Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ComboFix 14-11-11.01 - turiano 12/11/2014 9.01.57.16.2 - FAT32x86
- Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2039.1323 [GMT 1:00]
- Eseguito da: c:\documents and settings\turiano\Documenti\Download\ComboFix_13-10-21.01.exe
- AV: Symantec Endpoint Protection *Enabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}
- FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
- * Creato nuovo punto di ripristino
- .
- .
- ((((((((((((((((((((((((( Files Creati Da 2014-10-12 al 2014-11-12 )))))))))))))))))))))))))))))))))))
- .
- .
- 2014-10-16 14:36 . 2014-09-26 17:42 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
- .
- .
- .
- (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
- .
- 2014-09-26 17:16 . 2013-03-14 07:59 145408 ----a-w- c:\windows\system32\javacpl.cpl
- 2014-09-24 10:52 . 2013-03-11 16:20 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
- 2014-09-24 10:52 . 2011-05-23 07:26 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
- .
- .
- ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
- .
- .
- *Nota* i valori vuoti & legittimi/default non sono visualizzati.
- REGEDIT4
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
- @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
- [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
- 2013-09-10 23:54 131248 ----a-w- c:\documents and settings\turiano\Dati applicazioni\Dropbox\bin\DropboxExt.22.dll
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
- @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
- [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
- 2013-09-10 23:54 131248 ----a-w- c:\documents and settings\turiano\Dati applicazioni\Dropbox\bin\DropboxExt.22.dll
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
- @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
- [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
- 2013-09-10 23:54 131248 ----a-w- c:\documents and settings\turiano\Dati applicazioni\Dropbox\bin\DropboxExt.22.dll
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
- @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
- [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
- 2013-09-10 23:54 131248 ----a-w- c:\documents and settings\turiano\Dati applicazioni\Dropbox\bin\DropboxExt.22.dll
- .
- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "Akamai NetSession Interface"="c:\documents and settings\turiano\Impostazioni locali\Dati applicazioni\Akamai\netsession_win.exe" [2014-04-17 4672920]
- "SandboxieControl"="c:\programmi\Sandboxie\SbieCtrl.exe" [2013-07-08 543320]
- "CCleaner Monitoring"="c:\programmi\CCleaner\CCleaner.exe" [2014-10-30 4826904]
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "LaunchApp"="Alaunch" [X]
- "Collegamento alla pagina delle proprietà di High Definition Audio"="HDAShCut.exe" [2005-01-07 61952]
- "RTHDCPL"="RTHDCPL.EXE" [2005-03-23 14202368]
- "MPS"="c:\acer\PSM.EXE" [2004-03-04 372736]
- "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-19 208952]
- "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-19 59392]
- "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
- "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
- "eRecoveryService"="c:\windows\System32\Check.exe" [2005-03-23 245760]
- "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-04 94208]
- "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-04 77824]
- "Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-04 114688]
- "QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2010-02-15 417792]
- "Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
- "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-13 143872]
- "SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2014-09-26 271744]
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
- "PPBlackJack"="Command.com" [2004-08-19 52669]
- .
- [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
- "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
- .
- c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
- Windows Search.lnk - c:\programmi\Windows Desktop Search\WindowsSearch.exe /startup [2008-5-26 123904]
- .
- [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
- "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
- "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
- 2009-09-03 23:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.DLL
- .
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
- @=""
- .
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
- @=""
- .
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
- @=""
- .
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
- @=""
- .
- [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma Loader.lnk]
- path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma Loader.lnk
- backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
- .
- [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Microsoft Office.lnk]
- path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Microsoft Office.lnk
- backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
- .
- [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Post-it® Software Notes Lite.lnk]
- path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Post-it® Software Notes Lite.lnk
- backup=c:\windows\pss\Post-it® Software Notes Lite.lnkCommon Startup
- .
- [HKLM\~\startupfolder\C:^Documents and Settings^turiano^Menu Avvio^Programmi^Esecuzione automatica^Dropbox.lnk]
- path=c:\documents and settings\turiano\Menu Avvio\Programmi\Esecuzione automatica\Dropbox.lnk
- backup=c:\windows\pss\Dropbox.lnkStartup
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
- 2013-02-13 03:37 1263952 ----a-w- c:\programmi\DivX\DivX Update\DivXUpdate.exe
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
- 2006-03-22 23:13 1591808 ----a-w- c:\programmi\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
- 2004-04-23 10:00 192512 ----a-w- c:\programmi\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
- "DisableMonitoring"=dword:00000001
- .
- [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
- "%windir%\\system32\\sessmgr.exe"=
- "c:\\WINDOWS\\System32\\spool\\drivers\\W32X86\\3\\SAGENT4.EXE"=
- "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
- "c:\\Documents and Settings\\Turiano\\Dati applicazioni\\Dropbox\\bin\\Dropbox.exe"=
- "c:\\Documents and Settings\\Turiano\\Impostazioni locali\\Dati applicazioni\\Akamai\\netsession_win.exe"=
- .
- [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
- "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
- "2278:TCP"= 2278:TCP:Akamai NetSession Interface
- "5000:UDP"= 5000:UDP:Akamai NetSession Interface
- .
- R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\SymDS.sys [31/10/2011 12.00.44 340088]
- R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\SymEFA.sys [31/10/2011 12.00.44 758904]
- R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Dati applicazioni\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20141107.011\BHDrvx86.sys [11/11/2014 10.20.17 1137368]
- R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 20.25.48 12872]
- R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 20.41.30 67656]
- R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\Ironx86.sys [31/10/2011 12.00.44 137336]
- R2 DraftSight API Service;DraftSight API Service;c:\programmi\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [13/03/2014 22.45.28 86016]
- R2 DSCameraControlWinService;DSCameraControlWinService;c:\programmi\IDS\uEye\OtherDrivers\DirectShow\32\DSCameraControl.exe [20/12/2011 10.20.26 88064]
- R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\programmi\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [26/07/2013 6.48.28 196624]
- R2 SepMasterService;Symantec Endpoint Protection;c:\programmi\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe [31/10/2011 12.00.40 137224]
- R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [14/12/2011 3.09.57 109872]
- R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Dati applicazioni\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20141108.001\IDSXpx86.sys [11/11/2014 10.20.19 383120]
- R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29/09/2009 8.11.22 12160]
- R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29/09/2009 8.11.20 10496]
- R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29/09/2009 8.11.20 12928]
- R3 RTL8192cu;300Mbps Wireless USB Adapter;c:\windows\system32\drivers\RTL8192cu.sys [22/04/2013 17.02.17 1076968]
- R3 ueyeeth;ueyeeth;c:\windows\system32\drivers\ueye_Eth.sys [20/12/2011 10.19.55 8933624]
- S0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [04/11/2013 12.26.34 14776]
- S1 MpKsl1437e58f;MpKsl1437e58f;\??\c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{829C4797-094D-4DB4-AB5B-AE2B9B57344D}\MpKsl1437e58f.sys --> c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{829C4797-094D-4DB4-AB5B-AE2B9B57344D}\MpKsl1437e58f.sys [?]
- S1 MpKsl526ae741;MpKsl526ae741;\??\c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{3845F2CB-EDAF-4D7B-83D8-8F097392169E}\MpKsl526ae741.sys --> c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{3845F2CB-EDAF-4D7B-83D8-8F097392169E}\MpKsl526ae741.sys [?]
- S1 MpKsl8c164172;MpKsl8c164172;\??\c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{0B6E494E-78AF-46E7-A76A-4168E70B293A}\MpKsl8c164172.sys --> c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{0B6E494E-78AF-46E7-A76A-4168E70B293A}\MpKsl8c164172.sys [?]
- S1 MpKslede504da;MpKslede504da;\??\c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{CCEB96F7-24BF-4D46-AD25-3C7B4EFE6F9F}\MpKslede504da.sys --> c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{CCEB96F7-24BF-4D46-AD25-3C7B4EFE6F9F}\MpKslede504da.sys [?]
- S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [02/03/2012 16.02.00 14336]
- S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [02/03/2012 16.02.00 20736]
- S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [02/03/2012 16.02.00 20096]
- S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [02/03/2012 16.02.00 25088]
- S3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys --> c:\windows\system32\Drivers\lgandnetadb.sys [?]
- S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [20/12/2013 16.16.09 31312]
- S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [02/11/2009 15.46.52 16512]
- S3 CMIUSB;Motic New MC Camera;c:\windows\system32\drivers\MC1001200130012001B\cmiusb.sys [06/10/2008 9.46.24 10373]
- S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [20/12/2013 16.16.09 13440]
- S3 PortRW;PortRW;c:\windows\system32\drivers\PortRW.sys [24/04/2005 7.50.41 3456]
- S3 ueye;IDS uEye Kernel Driver;c:\windows\system32\drivers\uEye_usb.sys [20/12/2011 10.19.55 8198392]
- S3 ueye_boot;IDS uEye boot driver;c:\windows\system32\drivers\ueye_boot.sys [20/12/2011 10.19.55 8169720]
- S3 uEye_Eth;Gigabit Ethernet uEye Service;c:\windows\system32\drivers\ueye_Eth.sys [20/12/2011 10.19.55 8933624]
- S4 Adpdrsy;Adpdrsy; [x]
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
- HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
- 2014-10-28 09:11 1089352 ----a-w- c:\programmi\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
- .
- Contenuto della cartella 'Scheduled Tasks'
- .
- 2008-09-19 c:\windows\Tasks\backup prova.job
- - c:\windows\system32\ntbackup.exe [2005-04-24 18:14]
- .
- 2014-10-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- - c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
- .
- 2014-11-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-11 10:52]
- .
- 2014-11-12 c:\windows\Tasks\SmartDefragUpdate.job
- - c:\programmi\IObit\Smart Defrag 2\AutoUpdate.exe [2013-11-04 17:49]
- .
- 2014-11-12 c:\windows\Tasks\SmartDefrag_Startup.job
- - c:\programmi\IObit\Smart Defrag 2\SmartDefrag.exe [2013-11-04 17:23]
- .
- 2014-10-08 c:\windows\Tasks\Notifica di interruzione del servizio per Microsoft Windows XP - Mensile.job
- - c:\windows\system32\xp_eos.exe [2014-07-22 00:28]
- .
- 2014-11-12 c:\windows\Tasks\Notifica di interruzione del servizio per Microsoft Windows XP - Accesso.job
- - c:\windows\system32\xp_eos.exe [2014-07-22 00:28]
- .
- 2014-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- - c:\programmi\Google\Update\GoogleUpdate.exe [2013-11-27 12:31]
- .
- 2014-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- - c:\programmi\Google\Update\GoogleUpdate.exe [2013-11-27 12:31]
- .
- .
- ------- Scansione supplementare -------
- .
- uStart Page = hxxp://companyweb
- uInternet Connection Wizard,ShellNext = iexplore
- uInternet Settings,ProxyOverride = ;localhost:5050;<local>
- IE: Converti destinazione link in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
- IE: Converti i link selezionati in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
- IE: Converti i link selezionati in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
- IE: Converti nel file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
- IE: Converti selezione in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
- IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
- TCP: DhcpNameServer = 192.168.1.253
- DPF: {22CF0C35-80CE-11D3-9354-00105AA793BF} - file://c:\documents and settings\Turiano\Impostazioni locali\temp\Assieme Fotometro-00003\IpaWebView.cab
- .
- .
- ------- Associazioni dei file -------
- .
- .scr=AutoCADScriptFile
- .
- .
- **************************************************************************
- .
- catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
- Rootkit scan 2014-11-12 09:08
- Windows 5.1.2600 Service Pack 3 FAT NTAPI
- .
- scansione processi nascosti ...
- .
- scansione entrate autostart nascoste ...
- .
- Scansione files nascosti ...
- .
- Scansione completata con successo
- Files nascosti: 0
- .
- **************************************************************************
- .
- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SepMasterService]
- "ImagePath"="\"c:\programmi\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\programmi\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\sms.dll\" /prefetch:1"
- --
- .
- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SmcService]
- "ImagePath"="\"c:\programmi\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe\" /prefetch:1"
- .
- --------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
- .
- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
- @Denied: (A 2) (Everyone)
- @="FlashBroker"
- "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
- .
- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
- "Enabled"=dword:00000001
- .
- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
- @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
- .
- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
- @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
- .
- [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
- @Denied: (A 2) (Everyone)
- @="IFlashBroker6"
- .
- [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
- @="{00020424-0000-0000-C000-000000000046}"
- .
- [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
- @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
- "Version"="1.0"
- .
- [HKEY_LOCAL_MACHINE\software\Symantec\Symantec Endpoint Protection\CurrentVersion]
- "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
- 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
- .
- --------------------- Dlls caricate dai processi in esecuzione ---------------------
- .
- - - - - - - - > 'winlogon.exe'(204)
- c:\programmi\SUPERAntiSpyware\SASWINLO.DLL
- c:\windows\system32\WININET.dll
- .
- Ora fine scansione: 2014-11-12 09:11:29
- ComboFix-quarantined-files.txt 2014-11-12 08:11
- ComboFix2.txt 2014-10-31 14:07
- ComboFix3.txt 2014-10-23 17:41
- ComboFix4.txt 2014-09-15 17:18
- ComboFix5.txt 2014-11-12 08:00
- .
- Pre-Run: 4.913.299.456 byte disponibili
- Post-Run: 4.902.977.536 byte disponibili
- .
- - - End Of File - - 2EED89F93D92CD8C1AE87A50B152459E
- 67D07FA51DCD5A4397248F397BB779AE
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement