-
ivan1910.
User deleted
scusa ma non avevo capito questo passaggio ti allego FRST
grazie molto ciao
scusa ma non ho ancora capito come si allegano file
ciaoSPOILER (clicca per visualizzare)Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-08-2013
Ran by SYSTEM on 17-08-2013 10:22:07
Running from F:\
Windows 7 Ultimate (X86) OS Language: Italian Standard
Internet Explorer Version 10
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [VMonitorVMUVC] - C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe [143360 2008-08-29] (Vimicro Corporation)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AdobeCS5ServiceManager] - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKU\bob\...\Run: [AdobeBridge] - [x]
HKU\bob\...\Run: [EPSON Stylus Photo R220 Series] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /FU "C:\Users\bob\AppData\Local\Temp\E_S7992.tmp" /EF "HKCU" [x]
HKU\bob\...\Run: [EPSON Stylus Photo R220 Series (Copia 1)] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /FU "C:\Users\bob\AppData\Local\Temp\E_S587C.tmp" /EF "HKCU" [x]
HKU\bob\...\Run: [Zysoj] - C:\Users\bob\AppData\Roaming\Wite\zysoj.exe [ 2010-12-09] (System, Inc.)
HKU\bob\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\bob\AppData\Local\Temp\wNEFXgz.exe [ 2013-08-16] (Valve Corporation) <===== ATTENTION
HKU\bob\...\Winlogon: [Shell] cmd.exe [ 2013-03-31] (Microsoft Corporation) <==== ATTENTION
HKU\bob\...\Command Processor: "C:\Users\bob\AppData\Local\Temp\wNEFXgz.exe" <===== ATTENTION!
========================== Services (Whitelisted) =================
S2 BrowserProtect; C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2847696 2013-07-26] ()
S3 FSAUA; C:\Program Files\F-Secure\FSAUA\program\fsaua.exe [417792 2007-01-17] (F-Secure Corporation)
S2 pf3ed; C:\Users\bob\AppData\Roaming\eecehp.bat [85 2012-11-01] ()
S2 ScsiAccess; C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe [181312 2012-05-13] ()
S2 Trusted Installer; C:\Windows\system32\TrustedInstaller.exe [357376 2013-01-07] ()
==================== Drivers (Whitelisted) ====================
S3 hcwPP2; C:\Windows\System32\DRIVERS\hcwPP2.sys [174592 2007-01-08] (Hauppauge Computer Works, Inc.)
S3 catchme; \??\C:\Users\bob\AppData\Local\Temp\catchme.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-17 02:16 - 2013-08-17 02:16 - 00000000 ___DC C:\FRST
2013-08-16 00:33 - 2013-08-16 00:33 - 01359938 _____ C:\Users\bob\AppData\Roaming\2433f433
2013-08-16 00:33 - 2013-08-16 00:33 - 01359905 _____ C:\Users\bob\AppData\Local\2433f433
2013-08-14 13:53 - 2013-08-14 13:53 - 00000000 ____D C:\Users\bob\AppData\Roaming\vlc
2013-08-14 13:49 - 2013-08-17 08:57 - 00000000 ____D C:\ProgramData\Datamngr
2013-08-14 13:49 - 2013-08-14 13:49 - 00000000 ___DC C:\Program Files\Movies Toolbar
2013-08-14 13:49 - 2013-08-14 13:49 - 00000000 ____D C:\Users\bob\AppData\Local\ilividmoviestoolbardla
2013-08-14 13:49 - 2013-08-14 13:49 - 00000000 ____D C:\ProgramData\Wincert
2013-08-14 08:29 - 2013-08-17 09:06 - 00003257 ____C C:\Windows\setupact.log
2013-08-14 08:29 - 2013-08-14 08:29 - 00000000 ____C C:\Windows\setuperr.log
2013-07-28 07:54 - 2013-08-01 23:56 - 00000063 _____ C:\Users\bob\AppData\Roaming\WB.CFG
==================== One Month Modified Files and Folders =======
2013-08-17 10:00 - 2013-08-17 10:00 - 00000000 ___DC C:\Windows\System32\config\HiveBackup
2013-08-17 09:06 - 2013-08-14 08:29 - 00003257 ____C C:\Windows\setupact.log
2013-08-17 09:05 - 2013-03-30 01:27 - 00015640 ____C C:\Windows\PFRO.log
2013-08-17 08:57 - 2013-08-14 13:49 - 00000000 ____D C:\ProgramData\Datamngr
2013-08-17 08:52 - 2012-08-30 13:43 - 00005552 ___HC C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-17 08:52 - 2012-08-30 13:43 - 00005552 ___HC C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-17 08:52 - 2012-07-13 23:37 - 01542031 ____C C:\Windows\WindowsUpdate.log
2013-08-17 02:16 - 2013-08-17 02:16 - 00000000 ___DC C:\FRST
2013-08-16 17:49 - 2009-07-14 05:34 - 00012288 ____C C:\Windows\System32\umstartup.etl
2013-08-16 00:33 - 2013-08-16 00:33 - 01359938 _____ C:\Users\bob\AppData\Roaming\2433f433
2013-08-16 00:33 - 2013-08-16 00:33 - 01359905 _____ C:\Users\bob\AppData\Local\2433f433
2013-08-15 17:56 - 2009-10-28 08:24 - 00000000 ___DC C:\Foto
2013-08-15 16:55 - 2013-06-16 22:54 - 00000005 _____ C:\Users\bob\AppData\Roaming\WBPU-TTL.DAT
2013-08-15 00:40 - 2009-10-28 08:24 - 00000000 ___DC C:\Exel
2013-08-15 00:27 - 2010-12-26 10:31 - 00000000 ____D C:\Users\bob\AppData\Roaming\Apple Computer
2013-08-14 15:09 - 2009-10-28 08:23 - 00000000 __RDC C:\Programmi
2013-08-14 14:28 - 2013-06-30 22:36 - 00000000 ____D C:\Users\bob\Desktop\SCUOLA
2013-08-14 13:58 - 2012-10-18 15:49 - 00000000 ____D C:\Users\bob\Desktop\programmazione
2013-08-14 13:58 - 2012-08-16 13:11 - 00000000 ____D C:\Users\bob\Desktop\R. Spese
2013-08-14 13:57 - 2013-07-17 23:23 - 00000000 ____D C:\Users\bob\Desktop\CAP PARMA
2013-08-14 13:53 - 2013-08-14 13:53 - 00000000 ____D C:\Users\bob\AppData\Roaming\vlc
2013-08-14 13:49 - 2013-08-14 13:49 - 00000000 ___DC C:\Program Files\Movies Toolbar
2013-08-14 13:49 - 2013-08-14 13:49 - 00000000 ____D C:\Users\bob\AppData\Local\ilividmoviestoolbardla
2013-08-14 13:49 - 2013-08-14 13:49 - 00000000 ____D C:\ProgramData\Wincert
2013-08-14 08:29 - 2013-08-14 08:29 - 00000000 ____C C:\Windows\setuperr.log
2013-08-13 16:07 - 2013-03-31 01:11 - 00336962 ____C C:\Windows\System32\PerfStringBackup.INI
2013-08-02 13:24 - 2013-05-25 12:57 - 00000000 ____D C:\ProgramData\BrowserProtect
2013-08-01 23:56 - 2013-07-28 07:54 - 00000063 _____ C:\Users\bob\AppData\Roaming\WB.CFG
2013-07-31 06:12 - 2010-12-11 21:47 - 00000000 ____D C:\Program Files\Google
2013-07-21 17:02 - 2010-12-09 00:00 - 00000000 ____D C:\Users\bob\Downloads\eMule
Files to move or delete:
====================
C:\Users\bob\AppData\Local\Temp\wNEFXgz.exe
C:\Users\bob\Photoshop_12_LS4.exe
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION!
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-08-15 23:00:05
==================== Memory info ===========================
Percentage of memory in use: 19%
Total physical RAM: 2045.94 MB
Available physical RAM: 1648.76 MB
Total Pagefile: 2045.94 MB
Available Pagefile: 1648.59 MB
Total Virtual: 2047.88 MB
Available Virtual: 1933.71 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:218.88 GB) (Free:60.86 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Esegui backup) (Fixed) (Total:74.5 GB) (Free:30.37 GB) NTFS
Drive f: () (Removable) (Total:3.71 GB) (Free:3.7 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 494025C7)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Active) - (Size=219 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=75 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=5 GB) - (Type=DB)
========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 01FB0D9A)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)
LastRegBack: 2013-08-13 18:51
==================== End Of Log ============================
spero fosse questo quello che mi chiedevi grazie ciao
Edited by vicky67 - 17/8/2013, 12:55.
Virus Polizia Penitenziaria,Polizia di Stato,Carabinieri (RISOLTO) |