-
tubine.
User deleted
Salve a tutti,
ho preso il virus ukash polizia di stato su windows vista: business 32bit, la modalità provvisoria non funziona (ad eccezione di quella solo con prompt dei comandi).
Da quest' ultima ho provato ad aprire msconfig per bloccare ogni programma che partisse automaticamente all' avvio, ma il problema e' persistito.
Ho seguito il procedimento per ottenere il report delle operazioni, ma non comparendo alcuna funzione "ripristina" ho fatto partire la scansione dal prompt comandi versione provvisoria.
Spero vada bene lo stesso...
ecco qua:SPOILER (clicca per visualizzare)Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-06-2013 02
Ran by Zaro (administrator) on 27-06-2013 17:46:54
Running from F:\
MicrosoftÆ Windows Vistaô Business Service Pack 2 (X86) OS Language: Italian Standard
Internet Explorer Version 9
Boot Mode: Safe Mode (minimal)
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\Windows\system32\cmd.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE
==================== Registry (Whitelisted) ==================
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\Zaro\AppData\Roaming\skype.dat <==== ATTENTION
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.it/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?ptr=100&crg=3.101...9D-001D72E9E451}
HKLM SearchScopes: DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6...9D-001D72E9E451}
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6...9D-001D72E9E451}
HKCU SearchScopes: DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6...1&st=23&ptr=100
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerm...3_ndt5&tsp=4921
SearchScopes: HKCU - {3ECA117C-BB7F-4BD0-B4F2-1F84CD212FBB} URL = http://websearch.ask.com/redirect?client=i...25-0B9B65B24D0E
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6...1&st=23&ptr=100
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU -No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU -No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s...el_4.4.24.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 62.101.93.101 83.103.25.250
FireFox:
========
FF ProfilePath: C:\Users\Zaro\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0,[slws][slns]phd10
FF user.js: detected! => C:\Users\Zaro\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0,[slws][slns]phd10\user.js
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
========================== Services (Whitelisted) =================
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [5174392 2012-11-02] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
==================== Drivers (Whitelisted) ====================
S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [142176 2012-12-10] (AVG Technologies CZ, s.r.o. )
S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )
S3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [250080 2012-11-08] (AVG Technologies CZ, s.r.o.)
S1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)
S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [302368 2013-04-11] (AVG Technologies CZ, s.r.o.)
S2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2010-10-11] (Samsung Electronics)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-27 17:46 - 2013-06-27 17:46 - 00000000 ____D C:\FRST
2013-06-27 15:48 - 2013-06-27 17:41 - 00000004 ____A C:\Users\Zaro\AppData\Roaming\skype.ini
2013-06-22 14:27 - 2013-06-22 14:27 - 00000005 ____A C:\Users\Zaro\AppData\Roaming\WBPU-TTL.DAT
2013-06-22 14:20 - 2013-06-22 14:31 - 00000870 ____A C:\Windows\System32\InstallUtil.InstallLog
2013-06-22 14:20 - 2013-06-22 14:22 - 00000000 ____D C:\Program Files\WinZip Registry Optimizer
2013-06-22 14:20 - 2013-06-22 14:20 - 00000000 ____D C:\Users\Zaro\AppData\Roaming\Nico Mak Computing
2013-06-22 14:20 - 2013-06-22 14:20 - 00000000 ____D C:\Program Files\uTorrent
2013-06-22 14:20 - 2013-06-22 14:20 - 00000000 ____A C:\END
2013-06-22 14:20 - 2013-02-13 11:07 - 00018304 ____A (WinZip Computing, S.L.(WinZip Computing)) C:\Windows\System32\roboot.exe
2013-06-22 14:18 - 2013-06-27 17:12 - 00000000 ____D C:\Users\Zaro\AppData\Roaming\uTorrent
2013-06-22 14:18 - 2013-06-22 14:32 - 00000000 ____D C:\Users\Zaro\AppData\Local\Lollipop
2013-06-22 14:17 - 2013-06-22 14:17 - 00211560 ____A C:\Users\Zaro\Downloads\uTorrent.exe
2013-06-22 14:12 - 2013-06-22 14:11 - 00029219 ____A C:\Users\Zaro\Downloads\Dragon Naturally Speaking 11 - TNTVillage - Ita [h33t] (1).torrent
2013-06-22 14:08 - 2013-06-22 14:31 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-22 14:04 - 2013-06-22 14:04 - 00000000 ____D C:\Program Files\SweetIM
2013-06-22 14:04 - 2013-05-16 14:02 - 00632656 ____A (Microsoft Corporation) C:\Windows\System32\msvcr80.dll
2013-06-22 14:04 - 2013-05-16 14:02 - 00554832 ____A (Microsoft Corporation) C:\Windows\System32\msvcp80.dll
2013-06-22 14:04 - 2013-05-16 14:02 - 00479232 ____A (Microsoft Corporation) C:\Windows\System32\msvcm80.dll
2013-06-22 14:04 - 2013-05-16 14:02 - 00001870 ____A C:\Windows\System32\Microsoft.VC80.CRT.manifest
2013-06-22 13:58 - 2013-06-22 13:58 - 00000000 ____D C:\Users\Zaro\AppData\Roaming\Mozilla
2013-06-22 13:56 - 2013-06-22 14:06 - 00000000 ____D C:\Program Files\TornTV.com
2013-06-22 13:54 - 2013-06-22 13:54 - 00249432 ____A C:\Users\Zaro\Downloads\Dragon_Naturally_Speaking_11_-_TNTVillage_-_Ita.exe
2013-06-22 13:41 - 2013-06-22 13:41 - 00000000 ____D C:\Users\Zaro\AppData\Roaming\YourFileDownloader
2013-06-22 13:40 - 2013-06-22 13:40 - 04639408 ____A (http://yourfiledownloader.com) C:\Users\Zaro\Downloads\Dragon_Naturally_Speaking_8_ITA_key_downloader_it_99329.exe
2013-06-22 13:28 - 2013-06-22 13:28 - 00000000 ____D C:\Windows\System32\searchplugins
2013-06-22 13:28 - 2013-06-22 13:28 - 00000000 ____D C:\Windows\System32\Extensions
2013-06-22 13:28 - 2013-06-22 13:28 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-06-22 13:28 - 2013-06-22 13:28 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-22 13:28 - 2013-06-22 13:28 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-06-22 13:27 - 2013-06-22 14:28 - 00000282 ____A C:\Windows\Tasks\DSite.job
2013-06-22 13:27 - 2013-06-22 13:27 - 00000000 ____D C:\Users\Zaro\AppData\Roaming\DSite
2013-06-22 13:27 - 2013-06-22 13:27 - 00000000 ____D C:\Users\Zaro\AppData\Roaming\Babylon
2013-06-22 13:27 - 2013-06-22 13:27 - 00000000 ____D C:\ProgramData\Babylon
2013-06-22 13:26 - 2013-06-22 13:26 - 00794680 ____A C:\Users\Zaro\Downloads\ZipExtractorSetup.exe
2013-06-13 03:02 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-13 03:02 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-13 03:02 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 03:02 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 03:02 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-13 03:02 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-13 03:02 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-13 03:02 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 03:02 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 03:02 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-13 03:02 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-13 03:02 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 03:02 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-13 03:02 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-13 03:02 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-13 03:02 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-12 11:29 - 2013-05-08 06:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 11:29 - 2013-05-03 00:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 11:29 - 2013-05-03 00:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-12 11:29 - 2013-05-02 06:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 11:29 - 2013-05-02 06:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-12 11:29 - 2013-04-24 06:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 11:29 - 2013-04-24 06:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 11:29 - 2013-04-24 06:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 11:29 - 2013-04-24 06:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 11:29 - 2013-04-24 03:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 11:29 - 2013-04-17 14:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-05-31 15:43 - 2013-06-22 17:44 - 00000012 ____A C:\Windows\bthservsdp.dat
2013-05-31 15:25 - 2013-05-31 15:25 - 00001664 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-05-31 15:25 - 2012-08-21 13:01 - 00026840 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2013-05-31 15:24 - 2013-05-31 15:25 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-05-31 15:24 - 2013-05-31 15:24 - 00000000 ____D C:\Program Files\iPod
2013-05-31 15:07 - 2013-05-31 15:07 - 00000000 ____D C:\Users\Zaro\AppData\Roaming\Canneverbe Limited
2013-05-31 15:07 - 2013-05-31 15:07 - 00000000 ____D C:\ProgramData\Canneverbe Limited
2013-05-28 14:14 - 2013-05-28 14:21 - 00000000 ____D C:\Users\Zaro\Documents\Fax
==================== One Month Modified Files and Folders ========
2013-06-27 17:46 - 2013-06-27 17:46 - 00000000 ____D C:\FRST
2013-06-27 17:41 - 2013-06-27 15:48 - 00000004 ____A C:\Users\Zaro\AppData\Roaming\skype.ini
2013-06-27 17:23 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-27 17:23 - 2006-11-02 14:47 - 00004224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-27 17:23 - 2006-11-02 14:47 - 00004224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-27 17:12 - 2013-06-22 14:18 - 00000000 ____D C:\Users\Zaro\AppData\Roaming\uTorrent
2013-06-27 17:12 - 2006-11-02 14:47 - 00024576 _____ C:\Windows\System32\umstartup.etl
2013-06-27 17:02 - 2009-04-11 14:36 - 01263095 ____A C:\Windows\WindowsUpdate.log
2013-06-27 12:17 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-06-27 09:22 - 2011-09-26 11:15 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2013-06-24 03:06 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-06-24 03:02 - 2009-04-13 01:22 - 01509574 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-24 03:02 - 2009-04-13 01:21 - 00671944 ____A C:\Windows\System32\perfh010.dat
2013-06-24 03:02 - 2009-04-13 01:21 - 00123464 ____A C:\Windows\System32\perfc010.dat
2013-06-22 17:55 - 2006-11-02 15:00 - 00015716 ____A C:\Windows\PFRO.log
2013-06-22 17:44 - 2013-05-31 15:43 - 00000012 ____A C:\Windows\bthservsdp.dat
2013-06-22 17:44 - 2006-11-02 15:01 - 00032600 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-22 14:32 - 2013-06-22 14:18 - 00000000 ____D C:\Users\Zaro\AppData\Local\Lollipop
2013-06-22 14:31 - 2013-06-22 14:20 - 00000870 ____A C:\Windows\System32\InstallUtil.InstallLog
2013-06-22 14:31 - 2013-06-22 14:08 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-22 14:28 - 2013-06-22 13:27 - 00000282 ____A C:\Windows\Tasks\DSite.job
2013-06-22 14:27 - 2013-06-22 14:27 - 00000005 ____A C:\Users\Zaro\AppData\Roaming\WBPU-TTL.DAT
2013-06-22 14:22 - 2013-06-22 14:20 - 00000000 ____D C:\Users\Zaro\AppData\Roaming\Nico Mak Computing
2013-06-22 14:22 - 2013-06-22 14:20 - 00000000 ____D C:\Program Files\WinZip Registry Optimizer
2013-06-22 14:20 - 2013-06-22 14:20 - 00000000 ____D C:\Program Files\uTorrent
2013-06-22 14:20 - 2013-06-22 14:20 - 00000000 ____A C:\END
2013-06-22 14:17 - 2013-06-22 14:17 - 00211560 ____A C:\Users\Zaro\Downloads\uTorrent.exe
2013-06-22 14:11 - 2013-06-22 14:12 - 00029219 ____A C:\Users\Zaro\Downloads\Dragon Naturally Speaking 11 - TNTVillage - Ita [h33t] (1).torrent
2013-06-22 14:06 - 2013-06-22 13:56 - 00000000 ____D C:\Program Files\TornTV.com
2013-06-22 14:04 - 2013-06-22 14:04 - 00000000 ____D C:\Program Files\SweetIM
2013-06-22 13:58 - 2013-06-22 13:58 - 00000000 ____D C:\Users\Zaro\AppData\Roaming\Mozilla
2013-06-22 13:54 - 2013-06-22 13:54 - 00249432 ____A C:\Users\Zaro\Downloads\Dragon_Naturally_Speaking_11_-_TNTVillage_-_Ita.exe
2013-06-22 13:41 - 2013-06-22 13:41 - 00000000 ____D C:\Users\Zaro\AppData\Roaming\YourFileDownloader
2013-06-22 13:40 - 2013-06-22 13:40 - 04639408 ____A (http://yourfiledownloader.com) C:\Users\Zaro\Downloads\Dragon_Naturally_Speaking_8_ITA_key_downloader_it_99329.exe
2013-06-22 13:28 - 2013-06-22 13:28 - 00000000 ____D C:\Windows\System32\searchplugins
2013-06-22 13:28 - 2013-06-22 13:28 - 00000000 ____D C:\Windows\System32\Extensions
2013-06-22 13:28 - 2013-06-22 13:28 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-06-22 13:28 - 2013-06-22 13:28 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-22 13:28 - 2013-06-22 13:28 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-06-22 13:27 - 2013-06-22 13:27 - 00000000 ____D C:\Users\Zaro\AppData\Roaming\DSite
2013-06-22 13:27 - 2013-06-22 13:27 - 00000000 ____D C:\Users\Zaro\AppData\Roaming\Babylon
2013-06-22 13:27 - 2013-06-22 13:27 - 00000000 ____D C:\ProgramData\Babylon
2013-06-22 13:26 - 2013-06-22 13:26 - 00794680 ____A C:\Users\Zaro\Downloads\ZipExtractorSetup.exe
2013-06-13 03:35 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-06-13 03:18 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\it-IT
2013-06-13 03:01 - 2006-11-02 12:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-06-06 16:44 - 2006-11-02 14:52 - 00121427 ____A C:\Windows\setupact.log
2013-05-31 18:04 - 2012-03-11 13:47 - 00000000 ____D C:\Program Files\iTunes
2013-05-31 15:25 - 2013-05-31 15:25 - 00001664 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-05-31 15:25 - 2013-05-31 15:24 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-05-31 15:24 - 2013-05-31 15:24 - 00000000 ____D C:\Program Files\iPod
2013-05-31 15:24 - 2012-03-11 13:47 - 00000000 ____D C:\ProgramData\Apple Computer
2013-05-31 15:24 - 2012-03-11 13:45 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-05-31 15:22 - 2011-09-26 10:03 - 00000000 ____D C:\users\Zaro
2013-05-31 15:07 - 2013-05-31 15:07 - 00000000 ____D C:\Users\Zaro\AppData\Roaming\Canneverbe Limited
2013-05-31 15:07 - 2013-05-31 15:07 - 00000000 ____D C:\ProgramData\Canneverbe Limited
2013-05-28 14:21 - 2013-05-28 14:14 - 00000000 ____D C:\Users\Zaro\Documents\Fax
Files to move or delete:
====================
C:\Users\Zaro\AppData\Roaming\skype.dat
C:\Users\Zaro\AppData\Roaming\skype.ini
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-24 06:30
==================== End Of Log ============================
Grazie in anticipo per la consulenza e l'aiuto!
Edited by vicky67 - 9/7/2013, 10:00. -
.
ciao tubine
scarica il file zippato e decomprimilo sul desktop.
Copia il file fixlist.txt al suo interno nella pendrive dove hai FRST.
Riavvia FRST come hai fatto precedentemente,solo che questa volta clicca sul pulsante FIX una sola volta.
Riavvia il pc,dovresti di nuovo accedere a windows.Poi terminiamo con le restanti operazioni.File Allegato
. -
.
Ecco il log SPOILER (clicca per visualizzare)Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-06-2013 01
Ran by SYSTEM on 02-07-2013 14:09:58
Running from G:\
WIN_7 (X86) OS Language: Italian Standard
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.
==================== Registry (Whitelisted) ==================
HKU\seven\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [26624 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\seven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
BootExecute: autocheck autochk * bootroboscan.exe
========================== Services (Whitelisted) =================
S2 Adobe Version Cue CS2; c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-04] (Adobe Systems Incorporated)
S4 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [397176 2012-08-21] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [384888 2012-08-21] (BlueStack Systems, Inc.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)
S2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2012-10-30] (Nitro PDF Software)
S2 Roboscan_RTSrv; C:\Program Files\Roboscan\Roboscan\RSRTSrv.rse [355688 2012-03-29] (Roboscan Inc)
S2 Roboscan_UpdSrv; C:\Program Files\Roboscan\Roboscan\RSUpdSrv.rse [606056 2012-03-29] (Roboscan Inc)
S4 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [85776 2012-08-25] (SANDBOXIE L.T.D)
S3 WefiEngSvc; C:\Program Files\WeFi\WefiEngSvc.exe [120152 2010-11-03] (WeFi)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]
==================== Drivers (Whitelisted) ====================
S2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [66424 2012-08-21] (BlueStack Systems)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-31] (ATK0100)
S2 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
S3 RoboFww; c:\program files\roboscan\roboscan\plugin\realtime\RoboFww.sys [32064 2012-03-29] (Roboscan Inc)
S3 RoboRtwIFDrv; c:\program files\roboscan\roboscan\plugin\realtime\RoboRtw.sys [100160 2012-03-29] (Roboscan Inc)
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [157776 2012-08-25] (SANDBOXIE L.T.D)
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-30 22:27 - 2013-06-30 22:27 - 00000000 ____D C:\FRST
2013-06-27 16:33 - 2013-06-27 16:33 - 00000000 __SHD C:\found.000
2013-06-27 15:42 - 2013-06-27 15:42 - 147062908 ____A C:\Windows\MEMORY.DMP
2013-06-26 22:28 - 2013-06-26 22:28 - 00000000 ____A C:\asdsetup.exe
2013-06-26 22:18 - 2013-06-26 22:19 - 00000000 ___AD C:\.Trash-0
2013-06-26 20:54 - 2013-06-26 22:01 - 00000000 ____D C:\Windows\pss
2013-06-26 20:05 - 2013-06-26 20:05 - 43253760 ____A C:\Windows\System32\config\software.bhv
2013-06-26 20:05 - 2013-06-26 20:05 - 24379392 ____A C:\Windows\System32\config\system.bhv
2013-06-26 20:05 - 2013-06-26 20:05 - 00524288 ____A C:\Windows\System32\config\default.bhv
2013-06-26 20:05 - 2013-06-26 20:05 - 00262144 ____A C:\Windows\System32\config\security.bhv
2013-06-26 20:05 - 2013-06-26 20:05 - 00262144 ____A C:\Windows\System32\config\sam.bhv
2013-06-26 20:05 - 2013-06-26 20:05 - 00000000 ___AD C:\$Anvi Rescue Disk$
2013-06-26 17:37 - 2013-06-26 17:41 - 38001894 ____A C:\Users\seven\Downloads\Come navigare nel Deep Web.mp4
2013-06-26 16:55 - 2013-06-26 22:02 - 00000000 ____D C:\Users\seven\AppData\Roaming\GetRight
2013-06-26 16:55 - 2013-06-26 22:02 - 00000000 ____D C:\Program Files\GetRight
2013-06-23 21:11 - 2013-06-26 21:51 - 00000891 ____A C:\Windows\setupact.log
2013-06-23 21:11 - 2013-06-23 21:11 - 00000000 ____A C:\Windows\setuperr.log
2013-06-21 02:09 - 2013-06-21 02:09 - 00000000 ____D C:\Users\seven\Downloads\Miei salvataggi
2013-06-19 22:16 - 2013-06-19 22:46 - 192163640 ____A C:\Users\seven\Downloads\Documentario su Parigi.mp4
2013-06-19 01:04 - 2013-06-19 01:04 - 00000000 ____D C:\Users\seven\Documents\The Prince of Codes
2013-06-18 16:25 - 2013-06-20 23:59 - 00000000 __SHD C:\Windows\System32\AI_RecycleBin
2013-06-18 16:19 - 2013-06-19 01:17 - 00000000 ____D C:\Program Files\PutLockerDownloader.com
2013-06-18 12:44 - 2013-06-18 12:44 - 00000000 ____D C:\Users\seven\Downloads\Vari Testi
2013-06-18 12:38 - 2013-06-19 00:05 - 00000000 ____D C:\Users\seven\Downloads\Video
2013-06-16 12:57 - 2013-06-16 13:29 - 00000000 ____D C:\Users\Public\Documents\STALKER-STCS
2013-06-16 12:49 - 2013-06-16 12:49 - 00000000 ____D C:\Program Files\Deep Silver
2013-06-14 23:42 - 2013-06-14 23:42 - 00000000 ____D C:\Users\seven\AppData\Roaming\AbaEnglishRt.19ECF44F1B9DAF7C7A64FDC21A008AB0C5135E2F.1
2013-06-14 23:37 - 2013-06-14 23:37 - 00000513 ____A C:\Users\seven\Desktop\ABA English Course.lnk
2013-06-14 23:35 - 2013-06-14 23:42 - 00000000 ____D C:\EnglishCourse
2013-06-14 23:35 - 2013-06-14 23:35 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-06-14 23:35 - 2013-06-14 23:35 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-06-14 23:35 - 2013-06-14 23:35 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2013-06-14 22:57 - 2013-05-17 00:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-14 22:57 - 2013-05-16 23:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-14 22:57 - 2013-05-16 23:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-14 22:57 - 2013-05-16 23:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-14 22:57 - 2013-05-16 23:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-14 22:57 - 2013-05-16 23:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-14 22:57 - 2013-05-16 23:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-14 22:57 - 2013-05-16 23:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-14 22:57 - 2013-05-16 23:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-14 22:57 - 2013-05-16 23:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-14 22:57 - 2013-05-16 23:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-14 22:57 - 2013-05-16 23:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-14 22:57 - 2013-05-16 23:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-14 22:57 - 2013-05-16 23:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-14 22:57 - 2013-05-16 23:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-14 22:57 - 2013-05-16 23:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-14 22:11 - 2013-06-14 22:12 - 00161944 ____A C:\Users\seven\Downloads\corso-di-inglese-abaenglish-windows-downloader.exe
2013-06-14 19:43 - 2013-05-13 05:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-14 19:43 - 2013-05-13 05:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-14 19:43 - 2013-05-13 05:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-14 19:43 - 2013-05-13 04:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-14 19:43 - 2013-05-13 04:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-14 19:43 - 2013-05-10 04:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-14 19:43 - 2013-05-08 06:38 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-14 19:43 - 2013-05-06 06:06 - 03968872 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-14 19:43 - 2013-05-06 06:06 - 03913576 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-14 19:43 - 2013-04-26 05:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 23:54 - 2013-06-26 22:10 - 00000000 ____D C:\Users\seven\Downloads\Da copiare nella chiavetta
2013-06-11 19:05 - 2013-06-23 21:13 - 00000000 ____D C:\Program Files\Steam
2013-06-11 19:05 - 2013-06-14 23:16 - 00000000 ____D C:\Program Files\Common Files\Steam
2013-06-11 18:56 - 2013-06-11 18:58 - 01669632 ____A C:\Users\seven\Downloads\SteamInstall.msi
2013-06-07 18:06 - 2012-11-09 23:21 - 00246760 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-07 18:05 - 2012-11-09 23:21 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-07 18:05 - 2012-11-09 23:21 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-07 18:04 - 2013-06-07 18:04 - 00000000 ____D C:\Users\seven\Documents\VSO Downloader
2013-06-07 18:03 - 2013-06-07 18:03 - 00000000 ____D C:\Users\seven\AppData\Roaming\KastorFreeVideoCatcher
2013-06-07 18:03 - 2013-06-07 18:03 - 00000000 ____D C:\ProgramData\VSO
2013-06-07 18:03 - 2013-06-07 18:03 - 00000000 ____D C:\Program Files\VSO
2013-06-07 18:03 - 2013-06-07 18:03 - 00000000 ____D C:\Program Files\Kastor Free Video Catcher
2013-06-07 18:03 - 2008-09-24 19:33 - 00484352 ____A C:\Windows\System32\lame_enc.dll
2013-06-07 18:02 - 2013-06-26 22:10 - 00000000 ____D C:\Users\seven\AppData\Roaming\KastorAllVideoDownloader
2013-06-07 18:02 - 2013-06-07 18:02 - 00000000 ____D C:\Program Files\Kastor All Video Downloader
2013-06-07 18:01 - 2013-06-07 18:07 - 00000000 ____D C:\Program Files\TubeMaster++
2013-06-05 14:36 - 2013-06-05 19:02 - 00000000 ____D C:\Users\seven\Documents\SpellForce
2013-06-05 14:32 - 2013-06-05 14:32 - 00000926 ____A C:\Users\seven\Desktop\GameSpy Arcade.lnk
2013-06-05 14:32 - 2013-06-05 14:32 - 00000000 ____D C:\Program Files\GameSpy Arcade
2013-06-05 14:32 - 2013-06-05 14:32 - 00000000 ____D C:\Program Files\AWS
2013-06-05 14:31 - 2013-06-05 14:31 - 00001124 ____A C:\Users\seven\Desktop\SpellForce - The Order of Dawn.lnk
2013-06-05 14:25 - 2013-06-05 14:25 - 00000000 ____D C:\Program Files\JoWooD
2013-06-04 18:43 - 2013-06-04 18:43 - 00001104 ____A C:\Users\Public\Desktop\aTube Catcher.lnk
2013-06-04 18:31 - 2013-06-11 23:59 - 00000000 ____D C:\Users\seven\Downloads\Cfake
==================== One Month Modified Files and Folders ========
2013-06-30 22:27 - 2013-06-30 22:27 - 00000000 ____D C:\FRST
2013-06-27 16:33 - 2013-06-27 16:33 - 00000000 __SHD C:\found.000
2013-06-27 15:42 - 2013-06-27 15:42 - 147062908 ____A C:\Windows\MEMORY.DMP
2013-06-27 01:54 - 2013-01-25 15:33 - 00000318 ____A C:\Windows\System32\ayboot.ini
2013-06-26 22:28 - 2013-06-26 22:28 - 00000000 ____A C:\asdsetup.exe
2013-06-26 22:19 - 2013-06-26 22:18 - 00000000 ___AD C:\.Trash-0
2013-06-26 22:10 - 2013-06-12 23:54 - 00000000 ____D C:\Users\seven\Downloads\Da copiare nella chiavetta
2013-06-26 22:10 - 2013-06-07 18:02 - 00000000 ____D C:\Users\seven\AppData\Roaming\KastorAllVideoDownloader
2013-06-26 22:10 - 2012-12-17 21:36 - 00000000 ____D C:\Users\seven\AppData\Roaming\vlc
2013-06-26 22:10 - 2012-12-04 19:52 - 00000000 ____D C:\ProgramData\Ant.com
2013-06-26 22:10 - 2012-11-08 10:16 - 00000000 ____D C:\Windows\AutoKMS
2013-06-26 22:10 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\wfp
2013-06-26 22:10 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\NDF
2013-06-26 22:10 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\DriverStore
2013-06-26 22:10 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\registration
2013-06-26 22:02 - 2013-06-26 16:55 - 00000000 ____D C:\Users\seven\AppData\Roaming\GetRight
2013-06-26 22:02 - 2013-06-26 16:55 - 00000000 ____D C:\Program Files\GetRight
2013-06-26 22:01 - 2013-06-26 20:54 - 00000000 ____D C:\Windows\pss
2013-06-26 21:52 - 2012-11-09 17:36 - 00000978 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-26 21:51 - 2013-06-23 21:11 - 00000891 ____A C:\Windows\setupact.log
2013-06-26 21:50 - 2012-11-14 23:31 - 00001132 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-26 21:50 - 2012-11-08 10:16 - 00000266 ____A C:\Windows\Tasks\AutoKMS.job
2013-06-26 21:50 - 2009-07-14 05:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-26 20:05 - 2013-06-26 20:05 - 43253760 ____A C:\Windows\System32\config\software.bhv
2013-06-26 20:05 - 2013-06-26 20:05 - 24379392 ____A C:\Windows\System32\config\system.bhv
2013-06-26 20:05 - 2013-06-26 20:05 - 00524288 ____A C:\Windows\System32\config\default.bhv
2013-06-26 20:05 - 2013-06-26 20:05 - 00262144 ____A C:\Windows\System32\config\security.bhv
2013-06-26 20:05 - 2013-06-26 20:05 - 00262144 ____A C:\Windows\System32\config\sam.bhv
2013-06-26 20:05 - 2013-06-26 20:05 - 00000000 ___AD C:\$Anvi Rescue Disk$
2013-06-26 18:47 - 2012-12-21 20:29 - 00000000 ____D C:\Users\seven\AppData\Roaming\NetSpeedMonitor
2013-06-26 17:41 - 2013-06-26 17:37 - 38001894 ____A C:\Users\seven\Downloads\Come navigare nel Deep Web.mp4
2013-06-26 17:28 - 2012-11-08 10:47 - 00000000 ____D C:\Users\seven\AppData\Roaming\Nitro PDF
2013-06-23 21:22 - 2012-12-14 23:53 - 01716519 ____A C:\Windows\WindowsUpdate.log
2013-06-23 21:22 - 2012-11-14 23:31 - 00001136 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-23 21:18 - 2009-07-14 05:34 - 00025616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-23 21:18 - 2009-07-14 05:34 - 00025616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-23 21:13 - 2013-06-11 19:05 - 00000000 ____D C:\Program Files\Steam
2013-06-23 21:11 - 2013-06-23 21:11 - 00000000 ____A C:\Windows\setuperr.log
2013-06-23 01:50 - 2012-11-07 11:35 - 01653742 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-23 01:50 - 2009-07-14 09:21 - 00739254 ____A C:\Windows\System32\perfh010.dat
2013-06-23 01:50 - 2009-07-14 09:21 - 00146294 ____A C:\Windows\System32\perfc010.dat
2013-06-21 02:09 - 2013-06-21 02:09 - 00000000 ____D C:\Users\seven\Downloads\Miei salvataggi
2013-06-20 23:59 - 2013-06-18 16:25 - 00000000 __SHD C:\Windows\System32\AI_RecycleBin
2013-06-20 23:59 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system
2013-06-20 01:01 - 2012-11-09 20:39 - 00000925 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-06-20 01:01 - 2012-11-09 20:39 - 00000000 ____D C:\Program Files\CCleaner
2013-06-20 00:42 - 2013-01-25 15:17 - 00000000 ____D C:\WinWebExplorer
2013-06-19 22:46 - 2013-06-19 22:16 - 192163640 ____A C:\Users\seven\Downloads\Documentario su Parigi.mp4
2013-06-19 01:17 - 2013-06-18 16:19 - 00000000 ____D C:\Program Files\PutLockerDownloader.com
2013-06-19 01:04 - 2013-06-19 01:04 - 00000000 ____D C:\Users\seven\Documents\The Prince of Codes
2013-06-19 00:05 - 2013-06-18 12:38 - 00000000 ____D C:\Users\seven\Downloads\Video
2013-06-18 12:44 - 2013-06-18 12:44 - 00000000 ____D C:\Users\seven\Downloads\Vari Testi
2013-06-16 23:41 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-06-16 13:29 - 2013-06-16 12:57 - 00000000 ____D C:\Users\Public\Documents\STALKER-STCS
2013-06-16 12:49 - 2013-06-16 12:49 - 00000000 ____D C:\Program Files\Deep Silver
2013-06-14 23:42 - 2013-06-14 23:42 - 00000000 ____D C:\Users\seven\AppData\Roaming\AbaEnglishRt.19ECF44F1B9DAF7C7A64FDC21A008AB0C5135E2F.1
2013-06-14 23:42 - 2013-06-14 23:35 - 00000000 ____D C:\EnglishCourse
2013-06-14 23:37 - 2013-06-14 23:37 - 00000513 ____A C:\Users\seven\Desktop\ABA English Course.lnk
2013-06-14 23:37 - 2012-11-08 15:33 - 00000000 ____D C:\Users\seven\AppData\Roaming\Adobe
2013-06-14 23:37 - 2012-11-08 15:28 - 00000000 ____D C:\ProgramData\Adobe
2013-06-14 23:35 - 2013-06-14 23:35 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-06-14 23:35 - 2013-06-14 23:35 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-06-14 23:35 - 2013-06-14 23:35 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2013-06-14 23:35 - 2013-05-14 16:53 - 00000000 ____D C:\Users\seven\AppData\Local\Adobe
2013-06-14 23:35 - 2013-02-26 21:02 - 00000000 ____D C:\Program Files\Adobe
2013-06-14 23:16 - 2013-06-11 19:05 - 00000000 ____D C:\Program Files\Common Files\Steam
2013-06-14 23:10 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\it-IT
2013-06-14 22:58 - 2012-11-07 12:14 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-14 22:12 - 2013-06-14 22:11 - 00161944 ____A C:\Users\seven\Downloads\corso-di-inglese-abaenglish-windows-downloader.exe
2013-06-12 22:52 - 2012-11-09 17:36 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-12 22:52 - 2012-11-09 17:36 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-11 23:59 - 2013-06-04 18:31 - 00000000 ____D C:\Users\seven\Downloads\Cfake
2013-06-11 18:58 - 2013-06-11 18:56 - 01669632 ____A C:\Users\seven\Downloads\SteamInstall.msi
2013-06-08 22:40 - 2012-12-15 22:03 - 00000000 ____D C:\Users\seven\Documents\Conersazioni What's App
2013-06-08 22:32 - 2013-01-29 15:14 - 00000000 ____D C:\Users\seven\.VirtualBox
2013-06-07 18:07 - 2013-06-07 18:01 - 00000000 ____D C:\Program Files\TubeMaster++
2013-06-07 18:06 - 2013-01-29 15:09 - 00000000 ____D C:\Program Files\Oracle
2013-06-07 18:05 - 2012-11-09 23:21 - 00000000 ____D C:\Program Files\Java
2013-06-07 18:04 - 2013-06-07 18:04 - 00000000 ____D C:\Users\seven\Documents\VSO Downloader
2013-06-07 18:03 - 2013-06-07 18:03 - 00000000 ____D C:\Users\seven\AppData\Roaming\KastorFreeVideoCatcher
2013-06-07 18:03 - 2013-06-07 18:03 - 00000000 ____D C:\ProgramData\VSO
2013-06-07 18:03 - 2013-06-07 18:03 - 00000000 ____D C:\Program Files\VSO
2013-06-07 18:03 - 2013-06-07 18:03 - 00000000 ____D C:\Program Files\Kastor Free Video Catcher
2013-06-07 18:02 - 2013-06-07 18:02 - 00000000 ____D C:\Program Files\Kastor All Video Downloader
2013-06-07 18:02 - 2012-12-10 21:26 - 00000000 ____D C:\Program Files\WinPcap
2013-06-05 19:02 - 2013-06-05 14:36 - 00000000 ____D C:\Users\seven\Documents\SpellForce
2013-06-05 14:32 - 2013-06-05 14:32 - 00000926 ____A C:\Users\seven\Desktop\GameSpy Arcade.lnk
2013-06-05 14:32 - 2013-06-05 14:32 - 00000000 ____D C:\Program Files\GameSpy Arcade
2013-06-05 14:32 - 2013-06-05 14:32 - 00000000 ____D C:\Program Files\AWS
2013-06-05 14:31 - 2013-06-05 14:31 - 00001124 ____A C:\Users\seven\Desktop\SpellForce - The Order of Dawn.lnk
2013-06-05 14:25 - 2013-06-05 14:25 - 00000000 ____D C:\Program Files\JoWooD
2013-06-05 00:23 - 2012-11-09 20:37 - 00000000 ____D C:\Users\seven\Downloads\eMule
2013-06-04 18:43 - 2013-06-04 18:43 - 00001104 ____A C:\Users\Public\Desktop\aTube Catcher.lnk
2013-06-04 18:42 - 2013-01-22 16:41 - 00000000 ____D C:\Program Files\DsNET Corp
2013-06-04 00:22 - 2013-02-18 18:04 - 00000000 ____D C:\Users\seven\Downloads\archpr22
2013-06-04 00:07 - 2012-11-08 23:11 - 00000000 ____D C:\Users\seven\AppData\Roaming\DVDVideoSoft
2013-06-03 23:39 - 2013-01-14 19:45 - 00000000 ____D C:\Users\seven\AppData\Roaming\uTorrent
2013-06-03 22:47 - 2012-12-15 22:52 - 00000000 ____D C:\Users\seven\AppData\Local\Paint.NET
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: <===== ATTENTION!
==================== Restore Points =========================
Restore point made on: 2013-06-14 18:46:55
Restore point made on: 2013-06-14 22:55:42
Restore point made on: 2013-06-16 13:01:25
Restore point made on: 2013-06-18 16:20:39
Restore point made on: 2013-06-18 16:24:33
Restore point made on: 2013-06-19 01:04:22
Restore point made on: 2013-06-19 21:21:27
Restore point made on: 2013-06-20 23:59:37
Restore point made on: 2013-06-23 21:23:08
==================== Memory info ===========================
Percentage of memory in use: 13%
Total physical RAM: 3071.27 MB
Available physical RAM: 2657.49 MB
Total Pagefile: 3069.55 MB
Available Pagefile: 2662.82 MB
Total Virtual: 2047.88 MB
Available Virtual: 1934.03 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:297.99 GB) (Free:114.07 GB) NTFS
Drive g: () (Removable) (Total:7.47 GB) (Free:7.47 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (Riservato per il sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 000997F0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 70707573)
Partition 1: (Not Active) - (Size=923 GB) - (Type=0D)
Partition 2: (Not Active) - (Size=259 GB) - (Type=0A)
Partition 3: (Not Active) - (Size=844 GB) - (Type=6F)
Partition 4: (Not Active) - (Size=26 MB) - (Type=0A)
LastRegBack: 2013-05-14 15:37
==================== End Of Log ============================
Edited by vicky67 - 21/8/2013, 17:30. -
.
@judjement
Lo scandisk ha rilevato errori?
Mi posti il log fixlog che stà sulla chaivetta prima di eseguire quest'ultimo fix(salvalo prima di eseguire il fix altrimenti si sovrascrive)
Esegui quest'ultimo fix.
Scarica il file zippato e decomprimilo sul desktop.
Copia il file fixlist.txt al suo interno nella pendrive dove hai FRST.
Riavvia FRST come hai fatto precedentemente,solo che questa volta clicca sul pulsante FIX una sola volta.File Allegato
. -
.
Non ha rivelato errori.
l'ho estratto ora provo il fix.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 29-06-2013 01
Ran by SYSTEM at 2013-07-02 13:35:53 Run:2
Running from G:\
Boot Mode: Recovery
==============================================
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Value was restored successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully.
HKU\seven\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found.
C:\$Recycle.Bin\S-1-5-21-589101805-1279379778-812310743-1000\$381b76a2e37827a53b15dd0b75a72e9b => File/Directory not found.
C:\$Recycle.Bin\S-1-5-18\$381b76a2e37827a53b15dd0b75a72e9b => File/Directory not found.
C:\Users\seven\AppData\Roaming\skype.dat => File/Directory not found.
C:\Users\seven\AppData\Roaming\skype.ini => File/Directory not found.
HKLM\Software\Classes\.exe\\Default => Value was restored successfully.
HKLM\Software\Classes\exefile\DefaultIcon\\Default => Value was restored successfully.
==== End of Fixlog ====. -
.
Stiamo facendo un po' di confusione.
Il fix che hai eseguito al punto 1 di qualche post fà non è stato eseguito con quel fix che ti avevo postato.
Con quel fix dovevamo ripristinare il registro completamnente.
Scarica quindi il file che ti ho nuovamente allegato ed esegui il nuovo fix.(per salvarlo fai salva destinazione con nome sull'allegato)
Allega il fixlog.txt della pendriveFile Allegato
. -
.
avevo usato questo http://wikisend.com/download/213390/fixlist.txt ora sto provando con quello che mi hai linkato poco fa.
Ora ho usato quello Vicky rar ho inserito nella chiavetta ma non funziona lo stesso ti allego il log del fix.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 29-06-2013 01
Ran by SYSTEM at 2013-07-02 18:10:11 Run:3
Running from G:\
Boot Mode: Recovery
==============================================
HKLM\System\ControlSet001\Control\Session Manager\\BootExecute => Value was restored successfully.
HKU\seven\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Value deleted successfully.
Roboscan_RTSrv => Service deleted successfully.
Roboscan_UpdSrv => Service deleted successfully.
RoboFww => Service deleted successfully.
RoboRtwIFDrv => Service deleted successfully.
MsMpSvc => Service deleted successfully.
NisSrv => Service deleted successfully.
C:\Program Files\Roboscan => Moved successfully.
c:\Program Files\Microsoft Security Client => Moved successfully.
==== End of Fixlog ====
Ho usato questo fixSPOILER (clicca per visualizzare)start
BootExecute: autocheck autochk * bootroboscan.exe
HKU\seven\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [26624 2010-11-20] (Microsoft Corporation)
S2 Roboscan_RTSrv; C:\Program Files\Roboscan\Roboscan\RSRTSrv.rse [355688 2012-03-29] (Roboscan Inc)
S2 Roboscan_UpdSrv; C:\Program Files\Roboscan\Roboscan\RSUpdSrv.rse [606056 2012-03-29] (Roboscan Inc)
S3 RoboFww; c:\program files\roboscan\roboscan\plugin\realtime\RoboFww.sys [32064 2012-03-29] (Roboscan Inc)
S3 RoboRtwIFDrv; c:\program files\roboscan\roboscan\plugin\realtime\RoboRtw.sys [100160 2012-03-29] (Roboscan Inc)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)
HKLM\...\exefile\open\command: <===== ATTENTION!
C:\Program Files\Roboscan
c:\Program Files\Microsoft Security Client
end
Che ho aperto usando questo sito http://b1.org/online perchè non potevo estrarlo col computer è qeullo che hai allegato poco fa.. -
.CITAZIONEavevo usato questo http://wikisend.com/download/213390/fixlist.txt ora sto provando con quello che mi hai linkato poco fa.
Questo era quello vecchio.
Esegui ora il fix con quello del mio precedente post
Questo è il contenuto del file in allegato:
start
LastRegBack: 2013-05-14 15:37
end
Che comportamento ha il pc(prova ad avviarsi, ha schermata nera all'inizio o cosa). -
.
All'inizio si avvia e appare un schermata cn scritto Ripristino da Errori di Windows con avvia strumento di ripristino all'avvio (scelta consigliata) e avvia windows normalmente avviando windows normalmente appare una schermata nera e subito opo il pc si riavvia.
Ho scaricato il tuo allegato 2 volte e la 1 volta il file è questo lo aperto col sito che ti ho detto:SPOILER (clicca per visualizzare)start
BootExecute: autocheck autochk * bootroboscan.exe
HKU\seven\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [26624 2010-11-20] (Microsoft Corporation)
S2 Roboscan_RTSrv; C:\Program Files\Roboscan\Roboscan\RSRTSrv.rse [355688 2012-03-29] (Roboscan Inc)
S2 Roboscan_UpdSrv; C:\Program Files\Roboscan\Roboscan\RSUpdSrv.rse [606056 2012-03-29] (Roboscan Inc)
S3 RoboFww; c:\program files\roboscan\roboscan\plugin\realtime\RoboFww.sys [32064 2012-03-29] (Roboscan Inc)
S3 RoboRtwIFDrv; c:\program files\roboscan\roboscan\plugin\realtime\RoboRtw.sys [100160 2012-03-29] (Roboscan Inc)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)
HKLM\...\exefile\open\command: <===== ATTENTION!
C:\Program Files\Roboscan
c:\Program Files\Microsoft Security Client
end
La seconda volta che l'ho scaricato e aperto con quel sito che ti ho detto era questo:SPOILER (clicca per visualizzare)start
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\Conian\AppData\Roaming\skype.dat [60416 2011-11-17] () <==== ATTENTION
C:\Users\Conian\AppData\Roaming\skype.dat
C:\Users\Conian\AppData\Roaming\skype.ini
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
end
Questi due che ti ho detto sono quelli Vicky rar scaricato 2 volte.
Non l'avevo visto ora ci provo e ti faccio sapere.. -
.
Immagino che hai gia` fatto ripristina all`avvio e non é cambiato niente.
C`é un problema con l`avvio.
Dopo il fix proviamo a riparare l`mbr e il settore d`avvio.
Da prompt dei comandi digita
Bootrec /fixmbr qundi dai invio
Bootrec /fixboot
Bootrec /rebuildbcd. -
.
Non ce più bisogno con l'ultimo fix e riprovando a usare ripristino all'avvio il computer funziona di nuovo grazie mille! Non finirò più di ringraziarti Grazie Grazie Grazie! . -
.
Reinstalla l'antivirus.
Segui la guida post rimozione in firma.
. -
tubine.
User deleted
ciao tubine
scarica il file zippato e decomprimilo sul desktop.
Copia il file fixlist.txt al suo interno nella pendrive dove hai FRST.
Riavvia FRST come hai fatto precedentemente,solo che questa volta clicca sul pulsante FIX una sola volta.
Riavvia il pc,dovresti di nuovo accedere a windows.Poi terminiamo con le restanti operazioni.
Grazie del supporto vicky.
Purtroppo però non mi si avvia ancora ne in modalità provvisoria, ne in quella normale.
Ti allego i file:
-fixlog
www.wikifortio.com/789541/Fixlog.txt
-FRST
www.wikifortio.com/827890/FRST.txt
Grazie ancora per l'assistenza. -
.
Non si riavvia perchè l'infezione è ancora presente.
Per errore ti avevo dato il fix dell'utente precedente
Scarica il file in allegato-copialo sulla pendrive dove hai FRST.
Riavvia FRST come hai già fatto,solo che questa volta clicca sul pulsante FIX una sola volta.
Fammi sapere se si riavvia ora.
Poi ti indicherò cosa fare per evitare di prendere nuovamente quest'infezione.
Edited by vicky67 - 6/7/2013, 14:13File Allegato
. -
gianlucasim.
User deleted
Ciao Vicky
come qualche tempo fa ho ripreso il virus della polizia di stato con Modalità provvisoria disabilitata.
Ho fatto lo scan con fabar recovery
ti posto (non sono riuscito ad allegarlo) il log in attesa di un tuo aiutoSPOILER (clicca per visualizzare)Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-07-2013
Ran by SYSTEM on 09-07-2013 00:41:54
Running from G:\
Windows 7 Home Premium (X64) OS Language: Italian Standard
Internet Explorer Version 8
Boot Mode: Recovery
The current controlset is ControlSet002
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1489760 2010-03-17] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t [307768 2009-11-19] ()
HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [102400 2010-04-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [31072 2008-10-25] (Microsoft Corporation)
HKLM-x32\...\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe [x]
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [112600 2010-11-15] (PC Tools)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [MPlayerForWindows_UpdateReminder] "D:\Applicazioni\MPlayer for Windows\AutoUpdate.exe" /L=1033 /TASK [x]
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-28] (AVG Technologies CZ, s.r.o.)
HKU\Gianluca\...\Run: [Google Update] "C:\Users\Gianluca\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-01-28] (Google Inc.)
HKU\Gianluca\...\Run: [NBJ] "C:\Program Files (x86)\Ahead\Nero BackItUp\NBJ.exe" [1937408 2005-01-04] (Ahead Software AG)
HKU\Gianluca\...\Winlogon: [Shell] explorer.exe,C:\Users\Gianluca\AppData\Roaming\skype.dat [52736 2009-07-14] () <==== ATTENTION
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth Monitor.lnk
ShortcutTarget: Bluetooth Monitor.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Monitor\BtMon2.exe (TOSHIBA CORPORATION)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Ulead Photo Express SE Calendar Checker.lnk
ShortcutTarget: Ulead Photo Express SE Calendar Checker.lnk -> C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe (Ulead Systems, Inc.)
Startup: C:\Users\Gianluca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\myCollections - collegamento.lnk
ShortcutTarget: myCollections - collegamento.lnk -> D:\Applicazioni\myCollections v2.3.2.0\mycollections v2.4.5.0\myCollections.exe (myCollections)
==================== Services (Whitelisted) =================
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-13] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
S2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [632792 2011-01-28] (PC Tools)
==================== Drivers (Whitelisted) ====================
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-08-24] ()
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
S3 CnxtHdmiAudService; C:\Windows\System32\drivers\CHDMI64.sys [720952 2010-03-05] (Conexant Systems Inc.)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-08-24] ()
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-03-12] (Duplex Secure Ltd.)
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-09 00:41 - 2013-07-09 00:41 - 00000000 ____D C:\FRST
2013-07-08 23:10 - 2013-07-08 23:20 - 00000004 ____A C:\Users\Gianluca\AppData\Roaming\skype.ini
2013-07-08 18:50 - 2013-07-08 18:50 - 00001163 ____A C:\Users\Gianluca\Desktop\bookTome.lnk
2013-07-08 18:50 - 2013-07-08 18:50 - 00000000 ____D C:\Users\Gianluca\AppData\Roaming\saSoftware
2013-07-08 18:50 - 2013-07-08 18:50 - 00000000 ____D C:\Program Files (x86)\saSoftware
2013-07-08 10:12 - 2013-07-08 10:12 - 00000000 ____D C:\Users\Gianluca\AppData\Roaming\AbeBooks
2013-07-08 10:11 - 2013-07-08 10:12 - 00000000 ____D C:\Users\Public\Documents\HomeBase 3
2013-07-08 10:11 - 2013-07-08 10:11 - 00000000 ____D C:\Users\Gianluca\AppData\Local\IsolatedStorage
2013-07-08 10:11 - 2013-07-08 10:11 - 00000000 ____D C:\Users\Gianluca\AppData\Local\Abebooks_Inc
2013-07-08 10:06 - 2013-07-08 10:07 - 13662870 ____A (AbeBooks) C:\Users\Gianluca\Desktop\HomeBase3Setup.exe
2013-06-10 21:03 - 2013-06-11 00:11 - 00000000 ____D C:\Users\Gianluca\Desktop\matera 9-6-2013
2013-06-10 21:02 - 2013-06-10 21:03 - 00000000 ____D C:\Users\Gianluca\Desktop\foto ale
==================== One Month Modified Files and Folders =======
2013-07-09 00:41 - 2013-07-09 00:41 - 00000000 ____D C:\FRST
2013-07-08 23:20 - 2013-07-08 23:10 - 00000004 ____A C:\Users\Gianluca\AppData\Roaming\skype.ini
2013-07-08 23:19 - 2013-04-22 13:44 - 00002914 ____A C:\Windows\setupact.log
2013-07-08 23:19 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-08 23:11 - 2013-04-22 10:56 - 00658513 ____A C:\Windows\WindowsUpdate.log
2013-07-08 23:11 - 2011-03-12 01:53 - 00000000 ____D C:\Users\Gianluca\AppData\Roaming\uTorrent
2013-07-08 22:58 - 2012-01-28 14:12 - 00001172 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3814798622-1503148130-2465254516-1000UA.job
2013-07-08 22:32 - 2012-11-20 14:45 - 00000978 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-08 18:50 - 2013-07-08 18:50 - 00001163 ____A C:\Users\Gianluca\Desktop\bookTome.lnk
2013-07-08 18:50 - 2013-07-08 18:50 - 00000000 ____D C:\Users\Gianluca\AppData\Roaming\saSoftware
2013-07-08 18:50 - 2013-07-08 18:50 - 00000000 ____D C:\Program Files (x86)\saSoftware
2013-07-08 18:49 - 2012-10-31 12:28 - 00000272 ____A C:\Windows\Tasks\RMSchedule.job
2013-07-08 18:49 - 2011-10-11 18:01 - 00003072 ____A C:\Windows\SysWOW64\Cache.db
2013-07-08 18:04 - 2011-07-11 11:52 - 00000000 ____D C:\Program Files (x86)\Registry Mechanic
2013-07-08 17:12 - 2011-04-10 23:41 - 00000000 ____D C:\ProgramData\MFAData
2013-07-08 16:58 - 2012-01-28 14:12 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3814798622-1503148130-2465254516-1000Core.job
2013-07-08 11:46 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\NDF
2013-07-08 10:12 - 2013-07-08 10:12 - 00000000 ____D C:\Users\Gianluca\AppData\Roaming\AbeBooks
2013-07-08 10:12 - 2013-07-08 10:11 - 00000000 ____D C:\Users\Public\Documents\HomeBase 3
2013-07-08 10:11 - 2013-07-08 10:11 - 00000000 ____D C:\Users\Gianluca\AppData\Local\IsolatedStorage
2013-07-08 10:11 - 2013-07-08 10:11 - 00000000 ____D C:\Users\Gianluca\AppData\Local\Abebooks_Inc
2013-07-08 10:07 - 2013-07-08 10:06 - 13662870 ____A (AbeBooks) C:\Users\Gianluca\Desktop\HomeBase3Setup.exe
2013-07-05 12:04 - 2011-09-28 17:22 - 00000000 ___RD C:\Users\Gianluca\Desktop\Elementi temporanei
2013-07-03 18:54 - 2009-07-14 05:45 - 00018016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-03 18:54 - 2009-07-14 05:45 - 00018016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-03 11:17 - 2009-07-14 11:53 - 00738754 ____A C:\Windows\System32\perfh010.dat
2013-07-03 11:17 - 2009-07-14 11:53 - 00145794 ____A C:\Windows\System32\perfc010.dat
2013-07-03 11:17 - 2009-07-14 06:13 - 01652418 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-27 18:29 - 2012-11-22 19:07 - 00000000 ____D C:\Users\Gianluca\Downloads\eMule
2013-06-27 13:55 - 2011-03-11 23:44 - 00000000 ____D C:\Users\Gianluca\AppData\Roaming\Mozilla
2013-06-12 01:32 - 2012-11-20 14:45 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 01:32 - 2011-12-20 21:40 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 00:11 - 2013-06-10 21:03 - 00000000 ____D C:\Users\Gianluca\Desktop\matera 9-6-2013
2013-06-10 21:08 - 2012-11-21 20:44 - 00000000 ____D C:\Users\Gianluca\AppData\Local\myCollections
2013-06-10 21:03 - 2013-06-10 21:02 - 00000000 ____D C:\Users\Gianluca\Desktop\foto ale
Files to move or delete:
====================
C:\Users\Gianluca\AppData\Roaming\skype.dat
C:\Users\Gianluca\AppData\Roaming\skype.ini
C:\ProgramData\0345236.bat
C:\ProgramData\0345236.pad
C:\ProgramData\0345236.reg
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-07-08 10:10:28
Restore point made on: 2013-07-08 10:14:49
==================== Memory info ===========================
Percentage of memory in use: 14%
Total physical RAM: 3958.85 MB
Available physical RAM: 3383.79 MB
Total Pagefile: 3957 MB
Available Pagefile: 3372.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (WINDOWS) (Fixed) (Total:232.65 GB) (Free:9.77 GB) NTFS (Disk=0 Partition=2)
Drive d: (Data) (Fixed) (Total:232.72 GB) (Free:7.57 GB) NTFS (Disk=0 Partition=3)
Drive e: (SYSTEM) (Fixed) (Total:0.39 GB) (Free:0.18 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive g: () (Removable) (Total:0.12 GB) (Free:0.11 GB) FAT (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: DD3F1106)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 119 MB) (Disk ID: 009AFBD7)
Partition 1: (Active) - (Size=119 MB) - (Type=06)
LastRegBack: 2013-07-03 11:57
==================== End Of Log ============================
grazie anticipatamente
Edited by vicky67 - 9/7/2013, 09:50.
Virus Polizia Penitenziaria,Polizia di Stato,Carabinieri (RISOLTO) |
