Aiuto PC


Virus Polizia Penitenziaria,Polizia di Stato,Carabinieri (RISOLTO)

« Older   Newer »
 
  Share  
.
  1. tubine
    Posted on 2/7/2013, 15:35 by: tubine
     
    .

    User deleted
    Salve a tutti,

    ho preso il virus ukash polizia di stato su windows vista: business 32bit, la modalità provvisoria non funziona (ad eccezione di quella solo con prompt dei comandi).
    Da quest' ultima ho provato ad aprire msconfig per bloccare ogni programma che partisse automaticamente all' avvio, ma il problema e' persistito.
    Ho seguito il procedimento per ottenere il report delle operazioni, ma non comparendo alcuna funzione "ripristina" ho fatto partire la scansione dal prompt comandi versione provvisoria.
    Spero vada bene lo stesso...
    ecco qua:
    SPOILER (clicca per visualizzare)
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-06-2013 02
    Ran by Zaro (administrator) on 27-06-2013 17:46:54
    Running from F:\
    MicrosoftÆ Windows Vistaô Business Service Pack 2 (X86) OS Language: Italian Standard
    Internet Explorer Version 9
    Boot Mode: Safe Mode (minimal)

    ==================== Processes (Whitelisted) ===================

    (Microsoft Corporation) C:\Windows\system32\cmd.exe
    (Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE

    ==================== Registry (Whitelisted) ==================

    HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\Zaro\AppData\Roaming\skype.dat <==== ATTENTION
    BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.it/
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?ptr=100&crg=3.101...9D-001D72E9E451}
    HKLM SearchScopes: DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6...9D-001D72E9E451}
    SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6...9D-001D72E9E451}
    HKCU SearchScopes: DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6...1&st=23&ptr=100
    SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerm...3_ndt5&tsp=4921
    SearchScopes: HKCU - {3ECA117C-BB7F-4BD0-B4F2-1F84CD212FBB} URL = http://websearch.ask.com/redirect?client=i...25-0B9B65B24D0E
    SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6...1&st=23&ptr=100
    BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    Toolbar: HKCU -No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    Toolbar: HKCU -No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
    DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s...el_4.4.24.0.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 62.101.93.101 83.103.25.250

    FireFox:
    ========
    FF ProfilePath: C:\Users\Zaro\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0,[slws][slns]phd10
    FF user.js: detected! => C:\Users\Zaro\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0,[slws][slns]phd10\user.js
    FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
    FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    ========================== Services (Whitelisted) =================

    S2 AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [5174392 2012-11-02] (AVG Technologies CZ, s.r.o.)
    S2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)

    ==================== Drivers (Whitelisted) ====================

    S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [142176 2012-12-10] (AVG Technologies CZ, s.r.o. )
    S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )
    R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )
    S3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )
    S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [250080 2012-11-08] (AVG Technologies CZ, s.r.o.)
    S1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)
    S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [302368 2013-04-11] (AVG Technologies CZ, s.r.o.)
    S2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2010-10-11] (Samsung Electronics)
    S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2013-06-27 17:46 - 2013-06-27 17:46 - 00000000 ____D C:\FRST
    2013-06-27 15:48 - 2013-06-27 17:41 - 00000004 ____A C:\Users\Zaro\AppData\Roaming\skype.ini
    2013-06-22 14:27 - 2013-06-22 14:27 - 00000005 ____A C:\Users\Zaro\AppData\Roaming\WBPU-TTL.DAT
    2013-06-22 14:20 - 2013-06-22 14:31 - 00000870 ____A C:\Windows\System32\InstallUtil.InstallLog
    2013-06-22 14:20 - 2013-06-22 14:22 - 00000000 ____D C:\Program Files\WinZip Registry Optimizer
    2013-06-22 14:20 - 2013-06-22 14:20 - 00000000 ____D C:\Users\Zaro\AppData\Roaming\Nico Mak Computing
    2013-06-22 14:20 - 2013-06-22 14:20 - 00000000 ____D C:\Program Files\uTorrent
    2013-06-22 14:20 - 2013-06-22 14:20 - 00000000 ____A C:\END
    2013-06-22 14:20 - 2013-02-13 11:07 - 00018304 ____A (WinZip Computing, S.L.(WinZip Computing)) C:\Windows\System32\roboot.exe
    2013-06-22 14:18 - 2013-06-27 17:12 - 00000000 ____D C:\Users\Zaro\AppData\Roaming\uTorrent
    2013-06-22 14:18 - 2013-06-22 14:32 - 00000000 ____D C:\Users\Zaro\AppData\Local\Lollipop
    2013-06-22 14:17 - 2013-06-22 14:17 - 00211560 ____A C:\Users\Zaro\Downloads\uTorrent.exe
    2013-06-22 14:12 - 2013-06-22 14:11 - 00029219 ____A C:\Users\Zaro\Downloads\Dragon Naturally Speaking 11 - TNTVillage - Ita [h33t] (1).torrent
    2013-06-22 14:08 - 2013-06-22 14:31 - 00000000 ____D C:\Windows\System32\appmgmt
    2013-06-22 14:04 - 2013-06-22 14:04 - 00000000 ____D C:\Program Files\SweetIM
    2013-06-22 14:04 - 2013-05-16 14:02 - 00632656 ____A (Microsoft Corporation) C:\Windows\System32\msvcr80.dll
    2013-06-22 14:04 - 2013-05-16 14:02 - 00554832 ____A (Microsoft Corporation) C:\Windows\System32\msvcp80.dll
    2013-06-22 14:04 - 2013-05-16 14:02 - 00479232 ____A (Microsoft Corporation) C:\Windows\System32\msvcm80.dll
    2013-06-22 14:04 - 2013-05-16 14:02 - 00001870 ____A C:\Windows\System32\Microsoft.VC80.CRT.manifest
    2013-06-22 13:58 - 2013-06-22 13:58 - 00000000 ____D C:\Users\Zaro\AppData\Roaming\Mozilla
    2013-06-22 13:56 - 2013-06-22 14:06 - 00000000 ____D C:\Program Files\TornTV.com
    2013-06-22 13:54 - 2013-06-22 13:54 - 00249432 ____A C:\Users\Zaro\Downloads\Dragon_Naturally_Speaking_11_-_TNTVillage_-_Ita.exe
    2013-06-22 13:41 - 2013-06-22 13:41 - 00000000 ____D C:\Users\Zaro\AppData\Roaming\YourFileDownloader
    2013-06-22 13:40 - 2013-06-22 13:40 - 04639408 ____A (http://yourfiledownloader.com) C:\Users\Zaro\Downloads\Dragon_Naturally_Speaking_8_ITA_key_downloader_it_99329.exe
    2013-06-22 13:28 - 2013-06-22 13:28 - 00000000 ____D C:\Windows\System32\searchplugins
    2013-06-22 13:28 - 2013-06-22 13:28 - 00000000 ____D C:\Windows\System32\Extensions
    2013-06-22 13:28 - 2013-06-22 13:28 - 00000000 ____D C:\ProgramData\BrowserDefender
    2013-06-22 13:28 - 2013-06-22 13:28 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2013-06-22 13:28 - 2013-06-22 13:28 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2013-06-22 13:27 - 2013-06-22 14:28 - 00000282 ____A C:\Windows\Tasks\DSite.job
    2013-06-22 13:27 - 2013-06-22 13:27 - 00000000 ____D C:\Users\Zaro\AppData\Roaming\DSite
    2013-06-22 13:27 - 2013-06-22 13:27 - 00000000 ____D C:\Users\Zaro\AppData\Roaming\Babylon
    2013-06-22 13:27 - 2013-06-22 13:27 - 00000000 ____D C:\ProgramData\Babylon
    2013-06-22 13:26 - 2013-06-22 13:26 - 00794680 ____A C:\Users\Zaro\Downloads\ZipExtractorSetup.exe
    2013-06-13 03:02 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-06-13 03:02 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-06-13 03:02 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2013-06-13 03:02 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-06-13 03:02 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-06-13 03:02 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2013-06-13 03:02 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2013-06-13 03:02 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2013-06-13 03:02 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2013-06-13 03:02 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2013-06-13 03:02 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2013-06-13 03:02 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-06-13 03:02 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-06-13 03:02 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2013-06-13 03:02 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-06-13 03:02 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2013-06-12 11:29 - 2013-05-08 06:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2013-06-12 11:29 - 2013-05-03 00:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
    2013-06-12 11:29 - 2013-05-03 00:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2013-06-12 11:29 - 2013-05-02 06:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
    2013-06-12 11:29 - 2013-05-02 06:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
    2013-06-12 11:29 - 2013-04-24 06:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2013-06-12 11:29 - 2013-04-24 06:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2013-06-12 11:29 - 2013-04-24 06:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2013-06-12 11:29 - 2013-04-24 06:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
    2013-06-12 11:29 - 2013-04-24 03:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
    2013-06-12 11:29 - 2013-04-17 14:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
    2013-05-31 15:43 - 2013-06-22 17:44 - 00000012 ____A C:\Windows\bthservsdp.dat
    2013-05-31 15:25 - 2013-05-31 15:25 - 00001664 ____A C:\Users\Public\Desktop\iTunes.lnk
    2013-05-31 15:25 - 2012-08-21 13:01 - 00026840 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
    2013-05-31 15:24 - 2013-05-31 15:25 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2013-05-31 15:24 - 2013-05-31 15:24 - 00000000 ____D C:\Program Files\iPod
    2013-05-31 15:07 - 2013-05-31 15:07 - 00000000 ____D C:\Users\Zaro\AppData\Roaming\Canneverbe Limited
    2013-05-31 15:07 - 2013-05-31 15:07 - 00000000 ____D C:\ProgramData\Canneverbe Limited
    2013-05-28 14:14 - 2013-05-28 14:21 - 00000000 ____D C:\Users\Zaro\Documents\Fax

    ==================== One Month Modified Files and Folders ========

    2013-06-27 17:46 - 2013-06-27 17:46 - 00000000 ____D C:\FRST
    2013-06-27 17:41 - 2013-06-27 15:48 - 00000004 ____A C:\Users\Zaro\AppData\Roaming\skype.ini
    2013-06-27 17:23 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-06-27 17:23 - 2006-11-02 14:47 - 00004224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2013-06-27 17:23 - 2006-11-02 14:47 - 00004224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2013-06-27 17:12 - 2013-06-22 14:18 - 00000000 ____D C:\Users\Zaro\AppData\Roaming\uTorrent
    2013-06-27 17:12 - 2006-11-02 14:47 - 00024576 _____ C:\Windows\System32\umstartup.etl
    2013-06-27 17:02 - 2009-04-11 14:36 - 01263095 ____A C:\Windows\WindowsUpdate.log
    2013-06-27 12:17 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\System32\FxsTmp
    2013-06-27 09:22 - 2011-09-26 11:15 - 00000000 ____D C:\Windows\System32\Drivers\AVG
    2013-06-24 03:06 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
    2013-06-24 03:02 - 2009-04-13 01:22 - 01509574 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-06-24 03:02 - 2009-04-13 01:21 - 00671944 ____A C:\Windows\System32\perfh010.dat
    2013-06-24 03:02 - 2009-04-13 01:21 - 00123464 ____A C:\Windows\System32\perfc010.dat
    2013-06-22 17:55 - 2006-11-02 15:00 - 00015716 ____A C:\Windows\PFRO.log
    2013-06-22 17:44 - 2013-05-31 15:43 - 00000012 ____A C:\Windows\bthservsdp.dat
    2013-06-22 17:44 - 2006-11-02 15:01 - 00032600 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2013-06-22 14:32 - 2013-06-22 14:18 - 00000000 ____D C:\Users\Zaro\AppData\Local\Lollipop
    2013-06-22 14:31 - 2013-06-22 14:20 - 00000870 ____A C:\Windows\System32\InstallUtil.InstallLog
    2013-06-22 14:31 - 2013-06-22 14:08 - 00000000 ____D C:\Windows\System32\appmgmt
    2013-06-22 14:28 - 2013-06-22 13:27 - 00000282 ____A C:\Windows\Tasks\DSite.job
    2013-06-22 14:27 - 2013-06-22 14:27 - 00000005 ____A C:\Users\Zaro\AppData\Roaming\WBPU-TTL.DAT
    2013-06-22 14:22 - 2013-06-22 14:20 - 00000000 ____D C:\Users\Zaro\AppData\Roaming\Nico Mak Computing
    2013-06-22 14:22 - 2013-06-22 14:20 - 00000000 ____D C:\Program Files\WinZip Registry Optimizer
    2013-06-22 14:20 - 2013-06-22 14:20 - 00000000 ____D C:\Program Files\uTorrent
    2013-06-22 14:20 - 2013-06-22 14:20 - 00000000 ____A C:\END
    2013-06-22 14:17 - 2013-06-22 14:17 - 00211560 ____A C:\Users\Zaro\Downloads\uTorrent.exe
    2013-06-22 14:11 - 2013-06-22 14:12 - 00029219 ____A C:\Users\Zaro\Downloads\Dragon Naturally Speaking 11 - TNTVillage - Ita [h33t] (1).torrent
    2013-06-22 14:06 - 2013-06-22 13:56 - 00000000 ____D C:\Program Files\TornTV.com
    2013-06-22 14:04 - 2013-06-22 14:04 - 00000000 ____D C:\Program Files\SweetIM
    2013-06-22 13:58 - 2013-06-22 13:58 - 00000000 ____D C:\Users\Zaro\AppData\Roaming\Mozilla
    2013-06-22 13:54 - 2013-06-22 13:54 - 00249432 ____A C:\Users\Zaro\Downloads\Dragon_Naturally_Speaking_11_-_TNTVillage_-_Ita.exe
    2013-06-22 13:41 - 2013-06-22 13:41 - 00000000 ____D C:\Users\Zaro\AppData\Roaming\YourFileDownloader
    2013-06-22 13:40 - 2013-06-22 13:40 - 04639408 ____A (http://yourfiledownloader.com) C:\Users\Zaro\Downloads\Dragon_Naturally_Speaking_8_ITA_key_downloader_it_99329.exe
    2013-06-22 13:28 - 2013-06-22 13:28 - 00000000 ____D C:\Windows\System32\searchplugins
    2013-06-22 13:28 - 2013-06-22 13:28 - 00000000 ____D C:\Windows\System32\Extensions
    2013-06-22 13:28 - 2013-06-22 13:28 - 00000000 ____D C:\ProgramData\BrowserDefender
    2013-06-22 13:28 - 2013-06-22 13:28 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2013-06-22 13:28 - 2013-06-22 13:28 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2013-06-22 13:27 - 2013-06-22 13:27 - 00000000 ____D C:\Users\Zaro\AppData\Roaming\DSite
    2013-06-22 13:27 - 2013-06-22 13:27 - 00000000 ____D C:\Users\Zaro\AppData\Roaming\Babylon
    2013-06-22 13:27 - 2013-06-22 13:27 - 00000000 ____D C:\ProgramData\Babylon
    2013-06-22 13:26 - 2013-06-22 13:26 - 00794680 ____A C:\Users\Zaro\Downloads\ZipExtractorSetup.exe
    2013-06-13 03:35 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
    2013-06-13 03:18 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\it-IT
    2013-06-13 03:01 - 2006-11-02 12:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
    2013-06-06 16:44 - 2006-11-02 14:52 - 00121427 ____A C:\Windows\setupact.log
    2013-05-31 18:04 - 2012-03-11 13:47 - 00000000 ____D C:\Program Files\iTunes
    2013-05-31 15:25 - 2013-05-31 15:25 - 00001664 ____A C:\Users\Public\Desktop\iTunes.lnk
    2013-05-31 15:25 - 2013-05-31 15:24 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2013-05-31 15:24 - 2013-05-31 15:24 - 00000000 ____D C:\Program Files\iPod
    2013-05-31 15:24 - 2012-03-11 13:47 - 00000000 ____D C:\ProgramData\Apple Computer
    2013-05-31 15:24 - 2012-03-11 13:45 - 00000000 ____D C:\Program Files\Common Files\Apple
    2013-05-31 15:22 - 2011-09-26 10:03 - 00000000 ____D C:\users\Zaro
    2013-05-31 15:07 - 2013-05-31 15:07 - 00000000 ____D C:\Users\Zaro\AppData\Roaming\Canneverbe Limited
    2013-05-31 15:07 - 2013-05-31 15:07 - 00000000 ____D C:\ProgramData\Canneverbe Limited
    2013-05-28 14:21 - 2013-05-28 14:14 - 00000000 ____D C:\Users\Zaro\Documents\Fax

    Files to move or delete:
    ====================
    C:\Users\Zaro\AppData\Roaming\skype.dat
    C:\Users\Zaro\AppData\Roaming\skype.ini

    ==================== Bamital & volsnap Check =================

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2013-06-24 06:30

    ==================== End Of Log ============================


    Grazie in anticipo per la consulenza e l'aiuto!

    Edited by vicky67 - 9/7/2013, 10:00
     
    .
698 replies since 5/6/2013, 08:44   22513 views
  Share  
.

Rimozione malware
Create your forum and your blog! · Top Forum · Categories · Help · Status · Contacts · Powered by ForumFree