Aiuto PC


Virus Polizia Penitenziaria,Polizia di Stato,Carabinieri (RISOLTO)

« Older   Newer »
 
  Share  
.
  1. Arai78
    Posted on 17/8/2013, 15:10 by: Arai78
     
    .

    User deleted
    Grazie in anticipo per l'aiuto, allego di seguito log di frst
    SPOILER (clicca per visualizzare)
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2013
    Ran by SYSTEM on 17-08-2013 15:53:59
    Running from G:\
    Windows 7 Home Premium (X64) OS Language: Italian Standard
    Internet Explorer Version 8
    Boot Mode: Recovery

    The current controlset is ControlSet001
    ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7938080 2009-07-24] (Realtek Semiconductor)
    HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-07-24] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [208384 2009-08-03] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
    HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [171520 2009-08-17] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [317288 2009-05-26] (Sony Corporation)
    HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-10] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [MarketingTools] - C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe [26624 2009-09-08] (Sony Corporation)
    HKLM-x32\...\Run: [NokiaMServer] - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles [x]
    HKLM-x32\...\Run: [NokiaMusic FastStart] - C:\Program Files (x86)\Nokia\Nokia Music\NokiaMusic.exe [2327840 2009-07-02] (Nokia)
    HKLM-x32\...\Run: [AVG_TRAY] - C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2345592 2012-08-01] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [Iminent] - C:\Program Files (x86)\Iminent\Iminent.exe [1074736 2013-07-02] (Iminent)
    HKLM-x32\...\Run: [IminentMessenger] - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe [884784 2013-07-02] (Iminent)
    HKU\Michael\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-09-08] (Google Inc.)
    HKU\Michael\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883856 2009-07-26] (Microsoft Corporation)
    HKU\Michael\...\Run: [Software updater] - C:\Users\Michael\AppData\Roaming\FreeSoftwareUpdater\updater.exe [52516 2013-05-21] ()
    HKU\Michael\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Michael\AppData\Local\Temp\dsddSVj.exe [64000 2013-08-15] (Valve Corporation) <===== ATTENTION
    HKU\Michael\...\Winlogon: [Shell] cmd.exe [344576 2009-07-14] (Microsoft Corporation) <==== ATTENTION
    HKU\Michael\...\Command Processor: "C:\Users\Michael\AppData\Local\Temp\dsddSVj.exe" <===== ATTENTION!
    Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk
    ShortcutTarget: lollipop.lnk -> (No File)
    Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
    ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
    BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG10\avgchsva.exe /syncC:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart

    ==================== Services (Whitelisted) =================

    S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
    S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)
    S2 avgwd; C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
    S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [32808 2013-07-01] (Just Develop It)
    S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-06-26] (Sonic Solutions)
    S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-06-26] (Sonic Solutions)
    S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [189984 2009-07-24] (Realtek Semiconductor)
    S3 ServiceLayer; C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe [637952 2009-06-02] (Nokia.)
    S3 SOHDBSvr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-07-27] (Sony Corporation)
    S3 SOHPlMgr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-07-27] (Sony Corporation)
    S2 SProtection; C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe [2864448 2013-08-01] (Iminent)
    S2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
    S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-07-23] (Sony Corporation)
    S2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [642920 2009-07-22] (Sony Corporation)
    S3 Vcsw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [313264 2009-07-23] (Sony Corporation)
    S2 VzCdbSvc; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [206336 2009-07-23] (Sony Corporation)

    ==================== Drivers (Whitelisted) ====================

    S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
    S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [118864 2011-05-27] (AVG Technologies CZ, s.r.o. )
    S0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [26704 2011-02-22] (AVG Technologies CZ, s.r.o. )
    S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [29264 2011-02-10] (AVG Technologies CZ, s.r.o. )
    S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [312160 2012-11-12] (AVG Technologies CZ, s.r.o.)
    S1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [41552 2011-03-01] (AVG Technologies CZ, s.r.o.)
    S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [37456 2011-03-16] (AVG Technologies CZ, s.r.o.)
    S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [377936 2011-04-04] (AVG Technologies CZ, s.r.o.)
    S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114560 2009-07-24] (Huawei Technologies Co., Ltd.)
    S2 risdptsk; C:\Windows\system32\DRIVERS\risdsn64.sys [76288 2009-07-31] (REDC)

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2013-08-15 12:59 - 2013-08-15 12:59 - 01037386 _____ C:\ProgramData\2433f433
    2013-08-15 12:59 - 2013-08-15 12:59 - 01037339 _____ C:\Users\Michael\AppData\Local\2433f433
    2013-08-15 12:59 - 2013-08-15 12:59 - 01037306 _____ C:\Users\Michael\AppData\Roaming\2433f433
    2013-08-15 12:59 - 2013-08-15 12:59 - 00000000 ____D C:\Users\Michael\AppData\Roaming\ArcSoft
    2013-08-15 12:59 - 2013-08-15 12:59 - 00000000 ____D C:\Users\Michael\AppData\Local\ArcSoft
    2013-08-15 12:59 - 2013-08-15 12:59 - 00000000 ____D C:\ProgramData\ArcSoft
    2013-07-19 17:42 - 2013-07-19 17:42 - 00000638 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
    2013-07-19 17:42 - 2013-07-19 17:42 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Iminent
    2013-07-19 17:42 - 2013-07-19 17:42 - 00000000 ____D C:\ProgramData\Iminent
    2013-07-18 14:00 - 2013-07-19 17:41 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
    2013-07-18 14:00 - 2013-07-18 14:00 - 00001051 _____ C:\Users\Michael\Desktop\MyPC Backup.lnk
    2013-07-18 14:00 - 2013-07-18 14:00 - 00000000 ____D C:\Users\Michael\AppData\Roaming\FreeSoftwareUpdater
    2013-07-18 13:59 - 2013-08-14 22:48 - 00000000 ____D C:\Users\Michael\AppData\Local\Lollipop
    2013-07-18 13:55 - 2009-11-25 20:47 - 01942856 _____ (Microsoft Corporation) C:\Windows\System32\dfshim.dll
    2013-07-18 13:55 - 2009-11-25 20:47 - 01130824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
    2013-07-18 13:55 - 2009-11-25 20:47 - 00444752 _____ (Microsoft Corporation) C:\Windows\System32\mscoree.dll
    2013-07-18 13:55 - 2009-11-25 20:47 - 00320352 _____ (Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
    2013-07-18 13:55 - 2009-11-25 20:47 - 00297808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscoree.dll
    2013-07-18 13:55 - 2009-11-25 20:47 - 00295264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHost.exe
    2013-07-18 13:55 - 2009-11-25 20:47 - 00109912 _____ (Microsoft Corporation) C:\Windows\System32\PresentationHostProxy.dll
    2013-07-18 13:55 - 2009-11-25 20:47 - 00099176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHostProxy.dll
    2013-07-18 13:55 - 2009-11-25 20:47 - 00049472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netfxperf.dll
    2013-07-18 13:55 - 2009-11-25 20:47 - 00048960 _____ (Microsoft Corporation) C:\Windows\System32\netfxperf.dll
    2013-07-18 13:54 - 2013-07-19 17:42 - 00000000 ____D C:\Program Files (x86)\Iminent
    2013-07-18 13:54 - 2013-07-18 13:54 - 00000000 ____D C:\Program Files (x86)\IMinent Toolbar
    2013-07-18 12:45 - 2013-08-17 14:13 - 00000364 _____ C:\Windows\Tasks\AmiUpdXp.job
    2013-07-18 12:45 - 2013-07-29 11:20 - 00000000 ____D C:\Users\Michael\AppData\Local\SwvUpdater
    2013-07-18 12:45 - 2013-07-18 12:45 - 00003388 _____ C:\Windows\System32\Tasks\AmiUpdXp
    2013-07-18 12:43 - 2013-07-18 12:43 - 00592200 _____ C:\Users\Michael\Desktop\eMule0.50a-Installer.exe

    ==================== One Month Modified Files and Folders =======

    2013-08-17 15:53 - 2013-08-17 15:53 - 00000000 ____D C:\FRST
    2013-08-17 14:37 - 2010-11-08 18:24 - 00196608 _____ C:\Windows\System32\Ikeext.etl
    2013-08-17 14:35 - 2009-11-22 13:17 - 02083525 _____ C:\Windows\WindowsUpdate.log
    2013-08-17 14:35 - 2009-07-14 05:51 - 00108830 _____ C:\Windows\setupact.log
    2013-08-17 14:21 - 2009-07-14 05:45 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-08-17 14:21 - 2009-07-14 05:45 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-08-17 14:14 - 2009-11-22 13:21 - 00003970 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{FEF5E76E-1D50-4A05-B002-883B6D4C7341}
    2013-08-17 14:14 - 2009-09-08 12:49 - 00001160 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-08-17 14:13 - 2013-07-18 12:45 - 00000364 _____ C:\Windows\Tasks\AmiUpdXp.job
    2013-08-17 14:12 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2013-08-15 17:47 - 2010-11-28 17:02 - 00000000 ____D C:\Windows\System32\Drivers\AVG
    2013-08-15 13:05 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing
    2013-08-15 13:00 - 2009-09-08 12:49 - 00001164 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-08-15 13:00 - 2009-08-17 13:53 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2013-08-15 12:59 - 2013-08-15 12:59 - 01037386 _____ C:\ProgramData\2433f433
    2013-08-15 12:59 - 2013-08-15 12:59 - 01037339 _____ C:\Users\Michael\AppData\Local\2433f433
    2013-08-15 12:59 - 2013-08-15 12:59 - 01037306 _____ C:\Users\Michael\AppData\Roaming\2433f433
    2013-08-15 12:59 - 2013-08-15 12:59 - 00000000 ____D C:\Users\Michael\AppData\Roaming\ArcSoft
    2013-08-15 12:59 - 2013-08-15 12:59 - 00000000 ____D C:\Users\Michael\AppData\Local\ArcSoft
    2013-08-15 12:59 - 2013-08-15 12:59 - 00000000 ____D C:\ProgramData\ArcSoft
    2013-08-15 12:55 - 2009-11-22 15:36 - 00000000 ____D C:\Users\Michael\Tracing
    2013-08-14 22:48 - 2013-07-18 13:59 - 00000000 ____D C:\Users\Michael\AppData\Local\Lollipop
    2013-08-02 10:37 - 2009-11-22 14:41 - 00000000 ____D C:\Users\Michael\AppData\Local\Google
    2013-07-29 11:20 - 2013-07-18 12:45 - 00000000 ____D C:\Users\Michael\AppData\Local\SwvUpdater
    2013-07-20 13:36 - 2009-07-14 06:08 - 00032548 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2013-07-19 17:42 - 2013-07-19 17:42 - 00000638 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
    2013-07-19 17:42 - 2013-07-19 17:42 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Iminent
    2013-07-19 17:42 - 2013-07-19 17:42 - 00000000 ____D C:\ProgramData\Iminent
    2013-07-19 17:42 - 2013-07-18 13:54 - 00000000 ____D C:\Program Files (x86)\Iminent
    2013-07-19 17:41 - 2013-07-18 14:00 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
    2013-07-18 14:00 - 2013-07-18 14:00 - 00001051 _____ C:\Users\Michael\Desktop\MyPC Backup.lnk
    2013-07-18 14:00 - 2013-07-18 14:00 - 00000000 ____D C:\Users\Michael\AppData\Roaming\FreeSoftwareUpdater
    2013-07-18 13:59 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
    2013-07-18 13:58 - 2009-07-14 11:53 - 00706896 _____ C:\Windows\System32\perfh010.dat
    2013-07-18 13:58 - 2009-07-14 11:53 - 00131156 _____ C:\Windows\System32\perfc010.dat
    2013-07-18 13:58 - 2009-07-14 06:13 - 01581390 _____ C:\Windows\System32\PerfStringBackup.INI
    2013-07-18 13:55 - 2009-09-08 12:49 - 00004160 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2013-07-18 13:55 - 2009-09-08 12:49 - 00003908 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2013-07-18 13:54 - 2013-07-18 13:54 - 00000000 ____D C:\Program Files (x86)\IMinent Toolbar
    2013-07-18 12:45 - 2013-07-18 12:45 - 00003388 _____ C:\Windows\System32\Tasks\AmiUpdXp
    2013-07-18 12:43 - 2013-07-18 12:43 - 00592200 _____ C:\Users\Michael\Desktop\eMule0.50a-Installer.exe

    Files to move or delete:
    ====================
    C:\Users\Michael\AppData\Local\Temp\dsddSVj.exe

    ==================== Known DLLs (Whitelisted) ================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-02-15 17:33:56
    Restore point made on: 2012-05-30 13:30:38
    Restore point made on: 2012-06-23 13:10:40
    Restore point made on: 2012-06-29 11:48:14
    Restore point made on: 2012-08-17 12:56:02
    Restore point made on: 2012-09-23 16:46:25
    Restore point made on: 2012-12-29 14:45:37
    Restore point made on: 2013-03-02 23:24:15
    Restore point made on: 2013-04-07 14:48:10
    Restore point made on: 2013-07-18 13:54:52
    Restore point made on: 2013-08-15 13:00:07

    ==================== Memory info ===========================

    Percentage of memory in use: 15%
    Total physical RAM: 4063.03 MB
    Available physical RAM: 3438.81 MB
    Total Pagefile: 4061.18 MB
    Available Pagefile: 3434.46 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.85 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:288.81 GB) (Free:223.07 GB) NTFS
    Drive e: (Recovery) (Fixed) (Total:9.18 GB) (Free:0.83 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive g: (STORE'N'GO) (Removable) (Total:0.48 GB) (Free:0.48 GB) FAT
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: DC9A64EA)
    Partition 1: (Not Active) - (Size=9 GB) - (Type=27)
    Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=289 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (Size: 491 MB) (Disk ID: 00000000)
    Partition 1: (Active) - (Size=491 MB) - (Type=06)


    LastRegBack: 2013-07-06 02:42

    ==================== End Of Log ============================
     
    .
698 replies since 5/6/2013, 08:44   22514 views
  Share  
.

Rimozione malware
Create your forum and your blog! · Top Forum · Categories · Help · Status · Contacts · Powered by ForumFree