Condividi:        

Trojan o cosa

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Trojan o cosa

Postdi lupos3 » 09/07/08 22:09

Salve a tutti , da due giorni non appena apro la finestra di explorer e mi collego , dopo circa 2 minuti mi compare una finestra con scritto "per accedere ai contenuti riservati la connessione con il suo programma verra interrottoe verra effettuata una connessione ad una numerazione a valore aggiunto ........."

Ho provato con adware , superantyspyware, ma nulla mi trova solo dei cookies
al riavvio spunta sempre la finestra

che fare?
posto il log con hijackthis grazie a tutti per l'eventuale aiuto
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.54.11, on 09/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\S3trayp.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\File comuni\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\FreeLan 802.11g Wireless 125 Mbps USB 2.0 Adapter\WlanUtl.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Mozilla Thunderbird\thunderbird.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\TWAIN_32\ESCNDV\escndv.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programmi\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Programmi\File comuni\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: FreeLan 802.11g WLAN Utility.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programmi\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: UPnPService - Magix AG - C:\Programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 6808 bytes
lupos3
Utente Senior
 
Post: 177
Iscritto il: 20/08/06 14:15

Sponsor
 

Re: Trojan o cosa

Postdi lupos3 » 10/07/08 14:40

kadosh, Luke57 riuscite ad aiutarmi?
lupos3
Utente Senior
 
Post: 177
Iscritto il: 20/08/06 14:15

Re: Trojan o cosa

Postdi Luke57 » 10/07/08 15:17

Ciao, nel report non trovo niente, scarica combofix da qui:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Per eseguirlo,doppio click su Combofix.exe
Si aprirà una finestra blu....Attendere....
Dopo qualche attimo apparirà l'avviso che declina l'autore da ogni problema legato ad una errata utilizzazione del tool.
A questo punto selezionate 1 quindi ENTER per lanciare lo scan..
Attendere.....
Un avviso vi segnalerà la fine dell'operazione e dopo qualche attimo apparirà il log con i dettagli dello scan.
IL log verrà memorizzato in C:\Combofix.txt
Allegalo a un post
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: Trojan o cosa

Postdi lupos3 » 11/07/08 17:18

ecco il log


ComboFix 08-07-10.1 - massimo 2008-07-11 18.07.55.1 - NTFSx86
Eseguito da: C:\Documents and Settings\massimo\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Menu Avvio\UUSEE~1.LNK
C:\Documents and Settings\massimo\Impostazioni locali\Dati applicazioni\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Programmi\uusee
C:\Programmi\uusee\AD\1\000\index_new.html
C:\Programmi\uusee\AD\1\000\uue_new.jpg
C:\Programmi\uusee\AD\1\001\index_new.html
C:\Programmi\uusee\AD\1\001\uue_new.jpg
C:\Programmi\uusee\AD\1\cy\cy.html
C:\Programmi\uusee\AD\1\dm\dm.html
C:\Programmi\uusee\AD\1\dsj\dsj.html
C:\Programmi\uusee\AD\1\dst\dst.html
C:\Programmi\uusee\AD\1\dy\dy.html
C:\Programmi\uusee\AD\1\jk\jk.html
C:\Programmi\uusee\AD\1\ty\ty.html
C:\Programmi\uusee\AD\1\uu\uu.html
C:\Programmi\uusee\AD\1\yl\yl.html
C:\Programmi\uusee\AD\1\yx\yx1.html
C:\Programmi\uusee\AD\1\yx1\yx1.html
C:\Programmi\uusee\AD\1\zx\zx.html
C:\Programmi\uusee\AD\2\001\index.html
C:\Programmi\uusee\AD\2\100\index.html
C:\Programmi\uusee\AD\2\200\index.html
C:\Programmi\uusee\AD\2\300\index.html
C:\Programmi\uusee\AD\2\pos1\pos1.html
C:\Programmi\uusee\AD\2\pos3\pos3.html
C:\Programmi\uusee\AD\UUAD_Banner_1.html
C:\Programmi\uusee\AD\UUAD_Banner_3.html
C:\Programmi\uusee\AD\UUAD_Buffering.html
C:\Programmi\uusee\AD\UUAD_Buffering.jpg
C:\Programmi\uusee\AD\UUAD_TextLink_0.xml
C:\Programmi\uusee\ARMP.ocx
C:\Programmi\uusee\ARMPD.dll
C:\Programmi\uusee\check_cmd.exe
C:\Programmi\uusee\flvplayer.swf
C:\Programmi\uusee\in_psp.dll
C:\Programmi\uusee\MultiVMR9.dll
C:\Programmi\uusee\out_mmshttp.dll
C:\Programmi\uusee\rmsp011.ax
C:\Programmi\uusee\skins\UUPlayer\About.bmp
C:\Programmi\uusee\skins\UUPlayer\Control_Button_pause_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Control_Button_pause_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Control_Button_pause_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Control_Button_pause_4.bmp
C:\Programmi\uusee\skins\UUPlayer\Control_Button_Recording_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Control_Button_Recording_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Control_Button_Recording_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_CheckBox_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_CheckBox_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_CheckBox_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_CheckBox_4.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_CheckBox_C1.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_CheckBox_C2.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_CheckBox_C3.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_CheckBox_C4.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_ComboBox_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_ComboBox_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_ComboBox_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_ComboBox_4.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_Edit_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_Edit_4.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_PushButton_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_PushButton_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_PushButton_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_PushButton_4.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_RadioButton_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_RadioButton_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_RadioButton_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_RadioButton_4.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_RadioButton_C1.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_RadioButton_C2.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_RadioButton_C3.bmp
C:\Programmi\uusee\skins\UUPlayer\Ctrl_RadioButton_C4.bmp
C:\Programmi\uusee\skins\UUPlayer\Dlg_Back.bmp
C:\Programmi\uusee\skins\UUPlayer\Dlg_Detect.bmp
C:\Programmi\uusee\skins\UUPlayer\Dlg_Frame_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Dlg_Frame_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Dlg_Frame_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Dlg_Record_Task_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Icon_Information.bmp
C:\Programmi\uusee\skins\UUPlayer\Icon_Question.bmp
C:\Programmi\uusee\skins\UUPlayer\Icon_Stop.bmp
C:\Programmi\uusee\skins\UUPlayer\ListHeader_1.bmp
C:\Programmi\uusee\skins\UUPlayer\ListHeader_2.bmp
C:\Programmi\uusee\skins\UUPlayer\ListHeader_3.bmp
C:\Programmi\uusee\skins\UUPlayer\ListHeader_ArrowD.bmp
C:\Programmi\uusee\skins\UUPlayer\ListHeader_ArrowU.bmp
C:\Programmi\uusee\skins\UUPlayer\ListHeader_SP.bmp
C:\Programmi\uusee\skins\UUPlayer\Play_Window_Rec_icon.bmp
C:\Programmi\uusee\skins\UUPlayer\Progressbar_Block_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Progressbar_Block_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Progressbar_Block_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Progressbar_Block_4.bmp
C:\Programmi\uusee\skins\UUPlayer\Progressbar_BM_0.bmp
C:\Programmi\uusee\skins\UUPlayer\Progressbar_BM_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Progressbar_BM_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Progressbar_BM_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Progressbar_BM_4.bmp
C:\Programmi\uusee\skins\UUPlayer\Progressbar_BM_5.bmp
C:\Programmi\uusee\skins\UUPlayer\Progressbar_BM_6.bmp
C:\Programmi\uusee\skins\UUPlayer\Progressbar_BM_7.bmp
C:\Programmi\uusee\skins\UUPlayer\Resource.h
C:\Programmi\uusee\skins\UUPlayer\Setting_Group_1_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Setting_Group_1_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Setting_Group_1_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Setting_Group_2_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Setting_Group_2_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Setting_Group_2_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Setting_Group_3_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Setting_Group_3_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Setting_Group_3_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Sidebar_Button_1_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Sidebar_Button_1_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Sidebar_Button_1_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Sidebar_Group_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Sidebar_Group_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Sidebar_Group_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Sidebar_Group_x1.bmp
C:\Programmi\uusee\skins\UUPlayer\Sidebar_Group_x2.bmp
C:\Programmi\uusee\skins\UUPlayer\Sidebar_Group_x3.bmp
C:\Programmi\uusee\skins\UUPlayer\Titlebar_button_Res_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Titlebar_button_Res_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Titlebar_button_Res_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Toolbar_Button_Compact_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Toolbar_Button_Compact_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Toolbar_Button_Compact_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Toolbar_Button_FullScreen_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Toolbar_Button_FullScreen_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Toolbar_Button_FullScreen_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Toolbar_Button_TopMost_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Toolbar_Button_TopMost_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Toolbar_Button_TopMost_3.bmp
C:\Programmi\uusee\skins\UUPlayer\TopTab_Browse.bmp
C:\Programmi\uusee\skins\UUPlayer\TopTab_Browse1.bmp
C:\Programmi\uusee\skins\UUPlayer\TopTab_Play.bmp
C:\Programmi\uusee\skins\UUPlayer\TopTab_Play1.bmp
C:\Programmi\uusee\skins\UUPlayer\TopTab_Record.bmp
C:\Programmi\uusee\skins\UUPlayer\TopTab_Record1.bmp
C:\Programmi\uusee\skins\UUPlayer\Tree_Arrow.bmp
C:\Programmi\uusee\skins\UUPlayer\Tree_Collapse.bmp
C:\Programmi\uusee\skins\UUPlayer\Tree_Expand.bmp
C:\Programmi\uusee\skins\UUPlayer\Tree_Header.bmp
C:\Programmi\uusee\skins\UUPlayer\Tree_ScrollBar_D.bmp
C:\Programmi\uusee\skins\UUPlayer\Tree_ScrollBar_H.bmp
C:\Programmi\uusee\skins\UUPlayer\Tree_ScrollBar_N.bmp
C:\Programmi\uusee\skins\UUPlayer\Tree_ScrollBar_S.bmp
C:\Programmi\uusee\skins\UUPlayer\Tree_ScrollBarThumb_D.bmp
C:\Programmi\uusee\skins\UUPlayer\Tree_ScrollBarThumb_H.bmp
C:\Programmi\uusee\skins\UUPlayer\Tree_ScrollBarThumb_N.bmp
C:\Programmi\uusee\skins\UUPlayer\Tree_ScrollBarThumb_S.bmp
C:\Programmi\uusee\skins\UUPlayer\Tree_SortIconDown.bmp
C:\Programmi\uusee\skins\UUPlayer\Tree_SortIconUp.bmp
C:\Programmi\uusee\skins\UUPlayer\UUSEE.ui
C:\Programmi\uusee\skins\UUPlayer\Volume_Bar_Block_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Volume_Bar_Block_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Volume_Bar_Block_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Volume_Button_2_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Volume_Button_2_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Volume_Button_2_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Browser_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Browser_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Browser_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_ChannelInfo.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_ChannelInfo_5.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Control_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Control_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Control_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Control_4.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Info.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Main_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Main_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Main_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Main_5.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Play_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Play_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Play_5.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Record_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Record_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Record_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Record_4.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Setting_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Setting_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Setting_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Side_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Side_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Side_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Toolbar_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Toolbar_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Toolbar_3.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Toolbar_4.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Top_1.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Top_2.bmp
C:\Programmi\uusee\skins\UUPlayer\Wnd_Top_3.bmp
C:\Programmi\uusee\u264Dec.ax
C:\Programmi\uusee\UFDeMux.ax
C:\Programmi\uusee\uninst.exe
C:\Programmi\uusee\updateC2.ocx
C:\Programmi\uusee\UUPlayer.dll
C:\Programmi\uusee\UUPlayer.ocx
C:\Programmi\uusee\UUPlayer_update.ini
C:\Programmi\uusee\UUSee.url
C:\Programmi\uusee\uusee_video.dll
C:\Programmi\uusee\UUSEEAudioDec.ax
C:\Programmi\uusee\UUSeePlayer.exe
C:\Programmi\uusee\UUSEETemp\~3962687.tmp
C:\Programmi\uusee\UUSEETemp\Control_Button_Compact_1.bmp
C:\Programmi\uusee\UUSEETemp\Control_Button_Compact_2.bmp
C:\Programmi\uusee\UUSEETemp\Control_Button_Compact_3.bmp
C:\Programmi\uusee\UUSEETemp\Control_Button_FullScreen_1.bmp
C:\Programmi\uusee\UUSEETemp\Control_Button_FullScreen_2.bmp
C:\Programmi\uusee\UUSEETemp\Control_Button_FullScreen_3.bmp
C:\Programmi\uusee\UUSEETemp\Tree_Collapse.bmp
C:\Programmi\uusee\UUSEETemp\Tree_Expand.bmp
C:\Programmi\uusee\UUSEETemp\Wnd_Control_1.bmp
C:\Programmi\uusee\UUSEETemp\Wnd_Control_2.bmp
C:\Programmi\uusee\UUSEETemp\Wnd_Control_3.bmp
C:\Programmi\uusee\UUSEETemp\Wnd_Control_4.bmp
C:\Programmi\uusee\UUTV_MY.xml
C:\Programmi\uusee\UUTV_UUPlayer.xml
C:\Programmi\uusee\UUUpgrade.exe
C:\Programmi\uusee\UUUpgrade.ini
C:\Programmi\uusee\UUUpgrade.ocx
C:\Programmi\uusee\vermini.ini
C:\Programmi\uusee\vermini_x.ini
C:\Programmi\uusee\vermini_x1.ini
C:\Programmi\uusee\What's new.mht
C:\Programmi\uusee\What's new.txt
C:\WINDOWS\system32\_000003_.tmp.dll
C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\_000012_.tmp.dll
C:\WINDOWS\system32\_000019_.tmp.dll
C:\WINDOWS\system32\oeminfo.ini

.
((((((((((((((((((((((((( Files Creati Da 2008-06-11 al 2008-07-11 )))))))))))))))))))))))))))))))))))
.

2008-07-11 18:03 . 2008-07-11 18:03 24,400 --a------ C:\Documents and Settings\massimo\xmtbmtcg.exe
2008-07-07 22:33 . 2008-07-07 22:33 <DIR> d-------- C:\Programmi\Microsoft Bootvis
2008-07-05 23:25 . 2008-07-05 23:25 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-07-05 23:18 . 2006-09-14 02:18 <DIR> d--h----- C:\Documents and Settings\Guest\Risorse di stampa
2008-07-05 23:18 . 2006-09-14 02:18 <DIR> d--h----- C:\Documents and Settings\Guest\Risorse di rete
2008-07-05 23:18 . 2008-07-05 23:19 <DIR> dr------- C:\Documents and Settings\Guest\Preferiti
2008-07-05 23:18 . 2006-09-14 02:18 <DIR> d--h----- C:\Documents and Settings\Guest\Modelli
2008-07-05 23:18 . 2006-09-14 02:18 <DIR> dr------- C:\Documents and Settings\Guest\Menu Avvio
2008-07-05 23:18 . 2006-09-13 17:50 <DIR> d--h----- C:\Documents and Settings\Guest\Impostazioni locali
2008-07-05 23:18 . 2008-07-05 23:19 <DIR> dr------- C:\Documents and Settings\Guest\Documenti
2008-07-05 23:18 . 2006-09-13 17:34 <DIR> d-------- C:\Documents and Settings\Guest\Dati applicazioni\Symantec
2008-07-05 23:18 . 2007-09-13 21:31 <DIR> dr-h----- C:\Documents and Settings\Guest\Dati applicazioni
2008-07-05 23:18 . 2008-07-05 23:18 <DIR> d-------- C:\Documents and Settings\Guest
2008-07-05 21:26 . 2008-07-05 21:26 0 --a------ C:\WINDOWS\MSDraw.ini
2008-06-29 22:02 . 2008-06-29 22:02 <DIR> d-------- C:\Programmi\Panda Security
2008-06-29 21:10 . 2008-07-05 23:14 <DIR> d-------- C:\MioLavorogaribaldi
2008-06-29 21:10 . 2008-07-11 18:02 <DIR> d-------- C:\GaribaldiFC
2008-06-20 19:39 . 2008-06-20 19:39 247,296 --------- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 12:44 . 2008-06-20 12:44 138,368 --------- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-18 21:11 . 2008-06-18 21:11 31,056 --a------ C:\Documents and Settings\massimo\wdpggpup.exe
2008-06-18 15:21 . 2008-06-18 15:21 <DIR> d-------- C:\Programmi\Veoh Networks
2008-06-11 23:01 . 2008-06-29 21:52 <DIR> d-------- C:\MioLavoro
2008-06-11 22:43 . 2008-06-29 21:10 <DIR> d-------- C:\Mio Sitoeuropadefinitivo
2008-06-11 10:57 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 10:57 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-11 15:55 --------- d-----w C:\Documents and Settings\massimo\Application Data\TransRender
2008-07-11 15:19 --------- d-----w C:\Programmi\Mozilla Thunderbird
2008-07-08 19:50 --------- d-----w C:\Documents and Settings\massimo\Application Data\Skype
2008-07-06 14:56 --------- d-----w C:\Programmi\eMule
2008-06-20 19:57 --------- d-----w C:\Programmi\DAEMON Tools
2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:39 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-18 13:22 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-06-08 14:05 --------- d-----w C:\Programmi\ESET
2008-06-08 12:33 --------- d-----w C:\Programmi\Clarke Tech Editor Studio
2008-06-06 18:54 1,682 ----a-w C:\Documents and Settings\massimo\Application Data\wklnhst.dat
2008-06-05 22:18 --------- d-----w C:\Programmi\Windows Live Safety Center
2008-06-03 09:27 --------- d-----w C:\Documents and Settings\massimo\Application Data\VoipStunt
2008-06-01 18:06 --------- d-----w C:\Programmi\Ipswitch
2008-06-01 18:06 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Ipswitch
2008-06-01 17:29 --------- d-----w C:\Documents and Settings\massimo\Application Data\Ipswitch
2008-05-31 20:17 --------- d-----w C:\Programmi\Thoosje Sidebar V2.0
2008-05-21 19:58 --------- d-----w C:\Documents and Settings\massimo\Application Data\U3
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 04:55 1,293,312 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 04:55 1,293,312 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:42 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:42 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2006-12-06 19:08 2,506,438 -c--a-w C:\WINDOWS\inf\SET2DA.tmp
2006-04-11 04:00 1,527,998 -c--a-w C:\WINDOWS\inf\SET34D.tmp
2007-01-05 18:57 22 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.
Codice: Seleziona tutto
<pre>
----a-w           524,288 2007-06-19 13:24:53  C:\Programmi\Thoosje Sidebar V2.0\Thoosje Sidebar .exe
</pre>



((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-04-11 06:00 15360]
"H/PC Connection Agent"="C:\Programmi\Microsoft ActiveSync\wcescomm.exe" [2006-06-27 00:08 1211176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-18 06:40 64512]
"hpWirelessAssistant"="C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 22:58 458752]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-22 22:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-22 22:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-22 22:17 118784]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 07:22 794713]
"QPService"="C:\Programmi\HP\QuickPlay\QPService.exe" [2006-07-19 15:14 102400]
"HP Software Update"="C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"Cpqset"="C:\Programmi\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 10:50 40960]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2007-01-05 19:41 917504]
"ISUSPM Startup"="C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 00:50 221184]
"ISUSScheduler"="C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" [2004-07-28 00:50 81920]
"MsmqIntCert"="mqrt.dll" [2007-07-06 14:50 177152 C:\WINDOWS\system32\mqrt.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-04-11 06:00 15360]
"MySpaceIM"="C:\Programmi\MySpace\IM\MySpaceIM.exe" [2007-05-30 03:34 5419008]
"Skype"="C:\Programmi\Skype\\Phone\Skype.exe" [2007-09-13 13:31 22880040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programmi\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 14:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 14:41 294912 C:\Programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\FILECO~1\ULEADS~1\Vio\Dvacm.acm
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv
"VIDC.PIXL"= pclepixl.dll
"VIDC.PIM1"= pclepim1.dll
"VIDC.NTN1"= NUVision.ax
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Reader.lnk
backup=C:\WINDOWS\pss\Avvio veloce di Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 20:51 39792 C:\Programmi\Adobe\Reader 8.0\Reader\Reader_SL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Programmi\BitTorrent\bittorrent.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-04 00:29 165784 C:\Programmi\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-06-27 00:08 1211176 C:\Programmi\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InternetCalls]
c:\programmi\internetcalls.com\internetcalls\internetcalls.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 C:\Programmi\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoREX]
--a------ 2003-07-30 01:37 332288 C:\Programmi\MemoRex\MemoRexStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
--a------ 2006-02-13 18:33 214648 C:\Programmi\Octoshape Streaming Services\massimo\OctoshapeClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard]
--a------ 2005-10-11 10:23 1187840 C:\WINDOWS\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-03-23 12:28 1481968 C:\Programmi\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-09-13 21:25 185632 C:\Programmi\File comuni\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vEmotion]
--a------ 2006-10-26 15:16 447488 C:\Programmi\freebird\vEmotion\VEmotion.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-05-15 16:11 3644464 C:\Programmi\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipStunt]
--a------ 2008-01-15 21:46 8824112 C:\Programmi\VoipStunt.com\VoipStunt\voipstunt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2006-06-02 17:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\PPLive\\PPLive.exe"=
"C:\\Programmi\\PPStream\\PPStream.exe"=
"C:\\Programmi\\PPMate\\PPMate\\ppmate.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\Programmi\Microsoft ActiveSync\rapimgr.exe"= C:\Programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Programmi\Microsoft ActiveSync\wcescomm.exe"= C:\Programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Programmi\Microsoft ActiveSync\WCESMgr.exe"= C:\Programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Programmi\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmi\\MSN Messenger\\livecall.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"443:TCP"= 443:TCP:ooVoo TCP port 443
"443:UDP"= 443:UDP:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:ooVoo UDP port 37675
"8200:TCP"= 8200:TCP:BitComet 8200 TCP
"8200:UDP"= 8200:UDP:BitComet 8200 UDP
"21816:TCP"= 21816:TCP:BitComet 21816 TCP
"21816:UDP"= 21816:UDP:BitComet 21816 UDP
"17163:TCP"= 17163:TCP:torrent

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de490374-276d-11dd-8c23-0018de8457bf}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
.
Contenuto della cartella 'Scheduled Tasks'
"2008-05-31 14:17:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-11 18:13:38
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Programmi\Hewlett-Packard\Default Settings\cpqset.exe??@?????????????L?@?????????????`?@?????L?@

Scansione files nascosti ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Programmi\Eset\pr_imon.dll
.
Ora fine scansione: 2008-07-11 18.17.00
ComboFix-quarantined-files.txt 2008-07-11 16:15:54

36 Directory 58,569,670,656 byte disponibili
40 Directory 58,979,762,176 byte disponibili

452 --- E O F --- 2008-07-10 20:48:22
lupos3
Utente Senior
 
Post: 177
Iscritto il: 20/08/06 14:15

Re: Trojan o cosa

Postdi Luke57 » 11/07/08 17:24

Ciao, visualizza fikle e cartelle nascosti (risorse del computer>strumenti>opzioni cartella>visualizzazione>metti la spunta a "visualizza file e cartelle nascosti">OK.
cerca ed elimina se presente questo file:
C:\Documents and Settings\massimo\wdpggpup.exe
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: Trojan o cosa

Postdi lupos3 » 11/07/08 19:54

quel file non c'e' in compenso ora mi ha messo compe pagina pricincipale controlpage.info
lupos3
Utente Senior
 
Post: 177
Iscritto il: 20/08/06 14:15


Torna a Sicurezza e Privacy


Topic correlati a "Trojan o cosa":


Chi c’è in linea

Visitano il forum: Nessuno e 38 ospiti