Utility
Home Messaggi odierni FAQ Ricerca avanzata Lo staff del forum Regolamento Utenti Archivio
Visualizzazione dei risultati da 1 a 2 su 2

Discussione: navigazione bloccata

  1. 07-04-2010, 16:21 #1
    fuel666
    fuel666 non è in linea
    Utente di HTML.it
    Registrato dal
    Jan 2008
    Messaggi
    9

    navigazione bloccata

    Buona sera,
    ho un problema su di un Pc win xp sp3 aggiornato. dopo un po' di utilizzo in navigazione sia IE sia firefox non aprono piu' nessuna pagine.
    AV NOD32 V.4.0 non ha rilevato nulla così come Malwarebites.
    Ho fatto girare combofix e il log è questo. Mi potete dare un consiglio. Grazie

    ComboFix 10-04-06.03 - xxxx 07/04/2010 14.08.00.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.958.490 [GMT 2:00]
    Eseguito da: c:\documents and settings\xxxx\Desktop\ComboFix.exe
    AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}


    c:\documents and settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.da t
    c:\documents and settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.da t
    c:\windows\regsvr32.exe
    c:\windows\TEMP\logishrd\LVPrcInj01.dll

    ----- BITS: Possibili siti infetti -----

    hxxp://wsus.tollegno1900.it
    .

    2010-04-07 11:53 . 2010-04-07 11:53 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Mozilla
    2010-04-07 10:16 . 2010-04-07 10:16 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
    2010-04-07 10:15 . 2010-04-07 10:15 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
    2010-04-07 09:46 . 2010-04-07 09:46 5918776 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2010-04-07 09:44 . 2010-04-07 09:44 -------- d-----w- c:\documents and settings\sbernardi\Dati applicazioni\Malwarebytes
    2010-04-07 09:44 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-07 09:44 . 2010-04-07 09:44 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
    2010-04-07 09:44 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-07 09:44 . 2010-04-07 09:46 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
    2010-04-02 10:21 . 2010-04-02 10:21 0 ----a-w- c:\windows\nsreg.dat
    2010-04-02 10:21 . 2010-04-02 10:21 -------- d-----w- c:\documents and settings\sbernardi\Impostazioni locali\Dati applicazioni\Mozilla
    2010-04-02 10:19 . 2010-04-02 10:18 8172216 ----a-w- C:\Firefox Setup 3.6.3.exe
    2010-04-01 17:06 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
    2010-04-01 17:05 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
    .
    2010-04-07 12:14 . 2007-10-19 07:22 -------- d-----w- c:\documents and settings\sbernardi\Dati applicazioni\Skype
    2010-04-07 12:12 . 2009-04-07 07:52 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
    2010-04-07 12:12 . 2009-04-07 07:52 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
    2010-04-07 06:01 . 2008-09-05 06:49 -------- d-----w- c:\documents and settings\sbernardi\Dati applicazioni\skypePM
    2010-03-30 06:09 . 2009-11-11 07:07 79488 ----a-w- c:\documents and settings\sbernardi\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
    2010-03-29 06:03 . 2004-08-19 12:00 383856 ----a-w- c:\windows\system32\perfh010.dat
    2010-03-29 06:03 . 2004-08-19 12:00 63936 ----a-w- c:\windows\system32\perfc010.dat
    2010-02-25 06:16 . 2006-03-04 03:34 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-24 08:16 . 2009-10-13 06:13 181632 ------w- c:\windows\system32\MpSigStub.exe
    .

    ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* i valori vuoti & legittimi/default non sono visualizzati.
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "Skype"="c:\programmi\Skype\Phone\Skype.exe" [2008-08-12 21741864]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-07-27 282624]
    "Client Access Service"="c:\programmi\IBM\Client Access\cwbsvstr.exe" [2007-03-05 20531]
    "Windows Defender"="c:\programmi\Windows Defender\MSASCui.exe" [2006-11-03 866584]
    "QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2007-11-05 286720]
    "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-09-03 536576]
    "LogitechCommunicationsManager"="c:\programmi\ File comuni\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
    "LogitechQuickCamRibbon"="c:\programmi\Logitech\Qu ickCam\Quickcam.exe" [2008-02-13 2196240]
    "SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\j usched.exe" [2009-03-09 148888]
    "egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-03 7630848]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2006-10-03 12:07 7630848 ----a-w- c:\windows\system32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2006-10-03 12:07 86016 ----a-w- c:\windows\system32\nvmctray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2006-10-03 12:07 1617920 ----a-w- c:\windows\system32\nwiz.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16/11/2009 10.03.36 108792]
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfw tdir.sys [24/10/2008 20.53.28 96408]
    R2 ekrn;ESET Service;c:\programmi\Eset\ESET NOD32 Antivirus\ekrn.exe [16/11/2009 10.04.30 735960]
    R2 MSSQL$PORINI_SQL;MSSQL$PORINI_SQL;c:\programmi\Mic rosoft SQL Server\MSSQL$PORINI_SQL\Binn\sqlservr.exe -sPORINI_SQL --> c:\programmi\Microsoft SQL Server\MSSQL$PORINI_SQL\Binn\sqlservr.exe -sPORINI_SQL [?]
    R2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 19.19.58 13592]
    S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPO RT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
    S3 SQLAgent$PORINI_SQL;SQLAgent$PORINI_SQL;c:\program mi\Microsoft SQL Server\MSSQL$PORINI_SQL\Binn\sqlagent.EXE -i PORINI_SQL --> c:\programmi\Microsoft SQL Server\MSSQL$PORINI_SQL\Binn\sqlagent.EXE -i PORINI_SQL [?]
    .
    Contenuto della cartella 'Scheduled Tasks'

    2010-04-07 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
    .
    .
    ------- Scansione supplementare -------
    .
    uStart Page = about:blank
    IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    TCP: {9A38AF8F-E55C-40BA-A435-5D8DB23C8453} = 192.168.1.19,192.168.1.15
    FF - ProfilePath - c:\documents and settings\sbernardi\Dati applicazioni\Mozilla\Firefox\Profiles\pn1l2e9n.def ault\
    FF - prefs.js: network.proxy.type - 4

    ---- FIREFOX POLICIES ----
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabl ed", true);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_every where__temporarily_available_pref", true);
    c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_bro ken", false);
    c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .
    - - - - CHIAVI ORFANE RIMOSSE - - - -

    MSConfigStartUp-Adobe Reader Speed Launcher - c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe



    ************************************************** ************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-07 14:13
    Windows 5.1.2600 Service Pack 3 NTFS

    scansione processi nascosti ...

    scansione entrate autostart nascoste ...

    Scansione files nascosti ...

    Scansione completata con successo
    Files nascosti: 0

    ************************************************** ************************
    .
    --------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\Ĝ•€|˙˙˙˙•€|ù•9~*]
    "0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\s ystem32\\FM20ENU.DLL"
    .
    --------------------- Dlls caricate dai processi in esecuzione ---------------------

    - - - - - - - > 'explorer.exe'(6748)
    c:\windows\system32\WININET.dll
    c:\windows\TEMP\logishrd\LVPrcInj01.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Altri processi in esecuzione ------------------------
    .
    c:\programmi\Java\jre6\bin\jqs.exe
    c:\programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
    c:\programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
    c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\programmi\Microsoft SQL Server\MSSQL$PORINI_SQL\Binn\sqlservr.exe
    c:\windows\system32\nvsvc32.exe
    c:\programmi\UltraVNC\WinVNC.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    c:\programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
    c:\windows\stsystra.exe
    c:\programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
    c:\programmi\Skype\Plugin Manager\skypePM.exe

    Ora fine scansione: 2010-04-07 14:17:23 - Il pc è stato riavviato
    ComboFix-quarantined-files.txt 2010-04-07 12:17

    -
    Rispondi quotando Rispondi quotando
  2. 09-04-2010, 22:14 #2
    Nobody33
    Nobody33 non è in linea
    Utente di HTML.it
    Registrato dal
    Jan 2010
    residenza
    Pianeta Terra
    Messaggi
    1,614
    ...consigli?

    ...di che genere?

    Penso che già hai risolto no?

    fa sapere

    saluti
    Per una bella risata vai QUI
    Rispondi quotando Rispondi quotando
« Discussione precedente | Prossima discussione »

Permessi di invio

  • Non puoi inserire discussioni
  • Non puoi inserire repliche
  • Non puoi inserire allegati
  • Non puoi modificare i tuoi messaggi
  •  

Regole del Forum

Powered by vBulletin® Version 4.2.1
Copyright © 2025 vBulletin Solutions, Inc. All rights reserved.