ComboFix 09-06-01.03 - kikko 03/06/2009 20.17.43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3071.2402 [GMT 2:00]
Eseguito da: c:\documents and settings\kikko\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\ipypasjh.sys
c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
c:\windows\system32\drivers\SET8.tmp
c:\windows\system32\tmp81.tmp
c:\windows\system32\tmp82.tmp
.
((((((((((((((((((((((((( Files Creati Da 2009-05-03 al 2009-06-03 )))))))))))))))))))))))))))))))))))
.
2009-06-03 17:25 . 2009-06-03 17:25 -------- d-----w- c:\documents and settings\kikko\Dati applicazioni\Malwarebytes
2009-06-03 17:25 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-03 17:25 . 2009-06-03 17:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-06-03 17:25 . 2009-06-03 17:25 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-06-03 17:25 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-03 14:07 . 2009-06-01 15:37 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-03 12:45 . 2009-06-03 13:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-06-03 12:45 . 2009-06-03 12:45 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-06-03 10:03 . 2009-06-03 10:03 -------- d-----w- c:\programmi\Trend Micro
2009-06-01 16:22 . 2009-06-01 22:28 -------- d-----w- c:\documents and settings\kikko\Dati applicazioni\FileZilla
2009-06-01 16:22 . 2009-06-01 16:22 -------- d-----w- c:\programmi\FileZilla FTP Client
2009-06-01 15:37 . 2009-06-01 15:36 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-01 15:37 . 2009-06-01 15:37 314200 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-01 15:37 . 2009-06-01 15:37 25440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-01 15:37 . 2009-06-01 15:37 169312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-01 15:37 . 2009-06-01 15:37 15688 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-01 15:37 . 2009-06-01 15:37 348496 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-01 15:37 . 2009-06-01 15:37 294240 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-01 15:28 . 2009-06-01 15:28 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-06-01 15:28 . 2009-01-18 21:43 2892112 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
2009-06-01 15:27 . 2009-06-01 15:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-06-01 15:27 . 2009-06-01 15:27 -------- d-----w- c:\programmi\Lavasoft
2009-05-31 17:28 . 2009-05-31 17:28 -------- d--ha-w- C:\.fseventsd
2009-05-29 18:21 . 2009-05-29 19:07 -------- d-----w- c:\documents and settings\kikko\Impostazioni locali\Dati applicazioni\Google
2009-05-29 18:21 . 2009-05-29 18:21 -------- d-----w- c:\documents and settings\kikko\Impostazioni locali\Dati applicazioni\Deployment
2009-05-29 17:16 . 2009-05-29 17:16 -------- d-----w- c:\documents and settings\kikko\Impostazioni locali\Dati applicazioni\kompozer.net
2009-05-29 17:16 . 2009-05-29 17:16 -------- d-----w- c:\documents and settings\kikko\Dati applicazioni\kompozer.net
2009-05-23 11:33 . 2009-02-07 05:43 24576 ----a-w- c:\documents and settings\kikko\Dati applicazioni\Mozilla\Firefox\Profiles\qu4avjaa.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
2009-05-18 08:11 . 2009-05-18 09:14 -------- d-----w- c:\documents and settings\kikko\Impostazioni locali\Dati applicazioni\CutePDF Writer
2009-05-18 08:10 . 2009-05-18 08:10 -------- d-----w- c:\programmi\GPLGS
2009-05-18 08:09 . 2007-07-12 20:33 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2009-05-18 08:09 . 2009-05-18 08:09 -------- d-----w- c:\programmi\Acro Software
2009-05-12 19:19 . 2009-05-12 19:19 -------- d-----w- c:\documents and settings\kikko\Impostazioni locali\Dati applicazioni\ABBYY
2009-05-12 19:19 . 2009-05-12 19:19 -------- d-----w- c:\documents and settings\kikko\Dati applicazioni\ABBYY
2009-05-12 19:18 . 2009-05-12 19:18 65536 ----a-r- c:\documents and settings\kikko\Dati applicazioni\Microsoft\Installer\{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}\ICON_ScreenshotReader.exe
2009-05-12 19:18 . 2009-05-12 19:18 65536 ----a-r- c:\documents and settings\kikko\Dati applicazioni\Microsoft\Installer\{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}\ICON_FineReader.exe
2009-05-12 19:18 . 2009-05-12 19:18 25214 ----a-r- c:\documents and settings\kikko\Dati applicazioni\Microsoft\Installer\{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}\ARPPRODUCTICON.exe
2009-05-12 19:17 . 2009-05-12 19:19 -------- d-----w- c:\programmi\ABBYY FineReader 8.0 Professional Edition
2009-05-12 19:15 . 2009-05-12 19:15 -------- d-----w- c:\temp\FR80PE
2009-05-12 19:15 . 2009-05-12 19:15 -------- d-----w- C:\temp
2009-05-07 19:51 . 2009-05-07 19:51 -------- d-----w- c:\documents and settings\kikko\Dati applicazioni\U3
2009-05-05 19:28 . 2009-05-05 19:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ALM
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-03 18:15 . 2009-06-03 18:15 800 ----a-w- c:\programmi\hwfax.txt
2009-06-03 12:39 . 2009-03-14 17:04 -------- d-----w- c:\programmi\SpeedFan
2009-06-02 19:59 . 2009-04-04 12:41 -------- d-----w- c:\documents and settings\kikko\Dati applicazioni\Azureus
2009-05-31 13:24 . 2009-02-14 19:18 -------- d-----w- c:\programmi\PeerGuardian2
2009-05-31 12:20 . 2009-02-14 19:17 -------- d-----w- c:\programmi\eMule
2009-05-28 07:22 . 2009-04-14 16:17 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-26 17:33 . 2009-04-23 17:23 -------- d-----w- c:\documents and settings\kikko\Dati applicazioni\Skype
2009-05-26 17:19 . 2009-04-23 17:24 -------- d-----w- c:\documents and settings\kikko\Dati applicazioni\skypePM
2009-05-24 17:53 . 2009-04-04 12:40 -------- d-----w- c:\programmi\Vuze
2009-05-24 12:28 . 2009-02-14 18:41 -------- d-----w- c:\programmi\Messenger Plus! Live
2009-05-17 10:01 . 2009-02-13 21:08 132640 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-05-15 15:07 . 2009-02-13 21:08 168208 ----a-w- c:\windows\system32\guard32.dll
2009-05-15 15:07 . 2009-02-13 21:08 82080 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-05-15 15:06 . 2009-02-13 21:08 24096 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-05-12 19:19 . 2009-03-20 17:30 -------- d-----w- c:\programmi\File comuni\Adobe
2009-05-05 18:32 . 2009-04-04 13:30 -------- d-----w- c:\programmi\PHP Editor
2009-05-04 16:19 . 2009-04-20 10:09 -------- d-----w- c:\documents and settings\kikko\Dati applicazioni\Autodesk
2009-05-04 16:19 . 2009-04-20 10:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Autodesk
2009-05-02 19:09 . 2009-04-30 18:42 -------- d-----w- c:\programmi\EasyPHP1-8
2009-05-02 12:35 . 2009-02-14 18:36 77072 ----a-w- c:\documents and settings\kikko\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-05-02 12:23 . 2009-05-02 12:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\FLEXnet
2009-05-02 12:07 . 2009-05-02 12:07 -------- d-----w- c:\programmi\File comuni\Macrovision Shared
2009-04-23 17:24 . 2009-04-23 17:24 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-04-23 17:23 . 2009-04-23 17:23 -------- d-----r- c:\programmi\Skype
2009-04-23 17:23 . 2009-04-23 17:23 -------- d-----w- c:\programmi\File comuni\Skype
2009-04-23 17:23 . 2009-04-23 17:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2009-04-21 17:15 . 2009-04-21 17:16 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-21 17:15 . 2009-04-21 17:15 -------- d-----w- c:\programmi\Java
2009-04-21 17:15 . 2009-04-21 17:15 152576 ----a-w- c:\documents and settings\kikko\Dati applicazioni\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-21 15:55 . 2009-04-21 15:55 -------- d-----w- c:\programmi\Jaleco Entertainment
2009-04-20 10:11 . 2009-04-20 10:08 -------- d-----w- c:\programmi\File comuni\Autodesk Shared
2009-04-20 10:11 . 2009-04-20 10:09 -------- d-----w- c:\programmi\AutoCAD 2008
2009-04-20 10:08 . 2009-04-20 10:08 -------- d-----w- c:\programmi\Autodesk
2009-04-18 12:12 . 2009-04-18 12:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\CyberLink
2009-04-18 12:09 . 2009-04-18 12:07 -------- d-----w- c:\documents and settings\kikko\Dati applicazioni\CyberLink
2009-04-15 07:23 . 2009-04-15 07:23 -------- d-----w- c:\programmi\File comuni\CyberLink
2009-04-15 07:23 . 2009-02-13 20:22 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-04-15 07:22 . 2009-04-15 07:22 -------- d-----w- c:\programmi\CyberLink
2009-04-15 07:14 . 2009-04-15 07:14 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Temp
2009-04-15 07:13 . 2009-04-15 07:22 29480 ----a-w- c:\windows\system32\msxml3a.dll
2009-04-15 07:13 . 2009-04-15 07:14 53319 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Temp\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2009-04-15 07:13 . 2007-07-03 15:40 505128 ----a-w- c:\windows\system32\msvcp71.dll
2009-04-14 16:17 . 2009-04-14 16:17 -------- d-----w- c:\programmi\Avira
2009-04-14 16:17 . 2009-04-14 16:17 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-04-14 16:08 . 2009-04-14 16:08 -------- d-----w- c:\programmi\Microsoft.NET
2009-04-11 10:53 . 2009-04-11 10:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Codemasters
2009-04-11 10:50 . 2009-04-11 10:50 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-04-11 10:50 . 2009-04-11 10:50 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-04-11 10:50 . 2009-04-11 10:50 -------- d-----w- c:\programmi\OpenAL
2009-04-11 10:30 . 2009-04-11 10:30 -------- d-----w- c:\programmi\Codemasters
2009-04-09 13:24 . 2009-04-09 13:23 -------- d-----w- c:\programmi\EPSON
2009-04-04 19:41 . 2009-02-14 15:48 -------- d-----w- c:\documents and settings\kikko\Dati applicazioni\Apple Computer
2009-03-30 14:08 . 2004-08-19 12:00 77348 ----a-w- c:\windows\system32\perfc010.dat
2009-03-30 14:08 . 2004-08-19 12:00 473112 ----a-w- c:\windows\system32\perfh010.dat
2009-03-20 17:06 . 2009-03-20 17:06 75048 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 8.1.0.52\SetupAdmin.exe
2009-03-15 00:18 . 2009-03-13 17:23 1196704 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2009-03-14 15:57 . 2009-03-14 15:57 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-03-14 15:57 . 2009-03-14 15:57 22328 ----a-w- c:\documents and settings\kikko\Dati applicazioni\PnkBstrK.sys
2009-03-14 15:57 . 2009-03-14 15:57 22328 ----a-w- c:\documents and settings\kikko\Dati applicazioni\PnkBstrK.sys
2009-03-14 15:57 . 2009-03-14 15:57 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-03-14 15:57 . 2009-03-14 15:57 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-03-14 15:57 . 2009-03-14 15:57 2250024 ----a-w- c:\windows\system32\pbsvc.exe
2009-03-13 18:00 . 2009-03-13 18:00 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-03-13 17:12 . 2009-03-13 17:12 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-03-05 22:59 . 2009-03-20 17:09 1900544 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-03-05 22:59 . 2009-02-14 15:47 36864 ----a-w- c:\windows\system32\drivers\usbaapl.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"NVIDIA nTune"="c:\programmi\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"Google Update"="c:\documents and settings\kikko\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2009-05-29 133104]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\programmi\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]
"COMODO Internet Security"="c:\programmi\COMODO\COMODO Internet Security\cfp.exe" [2009-05-15 1794320]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"EPSON Stylus Photo RX420 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE" [2004-04-09 98304]
"avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-04-21 148888]
"Ad-Watch"="c:\programmi\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-01 518488]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-05-25 14477312]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-12-18 76304]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-18 1657376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Logitech SetPoint.lnk - c:\programmi\Logitech\SetPoint\SetPoint.exe [2009-3-15 809488]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-18 23:30 72208 ----a-w- c:\programmi\File comuni\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TPSvc]
2008-11-11 18:21 423208 ----a-r- c:\windows\system32\TPSvc.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Programmi\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Programmi\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Programmi\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Programmi\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Programmi\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Vuze\\Azureus.exe"=
"c:\\Programmi\\Codemasters\\GRID\\GRID.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [01/06/2009 17.37.43 64160]
R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [05/09/2007 16.01.10 277888]
R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.sys [28/02/2007 12.15.08 19072]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [13/02/2009 23.08.54 132640]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [13/02/2009 23.08.54 24096]
R1 vmhgfs;vmhgfs;c:\windows\system32\drivers\vmhgfs.sys [15/02/2009 23.48.27 119216]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [25/02/2009 18.25.09 10384]
R2 MacDriveService;MacDriveService;c:\programmi\Mediafour\MacDrive 7\MacDriveService.exe [01/05/2007 15.55.36 143360]
R2 VMMEMCTL;Driver controllo memoria;c:\programmi\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys [11/11/2008 20.23.14 14384]
R2 VMware Physical Disk Helper Service;VMware Physical Disk Helper Service;c:\programmi\VMware\VMware Tools\vmacthlp.exe [11/11/2008 20.23.24 358960]
S1 vmdebug;VMware Replay Debugging Helper;c:\windows\system32\drivers\vmdebug.sys [11/11/2008 20.23.24 19504]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23.34.37 1005904]
S2 VMTools;VMware Tools Service;c:\programmi\VMware\VMware Tools\VMwareService.exe [11/11/2008 20.23.40 539184]
S3 TPAutoConnSvc;TP AutoConnect Service;c:\programmi\VMware\VMware Tools\TPAutoConnSvc.exe [11/11/2008 20.21.30 238832]
S3 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys [15/02/2009 23.48.46 53424]
S3 vmmouse;VMware Pointing Device;c:\windows\system32\drivers\vmmouse.sys [15/02/2009 23.48.25 11696]
S3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [15/02/2009 23.48.12 63920]
S3 vmxnet;VMware Ethernet Adapter Driver;c:\windows\system32\drivers\vmxnet.sys [15/02/2009 23.48.32 36400]
.
Contenuto della cartella 'Scheduled Tasks'
2009-06-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 15:36]
2009-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-583907252-839522115-1003.job
- c:\documents and settings\kikko\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-05-29 19:07]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
ShellIconOverlayIdentifiers-MacDrive Volume Icons - (no file)
SafeBoot-procexp90.Sys
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
LSP: c:\programmi\VMware\VMware Tools\VSock SDK\bin\win32\vsocklib.dll
TCP: {90C09B24-44AF-4254-99D7-EEEBC8B00E38} = 192.168.1.1
FF - ProfilePath - c:\documents and settings\kikko\Dati applicazioni\Mozilla\Firefox\Profiles\qu4avjaa.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/ig
FF - component: c:\documents and settings\kikko\Dati applicazioni\Mozilla\Firefox\Profiles\qu4avjaa.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\documents and settings\kikko\Dati applicazioni\Mozilla\Firefox\Profiles\qu4avjaa.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\programmi\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\kikko\Impostazioni locali\Dati applicazioni\Google\Update\1.2.145.5\npGoogleOneClick8.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-06-03 20:20
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-448539723-583907252-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:f3,19,69,9e,a4,4d,fe,5c,82,2f,1b,70,8c,01,fc,0e,45,61,13,a7,c0,
7d,3e,8a,dc,0b,7f,38,f0,8a,61,07,e0,c9,e1,02,6e,9b,03,59,bb,30,6b,f2,33,3d,\
"rkeysecu"=hex:2f,b9,4e,25,50,6f,21,0c,b4,30,53,55,7f,23,c2,73
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(816)
c:\programmi\file comuni\logishrd\bluetooth\LBTWlgn.dll
c:\programmi\file comuni\logishrd\bluetooth\LBTServ.dll
.
Ora fine scansione: 2009-06-03 20.22.24
ComboFix-quarantined-files.txt 2009-06-03 18:22
Pre-Run: 69.890.187.264 byte disponibili
Post-Run: 69.955.317.760 byte disponibili
254 --- E O F --- 2009-03-18 20:16