-
.
ciao Io-Io
Scarica il file in allegato sulla pendrive dove hai FRST.Riavvia nuovamente FRST come hai già fatto solo che questa volta devi cliccare su FIX una sola volta.Allega il log fixlog.txt che troverai sulla pendrive.Puoi incollarlo usando il pulsante SPOILER.
Riavvia in modalità normale e fammi sapere se ora riesci ad entrare in windows.
Seguiranno ulteriori istruzioni per evitare nuovamente di prendere l'infezione.File Allegato
. -
Io-io.
User deleted
Ciao, ecco il file "fixlog". aspetto nuove notizie su come procedere File Allegato
. -
.
Vedi se ora riesci ad entrare in windows.Poi ti daro` ulteriori istruzioni. . -
Io-io.
User deleted
perfetto, ho riavviato il pc ed ora è tutto come prima!
GRAZIE. -
.
Perfetto
Segui la guida post rimozione che ho in firma per tentare di arginare questo tipo di infezioni.
. -
marechr.
User deleted
Il mio pc è stato infettato dal virus della polizia di stato.
Allego il log.GrazieSPOILER (clicca per visualizzare)Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-08-2013
Ran by SYSTEM on 02-08-2013 07:58:31
Running from G:\
Windows 7 Home Premium (X64) OS Language: Italian Standard
Internet Explorer Version 10
Boot Mode: Recovery
The current controlset is ControlSet002
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [828960 2009-08-05] (Acer Incorporated)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-08-06] (Egis Technology Inc.)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2009-09-28] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-03] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1157128 2009-07-27] (Dritek System Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [419112 2009-11-25] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-10-05] (Acer Corp.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-21] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-21] ()
HKU\giuseppe\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-08-17] (Google Inc.)
HKU\giuseppe\...\Run: [QUAD Windows service] - C:\Program Files (x86)\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe [13844480 2009-12-19] (Interactive Brands Inc.)
HKU\giuseppe\...\Run: [QUAD Scheduler] - C:\Program Files (x86)\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe [61440 2009-03-03] ()
HKU\giuseppe\...\Run: [Facebook Update] - C:\Users\giuseppe\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-13] (Facebook Inc.)
HKU\giuseppe\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\giuseppe\AppData\Local\Temp\rensecyhcaapgluut.exe [56320 2013-07-30] () <===== ATTENTION
HKU\giuseppe\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKU\giuseppe\...\Command Processor: "C:\Users\giuseppe\AppData\Local\Temp\rensecyhcaapgluut.exe" <===== ATTENTION!
Startup: C:\Users\giuseppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ritaglio schermata e avvio di OneNote 2007.lnk
ShortcutTarget: Ritaglio schermata e avvio di OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Services (Whitelisted) =================
S2 gupdate1ca9791fa38a3f5; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [133104 2010-01-17] (Google Inc.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-06] (Egis Technology Inc.)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-30 04:01 - 2013-07-30 04:01 - 01037316 _____ C:\Users\giuseppe\AppData\Roaming\2433f433
2013-07-30 04:01 - 2013-07-30 04:01 - 01037306 _____ C:\Users\giuseppe\AppData\Local\2433f433
2013-07-30 04:01 - 2013-07-30 04:01 - 01037253 _____ C:\ProgramData\2433f433
2013-07-10 09:36 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 09:36 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 09:36 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 09:36 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 09:36 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 09:36 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 09:36 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 09:36 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 09:36 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 09:36 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-10 09:36 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-10 09:36 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-10 09:36 - 2013-06-11 15:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-10 09:36 - 2013-06-11 15:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-10 09:36 - 2013-06-11 15:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-10 09:36 - 2013-06-11 15:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-10 09:36 - 2013-06-11 15:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-10 09:36 - 2013-06-11 15:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-10 09:36 - 2013-06-11 15:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-10 09:36 - 2013-06-11 15:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-10 09:36 - 2013-06-11 15:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-10 09:36 - 2013-06-11 15:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-10 09:36 - 2013-06-11 15:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-10 09:36 - 2013-06-11 15:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-10 09:36 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-10 09:36 - 2013-06-11 14:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-10 09:36 - 2013-06-06 19:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-10 09:36 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 09:35 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 09:35 - 2013-06-11 15:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-10 09:35 - 2013-06-11 15:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-10 09:20 - 2013-06-03 22:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-10 09:20 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 09:20 - 2013-05-05 22:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-10 09:19 - 2013-06-04 19:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-10 09:19 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 09:18 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 09:18 - 2013-04-02 14:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-05 07:35 - 2013-04-16 23:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-07-05 07:35 - 2013-04-16 22:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 01509376 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-07-03 09:52 - 2013-07-03 09:52 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-03 09:52 - 2013-07-03 09:52 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-03 09:52 - 2013-07-03 09:52 - 01400416 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-07-03 09:52 - 2013-07-03 09:52 - 01054720 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-07-03 09:52 - 2013-07-03 09:52 - 00905728 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00762368 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00599552 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00441856 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-07-03 09:52 - 2013-07-03 09:52 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-03 09:52 - 2013-07-03 09:52 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00281600 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00270848 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00247296 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00235008 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00226304 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00216064 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00173568 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-07-03 09:52 - 2013-07-03 09:52 - 00167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-07-03 09:52 - 2013-07-03 09:52 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-03 09:52 - 2013-07-03 09:52 - 00149504 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00144896 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-07-03 09:52 - 2013-07-03 09:52 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-03 09:52 - 2013-07-03 09:52 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-03 09:52 - 2013-07-03 09:52 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00102912 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00097280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-07-03 09:52 - 2013-07-03 09:52 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-07-03 09:52 - 2013-07-03 09:52 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-03 09:52 - 2013-07-03 09:52 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00062976 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-03 09:52 - 2013-07-03 09:52 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00027648 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-07-03 09:52 - 2013-07-03 09:52 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-03 09:52 - 2013-07-03 09:52 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-07-03 09:52 - 2013-07-03 09:52 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-03 09:50 - 2013-07-03 09:50 - 03928064 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 02776576 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 02565120 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 01682432 _____ (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 01238528 _____ (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 01175552 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00648192 _____ (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00522752 _____ (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00363008 _____ (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00333312 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00245248 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00221184 _____ (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00194560 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00010752 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00009728 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00002560 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-03 09:47 - 2013-07-03 10:00 - 00010360 _____ C:\Windows\IE10_main.log
162
==================== One Month Modified Files and Folders =======
2013-08-01 21:46 - 2012-11-26 02:30 - 00196608 _____ C:\Windows\System32\Ikeext.etl
2013-08-01 21:46 - 2010-01-17 08:42 - 00001146 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-01 21:45 - 2013-05-01 10:05 - 00009403 _____ C:\Windows\setupact.log
2013-08-01 21:45 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-01 21:42 - 2009-09-28 01:19 - 02002110 _____ C:\Windows\WindowsUpdate.log
2013-08-01 21:40 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-01 21:40 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-01 21:38 - 2010-01-17 08:42 - 00001150 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-01 12:57 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing
2013-08-01 11:44 - 2009-09-28 11:10 - 00698804 _____ C:\Windows\System32\perfh010.dat
2013-08-01 11:44 - 2009-09-28 11:10 - 00127998 _____ C:\Windows\System32\perfc010.dat
2013-08-01 11:44 - 2009-07-13 21:13 - 01541618 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-01 11:19 - 2012-04-14 09:22 - 00000978 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-30 04:01 - 2013-07-30 04:01 - 01037316 _____ C:\Users\giuseppe\AppData\Roaming\2433f433
2013-07-30 04:01 - 2013-07-30 04:01 - 01037306 _____ C:\Users\giuseppe\AppData\Local\2433f433
2013-07-30 04:01 - 2013-07-30 04:01 - 01037253 _____ C:\ProgramData\2433f433
2013-07-28 04:57 - 2009-12-19 10:39 - 00000000 ____D C:\Users\giuseppe\AppData\Roaming\QUAD Backups
2013-07-15 07:29 - 2011-12-11 03:48 - 00001168 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-473473294-1864511799-1982482058-1000Core.job
2013-07-15 07:28 - 2012-03-09 00:13 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-15 07:20 - 2011-12-11 03:48 - 00001190 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-473473294-1864511799-1982482058-1000UA.job
2013-07-12 01:33 - 2010-01-17 08:42 - 00004146 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-12 01:33 - 2010-01-17 08:42 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-10 11:24 - 2009-07-13 20:45 - 00343448 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-10 11:23 - 2012-09-12 09:03 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 11:23 - 2012-09-12 09:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-10 11:23 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 11:23 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 11:23 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-10 09:38 - 2009-12-08 00:28 - 78185248 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-07-10 09:26 - 2009-08-17 15:43 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-05 07:26 - 2009-07-13 21:08 - 00032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-04 03:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-07-04 03:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-07-04 03:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-07-04 03:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-07-04 03:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-07-03 10:00 - 2013-07-03 09:47 - 00010360 _____ C:\Windows\IE10_main.log
2013-07-03 09:52 - 2013-07-03 09:52 - 01509376 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-07-03 09:52 - 2013-07-03 09:52 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-03 09:52 - 2013-07-03 09:52 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-03 09:52 - 2013-07-03 09:52 - 01400416 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-07-03 09:52 - 2013-07-03 09:52 - 01054720 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-07-03 09:52 - 2013-07-03 09:52 - 00905728 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00762368 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00599552 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00441856 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-07-03 09:52 - 2013-07-03 09:52 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-03 09:52 - 2013-07-03 09:52 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00281600 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00270848 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00247296 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00235008 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00226304 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00216064 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00173568 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-07-03 09:52 - 2013-07-03 09:52 - 00167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-07-03 09:52 - 2013-07-03 09:52 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-03 09:52 - 2013-07-03 09:52 - 00149504 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00144896 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-07-03 09:52 - 2013-07-03 09:52 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-03 09:52 - 2013-07-03 09:52 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-03 09:52 - 2013-07-03 09:52 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00102912 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00097280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-07-03 09:52 - 2013-07-03 09:52 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-07-03 09:52 - 2013-07-03 09:52 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-03 09:52 - 2013-07-03 09:52 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00062976 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-03 09:52 - 2013-07-03 09:52 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00027648 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-03 09:52 - 2013-07-03 09:52 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-07-03 09:52 - 2013-07-03 09:52 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-03 09:52 - 2013-07-03 09:52 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-07-03 09:52 - 2013-07-03 09:52 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-03 09:50 - 2013-07-03 09:50 - 03928064 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 02776576 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 02565120 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 01682432 _____ (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 01238528 _____ (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 01175552 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00648192 _____ (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00522752 _____ (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00363008 _____ (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00333312 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00245248 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00221184 _____ (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00194560 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00010752 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00009728 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-03 09:50 - 2013-07-03 09:50 - 00002560 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
Files to move or delete:
====================
C:\Users\giuseppe\AppData\Local\Temp\rensecyhcaapgluut.exe
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-07-28 05:06:27
==================== Memory info ===========================
Percentage of memory in use: 16%
Total physical RAM: 3836.05 MB
Available physical RAM: 3211.34 MB
Total Pagefile: 3834.2 MB
Available Pagefile: 3209.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:136.95 GB) (Free:2.36 GB) NTFS (Disk=0 Partition=3)
Drive e: (PQSERVICE) (Fixed) (Total:12 GB) (Free:2.7 GB) NTFS (Disk=0 Partition=1)
Drive f: (KRD10) (CDROM) (Total:0.31 GB) (Free:0 GB) CDFS
Drive g: (KINGSTON) (Removable) (Total:3.74 GB) (Free:3.74 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: D56DE20F)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=137 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)
LastRegBack: 2013-07-15 07:20
==================== End Of Log ============================
Edited by vicky67 - 3/8/2013, 08:44. -
.
ciao marechr
Scarica il file in allegato sulla pendrive dove hai FRST.Riavvia nuovamente FRST come hai già fatto solo che questa volta devi cliccare su FIX una sola volta.Allega il log fixlog.txt che troverai sulla pendrive.Puoi incollarlo usando il pulsante SPOILER.
Riavvia in modalità normale e fammi sapere se ora riesci ad entrare in windows.
Seguiranno ulteriori istruzioni
Hai un messaggio privato.File Allegato
. -
marechr.
User deleted
Ciao Vicky,ho scaricato il file che mi hai postato,e l'ho messo sulla pendrive dove avevo FRST,ho avviato il programma e premuto il tasto fix....dopo ho messo la chiave nel pc "infetto" ed ho avviato normalmente il pc ma il risultato è sempre lo stesso...il virus della polizia di stato con la mia foto... . -
.
Postami un nuovo log di FRST e il fixlog che hai sulla pendrive,evidentemente hai fatto qualcosa di sbagliato.
Scusami ma non ho capito esattamente cosa hai fatto.Hai messo la pendrive con FRST nel pc sano e cliccato su fix?
O il fix lo hai eseguito sul pc infetto?
Non è molto chiaro quello che hai eseguitoCITAZIONEdopo ho messo la chiave nel pc "infetto" ed ho avviato normalmente. -
marechr.
User deleted
Scusami Vicky mi sono espresso male...ho messo la chiave nel pc infetto con dentro FRST e l'ho lanciato con SCAN,dopo mi ha creato un file .txt che ti vado a postare..... File Allegato
. -
.
Infatti non è stato eseguito nessun fix e l'infezione è ancora presente
Ti rispiego la procedura:devi mettere il fixlist.txt che ti ho allegato nei post precedenti nella pendrive insieme a FRST.
Riavvii FRST sul pc infetto solo che questa volta non devi cliccare su SCAN ma sul pulsante FIX.
A conferma che il tutto sia avvenuto correttamente sulla pendrive troverai un file chiamato fixlog.txt.
Devi allegarmi quel file e verificare se windows si riavvia.. -
marechr.
User deleted
Sei davvero un genio Vicky,ero io che sbagliavo....il computer è partito e questo è il file che mi avevi chiesto,giusto? File Allegato
. -
.
Ora cancella la cartella FRST in C e segui la guida post rimozione in firma per tentare di arginare questo tipo di infezioni.
. -
giancai.
User deleted
ciao ho preso il virus della polizia di stato, ecco il log di frst eseguito. . purtroppo non posso smontare l'hd dal notebook perché onestamente non voglio rischiare perché non saprei neanche come farlo trattasi di un hp probook. SPOILER (clicca per visualizzare)Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-08-2013
Ran by SYSTEM on 14-08-2013 12:12:14
Running from H:\
Windows 7 Professional (X64) OS Language: Italian Standard
Internet Explorer Version 10
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HPPowerAssistant] - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [1691192 2010-06-19] (Hewlett-Packard Company)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-05] (Hewlett-Packard)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files\Motorola\Bluetooth\btmshell.dll [24783624 2010-06-10] (Motorola, Inc.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-17] (IDT, Inc.)
HKLM\...\Run: [CDAServer] - C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [456704 2012-02-20] ()
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$a2478b99bae30be0960dca1912abcd67\n. ATTENTION! ====> ZeroAccess?
HKLM-x32\...\Run: [QLBController] - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-03-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-23] (PDF Complete Inc)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [File Sanitizer] - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11265536 2009-12-12] (Hewlett-Packard)
HKLM-x32\...\Run: [DTRun] - c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [518656 2009-11-19] (ArcSoft Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PeekMMF] - C:\Program Files (x86)\Panasonic\Panasonic KX-P7105 and KX-P7110\Status Display\PeekMMF.exe [45056 2006-11-03] ()
HKLM-x32\...\Run: [Panasonic Device Monitor Wakeup] - C:\Program Files (x86)\Panasonic\Panasonic-DMS\Device Monitor\DMWakeup.exe [413696 2010-01-08] (Panasonic System Networks Co., Ltd.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [892768 2011-12-18] ()
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.)
HKU\Utente\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\Utente\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Utente\AppData\Local\Temp\jgvpaipcagkutkseg.exe [52736 2013-08-13] (Valve Corporation) <===== ATTENTION
HKU\Utente\...\RunOnce: [FlashPlayerUpdate] - C:\windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe [514952 2013-06-15] (Adobe Systems Incorporated)
HKU\Utente\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKU\Utente\...\Command Processor: "C:\Users\Utente\AppData\Local\Temp\jgvpaipcagkutkseg.exe" <===== ATTENTION!
Lsa: [Notification Packages] DPPassFilter scecli
==================== Services (Whitelisted) =================
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AESTFilters; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
S2 cligrafsrv; C:\Program Files (x86)\WKICOSIMI\ClientGrafico\bin\cligrafsrv.exe [14848 2010-06-21] ()
S3 DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2009-12-16] (McAfee, Inc.)
S2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [462088 2009-11-25] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [362040 2009-11-17] (Hewlett-Packard Ltd)
S2 HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2009-11-19] (Hewlett-Packard Development Company, L.P)
S2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2009-12-16] (McAfee, Inc.)
S2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [264248 2010-03-01] (Hewlett-Packard Company)
S2 KME Remote Server; C:\PROGRA~2\PANASO~1\REMOTE~1\kmentsrv.exe [57344 2003-02-09] (Panasonic Communications Co.,Ltd.)
S2 Panasonic Trap Monitor Service; C:\Program Files (x86)\Panasonic\TrapMonitor\Trapmnnt.exe [69632 2004-02-25] (Panasonic)
S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-23] (PDF Complete Inc)
S2 Samsung Network Fax Server; C:\windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [233984 2012-03-12] (Samsung Electronics Co., Ltd.)
S2 SrvAgg; C:\BpointSp\prg\com\cosimi\bin\agfprogsrv.exe [211968 2011-03-25] (Wolters Kluwer Italia S.r.l.)
S2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe [244736 2010-03-17] (IDT, Inc.)
S2 uArcCapture; C:\windows\system\uArcCapture.exe [506472 2009-12-04] (ArcSoft, Inc.)
S2 wgpsrv; C:\BpointSp\prg\com\cosimi\bin\wgpsrv.exe [65536 2011-03-25] (Wolters Kluwer Italia Srl)
==================== Drivers (Whitelisted) ====================
S3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32640 2009-12-04] (ArcSoft, Inc.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-07-10] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [40760 2009-10-21] (Hewlett-Packard Development Company L.P.)
S2 eusk2par; C:\windows\system32\Drivers\eusk2par-amd64.sys [32336 2008-12-18] (Aladdin Knowledge Systems Ltd.)
S2 eusk2par; C:\windows\system32\Drivers\eusk2par-amd64.sys [32336 2008-12-18] (Aladdin Knowledge Systems Ltd.)
S1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2009-12-16] (McAfee, Inc.)
S3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [96384 2010-05-21] (Realtek Semiconductor Corp.)
S0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2009-12-16] (McAfee, Inc.)
S0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.)
S0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2009-12-16] (McAfee, Inc.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-13 21:22 - 2013-08-14 10:06 - 00000784 _____ C:\Windows\setupact.log
2013-08-13 21:22 - 2013-08-13 21:22 - 00000000 _____ C:\Windows\setuperr.log
2013-08-13 21:21 - 2013-08-13 21:21 - 01037328 _____ C:\Users\Utente\AppData\Roaming\2433f433
2013-08-13 21:21 - 2013-08-13 21:21 - 01037326 _____ C:\ProgramData\2433f433
2013-08-13 21:21 - 2013-08-13 21:21 - 01037302 _____ C:\Users\Utente\AppData\Local\2433f433
2013-08-08 16:43 - 2013-08-10 09:50 - 00000033 _____ C:\Users\Public\LMDebug.log
2013-08-08 16:43 - 2012-03-11 12:57 - 00474624 _____ (Samsung Software Center) C:\Windows\prinst.exe
2013-08-08 16:42 - 2013-08-08 16:42 - 00000000 ____D C:\Users\Utente\AppData\Roaming\Samsung
2013-08-08 16:42 - 2012-03-12 02:30 - 00273408 ____R (Samsung Electronics Co., Ltd.) C:\Windows\System32\NetFaxPort64.dll
2013-08-08 16:41 - 2013-08-08 16:41 - 00000000 ____D C:\Program Files\Common Files\Common Desktop Agent
2013-08-08 16:40 - 2013-08-08 16:42 - 00000000 ____D C:\ProgramData\Samsung
2013-08-08 16:40 - 2013-08-08 16:40 - 00000000 ____D C:\Program Files (x86)\SamsungPrinterLiveUpdate
2013-08-08 16:40 - 2012-02-22 11:23 - 00151552 _____ (SS) C:\Windows\System32\ssm3mci.exe
2013-08-08 16:40 - 2012-02-22 11:23 - 00089600 _____ (SS) C:\Windows\System32\ssm3mci.dll
2013-08-08 16:40 - 2012-02-22 11:23 - 00034304 _____ () C:\Windows\System32\ssm3mlm.dll
2013-08-08 16:40 - 2012-02-22 11:23 - 00000359 _____ C:\Windows\System32\ssm3mlm.smt
2013-08-08 16:40 - 2012-02-22 06:05 - 00049152 _____ (Samsung Electronics) C:\Windows\SysWOW64\Ssusbpn.dll
2013-08-08 16:40 - 2012-02-22 06:05 - 00043520 _____ (Samsung Electronics) C:\Windows\System32\Ssusbp64.dll
2013-08-08 16:40 - 2012-02-22 05:43 - 00323072 _____ C:\Windows\System32\SaMinDrv.dll
2013-08-08 16:40 - 2012-02-22 05:43 - 00123904 _____ C:\Windows\System32\SaImgFlt.dll
2013-08-08 16:40 - 2012-02-22 05:43 - 00055296 _____ C:\Windows\System32\SaErHdlr.dll
2013-08-08 16:40 - 2011-11-13 01:16 - 00144896 _____ C:\Windows\Wiainst64.exe
2013-08-08 16:39 - 2013-08-08 16:42 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-08-03 13:49 - 2013-08-14 08:56 - 00477213 _____ C:\Windows\WindowsUpdate.log
2013-07-20 00:51 - 2013-07-20 00:51 - 00311608 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgloga.sys
2013-07-20 00:50 - 2013-07-20 00:50 - 00246072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgidsdrivera.sys
2013-07-20 00:50 - 2013-07-20 00:50 - 00206648 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys
2013-07-20 00:50 - 2013-07-20 00:50 - 00071480 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgidsha.sys
==================== One Month Modified Files and Folders =======
2013-08-14 12:10 - 2013-08-14 12:10 - 00000000 ____D C:\FRST
2013-08-14 10:06 - 2013-08-13 21:22 - 00000784 _____ C:\Windows\setupact.log
2013-08-14 10:06 - 2011-10-24 19:36 - 00001146 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-14 10:06 - 2010-12-06 00:48 - 00000000 ____D C:\ProgramData\HPQLOG
2013-08-14 10:06 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-14 08:56 - 2013-08-03 13:49 - 00477213 _____ C:\Windows\WindowsUpdate.log
2013-08-14 08:56 - 2009-07-14 05:45 - 00020944 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-14 08:56 - 2009-07-14 05:45 - 00020944 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-14 08:54 - 2011-10-24 19:36 - 00001150 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-14 08:45 - 2011-08-10 19:11 - 00000000 ____D C:\ProgramData\MFAData
2013-08-14 08:43 - 2012-06-03 09:27 - 00000978 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-14 08:38 - 2009-07-14 06:08 - 00032548 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-13 21:22 - 2013-08-13 21:22 - 00000000 _____ C:\Windows\setuperr.log
2013-08-13 21:21 - 2013-08-13 21:21 - 01037328 _____ C:\Users\Utente\AppData\Roaming\2433f433
2013-08-13 21:21 - 2013-08-13 21:21 - 01037326 _____ C:\ProgramData\2433f433
2013-08-13 21:21 - 2013-08-13 21:21 - 01037302 _____ C:\Users\Utente\AppData\Local\2433f433
2013-08-13 20:35 - 2011-07-22 16:48 - 00003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9F387A28-5700-4980-ABFA-40374A96F324}
2013-08-13 20:27 - 2011-09-27 11:00 - 00000031 _____ C:\dev.ini
2013-08-10 13:02 - 2011-07-22 17:52 - 00000000 ____D C:\Users\Utente\AppData\Roaming\SoftGrid Client
2013-08-10 09:50 - 2013-08-08 16:43 - 00000033 _____ C:\Users\Public\LMDebug.log
2013-08-10 08:35 - 2011-09-26 15:58 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-08-08 16:42 - 2013-08-08 16:42 - 00000000 ____D C:\Users\Utente\AppData\Roaming\Samsung
2013-08-08 16:42 - 2013-08-08 16:40 - 00000000 ____D C:\ProgramData\Samsung
2013-08-08 16:42 - 2013-08-08 16:39 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-08-08 16:41 - 2013-08-08 16:41 - 00000000 ____D C:\Program Files\Common Files\Common Desktop Agent
2013-08-08 16:40 - 2013-08-08 16:40 - 00000000 ____D C:\Program Files (x86)\SamsungPrinterLiveUpdate
2013-08-08 16:30 - 2010-12-06 00:53 - 00701046 _____ C:\Windows\System32\perfh010.dat
2013-08-08 16:30 - 2010-12-06 00:53 - 00128836 _____ C:\Windows\System32\perfc010.dat
2013-08-08 16:30 - 2009-07-14 06:13 - 01543170 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-04 11:56 - 2011-12-09 11:40 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-03 13:48 - 2011-10-24 19:36 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-03 13:48 - 2011-10-24 19:36 - 00000000 ____D C:\Program Files\CCleaner
2013-08-03 13:42 - 2013-06-15 11:38 - 00000973 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-07-28 13:25 - 2011-08-10 18:47 - 00000000 ____D C:\Users\Utente\Documents\cobellis
2013-07-28 13:22 - 2011-10-12 15:11 - 00000000 ____D C:\Users\Utente\AppData\Roaming\CorelHomeOffice
2013-07-28 13:21 - 2011-10-12 15:11 - 00000088 __RSH C:\ProgramData\062F817942.sys
2013-07-28 13:21 - 2011-10-08 18:41 - 00002516 ___SH C:\ProgramData\KGyGaAvL.sys
2013-07-22 22:50 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\NDF
2013-07-20 19:22 - 2013-03-09 13:41 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleForUtente.job
2013-07-20 15:26 - 2013-03-09 13:41 - 00003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForUtente
2013-07-20 00:51 - 2013-07-20 00:51 - 00311608 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgloga.sys
2013-07-20 00:50 - 2013-07-20 00:50 - 00246072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgidsdrivera.sys
2013-07-20 00:50 - 2013-07-20 00:50 - 00206648 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys
2013-07-20 00:50 - 2013-07-20 00:50 - 00071480 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgidsha.sys
2013-07-15 20:49 - 2011-10-24 19:36 - 00004146 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-15 20:49 - 2011-10-24 19:36 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-816423737-2230768018-2229643965-1001\$a2478b99bae30be0960dca1912abcd67
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$a2478b99bae30be0960dca1912abcd67
Files to move or delete:
====================
C:\Users\Utente\AppData\Local\Temp\jgvpaipcagkutkseg.exe
C:\ProgramData\dsgsdgdsgdsgw.pad
C:\Users\Utente\AppData\Roaming\skype.dat
C:\Users\Utente\AppData\Roaming\msconfig.dat
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-06-15 11:35:45
Restore point made on: 2013-06-15 11:36:13
Restore point made on: 2013-06-16 17:52:18
Restore point made on: 2013-06-27 19:01:57
Restore point made on: 2013-07-09 16:04:04
Restore point made on: 2013-07-11 21:49:08
Restore point made on: 2013-08-06 19:51:01
==================== Memory info ===========================
Percentage of memory in use: 20%
Total physical RAM: 2927.43 MB
Available physical RAM: 2338.83 MB
Total Pagefile: 2925.58 MB
Available Pagefile: 2333.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:280.8 GB) (Free:216.46 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_RECOVERY) (Fixed) (Total:15 GB) (Free:2.25 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.49 GB) FAT32 (Disk=0 Partition=4)
Drive h: () (Removable) (Total:0.93 GB) (Free:0.93 GB) FAT (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.25 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 48E147D4)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=281 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)
========================================================
Disk: 1 (Size: 950 MB) (Disk ID: 70707573)
No partition Table on disk 1.
LastRegBack: 2013-08-06 18:54
==================== End Of Log ============================
Edited by vicky67 - 15/8/2013, 17:36. -
.
ciao Giancai
Scarica il file in allegato e copialo sulla pendrive dove hai FRST.Riavvia FRST come hai fatto precedentemente solo che questa volta anzichè cliccare su SCAN clicca su FIX.
Riavvia il pc e controlla se il pc si riavvia correttamente.
Allegami il file che troverai sulla pendrive chiamato fixlog.txt.File Allegato
.
Virus Polizia Penitenziaria,Polizia di Stato,Carabinieri (RISOLTO) |
