PRIMO LOG CON COMBO
2008-09-27 17:53 . 2008-09-27 17:53 <DIR> d-------- C:\Programmi\PowerQuest
2008-09-16 18:59 . 2008-09-16 19:00 230,424 --a------ C:\img2-001.raw
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-28 06:55 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-09-27 20:37 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-08-30 10:41 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-25 16:30 --------- d-----w C:\Programmi\MSXML 4.0
2008-08-25 06:33 --------- d-----w C:\Programmi\File comuni\Teleca Shared
2008-08-25 06:33 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Teleca
2008-08-25 06:33 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Sony Ericsson
2008-08-25 06:32 --------- d-----w C:\Programmi\Sony Ericsson
2008-08-25 06:32 --------- d-----w C:\Programmi\File comuni\Sony Ericsson Shared
2008-08-24 14:27 --------- d-----w C:\Documents and Settings\famiglia linari\Dati applicazioni\Teleca
2008-08-24 14:25 --------- d-----w C:\Documents and Settings\famiglia linari\Dati applicazioni\Sony Ericsson
2008-08-24 13:47 --------- d-----w C:\Programmi\mp3DirectCut
2008-08-21 20:58 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-08-21 20:58 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2008-08-21 18:36 21,672 ----a-w C:\WINDOWS\system32\drivers\ggsemc.sys
2008-08-21 18:36 13,352 ----a-w C:\WINDOWS\system32\drivers\ggflt.sys
2008-08-21 18:36 1,419,232 ----a-w C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-08-19 17:19 --------- d-----w C:\Programmi\Trend Micro
2008-08-19 08:26 --------- d-----w C:\Programmi\QuickTime
2008-08-06 12:31 --------- d-----w C:\Programmi\SpywareBlaster
2008-08-04 13:06 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-08-04 13:06 --------- d-----w C:\Programmi\Macromedia
2008-08-04 13:06 --------- d-----w C:\Programmi\File comuni\Macromedia
2008-08-04 10:35 --------- d-----w C:\Programmi\Star Downloader
2008-08-04 09:03 --------- d-----w C:\Documents and Settings\famiglia linari\Dati applicazioni\Cartella di caricamento Share-to-Web
2008-08-03 11:01 --------- d-----w C:\Programmi\File comuni\Adobe
2008-08-02 09:27 --------- d-----w C:\Documents and Settings\famiglia linari\Dati applicazioni\.clamwin
2008-08-02 09:26 --------- d-----w C:\Programmi\ClamWin
2008-07-31 13:55 --------- d-----w C:\Programmi\File comuni\Macromedia Shared
2008-07-27 12:18 45,056 ----a-w C:\WINDOWS\NCUNINST.EXE
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:27 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-04 18:19 37,888 ----a-w C:\WINDOWS\system32\setupnt.dll
2008-07-04 18:19 126,976 ----a-w C:\WINDOWS\system32\snapapi.dll
2008-07-04 15:37 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-07-02 22:32 163,840 ----a-w C:\WINDOWS\system32\CnxHwIo.dll
2008-07-02 22:32 118,784 ----a-w C:\WINDOWS\system32\CnxMfdCo.dll
2008-07-02 22:32 118,784 ----a-w C:\WINDOWS\system32\CnxClsCo.dll
2001-11-23 04:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"EPSON Stylus D92 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE" [2006-09-27 139264]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-14 68856]
"Star Downloader Free"="C:\Programmi\Star Downloader\stardown.exe" [2006-02-25 1785344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-04-26 102400]
"NeroFilterCheck"="C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Share-to-Web Namespace Daemon"="C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 69632]
"00PCTFW"="C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2008-07-13 2602904]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-30 1235736]
"CnxDslTaskBar"="C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe" [2008-07-03 462848]
"LifeCam"="C:\Programmi\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX1000"="C:\WINDOWS\vVX1000.exe" [2007-04-10 709992]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ClamWin"="C:\Programmi\ClamWin\bin\ClamTray.exe" [2008-06-14 77824]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Sony Ericsson PC Suite"="C:\Programmi\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Programmi\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmi\\MSN Messenger\\livecall.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-30 97928]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-03-12 159896]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-30 875288]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-04 76040]
R2 MSCamSvc;MSCamSvc;C:\Programmi\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]
R3 CnxEtP;Trust MD3100 USB ADSL MODEM LAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2008-07-03 60288]
R3 CnxEtU;Trust MD3100 USB ADSL MODEM Loader;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2008-07-03 646400]
R3 CnxTgN;Trust MD3100 USB ADSL MODEM LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2008-07-03 108771]
R3 FWAuth;FWAuth Driver;C:\WINDOWS\system32\drivers\FWAuthDriver.sys [2008-07-13 57240]
R3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 1966312]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-08-21 13352]
.
- - - - ORFÇOS REMOVIDOS - - - -
HKLM-Run-Cmaudio - cmicnfg.cpl
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.libero.it/
O8 -: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Salva oggetto con Star Downloader - C:\Programmi\Star Downloader\sdie.htm
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-09-28 08:54:13
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmi\AVG\AVG8\avgrsx.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Teleca Shared\Generic.exe
C:\Programmi\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\verclsid.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Ora fine scansione: 2008-09-28 9:01:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-28 07:00:26
Pre-Run: 4.710.895.616 byte disponibili
Post-Run: 4,764,504,064 byte disponibil
SECONDO LOG ANTI SPYWARE
153 --- E O F --- 2008-09-09 23:51:02
2 LOG:alwarebytes' Anti-Malware 1.28
Versione del database: 1217
Windows 5.1.2600 Service Pack 3
28/09/2008 11.14.31
mbam-log-2008-09-28 (11-14-31).txt
Tipo di scansione: Scansione completa (C:\|D:\|G:\|)
Elementi scansionati: 93305
Tempo trascorso: 2 hour(s), 1 minute(s), 12 second(s)
Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0
Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)
Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)
Chiavi di registro infette:
(Nessun elemento malevolo rilevato)
Valori di registro infetti:
(Nessun elemento malevolo rilevato)
Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)
Cartelle infette:
(Nessun elemento malevolo rilevato)
File infetti:
(Nessun elemento malevolo rilevato)