Condividi:        

firefox.exe.exe ma che roba le?

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

firefox.exe.exe ma che roba le?

Postdi elaisa83 » 14/08/09 13:59

Ciao a tutti..oggi accendendo il mio pc ho notato che aprivo firefox dallo start..mi faceva rimettere tutte le mie password...e ho pensato va che strano allora ho usato il collegamento sul desk e li invece mi chiedeva se impostare firefox come browser come predefinito...ma visto che sono anni che ormani non uso altro mah però aveva tutte le password memorizzate...qndi Non so come mai perchè di pc me ne intendo proprio poco...ho guardato il percorso del firefox nel menu d avvio ed è C:\Programmi\Mozilla Firefox.exe exe ma che è sto doppio exe?...ho cercato in rete e in un sito per in inglese dice che è un malware, tralasciando che è non so perchè diventato lentissimoooo e faccio strafatica con fb ..gmail..e bla bla...ora ho pensato bene di disinstallarlo..per poi rinstallarlo...ma a mia grande sorpresa..ne direttamente dalla sua cartella, ne nel pannello di controllo ne con ccclenear riesco...cazzarola che giornata , ho fatto tutte le scansioni del caso..con avira, spybot, Malwarebytes', 2 on line con trend micro e kaspersky e pure combifix...mo che faccio?butto via tutto?...ma va che sfiga...
elaisa83
Utente Junior
 
Post: 53
Iscritto il: 06/05/09 10:08

Sponsor
 

Re: firefox.exe.exe ma che roba le?

Postdi Luke57 » 14/08/09 22:52

Ciao, non so perchè hai aperto un altro post, comunque si continua qui e ti chiudo l'altra; hai detto di avere combofix, fai una scansione con tale programma e allega il suo report (C:\combofix.txt).
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: firefox.exe.exe ma che roba le?

Postdi elaisa83 » 16/08/09 10:55

Scusaaa, non volevo intasare il forum, in realtà non ho anc capito come funziona e pensavo che essendo prob due problemi distinti ci volevano due post...ops..cmq ecco il report, ps: ha ritrovato lo stesso virus che è in quarantena e non ho anc capito come eliminare :aaah

((((((((((((((((((((((((( Files Creati Da 2009-07-16 al 2009-08-16 )))))))))))))))))))))))))))))))))))
.

2009-08-14 13:16 . 2009-08-14 13:16 -------- d-----w- c:\documents and settings\Michela Ravarelli\Impostazioni locali\Dati applicazioni\Temp
2009-08-14 06:37 . 2009-08-14 06:37 -------- d-----w- C:\Toolbar4Free Toolbar images
2009-08-12 12:47 . 2009-08-14 12:00 -------- d-----w- c:\programmi\SuperCopier2
2009-08-12 06:40 . 2009-07-10 13:26 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-11 12:07 . 2009-08-11 12:07 -------- d-----w- c:\programmi\Lavalys
2009-08-11 07:07 . 2009-08-11 07:07 3942047 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-11 06:43 . 2009-08-11 06:44 -------- d-----w- c:\documents and settings\Michela Ravarelli\Dati applicazioni\TeraCopy
2009-08-10 08:32 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-10 08:32 . 2009-03-24 14:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-10 08:32 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-10 08:32 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-10 08:32 . 2009-08-10 08:32 -------- d-----w- c:\programmi\Avira
2009-08-10 08:32 . 2009-08-10 08:32 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-08-09 07:48 . 2009-08-09 07:48 152576 ----a-w- c:\documents and settings\Michela Ravarelli\Dati applicazioni\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-08 19:29 . 2009-08-16 09:37 -------- d-----w- c:\documents and settings\Michela Ravarelli\Dati applicazioni\Skype
2009-08-08 19:28 . 2009-08-08 19:28 -------- d-----w- c:\programmi\File comuni\Skype
2009-08-08 19:28 . 2009-08-08 19:29 -------- d-----r- c:\programmi\Skype
2009-08-08 19:24 . 2009-08-08 19:24 -------- d-----w- c:\documents and settings\Michela Ravarelli\Impostazioni locali\Dati applicazioni\Logitech-LS
2009-08-08 19:23 . 2005-05-27 09:38 7136 ----a-r- c:\windows\system32\drivers\lv302af.sys
2009-08-08 19:23 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-08-08 19:23 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-08-08 19:23 . 2005-05-27 09:36 372736 ----a-r- c:\windows\system32\LVUI2RC.dll
2009-08-08 19:23 . 2005-05-27 09:31 22016 ----a-r- c:\windows\system32\drivers\LVUSBSta.sys
2009-08-08 19:23 . 2005-05-27 09:29 204800 ----a-r- c:\windows\system32\LVUI2.dll
2009-08-08 19:23 . 2005-05-27 09:19 106496 ----a-r- c:\windows\system32\lvcoinst.dll
2009-08-08 19:23 . 2005-05-27 09:26 204800 ----a-r- c:\windows\system32\lvcodec2.dll
2009-08-08 19:23 . 2005-05-27 09:23 2180096 ----a-r- c:\windows\system32\drivers\LVSVF2.sys
2009-08-08 19:23 . 2005-05-27 09:46 913280 ----a-r- c:\windows\system32\drivers\LV302AV.SYS
2009-08-08 19:16 . 2005-07-19 15:31 53248 ----a-r- c:\windows\system32\InstMed.exe
2009-08-08 19:14 . 2005-06-08 13:12 462848 ----a-w- c:\windows\system32\LCamCpl.dll
2009-08-08 19:14 . 2005-06-08 12:31 215552 ----a-w- c:\windows\system32\Lvkrn12n.dll
2009-08-08 19:14 . 2003-03-18 19:44 49152 ----a-w- c:\windows\system32\MFC71KOR.DLL
2009-08-08 19:14 . 2003-03-18 19:44 49152 ----a-w- c:\windows\system32\MFC71JPN.DLL
2009-08-08 19:14 . 2003-03-18 19:44 57344 ----a-w- c:\windows\system32\MFC71ENU.DLL
2009-08-08 19:14 . 2003-03-18 19:44 61440 ----a-w- c:\windows\system32\MFC71ITA.DLL
2009-08-08 19:14 . 2003-03-18 19:44 61440 ----a-w- c:\windows\system32\MFC71ESP.DLL
2009-08-08 19:14 . 2003-03-18 19:44 45056 ----a-w- c:\windows\system32\MFC71CHT.DLL
2009-08-08 19:14 . 2003-03-18 19:44 40960 ----a-w- c:\windows\system32\MFC71CHS.DLL
2009-08-08 19:14 . 2003-03-18 19:44 65536 ----a-w- c:\windows\system32\MFC71DEU.DLL
2009-08-08 19:13 . 2005-06-08 12:41 466944 ----a-w- c:\windows\system32\QCUI2.dll
2009-08-08 19:13 . 2005-06-08 12:31 856064 ----a-w- c:\windows\system32\Ltwvc12n.dll
2009-08-08 19:13 . 2005-06-08 12:31 406016 ----a-w- c:\windows\system32\ltkrn12n.dll
2009-08-08 19:13 . 2005-06-08 12:31 207872 ----a-w- c:\windows\system32\ltefx12n.dll
2009-08-08 19:13 . 2005-06-08 12:31 164864 ----a-w- c:\windows\system32\ltimg12n.dll
2009-08-08 19:13 . 2005-06-08 12:31 131072 ----a-w- c:\windows\system32\ltfil12n.DLL
2009-08-08 19:13 . 2005-06-08 12:31 259072 ----a-w- c:\windows\system32\LTDIS12n.dll
2009-08-08 19:13 . 2005-06-08 12:31 141312 ----a-w- c:\windows\system32\lftif12n.dll
2009-08-08 19:13 . 2005-06-08 12:31 78336 ----a-w- c:\windows\system32\lffax12n.dll
2009-08-08 19:13 . 2005-06-08 12:31 328704 ----a-w- c:\windows\system32\LFCMP12n.DLL
2009-08-08 19:13 . 2005-06-08 12:31 30720 ----a-w- c:\windows\system32\lfbmp12n.dll
2009-08-08 19:13 . 2005-06-08 12:38 90112 ----a-w- c:\windows\system32\LQCUI2.dll
2009-08-08 19:12 . 2009-08-08 19:12 81920 ------r- c:\windows\bwUnin-6.1.4.68-8876480L.exe
2009-08-08 19:12 . 2009-08-08 19:12 -------- d-----w- C:\Program Files
2009-08-08 19:00 . 2009-07-03 16:55 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-08 19:00 . 2009-07-03 16:55 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-08-05 08:59 . 2009-08-05 08:59 205312 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-17 19:01 . 2009-07-17 19:01 58880 ------w- c:\windows\system32\dllcache\atl.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-16 09:44 . 2008-12-30 12:29 -------- d-----w- c:\programmi\PeerGuardian2
2009-08-16 09:38 . 2009-03-29 11:29 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-08-16 09:38 . 2009-02-02 09:40 -------- d-----w- c:\documents and settings\Michela Ravarelli\Dati applicazioni\uTorrent
2009-08-16 06:40 . 2008-12-07 19:19 -------- d-----w- c:\documents and settings\Michela Ravarelli\Dati applicazioni\skypePM
2009-08-15 09:40 . 2009-01-28 14:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-08-14 13:44 . 2008-09-12 06:35 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-08-14 13:43 . 2008-09-12 06:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-08-14 12:26 . 2008-09-12 08:33 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-08-11 14:36 . 2009-03-29 11:32 -------- d-----w- c:\programmi\PC Tools Firewall Plus
2009-08-11 14:28 . 2008-09-12 07:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2009-08-11 14:28 . 2008-09-12 07:01 -------- d-----w- c:\programmi\NOS
2009-08-11 07:08 . 2009-05-06 10:39 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-08-09 07:49 . 2008-09-12 08:33 -------- d-----w- c:\programmi\Java
2009-08-09 07:25 . 2008-09-12 06:27 -------- d-----w- c:\programmi\Windows Desktop Search
2009-08-08 19:28 . 2008-09-11 23:45 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2009-08-08 19:14 . 2008-11-06 13:06 -------- d-----w- c:\programmi\File comuni\Logitech
2009-08-08 19:13 . 2008-11-06 13:06 -------- d-----w- c:\programmi\Logitech
2009-08-05 08:59 . 2004-09-03 09:36 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 11:36 . 2009-05-06 10:39 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2009-05-06 10:39 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-25 03:23 . 2009-05-06 05:55 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2004-09-03 09:36 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-09-03 09:37 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 16:55 . 2004-09-03 09:36 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-30 22:08 . 2009-06-30 22:08 564224 ----a-w- c:\windows\system32\b4fm.dll
2009-06-16 14:36 . 2004-09-03 09:36 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-09-03 09:36 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 10:43 . 2004-09-03 09:36 78336 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-09-03 09:36 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:19 . 2004-09-03 09:50 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-09-03 09:36 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2004-09-03 09:36 1296384 ----a-w- c:\windows\system32\quartz.dll
2009-05-25 11:13 . 2009-05-25 11:13 108992 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-05-24 22:24 . 2008-05-26 20:18 350208 ----a-w- c:\windows\system32\mssph.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="c:\programmi\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
"SuperCopier2.exe"="c:\programmi\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"Google Update"="c:\documents and settings\Michela Ravarelli\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2009-08-14 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-01 7118848]
"00PCTFW"="c:\programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-01-10 385024]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-05-04 14396416]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-01-23 101136]
"Run StartupMonitor"="StartupMonitor.exe" - c:\windows\StartupMonitor.exe [2000-05-20 86016]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\CrossLoop\\CrossLoopConnect.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"33386:TCP"= 33386:TCP:eMule_TCP
"38360:UDP"= 38360:UDP:eMule_UDP
"1720:TCP"= 1720:TCP:utorrent
"1750:TCP"= 1750:TCP:utorrent_tcp

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [29/03/2009 13.29.55 130424]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [29/03/2009 13.30.13 159600]
R2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [16/09/2008 16.37.26 81920]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [29/03/2009 13.29.55 73840]
R3 CIR;Hid Device;c:\windows\system32\drivers\CIR.sys [01/01/1980 5120]
R3 kbd;Keyboard;c:\windows\system32\drivers\kbd.sys [01/01/1980 21504]
R3 LVHybrid;LVHybrid service;c:\windows\system32\drivers\LVHybrid.sys [22/09/2005 10.57.11 800000]
R3 Slazldrv;SmartLink AMR_PCI Driver;c:\windows\system32\drivers\SLDRV\slazldrv.sys [22/09/2005 10.57.38 226768]
S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\drivers\ONDAusbmdm6k.sys [16/09/2008 16.37.32 100480]
S3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\system32\drivers\ONDAusbnet.sys [16/09/2008 16.37.32 87552]
S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\drivers\ONDAusbser6k.sys [16/09/2008 16.37.32 100480]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [29/03/2009 13.32.25 95640]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - PGFILTER
*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-08-16 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-16 15:09]

2009-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-28124613-439726741-2325757750-1006Core.job
- c:\documents and settings\Michela Ravarelli\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-08-14 13:16]

2009-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-28124613-439726741-2325757750-1006UA.job
- c:\documents and settings\Michela Ravarelli\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-08-14 13:16]

2009-08-16 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\programmi\Spybot - Search & Destroy\SpybotSD.exe [2008-09-12 07:42]

2009-08-14 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\programmi\Spybot - Search & Destroy\SDUpdate.exe [2008-09-12 07:42]

2009-08-16 c:\windows\Tasks\User_Feed_Synchronization-{CAE53F20-15C2-4EC1-9B45-7732B51ED482}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.mininova.org/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;localhost
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-16 11:45
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\MICHEL~1\IMPOST~1\Temp\mc22.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(1832)
c:\windows\system32\WININET.dll
c:\programmi\Windows Desktop Search\deskbar.dll
c:\programmi\Windows Desktop Search\it-it\dbres.dll.mui
c:\programmi\Windows Desktop Search\dbres.dll
c:\programmi\Windows Desktop Search\wordwheel.dll
c:\programmi\Windows Desktop Search\it-it\msnlExtRes.dll.mui
c:\programmi\Windows Desktop Search\msnlExtRes.dll
c:\programmi\File comuni\Ahead\Lib\NeroSearchBar.dll
c:\programmi\File comuni\Ahead\Lib\MFC71U.DLL
c:\programmi\File comuni\Ahead\Lib\BCGCBPRO860un71.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2009-08-16 11.48.45
ComboFix-quarantined-files.txt 2009-08-16 09:48
ComboFix2.txt 2009-08-14 11:20

Pre-Run: 26.980.380.672 byte disponibili
Post-Run: 26.949.693.440 byte disponibili

241 --- E O F --- 2009-08-12 07:55
elaisa83
Utente Junior
 
Post: 53
Iscritto il: 06/05/09 10:08

Re: firefox.exe.exe ma che roba le?

Postdi elaisa83 » 18/08/09 08:28

non mi risp piu nessuno???...non riesco proprio a disinstallare fire fox !!da nessuna parte...uffa!!!
elaisa83
Utente Junior
 
Post: 53
Iscritto il: 06/05/09 10:08

Re: firefox.exe.exe ma che roba le?

Postdi Luke57 » 18/08/09 15:34

Ciao, puoi inserire anche la prima parte del log di combofix, per piacere?
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: firefox.exe.exe ma che roba le?

Postdi elaisa83 » 23/08/09 09:50

ComboFix 09-08-22.06 -i 23/08/2009 10.35.21.19.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1023.618 [GMT 2:00]
Eseguito da: c:\documents and settings\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\52737b.msp
c:\windows\Installer\52737c.msp

.
((((((((((((((((((((((((( Files Creati Da 2009-07-23 al 2009-08-23 )))))))))))))))))))))))))))))))))))
.

2009-08-22 11:24 . 2009-08-22 11:24 -------- d-----w- c:\programmi\Veoh Networks
2009-08-22 07:50 . 2009-08-22 07:50 -------- d-----w- c:\documents and settings\Michela Ravarelli\Impostazioni locali\Dati applicazioni\Cooliris
2009-08-22 07:49 . 2009-08-22 07:49 -------- d-----w- c:\documents and settings\Michela Ravarelli\Impostazioni locali\Dati applicazioni\LastPass
2009-08-22 07:47 . 2009-07-06 20:44 937984 ----a-w- c:\documents and settings\xxx\Dati applicazioni\Mozilla\Firefox\Profiles\fgvmq34c.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-08-22 07:47 . 2009-07-06 20:44 103424 ----a-w- c:\documents and settings\xxx\Dati applicazioni\Mozilla\Firefox\Profiles\fgvmq34c.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-08-22 07:47 . 2009-07-06 20:44 65536 ----a-w- c:\documents and settings\xxx\Dati applicazioni\Mozilla\Firefox\Profiles\fgvmq34c.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-08-22 07:47 . 2009-07-06 20:44 106496 ----a-w- c:\documents and settings\xxx\Dati applicazioni\Mozilla\Firefox\Profiles\fgvmq34c.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2009-08-22 07:47 . 2009-07-06 20:44 4722688 ----a-w- c:\documents and settings\xxx\Dati applicazioni\Mozilla\Firefox\Profiles\fgvmq34c.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-08-22 07:47 . 2009-07-06 20:44 344064 ----a-w- c:\documents and settings\xxx\Dati applicazioni\Mozilla\Firefox\Profiles\fgvmq34c.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-08-22 07:47 . 2009-06-09 12:18 575488 ----a-w- c:\documents and settings\xxx\Dati applicazioni\Mozilla\Firefox\Profiles\fgvmq34c.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
2009-08-18 14:43 . 2009-08-18 14:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\WebcamMax
2009-08-18 14:42 . 2009-08-18 14:43 -------- d-----w- c:\documents and settings\xxx\Dati applicazioni\Webcammax
2009-08-18 14:41 . 2008-03-11 13:14 941784 ----a-w- c:\windows\system32\drivers\CAMTHWDM.sys
2009-08-18 14:40 . 2009-08-18 14:44 -------- d-----w- c:\programmi\WebcamMax
2009-08-18 14:15 . 2009-08-18 14:15 -------- d-----w- c:\documents and settings\xxx\Dati applicazioni\EmailNotifier
2009-08-18 14:14 . 2009-08-18 14:16 -------- d-----w- c:\documents and settings\xxx\Dati applicazioni\ooVoo Details
2009-08-18 14:14 . 2009-08-18 14:14 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\EmailNotifier
2009-08-18 14:14 . 2009-08-21 14:13 -------- d-----w- c:\documents and settings\xxx\Dati applicazioni\oovootb
2009-08-18 14:14 . 2009-08-18 14:14 -------- d-----w- c:\programmi\oovootb
2009-08-18 14:13 . 2009-08-18 14:14 -------- d-----w- c:\programmi\ooVoo
2009-08-18 08:18 . 2009-08-18 08:18 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-08-18 08:10 . 2009-08-18 08:10 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Windows Search
2009-08-14 13:16 . 2009-08-14 13:16 -------- d-----w- c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\Temp
2009-08-14 06:37 . 2009-08-14 06:37 -------- d-----w- C:\Toolbar4Free Toolbar images
2009-08-12 12:47 . 2009-08-14 12:00 -------- d-----w- c:\programmi\SuperCopier2
2009-08-12 06:40 . 2009-07-10 13:26 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-11 12:07 . 2009-08-11 12:07 -------- d-----w- c:\programmi\Lavalys
2009-08-11 07:07 . 2009-08-11 07:07 3942047 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-11 06:43 . 2009-08-11 06:44 -------- d-----w- c:\documents and settings\xxx\Dati applicazioni\TeraCopy
2009-08-10 08:32 . 2009-08-18 09:44 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-10 08:32 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-10 08:32 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-10 08:32 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-10 08:32 . 2009-08-10 08:32 -------- d-----w- c:\programmi\Avira
2009-08-10 08:32 . 2009-08-10 08:32 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-08-09 07:48 . 2009-08-09 07:48 152576 ----a-w- c:\documents and settings\xxxi\Dati applicazioni\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-08 19:29 . 2009-08-21 13:15 -------- d-----w- c:\documents and settings\xxxi\Dati applicazioni\Skype
2009-08-08 19:28 . 2009-08-08 19:28 -------- d-----w- c:\programmi\File comuni\Skype
2009-08-08 19:28 . 2009-08-08 19:29 -------- d-----r- c:\programmi\Skype
2009-08-08 19:24 . 2009-08-08 19:24 -------- d-----w- c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\Logitech-LS
2009-08-08 19:23 . 2005-05-27 09:38 7136 ----a-r- c:\windows\system32\drivers\lv302af.sys
2009-08-08 19:23 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-08-08 19:23 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-08-08 19:23 . 2005-05-27 09:36 372736 ----a-r- c:\windows\system32\LVUI2RC.dll
2009-08-08 19:23 . 2005-05-27 09:31 22016 ----a-r- c:\windows\system32\drivers\LVUSBSta.sys
2009-08-08 19:23 . 2005-05-27 09:29 204800 ----a-r- c:\windows\system32\LVUI2.dll
2009-08-08 19:23 . 2005-05-27 09:19 106496 ----a-r- c:\windows\system32\lvcoinst.dll
2009-08-08 19:23 . 2005-05-27 09:26 204800 ----a-r- c:\windows\system32\lvcodec2.dll
2009-08-08 19:23 . 2005-05-27 09:23 2180096 ----a-r- c:\windows\system32\drivers\LVSVF2.sys
2009-08-08 19:23 . 2005-05-27 09:46 913280 ----a-r- c:\windows\system32\drivers\LV302AV.SYS
2009-08-08 19:16 . 2005-07-19 15:31 53248 ----a-r- c:\windows\system32\InstMed.exe
2009-08-08 19:14 . 2005-06-08 13:12 462848 ----a-w- c:\windows\system32\LCamCpl.dll
2009-08-08 19:14 . 2005-06-08 12:31 215552 ----a-w- c:\windows\system32\Lvkrn12n.dll
2009-08-08 19:14 . 2003-03-18 19:44 49152 ----a-w- c:\windows\system32\MFC71KOR.DLL
2009-08-08 19:14 . 2003-03-18 19:44 49152 ----a-w- c:\windows\system32\MFC71JPN.DLL
2009-08-08 19:14 . 2003-03-18 19:44 57344 ----a-w- c:\windows\system32\MFC71ENU.DLL
2009-08-08 19:14 . 2003-03-18 19:44 61440 ----a-w- c:\windows\system32\MFC71ITA.DLL
2009-08-08 19:14 . 2003-03-18 19:44 61440 ----a-w- c:\windows\system32\MFC71ESP.DLL
2009-08-08 19:14 . 2003-03-18 19:44 45056 ----a-w- c:\windows\system32\MFC71CHT.DLL
2009-08-08 19:14 . 2003-03-18 19:44 40960 ----a-w- c:\windows\system32\MFC71CHS.DLL
2009-08-08 19:14 . 2003-03-18 19:44 65536 ----a-w- c:\windows\system32\MFC71DEU.DLL
2009-08-08 19:13 . 2005-06-08 12:41 466944 ----a-w- c:\windows\system32\QCUI2.dll
2009-08-08 19:13 . 2005-06-08 12:31 856064 ----a-w- c:\windows\system32\Ltwvc12n.dll
2009-08-08 19:13 . 2005-06-08 12:31 406016 ----a-w- c:\windows\system32\ltkrn12n.dll
2009-08-08 19:13 . 2005-06-08 12:31 207872 ----a-w- c:\windows\system32\ltefx12n.dll
2009-08-08 19:13 . 2005-06-08 12:31 164864 ----a-w- c:\windows\system32\ltimg12n.dll
2009-08-08 19:13 . 2005-06-08 12:31 131072 ----a-w- c:\windows\system32\ltfil12n.DLL
2009-08-08 19:13 . 2005-06-08 12:31 259072 ----a-w- c:\windows\system32\LTDIS12n.dll
2009-08-08 19:13 . 2005-06-08 12:31 141312 ----a-w- c:\windows\system32\lftif12n.dll
2009-08-08 19:13 . 2005-06-08 12:31 78336 ----a-w- c:\windows\system32\lffax12n.dll
2009-08-08 19:13 . 2005-06-08 12:31 328704 ----a-w- c:\windows\system32\LFCMP12n.DLL
2009-08-08 19:13 . 2005-06-08 12:31 30720 ----a-w- c:\windows\system32\lfbmp12n.dll
2009-08-08 19:13 . 2005-06-08 12:38 90112 ----a-w- c:\windows\system32\LQCUI2.dll
2009-08-08 19:12 . 2009-08-08 19:12 81920 ------r- c:\windows\bwUnin-6.1.4.68-8876480L.exe
2009-08-08 19:12 . 2009-08-08 19:12 -------- d-----w- C:\Program Files
2009-08-08 19:00 . 2009-07-03 16:55 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-08 19:00 . 2009-07-03 16:55 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-08-05 08:59 . 2009-08-05 08:59 205312 ------w- c:\windows\system32\dllcache\mswebdvd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-23 08:33 . 2009-03-29 11:29 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-08-23 08:32 . 2008-12-30 12:29 -------- d-----w- c:\programmi\PeerGuardian2
2009-08-23 08:32 . 2009-02-02 09:40 -------- d-----w- c:\documents and settings\xxx\Dati applicazioni\uTorrent
2009-08-23 07:39 . 2009-01-28 14:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-08-22 12:59 . 2008-09-12 06:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-08-21 09:55 . 2008-12-07 19:19 -------- d-----w- c:\documents and settings\xxx\Dati applicazioni\skypePM
2009-08-21 08:27 . 2008-09-17 15:21 -------- d-----w- c:\programmi\eMule
2009-08-18 14:13 . 2008-09-12 08:33 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-08-18 08:22 . 2009-03-05 15:02 -------- d-----w- c:\programmi\CrossLoop
2009-08-14 13:44 . 2008-09-12 06:35 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-08-11 14:36 . 2009-03-29 11:32 -------- d-----w- c:\programmi\PC Tools Firewall Plus
2009-08-11 14:28 . 2008-09-12 07:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2009-08-11 14:28 . 2008-09-12 07:01 -------- d-----w- c:\programmi\NOS
2009-08-11 07:08 . 2009-05-06 10:39 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-08-09 07:49 . 2008-09-12 08:33 -------- d-----w- c:\programmi\Java
2009-08-09 07:25 . 2008-09-12 06:27 -------- d-----w- c:\programmi\Windows Desktop Search
2009-08-08 19:28 . 2008-09-11 23:45 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2009-08-08 19:14 . 2008-11-06 13:06 -------- d-----w- c:\programmi\File comuni\Logitech
2009-08-08 19:13 . 2008-11-06 13:06 -------- d-----w- c:\programmi\Logitech
2009-08-05 08:59 . 2004-09-03 09:36 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 11:36 . 2009-05-06 10:39 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2009-05-06 10:39 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-25 03:23 . 2009-05-06 05:55 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2004-09-03 09:36 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-09-03 09:37 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 16:55 . 2004-09-03 09:36 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-30 22:08 . 2009-06-30 22:08 564224 ----a-w- c:\windows\system32\b4fm.dll
2009-06-16 14:36 . 2004-09-03 09:36 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-09-03 09:36 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 10:43 . 2004-09-03 09:36 78336 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-09-03 09:36 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 12:39 . 2009-06-10 12:39 554456 ----a-w- c:\documents and settings\Michela Ravarelli\Dati applicazioni\oovootb\oovootb.dll
2009-06-10 07:19 . 2004-09-03 09:50 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-09-03 09:36 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2004-09-03 09:36 1296384 ----a-w- c:\windows\system32\quartz.dll
2009-05-25 11:13 . 2009-05-25 11:13 108992 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A1FB2F9A-D35E-11DD-8935-E46A56D89593}]
2009-05-08 19:00 86016 ----a-w- c:\programmi\oovootb\oovoodx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A1FB2F9A-D35E-11DD-8935-E46A56D89593}"= "c:\programmi\oovootb\oovoodx.dll" [2009-05-08 86016]

[HKEY_CLASSES_ROOT\clsid\{a1fb2f9a-d35e-11dd-8935-e46a56d89593}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="c:\programmi\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
"SuperCopier2.exe"="c:\programmi\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"Google Update"="c:\documents and settings\Michela Ravarelli\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2009-08-14 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-01 7118848]
"00PCTFW"="c:\programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-01-10 385024]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-05-04 14396416]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-01-23 101136]
"Run StartupMonitor"="StartupMonitor.exe" - c:\windows\StartupMonitor.exe [2000-05-20 86016]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"33386:TCP"= 33386:TCP:eMule_TCP
"38360:UDP"= 38360:UDP:eMule_UDP
"1720:TCP"= 1720:TCP:utorrent
"1750:TCP"= 1750:TCP:utorrent_tcp
"443:TCP"= 443:TCP:Porta TCP ooVoo 443
"443:UDP"= 443:UDP:Porta UDP ooVoo 443
"37674:TCP"= 37674:TCP:Porta TCP ooVoo 37674
"37674:UDP"= 37674:UDP:Porta UDP ooVoo 37674
"37675:UDP"= 37675:UDP:Porta UDP ooVoo 37675

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [29/03/2009 13.29.55 130424]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [29/03/2009 13.30.13 159600]
R2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [16/09/2008 16.37.26 81920]
R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [18/08/2009 16.41.02 941784]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [29/03/2009 13.29.55 73840]
R3 CIR;Hid Device;c:\windows\system32\drivers\CIR.sys [01/01/1980 5120]
R3 kbd;Keyboard;c:\windows\system32\drivers\kbd.sys [01/01/1980 21504]
R3 LVHybrid;LVHybrid service;c:\windows\system32\drivers\LVHybrid.sys [22/09/2005 10.57.11 800000]
R3 Slazldrv;SmartLink AMR_PCI Driver;c:\windows\system32\drivers\SLDRV\slazldrv.sys [22/09/2005 10.57.38 226768]
S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\drivers\ONDAusbmdm6k.sys [16/09/2008 16.37.32 100480]
S3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\system32\drivers\ONDAusbnet.sys [16/09/2008 16.37.32 87552]
S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\drivers\ONDAusbser6k.sys [16/09/2008 16.37.32 100480]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [29/03/2009 13.32.25 95640]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-08-23 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-16 15:09]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.mininova.org/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;localhost
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\documents and settings\Michela Ravarelli\Dati applicazioni\Mozilla\Firefox\Profiles\fgvmq34c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.mystart.com?pr=oovoo2_0
FF - prefs.js: keyword.URL - hxxp://urlseek40.vmn.net/search.php?lg= ... oo2_0dn&q=
FF - component: c:\documents and settings\Michela Ravarelli\Dati applicazioni\Mozilla\Firefox\Profiles\fgvmq34c.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\documents and settings\Michela Ravarelli\Dati applicazioni\Mozilla\Firefox\Profiles\fgvmq34c.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
FF - component: c:\programmi\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Michela Ravarelli\Dati applicazioni\Mozilla\Firefox\Profiles\fgvmq34c.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\Michela Ravarelli\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\programmi\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\programmi\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-23 10:40
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\MICHEL~1\IMPOST~1\Temp\mc22.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Ora fine scansione: 2009-08-23 10.43.13
ComboFix-quarantined-files.txt 2009-08-23 08:42
ComboFix2.txt 2009-08-19 05:39

Pre-Run: 20.188.053.504 byte disponibili
Post-Run: 20.135.587.840 byte disponibili

309 --- E O F --- 2009-08-12 07:55
elaisa83
Utente Junior
 
Post: 53
Iscritto il: 06/05/09 10:08

Re: firefox.exe.exe ma che roba le?

Postdi Luke57 » 24/08/09 17:40

Ciao, nel report non trovo minacce, hai sempre problemi?
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: firefox.exe.exe ma che roba le?

Postdi elaisa83 » 28/08/09 10:53

un po in ritardo...no grazie mille per la disponibilità!non so bene come ma ho sistemato tutto...eheheh piu o meno
elaisa83
Utente Junior
 
Post: 53
Iscritto il: 06/05/09 10:08


Torna a Sicurezza e Privacy


Topic correlati a "firefox.exe.exe ma che roba le?":

Firefox 115.6.0esr
Autore: ophiucus
Forum: Software Windows
Risposte: 0

Chi c’è in linea

Visitano il forum: Nessuno e 74 ospiti