ComboFix 09-12-20.08 - Hi-Tech 21/12/2009 21.34.52.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.1023.663 [GMT 1:00]
Eseguito da: c:\documents and settings\Hi-Tech\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
ADS - system32: deleted 0 bytes in 1 streams.
ADS - WINDOWS: deleted 0 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Menu Avvio\Programmi\MessengerSkinner
c:\documents and settings\All Users\Menu Avvio\Programmi\MessengerSkinner\Condizioni generali.url
c:\documents and settings\All Users\Menu Avvio\Programmi\MessengerSkinner\Disinstalla.lnk
c:\documents and settings\All Users\Menu Avvio\Programmi\MessengerSkinner\MessengerSkinner.lnk
c:\documents and settings\All Users\Menu Avvio\Programmi\MessengerSkinner\Riservatezza.url
c:\documents and settings\All Users\Menu Avvio\Programmi\MessengerSkinner\Website.url
c:\programmi\Fast Browser Search
c:\windows\system32\bgrbrcti.ini
c:\windows\system32\CIRYHRqr.ini
c:\windows\system32\CIRYHRqr.ini2
c:\windows\system32\dLmTCcdd.ini
c:\windows\system32\dLmTCcdd.ini2
c:\windows\system32\dwywdowg.ini
c:\windows\system32\ffegpoqw.ini
c:\windows\system32\gxxlbijh.ini
c:\windows\system32\KRuwwyay.ini
c:\windows\system32\KRuwwyay.ini2
c:\windows\system32\njhtuajs.ini
c:\windows\system32\pblnfoqy.ini
c:\windows\system32\pjkkfeux.ini
c:\windows\system32\tcupxcpc.ini
c:\windows\system32\wlgiexpn.ini
c:\windows\system32\wxjfylni.ini
.
((((((((((((((((((((((((( Files Creati Da 2009-11-21 al 2009-12-21 )))))))))))))))))))))))))))))))))))
.
2009-12-21 20:25 . 2009-12-21 20:25 -------- d-----w- c:\programmi\TrendMicro
2009-12-21 19:07 . 2009-12-21 19:07 -------- d-----w- C:\Download
2009-12-21 19:07 . 2009-12-21 19:07 -------- d-----w- C:\Nexon
2009-12-21 19:07 . 2009-12-21 20:21 421888 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2009-12-08 12:38 . 2009-12-08 13:22 -------- d-----w- c:\documents and settings\Hi-Tech\Impostazioni locali\Dati applicazioni\LogMeIn Hamachi
2009-12-08 12:38 . 2009-12-08 13:22 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\LogMeIn Hamachi
2009-12-06 14:43 . 2009-12-08 13:23 -------- d-----w- c:\programmi\Cheat Engine
2009-12-02 03:22 . 2009-12-02 03:22 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-11-22 19:01 . 2009-11-22 19:01 -------- d-----w- C:\users
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-21 20:48 . 2001-08-31 12:00 79688 ----a-w- c:\windows\system32\perfc010.dat
2009-12-21 20:48 . 2001-08-31 12:00 479368 ----a-w- c:\windows\system32\perfh010.dat
2009-12-21 20:47 . 2009-09-17 17:48 -------- d-----w- c:\programmi\PeerGuardian2
2009-12-21 20:25 . 2009-12-21 20:25 388096 ----a-r- c:\documents and settings\Hi-Tech\Dati applicazioni\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2009-12-21 20:20 . 2009-06-21 14:31 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-12-18 16:32 . 2009-10-04 10:10 -------- d-----w- c:\documents and settings\Hi-Tech\Dati applicazioni\vlc
2009-12-02 03:23 . 2008-07-16 16:46 -------- d-----w- c:\programmi\Google
2009-11-30 11:54 . 2008-07-16 23:55 10 -c--a-w- c:\windows\popcinfo.dat
2009-11-22 16:47 . 2008-07-14 17:53 -------- d-----w- c:\programmi\DivX
2009-11-22 13:07 . 2008-07-14 18:16 60168 -c--a-w- c:\documents and settings\Hi-Tech\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-11-08 21:57 . 2009-11-05 14:50 -------- d-----w- c:\programmi\PHPNukeIT
2009-11-05 15:57 . 2009-11-05 14:51 14 ----a-w- c:\windows\popcinfot.dat
2009-11-05 14:50 . 2009-11-05 14:50 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PopCap Games
2009-11-05 14:50 . 2009-11-05 14:50 -------- d-----w- c:\programmi\PopCap Games
2009-10-23 19:44 . 2009-10-23 19:44 152576 ----a-w- c:\documents and settings\Hi-Tech\Dati applicazioni\Sun\Java\jre1.6.0_16\lzma.dll
2009-09-23 08:41 . 2009-01-16 13:04 26176 ---ha-w- c:\windows\system32\drivers\hamachi.sys
2009-04-07 18:52 . 2009-04-07 18:52 28672 ----a-w- c:\programmi\mozilla firefox\components\GooglePlusVideosXPCOM.dll
.
------- Sigcheck -------
[-] 2008-04-14 . CE7DB8EE1C9BD8A40F84529DDC28B0D8 . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc8deab818fa7e7ffabfc43e34347907\sfcfiles.dll
[-] 2008-01-10 . 5DEF00B476192F4AE0E9515F08100443 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
"{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}"= "c:\programmi\PHPNukeIT\tbPHP1.dll" [2009-11-08 2166296]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_CLASSES_ROOT\clsid\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}]
2009-11-08 21:57 2166296 ----a-w- c:\programmi\PHPNukeIT\tbPHP1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 07:55 1090816 ----a-w- c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
"{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}"= "c:\programmi\PHPNukeIT\tbPHP1.dll" [2009-11-08 2166296]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CLASSES_ROOT\clsid\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
"{2C965F3F-8EFD-4BFC-A2C5-1672845FDBBF}"= "c:\programmi\PHPNukeIT\tbPHP1.dll" [2009-11-08 2166296]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CLASSES_ROOT\clsid\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-10 68856]
"updateMgr"="c:\programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"PeerGuardian"="c:\programmi\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NIC Monitor"="VNICMon.exe" [2002-05-30 40960]
"nwiz"="nwiz.exe" [2006-08-11 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"CnxDslTaskBar"="c:\programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe" [2005-10-30 462848]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-21 11:09 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"f:\\eMule\\emule.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Programmi\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Programmi\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Programmi\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"52282:TCP"= 52282:TCP:emule tcp
"48242:UDP"= 48242:UDP:emule udp
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [31/12/2008 10.16.52 642560]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [16/01/2009 0.21.47 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [16/01/2009 0.21.53 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [16/01/2009 0.21.24 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [16/01/2009 0.21.22 297752]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [16/07/2008 17.02.46 60288]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [16/07/2008 17.02.38 646784]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [16/07/2008 17.02.46 108675]
S2 gupdate1c9cc142479fc5a;Servizio di Google Update (gupdate1c9cc142479fc5a);c:\programmi\Google\Update\GoogleUpdate.exe [03/05/2009 18.25.21 133104]
S2 ShellHWDetection_Untrusted_BZ;Rilevamento hardware shell_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\System32\svchost.exe -k netsvcs --> c:\virtual\Untrusted\C_\WINDOWS\System32\svchost.exe [?]
S2 StiSvc_Untrusted_BZ;Acquisizione di immagini di Windows (WIA)_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\system32\svchost.exe -k imgsvc --> c:\virtual\Untrusted\C_\WINDOWS\system32\svchost.exe [?]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [31/12/2008 10.19.07 223128]
S3 VNICPKT5;VNICPKT5 Protocol Driver;c:\windows\system32\VNICPKT5.sys [14/07/2008 19.07.26 16202]
.
------- Scansione supplementare -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2102507
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Hi-Tech\Dati applicazioni\Mozilla\Firefox\Profiles\6hhzpmtv.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - prefs.js: keyword.URL - hxxp://it.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_it&p=
FF - component: c:\programmi\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\programmi\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\programmi\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\programmi\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\programmi\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\programmi\Mozilla Firefox\components\GooglePlusVideosXPCOM.dll
FF - plugin: c:\documents and settings\All Users\Dati applicazioni\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\programmi\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npzylomgamesplayer.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
URLSearchHooks-*{b8a5b62c-517f-42a5-85ae-29b5497fb15f} - (no file)
URLSearchHooks-*{cd36797a-70f3-4acd-8825-623d3b896881} - (no file)
BHO-{3A81BE3C-75D8-44B2-BEA7-8FD1CD4CEED1} - c:\windows\system32\rqRHYRIC.dll
BHO-{95DA423C-592D-4EEB-A43C-33175CCA1F0F} - c:\windows\system32\yaywwuRK.dll
BHO-{F4DA8FB7-8E2D-43E7-B042-A38AB9D1FA45} - (no file)
HKCU-Run-L08EXLRD_100517593 - c:\programmi\Microsoft Student\Microsoft Student con Encarta Premium 2008 DVD\EDICT.EXE
HKCU-Run-E08IXLRD_324175093 - c:\programmi\Microsoft Encarta\Microsoft Encarta 2008 - Premium DVD\EDICT.EXE
HKLM-Run-NWEReboot - (no file)
HKLM-Run-fc4c973f - c:\windows\system32\cpcxpuct.dll
Notify-geBqNDvw - geBqNDvw.dll
AddRemove-MsgPlus! Plugin - c:\programmi\MessengerPlus! 3\MsgPlus.exe
AddRemove-Secured Internet Explorer - c:\progra~1\SECURE~1\UNWISE.EXE
AddRemove-VIA NIC ControlSet - c:\programmi\VIA\NIC ControlSet\Uninst_VNIC.isu
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-12-21 21:44
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe >>UNKNOWN [0x8678D9C0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0x8678d9c0
\Driver\ACPI -> ACPI.sys @ 0xf76fdcb8
\Driver\atapi -> atapi.sys @ 0xf76942f0
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0094
ParseProcedure -> ntoskrnl.exe @ 0x8056f08e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0094
ParseProcedure -> ntoskrnl.exe @ 0x8056f08e
NDIS: VIA VT6105M Rhine III Management Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf759bba0
PacketIndicateHandler -> NDIS.sys @ 0xf758aa0b
SendHandler -> NDIS.sys @ 0xf759eb31
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{3DA165B6-CC41-11d2-BDC6-00C04F79EC6B}\ProgID]
@Denied: (A) (Everyone)
"VRegSpecialValueName"=dword:00000000
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{3DA165B6-CC41-11d2-BDC6-00C04F79EC6B}\Version]
@Denied: (A) (Everyone)
"VRegSpecialValueName"=dword:00000000
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"VRegSpecialValueName"=dword:00000000
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"VRegSpecialValueName"=dword:00000000
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"VRegSpecialValueName"=dword:00000000
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"VRegSpecialValueName"=dword:00000000
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"VRegSpecialValueName"=dword:00000000
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{8D8763AB-E93B-4812-964E-F04E0008FD50}\Version]
@Denied: (A) (Everyone)
"VRegSpecialValueName"=dword:00000000
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"VRegSpecialValueName"=dword:00000000
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"VRegSpecialValueName"=dword:00000000
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Control]
"VRegSpecialValueName"=dword:00000000
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\EnableFullPage]
"VRegSpecialValueName"=dword:00000000
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Implemented Categories]
"VRegSpecialValueName"=dword:00000000
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\InprocServer32]
"VRegSpecialValueName"=dword:000000aa
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\MiscStatus]
"VRegSpecialValueName"=dword:000000aa
@="0"
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ProgID]
"VRegSpecialValueName"=dword:00000000
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Programmable]
"VRegSpecialValueName"=dword:00000000
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ToolboxBitmap32]
"VRegSpecialValueName"=dword:00000000
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\TypeLib]
"VRegSpecialValueName"=dword:00000000
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Version]
"VRegSpecialValueName"=dword:00000000
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\VersionIndependentProgID]
"VRegSpecialValueName"=dword:00000000
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Control]
"VRegSpecialValueName"=dword:00000000
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
"VRegSpecialValueName"=dword:00000000
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
"VRegSpecialValueName"=dword:00000000
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Programmable]
"VRegSpecialValueName"=dword:00000000
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
"VRegSpecialValueName"=dword:00000000
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
"VRegSpecialValueName"=dword:00000000
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
"VRegSpecialValueName"=dword:00000000
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
"VRegSpecialValueName"=dword:00000000
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"VRegSpecialValueName"=dword:00000000
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
"VRegSpecialValueName"=dword:00000000
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
"VRegSpecialValueName"=dword:00000000
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"VRegSpecialValueName"=dword:00000000
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"VRegSpecialValueName"=dword:00000000
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"VRegSpecialValueName"=dword:00000000
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"VRegSpecialValueName"=dword:00000000
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"VRegSpecialValueName"=dword:00000000
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
"VRegSpecialValueName"=dword:000000aa
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
"VRegSpecialValueName"=dword:000000aa
@="Shockwave Flash"
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\ControlSet001\Hardware Profiles\Current]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\CurrentControlSet]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\USER\LocalSystem]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'explorer.exe'(2788)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\documents and settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S30RP1.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\programmi\Canon\CAL\CALMAIN.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\programmi\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\VNICMon.exe
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Ora fine scansione: 2009-12-21 21:53:13 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-12-21 20:53
Pre-Run: 9.472.487.424 byte disponibili
Post-Run: 9.460.232.192 byte disponibili
- - End Of File - - E0A9D0952BFDC09DEA27CF7FD1682C1C