Virus sui Font

**MVG** · 13-09-2011, 14:47

Salve a tutti
ho avuto un problema con un virus che mi aveva cambiato tutti i font di windows 7 e di firefox. Leggendo qua e là, ho rincollato tutti i Font nella cartella di W7, e il problema si è risolto, mentre riguardo a firefox, ho preferito disinstallare e rininstallare, solo che i font continuano ad essere incomprensibili.Così ho scaricato anti malware, spybot, spydyg, spywareterminator...ma nulla, non riescono a risolvere il problema. Ho effettuato la scansione del pc sia con avast che con comodo, ma sempre un buco nell'acqua. Cosi mi sono detto "famo come fanno tutti" e allora vi incollo il mio log di HijackThis:
Premetto che uso Windows 7 2GB di ram, e scheda video invidia, e scheda wifi, il resto lo capirete dal log: Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:10:27, on 13/09/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {963B125B-8B21-49A2-A3A8-E37092276531} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SpywareTerminatorShield] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
O4 - HKLM\..\Run: [SpywareTerminatorUpdater] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
O4 - HKLM\..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [spydig.exe] C:\Program Files\SpyDig\spydig.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F8435C0-630B-4885-A28D-D809D55F2FC4}: NameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{9F8435C0-630B-4885-A28D-D809D55F2FC4}: NameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{9F8435C0-630B-4885-A28D-D809D55F2FC4}: NameServer = 192.168.1.254
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: COMODO System - Cleaner Service (Cleaner_Validator) - Unknown owner - C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe
O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Comodo Online Storage Service (COSService.exe) - Unknown owner - C:\Program Files\COMODO\COMODO BackUp\COSService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files\Spyware Terminator\st_rsser.exe
O23 - Service: Comodo BackUp Service (SynchronizationService.exe) - Unknown owner - C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\Windows\System32\ZoneLabs\vsmon.exe (file missing)

--
End of file - 6709 bytes

Altro problema molto serio (oltre ai font di firefox) è che non riesco più ad installare o disinstallare alcun tipo di software...e vi assicuro che è un bel casino!!!
Grazie in anticipo

**menatwork** · 13-09-2011, 16:08

prova a scaricare questo software e mettilo sul desktop, non ha bisogno di installazione, poi ti dico come proseguire

**MVG** · 13-09-2011, 16:38

fatto

**MVG** · 13-09-2011, 16:45

senti ti do anche il log che ho fatto adesso, quello prima era in modalità provvisoria (mi sono accorto che mentre ero in modalità provvisoria firefox presentava caratteri leggibili, però non riuscivo a disinstallare alcun software)

gfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:14:51, on 13/09/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spyware Terminator\st_rsser.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {963B125B-8B21-49A2-A3A8-E37092276531} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SpywareTerminatorShield] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
O4 - HKLM\..\Run: [SpywareTerminatorUpdater] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
O4 - HKLM\..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [spydig.exe] C:\Program Files\SpyDig\spydig.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F8435C0-630B-4885-A28D-D809D55F2FC4}: NameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{9F8435C0-630B-4885-A28D-D809D55F2FC4}: NameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{9F8435C0-630B-4885-A28D-D809D55F2FC4}: NameServer = 192.168.1.254
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: COMODO System - Cleaner Service (Cleaner_Validator) - Unknown owner - C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe
O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Comodo Online Storage Service (COSService.exe) - Unknown owner - C:\Program Files\COMODO\COMODO BackUp\COSService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files\Spyware Terminator\st_rsser.exe
O23 - Service: Comodo BackUp Service (SynchronizationService.exe) - Unknown owner - C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\Windows\System32\ZoneLabs\vsmon.exe (file missing)

--
End of file - 7078 bytes

cobofix...credo che dovrò rinominarlo in abc?dimmi che devo fare...ti aspetto...non vojo creà casini...

**menatwork** · 13-09-2011, 16:56

il log di hijackthis l'ho visto ora devi procedere con la scansione di combofix, ci sono alcune cose da eliminare e potrebbe esserci qualcosa che hjt non rileva

ora procedi in questo modo

esegui ComboFix.exe

alla richiesta se vuoi installare la recovery console clicca su NO

segui le instruzioni

finita la scansione portati in C:\ e allega nella tua prossima risposta, il contenuto del file di testo Combofix.txt

come usare correttamente combofix

**MVG** · 13-09-2011, 18:10

A rieccome, scusa se ci ho messo tempo: in modalità normale Combofix non partiva, così son dovuto entrare in quella provvisoria, prima è entrato in conflitto con Spybot (preso e schiaffato nel cestino (visto che non posso disinstallare) e poi con il suo servizio Real time...che non sono riuscito a trovare tra i servizi) poi è entrato in conflitto con Avast e Comodo (anche se ero in modalità provvisoria) ho trovato il servizio di comodo che era attivo e l'ho arrestato, mentre avast era già spento...boh...chissà, cmq alla fine Combofix ha partorito sto report:
che ti allego, ma non posso perchè in txt

**MVG** · 13-09-2011, 18:11

ComboFix 11-09-13.02 - BOB 13/09/2011 17:40:37.1.4 - x86 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.41.1040.18.2047.1558 [GMT 2:00]
Eseguito da: c:\users\BOB\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: COMODO Antivirus *Enabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
c:\users\BOB\Documents\22.xml
c:\windows\system32\02cdd5d8.dll
c:\windows\system32\4742cf53.dll
c:\windows\system32\4efb7ec4.dll
c:\windows\system32\lvci1201278.dll
c:\windows\system32\nvdispco3220140.dll
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RKHIT
-------\Service_RkHit
.
.
((((((((((((((((((((((((( Files Creati Da 2011-08-13 al 2011-09-13 )))))))))))))))))))))))))))))))))))
.
.
2011-09-13 12:14 . 2011-06-21 04:09 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-09-13 06:58 . 2011-09-13 06:58 388096 ----a-r- c:\users\BOB\AppData\Roaming\Microsoft\Installer\{ 45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-13 06:58 . 2011-09-13 06:58 -------- d-----w- c:\program files\Trend Micro
2011-09-12 17:21 . 2011-09-12 17:21 -------- d-----w- c:\users\BOB\AppData\Roaming\Malwarebytes
2011-09-12 17:21 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-12 17:21 . 2011-09-12 17:21 -------- d-----w- c:\programdata\Malwarebytes
2011-09-12 17:21 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-12 17:21 . 2011-09-12 17:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-12 12:42 . 2011-09-12 14:46 -------- d-----w- c:\program files\SpyDig
2011-09-11 22:40 . 2011-09-11 22:40 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2011-09-11 22:40 . 2011-09-11 22:40 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2011-09-11 22:29 . 2011-09-11 22:29 -------- dc-h--w- c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-09-10 15:50 . 2011-09-13 15:25 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2011-09-10 14:03 . 2011-08-16 06:48 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DCD40044-14BF-4C90-A480-B60D5E139BB7}\mpengine.dll
2011-09-10 13:53 . 2011-07-22 02:44 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-10 13:53 . 2011-07-22 03:00 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-09-10 13:53 . 2011-07-22 02:46 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2011-09-10 13:52 . 2011-07-22 02:54 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-09-10 13:52 . 2011-07-22 02:48 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-10 13:37 . 2011-07-09 04:30 2048 ----a-w- c:\windows\system32\tzres.dll
2011-09-10 13:36 . 2011-06-15 09:04 81920 ----a-w- c:\windows\system32\odbccr32.dll
2011-09-10 13:36 . 2011-06-15 09:04 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2011-09-10 13:36 . 2011-06-15 09:04 122880 ----a-w- c:\windows\system32\odbccp32.dll
2011-09-10 13:36 . 2011-06-15 09:04 86016 ----a-w- c:\windows\system32\odbccu32.dll
2011-09-10 13:36 . 2011-06-15 09:04 163840 ----a-w- c:\windows\system32\odbctrac.dll
2011-09-10 13:36 . 2011-06-15 09:04 94208 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll
2011-09-10 13:36 . 2010-12-18 05:31 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-09-10 13:36 . 2011-06-11 02:37 2332672 ----a-w- c:\windows\system32\win32k.sys
2011-09-10 13:36 . 2011-04-27 02:33 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-09-10 13:30 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-09-10 12:03 . 2011-09-10 12:03 -------- d--h--w- c:\programdata\Common Files
2011-09-10 12:03 . 2011-09-10 12:03 -------- d-----w- c:\program files\AVG
2011-09-10 12:01 . 2011-09-10 12:03 -------- d-----w- c:\programdata\MFAData
2011-09-10 11:02 . 2011-09-10 15:34 -------- d-----w- c:\programdata\Comodo Downloader
2011-09-08 15:40 . 2011-09-08 15:40 -------- d-----w- c:\program files\Frogwares
2011-09-08 13:59 . 2011-09-08 13:59 -------- d-----w- c:\program files\Microsoft
2011-09-08 13:58 . 2011-09-08 13:58 -------- d-----w- c:\program files\Windows Live SkyDrive
2011-09-08 13:29 . 2011-09-08 13:29 -------- d-----w- c:\users\BOB\AppData\Roaming\QuickScan
2011-09-08 09:31 . 2011-09-08 15:40 -------- d-----w- c:\program files\FontFrenzy
2011-09-08 09:20 . 2011-06-21 09:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-09-08 09:20 . 2011-09-13 14:10 -------- d-----w- c:\programdata\Spyware Terminator
2011-09-08 09:20 . 2011-09-08 09:20 -------- d-----w- c:\users\BOB\AppData\Roaming\Spyware Terminator
2011-09-08 09:19 . 2011-09-08 09:21 -------- d-----w- c:\program files\Spyware Terminator
2011-09-06 14:36 . 2011-09-12 15:39 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-09-03 13:25 . 2011-09-03 13:25 -------- d-----w- c:\users\BOB\AppData\Local\Windows Live Writer
2011-09-03 13:25 . 2011-09-03 13:25 -------- d-----w- c:\users\BOB\AppData\Roaming\Windows Live Writer
2011-09-01 14:50 . 2011-09-08 10:15 -------- d-----w- c:\program files\Heroes of Newerth
2011-08-31 17:53 . 2008-10-15 04:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2011-08-31 17:53 . 2008-10-15 04:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2011-08-31 17:53 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2011-08-31 17:51 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-08-31 17:51 . 2007-04-04 16:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2011-08-31 17:49 . 2011-08-31 17:49 -------- d-----w- c:\windows\system32\xlive
2011-08-31 17:48 . 2011-08-31 17:49 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2011-08-28 17:04 . 2011-08-28 17:04 -------- d-----w- C:\found.001
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2011-09-06 20:45 . 2011-02-05 16:24 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:45 . 2011-02-05 13:16 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:38 . 2011-03-25 08:16 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2011-02-05 16:24 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2011-02-05 16:24 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2011-02-05 16:24 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2011-02-05 16:24 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-06 20:36 . 2011-02-05 16:24 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-19 15:14 . 2011-06-03 07:58 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-19 03:05 . 2010-08-10 08:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-30 07:38 . 2011-06-30 07:38 82400 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-06-30 07:38 . 2011-06-30 07:38 37592 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-06-30 07:38 . 2011-06-30 07:38 238960 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-06-30 07:38 . 2011-06-30 07:38 19088 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-06-30 07:37 . 2011-06-30 07:37 285256 ----a-w- c:\windows\system32\guard32.dll
2011-09-03 06:31 . 2011-09-10 11:55 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.

**MVG** · 13-09-2011, 18:12

.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\00 avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\CO SDriveOverlayIcon]
@="{5FDACB62-6B7B-4116-9403-C5E0D3852A57}"
[HKEY_CLASSES_ROOT\CLSID\{5FDACB62-6B7B-4116-9403-C5E0D3852A57}]
2011-06-02 08:04 626480 ----a-w- c:\program files\COMODO\COMODO BackUp\ShellExtension_3.0.171317.133.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2011-05-26 800768]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SpywareTerminatorShield"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2011-09-02 2775728]
"SpywareTerminatorUpdater"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-09-02 3608240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-05-26 208184]
"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-05-26 182584]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-06-30 2554696]
"spydig.exe"="c:\program files\SpyDig\spydig.exe" [2011-08-23 2004480]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\RkHit.sys]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^ExifLauncher2.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ExifLauncher2.lnk
backup=c:\windows\pss\ExifLauncher2.lnk.CommonStar tup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 02:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.e xe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 03:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.ex e
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bonus.SSR.FR10]
2010-01-22 19:55 941320 ----a-w- c:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-08-14 23:54 136176 ----atw- c:\users\BOB\AppData\Local\Google\Update\GoogleUpd ate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2007-03-20 12:36 36864 ----a-w- c:\windows\RaidTool\xInsIDE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2009-04-30 12:39 5472016 ----a-w- c:\program files\Logitech\Logitech Vid\Vid.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-05-08 08:35 2780432 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Packard Bell Software Suite]
2008-09-04 13:11 1938240 ----a-w- c:\program files\Packard Bell\Packard Bell Software Suite\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2010-04-12 08:40 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-10-19 18:16 286720 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 11:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 08:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"Google Update"="c:\users\BOB\AppData\Local\Google\Update\ GoogleUpdate.exe" /c
"AdobeBridge"=
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe"
"CPU Power Monitor"="c:\program files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe"
.
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x]
R3 ATP;Comodo EasyVPN Miniport Driver;c:\windows\system32\DRIVERS\cmdatp.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\dr ivers\mbamswissarmy.sys [2011-07-06 41272]
R3 reparse;reparse;c:\windows\system32\DRIVERS\cbrepa rse.sys [2011-06-02 429480]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.e xe [2010-08-10 1343400]
R4 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkL icenseServer.exe [2009-12-22 814344]
R4 ABBYY.Licensing.PDFTransformer.Classic.3.0;ABBYY PDF Transformer 3.0 - Servizio Gestione licenze;c:\program files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [2009-05-14 759048]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R4 ipxwan32;IPXWAN;c:\windows\system32\rundll32.exe ipxwan32.dll,udyq [x]
R4 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-08-11 1352832]
R4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-07 378472]
R4 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 bdisk;COMODO Disk Raw Access Filter;c:\windows\system32\drivers\bdisk.sys [2011-06-02 75160]
S0 CBUfs;CBUfs;c:\windows\system32\drivers\CBUFS.sys [2011-06-02 125624]
S0 cbvd;Comodo Encrypted Virtual Disk;c:\windows\system32\DRIVERS\cbvd.sys [2011-06-02 430528]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-11 64288]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys [2010-12-09 64608]
S1 CFRPD;CFRPD;c:\windows\system32\DRIVERS\CFRPD.sys [2010-12-09 33744]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2011-06-30 19088]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-06-30 238960]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-06-30 37592]
S1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [2011-06-21 32768]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\as wMonFlt.sys [2011-09-06 54616]
S2 Cleaner_Validator;COMODO System - Cleaner Service;c:\program files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe [2010-12-09 305600]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-05-26 154424]
S2 COSService.exe;Comodo Online Storage Service;c:\program files\COMODO\COMODO BackUp\COSService.exe [2011-06-02 579888]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz13 5_x32.sys [2011-01-19 22504]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files\Spyware Terminator\st_rsser.exe [2011-09-02 573104]
S2 SynchronizationService.exe;Comodo BackUp Service;c:\program files\COMODO\COMODO BackUp\SynchronizationService.exe [2011-06-02 1359664]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [2009-10-13 49152]
S3 vdbus;Virtual Disk Bus Enumerator;c:\windows\system32\DRIVERS\vdbus.sys [2010-12-02 569296]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-04-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 17:13]
.
2011-09-13 c:\windows\Tasks\COMODO Updater.job
- c:\program files\COMODO\COMODO System-Cleaner\Updater.exe [2010-12-09 12:08]
.
2011-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3132438333-420230150-2230992517-1001Core.job
- c:\users\BOB\AppData\Local\Google\Update\GoogleUpd ate.exe [2010-08-14 23:54]
.
2011-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3132438333-420230150-2230992517-1001UA.job
- c:\users\BOB\AppData\Local\Google\Update\GoogleUpd ate.exe [2010-08-14 23:54]
.
2011-09-12 c:\windows\Tasks\NeroLiveEpgUpdate-HAL9000_BOB.job
- c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-29 13:09]
.
2011-09-11 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-09-11 09:48]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: Interfaces\{9F8435C0-630B-4885-A28D-D809D55F2FC4}: NameServer = 192.168.1.254
FF - ProfilePath - c:\users\BOB\AppData\Roaming\Mozilla\Firefox\Profi les\hdaigi02.default\
.
.
------- Associazioni dei file -------
.
.scr=AutoCADScriptFile
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
BHO-{963B125B-8B21-49A2-A3A8-E37092276531} - (no file)
HKCU-Run-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
SafeBoot-klmdb.sys
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-Freecorder FLV Service - c:\program files\Freecorder\FLVSrvc.exe
.
.
.

**MVG** · 13-09-2011, 18:13

--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'lsass.exe'(852)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'Explorer.exe'(3760)
c:\windows\system32\guard32.dll
c:\program files\COMODO\COMODO BackUp\ShellExtension_3.0.171317.133.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\authui.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\locator.exe
c:\windows\system32\conhost.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
Ora fine scansione: 2011-09-13 18:02:53 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-09-13 16:02
.
Pre-Run: 157.475.221.504 byte disponibili
Post-Run: 157.338.419.200 byte disponibili
.
- - End Of File - - 4635904C3F6171C44C3814C1A5FDE679

**menatwork** · 13-09-2011, 19:30

avast! Antivirus

COMODO Antivirus

AVG

vuoi bloccare il sistema? quale lasci?

spybot lo vuoi togliere(sembra)

Discussione: Virus sui Font

Strumenti discussione

Ricerca discussione

Visualizza

Virus sui Font

Permessi di invio