Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

firefox problem

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

firefox problem

Messaggioda ivan92 » gio ago 27, 2009 7:06 pm

credo di avere un virus che mi intacca firefox...si ridimensiona da solo e va molto lento tanto da non rispondere + volte
Avatar utente
ivan92
Senior Member
Senior Member
 
Messaggi: 285
Iscritto il: mer gen 09, 2008 4:48 pm
Località: orsago( tv)

Re: firefox problem

Messaggioda Roberto88 » gio ago 27, 2009 7:56 pm

già provato a reinstallarlo? scansione con combofix?
within the truth of evil and good there's more than you see
....much more than you should
Avatar utente
Roberto88
Bronze Member
Bronze Member
 
Messaggi: 968
Iscritto il: mar nov 11, 2008 11:17 pm

Re: firefox problem

Messaggioda ivan92 » ven ago 28, 2009 12:35 pm

ecco la scansione con combofix:

ComboFix 09-08-27.09 - Utente 28/08/2009 13.18.37.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.2046.1087 [GMT 2:00]
Eseguito da: c:\users\Utente\Desktop\ciao.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Creati Da 2009-07-28 al 2009-08-28 )))))))))))))))))))))))))))))))))))
.

2009-08-28 11:28 . 2009-08-28 11:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-25 20:38 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-25 17:08 . 2009-06-05 09:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-25 17:08 . 2009-06-05 09:53 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-17 11:44 . 2009-08-17 11:44 -------- d-----w- c:\program files\softendo.com
2009-08-17 07:57 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-17 07:57 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-17 07:57 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-17 07:57 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-17 07:57 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-17 07:57 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-17 07:57 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-17 07:57 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-16 16:52 . 2009-07-17 13:54 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-16 16:52 . 2009-06-10 11:42 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-16 16:52 . 2009-06-04 12:07 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-16 16:52 . 2009-06-10 11:38 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-16 16:52 . 2009-07-15 12:39 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-16 16:52 . 2009-07-15 12:39 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-16 16:52 . 2009-07-15 12:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-16 16:52 . 2009-07-15 12:40 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-08 11:33 . 2009-08-08 11:34 -------- d-----w- c:\windows\system32\ca-ES
2009-08-08 11:33 . 2009-08-08 11:34 -------- d-----w- c:\windows\system32\eu-ES
2009-08-08 11:33 . 2009-08-08 11:34 -------- d-----w- c:\windows\system32\vi-VN
2009-08-08 11:11 . 2009-08-08 11:11 -------- d-----w- c:\windows\system32\EventProviders
2009-08-08 10:32 . 2009-04-11 06:28 758784 ----a-w- c:\windows\system32\qmgr.dll
2009-08-08 10:31 . 2009-04-11 06:32 161752 ----a-w- c:\windows\system32\drivers\msrpc.sys
2009-08-08 10:30 . 2009-04-11 06:28 53248 ----a-w- c:\windows\system32\tsgqec.dll
2009-08-08 10:29 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-08-08 10:29 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-08-08 10:29 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-08-08 10:28 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-28 11:20 . 2009-02-26 15:03 1082159136 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-28 11:12 . 2009-03-25 17:56 -------- d-----w- c:\users\Utente\AppData\Roaming\Skype
2009-08-27 21:24 . 2009-02-26 15:03 12665144 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-27 19:36 . 2008-09-02 08:14 -------- d-----w- c:\program files\Spyware Doctor
2009-08-27 18:56 . 2008-09-02 08:12 -------- d-----w- c:\programdata\Google Updater
2009-08-27 14:29 . 2006-11-06 01:52 662846 ----a-w- c:\windows\system32\perfh010.dat
2009-08-27 14:29 . 2006-11-06 01:52 120326 ----a-w- c:\windows\system32\perfc010.dat
2009-08-26 16:33 . 2008-10-29 15:42 89246 ----a-w- c:\programdata\nvModes.dat
2009-08-16 20:44 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-08 11:48 . 2008-10-29 15:42 -------- d-----w- c:\programdata\NVIDIA
2009-08-08 11:35 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-08-08 11:35 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-08-08 11:35 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-08-08 11:35 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-08-08 11:35 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-08-08 11:34 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-08-08 11:33 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-08-01 09:54 . 2008-09-08 15:11 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-24 08:33 . 2009-01-10 17:01 -------- d-----w- c:\users\Utente\AppData\Roaming\gtk-2.0
2009-07-22 20:41 . 2009-01-31 13:30 -------- d-----w- c:\users\Utente\AppData\Roaming\FileZilla
2009-07-21 21:52 . 2009-07-29 12:09 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 12:09 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 12:09 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 12:09 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-21 16:29 . 2008-09-02 13:33 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-20 19:40 . 2008-09-28 18:08 -------- d-----w- c:\users\Utente\AppData\Roaming\Canon
2009-07-16 20:07 . 2009-07-16 20:07 -------- d-----w- c:\program files\GamersFirst
2009-07-16 20:06 . 2007-07-20 10:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-14 15:17 . 2009-07-14 15:17 15308440 ----a-w- c:\windows\system32\xlive.dll
2009-07-14 15:17 . 2009-07-14 15:17 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-07-10 18:02 . 2009-07-10 18:02 -------- d-----w- c:\users\Utente\AppData\Roaming\Yahoo!
2009-07-10 18:02 . 2009-07-10 18:02 -------- d-----w- c:\programdata\Yahoo! Companion
2009-07-10 18:02 . 2008-09-02 13:47 -------- d-----w- c:\program files\Yahoo!
2009-07-07 09:17 . 2008-09-09 12:18 139016 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-07 09:16 . 2008-09-09 12:18 189488 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-07 07:50 . 2009-01-31 13:30 -------- d-----w- c:\program files\FileZilla FTP Client
2009-07-04 11:46 . 2008-09-02 13:47 -------- d-----w- c:\program files\FLV Player
2009-07-02 10:30 . 2009-07-02 09:33 -------- d-----w- c:\program files\Cyanide
2009-07-02 08:08 . 2008-09-09 12:18 139152 ----a-w- c:\users\Utente\AppData\Roaming\PnkBstrK.sys
2009-07-02 08:08 . 2008-09-09 12:18 139152 ----a-w- c:\users\Utente\AppData\Roaming\PnkBstrK.sys
2009-07-02 08:08 . 2008-09-09 12:18 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-02 08:08 . 2008-09-09 12:18 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-07-02 07:59 . 2009-07-02 07:59 -------- d-----w- c:\program files\EA Games
2009-07-02 06:30 . 2008-10-31 15:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-02 06:30 . 2009-02-22 21:33 3561743 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-01 17:22 . 2009-07-01 17:22 -------- d-----w- c:\program files\AAALOGO2009
2009-07-01 08:21 . 2009-07-01 08:21 -------- d-----w- c:\program files\WhoCrashed
2009-07-01 08:18 . 2009-07-01 08:17 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2009-06-30 08:23 . 2009-06-30 08:20 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-30 08:19 . 2009-06-30 08:19 -------- d-----w- c:\programdata\PC Tools
2009-06-28 15:56 . 2009-06-28 15:56 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-06-25 14:36 . 2009-07-02 07:57 1291640 ----a-w- c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\danhltyj.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2009-06-25 14:36 . 2009-07-02 07:57 729088 ----a-w- c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\danhltyj.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2009-06-23 21:18 . 2008-10-19 12:18 1 ----a-w- c:\users\Utente\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-17 09:27 . 2008-10-31 15:06 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 09:27 . 2008-10-31 15:06 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-15 14:53 . 2009-07-15 10:57 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 14:52 . 2009-07-15 10:57 23552 ----a-w- c:\windows\system32\lpk.dll
2009-06-15 14:52 . 2009-07-15 10:57 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 14:51 . 2009-07-15 10:57 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:42 . 2009-07-15 10:57 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-05-30 14:05 . 2008-09-01 09:10 88280 ----a-w- c:\users\Utente\AppData\Local\GDIPFONTCACHEV1.DAT
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-02 24264488]
"PoivY"="c:\program files\PoivY.com\PoivY\poivy.exe" [2009-07-31 9167648]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 46704]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-05-01 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-04-09 1176808]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-19 468264]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-01 4390912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Utente^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^AutoLyrix.lnk]
path=c:\users\Utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoLyrix.lnk
backup=c:\windows\pss\AutoLyrix.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Utente^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\users\Utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):29,86,09,8a,1d,18,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9BA697B1-915C-4D61-A4FD-4A685A2B695F}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{45E9392E-1E22-424B-A50C-E49D9433C510}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{AF8CF5BE-8FC3-47B4-A050-F0A54D8DE1D1}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{8DECF182-E4F8-4A7F-91A5-872FFFE6A6C4}"= c:\program files\HP\Digital Imaging\bin\hpqpse.exe:hpqpse.exe
"{CB53E6C5-95DE-4EBE-81C7-D8022B21E053}"= c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe
"{018A8A45-657B-43C2-BD0F-AA78AB1ED596}"= c:\program files\HP\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe
"{ADDDF97D-1BB8-43AA-9A19-08C2C1AF7DD5}"= c:\program files\HP\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe
"{CB8CF604-16C7-47BC-A3B7-794083351E29}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{5A349D5F-7813-49B5-BBB9-F0F23A6E31D5}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{64CBA301-5FDA-4850-A29F-ED26F4FF4964}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{BAFB88BA-5BFB-49BD-AE71-793AB59CC9D1}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{66B929BD-8124-44E9-8A5C-3E3752952FA0}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{A24CF1F3-9446-4041-88D0-5E8F23690881}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{D3863EFA-D539-4E33-A727-22399C01D96E}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{23412EA0-E5CC-492B-8B7E-C501076F464A}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{6A423948-CFF2-412C-A96F-10ED6F17EB81}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{EA44934B-1F47-4CC3-9FE1-FCBDCF3E0C50}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{813C92B2-705B-4000-868A-32CF2EB9F219}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{6D872ACC-E90F-4DA4-A7CE-CD9466A03960}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{125AEC90-117F-462D-8545-D70D55144697}"= UDP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X
"{538E6507-533C-4E01-ACCD-B086623C956F}"= TCP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X
"{470D2922-CA8C-4095-A3F2-CE01712C155C}"= UDP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X
"{0EC91057-2450-440A-BD2B-95A2FCB4CA3E}"= TCP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X
"{2D671A28-E617-44EA-B06F-A5E86431F899}"= UDP:5353:Adobe CSI CS4
"{C47D72F7-101C-4927-A035-25029BD58D27}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{01EEF17A-8171-4886-92EB-65AB18F1E069}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{A16C5436-0A59-4B64-BD37-882349D183F0}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{E3B184D8-AFE2-4DB9-BBE6-569ED0F175E2}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{EFBA52DD-B1EC-41CA-A545-8F06E3434001}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{43250031-C85F-4093-85B6-546CE2E551B2}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{3621EBA8-CC68-47E6-A58F-644787825ABF}"= UDP:c:\program files\Cyanide\GameCenter\GameCenter.exe:GameCenter
"{7506094A-1A1C-4E56-ACBF-16D553290EF8}"= TCP:c:\program files\Cyanide\GameCenter\GameCenter.exe:GameCenter
"{A27D2B2B-DFE8-4B54-AF7C-103545C6E2FB}"= UDP:c:\program files\PoivY.com\PoivY\PoivY.exe:PoivY
"{39069A11-010F-4612-B237-246CD13DCB21}"= TCP:c:\program files\PoivY.com\PoivY\PoivY.exe:PoivY

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\xchat\\xchat.exe"= c:\program files\xchat\xchat.exe:*:Enabled:XChat IRC Client

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [30/06/2009 10.21.20 130936]
R1 is-PDJFDdrv;is-PDJFDdrv;c:\windows\System32\drivers\10947585.sys [12/04/2009 20.00.37 148496]
R1 VBoxDrv;VirtualBox Service;c:\windows\System32\drivers\VBoxDrv.sys [06/05/2009 18.09.14 100944]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\System32\drivers\VBoxUSBMon.sys [06/05/2009 18.08.23 41424]
R2 ASBroker;Operatore della sessione di accesso;c:\windows\System32\svchost.exe -k Cognizance [06/09/2008 13.43.48 21504]
R2 ASChannel;Canale di comunicazione locale;c:\windows\System32\svchost.exe -k Cognizance [06/09/2008 13.43.48 21504]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [04/09/2008 10.29.40 210216]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\System32\drivers\ATSwpWDF.sys [02/10/2008 17.42.24 482176]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\System32\drivers\VBoxNetAdp.sys [27/04/2009 20.39.08 79888]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\System32\drivers\VBoxNetFlt.sys [27/04/2009 20.39.08 87696]
S2 gupdate1c9a3f1bdcd0f3e;Servizio di Google Update (gupdate1c9a3f1bdcd0f3e);c:\program files\Google\Update\GoogleUpdate.exe [13/03/2009 17.38.20 133104]
S3 epmntdrv;epmntdrv;c:\windows\System32\epmntdrv.sys [19/04/2009 14.46.36 9728]
S3 EuGdiDrv;EuGdiDrv;c:\windows\System32\EuGdiDrv.sys [19/04/2009 14.46.36 3072]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [22/02/2009 17.15.40 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19.08.58 533360]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [30/06/2009 10.20.15 348752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-08-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-02 14:05]

2009-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 15:37]

2009-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 15:37]

2009-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-603610610-2782796317-2799079916-1000Core.job
- c:\users\Utente\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-18 18:20]

2009-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-603610610-2782796317-2799079916-1000UA.job
- c:\users\Utente\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-18 18:20]

2008-09-04 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-19 06:57]

2008-09-04 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-19 06:57]
.
.
------- Scansione supplementare -------
.
uStart Page = www.google.it/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
FF - ProfilePath - c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\danhltyj.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Utente\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\danhltyj.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-28 13:28
Windows 6.0.6002 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-603610610-2782796317-2799079916-1000\Software\SecuROM\License information*]
"datasecu"=hex:d4,64,30,fe,f1,06,01,11,21,97,24,99,60,47,25,c2,5b,7f,56,3f,a4,
6c,22,25,93,2c,4f,56,13,31,1c,e2,9d,df,6d,13,63,87,68,e4,41,2d,02,ad,7c,e1,\
"rkeysecu"=hex:7d,9a,36,f9,97,f7,5a,18,dd,82,e4,3e,61,55,92,01

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(736)
c:\program files\Bioscrypt\VeriSoft\bin\ASWLNPkg.dll
c:\program files\Bioscrypt\VeriSoft\bin\ItMsg.dll

- - - - - - - > 'Explorer.exe'(3956)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\APSHook.dll
.
Ora fine scansione: 2009-08-28 13.32.23
ComboFix-quarantined-files.txt 2009-08-28 11:32
ComboFix2.txt 2009-07-16 17:09
ComboFix3.txt 2009-06-30 09:41
ComboFix4.txt 2009-05-04 14:37

Pre-Run: 42.042.720.256 byte disponibili
Post-Run: 41.977.610.240 byte disponibili

Current=1 Default=1 Failed=0 LastKnownGood=15 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15
364 --- E O F --- 2009-08-25 20:39
Avatar utente
ivan92
Senior Member
Senior Member
 
Messaggi: 285
Iscritto il: mer gen 09, 2008 4:48 pm
Località: orsago( tv)


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 4 ospiti

cron
Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising