API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 12th, 2014
298
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 18.92 KB | None | 0 0
raw download clone embed print report
  1. ComboFix 14-11-11.01 - turiano 12/11/2014 9.01.57.16.2 - FAT32x86
  2. Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2039.1323 [GMT 1:00]
  3. Eseguito da: c:\documents and settings\turiano\Documenti\Download\ComboFix_13-10-21.01.exe
  4. AV: Symantec Endpoint Protection *Enabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}
  5. FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
  6. * Creato nuovo punto di ripristino
  7. .
  8. .
  9. ((((((((((((((((((((((((( Files Creati Da 2014-10-12 al 2014-11-12 )))))))))))))))))))))))))))))))))))
  10. .
  11. .
  12. 2014-10-16 14:36 . 2014-09-26 17:42 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
  13. .
  14. .
  15. .
  16. (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
  17. .
  18. 2014-09-26 17:16 . 2013-03-14 07:59 145408 ----a-w- c:\windows\system32\javacpl.cpl
  19. 2014-09-24 10:52 . 2013-03-11 16:20 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
  20. 2014-09-24 10:52 . 2011-05-23 07:26 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
  21. .
  22. .
  23. ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
  24. .
  25. .
  26. *Nota* i valori vuoti & legittimi/default non sono visualizzati.
  27. REGEDIT4
  28. .
  29. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
  30. @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
  31. [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
  32. 2013-09-10 23:54 131248 ----a-w- c:\documents and settings\turiano\Dati applicazioni\Dropbox\bin\DropboxExt.22.dll
  33. .
  34. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
  35. @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
  36. [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
  37. 2013-09-10 23:54 131248 ----a-w- c:\documents and settings\turiano\Dati applicazioni\Dropbox\bin\DropboxExt.22.dll
  38. .
  39. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
  40. @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
  41. [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
  42. 2013-09-10 23:54 131248 ----a-w- c:\documents and settings\turiano\Dati applicazioni\Dropbox\bin\DropboxExt.22.dll
  43. .
  44. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
  45. @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
  46. [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
  47. 2013-09-10 23:54 131248 ----a-w- c:\documents and settings\turiano\Dati applicazioni\Dropbox\bin\DropboxExt.22.dll
  48. .
  49. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  50. "Akamai NetSession Interface"="c:\documents and settings\turiano\Impostazioni locali\Dati applicazioni\Akamai\netsession_win.exe" [2014-04-17 4672920]
  51. "SandboxieControl"="c:\programmi\Sandboxie\SbieCtrl.exe" [2013-07-08 543320]
  52. "CCleaner Monitoring"="c:\programmi\CCleaner\CCleaner.exe" [2014-10-30 4826904]
  53. .
  54. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  55. "LaunchApp"="Alaunch" [X]
  56. "Collegamento alla pagina delle proprietà di High Definition Audio"="HDAShCut.exe" [2005-01-07 61952]
  57. "RTHDCPL"="RTHDCPL.EXE" [2005-03-23 14202368]
  58. "MPS"="c:\acer\PSM.EXE" [2004-03-04 372736]
  59. "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-19 208952]
  60. "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-19 59392]
  61. "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
  62. "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
  63. "eRecoveryService"="c:\windows\System32\Check.exe" [2005-03-23 245760]
  64. "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-04 94208]
  65. "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-04 77824]
  66. "Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-04 114688]
  67. "QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2010-02-15 417792]
  68. "Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
  69. "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-13 143872]
  70. "SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2014-09-26 271744]
  71. .
  72. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
  73. "PPBlackJack"="Command.com" [2004-08-19 52669]
  74. .
  75. [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  76. "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
  77. .
  78. c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
  79. Windows Search.lnk - c:\programmi\Windows Desktop Search\WindowsSearch.exe /startup [2008-5-26 123904]
  80. .
  81. [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
  82. "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
  83. "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
  84. .
  85. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
  86. 2009-09-03 23:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.DLL
  87. .
  88. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
  89. @=""
  90. .
  91. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
  92. @=""
  93. .
  94. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
  95. @=""
  96. .
  97. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
  98. @=""
  99. .
  100. [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma Loader.lnk]
  101. path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma Loader.lnk
  102. backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
  103. .
  104. [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Microsoft Office.lnk]
  105. path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Microsoft Office.lnk
  106. backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
  107. .
  108. [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Post-it® Software Notes Lite.lnk]
  109. path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Post-it® Software Notes Lite.lnk
  110. backup=c:\windows\pss\Post-it® Software Notes Lite.lnkCommon Startup
  111. .
  112. [HKLM\~\startupfolder\C:^Documents and Settings^turiano^Menu Avvio^Programmi^Esecuzione automatica^Dropbox.lnk]
  113. path=c:\documents and settings\turiano\Menu Avvio\Programmi\Esecuzione automatica\Dropbox.lnk
  114. backup=c:\windows\pss\Dropbox.lnkStartup
  115. .
  116. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
  117. 2013-02-13 03:37 1263952 ----a-w- c:\programmi\DivX\DivX Update\DivXUpdate.exe
  118. .
  119. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
  120. 2006-03-22 23:13 1591808 ----a-w- c:\programmi\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
  121. .
  122. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
  123. 2004-04-23 10:00 192512 ----a-w- c:\programmi\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
  124. .
  125. [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
  126. "DisableMonitoring"=dword:00000001
  127. .
  128. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  129. "%windir%\\system32\\sessmgr.exe"=
  130. "c:\\WINDOWS\\System32\\spool\\drivers\\W32X86\\3\\SAGENT4.EXE"=
  131. "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
  132. "c:\\Documents and Settings\\Turiano\\Dati applicazioni\\Dropbox\\bin\\Dropbox.exe"=
  133. "c:\\Documents and Settings\\Turiano\\Impostazioni locali\\Dati applicazioni\\Akamai\\netsession_win.exe"=
  134. .
  135. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
  136. "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
  137. "2278:TCP"= 2278:TCP:Akamai NetSession Interface
  138. "5000:UDP"= 5000:UDP:Akamai NetSession Interface
  139. .
  140. R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\SymDS.sys [31/10/2011 12.00.44 340088]
  141. R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\SymEFA.sys [31/10/2011 12.00.44 758904]
  142. R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Dati applicazioni\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20141107.011\BHDrvx86.sys [11/11/2014 10.20.17 1137368]
  143. R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 20.25.48 12872]
  144. R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 20.41.30 67656]
  145. R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\Ironx86.sys [31/10/2011 12.00.44 137336]
  146. R2 DraftSight API Service;DraftSight API Service;c:\programmi\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [13/03/2014 22.45.28 86016]
  147. R2 DSCameraControlWinService;DSCameraControlWinService;c:\programmi\IDS\uEye\OtherDrivers\DirectShow\32\DSCameraControl.exe [20/12/2011 10.20.26 88064]
  148. R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\programmi\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [26/07/2013 6.48.28 196624]
  149. R2 SepMasterService;Symantec Endpoint Protection;c:\programmi\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe [31/10/2011 12.00.40 137224]
  150. R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [14/12/2011 3.09.57 109872]
  151. R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Dati applicazioni\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20141108.001\IDSXpx86.sys [11/11/2014 10.20.19 383120]
  152. R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29/09/2009 8.11.22 12160]
  153. R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29/09/2009 8.11.20 10496]
  154. R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29/09/2009 8.11.20 12928]
  155. R3 RTL8192cu;300Mbps Wireless USB Adapter;c:\windows\system32\drivers\RTL8192cu.sys [22/04/2013 17.02.17 1076968]
  156. R3 ueyeeth;ueyeeth;c:\windows\system32\drivers\ueye_Eth.sys [20/12/2011 10.19.55 8933624]
  157. S0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [04/11/2013 12.26.34 14776]
  158. S1 MpKsl1437e58f;MpKsl1437e58f;\??\c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{829C4797-094D-4DB4-AB5B-AE2B9B57344D}\MpKsl1437e58f.sys --> c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{829C4797-094D-4DB4-AB5B-AE2B9B57344D}\MpKsl1437e58f.sys [?]
  159. S1 MpKsl526ae741;MpKsl526ae741;\??\c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{3845F2CB-EDAF-4D7B-83D8-8F097392169E}\MpKsl526ae741.sys --> c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{3845F2CB-EDAF-4D7B-83D8-8F097392169E}\MpKsl526ae741.sys [?]
  160. S1 MpKsl8c164172;MpKsl8c164172;\??\c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{0B6E494E-78AF-46E7-A76A-4168E70B293A}\MpKsl8c164172.sys --> c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{0B6E494E-78AF-46E7-A76A-4168E70B293A}\MpKsl8c164172.sys [?]
  161. S1 MpKslede504da;MpKslede504da;\??\c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{CCEB96F7-24BF-4D46-AD25-3C7B4EFE6F9F}\MpKslede504da.sys --> c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{CCEB96F7-24BF-4D46-AD25-3C7B4EFE6F9F}\MpKslede504da.sys [?]
  162. S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [02/03/2012 16.02.00 14336]
  163. S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [02/03/2012 16.02.00 20736]
  164. S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [02/03/2012 16.02.00 20096]
  165. S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [02/03/2012 16.02.00 25088]
  166. S3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys --> c:\windows\system32\Drivers\lgandnetadb.sys [?]
  167. S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [20/12/2013 16.16.09 31312]
  168. S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [02/11/2009 15.46.52 16512]
  169. S3 CMIUSB;Motic New MC Camera;c:\windows\system32\drivers\MC1001200130012001B\cmiusb.sys [06/10/2008 9.46.24 10373]
  170. S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [20/12/2013 16.16.09 13440]
  171. S3 PortRW;PortRW;c:\windows\system32\drivers\PortRW.sys [24/04/2005 7.50.41 3456]
  172. S3 ueye;IDS uEye Kernel Driver;c:\windows\system32\drivers\uEye_usb.sys [20/12/2011 10.19.55 8198392]
  173. S3 ueye_boot;IDS uEye boot driver;c:\windows\system32\drivers\ueye_boot.sys [20/12/2011 10.19.55 8169720]
  174. S3 uEye_Eth;Gigabit Ethernet uEye Service;c:\windows\system32\drivers\ueye_Eth.sys [20/12/2011 10.19.55 8933624]
  175. S4 Adpdrsy;Adpdrsy; [x]
  176. .
  177. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
  178. HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
  179. .
  180. [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
  181. 2014-10-28 09:11 1089352 ----a-w- c:\programmi\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
  182. .
  183. Contenuto della cartella 'Scheduled Tasks'
  184. .
  185. 2008-09-19 c:\windows\Tasks\backup prova.job
  186. - c:\windows\system32\ntbackup.exe [2005-04-24 18:14]
  187. .
  188. 2014-10-23 c:\windows\Tasks\AppleSoftwareUpdate.job
  189. - c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
  190. .
  191. 2014-11-12 c:\windows\Tasks\Adobe Flash Player Updater.job
  192. - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-11 10:52]
  193. .
  194. 2014-11-12 c:\windows\Tasks\SmartDefragUpdate.job
  195. - c:\programmi\IObit\Smart Defrag 2\AutoUpdate.exe [2013-11-04 17:49]
  196. .
  197. 2014-11-12 c:\windows\Tasks\SmartDefrag_Startup.job
  198. - c:\programmi\IObit\Smart Defrag 2\SmartDefrag.exe [2013-11-04 17:23]
  199. .
  200. 2014-10-08 c:\windows\Tasks\Notifica di interruzione del servizio per Microsoft Windows XP - Mensile.job
  201. - c:\windows\system32\xp_eos.exe [2014-07-22 00:28]
  202. .
  203. 2014-11-12 c:\windows\Tasks\Notifica di interruzione del servizio per Microsoft Windows XP - Accesso.job
  204. - c:\windows\system32\xp_eos.exe [2014-07-22 00:28]
  205. .
  206. 2014-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  207. - c:\programmi\Google\Update\GoogleUpdate.exe [2013-11-27 12:31]
  208. .
  209. 2014-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  210. - c:\programmi\Google\Update\GoogleUpdate.exe [2013-11-27 12:31]
  211. .
  212. .
  213. ------- Scansione supplementare -------
  214. .
  215. uStart Page = hxxp://companyweb
  216. uInternet Connection Wizard,ShellNext = iexplore
  217. uInternet Settings,ProxyOverride = ;localhost:5050;<local>
  218. IE: Converti destinazione link in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
  219. IE: Converti i link selezionati in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
  220. IE: Converti i link selezionati in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
  221. IE: Converti nel file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
  222. IE: Converti selezione in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
  223. IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
  224. TCP: DhcpNameServer = 192.168.1.253
  225. DPF: {22CF0C35-80CE-11D3-9354-00105AA793BF} - file://c:\documents and settings\Turiano\Impostazioni locali\temp\Assieme Fotometro-00003\IpaWebView.cab
  226. .
  227. .
  228. ------- Associazioni dei file -------
  229. .
  230. .scr=AutoCADScriptFile
  231. .
  232. .
  233. **************************************************************************
  234. .
  235. catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  236. Rootkit scan 2014-11-12 09:08
  237. Windows 5.1.2600 Service Pack 3 FAT NTAPI
  238. .
  239. scansione processi nascosti ...
  240. .
  241. scansione entrate autostart nascoste ...
  242. .
  243. Scansione files nascosti ...
  244. .
  245. Scansione completata con successo
  246. Files nascosti: 0
  247. .
  248. **************************************************************************
  249. .
  250. [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SepMasterService]
  251. "ImagePath"="\"c:\programmi\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\programmi\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\sms.dll\" /prefetch:1"
  252. --
  253. .
  254. [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SmcService]
  255. "ImagePath"="\"c:\programmi\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe\" /prefetch:1"
  256. .
  257. --------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
  258. .
  259. [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
  260. @Denied: (A 2) (Everyone)
  261. @="FlashBroker"
  262. "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
  263. .
  264. [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
  265. "Enabled"=dword:00000001
  266. .
  267. [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
  268. @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
  269. .
  270. [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
  271. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  272. .
  273. [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
  274. @Denied: (A 2) (Everyone)
  275. @="IFlashBroker6"
  276. .
  277. [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
  278. @="{00020424-0000-0000-C000-000000000046}"
  279. .
  280. [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
  281. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  282. "Version"="1.0"
  283. .
  284. [HKEY_LOCAL_MACHINE\software\Symantec\Symantec Endpoint Protection\CurrentVersion]
  285. "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  286. 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
  287. .
  288. --------------------- Dlls caricate dai processi in esecuzione ---------------------
  289. .
  290. - - - - - - - > 'winlogon.exe'(204)
  291. c:\programmi\SUPERAntiSpyware\SASWINLO.DLL
  292. c:\windows\system32\WININET.dll
  293. .
  294. Ora fine scansione: 2014-11-12 09:11:29
  295. ComboFix-quarantined-files.txt 2014-11-12 08:11
  296. ComboFix2.txt 2014-10-31 14:07
  297. ComboFix3.txt 2014-10-23 17:41
  298. ComboFix4.txt 2014-09-15 17:18
  299. ComboFix5.txt 2014-11-12 08:00
  300. .
  301. Pre-Run: 4.913.299.456 byte disponibili
  302. Post-Run: 4.902.977.536 byte disponibili
  303. .
  304. - - End Of File - - 2EED89F93D92CD8C1AE87A50B152459E
  305. 67D07FA51DCD5A4397248F397BB779AE
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!