ciao
grazie
ecco il txt, fammi sapere che vuol dire per piacere
ComboFix 09-11-05.05 - Livio Mercurio 06/11/2009 18:39.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.584 [GMT 3:00]
Running from: c:\documents and settings\Livio Mercurio\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\Antivirus.vbs
.
((((((((((((((((((((((((( Files Created from 2009-10-06 to 2009-11-06 )))))))))))))))))))))))))))))))
.
2009-11-03 18:29 . 2009-11-06 15:14 -------- d-----w- c:\documents and settings\Livio Mercurio\Local Settings\Application Data\WMTools Downloaded Files
2009-11-02 08:28 . 2009-11-02 08:28 1136 --sha-r- c:\windows\system32\AMAN.bat
2009-10-31 20:24 . 2009-10-31 20:24 -------- d-----w- c:\program files\Common Files\Skype
2009-10-26 18:43 . 2009-10-26 18:43 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-20 14:38 . 2009-10-20 14:38 -------- d-----w- c:\program files\IDAutomation.com Code 39 Free Font
2009-10-19 08:44 . 2008-06-19 14:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-10-19 08:43 . 2009-10-19 08:43 -------- d-----w- c:\program files\Panda Security
2009-10-10 14:58 . 2009-10-10 14:58 -------- d-----w- c:\program files\iPod
2009-10-10 14:58 . 2009-10-10 14:59 -------- d-----w- c:\program files\iTunes
2009-10-10 14:58 . 2009-10-10 14:59 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-10 14:57 . 2009-10-10 14:57 -------- d-----w- c:\program files\Bonjour
2009-10-10 14:56 . 2009-10-10 14:56 -------- d-----w- c:\program files\QuickTime
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-06 15:40 . 2009-08-20 12:13 -------- d-----w- c:\documents and settings\Livio Mercurio\Application Data\Skype
2009-11-06 13:00 . 2009-08-20 12:14 -------- d-----w- c:\documents and settings\Livio Mercurio\Application Data\skypePM
2009-11-04 04:26 . 2009-08-20 10:02 -------- d-----w- c:\program files\Google
2009-11-04 03:30 . 2009-08-20 10:05 -------- d-----w- c:\documents and settings\Livio Mercurio\Application Data\Rainlendar
2009-10-31 20:24 . 2009-08-20 12:11 -------- d-----r- c:\program files\Skype
2009-10-31 20:24 . 2009-08-20 12:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-10-26 19:02 . 2009-08-21 16:45 28616 ----a-w- c:\documents and settings\Livio Mercurio\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-14 13:29 . 2009-08-20 09:43 -------- d-----w- c:\documents and settings\Livio Mercurio\Application Data\Apple Computer
2009-10-13 05:09 . 2009-08-20 09:36 -------- d-----w- c:\program files\Apple Software Update
2009-10-10 14:58 . 2009-08-20 09:34 -------- d-----w- c:\program files\Common Files\Apple
2009-10-07 07:42 . 2009-10-07 07:42 -------- d-----w- c:\program files\MSBuild
2009-10-07 07:42 . 2009-10-07 07:42 -------- d-----w- c:\program files\Reference Assemblies
2009-10-06 08:04 . 2009-10-06 08:04 -------- d-----w- c:\program files\WHO
2009-10-02 12:52 . 2009-10-02 12:00 -------- d-----w- c:\documents and settings\Livio Mercurio\Application Data\ICAClient
2009-10-02 12:00 . 2009-10-02 12:00 -------- d-----w- c:\program files\Citrix
2009-10-01 06:10 . 2009-10-01 06:10 -------- d-----w- c:\program files\ESET
2009-09-30 06:53 . 2009-09-30 06:53 -------- d-----w- c:\program files\Free Easy Burner
2009-09-27 08:50 . 2009-09-27 08:50 -------- d-----w- c:\documents and settings\Livio Mercurio\Application Data\Media Player Classic
2009-09-27 08:45 . 2008-10-09 12:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-27 08:45 . 2009-09-27 08:45 -------- d-----w- c:\program files\Common Files\PAC7302
2009-09-27 08:45 . 2009-09-27 08:45 -------- d-----w- c:\program files\DARFON
2009-09-27 08:44 . 2008-10-09 12:42 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-25 09:12 . 2009-09-25 09:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-09-23 07:26 . 2009-08-20 08:49 -------- d-----w- c:\program files\Alice MOBILE
2009-09-22 14:07 . 2009-09-07 10:54 -------- d-----w- c:\program files\Huawei Access Manager
2009-09-21 14:09 . 2009-09-21 14:09 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-09-19 10:35 . 2009-09-09 14:17 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-19 04:30 . 2009-08-20 09:58 -------- d-----w- c:\program files\Common Files\Real
2009-09-19 04:30 . 2009-09-19 04:30 -------- d-----w- c:\program files\Common Files\xing shared
2009-09-19 04:25 . 2009-09-19 04:25 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-19 04:25 . 2008-10-09 12:37 -------- d-----w- c:\program files\Java
2009-09-19 04:25 . 2009-09-19 04:25 152576 ----a-w- c:\documents and settings\Livio Mercurio\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-09-19 04:22 . 2009-09-19 04:22 1925024 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2009-09-19 01:42 . 2009-09-19 01:42 23116 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-17 05:36 . 2009-09-17 15:48 364916 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aegen.dll
2009-09-15 11:28 . 2009-09-17 15:48 106867 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aevdf.dll
2009-09-15 11:28 . 2009-09-17 15:48 422261 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aepack.dll
2009-09-15 11:27 . 2009-09-17 15:48 184693 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aecore.dll
2009-09-11 16:40 . 2009-09-11 15:42 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-09-11 15:42 . 2009-09-11 15:42 -------- d-----w- c:\program files\Avira
2009-09-11 15:42 . 2009-09-11 15:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-09-11 15:38 . 2008-10-09 12:40 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-11 14:18 . 2007-01-31 11:59 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:13 . 2009-09-11 14:13 -------- d-----w- c:\program files\CCleaner
2009-09-09 14:18 . 2009-09-09 14:18 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-09-09 11:58 . 2009-09-17 15:48 475513 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aescript.dll
2009-09-08 09:43 . 2009-09-08 09:43 -------- d-----w- c:\documents and settings\Livio Mercurio\Application Data\McAfee
2009-09-04 21:03 . 2007-01-31 11:59 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 10:54 . 2009-09-17 15:48 127346 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aescn.dll
2009-09-03 10:54 . 2009-09-17 15:48 237940 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aehelp.dll
2009-09-03 06:23 . 2009-09-09 14:16 22848 ----a-w- c:\documents and settings\Livio Mercurio\Application Data\Mozilla\Firefox\Profiles\iwiwn4it.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe
2009-09-03 06:23 . 2009-09-09 14:16 19792 ----a-w- c:\documents and settings\Livio Mercurio\Application Data\Mozilla\Firefox\Profiles\iwiwn4it.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2009-08-29 07:36 . 2007-01-31 11:58 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2007-01-31 12:01 78336 ------w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2007-01-31 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2007-01-31 12:07 247326 ------w- c:\windows\system32\strmdll.dll
2009-08-20 12:14 . 2009-08-20 12:14 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-08-20 12:10 . 2009-08-20 12:10 0 ----a-w- c:\windows\nsreg.dat
2009-08-18 09:32 . 2009-09-17 15:48 1921400 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeheur.dll
2009-08-14 14:04 . 2009-08-14 14:04 239088 ----a-w- c:\documents and settings\Livio Mercurio\Application Data\Mozilla\plugins\npgoogletalk.dll
2007-11-09 13:10 . 2007-11-09 13:10 30288 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-11-09 13:10 . 2007-11-09 13:10 79440 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2007-11-09 13:10 . 2007-11-09 13:10 75344 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2007-11-09 13:10 . 2007-11-09 13:10 140880 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-11-09 13:10 . 2007-11-09 13:10 42576 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2007-11-09 13:10 . 2007-11-09 13:10 50768 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2007-11-09 13:10 . 2007-11-09 13:10 34384 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2007-11-09 13:11 . 2007-11-09 13:11 685648 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-11-09 13:11 . 2007-11-09 13:11 30288 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"EPSON Stylus DX5000 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE" [2006-09-22 139264]
"EPSON Stylus DX5000 Series (Copy 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE" [2006-09-22 139264]
"Google Update"="c:\documents and settings\Livio Mercurio\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-20 133104]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"aman"="c:\windows\system32\AMAN.bat" [2009-11-02 1136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NECMFK"="c:\program files\necmfk\necmfk.exe" [2001-08-23 66879]
"Backdrop"="c:\windows\System32\Bginfo.exe" [2005-09-12 741421]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2006-04-25 31232]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-02-18 1044480]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-12-05 487424]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-06-24 126976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-06-24 561152]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-19 149280]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-19 198160]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2007-08-09 319488]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
c:\documents and settings\Livio Mercurio\Start Menu\Programs\Startup\
Rainlendar.lnk - c:\program files\Rainlendar\Rainlendar.exe [2006-1-21 118784]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Post-itr Software Notes Lite.lnk - c:\program files\3M\PSN2Lite\Psn2Lite.exe [2002-4-29 520192]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-04-25 18:20 40448 ------w- c:\windows\system32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Livio Mercurio\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Livio Mercurio\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [19/10/2009 11:44 28544]
R1 Ps2LedIF;Ps2LedIF;c:\windows\system32\drivers\Ps2LedIF.sys [13/02/2008 15:15 5174]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [05/12/2007 18:42 46656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/09/2009 18:42 108289]
R2 smihlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [25/04/2006 21:00 3456]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [05/12/2007 19:17 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [05/12/2007 18:42 249856]
R3 Ps2Led;NEC Note Keyboard with One-touch start buttons;c:\windows\system32\drivers\Ps2Led.sys [13/02/2008 15:15 7456]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [22/05/2007 16:59 30336]
S2 gupdate1ca218eb54e84d8;Google Update Service (gupdate1ca218eb54e84d8);c:\program files\Google\Update\GoogleUpdate.exe [20/08/2009 15:06 133104]
S2 ONDA Autorun CDROM Monitor;ONDA Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\onda_mon.exe [20/08/2009 11:49 86016]
S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\drivers\ONDAusbmdm6k.sys [20/08/2009 11:49 104960]
S3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\system32\drivers\ONDAusbnet.sys [20/08/2009 11:49 110080]
S3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\drivers\ONDAusbnmea.sys [20/08/2009 11:49 104960]
S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\drivers\ONDAusbser6k.sys [20/08/2009 11:49 104960]
S3 PAC7302;USB 1.1 WEB CAMERA VGA;c:\windows\system32\drivers\PAC7302.SYS [09/08/2007 18:21 460672]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{12LOP3S8-1VRX-81VS-JKL6-61OP5G7774441}]
c:\kalba\MAAFENA\LAXOURY.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{AC76BA86-7AD7-1033-7B44-A80000000002}]
msiexec.exe /fu {AC76BA86-7AD7-1033-7B44-A80000000002}
.
Contents of the 'Scheduled Tasks' folder
2009-10-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 09:34]
2009-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-20 12:06]
2009-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-20 12:06]
2009-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-842925246-839522115-1005Core.job
- c:\documents and settings\Livio Mercurio\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-28 12:13]
2009-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-842925246-839522115-1005UA.job
- c:\documents and settings\Livio Mercurio\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-28 12:13]
.
.
------- Supplementary Scan -------
.
uSearch Page =
hxxp://www.google.comuStart Page =
hxxp://www.google.com/uSearch Bar =
hxxp://www.google.com/ieuDefault_Search_URL =
hxxp://www.google.com/ieuWindow Title = Internet Explorer
uInternet Connection Wizard,ShellNext =
hxxp://alicemobile.mobi/uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = 172.27.1.3:8080
uSearchAssistant =
hxxp://www.google.com/ieuSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\documents and settings\Livio Mercurio\Application Data\Mozilla\Firefox\Profiles\iwiwn4it.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.com/FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Livio Mercurio\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Livio Mercurio\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Antivirus - c:\windows\system32\Antivirus.vbs
AddRemove-IDAutomation.com Code 39 Free Font - c:\program files\IDAutomation.com
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-11-06 18:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(600)
c:\windows\system32\vrlogon.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
- - - - - - - > 'lsass.exe'(656)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
.
Completion time: 2009-11-06 18:45
ComboFix-quarantined-files.txt 2009-11-06 15:45
Pre-Run: 22,022,623,232 bytes free
Post-Run: 22,119,092,224 bytes free
- - End Of File - - 1EBC8451A5B7975AFA272565A3823DFB