Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

controllo log combo & hijack

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

controllo log combo & hijack

Messaggioda poppiski » mer ago 19, 2009 1:55 pm

Ho tra le mani un mio vecchio PC dato ad un amico.
A me è andato sempre benissimo, adesso invece sembra una lumaca.
Ho provato di tutto ma senza grandi risultati.

ecco il log di combofix

ComboFix 09-08-18.03 - Rita 19/08/2009 14.33.29.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.255.120 [GMT 2:00]
Eseguito da: c:\documents and settings\Rita\Documenti\Download\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {00000002-0002-0000-3C24-9E7C08000A00}
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\d68f9.msi

.
((((((((((((((((((((((((( Files Creati Da 2009-07-19 al 2009-08-19 )))))))))))))))))))))))))))))))))))
.

2009-08-16 13:46 . 2009-08-16 13:46 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-08-15 14:03 . 2009-08-15 14:30 -------- d-----w- c:\programmi\PeerGuardian2
2009-08-15 13:39 . 2009-08-15 13:39 371349 ----a-w- c:\windows\system32\drivers\BT848.sys
2009-08-15 13:00 . 2009-08-15 13:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite
2009-08-15 13:00 . 2009-08-15 13:00 -------- d-----w- c:\programmi\DAEMON Tools Toolbar
2009-08-15 12:59 . 2009-08-15 13:00 -------- d-----w- c:\programmi\DAEMON Tools Lite
2009-08-15 12:54 . 2009-08-15 12:54 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-15 12:54 . 2009-08-15 13:03 -------- d-----w- c:\documents and settings\Rita\Dati applicazioni\DAEMON Tools Lite
2009-08-15 11:44 . 2007-07-19 22:57 267112 ----a-w- c:\windows\system32\xactengine2_9.dll
2009-08-15 11:42 . 2009-08-15 11:42 -------- d-----w- c:\windows\Logs
2009-08-14 14:48 . 2009-08-15 09:27 117760 ----a-w- c:\documents and settings\Rita\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-14 14:46 . 2009-08-14 14:46 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2009-08-14 14:45 . 2009-08-14 14:45 -------- d-----w- c:\programmi\SUPERAntiSpyware
2009-08-14 14:45 . 2009-08-14 14:45 -------- d-----w- c:\documents and settings\Rita\Dati applicazioni\SUPERAntiSpyware.com
2009-08-14 14:24 . 2009-08-14 14:24 -------- d-----w- c:\windows\Sun
2009-08-14 14:20 . 2009-08-14 14:20 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-08-14 14:19 . 2009-08-14 14:19 -------- d-----w- c:\programmi\Java
2009-08-14 14:19 . 2009-08-14 14:19 152576 ----a-w- c:\documents and settings\Rita\Dati applicazioni\Sun\Java\jre1.6.0_14\lzma.dll
2009-08-13 22:07 . 2009-08-13 22:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\nView_Profiles
2009-08-13 15:33 . 2009-08-13 15:33 -------- d-----w- c:\programmi\vanBasco's Karaoke Player
2009-08-13 09:08 . 2009-08-13 09:09 -------- d-----w- c:\programmi\File comuni\Adobe
2009-08-13 09:04 . 2009-08-15 13:19 -------- d-----w- c:\documents and settings\Rita\Impostazioni locali\Dati applicazioni\Adobe
2009-08-12 15:37 . 2009-08-12 15:37 -------- d-----w- c:\windows\ServicePackFiles
2009-08-11 16:55 . 2009-08-11 17:09 -------- d-----w- c:\windows\nview
2009-08-11 16:55 . 2006-10-22 10:22 208896 ----a-w- c:\windows\system32\nvudisp.exe
2009-08-11 16:54 . 2006-10-22 13:06 208896 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-08-10 21:24 . 2009-08-14 08:54 -------- d-----w- c:\windows\system32\Adobe
2009-08-10 21:12 . 2009-08-06 20:49 455033 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aescript.dll
2009-08-10 21:12 . 2009-07-22 15:43 127348 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aescn.dll
2009-08-10 21:12 . 2009-07-14 16:08 430452 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aerdl.dll
2009-08-10 21:12 . 2009-04-30 13:33 106868 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aevdf.dll
2009-08-10 21:12 . 2009-06-17 13:32 196987 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aeoffice.dll
2009-08-10 21:12 . 2009-05-27 16:10 401783 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aepack.dll
2009-08-10 21:12 . 2009-08-07 13:57 1917302 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aeheur.dll
2009-08-10 21:12 . 2009-08-06 20:49 356723 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aegen.dll
2009-08-10 21:12 . 2009-07-22 15:43 233846 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aehelp.dll
2009-08-10 21:12 . 2009-07-22 15:43 184694 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aecore.dll
2009-08-10 21:12 . 2008-10-15 09:49 393588 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aeemu.dll
2009-08-10 21:12 . 2008-10-15 09:49 53618 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\CONFIG\AVWIN.INIaebb.dll
2009-08-10 20:58 . 2009-08-10 20:58 -------- d-----w- c:\documents and settings\Rita\Dati applicazioni\PCToolsFirewallPlus
2009-08-10 20:56 . 2009-03-06 14:45 130424 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-08-10 20:56 . 2008-12-18 10:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-08-10 20:56 . 2008-12-11 06:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-08-10 20:55 . 2009-08-10 20:56 -------- d-----w- c:\programmi\File comuni\PC Tools
2009-08-10 20:55 . 2008-09-22 09:29 97408 ----a-w- c:\windows\system32\drivers\pctfw.sys
2009-08-10 20:55 . 2009-01-21 07:38 95640 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2009-08-10 20:55 . 2009-08-11 17:47 -------- d-----w- c:\programmi\PC Tools Firewall Plus
2009-08-10 20:35 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-10 20:35 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-10 20:35 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-10 20:35 . 2009-08-10 20:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-08-10 19:35 . 2009-08-10 19:36 -------- d-----w- c:\programmi\eMule
2009-08-10 15:44 . 2009-08-13 10:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2009-07-21 06:52 . 2009-07-21 06:52 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-20 17:46 . 2009-07-03 16:55 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-20 17:46 . 2009-07-03 16:55 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-19 12:17 . 2009-01-04 21:13 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-08-19 11:05 . 2009-05-02 20:17 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-15 19:29 . 2009-01-05 16:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-08-15 13:12 . 2009-01-05 21:08 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-08-15 13:11 . 2009-01-05 21:08 -------- d-----w- c:\programmi\File comuni\InstallShield
2009-08-15 12:37 . 2009-01-05 21:08 -------- d-----w- c:\programmi\sisagp
2009-08-15 11:47 . 2009-08-15 11:47 1621 ----a-w- c:\documents and settings\All Users\Dati applicazioni\xml92.tmp
2009-08-15 11:47 . 2009-08-15 11:47 13592 ----a-w- c:\documents and settings\All Users\Dati applicazioni\xml91.tmp
2009-08-15 11:47 . 2009-08-15 11:47 8023 ----a-w- c:\documents and settings\All Users\Dati applicazioni\xml90.tmp
2009-08-14 14:43 . 2002-10-28 23:21 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2009-08-12 09:37 . 2009-05-03 08:13 -------- d-----w- c:\programmi\YouTube Downloader
2009-08-10 17:16 . 2009-01-05 16:38 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-08-10 17:14 . 2009-01-04 21:13 -------- d-----w- c:\programmi\SpywareBlaster
2009-08-10 15:53 . 2001-08-31 11:00 47592 ----a-w- c:\windows\system32\perfc010.dat
2009-08-10 15:53 . 2001-08-31 11:00 345010 ----a-w- c:\windows\system32\perfh010.dat
2009-08-05 09:05 . 2004-08-19 13:39 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-20 17:43 . 2009-01-05 20:35 -------- d-----w- c:\programmi\Google
2009-07-17 18:56 . 2004-08-19 13:39 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 00:18 . 2004-08-19 13:39 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 16:55 . 2004-08-19 13:39 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 18:34 . 2004-08-19 13:39 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:34 . 2004-08-19 13:39 519168 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:34 . 2004-08-19 13:39 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:34 . 2004-08-19 13:39 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:34 . 2004-08-19 13:39 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:34 . 2004-08-19 13:39 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 18:34 . 2004-08-19 13:39 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:34 . 2004-08-19 13:39 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:34 . 2004-08-19 13:39 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:34 . 2004-08-19 13:39 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:34 . 2004-08-19 13:39 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:34 . 2004-08-19 13:39 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 08:44 . 2004-08-19 13:39 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:44 . 2004-08-19 13:39 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:44 . 2004-08-19 13:39 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:44 . 2004-08-19 13:39 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:44 . 2004-08-19 13:39 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:44 . 2004-08-19 13:39 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-06-22 11:49 . 2004-08-19 13:39 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2004-08-19 13:39 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2004-08-19 13:39 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2004-08-03 20:58 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-22 11:34 . 2004-08-03 20:59 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:53 . 2004-08-19 13:39 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:53 . 2001-08-31 11:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 11:32 . 2004-08-19 13:39 78336 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 11:32 . 2004-08-19 13:39 82432 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-10 14:23 . 2004-08-19 13:39 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:30 . 2004-08-19 13:39 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 07:42 . 2002-10-29 00:41 655872 ----a-w- c:\windows\system32\mstscax.dll
2009-06-03 19:25 . 2004-08-19 13:39 1295872 ----a-w- c:\windows\system32\quartz.dll
2009-06-01 21:22 . 2003-07-18 08:58 36992 ----a-w- c:\windows\system32\drivers\SISAGPX.SYS
2009-06-01 21:18 . 2009-06-01 21:19 9472 ----a-w- c:\windows\system32\drivers\sisperf.sys
2009-06-01 21:18 . 2009-06-01 21:19 49024 ----a-w- c:\windows\system32\drivers\sisidex.sys
2009-06-01 21:18 . 2003-03-25 15:50 4096 ----a-w- c:\windows\system32\drivers\siside.sys
2009-06-01 21:18 . 2009-06-01 21:19 139264 ----a-w- c:\windows\system32\IDEproperty.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"00PCTFW"="c:\programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TuneUp.Defrag"=3 (0x3)
"SharedAccess"=2 (0x2)
"NVSvc"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"gusvc"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" /background
"swg"=c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd
"nwiz"=nwiz.exe /install
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\ADSL Seat-Tin.it\\ADSL Tin.it\\app\\EnterNetFolder.exe"=
"c:\\Programmi\\Avira\\AntiVir Desktop\\update.exe"=

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [10/08/2009 22.56.43 159600]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [05/08/2009 16.06.28 9968]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [05/08/2009 16.06.28 74480]
R2 BT848;Conexant's BtPCI WDM Video Capture;c:\windows\system32\drivers\BT848.sys [15/08/2009 15.39.12 371349]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [10/08/2009 22.56.50 73840]
R2 PPPoEService;PPPoE Service;c:\progra~1\ADSLSE~1.IT\ADSLTI~1.IT\app\pppoeservice.exe [06/01/2009 1.10.53 49152]
R3 DCamUSBNW802;Mustek Wcam 300;c:\windows\system32\drivers\pcam.sys [01/06/2009 21.55.17 265904]
R3 NTSPPPOE;Efficient Networks Enternet P.P.P.o.E LAN Miniport Driver;c:\windows\system32\drivers\ntspppoe.sys [06/01/2009 1.10.52 161640]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [10/08/2009 22.55.21 95640]
S3 NTSTPL1;NTSTPL1;c:\progra~1\ADSLSE~1.IT\ADSLTI~1.IT\app\NTSTPL1.SYS [06/01/2009 1.10.53 16096]
S3 RAWESR;RAWESR;c:\progra~1\ADSLSE~1.IT\ADSLTI~1.IT\app\RAWESR.SYS [06/01/2009 1.10.53 12924]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [05/08/2009 16.06.30 7408]
S3 TAPBIND;TAPBIND;c:\progra~1\ADSLSE~1.IT\ADSLTI~1.IT\app\TAPBIND1.SYS [06/01/2009 1.10.53 44544]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-08-14 c:\windows\Tasks\1-Click Maintenance.job
- c:\programmi\TuneUp Utilities 2008\OneClick.exe [2008-06-20 08:27]

2009-08-19 c:\windows\Tasks\Verifica e correzione automatica.job
- c:\programmi\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:27]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\documents and settings\Rita\Dati applicazioni\Mozilla\Firefox\Profiles\t8i3686j.default\
FF - prefs.js: browser.startup.homepage - http://www.google.it

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-19 14:40
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(928)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Ora fine scansione: 2009-08-19 14.44.27
ComboFix-quarantined-files.txt 2009-08-19 12:44

Pre-Run: 13.145.903.104 byte disponibili
Post-Run: 13.141.520.384 byte disponibili

294 --- E O F --- 2009-08-12 15:41


e quello di hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.53.37, on 19/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
C:\PROGRA~1\ADSLSE~1.IT\ADSLTI~1.IT\app\pppoeservice.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\ctfmon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min /nosplash
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Programmi\PC Tools Firewall Plus\FWService.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\ADSLSE~1.IT\ADSLTI~1.IT\app\pppoeservice.exe

--
End of file - 4504 bytes


magari trovate qualcosa che io non vedo [cry]

grazie a chi volesse aiutarmi
vista / XP dualboot + ubuntu su virtualbox
Avatar utente
poppiski
Senior Member
Senior Member
 
Messaggi: 325
Iscritto il: dom apr 06, 2008 6:25 pm
Località: Giulianova

Re: controllo log combo & hijack

Messaggioda ste_95 » mer ago 19, 2009 2:05 pm

Neanche io ci vedo nulla. Immagino tu abbia già effettuato queste operazioni:
http://www.MegaLab.it/3502/computer-len ... ei-malware
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: controllo log combo & hijack

Messaggioda poppiski » mer ago 19, 2009 2:21 pm

fatto già tutto

- ccleaner
- deframmentato almemo una volta ad ogni riavvio per decine di volte
- disattivato tutti i programmi al avvio, lasciando solo antivir e firewall

scansioni
- superantispyware
- antivir
- spybot
- hijackthis
- kaspersi online scan si blocca purtroppo

premetto che non e un PC dalle caratteristiche eccelse, ma tutt' altro.
[ MB k7s5a , duron 1300, 256mb ddr400 ( funzionante a 266 causa mobo ), nvidia 400MX ]

però ho disattivato lo sfondo del desktop e tutte le opzioni grafiche di XP, non cambia.
quindi non penso dipenda dal hardware,
anche perche io lo utilizzavo con questa configurazione con le sudette attive ed andava bene.

forse puo essrti d'aiuto sapere che al avvio c'è un servizio svchost che va a 100% per un paio di minuti.

confido in te Ste

grazie
vista / XP dualboot + ubuntu su virtualbox
Avatar utente
poppiski
Senior Member
Senior Member
 
Messaggi: 325
Iscritto il: dom apr 06, 2008 6:25 pm
Località: Giulianova


Re: controllo log combo & hijack

Messaggioda ste_95 » mer ago 19, 2009 2:49 pm

Prova a vedere cosa si avvia sfruttando svchost [;)]
http://www.MegaLab.it/4172/svchost-exe- ... olivalente
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: controllo log combo & hijack

Messaggioda poppiski » mer ago 19, 2009 3:28 pm

svchost viewer non mi parte.

mi da un errore " applicazione non corettamente inizializzata"
vista / XP dualboot + ubuntu su virtualbox
Avatar utente
poppiski
Senior Member
Senior Member
 
Messaggi: 325
Iscritto il: dom apr 06, 2008 6:25 pm
Località: Giulianova

Re: controllo log combo & hijack

Messaggioda ste_95 » mer ago 19, 2009 6:15 pm

poppiski ha scritto:mi da un errore " applicazione non corettamente inizializzata"

Sicuro di aver installato il .NET FrameWork 3.5?
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: controllo log combo & hijack

Messaggioda poppiski » gio ago 20, 2009 9:54 am

ste_95 ha scritto:Sicuro di aver installato il .NET FrameWork 3.5?


[fischio] [fischio] [fischio]
ho toppato
effettivamente mi sono dimenticato, adesso va,
Però non c'è più nulla di disattivabile, poiche avevo già disattivato tutto il possibile da strumenti di aministratore - servizi.

Ho notato che svchost - servizio di rete porta la cpu al 100% anche quando apro firefox.
vista / XP dualboot + ubuntu su virtualbox
Avatar utente
poppiski
Senior Member
Senior Member
 
Messaggi: 325
Iscritto il: dom apr 06, 2008 6:25 pm
Località: Giulianova

Re: controllo log combo & hijack

Messaggioda ste_95 » gio ago 20, 2009 1:02 pm

Probabilmente sono tutti comportamenti legittimi, se poi si tratta di rallentamenti che durano appena un paio di secondi non saprei proprio aiutarti.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: controllo log combo & hijack

Messaggioda poppiski » ven ago 21, 2009 1:59 pm

ste_95 ha scritto:Probabilmente sono tutti comportamenti legittimi, se poi si tratta di rallentamenti che durano appena un paio di secondi non saprei proprio aiutarti.

non si trattava di 2-3 sec. ma di 20-25 anche oltre

la cosa è migliorata nettamente disinstallando spybotS&D 1.6.0 e installando la 1.6.2 .
sembra propio che spybot avesse qualche problema.

ti ringrazio per il tempo dedicatomi [^]
vista / XP dualboot + ubuntu su virtualbox
Avatar utente
poppiski
Senior Member
Senior Member
 
Messaggi: 325
Iscritto il: dom apr 06, 2008 6:25 pm
Località: Giulianova


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 17 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising