Aiuto PC


Virus Polizia Penitenziaria,Polizia di Stato,Carabinieri (RISOLTO)

« Older   Newer »
 
  Share  
.
  1. Judgement1991
    Posted on 30/6/2013, 21:38 by: Judgement1991
     
    .

    Aiutante

    Group
    Member
    Posts
    518

    Status
    Offline
    Ho preso il virus della polizia di stato e non mi faceva riavviare il computer nemmeno in modalità provvisoria ma solo in modalità provvisoria con Prompt dei comandi e facendo in quel modo sono entrato nel registro di sistema e per sbaglio ho cancellato il file explorer.exe quello che fa visualizzare il dekstop ma non ho eliminato il virus ed ora il computer quando lo avvio mi fa vedere una schermata nera e non posso fare nulla così avevo pensato di reinsttallare Windows 7 Professional scaricandolo da questo sito www.pedropuggioni.it/blog/35-blog/1...te-e-legalmente il poblema è che chiede la Product Key che ho nel computer che non ricordo e che non ho memorizzato da nesuna parte, il computer era passato da Vista a 7 è possibile usare la product key di Vista? Ho bisogno urgente di aiuto da un esperto perchè prima di portarlo a riparare vorei provare da solo anche se sicuramente mi sconsiglierete di farlo vi chiedo un aiuto.

    Se potete indicatemi una guida per ripristinare explorer.exe, una per togliere il virus dela polizia di stato e una per reinstalare da capo Windows 7 so che chiedo molto ma mi fareste veramente un piacere grazie.
    Credo che il mio babbo voglia portare il computer a riparare e a farlo formatare per fargli reinstallare da capo windows 7 credo domattina mi potete aiutare presto così non rischio di perdere i dati che alcuni sono importanti.

    Ti metto il log della mia scansione.

    SPOILER (clicca per visualizzare)
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-06-2013 01
    Ran by SYSTEM on 30-06-2013 22:28:08
    Running from G:\
    WIN_7 (X86) OS Language: Italian Standard
    Boot Mode: Recovery

    The current controlset is ControlSet001
    ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Winlogon: [Userinit] [x]
    HKLM\...\Winlogon: [Shell] [x ] () <=== ATTENTION
    HKU\seven\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [26624 2010-11-20] (Microsoft Corporation)
    HKU\seven\...\Winlogon: [Shell] explorer.exe,C:\Users\seven\AppData\Roaming\skype.dat <==== ATTENTION
    Startup: C:\Users\seven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
    ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    BootExecute: autocheck autochk * bootroboscan.exe

    ========================== Services (Whitelisted) =================

    S2 Adobe Version Cue CS2; c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-04] (Adobe Systems Incorporated)
    S4 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [397176 2012-08-21] (BlueStack Systems, Inc.)
    S4 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [384888 2012-08-21] (BlueStack Systems, Inc.)
    S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)
    S2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2012-10-30] (Nitro PDF Software)
    S2 Roboscan_RTSrv; C:\Program Files\Roboscan\Roboscan\RSRTSrv.rse [355688 2012-03-29] (Roboscan Inc)
    S2 Roboscan_UpdSrv; C:\Program Files\Roboscan\Roboscan\RSUpdSrv.rse [606056 2012-03-29] (Roboscan Inc)
    S4 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [85776 2012-08-25] (SANDBOXIE L.T.D)
    S3 WefiEngSvc; C:\Program Files\WeFi\WefiEngSvc.exe [120152 2010-11-03] (WeFi)
    S3 rpcapd; "%­ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%­ProgramFiles%\WinPcap\rpcapd.ini" [x]

    ==================== Drivers (Whitelisted) ====================

    S2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [66424 2012-08-21] (BlueStack Systems)
    S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
    S3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-31] (ATK0100)
    S2 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
    S3 RoboFww; c:\program files\roboscan\roboscan\plugin\realtime\RoboFww.sys [32064 2012-03-29] (Roboscan Inc)
    S3 RoboRtwIFDrv; c:\program files\roboscan\roboscan\plugin\realtime\RoboRtw.sys [100160 2012-03-29] (Roboscan Inc)
    S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [157776 2012-08-25] (SANDBOXIE L.T.D)
    S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [x]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2013-06-30 22:27 - 2013-06-30 22:27 - 00000000 ____D C:\FRST
    2013-06-27 16:33 - 2013-06-27 16:33 - 00000000 __SHD C:\found.000
    2013-06-27 15:42 - 2013-06-27 15:42 - 147062908 ____A C:\Windows\MEMORY.DMP
    2013-06-26 22:28 - 2013-06-26 22:28 - 00000000 ____A C:\asdsetup.exe
    2013-06-26 22:18 - 2013-06-26 22:19 - 00000000 ___AD C:\.Trash-0
    2013-06-26 21:51 - 2013-06-26 21:52 - 00000004 ____A C:\Users\seven\AppData\Roaming\skype.ini
    2013-06-26 20:54 - 2013-06-26 22:01 - 00000000 ____D C:\Windows\pss
    2013-06-26 20:05 - 2013-06-26 20:05 - 43253760 ____A C:\Windows\System32\config\software.bhv
    2013-06-26 20:05 - 2013-06-26 20:05 - 24379392 ____A C:\Windows\System32\config\system.bhv
    2013-06-26 20:05 - 2013-06-26 20:05 - 00524288 ____A C:\Windows\System32\config\default.bhv
    2013-06-26 20:05 - 2013-06-26 20:05 - 00262144 ____A C:\Windows\System32\config\security.bhv
    2013-06-26 20:05 - 2013-06-26 20:05 - 00262144 ____A C:\Windows\System32\config\sam.bhv
    2013-06-26 20:05 - 2013-06-26 20:05 - 00000000 ___AD C:\$Anvi Rescue Disk$
    2013-06-26 17:37 - 2013-06-26 17:41 - 38001894 ____A C:\Users\seven\Downloads\Come navigare nel Deep Web.mp4
    2013-06-26 16:55 - 2013-06-26 22:02 - 00000000 ____D C:\Users\seven\AppData\Roaming\GetRight
    2013-06-26 16:55 - 2013-06-26 22:02 - 00000000 ____D C:\Program Files\GetRight
    2013-06-23 21:11 - 2013-06-26 21:51 - 00000891 ____A C:\Windows\setupact.log
    2013-06-23 21:11 - 2013-06-23 21:11 - 00000000 ____A C:\Windows\setuperr.log
    2013-06-21 02:09 - 2013-06-21 02:09 - 00000000 ____D C:\Users\seven\Downloads\Miei salvataggi
    2013-06-19 22:16 - 2013-06-19 22:46 - 192163640 ____A C:\Users\seven\Downloads\Documentario su Parigi.mp4
    2013-06-19 01:04 - 2013-06-19 01:04 - 00000000 ____D C:\Users\seven\Documents\The Prince of Codes
    2013-06-18 16:25 - 2013-06-20 23:59 - 00000000 __SHD C:\Windows\System32\AI_RecycleBin
    2013-06-18 16:19 - 2013-06-19 01:17 - 00000000 ____D C:\Program Files\PutLockerDownloader.com
    2013-06-18 12:44 - 2013-06-18 12:44 - 00000000 ____D C:\Users\seven\Downloads\Vari Testi
    2013-06-18 12:38 - 2013-06-19 00:05 - 00000000 ____D C:\Users\seven\Downloads\Video
    2013-06-16 12:57 - 2013-06-16 13:29 - 00000000 ____D C:\Users\Public\Documents\STALKER-STCS
    2013-06-16 12:49 - 2013-06-16 12:49 - 00000000 ____D C:\Program Files\Deep Silver
    2013-06-14 23:42 - 2013-06-14 23:42 - 00000000 ____D C:\Users\seven\AppData\Roaming\AbaEnglishRt.19ECF44F1B9DAF7C7A64FDC21A008AB0C5135E2F.1
    2013-06-14 23:37 - 2013-06-14 23:37 - 00000513 ____A C:\Users\seven\Desktop\ABA English Course.lnk
    2013-06-14 23:35 - 2013-06-14 23:42 - 00000000 ____D C:\EnglishCourse
    2013-06-14 23:35 - 2013-06-14 23:35 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
    2013-06-14 23:35 - 2013-06-14 23:35 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
    2013-06-14 23:35 - 2013-06-14 23:35 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
    2013-06-14 22:57 - 2013-05-17 00:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-06-14 22:57 - 2013-05-16 23:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-06-14 22:57 - 2013-05-16 23:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2013-06-14 22:57 - 2013-05-16 23:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-06-14 22:57 - 2013-05-16 23:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-06-14 22:57 - 2013-05-16 23:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2013-06-14 22:57 - 2013-05-16 23:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2013-06-14 22:57 - 2013-05-16 23:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2013-06-14 22:57 - 2013-05-16 23:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2013-06-14 22:57 - 2013-05-16 23:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2013-06-14 22:57 - 2013-05-16 23:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2013-06-14 22:57 - 2013-05-16 23:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-06-14 22:57 - 2013-05-16 23:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-06-14 22:57 - 2013-05-16 23:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2013-06-14 22:57 - 2013-05-16 23:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-06-14 22:57 - 2013-05-16 23:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2013-06-14 22:11 - 2013-06-14 22:12 - 00161944 ____A C:\Users\seven\Downloads\corso-di-inglese-abaenglish-windows-downloader.exe
    2013-06-14 19:43 - 2013-05-13 05:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2013-06-14 19:43 - 2013-05-13 05:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2013-06-14 19:43 - 2013-05-13 05:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2013-06-14 19:43 - 2013-05-13 04:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
    2013-06-14 19:43 - 2013-05-13 04:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
    2013-06-14 19:43 - 2013-05-10 04:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
    2013-06-14 19:43 - 2013-05-08 06:38 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2013-06-14 19:43 - 2013-05-06 06:06 - 03968872 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
    2013-06-14 19:43 - 2013-05-06 06:06 - 03913576 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2013-06-14 19:43 - 2013-04-26 05:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
    2013-06-12 23:54 - 2013-06-26 22:10 - 00000000 ____D C:\Users\seven\Downloads\Da copiare nella chiavetta
    2013-06-11 19:05 - 2013-06-23 21:13 - 00000000 ____D C:\Program Files\Steam
    2013-06-11 19:05 - 2013-06-14 23:16 - 00000000 ____D C:\Program Files\Common Files\Steam
    2013-06-11 18:56 - 2013-06-11 18:58 - 01669632 ____A C:\Users\seven\Downloads\SteamInstall.msi
    2013-06-07 18:06 - 2012-11-09 23:21 - 00246760 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
    2013-06-07 18:05 - 2012-11-09 23:21 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
    2013-06-07 18:05 - 2012-11-09 23:21 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\java.exe
    2013-06-07 18:04 - 2013-06-07 18:04 - 00000000 ____D C:\Users\seven\Documents\VSO Downloader
    2013-06-07 18:03 - 2013-06-07 18:03 - 00000000 ____D C:\Users\seven\AppData\Roaming\KastorFreeVideoCatcher
    2013-06-07 18:03 - 2013-06-07 18:03 - 00000000 ____D C:\ProgramData\VSO
    2013-06-07 18:03 - 2013-06-07 18:03 - 00000000 ____D C:\Program Files\VSO
    2013-06-07 18:03 - 2013-06-07 18:03 - 00000000 ____D C:\Program Files\Kastor Free Video Catcher
    2013-06-07 18:03 - 2008-09-24 19:33 - 00484352 ____A C:\Windows\System32\lame_enc.dll
    2013-06-07 18:02 - 2013-06-26 22:10 - 00000000 ____D C:\Users\seven\AppData\Roaming\KastorAllVideoDownloader
    2013-06-07 18:02 - 2013-06-07 18:02 - 00000000 ____D C:\Program Files\Kastor All Video Downloader
    2013-06-07 18:01 - 2013-06-07 18:07 - 00000000 ____D C:\Program Files\TubeMaster++
    2013-06-05 14:36 - 2013-06-05 19:02 - 00000000 ____D C:\Users\seven\Documents\SpellForce
    2013-06-05 14:32 - 2013-06-05 14:32 - 00000926 ____A C:\Users\seven\Desktop\GameSpy Arcade.lnk
    2013-06-05 14:32 - 2013-06-05 14:32 - 00000000 ____D C:\Program Files\GameSpy Arcade
    2013-06-05 14:32 - 2013-06-05 14:32 - 00000000 ____D C:\Program Files\AWS
    2013-06-05 14:31 - 2013-06-05 14:31 - 00001124 ____A C:\Users\seven\Desktop\SpellForce - The Order of Dawn.lnk
    2013-06-05 14:25 - 2013-06-05 14:25 - 00000000 ____D C:\Program Files\JoWooD
    2013-06-04 18:43 - 2013-06-04 18:43 - 00001104 ____A C:\Users\Public\Desktop\aTube Catcher.lnk
    2013-06-04 18:31 - 2013-06-11 23:59 - 00000000 ____D C:\Users\seven\Downloads\Cfake

    ==================== One Month Modified Files and Folders ========

    2013-06-30 22:27 - 2013-06-30 22:27 - 00000000 ____D C:\FRST
    2013-06-27 16:33 - 2013-06-27 16:33 - 00000000 __SHD C:\found.000
    2013-06-27 15:42 - 2013-06-27 15:42 - 147062908 ____A C:\Windows\MEMORY.DMP
    2013-06-27 01:54 - 2013-01-25 15:33 - 00000318 ____A C:\Windows\System32\ayboot.ini
    2013-06-26 22:28 - 2013-06-26 22:28 - 00000000 ____A C:\asdsetup.exe
    2013-06-26 22:19 - 2013-06-26 22:18 - 00000000 ___AD C:\.Trash-0
    2013-06-26 22:10 - 2013-06-12 23:54 - 00000000 ____D C:\Users\seven\Downloads\Da copiare nella chiavetta
    2013-06-26 22:10 - 2013-06-07 18:02 - 00000000 ____D C:\Users\seven\AppData\Roaming\KastorAllVideoDownloader
    2013-06-26 22:10 - 2012-12-17 21:36 - 00000000 ____D C:\Users\seven\AppData\Roaming\vlc
    2013-06-26 22:10 - 2012-12-04 19:52 - 00000000 ____D C:\ProgramData\Ant.com
    2013-06-26 22:10 - 2012-11-08 10:16 - 00000000 ____D C:\Windows\AutoKMS
    2013-06-26 22:10 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\wfp
    2013-06-26 22:10 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\NDF
    2013-06-26 22:10 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\DriverStore
    2013-06-26 22:10 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\registration
    2013-06-26 22:02 - 2013-06-26 16:55 - 00000000 ____D C:\Users\seven\AppData\Roaming\GetRight
    2013-06-26 22:02 - 2013-06-26 16:55 - 00000000 ____D C:\Program Files\GetRight
    2013-06-26 22:01 - 2013-06-26 20:54 - 00000000 ____D C:\Windows\pss
    2013-06-26 21:52 - 2013-06-26 21:51 - 00000004 ____A C:\Users\seven\AppData\Roaming\skype.ini
    2013-06-26 21:52 - 2012-11-09 17:36 - 00000978 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-06-26 21:51 - 2013-06-23 21:11 - 00000891 ____A C:\Windows\setupact.log
    2013-06-26 21:50 - 2012-11-14 23:31 - 00001132 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-06-26 21:50 - 2012-11-08 10:16 - 00000266 ____A C:\Windows\Tasks\AutoKMS.job
    2013-06-26 21:50 - 2009-07-14 05:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-06-26 20:05 - 2013-06-26 20:05 - 43253760 ____A C:\Windows\System32\config\software.bhv
    2013-06-26 20:05 - 2013-06-26 20:05 - 24379392 ____A C:\Windows\System32\config\system.bhv
    2013-06-26 20:05 - 2013-06-26 20:05 - 00524288 ____A C:\Windows\System32\config\default.bhv
    2013-06-26 20:05 - 2013-06-26 20:05 - 00262144 ____A C:\Windows\System32\config\security.bhv
    2013-06-26 20:05 - 2013-06-26 20:05 - 00262144 ____A C:\Windows\System32\config\sam.bhv
    2013-06-26 20:05 - 2013-06-26 20:05 - 00000000 ___AD C:\$Anvi Rescue Disk$
    2013-06-26 18:47 - 2012-12-21 20:29 - 00000000 ____D C:\Users\seven\AppData\Roaming\NetSpeedMonitor
    2013-06-26 17:41 - 2013-06-26 17:37 - 38001894 ____A C:\Users\seven\Downloads\Come navigare nel Deep Web.mp4
    2013-06-26 17:28 - 2012-11-08 10:47 - 00000000 ____D C:\Users\seven\AppData\Roaming\Nitro PDF
    2013-06-23 21:22 - 2012-12-14 23:53 - 01716519 ____A C:\Windows\WindowsUpdate.log
    2013-06-23 21:22 - 2012-11-14 23:31 - 00001136 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-06-23 21:18 - 2009-07-14 05:34 - 00025616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-06-23 21:18 - 2009-07-14 05:34 - 00025616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-06-23 21:13 - 2013-06-11 19:05 - 00000000 ____D C:\Program Files\Steam
    2013-06-23 21:11 - 2013-06-23 21:11 - 00000000 ____A C:\Windows\setuperr.log
    2013-06-23 01:50 - 2012-11-07 11:35 - 01653742 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-06-23 01:50 - 2009-07-14 09:21 - 00739254 ____A C:\Windows\System32\perfh010.dat
    2013-06-23 01:50 - 2009-07-14 09:21 - 00146294 ____A C:\Windows\System32\perfc010.dat
    2013-06-21 02:09 - 2013-06-21 02:09 - 00000000 ____D C:\Users\seven\Downloads\Miei salvataggi
    2013-06-20 23:59 - 2013-06-18 16:25 - 00000000 __SHD C:\Windows\System32\AI_RecycleBin
    2013-06-20 23:59 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system
    2013-06-20 01:01 - 2012-11-09 20:39 - 00000925 ____A C:\Users\Public\Desktop\CCleaner.lnk
    2013-06-20 01:01 - 2012-11-09 20:39 - 00000000 ____D C:\Program Files\CCleaner
    2013-06-20 00:42 - 2013-01-25 15:17 - 00000000 ____D C:\WinWebExplorer
    2013-06-19 22:46 - 2013-06-19 22:16 - 192163640 ____A C:\Users\seven\Downloads\Documentario su Parigi.mp4
    2013-06-19 01:17 - 2013-06-18 16:19 - 00000000 ____D C:\Program Files\PutLockerDownloader.com
    2013-06-19 01:04 - 2013-06-19 01:04 - 00000000 ____D C:\Users\seven\Documents\The Prince of Codes
    2013-06-19 00:05 - 2013-06-18 12:38 - 00000000 ____D C:\Users\seven\Downloads\Video
    2013-06-18 12:44 - 2013-06-18 12:44 - 00000000 ____D C:\Users\seven\Downloads\Vari Testi
    2013-06-16 23:41 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
    2013-06-16 13:29 - 2013-06-16 12:57 - 00000000 ____D C:\Users\Public\Documents\STALKER-STCS
    2013-06-16 12:49 - 2013-06-16 12:49 - 00000000 ____D C:\Program Files\Deep Silver
    2013-06-14 23:42 - 2013-06-14 23:42 - 00000000 ____D C:\Users\seven\AppData\Roaming\AbaEnglishRt.19ECF44F1B9DAF7C7A64FDC21A008AB0C5135E2F.1
    2013-06-14 23:42 - 2013-06-14 23:35 - 00000000 ____D C:\EnglishCourse
    2013-06-14 23:37 - 2013-06-14 23:37 - 00000513 ____A C:\Users\seven\Desktop\ABA English Course.lnk
    2013-06-14 23:37 - 2012-11-08 15:33 - 00000000 ____D C:\Users\seven\AppData\Roaming\Adobe
    2013-06-14 23:37 - 2012-11-08 15:28 - 00000000 ____D C:\ProgramData\Adobe
    2013-06-14 23:35 - 2013-06-14 23:35 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
    2013-06-14 23:35 - 2013-06-14 23:35 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
    2013-06-14 23:35 - 2013-06-14 23:35 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
    2013-06-14 23:35 - 2013-05-14 16:53 - 00000000 ____D C:\Users\seven\AppData\Local\Adobe
    2013-06-14 23:35 - 2013-02-26 21:02 - 00000000 ____D C:\Program Files\Adobe
    2013-06-14 23:16 - 2013-06-11 19:05 - 00000000 ____D C:\Program Files\Common Files\Steam
    2013-06-14 23:10 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\it-IT
    2013-06-14 22:58 - 2012-11-07 12:14 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2013-06-14 22:12 - 2013-06-14 22:11 - 00161944 ____A C:\Users\seven\Downloads\corso-di-inglese-abaenglish-windows-downloader.exe
    2013-06-12 22:52 - 2012-11-09 17:36 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
    2013-06-12 22:52 - 2012-11-09 17:36 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
    2013-06-11 23:59 - 2013-06-04 18:31 - 00000000 ____D C:\Users\seven\Downloads\Cfake
    2013-06-11 18:58 - 2013-06-11 18:56 - 01669632 ____A C:\Users\seven\Downloads\SteamInstall.msi
    2013-06-08 22:40 - 2012-12-15 22:03 - 00000000 ____D C:\Users\seven\Documents\Conersazioni What's App
    2013-06-08 22:32 - 2013-01-29 15:14 - 00000000 ____D C:\Users\seven\.VirtualBox
    2013-06-07 18:07 - 2013-06-07 18:01 - 00000000 ____D C:\Program Files\TubeMaster++
    2013-06-07 18:06 - 2013-01-29 15:09 - 00000000 ____D C:\Program Files\Oracle
    2013-06-07 18:05 - 2012-11-09 23:21 - 00000000 ____D C:\Program Files\Java
    2013-06-07 18:04 - 2013-06-07 18:04 - 00000000 ____D C:\Users\seven\Documents\VSO Downloader
    2013-06-07 18:03 - 2013-06-07 18:03 - 00000000 ____D C:\Users\seven\AppData\Roaming\KastorFreeVideoCatcher
    2013-06-07 18:03 - 2013-06-07 18:03 - 00000000 ____D C:\ProgramData\VSO
    2013-06-07 18:03 - 2013-06-07 18:03 - 00000000 ____D C:\Program Files\VSO
    2013-06-07 18:03 - 2013-06-07 18:03 - 00000000 ____D C:\Program Files\Kastor Free Video Catcher
    2013-06-07 18:02 - 2013-06-07 18:02 - 00000000 ____D C:\Program Files\Kastor All Video Downloader
    2013-06-07 18:02 - 2012-12-10 21:26 - 00000000 ____D C:\Program Files\WinPcap
    2013-06-05 19:02 - 2013-06-05 14:36 - 00000000 ____D C:\Users\seven\Documents\SpellForce
    2013-06-05 14:32 - 2013-06-05 14:32 - 00000926 ____A C:\Users\seven\Desktop\GameSpy Arcade.lnk
    2013-06-05 14:32 - 2013-06-05 14:32 - 00000000 ____D C:\Program Files\GameSpy Arcade
    2013-06-05 14:32 - 2013-06-05 14:32 - 00000000 ____D C:\Program Files\AWS
    2013-06-05 14:31 - 2013-06-05 14:31 - 00001124 ____A C:\Users\seven\Desktop\SpellForce - The Order of Dawn.lnk
    2013-06-05 14:25 - 2013-06-05 14:25 - 00000000 ____D C:\Program Files\JoWooD
    2013-06-05 00:23 - 2012-11-09 20:37 - 00000000 ____D C:\Users\seven\Downloads\eMule
    2013-06-04 18:43 - 2013-06-04 18:43 - 00001104 ____A C:\Users\Public\Desktop\aTube Catcher.lnk
    2013-06-04 18:42 - 2013-01-22 16:41 - 00000000 ____D C:\Program Files\DsNET Corp
    2013-06-04 00:22 - 2013-02-18 18:04 - 00000000 ____D C:\Users\seven\Downloads\archpr22
    2013-06-04 00:07 - 2012-11-08 23:11 - 00000000 ____D C:\Users\seven\AppData\Roaming\DVDVideoSoft
    2013-06-03 23:39 - 2013-01-14 19:45 - 00000000 ____D C:\Users\seven\AppData\Roaming\uTorrent
    2013-06-03 22:47 - 2012-12-15 22:52 - 00000000 ____D C:\Users\seven\AppData\Local\Paint.NET

    ZeroAccess:
    C:\$Recycle.Bin\S-1-5-21-589101805-1279379778-812310743-1000\$381b76a2e37827a53b15dd0b75a72e9b

    ZeroAccess:
    C:\$Recycle.Bin\S-1-5-18\$381b76a2e37827a53b15dd0b75a72e9b

    Files to move or delete:
    ====================
    C:\Users\seven\AppData\Roaming\skype.dat
    C:\Users\seven\AppData\Roaming\skype.ini

    ==================== Known DLLs (Whitelisted) ============


    ==================== Bamital & volsnap Check =================

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: <===== ATTENTION!
    HKLM\...\exefile\DefaultIcon: <===== ATTENTION!
    HKLM\...\exefile\open\command: <===== ATTENTION!

    ==================== Restore Points =========================

    Restore point made on: 2013-06-14 18:46:55
    Restore point made on: 2013-06-14 22:55:42
    Restore point made on: 2013-06-16 13:01:25
    Restore point made on: 2013-06-18 16:20:39
    Restore point made on: 2013-06-18 16:24:33
    Restore point made on: 2013-06-19 01:04:22
    Restore point made on: 2013-06-19 21:21:27
    Restore point made on: 2013-06-20 23:59:37
    Restore point made on: 2013-06-23 21:23:08

    ==================== Memory info ===========================

    Percentage of memory in use: 13%
    Total physical RAM: 3071.27 MB
    Available physical RAM: 2648.68 MB
    Total Pagefile: 3069.55 MB
    Available Pagefile: 2653.84 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1921.11 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:297.99 GB) (Free:114.08 GB) NTFS
    Drive g: () (Removable) (Total:7.47 GB) (Free:7.47 GB) FAT32
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Drive y: (Riservato per il sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 000997F0)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (Size: 7 GB) (Disk ID: 70707573)
    Partition 1: (Not Active) - (Size=923 GB) - (Type=0D)
    Partition 2: (Not Active) - (Size=259 GB) - (Type=0A)
    Partition 3: (Not Active) - (Size=844 GB) - (Type=6F)
    Partition 4: (Not Active) - (Size=26 MB) - (Type=0A)


    LastRegBack: 2013-05-14 15:37

    ==================== End Of Log ============================


    Edited by vicky67 - 21/8/2013, 17:28
     
    .
698 replies since 5/6/2013, 08:44   22450 views
  Share  
.

Rimozione malware
Create your forum and your blog! · Top Forum · Categories · Help · Status · Contacts · Powered by ForumFree