Guest User

Untitled

a guest
Nov 12th, 2014
263
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ComboFix 14-11-11.01 - turiano 12/11/2014 9.01.57.16.2 - FAT32x86
  2. Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2039.1323 [GMT 1:00]
  3. Eseguito da: c:\documents and settings\turiano\Documenti\Download\ComboFix_13-10-21.01.exe
  4. AV: Symantec Endpoint Protection *Enabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}
  5. FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
  6. * Creato nuovo punto di ripristino
  7. .
  8. .
  9. ((((((((((((((((((((((((( Files Creati Da 2014-10-12 al 2014-11-12 )))))))))))))))))))))))))))))))))))
  10. .
  11. .
  12. 2014-10-16 14:36 . 2014-09-26 17:42 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
  13. .
  14. .
  15. .
  16. (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
  17. .
  18. 2014-09-26 17:16 . 2013-03-14 07:59 145408 ----a-w- c:\windows\system32\javacpl.cpl
  19. 2014-09-24 10:52 . 2013-03-11 16:20 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
  20. 2014-09-24 10:52 . 2011-05-23 07:26 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
  21. .
  22. .
  23. ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
  24. .
  25. .
  26. *Nota* i valori vuoti & legittimi/default non sono visualizzati.
  27. REGEDIT4
  28. .
  29. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
  30. @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
  31. [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
  32. 2013-09-10 23:54 131248 ----a-w- c:\documents and settings\turiano\Dati applicazioni\Dropbox\bin\DropboxExt.22.dll
  33. .
  34. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
  35. @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
  36. [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
  37. 2013-09-10 23:54 131248 ----a-w- c:\documents and settings\turiano\Dati applicazioni\Dropbox\bin\DropboxExt.22.dll
  38. .
  39. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
  40. @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
  41. [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
  42. 2013-09-10 23:54 131248 ----a-w- c:\documents and settings\turiano\Dati applicazioni\Dropbox\bin\DropboxExt.22.dll
  43. .
  44. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
  45. @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
  46. [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
  47. 2013-09-10 23:54 131248 ----a-w- c:\documents and settings\turiano\Dati applicazioni\Dropbox\bin\DropboxExt.22.dll
  48. .
  49. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  50. "Akamai NetSession Interface"="c:\documents and settings\turiano\Impostazioni locali\Dati applicazioni\Akamai\netsession_win.exe" [2014-04-17 4672920]
  51. "SandboxieControl"="c:\programmi\Sandboxie\SbieCtrl.exe" [2013-07-08 543320]
  52. "CCleaner Monitoring"="c:\programmi\CCleaner\CCleaner.exe" [2014-10-30 4826904]
  53. .
  54. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  55. "LaunchApp"="Alaunch" [X]
  56. "Collegamento alla pagina delle proprietà di High Definition Audio"="HDAShCut.exe" [2005-01-07 61952]
  57. "RTHDCPL"="RTHDCPL.EXE" [2005-03-23 14202368]
  58. "MPS"="c:\acer\PSM.EXE" [2004-03-04 372736]
  59. "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-19 208952]
  60. "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-19 59392]
  61. "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
  62. "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
  63. "eRecoveryService"="c:\windows\System32\Check.exe" [2005-03-23 245760]
  64. "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-04 94208]
  65. "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-04 77824]
  66. "Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-04 114688]
  67. "QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2010-02-15 417792]
  68. "Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
  69. "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-13 143872]
  70. "SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2014-09-26 271744]
  71. .
  72. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
  73. "PPBlackJack"="Command.com" [2004-08-19 52669]
  74. .
  75. [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  76. "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
  77. .
  78. c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
  79. Windows Search.lnk - c:\programmi\Windows Desktop Search\WindowsSearch.exe /startup [2008-5-26 123904]
  80. .
  81. [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
  82. "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
  83. "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
  84. .
  85. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
  86. 2009-09-03 23:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.DLL
  87. .
  88. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
  89. @=""
  90. .
  91. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
  92. @=""
  93. .
  94. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
  95. @=""
  96. .
  97. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
  98. @=""
  99. .
  100. [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma Loader.lnk]
  101. path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma Loader.lnk
  102. backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
  103. .
  104. [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Microsoft Office.lnk]
  105. path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Microsoft Office.lnk
  106. backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
  107. .
  108. [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Post-it® Software Notes Lite.lnk]
  109. path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Post-it® Software Notes Lite.lnk
  110. backup=c:\windows\pss\Post-it® Software Notes Lite.lnkCommon Startup
  111. .
  112. [HKLM\~\startupfolder\C:^Documents and Settings^turiano^Menu Avvio^Programmi^Esecuzione automatica^Dropbox.lnk]
  113. path=c:\documents and settings\turiano\Menu Avvio\Programmi\Esecuzione automatica\Dropbox.lnk
  114. backup=c:\windows\pss\Dropbox.lnkStartup
  115. .
  116. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
  117. 2013-02-13 03:37 1263952 ----a-w- c:\programmi\DivX\DivX Update\DivXUpdate.exe
  118. .
  119. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
  120. 2006-03-22 23:13 1591808 ----a-w- c:\programmi\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
  121. .
  122. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
  123. 2004-04-23 10:00 192512 ----a-w- c:\programmi\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
  124. .
  125. [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
  126. "DisableMonitoring"=dword:00000001
  127. .
  128. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  129. "%windir%\\system32\\sessmgr.exe"=
  130. "c:\\WINDOWS\\System32\\spool\\drivers\\W32X86\\3\\SAGENT4.EXE"=
  131. "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
  132. "c:\\Documents and Settings\\Turiano\\Dati applicazioni\\Dropbox\\bin\\Dropbox.exe"=
  133. "c:\\Documents and Settings\\Turiano\\Impostazioni locali\\Dati applicazioni\\Akamai\\netsession_win.exe"=
  134. .
  135. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
  136. "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
  137. "2278:TCP"= 2278:TCP:Akamai NetSession Interface
  138. "5000:UDP"= 5000:UDP:Akamai NetSession Interface
  139. .
  140. R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\SymDS.sys [31/10/2011 12.00.44 340088]
  141. R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\SymEFA.sys [31/10/2011 12.00.44 758904]
  142. R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Dati applicazioni\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20141107.011\BHDrvx86.sys [11/11/2014 10.20.17 1137368]
  143. R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 20.25.48 12872]
  144. R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 20.41.30 67656]
  145. R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\Ironx86.sys [31/10/2011 12.00.44 137336]
  146. R2 DraftSight API Service;DraftSight API Service;c:\programmi\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [13/03/2014 22.45.28 86016]
  147. R2 DSCameraControlWinService;DSCameraControlWinService;c:\programmi\IDS\uEye\OtherDrivers\DirectShow\32\DSCameraControl.exe [20/12/2011 10.20.26 88064]
  148. R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\programmi\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [26/07/2013 6.48.28 196624]
  149. R2 SepMasterService;Symantec Endpoint Protection;c:\programmi\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe [31/10/2011 12.00.40 137224]
  150. R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [14/12/2011 3.09.57 109872]
  151. R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Dati applicazioni\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20141108.001\IDSXpx86.sys [11/11/2014 10.20.19 383120]
  152. R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29/09/2009 8.11.22 12160]
  153. R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29/09/2009 8.11.20 10496]
  154. R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29/09/2009 8.11.20 12928]
  155. R3 RTL8192cu;300Mbps Wireless USB Adapter;c:\windows\system32\drivers\RTL8192cu.sys [22/04/2013 17.02.17 1076968]
  156. R3 ueyeeth;ueyeeth;c:\windows\system32\drivers\ueye_Eth.sys [20/12/2011 10.19.55 8933624]
  157. S0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [04/11/2013 12.26.34 14776]
  158. S1 MpKsl1437e58f;MpKsl1437e58f;\??\c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{829C4797-094D-4DB4-AB5B-AE2B9B57344D}\MpKsl1437e58f.sys --> c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{829C4797-094D-4DB4-AB5B-AE2B9B57344D}\MpKsl1437e58f.sys [?]
  159. S1 MpKsl526ae741;MpKsl526ae741;\??\c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{3845F2CB-EDAF-4D7B-83D8-8F097392169E}\MpKsl526ae741.sys --> c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{3845F2CB-EDAF-4D7B-83D8-8F097392169E}\MpKsl526ae741.sys [?]
  160. S1 MpKsl8c164172;MpKsl8c164172;\??\c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{0B6E494E-78AF-46E7-A76A-4168E70B293A}\MpKsl8c164172.sys --> c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{0B6E494E-78AF-46E7-A76A-4168E70B293A}\MpKsl8c164172.sys [?]
  161. S1 MpKslede504da;MpKslede504da;\??\c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{CCEB96F7-24BF-4D46-AD25-3C7B4EFE6F9F}\MpKslede504da.sys --> c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{CCEB96F7-24BF-4D46-AD25-3C7B4EFE6F9F}\MpKslede504da.sys [?]
  162. S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [02/03/2012 16.02.00 14336]
  163. S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [02/03/2012 16.02.00 20736]
  164. S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [02/03/2012 16.02.00 20096]
  165. S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [02/03/2012 16.02.00 25088]
  166. S3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys --> c:\windows\system32\Drivers\lgandnetadb.sys [?]
  167. S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [20/12/2013 16.16.09 31312]
  168. S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [02/11/2009 15.46.52 16512]
  169. S3 CMIUSB;Motic New MC Camera;c:\windows\system32\drivers\MC1001200130012001B\cmiusb.sys [06/10/2008 9.46.24 10373]
  170. S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [20/12/2013 16.16.09 13440]
  171. S3 PortRW;PortRW;c:\windows\system32\drivers\PortRW.sys [24/04/2005 7.50.41 3456]
  172. S3 ueye;IDS uEye Kernel Driver;c:\windows\system32\drivers\uEye_usb.sys [20/12/2011 10.19.55 8198392]
  173. S3 ueye_boot;IDS uEye boot driver;c:\windows\system32\drivers\ueye_boot.sys [20/12/2011 10.19.55 8169720]
  174. S3 uEye_Eth;Gigabit Ethernet uEye Service;c:\windows\system32\drivers\ueye_Eth.sys [20/12/2011 10.19.55 8933624]
  175. S4 Adpdrsy;Adpdrsy; [x]
  176. .
  177. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
  178. HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
  179. .
  180. [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
  181. 2014-10-28 09:11 1089352 ----a-w- c:\programmi\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
  182. .
  183. Contenuto della cartella 'Scheduled Tasks'
  184. .
  185. 2008-09-19 c:\windows\Tasks\backup prova.job
  186. - c:\windows\system32\ntbackup.exe [2005-04-24 18:14]
  187. .
  188. 2014-10-23 c:\windows\Tasks\AppleSoftwareUpdate.job
  189. - c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
  190. .
  191. 2014-11-12 c:\windows\Tasks\Adobe Flash Player Updater.job
  192. - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-11 10:52]
  193. .
  194. 2014-11-12 c:\windows\Tasks\SmartDefragUpdate.job
  195. - c:\programmi\IObit\Smart Defrag 2\AutoUpdate.exe [2013-11-04 17:49]
  196. .
  197. 2014-11-12 c:\windows\Tasks\SmartDefrag_Startup.job
  198. - c:\programmi\IObit\Smart Defrag 2\SmartDefrag.exe [2013-11-04 17:23]
  199. .
  200. 2014-10-08 c:\windows\Tasks\Notifica di interruzione del servizio per Microsoft Windows XP - Mensile.job
  201. - c:\windows\system32\xp_eos.exe [2014-07-22 00:28]
  202. .
  203. 2014-11-12 c:\windows\Tasks\Notifica di interruzione del servizio per Microsoft Windows XP - Accesso.job
  204. - c:\windows\system32\xp_eos.exe [2014-07-22 00:28]
  205. .
  206. 2014-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  207. - c:\programmi\Google\Update\GoogleUpdate.exe [2013-11-27 12:31]
  208. .
  209. 2014-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  210. - c:\programmi\Google\Update\GoogleUpdate.exe [2013-11-27 12:31]
  211. .
  212. .
  213. ------- Scansione supplementare -------
  214. .
  215. uStart Page = hxxp://companyweb
  216. uInternet Connection Wizard,ShellNext = iexplore
  217. uInternet Settings,ProxyOverride = ;localhost:5050;<local>
  218. IE: Converti destinazione link in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
  219. IE: Converti i link selezionati in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
  220. IE: Converti i link selezionati in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
  221. IE: Converti nel file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
  222. IE: Converti selezione in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
  223. IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
  224. TCP: DhcpNameServer = 192.168.1.253
  225. DPF: {22CF0C35-80CE-11D3-9354-00105AA793BF} - file://c:\documents and settings\Turiano\Impostazioni locali\temp\Assieme Fotometro-00003\IpaWebView.cab
  226. .
  227. .
  228. ------- Associazioni dei file -------
  229. .
  230. .scr=AutoCADScriptFile
  231. .
  232. .
  233. **************************************************************************
  234. .
  235. catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  236. Rootkit scan 2014-11-12 09:08
  237. Windows 5.1.2600 Service Pack 3 FAT NTAPI
  238. .
  239. scansione processi nascosti ...
  240. .
  241. scansione entrate autostart nascoste ...
  242. .
  243. Scansione files nascosti ...
  244. .
  245. Scansione completata con successo
  246. Files nascosti: 0
  247. .
  248. **************************************************************************
  249. .
  250. [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SepMasterService]
  251. "ImagePath"="\"c:\programmi\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\programmi\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\sms.dll\" /prefetch:1"
  252. --
  253. .
  254. [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SmcService]
  255. "ImagePath"="\"c:\programmi\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe\" /prefetch:1"
  256. .
  257. --------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
  258. .
  259. [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
  260. @Denied: (A 2) (Everyone)
  261. @="FlashBroker"
  262. "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
  263. .
  264. [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
  265. "Enabled"=dword:00000001
  266. .
  267. [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
  268. @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
  269. .
  270. [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
  271. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  272. .
  273. [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
  274. @Denied: (A 2) (Everyone)
  275. @="IFlashBroker6"
  276. .
  277. [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
  278. @="{00020424-0000-0000-C000-000000000046}"
  279. .
  280. [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
  281. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  282. "Version"="1.0"
  283. .
  284. [HKEY_LOCAL_MACHINE\software\Symantec\Symantec Endpoint Protection\CurrentVersion]
  285. "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  286. 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
  287. .
  288. --------------------- Dlls caricate dai processi in esecuzione ---------------------
  289. .
  290. - - - - - - - > 'winlogon.exe'(204)
  291. c:\programmi\SUPERAntiSpyware\SASWINLO.DLL
  292. c:\windows\system32\WININET.dll
  293. .
  294. Ora fine scansione: 2014-11-12 09:11:29
  295. ComboFix-quarantined-files.txt 2014-11-12 08:11
  296. ComboFix2.txt 2014-10-31 14:07
  297. ComboFix3.txt 2014-10-23 17:41
  298. ComboFix4.txt 2014-09-15 17:18
  299. ComboFix5.txt 2014-11-12 08:00
  300. .
  301. Pre-Run: 4.913.299.456 byte disponibili
  302. Post-Run: 4.902.977.536 byte disponibili
  303. .
  304. - - End Of File - - 2EED89F93D92CD8C1AE87A50B152459E
  305. 67D07FA51DCD5A4397248F397BB779AE
RAW Paste Data