Condividi:        

Firefox apre ads e altri guai

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Firefox apre ads e altri guai

Postdi electromaster » 13/05/11 14:34

Salve,
Da ieri firefox continua ad aprimi ads non appena apro una qualche pagina web.

Inoltre adesso iexplore.exe è un file DOS che genera un collegamento a se' stesso non appena viene avviato.

Dopo ogni riavvio tendo a trovare adaware nella cartella System32.
Ho effettuato diverse scansioni con MalwareBytes, AdAware, A-squared2 e Agnitum SecuritySuite.
Tutto aggiornato ad oggi.
Hanno trovato cookies ed un trojan-mutant nella cartella java che apparentemente MalwareBytes è riuscito a rimuovere con successo.
Per adesso A-squared blocca gli ads con successo.
Allego i Logs di Hijackthis e combofix in spoilers.
HIJACKTHIS:
Codice: Seleziona tutto
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:17:22, on 13/05/2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Agnitum\Outpost Security Suite Free\op_mon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe

R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof2.dll
O2 - BHO: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine  - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Softonic-Eng7 - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof2.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof2.dll
O3 - Toolbar: Conduit Engine  - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [OutpostMonitor] "C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Security Suite Free\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica usando &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll
O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files\Tunngle\TnglCtrl.exe

--
End of file - 5296 bytes


COMBOFIX:
Codice: Seleziona tutto
ComboFix 11-05-11.04 - XXXXXX 12/05/2011  23:55:44.1.2 - x86
Microsoft Windows 7 Professional   6.1.7600.0.932.81.1040.18.2047.1377 [GMT 2:00]
Running from: c:\users\DAVIDE\Downloads\ComboFix.exe
AV: Outpost Security Suite *Disabled/Updated* {ECEA6BCD-A007-0BC7-D5A5-0254DCBD816E}
FW: Outpost Security Suite *Disabled* {D4D1EAE8-EA68-0A9F-FEFA-AB61226EC615}
SP: Outpost Security Suite *Disabled/Updated* {578B8A29-863D-0449-EF15-3926A73ACBD3}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\tuneupportable\TuneUpPortable.exe
.
.
(((((((((((((((((((((((((   Files Created from 2011-04-12 to 2011-05-12  )))))))))))))))))))))))))))))))
.
.
2011-05-12 22:02 . 2011-05-12 22:02   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-05-12 17:00 . 2011-04-28 17:40   2682880   ----a-w-   c:\program files\Mozilla Firefox\extensions\{d8b46c3b-1b50-80fb-8862-bcd40e613ded}\components\2ec1ec9.dll
2011-05-12 16:57 . 2011-05-12 17:00   121353   ----a-w-   c:\windows\system32\35ac6542.exe
2011-05-12 16:57 . 2011-05-12 17:00   50328   ----a-w-   c:\windows\system32\bksufobuyqr.exe
2011-05-12 16:57 . 2011-05-12 16:57   --------   d-sh--w-   c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-05-11 10:37 . 2011-04-09 06:13   3957632   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2011-05-11 10:37 . 2011-04-09 06:13   3901824   ----a-w-   c:\windows\system32\ntoskrnl.exe
2011-05-10 15:22 . 2011-05-10 15:49   --------   dc----w-   c:\program files\PCSX2 0.9.8
2011-05-09 10:14 . 2011-05-09 10:14   89048   ----a-w-   c:\program files\Mozilla Firefox\libEGL.dll
2011-05-09 10:14 . 2011-05-09 10:14   781272   ----a-w-   c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-09 10:14 . 2011-05-09 10:14   465880   ----a-w-   c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-09 10:14 . 2011-05-09 10:14   1892184   ----a-w-   c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-09 10:14 . 2011-05-09 10:14   1874904   ----a-w-   c:\program files\Mozilla Firefox\mozjs.dll
2011-05-09 10:14 . 2011-05-09 10:14   15832   ----a-w-   c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-09 10:14 . 2011-05-09 10:14   142296   ----a-w-   c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-09 10:14 . 2011-05-09 10:14   1974616   ----a-w-   c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-06 10:43 . 2011-05-06 10:43   --------   d-sh--w-   c:\users\DAVIDE\wc
2011-05-06 10:43 . 2011-05-06 10:43   --------   d-----w-   c:\users\DAVIDE\AppData\Local\Universe Sandbox
2011-05-06 10:42 . 2011-05-06 10:43   --------   d-sh--w-   c:\users\DAVIDE\AppData\Roaming\wyUpdate AU
2011-05-06 10:41 . 2011-05-06 10:49   --------   d-----w-   c:\program files\Universe Sandbox
2011-05-05 12:36 . 2011-05-09 16:03   --------   d-----w-   c:\program files\Kalypso Media
2011-04-30 13:52 . 2011-04-30 13:57   --------   d-----w-   c:\program files\Swat4
2011-04-27 18:00 . 2011-04-27 18:00   --------   d-----w-   c:\program files\Codemasters
2011-04-21 13:25 . 2011-05-10 15:22   --------   d-----w-   c:\program files\PCSX2 0.9.7
2011-04-16 19:29 . 2011-04-16 19:29   --------   d-----w-   c:\program files\TeamSpeak 3 Client
2011-04-13 22:18 . 2011-04-13 22:25   --------   d-----w-   c:\program files\EcoleSoftware
2011-04-13 21:59 . 2011-02-23 05:06   311296   ----a-w-   c:\windows\system32\drivers\srv.sys
2011-04-13 21:59 . 2011-02-23 05:05   309760   ----a-w-   c:\windows\system32\drivers\srv2.sys
2011-04-13 21:59 . 2011-02-23 05:05   113664   ----a-w-   c:\windows\system32\drivers\srvnet.sys
2011-04-13 21:59 . 2011-02-18 05:36   428032   ----a-w-   c:\windows\system32\vbscript.dll
2011-04-13 21:59 . 2011-03-03 05:29   132608   ----a-w-   c:\windows\system32\dnsrslvr.dll
2011-04-13 21:59 . 2011-03-03 05:27   28672   ----a-w-   c:\windows\system32\dnscacheugc.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-10 17:00 . 2010-08-30 21:38   139128   ----a-w-   c:\windows\system32\drivers\PnkBstrK.sys
2011-04-10 17:00 . 2010-08-30 22:19   215128   ----a-w-   c:\windows\system32\PnkBstrB.xtr
2011-04-10 17:00 . 2010-08-30 21:38   215128   ----a-w-   c:\windows\system32\PnkBstrB.exe
2011-04-10 17:00 . 2010-08-30 21:38   215128   ----a-w-   c:\windows\system32\PnkBstrB.ex0
2011-04-09 16:55 . 2011-04-09 16:55   15453336   ----a-w-   c:\windows\system32\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55   13642904   ----a-w-   c:\windows\system32\xlivefnt.dll
2011-04-05 15:32 . 2010-06-24 10:33   18328   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-03 10:55 . 2010-08-30 21:38   75136   ----a-w-   c:\windows\system32\PnkBstrA.exe
2011-03-11 13:22 . 2011-01-16 19:19   0   ----a-w-   c:\windows\system32\ConduitEngine.tmp
2011-05-09 10:14 . 2011-05-09 10:14   142296   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
.
[-] 2010-08-10 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
[7] 2011-02-24 . AB2BB40A5FE49AD236791AC22BD08869 . 673040 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20908_none_b42a203b9ef553cc\iexplore.exe
[-] 2011-02-24 05:32 . 14AA4CCA41BFE26422AC1D20CABF88CC . 673040 . . [------] . . c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16766_none_b35da16e860a2bd3\iexplore.exe
[7] 2010-12-18 . AA08B68EF4E35EFA170CF85A44B23B70 . 673040 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16722_none_b384dff685ed56b3\iexplore.exe
[7] 2010-12-18 . 9321CF0D023528C71E3645F8433C86C8 . 673040 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20861_none_b3e23cc79f2c4cea\iexplore.exe
[7] 2010-11-04 . 6B2258FF6D2332073FE9E90122FA4168 . 673040 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20831_none_b402ac8b9f13f917\iexplore.exe
[7] 2010-11-04 . 58CF468D3FF4CF830339FE5E45356355 . 673040 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16700_none_b3987f3a85deec23\iexplore.exe
[7] 2010-09-08 . 14803EA3E5DD7CB37CB446C74CFDA38F . 673040 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20795_none_b3c5cc459f4108f2\iexplore.exe
[7] 2010-09-08 . 61EDBCE47ADF3E52AB0B9F49EE4AEBB8 . 673040 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16671_none_b34dce2a8616cbea\iexplore.exe
[7] 2009-07-14 . 2C32E3E596CFE660353753EABEFB0540 . 673048 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_b346f9b4861b55c2\iexplore.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54   175912   ----a-w-   c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2011-01-17 14:54   175912   ----a-w-   c:\program files\Softonic-Eng7\prxtbSof2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof2.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\prxtbSof2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Outpost]
@="{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
[HKEY_CLASSES_ROOT\CLSID\{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}]
2010-12-13 12:15   462984   ----a-w-   c:\program files\Agnitum\Outpost Security Suite Free\op_shell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-07-28 9398888]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 336384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2010-12-13 3014512]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Security Suite Free\feedback.exe" [2010-12-13 513960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Agnitum\OUTPOS~1\wl_hook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47   35760   ----a-w-   c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04   1164584   ----a-w-   c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EADM]
2011-04-03 06:10   11857920   ----a-w-   c:\program files\Electronic Arts\EADM\EADMUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-09-02 09:26   672632   ----a-w-   c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44   248552   ----a-w-   c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [2010-11-26 72352]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-07 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-07 691696]
S1 afw;Agnitum Firewall Driver;c:\windows\system32\DRIVERS\afw.sys [2010-04-20 34920]
S1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2010-11-26 710696]
S2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [2010-12-13 2067936]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 176128]
S2 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [2010-07-06 716024]
S3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2010-09-27 328296]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-11-26 6650368]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-11-26 231936]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]
S3 VBEngNT;VBEngNT;c:\windows\system32\drivers\VBEngNT.sys [2010-06-09 241088]
S3 VBFilt;VBFilt;c:\windows\system32\Filt\VBFilt.dll [2010-11-26 36288]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - VBCoreNT.0
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Scarica usando &BitSpirit - c:\program files\BitSpirit\bsurl.htm
FF - ProfilePath - c:\users\DAVIDE\AppData\Roaming\Mozilla\Firefox\Profiles\2h4izaya.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1799601217-3733620920-584549332-1000\Software\SecuROM\License information*]
"datasecu"=hex:55,6c,ce,c7,85,68,3f,ee,67,0d,ac,9b,e9,a4,9c,90,cc,3f,f5,b6,cb,
   9b,0f,e0,e7,14,64,e9,64,44,76,d8,5a,26,4a,c1,f0,78,74,e2,79,c7,00,14,53,34,\
"rkeysecu"=hex:37,9c,74,07,6b,97,fb,4a,59,ea,e9,07,d1,b4,37,5f
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(712)
c:\progra~1\agnitum\outpos~1\wl_hook.dll
.
- - - - - - - > 'lsass.exe'(572)
c:\progra~1\agnitum\outpos~1\wl_hook.dll
.
Completion time: 2011-05-13  00:05:27
ComboFix-quarantined-files.txt  2011-05-12 22:05
.
Pre-Run: 82.739.101.696 byte disponibili
Post-Run: 82.646.196.224 byte disponibili
.
- - End Of File - - 6824D1EF5682C978F3CCA2287DC4B168

Confido nel vostro aiuto.
electromaster
Newbie
 
Post: 4
Iscritto il: 13/05/11 14:25

Sponsor
 

Re: Firefox apre ads e altri guai

Postdi mirkogrifo » 26/05/11 11:20

succede anche a me con una finestra su IE che punta ad un link "cdn"
mirkogrifo
Newbie
 
Post: 1
Iscritto il: 26/05/11 10:49


Torna a Sicurezza e Privacy


Topic correlati a "Firefox apre ads e altri guai":

Firefox 115.6.0esr
Autore: ophiucus
Forum: Software Windows
Risposte: 0

Chi c’è in linea

Visitano il forum: Nessuno e 47 ospiti