Come posso far ripristinare gli aggiornamenti al pc di un'amica.
Accludo i log di Hijack e combofix:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0.40.44, on 22/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Programmi\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe
C:\Programmi\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\vVX1000.exe
C:\Programmi\TOSHIBA\ConfigFree\CFSServ.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\Windows Live\Family Safety\fssui.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Documents and Settings\marina\Desktop\HiJackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programmi\Windows Live\Family Safety\fssbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [THotkey] "C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe"
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SmoothView] "C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Programmi\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Programmi\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [fssui] "C:\Programmi\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Programmi\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Programmi\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{80C1600E-5563-4920-9133-8D4FE4CFD163}: NameServer = 193.70.152.25 193.70.152.15
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O23 - Service: Servizio di configurazione Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Desktop Manager 5.7.712.18632 (GoogleDesktopManager-121807-210419) - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Programmi\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Programmi\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programmi\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
--
End of file - 10199 bytes
ComboFix 08-10-19.04 - marina 2008-10-21 14.28.51.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.116 [GMT 2:00]
Eseguito da: C:\Documents and Settings\marina\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Menu Avvio\Programmi\MessengerSkinner
C:\Documents and Settings\All Users\Menu Avvio\Programmi\MessengerSkinner\Condizioni generali.url
C:\Documents and Settings\All Users\Menu Avvio\Programmi\MessengerSkinner\Disinstalla.lnk
C:\Documents and Settings\All Users\Menu Avvio\Programmi\MessengerSkinner\MessengerSkinner.lnk
C:\Documents and Settings\All Users\Menu Avvio\Programmi\MessengerSkinner\Riservatezza.url
C:\Documents and Settings\All Users\Menu Avvio\Programmi\MessengerSkinner\Website.url
C:\Documents and Settings\marina\Impostazioni locali\Dati applicazioni\ummmu.dat
C:\Documents and Settings\marina\Impostazioni locali\Dati applicazioni\ummmu.exe
C:\Documents and Settings\marina\Impostazioni locali\Dati applicazioni\ummmu_nav.dat
C:\Documents and Settings\marina\Impostazioni locali\Dati applicazioni\ummmu_navps.dat
.
((((((((((((((((((((((((( Files Creati Da 2008-09-21 al 2008-10-21 )))))))))))))))))))))))))))))))))))
.
2008-10-18 12:52 . 2008-10-18 12:52 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-10-18 12:52 . 2008-10-18 12:52 <DIR> d-------- C:\Documents and Settings\marina\Dati applicazioni\Malwarebytes
2008-10-18 12:52 . 2008-10-18 12:52 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-10-18 12:52 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-18 12:52 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-17 14:40 . 2008-10-17 14:40 <DIR> d-------- C:\Programmi\Sun
2008-10-16 11:06 . 2008-09-08 12:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-16 11:04 . 2008-08-14 15:22 2,148,864 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-16 11:04 . 2008-08-14 15:22 2,069,760 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-16 11:04 . 2008-08-14 15:22 2,027,520 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-16 11:03 . 2008-08-14 15:22 2,192,896 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-16 10:46 . 2008-09-15 17:24 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-13 15:08 . 2008-10-13 15:08 1,234 --a------ C:\WINDOWS\wininit.ini
2008-10-12 14:03 . 2008-10-12 14:03 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Skype
2008-09-28 23:20 . 2008-09-28 23:41 230,424 --a------ C:\img2-001.raw
2008-09-21 03:00 . 2008-09-21 03:00 <DIR> d-------- C:\Programmi\AGI
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-17 20:54 --------- d-----w C:\Programmi\Java
2008-10-14 07:13 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-10-13 10:58 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-10-12 11:59 --------- d-----w C:\Documents and Settings\marina\Dati applicazioni\U3
2008-09-15 15:24 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-14 12:14 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-26 07:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 13:22 2,192,896 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:22 2,069,760 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-07-20 10:23 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008072020080721\index.dat
.
------- Sigcheck -------
2004-08-19 16:39 14336 73955b04f209d8a1c633867841267a96 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2008-04-13 19:14 14336 bb8363abec09aa2f9b363484e282117c C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2008-04-13 19:14 14336 bb8363abec09aa2f9b363484e282117c C:\WINDOWS\system32\svchost.exe
2005-03-02 20:20 578048 488019bfe2b0f9f8cd8394276d5b664a C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 17:48 579072 bab4f995e526484a235a276e269aaf7f C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2007-03-08 17:37 578560 9daa2190a18739b657b58f794acf2e47 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
2004-08-19 16:39 578048 08447bdfce5d1b1956f962602381f5c1 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 20:10 578048 14b5d6b20467dba209853d65d1f6a124 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2008-04-13 19:13 579584 fa94696c0727bd59e517c674cd6e7c72 C:\WINDOWS\ServicePackFiles\i386\user32.dll
2008-04-13 19:13 579584 fa94696c0727bd59e517c674cd6e7c72 C:\WINDOWS\system32\user32.dll
2004-08-19 16:39 82944 12ead983c875ed9bcc8b90e3f77f2e4a C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
2008-04-13 19:13 82432 d34f635ff28f2aabedc95bfeb891864c C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2008-04-13 19:13 82432 d34f635ff28f2aabedc95bfeb891864c C:\WINDOWS\system32\ws2_32.dll
2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2006-04-20 13:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644_0$\tcpip.sys
2008-04-13 12:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
2008-04-13 12:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\system32\drivers\tcpip.sys
2004-08-19 16:39 504832 4166454e2bcfcc20d1b8a5ac9feab243 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2008-04-13 19:14 510464 9259170d29b5a256735fcb8b80280857 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2008-04-13 19:14 510464 9259170d29b5a256735fcb8b80280857 C:\WINDOWS\system32\winlogon.exe
2004-08-04 00:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2008-04-13 12:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2008-04-13 12:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\system32\drivers\ndis.sys
2004-08-04 00:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\$NtServicePackUninstall$\ip6fw.sys
2008-04-13 11:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2008-04-13 11:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 19:14 1036288 70d7f99d95615c3c278367756287db71 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1035776 b4e85805be6d23de697f7b3ba7492d0b C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 15:22 1035776 7e2817a623e16f830b660f81c0fd63da C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-19 16:39 976896 6cb6d8bcb81d927bccf8e2905eb8f274 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-13 19:14 1036288 70d7f99d95615c3c278367756287db71 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2004-08-19 16:39 108544 e77f6fa2a15390f1727f4c1c55b69da6 C:\WINDOWS\$NtServicePackUninstall$\services.exe
2008-04-13 19:14 109056 dac0440c89b1ea4e35684896d5bf856e C:\WINDOWS\ServicePackFiles\i386\services.exe
2008-04-13 19:14 109056 dac0440c89b1ea4e35684896d5bf856e C:\WINDOWS\system32\services.exe
2004-08-19 16:39 13312 0815e8da286775fa432c7c9ee5e10ba1 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2008-04-13 19:14 13312 0fba335727905de8e4cb5a2cf438abf5 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2008-04-13 19:14 13312 0fba335727905de8e4cb5a2cf438abf5 C:\WINDOWS\system32\lsass.exe
2004-08-19 16:39 15360 5b33b4265966ee063c7fbea28958d9c2 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2008-04-13 19:14 15360 f53cddef33a4c41336a782be3d170158 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2008-04-13 19:14 15360 f53cddef33a4c41336a782be3d170158 C:\WINDOWS\system32\ctfmon.exe
2005-06-11 02:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2005-06-11 01:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
2004-08-19 16:39 57856 216f8454a9415dd3e451b169dc3121c4 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2008-04-13 19:14 57856 60977c9bae8f86f9075829325303d0c9 C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2008-04-13 19:14 57856 60977c9bae8f86f9075829325303d0c9 C:\WINDOWS\system32\spoolsv.exe
2004-08-19 16:39 25088 c1e7fe19f98a877bf8f941bf48148695 C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
2008-04-13 19:14 26624 df69726907357c3add243f48902b0331 C:\WINDOWS\ServicePackFiles\i386\userinit.exe
2008-04-13 19:14 26624 df69726907357c3add243f48902b0331 C:\WINDOWS\system32\userinit.exe
2004-08-19 16:39 296960 c06cd1890279603e15020757e02de56b C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll
2008-04-13 19:13 296960 fe5a5329ccfc33d645c33077ff04f052 C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
2008-04-13 19:13 296960 fe5a5329ccfc33d645c33077ff04f052 C:\WINDOWS\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"TOSCDSPD"="C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2008-04-13 1695232]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-01-19 20480]
"LogitechSoftwareUpdate"="C:\Programmi\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896]
"PC Suite Tray"="C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 1079808]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-05 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"THotkey"="C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe" [2005-12-08 352256]
"SynTPLpr"="C:\Programmi\Synaptics\SynTP\SynTPLpr.exe" [2004-10-15 98394]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2004-10-15 688218]
"SmoothView"="C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 118784]
"RoxWatchTray"="C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 228088]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="C:\Programmi\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LifeCam"="C:\Programmi\Microsoft LifeCam\LifeExp.exe" [2006-06-30 269104]
"VX1000"="C:\WINDOWS\vVX1000.exe" [2006-06-30 707376]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-14 1235736]
"fssui"="C:\Programmi\Windows Live\Family Safety\fssui.exe" [2007-12-17 243240]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NDSTray.exe"="NDSTray.exe" [BU]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 C:\WINDOWS\agrsmmsg.exe]
"TPSMain"="TPSMain.exe" [2005-08-04 C:\WINDOWS\system32\TPSMain.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-10 C:\WINDOWS\RTHDCPL.exe]
"CFSServ.exe"="CFSServ.exe" [BU]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360]
C:\Documents and Settings\marina\Menu Avvio\Programmi\Esecuzione automatica\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2007-11-27 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"C:\\Programmi\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Programmi\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Documents and Settings\\marina\\Dati applicazioni\\U3\\
0000185A49612978\\
0DE4F643-C398-46ec-9339-2362F2311932\\Exec\\skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-14 97928]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-14 875288]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-14 231704]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-20 76040]
R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 43816]
R2 fsssvc;Windows Live OneCare Family Safety;C:\Programmi\Windows Live\Family Safety\fsssvc.exe [2007-12-17 523816]
R2 MSCamSvc;MSCamSvc;C:\Programmi\Microsoft LifeCam\MSCamSvc.exe [2006-06-30 187184]
S3 GoogleDesktopManager-121807-210419;Google Desktop Manager 5.7.712.18632;C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe [2007-12-24 29744]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-06-30 1965872]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{815b6d5c-00a2-11dd-8615-00a0d12f3ffd}]
\Shell\Auto\command - UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99edcd86-5703-11dd-8686-00a0d12f3ffd}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contenuto della cartella 'Scheduled Tasks'
2008-10-21 C:\WINDOWS\Tasks\AA9B2F029190AA22.job
- c:\docume~1\marina\datiap~1\transb~1\wait drive stupid.exe []
2008-10-21 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORFÃOS REMOVIDOS - - - -
HKCU-Run-ummmu - c:\documents and settings\marina\impostazioni locali\dati applicazioni\ummmu.exe
.
------- Supplementare di scansione -------
.
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-Internet Settings,ProxyOverride = localhost
O8 -: &Windows Live Search - C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspx.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-10-21 14:35:09
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
PROCESSO: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
C:\WINDOWS\system32\acs.exe
C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Programmi\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Programmi\AVG\AVG8\avgrsx.exe
C:\Programmi\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Programmi\TOSHIBA\ConfigFree\CFSServ.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\WudfHost.exe
.
**************************************************************************
.
Ora fine scansione: 2008-10-21 14:40:42 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-10-21 12:40:28
Pre-Run: 60.256.534.528 byte disponibili
Post-Run: 60,180,279,296 byte disponibili
244 --- E O F --- 2008-10-17 00:32:31