Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Dopo scansione Malwarebytes' Opzioni
paoloc351
Inviato: Tuesday, November 03, 2009 9:37:49 AM

Rank: Member

Iscritto dal : 10/24/2009
Posts: 28
Dopo aver effettuato la scansione, mi viene segnalato il seguente errore :"Jobhisinit.exe: impossibile individuare un componente impossibile avviare l'applicazione specificata. pmcmisc.dll nn è stato trovato.
Devo ripristinarlo oppure eliminarlo e in entrambi i casi come devo fare?
Vi posto i log di Hij Malwarebytes e combo fix
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9.34.01, on 27/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\UTENTE~1.UTE\IMPOST~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [JobHisInit] C:\Programmi\RDS\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [MplSetUp] C:\Programmi\RDS\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [OpwareSE4] "C:\Programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [E07IXLRD_236171] "C:\Programmi\Microsoft Encarta\Microsoft Encarta 2007 - Premium DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - Startup: Doc2000.lnk = C:\DOC2000\BIN\ARCSERVE.EXE
O4 - Global Startup: Auto Document Link.lnk = C:\Programmi\RDS\PLDLnk.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Programmi\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Accesso al servizio - {FF4D2994-6575-4F03-A5C6-6559C8793A06} - c:\8exe5[1].exe (file missing)
O9 - Extra 'Tools' menuitem: Accesso al servizio - {FF4D2994-6575-4F03-A5C6-6559C8793A06} - c:\8exe5[1].exe (file missing)
O15 - Trusted Zone: http://webmessenger.msn.com
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: Install247 - http://www.netsupport247.com/utilities/InstallClient.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.it/s/v/e/38.09/f-6tcHDGwoY/uploader2.cab
O16 - DPF: {4819DFDF-ABC4-488C-A323-919848C51175} (Conviva LivePass) -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://acquariusdream.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6A658517-9DDC-48A4-B9A0-DFE507130E3C} (PrintCtl Class) - http://fondiweb.fondiaria-sai.it/FondiWeb/support/PCtlDll.dll
O16 - DPF: {74F4F118-91E6-4AFC-B8D2-04066781F239} (EZTwainX by Dosadi) - http://updoc.gruppofondiariasai.it/UploadServer/resource/eztwainx.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://10.51.98.90/activex/AxisCamControl.cab
O16 - DPF: {B344AD72-6A03-11D3-80D5-005004AD173D} (ImageGear OCX-2000) - http://webfilenet01.intranet.gruppofondiaria.it/idmweb/download/gearpo.cab
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - http://eu.ntrsupport.com/inquiero/mod/setup/ntractivex118_24.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O24 - Desktop Component 0: (no name) - http://catalogo.gruppofondiariasai.it/wps/wcm/resources/file/eb9e47417237cdc/EuropaTutelaGiudiziaria.jpg

--
End of file - 9407 bytes

Malwarebytes' Anti-Malware 1.41
Versione del database: 3038
Windows 5.1.2600 Service Pack 3

27/10/2009 11.21.27
mbam-log-2009-10-27 (11-21-27).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 189218
Tempo trascorso: 1 hour(s), 29 minute(s), 59 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 1

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\Programmi\WashAndGo\Checker.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
ComboFix 09-10-26.06 - utente 27/10/2009 17.37.13.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.768.484 [GMT 1:00]
Eseguito da: c:\documents and settings\utente.UTENTE-52HITRUD\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091026-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\NPROTECT

.
((((((((((((((((((((((((( Files Creati Da 2009-09-27 al 2009-10-27 )))))))))))))))))))))))))))))))))))
.

2009-10-27 16:18 . 2009-10-27 16:18 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-27 16:18 . 2009-10-27 16:18 -------- dc----w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Innovative Solutions
2009-10-26 11:19 . 2009-10-26 11:19 -------- d-----w- c:\documents and settings\utente.UTENTE-52HITRUD\Impostazioni locali\Dati applicazioni\Innovative Solutions
2009-10-26 09:05 . 2009-10-26 09:05 -------- d-----w- c:\documents and settings\utente.UTENTE-52HITRUD\Dati applicazioni\Malwarebytes
2009-10-26 09:04 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-26 09:04 . 2009-10-27 16:18 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-10-26 09:04 . 2009-10-26 09:04 -------- dc----w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Malwarebytes
2009-10-26 09:04 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-01 06:50 . 2009-10-01 06:50 -------- d-----w- c:\programmi\Microsoft
2009-09-30 08:22 . 2009-09-30 08:22 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-27 16:12 . 2008-07-25 11:54 -------- d-----w- c:\programmi\Glary Utilities
2009-10-27 10:21 . 2006-03-27 08:16 -------- d-----w- c:\programmi\WashAndGo
2009-10-26 08:58 . 2008-01-14 12:05 -------- d-----w- c:\programmi\Nokia
2009-10-26 08:56 . 2006-01-13 13:17 -------- d-----w- c:\programmi\Lavasoft
2009-10-26 08:06 . 2003-04-08 12:00 529840 ----a-w- c:\windows\system32\perfh010.dat
2009-10-26 08:06 . 2003-04-08 12:00 100154 ----a-w- c:\windows\system32\perfc010.dat
2009-10-21 15:19 . 2007-01-23 17:11 -------- d-----w- c:\documents and settings\utente.UTENTE-52HITRUD\Dati applicazioni\Skype
2009-10-21 14:00 . 2008-05-29 09:11 -------- d-----w- c:\documents and settings\utente.UTENTE-52HITRUD\Dati applicazioni\skypePM
2009-10-14 06:50 . 2007-03-21 08:21 -------- d-----w- c:\programmi\DYMO Label
2009-10-01 06:52 . 2007-11-14 11:23 -------- d-----w- c:\programmi\Windows Live
2009-09-11 14:17 . 2004-11-24 16:41 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-11-24 16:42 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:56 . 2004-11-24 16:42 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-11-24 16:42 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-20 06:49 . 2004-10-12 15:50 89048 -c--a-w- c:\documents and settings\utente.UTENTE-52HITRUD\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-08-17 16:10 . 2006-01-09 10:03 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2006-01-09 10:04 93392 -c--a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2006-01-09 10:04 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-04-09 05:56 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-04-09 05:56 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2006-01-09 10:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2006-01-09 10:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2006-01-09 10:04 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2006-01-09 10:03 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2009-08-05 08:59 . 2004-11-24 16:42 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 20:56 . 2004-11-24 16:41 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:52 . 2009-08-04 17:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 17:26 . 2004-11-24 16:41 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-08-03 13:07 . 2009-08-03 13:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 13:07 . 2009-08-03 13:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 13:07 . 2009-08-03 13:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2004-03-11 12:27 . 2005-11-16 07:53 40960 -c--a-w- c:\programmi\Uninstall_CDS.exe
2004-02-27 16:19 . 2004-02-27 16:19 6887 -c--a-w- c:\programmi\DeIsL1.isu
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2006-05-22 282624]
"JobHisInit"="c:\programmi\RDS\RMClient\JobHisInit.exe" [2007-08-30 229481]
"MplSetUp"="c:\programmi\RDS\RMClient\MplSetUp.exe" [2007-08-30 49254]
"OpwareSE4"="c:\programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2008-11-12 69632]
"Malwarebytes Anti-Malware (reboot)"="c:\programmi\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

c:\documents and settings\utente.UTENTE-52HITRUD\Menu Avvio\Programmi\Esecuzione automatica\
Doc2000.lnk - c:\doc2000\BIN\ARCSERVE.EXE [2006-3-2 2318336]

c:\documents and settings\All Users.WINDOWS\Menu Avvio\Programmi\Esecuzione automatica\
Auto Document Link.lnk - c:\programmi\RDS\PLDLnk.exe [2008-11-25 561152]
Post-it© Software Notes Lite.lnk - c:\programmi\3M\PSNLite\PsnLite.exe [2004-6-2 1622016]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma Loader.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Avvio^Programmi^Esecuzione automatica^Controllo del Calendario di Ulead Photo Express.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Avvio^Programmi^Esecuzione automatica^GStartup.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Win32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"InCDsrv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime
"DataLayer"=c:\programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
"Acrobat Assistant 7.0"="c:\programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
"TrkMonitor"="c:\programmi\Canon Electronics\DR1210C\TrkMonitor.exe"
"NSLauncher"=c:\programmi\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\PCXTools\\PM5\\R210_39.1\\bin\\pm5.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [09/04/2008 6.56.26 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [09/04/2008 6.56.26 20560]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [04/03/2009 14.51.15 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [04/03/2009 14.51.16 8320]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - mbr
.
Contenuto della cartella 'Scheduled Tasks'

2009-10-27 c:\windows\Tasks\User_Feed_Synchronization-{5910AA67-BBCE-4516-8217-4EA44FBE1EFC}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mWindow Title =
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Converti destinazione link in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti destinazione link in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti i link selezionati in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti i link selezionati in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti nel file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti selezione in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{FF4D2994-6575-4F03-A5C6-6559C8793A06} - c:\8exe5[1].exe
Trusted Zone: msn.com\webmessenger
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: Install247 - hxxp://www.netsupport247.com/utilities/InstallClient.cab
DPF: {4819DFDF-ABC4-488C-A323-919848C51175}
DPF: {6A658517-9DDC-48A4-B9A0-DFE507130E3C} - hxxp://fondiweb.fondiaria-sai.it/FondiWeb/support/PCtlDll.dll
DPF: {74F4F118-91E6-4AFC-B8D2-04066781F239} - hxxp://updoc.gruppofondiariasai.it/UploadServer/resource/eztwainx.cab
DPF: {B344AD72-6A03-11D3-80D5-005004AD173D} - hxxp://webfilenet01.intranet.gruppofondiaria.it/idmweb/download/gearpo.cab
FF - ProfilePath - c:\documents and settings\utente.UTENTE-52HITRUD\Dati applicazioni\Mozilla\Firefox\Profiles\2nc1jv09.default\
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://it.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=it-it&FORM=MICI05&q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-E07IXLRD_236171 - c:\programmi\Microsoft Encarta\Microsoft Encarta 2007 - Premium DVD\EDICT.EXE
AddRemove-eMule - f:\programmi\eMule\Uninstall.exe
AddRemove-HijackThis - c:\docume~1\UTENTE~1.UTE\IMPOST~1\Temp\HijackThis.exe
AddRemove-LiveUpdate - c:\programmi\Symantec\LiveUpdate\Uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-27 17:46
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140111900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(2556)
c:\windows\system32\WININET.dll
c:\programmi\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\windows\System32\msdtc.exe
c:\programmi\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\SearchIndexer.exe
c:\combofix\CF17280.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\SearchFilterHost.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Ora fine scansione: 2009-10-27 17.57.23 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-10-27 16:57

Pre-Run: 41.693.413.376 byte disponibili
Post-Run: 41.634.717.696 byte disponibili

- - End Of File - - 2E3391166B4135065FF38E3EC065920B
Sponsor
Inviato: Tuesday, November 03, 2009 9:37:49 AM

 
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.