ComboFix 10-06-11.01 - jonad 12/06/2010 16:34:50.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.39.1033.18.1022.393 [GMT 2:00]
Eseguito da: c:\users\jonad\Downloads\ComboFix.exe
.

((((((((((((((((((((((((( Files Creati Da 2010-05-12 al 2010-06-12 )))))))))))))))))))))))))))))))))))
.

2010-06-12 14:40 . 2010-06-12 14:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-12 12:52 . 2009-07-24 08:49 114688 ----a-w- c:\windows\system32\RicohMediadriverVer.dll
2010-06-12 12:52 . 2009-06-25 14:58 48128 ----a-w- c:\windows\system32\drivers\rimmptsk.sys
2010-06-12 12:52 . 2009-06-25 14:25 38400 ----a-w- c:\windows\system32\drivers\rixdptsk.sys
2010-06-12 12:52 . 2009-06-25 14:10 44544 ----a-w- c:\windows\system32\drivers\rimsptsk.sys
2010-06-12 12:52 . 2004-09-04 01:00 90112 ----a-w- c:\windows\system32\snymsico.dll
2010-06-12 12:52 . 2007-07-25 10:48 172032 ----a-w- c:\windows\system32\rixdicon.dll
2010-06-12 12:19 . 2010-06-12 12:19 -------- d-----w- c:\users\jonad\AppData\Local\ElevatedDiagnostics
2010-06-12 12:12 . 2010-06-12 12:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-11 02:27 . 2010-05-01 14:49 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-06-11 02:27 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-11 02:27 . 2010-05-21 05:18 977920 ----a-w- c:\windows\system32\wininet.dll
2010-06-11 02:27 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-06-11 02:27 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-06 08:18 . 2010-06-06 08:19 -------- d-----w- c:\program files\TutoreDattilo
2010-06-05 06:21 . 2010-06-11 05:31 -------- d-----w- c:\users\jonad\AppData\Roaming\dvdcss
2010-06-04 14:46 . 2010-06-04 14:46 -------- d-----w- C:\omniformat
2010-06-04 14:38 . 2010-06-04 14:38 159878 ----a-w- c:\windows\ScanWiz Uninstaller.exe
2010-06-04 14:38 . 2010-06-04 14:38 -------- d-----w- c:\program files\ScanWizv2
2010-06-04 12:02 . 2010-06-04 12:02 -------- d-----w- c:\program files\JPEG to PDF
2010-05-26 10:37 . 2010-04-23 07:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-25 06:24 . 2010-05-25 06:24 -------- d-----w- c:\windows\system32\Wat
2010-05-21 07:03 . 2010-04-21 10:07 52224 ----a-w- c:\users\jonad\AppData\Roaming\Mozilla\Firefox\Profiles\1ik5092w.default\extensions\{9bb815eb-3f9f-4e11-9150-cb70e29b40fc}\components\FFExternalAlert.dll
2010-05-21 07:03 . 2010-04-21 10:07 101376 ----a-w- c:\users\jonad\AppData\Roaming\Mozilla\Firefox\Profiles\1ik5092w.default\extensions\{9bb815eb-3f9f-4e11-9150-cb70e29b40fc}\components\RadioWMPCore.dll
2010-05-16 09:02 . 2010-05-16 09:02 909320 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\uninstall.exe
2010-05-16 09:02 . 2010-05-16 09:02 625200 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\instUtils.dll
2010-05-16 09:02 . 2010-05-16 08:54 331776 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\module_ws.dll
2010-05-16 09:02 . 2010-05-16 08:54 958000 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib64.dll
2010-05-16 09:02 . 2010-05-16 08:54 922672 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib64.exe
2010-05-16 09:02 . 2010-05-16 08:54 760368 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib.dll
2010-05-16 09:02 . 2010-05-16 08:54 731696 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vminstutil.dll
2010-05-16 09:02 . 2010-05-16 08:54 703024 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib.exe
2010-05-16 09:02 . 2010-05-16 08:54 569344 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\module_core.dll
2010-05-16 09:02 . 2010-05-16 08:54 360448 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\module_license.dll
2010-05-16 09:01 . 2009-10-21 22:13 59952 ----a-w- c:\windows\system32\vnetinst.dll
2010-05-16 09:01 . 2009-10-21 22:13 16560 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2010-05-16 09:00 . 2009-10-22 02:59 334384 ----a-w- c:\windows\system32\vmnetdhcp.exe
2010-05-16 09:00 . 2009-10-22 03:00 395824 ----a-w- c:\windows\system32\vmnat.exe
2010-05-16 09:00 . 2009-10-22 03:00 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2010-05-16 09:00 . 2009-10-21 22:13 51248 ----a-r- c:\windows\system32\vmnetbridge.dll
2010-05-16 09:00 . 2009-10-21 22:13 36400 ----a-r- c:\windows\system32\drivers\vmnetbridge.sys
2010-05-16 09:00 . 2009-10-21 22:13 18736 ----a-r- c:\windows\system32\drivers\vmnet.sys
2010-05-16 09:00 . 2009-10-22 03:00 760368 ----a-w- c:\windows\system32\vnetlib.dll
2010-05-16 09:00 . 2009-10-22 03:00 23216 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2010-05-16 09:00 . 2009-10-21 22:13 31280 ----a-w- c:\windows\system32\drivers\vmusb.sys
2010-05-16 08:59 . 2010-05-16 08:59 -------- d-----w- c:\program files\Common Files\VMware
2010-05-16 08:55 . 2010-05-16 08:55 -------- d-----w- c:\program files\VMware
2010-05-14 21:15 . 2010-06-05 06:07 -------- d-----w- c:\users\jonad\AppData\Roaming\skypePM
2010-05-14 21:13 . 2010-06-05 07:09 -------- d-----w- c:\users\jonad\AppData\Roaming\Skype
2010-05-14 21:11 . 2010-05-14 21:11 -------- d-----w- c:\program files\Common Files\Skype
2010-05-14 21:11 . 2010-05-14 21:13 -------- d-----r- c:\program files\Skype
2010-05-14 21:11 . 2010-05-14 21:11 -------- d-----w- c:\programdata\Skype
2010-05-14 19:32 . 2010-05-14 19:31 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-14 19:31 . 2010-05-14 19:31 -------- d-----w- c:\program files\Java
2010-05-13 18:09 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-12 14:14 . 2010-04-19 22:12 -------- d-----w- c:\programdata\VMware
2010-06-12 12:26 . 2010-04-21 09:13 -------- d-----w- c:\programdata\McAfee Security Scan
2010-06-11 09:48 . 2010-04-19 21:34 -------- d-----w- c:\programdata\Microsoft Help
2010-06-11 06:45 . 2010-05-10 06:08 -------- d-----w- c:\users\jonad\AppData\Roaming\vlc
2010-06-07 12:54 . 2010-04-19 22:21 -------- d-----w- c:\users\jonad\AppData\Roaming\VMware
2010-05-14 23:37 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-14 21:15 . 2010-05-14 21:15 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-05-12 09:21 . 2010-04-19 20:24 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-10 06:07 . 2010-05-10 06:07 -------- d-----w- c:\program files\VideoLAN
2010-04-24 18:40 . 2010-04-24 18:40 -------- d-----w- c:\program files\Microsoft
2010-04-24 18:40 . 2010-04-24 18:39 -------- d-----w- c:\program files\Windows Live
2010-04-24 18:40 . 2010-04-24 18:40 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-04-24 18:25 . 2010-04-24 18:25 -------- d-----w- c:\program files\Common Files\Windows Live
2010-04-22 16:32 . 2010-04-22 16:21 -------- d-----w- c:\program files\LowRateVoip
2010-04-22 16:32 . 2010-04-22 16:24 -------- d-----w- c:\users\jonad\AppData\Roaming\LowRateVoip
2010-04-21 19:08 . 2010-04-20 18:03 108824 ----a-w- c:\users\jonad\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-21 18:45 . 2010-04-21 18:45 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-04-21 16:31 . 2010-04-19 21:37 -------- d-----w- c:\program files\Microsoft Works
2010-04-21 09:18 . 2010-04-21 09:17 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-21 09:13 . 2010-04-21 09:13 -------- d-----w- c:\programdata\McAfee
2010-04-21 09:13 . 2010-04-21 09:13 -------- d-----w- c:\program files\McAfee Security Scan
2010-04-20 18:02 . 2010-04-20 18:02 -------- d-----w- c:\program files\Alex Feinman
2010-04-19 21:37 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-04-19 21:36 . 2010-04-19 21:36 -------- d-----w- c:\program files\Microsoft.NET
2010-04-19 21:35 . 2010-04-19 21:35 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-04-19 20:13 . 2010-04-19 20:13 -------- d-----w- c:\programdata\Avira
2010-04-19 20:13 . 2010-04-19 20:13 -------- d-----w- c:\program files\Avira
2010-04-19 20:05 . 2010-04-19 20:05 -------- d-----w- c:\programdata\NVIDIA
2010-04-19 17:56 . 2010-04-19 17:56 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LowRateVoip"="c:\program files\LowRateVoip\LowRateVoip.exe" [2010-04-22 9167160]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2009-10-22 129584]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-25 1343400]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2009-10-22 70704]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

.
.
------- Scansione supplementare -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
FF - ProfilePath - c:\users\jonad\AppData\Roaming\Mozilla\Firefox\Profiles\1ik5092w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405727&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Radio Bar 2 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2405727&SearchSource=13
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\users\jonad\AppData\Roaming\Mozilla\Firefox\Profiles\1ik5092w.default\extensions\{9bb815eb-3f9f-4e11-9150-cb70e29b40fc}\components\FFExternalAlert.dll
FF - component: c:\users\jonad\AppData\Roaming\Mozilla\Firefox\Profiles\1ik5092w.default\extensions\{9bb815eb-3f9f-4e11-9150-cb70e29b40fc}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2010-06-12 16:46:09
ComboFix-quarantined-files.txt 2010-06-12 14:46

Pre-Run: 82.157.891.584 bytes free
Post-Run: 82.317.156.352 bytes free

- - End Of File - - 4D73C70B7EAA72EA6ED9BB6790719DB7

Ho notato che il programma non è stato eseguito dal desktop, per rimuoverlo devo usare OTC by oldtimer, quell'altro simile come si chiamava?

Sembra che fate apposta a non rispondermi.

Combofix non sono sicuro di come agire, HJT si.

Anche no.

Grazie simo del consiglio.

nessuno script da eseguire?

Grazie Mao, pace pace mille patate :)