11 07:52 . 2011-04-08 17:46 40440 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2011-10-03 19:57 . 2011-05-15 07:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-09 09:12 . 2006-03-02 12:00 603136 ----a-w- c:\windows\system32\crypt32.dll
2011-08-31 15:00 . 2010-01-08 20:55 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2004-10-01 13:00 . 2008-06-20 12:39 40960 ----a-w- c:\programmi\Uninstall_CDS.exe
2007-08-24 19:52 . 2008-07-20 20:05 300400 ----a-w- c:\programmi\mozilla firefox\components\coFFPlgn.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BA3295CF-17ED-4F49-9E95-D999A0ADBFDC}]
2011-08-10 14:31 52216 ----a-w- c:\programmi\File comuni\G Data\AVKProxy\BanksafeBHO.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"G Data AntiVirus Tray Application"="c:\programmi\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2011-09-22 1011720]
"GDFirewallTray"="c:\programmi\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2011-09-22 1619976]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2011-04-17 77824]
.
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^hp psc 1000 series.lnk]
backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^hpoddt01.exe.lnk]
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-29 19:59 937920 ----a-r- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amBX System Tray Application]
2006-09-29 09:17 126976 ----a-w- c:\programmi\amBX\ApplicationManager\amBXAppMgr.ex e
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserChoice]
2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
2004-08-22 15:05 81920 ----a-w- c:\programmi\D-Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-03-28 21:11 3325952 ----a-w- c:\programmi\Electronic Arts\EADM\Core.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
2010-04-28 05:44 647528 ----a-w- c:\programmi\Windows Live\Family Safety\fsui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeChat]
2009-09-28 11:48 264040 ----a-w- c:\programmi\Microsoft LifeChat\LifeChat.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2011-09-01 11:39 966712 ----a-w- c:\programmi\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-04-17 12:56 77824 ----a-w- c:\programmi\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 18:24 32768 ----a-w- c:\programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-11-14 09:21 16270848 ------r- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 10:17 61440 ----a-w- c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-06-17 19:16 1242448 ----a-w- c:\programmi\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 12:49 249064 ----a-w- c:\programmi\File comuni\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-02-18 15:40 2012912 ----a-w- c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-10-12 13:12 68856 ----a-w- c:\programmi\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"WinDefend"=3 (0x3)
"SeaPort"=2 (0x2)
"Pml Driver HPZ12"=3 (0x3)
"MDM"=2 (0x2)
"LightScribeService"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=2 (0x2)
"gupdate1c9f7cc6a072232"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\THQ\\Company of Heroes\\RelicCOH.exe"=
"c:\\Programmi\\DAP\\DAP.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Programmi\\Capcom\\MotoGP 08\\Launcher.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\aMSN\\bin\\wish.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=

Goldselection
16-10-2011, 15:51
Parte 2 . . .


.
R0 70872952;70872952 Boot Guard Driver;c:\windows\system32\drivers\70872952.sys [20/02/2010 16.03.38 37392]
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bu s.sys [21/07/2008 14.38.12 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347pr t.sys [21/07/2008 14.38.12 5248]
R0 EnumProcessesDriver;EnumProcessesDriver;c:\windows \system32\drivers\EnumProcessesDriver.sys [20/02/2010 15.27.03 15888]
R0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBe have.sys [08/04/2011 19.46.56 40440]
R0 GDNdisIc;GDNdisIc;c:\windows\system32\drivers\GDNd isIc.sys [08/04/2011 19.46.59 30200]
R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [20/06/2008 12.30.38 212520]
R1 70872951;70872951;c:\windows\system32\drivers\7087 2951.sys [20/02/2010 16.03.38 128016]
R1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\Mini Icpt.sys [08/04/2011 19.46.56 79608]
R1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [08/04/2011 20.42.05 69112]
R1 HookCentre;HookCentre;c:\windows\system32\drivers\ HookCentre.sys [08/04/2011 19.47.23 39544]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sa sdifsv.sys [17/02/2010 11.25.50 12872]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SA SKUTIL.SYS [17/02/2010 11.15.58 66632]
R1 setup_9.0.0.722_20.02.2010_16-04drv;setup_9.0.0.722_20.02.2010_16-04drv;c:\windows\system32\drivers\7087295.sys [20/02/2010 16.03.38 315408]
R2 AVKProxy;Proxy G Data AntiVirus;c:\programmi\File comuni\G Data\AVKProxy\AVKProxy.exe [16/04/2010 13.10.56 1500168]
R2 AVKService;G Data Scheduler;c:\programmi\G Data\InternetSecurity\AVK\AVKService.exe [16/04/2010 13.10.58 464392]
R2 AVKWCtl;G Data Guardiano del file system;c:\programmi\G Data\InternetSecurity\AVK\AVKWCtl.exe [15/03/2010 11.24.00 1371904]
R2 GDFwSvc;G Data Personal Firewall;c:\programmi\G Data\InternetSecurity\Firewall\GDFwSvc.exe [16/04/2010 5.08.54 1613424]
R2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\syste m32\drivers\GDTdiIcpt.sys [08/04/2011 19.46.59 52216]
R3 GDScan;G Data Scanner;c:\programmi\File comuni\G Data\GDScan\GDScan.exe [22/04/2010 13.59.36 448008]
S1 RemoveAny;RemoveAny driver;c:\windows\system32\drivers\RemoveAny.sys [14/09/2010 19.04.46 11392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [18/03/2010 13.16.28 130384]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [03/12/2009 22.23.36 112640]
S3 gUSBSTOi;gUSBSTOi;\??\c:\docume~1\Fabio\IMPOST~1\T emp\gUSBSTOi.sys --> c:\docume~1\Fabio\IMPOST~1\Temp\gUSBSTOi.sys [?]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [15/05/2010 1.03.59 100736]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys --> c:\windows\system32\DRIVERS\ewusbfake.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASE NUM.SYS [17/02/2010 11.15.58 12872]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\documents and settings\Fabio\Documenti\My Completed Downloads\RealTemp_3.00\WinRing0.sys [04/01/2010 2.41.36 14416]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [02/03/2006 14.00.00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [18/03/2010 13.16.28 753504]
S4 amBX Engine;amBX Engine;c:\programmi\amBX\System\amBX_Engine.exe [22/12/2006 11.37.28 427008]
S4 amBX Service;amBX Service;c:\programmi\amBX\System\amBX_Service.exe [22/12/2006 11.35.14 66048]
S4 gupdate1c9f7cc6a072232;Servizio di Google Update (gupdate1c9f7cc6a072232);c:\programmi\Google\Updat e\GoogleUpdate.exe [28/06/2009 10.42.46 133104]
S4 Philips amBX USB HAL;Philips amBX USB HAL;c:\programmi\amBX\Device Drivers\Philips USB\Philips_amBX_USB_HAL.exe [18/04/2007 15.04.40 258048]
S4 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 20.19.58 13592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contenuto della cartella 'Scheduled Tasks'
.
2008-12-14 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B82162 05794.job
- c:\programmi\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]
.
2011-02-27 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-20 08:30]
.
2010-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb710 46a802242.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-06-28 08:42]
.
2010-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-06-28 08:42]
.
2010-11-23 c:\windows\Tasks\LifeChatTask.job
- c:\programmi\Microsoft LifeChat\LifeChat.exe [2009-09-28 11:48]
.
2010-01-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
2011-10-16 c:\windows\Tasks\RegistryBooster.job
- c:\programmi\Uniblue\RegistryBooster\rbmonitor.exe [2011-10-16 13:29]
.
2010-02-20 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programmi\Ask.com\UpdateTask.exe [2009-04-02 18:50]
.
2011-10-16 c:\windows\Tasks\User_Feed_Synchronization-{A3739E57-349A-4F2A-8FFC-9B6CF75162AD}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-MobileConnect - c:\programmi\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
AddRemove-Hospital - c:\windows\unin0410.exe
AddRemove-VV_Outloud_50_It_IT - c:\windows\IsUn0410.exe
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-16 15:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
************************************************** ************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\n pggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,67,d8,66 ,5d,1a,9a,a1,4f,9e,7f,04,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,67,d8,66 ,5d,1a,9a,a1,4f,9e,7f,04,\
.
[HKEY_USERS\S-1-5-21-448539723-1659004503-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:db,bb,41,cf,dc,24,fb,1a,7b,c7,70,47,44,ed,59, d4,13,ec,1f,cb,e1,c0,97,
fc,a1,d2,1e,06,b5,ba,30,9a,eb,e5,a7,11,6b,88,ea,81 ,b3,ff,93,6a,54,c4,7b,3c,\
"??"=hex:32,6d,d5,05,2b,ca,2a,01,87,0a,b0,e0,d8,87,26, f4
.
[HKEY_USERS\S-1-5-21-448539723-1659004503-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:80,a4,ae,80,2f,01,02,e8,b8,d3,3e,9b,dd,6e,f4, bc,84,84,1a,2e,32,
44,09,5f,53,b4,67,37,50,20,23,07,f4,d3,d9,19,74,a2 ,6c,92,5e,1c,2f,b6,7a,36,\
"rkeysecu"=hex:ae,1a,40,fa,f7,70,e5,54,4d,81,b7,10,c2,69,72, cb
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(652)
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2011-10-16 15:26:16
ComboFix-quarantined-files.txt 2011-10-16 13:26
ComboFix2.txt 2010-02-20 11:25
ComboFix3.txt 2010-02-17 11:43
.
Pre-Run: 291.745.976.320 byte disponibili
Post-Run: 291.931.529.216 byte disponibili
.
- - End Of File - - E2DEA0245355D2A1C9DEAC1FB109B6F3

menatwork
16-10-2011, 20:40
scarica TDSSKiller (http://support.kaspersky.com/viruses/solutions?qid=208280684) sul desktop ed estrai il contenuto

Start > Esegui > copia/incolla il seguente comando e dai OK.

"%userprofile%\Desktop\TDSSKiller.exe"

Clicca su Start Scan.
Se c’è un’infezione, l'azione di default sarà cure. Clicca su continua.
Se c’è il sospetto di un’infezione, l'azione di default sarà skip. Clicca su continua.
Se viene richiesto il riavvio, accetta.
Il rapporto si troverà in C:, sotto queste sembianze: TDSSKiller.[Version]_[Date]_[Time]_log.txt
Se non è stato richiesto il riavvio, chiudi e clicca su report. Salva il contenuto in un file di testo

Mi raccomando, non incollare il log ma caricalo su un server

Goldselection
16-10-2011, 21:17
Il log del programma TDSSKILLER è pulito.. zero file sospetti..

menatwork
16-10-2011, 21:23
mi serve il log anche se non ha rilevato niente

caricalo su un server

Loading