-
mariounturned.
User deleted
Ciao a tutti, sono disperato! Mi sono preso il virus della polizia postale e ho sul pc tutti i video dei bambini da mostrare domani a natale 
Ho windows 7, 64bit
Non mi va la modalità provvisaria e spero che mi possiate aiutare!
Non so bene come allegare il file testo quindi copio qua quello che viene scritto! Spero che mi riusciate a salvare
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-12-2014
Ran by SYSTEM on MININT-2MCP3N4 on 24-12-2014 21:46:58
Running from h:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Italiano (Italia)
Internet Explorer Version 11
Boot Mode: Recovery
The current controlset is ControlSet001
[b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b]
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33508...very-scan-tool/
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2465088 2014-11-17] (NVIDIA Corporation)
HKLM-x32\...\Run: [Tarantula] => C:\Program Files (x86)\Razer\Tarantula\razerhid.exe [159744 2007-05-07] (Razer USA Ltd.)
HKLM-x32\...\Run: [Razer Imperator Driver] => C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe [979360 2012-02-09] (Razer USA Ltd)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKU\stefano\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-11-06] (Google Inc.)
HKU\stefano\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1940160 2014-11-18] (Valve Corporation)
HKU\stefano\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-03-12] (Nero AG)
HKU\stefano\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\stefano\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)
HKU\stefano\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\stefano\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-08-15] (Apple Inc.)
HKU\stefano\...\Run: [GoogleChromeAutoLaunch_9F676DB4D4BCDB227592F23472F97895] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-06] (Google Inc.)
HKU\stefano\...\Run: [eventcreate] => "C:\Users\stefano\AppData\Roaming\Microsoft\Windows\IEUpdate\eventcreate.exe"
HKU\stefano\...\RunOnce: [Adobe Speed Launcher] => 1419337884
HKU\stefano\...\Policies\Explorer: []
HKU\stefano\...\Policies\Explorer: [Run] "C:\Users\stefano\AppData\Roaming\Microsoft\Windows\IEUpdate\eventcreate.exe"
HKU\stefano\...\Winlogon: [Shell] C:\Users\stefano\AppData\Roaming\Other.res [321024 2013-08-29] (Codmaster) <==== ATTENTION
BootExecute: autocheck autochk * sdnclean64.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-06-10] ()
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-03-12] (Nero AG)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-11-17] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-18] (Electronic Arts)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [96184 2013-12-09] (Overwolf)
S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-12-13] ()
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-12-12] ()
S3 SwitchBoard; "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S0 b72d986d118e6e86; C:\Windows\System32\Drivers\b72d986d118e6e86.sys [43448 2014-11-16] () <===== ATTENTION Necurs Rootkit?
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [29696 2012-10-11] (ManyCam LLC)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-10-16] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-09-05] (Razer Inc)
S3 TarFltr; C:\Windows\System32\drivers\UsbFltr.sys [49664 2007-04-11] (Razer USA Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-24 21:46 - 2014-12-24 21:46 - 00000000 ____D () C:\FRST
2014-12-24 19:35 - 2014-12-24 21:38 - 00000840 _____ () C:\Windows\setupact.log
2014-12-24 19:35 - 2014-12-24 19:35 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-21 16:05 - 2014-12-21 16:05 - 00000102 ____H () C:\Users\stefano\Downloads\.~lock.02 - Metabolismo fosfo-calcico.ppt#
2014-12-21 15:00 - 2014-12-21 15:06 - 00000000 ____D () C:\ComboFix
2014-12-15 23:51 - 2014-12-15 23:51 - 00022821 _____ () C:\Users\stefano\Downloads\The.Flash.s01e08.720p.sub.itasa.zip
2014-12-15 23:51 - 2014-12-15 23:51 - 00019488 _____ () C:\Users\stefano\Downloads\The.Flash.s01e09.720p.sub.itasa.zip
2014-12-13 00:38 - 2014-10-16 15:11 - 06883136 _____ (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2014-12-13 00:38 - 2014-10-16 15:11 - 03533632 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2014-12-13 00:38 - 2014-10-16 15:11 - 02559808 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2014-12-13 00:38 - 2014-10-16 15:11 - 00933064 _____ (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2014-12-13 00:38 - 2014-10-16 15:11 - 00384200 _____ (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2014-12-13 00:38 - 2014-10-16 15:11 - 00061640 _____ (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2014-12-13 00:38 - 2014-10-15 01:48 - 04047877 _____ () C:\Windows\System32\nvcoproc.bin
2014-12-13 00:22 - 2014-12-13 00:22 - 03894696 _____ (solvusoft Corporation ) C:\Users\stefano\Downloads\Setup_WinThruster_2015.exe
2014-12-13 00:22 - 2014-12-13 00:22 - 00000000 ____D () C:\Users\stefano\AppData\Roaming\Solvusoft
2014-12-13 00:22 - 2014-12-13 00:22 - 00000000 ____D () C:\Program Files (x86)\WinThruster
2014-12-13 00:00 - 2014-12-13 00:10 - 00000000 ____D () C:\Users\stefano\AppData\Local\NVIDIA
2014-12-13 00:00 - 2014-12-13 00:00 - 00001347 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2014-12-12 23:59 - 2014-12-12 23:59 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-12-12 23:58 - 2014-11-17 23:18 - 01538880 _____ (NVIDIA Corporation) C:\Windows\System32\nvhdagenco6420103.dll
2014-12-12 23:58 - 2014-11-17 23:18 - 00197408 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2014-12-12 23:58 - 2014-11-17 23:18 - 00031520 _____ (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2014-12-12 23:58 - 2014-10-03 20:23 - 00035144 _____ (NVIDIA Corporation) C:\Windows\System32\nvaudcap64v.dll
2014-12-12 23:58 - 2014-10-03 20:23 - 00032584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-12-12 23:46 - 2014-10-03 20:23 - 00038216 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvad64v.sys
2014-12-12 19:24 - 2014-12-12 19:24 - 01534736 _____ () C:\Users\stefano\Downloads\battlelog-web-plugins_2.6.2_154 (1).exe
2014-12-12 19:24 - 2014-12-12 19:24 - 00000000 ____D () C:\Users\stefano\AppData\Local\ESN
2014-12-12 02:39 - 2014-12-12 02:39 - 00000844 _____ () C:\Users\Public\Desktop\Battlefield 4.lnk
2014-12-12 02:39 - 2014-12-12 02:39 - 00000828 _____ () C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk
2014-12-10 15:31 - 2014-12-10 15:31 - 01534736 _____ () C:\Users\stefano\Downloads\battlelog-web-plugins_2.6.2_154.exe
2014-12-10 13:04 - 2014-12-10 13:55 - 00000000 ____D () C:\Users\stefano\AppData\Local\RzStats
2014-12-10 12:58 - 2014-12-10 12:58 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_rzudd_01009.Wdf
2014-12-10 12:58 - 2014-12-10 12:58 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_rzendpt_01009.Wdf
2014-12-10 12:55 - 2014-12-10 14:11 - 00000000 ____D () C:\Users\stefano\AppData\Local\Razer
2014-12-10 12:55 - 2014-12-10 14:11 - 00000000 ____D () C:\ProgramData\Razer
2014-12-07 16:39 - 2014-12-07 16:39 - 00110284 _____ () C:\Users\stefano\Downloads\juan sezione mercato.dwg
2014-12-06 19:24 - 2014-12-06 19:24 - 00000000 ____D () C:\Users\stefano\AppData\Local\PAYDAY 2
2014-12-06 19:07 - 2014-12-06 19:07 - 00000000 ____D () C:\Users\stefano\AppData\Local\PAYDAY 2 sdfdghgjkjk
2014-12-06 15:36 - 2014-12-06 15:36 - 00129314 _____ () C:\Users\stefano\Downloads\pianta modulo.dwg
2014-12-06 11:31 - 2014-12-06 11:31 - 00000000 ____D () C:\Users\stefano\Desktop\76561198124361804
2014-12-05 19:37 - 2014-12-05 19:37 - 00488717 _____ () C:\Users\stefano\Downloads\pay2-trefiori-26c81f54f1347b0.rar
2014-12-05 19:37 - 2014-12-05 12:36 - 00754719 _____ (CheatHappens) C:\Users\stefano\Desktop\pay2-Trefiori.exe
2014-12-05 19:37 - 2014-01-24 09:41 - 00010852 _____ () C:\Users\stefano\Desktop\payday2p5-readme.txt
2014-12-03 13:02 - 2014-12-03 13:02 - 00114756 __RSH ( ) C:\Windows\SysWOW64\csrss.exe
2014-12-03 13:02 - 2009-07-14 02:14 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
2014-11-30 16:29 - 2014-11-30 16:29 - 00698012 _____ () C:\Users\stefano\Downloads\3D.skp
2014-11-27 18:11 - 2014-11-27 18:11 - 00019538 _____ () C:\Users\stefano\Downloads\Gotham.s01e10.720p.sub.itasa.zip
2014-11-26 19:04 - 2014-11-26 19:04 - 00022428 _____ () C:\Users\stefano\Downloads\The.Flash.s01e06.720p.sub.itasa.zip
2014-11-25 22:41 - 2014-11-25 22:41 - 00022208 _____ () C:\Users\stefano\Downloads\Arrow.s03e05.720p.sub.itasa.zip
2014-11-25 22:41 - 2014-11-25 22:41 - 00021781 _____ () C:\Users\stefano\Downloads\Arrow.s03e06.720p.sub.itasa.zip
2014-11-25 22:41 - 2014-11-25 22:41 - 00021240 _____ () C:\Users\stefano\Downloads\Arrow.s03e04.720p.sub.itasa.zip
2014-11-25 22:41 - 2014-11-25 22:41 - 00020990 _____ () C:\Users\stefano\Downloads\Arrow.s03e07.720p.sub.itasa.zip
2014-11-25 22:33 - 2014-11-25 22:33 - 00000000 ____D () C:\ProgramData\Riot Games
2014-11-25 22:31 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-11-25 22:31 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-11-25 22:31 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-11-25 22:30 - 2014-11-25 22:31 - 00000000 ____D () C:\Users\stefano\AppData\Roaming\Riot Games
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-24 20:11 - 2014-10-04 15:44 - 00000000 ___RD () C:\Users\stefano\iCloudDrive
2014-12-24 20:11 - 2014-08-24 17:17 - 00000000 ___RD () C:\Users\stefano\Google Drive
2014-12-24 20:11 - 2012-11-06 10:58 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-24 18:42 - 2012-11-06 19:49 - 00000000 ____D () C:\Users\stefano\AppData\Roaming\TS3Client
2014-12-23 13:38 - 2009-07-14 05:45 - 00022064 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-23 13:38 - 2009-07-14 05:45 - 00022064 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-23 13:36 - 2011-04-12 11:49 - 00744344 _____ () C:\Windows\System32\perfh010.dat
2014-12-23 13:36 - 2011-04-12 11:49 - 00148338 _____ () C:\Windows\System32\perfc010.dat
2014-12-23 13:36 - 2009-07-14 06:13 - 01669304 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-12-22 00:17 - 2013-01-07 20:01 - 00000000 ____D () C:\ProgramData\Origin
2014-12-21 21:34 - 2013-01-07 20:01 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-21 15:37 - 2012-12-04 23:12 - 00000000 ____D () C:\Users\stefano\AppData\Roaming\uTorrent
2014-12-21 15:05 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-21 15:00 - 2014-03-10 22:52 - 05601641 ____R (Swearware) C:\Users\stefano\Desktop\ComboFix.exe
2014-12-21 14:16 - 2013-01-07 20:31 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-12-20 21:03 - 2013-01-07 20:31 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-12-18 19:40 - 2012-11-05 17:41 - 00000000 ____D () C:\Users\stefano\AppData\Roaming\vlc
2014-12-18 14:19 - 2013-02-01 11:47 - 00000000 ____D () C:\Program Files (x86)\Guild Wars 2
2014-12-17 15:50 - 2013-06-15 18:04 - 00000000 ____D () C:\Windows\Minidump
2014-12-13 00:50 - 2014-08-20 17:05 - 00076152 _____ () C:\Windows\System32\PnkBstrA.exe
2014-12-13 00:40 - 2012-11-05 13:35 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-13 00:38 - 2012-11-05 13:34 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-12-13 00:38 - 2012-11-05 13:34 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-13 00:38 - 2012-11-05 13:34 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-12-13 00:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Help
2014-12-13 00:11 - 2014-10-24 19:50 - 00000000 ____D () C:\Users\stefano\AppData\Local\NVIDIA Corporation
2014-12-12 19:29 - 2013-11-09 20:56 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-12-12 02:38 - 2013-01-07 20:31 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-12-11 17:33 - 2013-02-01 19:39 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 17:30 - 2009-07-14 05:45 - 05136264 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-12-10 15:17 - 2012-11-05 15:33 - 00149360 _____ () C:\Users\stefano\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-10 14:11 - 2012-11-06 19:45 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-12-10 14:05 - 2012-12-20 18:19 - 00000000 ____D () C:\Windows\erdnt
2014-12-10 14:02 - 2009-07-14 03:34 - 89128960 _____ () C:\Windows\System32\config\SOFTWARE.bak
2014-12-10 14:02 - 2009-07-14 03:34 - 17301504 _____ () C:\Windows\System32\config\SYSTEM.bak
2014-12-10 14:02 - 2009-07-14 03:34 - 00524288 _____ () C:\Windows\System32\config\DEFAULT.bak
2014-12-10 14:02 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\System32\config\SECURITY.bak
2014-12-10 14:02 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\System32\config\SAM.bak
2014-12-10 14:01 - 2012-12-20 18:19 - 00000000 ____D () C:\Qoobox
2014-12-10 13:56 - 2014-11-09 15:03 - 00000000 ____D () C:\Users\stefano\AppData\Roaming\Dropbox
2014-12-10 13:56 - 2012-11-05 12:57 - 00000000 ____D () C:\users\stefano
2014-12-10 13:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-12-07 16:39 - 2013-11-22 21:18 - 00000000 ____D () C:\Users\stefano\AppData\Local\cache
2014-11-25 22:02 - 2012-11-06 14:27 - 00000000 ____D () C:\Users\stefano\Documents\my games
Files to move or delete:
====================
C:\ProgramData\dsgsdgdsgdsgw.js
C:\ProgramData\jqggv8.fee
Some content of TEMP:
====================
C:\Users\stefano\AppData\Local\Temp\stuprt.exe
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points =========================
==================== Memory info ===========================
Percentage of memory in use: 7%
Total physical RAM: 16361.41 MB
Available physical RAM: 15137.59 MB
Total Pagefile: 16359.61 MB
Available Pagefile: 15145.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.57 GB) (Free:2.93 GB) NTFS
Drive e: (GRMCPRXFRER_IT_DVD) (CDROM) (Total:2.97 GB) (Free:0 GB) UDF
Drive h: (HITMANPRO) (Removable) (Total:7.25 GB) (Free:7.24 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (Volume) (Fixed) (Total:931.51 GB) (Free:94.69 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2AB9C714)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 111.8 GB) (Disk ID: 3072F745)
Partition: GPT Partition Type.
========================================================
Disk: 3 (Size: 7.3 GB) (Disk ID: F00FD357)
Partition 1: (Active) - (Size=7.3 GB) - (Type=0B)
LastRegBack: 2013-08-13 11:58
==================== End Of Log ============================. -
.
ciao mariounturned
Scarica il file in allegato e copialo sulla chiavetta dove hai FRST.
Riavvia FRST come hai già fatto, solo che questa volta clicca sul pulsante FIX anzichè SCAN.
Allega il log fixlog.txt che troverai sulla chiavetta e controlla se ora hai l'accesso a windows normalmente.File Allegato
. -
sanpolo.
User deleted
Salve
Ho preso il virus INTERPOOL ,napoloitano ecc. il PC (32 bit sistema operativi win.8 )si avvia come amministratore e non da problemi ma quando vado in uno degli utenti dove ho preso il virus dopo pochi secondi si apre la pagina del virus con Interpool ecc.
Non sono esperto ma già altre volte co0n il VS. aiuto sono riuscito a toglierlo. Ho provato con la guida alla rimozione ma non sono riuscito.Mi potete aiutare?
Grazie. -
.
Esegui farbar recovery scan tool da amministartore mettendo il tool sul desktop e cliccando su SCAN.
Riceverai 2 log:allega solo FRST.txt. -
sanpolo.
User deleted
riesco ad avviare in modalità provvisoria.
ora provo come mi dici tu.. -
sanpolo.
User deleted
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015
Ran by Ernello (ATTENTION: The logged in user is not administrator) on PC-PORTATILE on 09-01-2015 14:24:45
Running from C:\Users\Ernello\Desktop
Loaded Profile: Ernello (Available profiles: Ernello & lorenzo & tetta & ernello_2 & Andretti & Guest)
Platform: Windows 8 Pro (X86) OS Language: Italiano (Italia)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33508...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Hewlett-Packard) C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(OLYMPUS IMAGING CORP.) C:\Program Files\OLYMPUS\ib\olycamdetect.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
(CyberLink Corp.) C:\Program Files\Hp\QuickPlay\QPService.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
() C:\Program Files\Alice MOBILE E169\Alice MOBILE E169.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.10.106\SSScheduler.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(RealNetworks, Inc.) C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\saUI.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [212992 2007-10-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [480560 2007-10-03] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
HKLM\...\Run: [MDS_Menu] => C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe [220336 2010-07-01] (CyberLink Corp.)
HKLM\...\Run: [Microsoft Works Portfolio] => C:\Program Files\Microsoft Works\WksSb.exe [1099104 2007-06-21] (Microsoft® Corporation)
HKLM\...\Run: [Microsoft Works Update Detection] => C:\Program Files\Microsoft Works\WkDetect.exe [28739 2000-08-23] (Microsoft® Corporation)
HKLM\...\Run: [Olympus ib] => C:\Program Files\Olympus\ib\olycamdetect.exe [93360 2010-09-30] (OLYMPUS IMAGING CORP.)
HKLM\...\Run: [OrderReminder] => C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [98304 2005-03-18] (Hewlett-Packard)
HKLM\...\Run: [QPService] => C:\Program Files\HP\QuickPlay\QPService.exe [181544 2007-09-30] (CyberLink Corp.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2007-09-13] (CyberLink Corp.)
HKLM\...\Run: [WorksFUD] => C:\Program Files\Microsoft Works\wkfud.exe [24576 2000-07-12] (Microsoft® Corporation)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\Update\realsched.exe [296520 2014-07-23] (RealNetworks, Inc.)
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2039192 2014-11-21] (APN)
HKU\S-1-5-21-2721134853-2055459950-1619665247-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [455968 2007-08-23] (Hewlett-Packard Company)
HKU\S-1-5-21-2721134853-2055459950-1619665247-1000\...\Run: [Mobile Partner] => C:\Program Files\Alice MOBILE E169\Alice MOBILE E169.exe [110592 2008-08-06] ()
HKU\S-1-5-21-2721134853-2055459950-1619665247-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-02-21] (Google Inc.)
HKU\S-1-5-21-2721134853-2055459950-1619665247-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5282584 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-2721134853-2055459950-1619665247-1000\...\MountPoints2: {e9bb5da5-a921-11e2-afa1-001eec187ee6} - "F:\AutoRun.exe"
HKU\S-1-5-21-2721134853-2055459950-1619665247-1000\...\MountPoints2: {e9bb5dec-a921-11e2-afa1-001eec187ee6} - "F:\AutoRun.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.10.106\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Ernello\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
ShortcutTarget: OpenOffice.org 2.4.lnk -> C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
Startup: C:\Users\ernello_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\971CFBF11.lnk
ShortcutTarget: 971CFBF11.lnk -> C:\Windows\System32\regsvr32.exe (Microsoft Corporation)
Startup: C:\Users\tetta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
ShortcutTarget: OpenOffice.org 2.4.lnk -> C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...sario&pf=laptop
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2721134853-2055459950-1619665247-1000\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = www.ilfattoquotidiano.it/
HKU\S-1-5-21-2721134853-2055459950-1619665247-1000\Software\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = www.ilfattoquotidiano.it/
HKU\S-1-5-21-2721134853-2055459950-1619665247-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...sario&pf=laptop
HKU\S-1-5-21-2721134853-2055459950-1619665247-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
HKU\S-1-5-21-2721134853-2055459950-1619665247-1000\Software\Microsoft\Internet Explorer\Main,Start Page = www.ilfattoquotidiano.it/
URLSearchHook: HKU\S-1-5-21-2721134853-2055459950-1619665247-1000 - (No Name) - {0696f815-a3a9-490a-bb14-9ec3350b1276} - No File
SearchScopes: HKLM -> {86E73207-5448-4A97-8992-D38F922C01BE} URL = http://slirsredirect.search.aol.com/slirs_...hpcnnbie7-it-it
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://dts.search-results.com/sr?src=ieb&a...&q={searchTerms}
SearchScopes: HKLM -> {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.mywebsearch.com/mywebsearch/...or={searchTerms}
SearchScopes: HKLM -> {C4F19D1F-FC6B-4F2D-BB0F-E5A42BDD2BEE} URL = http://it.kelkoopartners.net/ctl/do/search...tnerId=96913930
SearchScopes: HKU\.DEFAULT -> DefaultScope {8FF727A2-2291-44AB-A774-C03941EE28E9} URL = http://it.search.yahoo.com/search?fr=mcafe...&p={SearchTerms}
SearchScopes: HKU\.DEFAULT -> {8FF727A2-2291-44AB-A774-C03941EE28E9} URL = http://it.search.yahoo.com/search?fr=mcafe...&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2721134853-2055459950-1619665247-1000 -> DefaultScope {7F8683D2-3EEF-4DE2-A9FC-790AB333FBE2} URL = https://it.search.yahoo.com/search?fr=mcaf...&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2721134853-2055459950-1619665247-1000 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-2721134853-2055459950-1619665247-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}...ef&affID=111789
SearchScopes: HKU\S-1-5-21-2721134853-2055459950-1619665247-1000 -> {7F8683D2-3EEF-4DE2-A9FC-790AB333FBE2} URL = https://it.search.yahoo.com/search?fr=mcaf...&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2721134853-2055459950-1619665247-1000 -> {86E73207-5448-4A97-8992-D38F922C01BE} URL = http://slirsredirect.search.aol.com/slirs_...hpcnnbie7-it-it
SearchScopes: HKU\S-1-5-21-2721134853-2055459950-1619665247-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = http://search.bearshare.com/webResults.htm...&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2721134853-2055459950-1619665247-1000 -> {BCA56B9B-CDF6-45A5-934E-1FE116AF0388} URL = http://it.search.yahoo.com/search?fr=mcafe...&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2721134853-2055459950-1619665247-1000 -> {C4F19D1F-FC6B-4F2D-BB0F-E5A42BDD2BEE} URL = http://it.kelkoopartners.net/ctl/do/search...tnerId=96913930
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.10.106\McAfeeMSS_IE.dll No File
BHO: No Name -> {2EECD738-5844-4a99-B4B6-146BF802613B} -> No File
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Wajam -> {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} -> C:\Program Files\Wajam\IE\priam_bho.dll (Wajam)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} - No File
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKU\S-1-5-21-2721134853-2055459950-1619665247-1000 -> No Name - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File
Toolbar: HKU\S-1-5-21-2721134853-2055459950-1619665247-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-2721134853-2055459950-1619665247-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2721134853-2055459950-1619665247-1000 -> No Name - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
Toolbar: HKU\S-1-5-21-2721134853-2055459950-1619665247-1000 -> No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
Toolbar: HKU\S-1-5-21-2721134853-2055459950-1619665247-1000 -> No Name - {E3393495-8103-46A0-8181-270273EDDD60} - No File
Toolbar: HKU\S-1-5-21-2721134853-2055459950-1619665247-1000 -> Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-...indows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-...indows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{A72834E9-082C-4023-907A-4F5FCF0588D5}: [NameServer] 10.204.57.104 10.205.41.16
FireFox:
========
FF ProfilePath: C:\Users\Ernello\AppData\Roaming\Mozilla\Firefox\Profiles\0b91ipql.default
FF DefaultSearchEngine: Google
FF DefaultSearchUrl: hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF SelectedSearchEngine: Google
FF Homepage: hxxp://search.bearshare.com/it/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=13 -> C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF Plugin: @real.com/nppl3260;version=17.0.11.7 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=17.0.11.7 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeploytk.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPSWF32.dll ()
FF Extension: Google Toolbar for Firefox - C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008-11-02]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [2008-12-02]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-08]
FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-07-23]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2013-11-01]
FF HKLM\...\Firefox\Extensions: [{1DD9AC48-0855-4AE7-9934-159B4377FFA2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - c:\program files\real\realplayer\Netscape6\nprpjplug.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Veetle TV Player) - C:\Program Files\Veetle\Player\npvlc.dll No File
CHR Plugin: (Veetle TV Core) - C:\Program Files\Veetle\plugins\npVeetle.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\Ernello\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\Ernello\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh [2013-10-23]
CHR Extension: (RealDownloader) - C:\Users\Ernello\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-01-12]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Ernello\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-23]
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-11-27]
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-06-10]
CHR HKLM\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\ernello_2\AppData\Local\Wajam\Chrome\wajam.crx [2012-09-14]
CHR HKLM\...\Chrome\Extension: [kckgnnipheglejoddfhekdjpbdbinhmb] - C:\Users\ernello_2\AppData\Roaming\SpeedTestAnalysis\SpeedTestAnalysis.crx [2013-09-30]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-10-30] (APN LLC.)
R2 cbVSCService11; C:\Program Files\Cobian Backup 11\cbVSCService11.exe [67584 2012-12-05] (CobianSoft, Luis Cobian) [File not signed]
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2012-12-29] (IvoSoft) [File not signed]
S3 getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [33752 2008-12-01] (NOS Microsystems Ltd.)
S2 gupdate1c999d0ae70ca33; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-30] (Google Inc.)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [65536 2007-09-19] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 lmhosts; C:\WINDOWS\system32\svchost.exe [23040 2012-09-20] (Microsoft Corporation)
R2 McAfee SiteAdvisor Service; c:\Program Files\McAfee\SiteAdvisor\McSACore.exe [133696 2014-11-13] (McAfee, Inc.)
R2 NlaSvc; C:\WINDOWS\System32\svchost.exe [23040 2012-09-20] (Microsoft Corporation)
R2 nsi; C:\WINDOWS\system32\svchost.exe [23040 2012-09-20] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-06-10] ()
R2 RealPlayer Cloud Service; C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141848 2014-07-23] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-06-25] () [File not signed]
R2 WajamUpdaterV3; C:\Program Files\Wajam\Updater\WajamUpdaterV3.exe [114176 2013-11-11] (Wajam) [File not signed] <==== ATTENTION
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14480 2014-03-28] (Microsoft Corporation)
S2 winmgmt; C:\PROGRA~2\61FEB7288.cpp [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\WINDOWS\system32\DRIVERS\athw8.sys [2777088 2012-10-01] (Qualcomm Atheros Communications, Inc.)
R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [24576 2012-07-26] (Microsoft Corporation)
S3 OlyCamComm; C:\WINDOWS\system32\DRIVERS\OlyCamComm.sys [21648 2009-09-10] (OLYMPUS IMAGING CORP.)
R3 WUDFSensorLP; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
S3 catchme; \??\C:\Users\ERNELL~1\AppData\Local\Temp\catchme.sys [X]
U3 idsvc; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-09 12:48 - 2015-01-09 12:48 - 00000373 _____ () C:\Users\Ernello\Desktop\Addition.txt
2015-01-09 12:47 - 2015-01-09 14:24 - 00028754 _____ () C:\Users\Ernello\Desktop\FRST.txt
2015-01-09 12:44 - 2015-01-09 12:44 - 01115648 _____ (Farbar) C:\Users\Ernello\Desktop\FRST.exe
2015-01-09 12:28 - 2015-01-09 12:28 - 00000000 ____D () C:\Program Files\GUM1CA4.tmp
2014-12-18 08:50 - 2014-09-02 20:32 - 00705480 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-12-18 08:50 - 2014-09-02 20:32 - 00104904 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-12-16 15:20 - 2014-12-16 15:20 - 00367664 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-12-16 06:59 - 2014-12-16 06:59 - 00002133 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-12-16 06:59 - 2014-12-16 06:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-12-16 06:57 - 2014-12-16 06:57 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-12-12 04:33 - 2014-12-16 06:57 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-12-12 04:31 - 2014-12-12 04:31 - 08423856 _____ (McAfee, Inc.) C:\Users\Ernello\Desktop\SecurityScan_Release.exe
2014-12-11 09:49 - 2014-12-16 17:19 - 00015854 _____ () C:\WINDOWS\PFRO.log
2014-12-11 09:44 - 2014-12-11 09:44 - 07819824 _____ () C:\Users\Ernello\Desktop\saSetup.exe
2014-12-10 22:44 - 2014-12-10 22:44 - 00078331 _____ () C:\Users\Ernello\Documents\manuale revisione dic.2014 b da controllare.odt
2014-12-10 12:47 - 2015-01-03 11:55 - 00093230 _____ () C:\Users\Ernello\Documents\manuale rev.dicembre 2014.odt
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-09 14:24 - 2013-10-24 14:07 - 00000000 ____D () C:\FRST
2015-01-09 14:23 - 2014-12-04 21:39 - 02177028 _____ () C:\WINDOWS\setupact.log
2015-01-09 14:22 - 2012-07-26 07:53 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-09 12:35 - 2012-11-28 17:17 - 00000161 _____ () C:\Users\Public\Documents\hpqp.ini
2015-01-09 12:30 - 2014-12-04 21:18 - 01283936 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-09 12:25 - 2008-06-14 00:20 - 00000000 ____D () C:\Users\Ernello\AppData\Roaming\OpenOffice.org2
2015-01-09 12:24 - 2014-11-26 03:18 - 00000418 _____ () C:\WINDOWS\Tasks\RNUpgradeHelperLogonPrompt_ernello_2.job
2015-01-09 12:24 - 2012-07-26 07:04 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-09 12:24 - 2009-07-05 13:50 - 00001168 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-08 23:24 - 2012-06-15 04:31 - 00000000 ____D () C:\Users\Ernello\AppData\Roaming\HpUpdate
2015-01-05 12:07 - 2012-07-26 07:53 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-12-31 14:19 - 2013-06-01 07:19 - 00000000 ____D () C:\WINDOWS\Minidump
2014-12-18 09:03 - 2014-12-06 08:37 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-16 15:17 - 2014-07-20 11:36 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-12-16 15:17 - 2012-07-26 09:15 - 00000000 ____D () C:\WINDOWS\system32\Drivers\it-IT
2014-12-16 15:17 - 2012-07-26 07:53 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-12-16 15:17 - 2012-07-26 07:53 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-16 15:17 - 2012-07-26 07:53 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-16 15:17 - 2012-07-26 07:53 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-16 15:17 - 2012-07-26 07:53 - 00000000 ____D () C:\WINDOWS\system32\it-IT
2014-12-16 15:17 - 2012-07-26 07:53 - 00000000 ____D () C:\Program Files\Windows Defender
2014-12-16 14:46 - 2013-11-01 00:55 - 00000000 ____D () C:\Program Files\McAfee
2014-12-13 03:55 - 2012-07-26 07:43 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-13 03:19 - 2014-11-26 03:18 - 00000408 _____ () C:\WINDOWS\Tasks\ReclaimerUpdateXML_ernello_2.job
2014-12-13 01:21 - 2014-11-26 03:18 - 00000412 _____ () C:\WINDOWS\Tasks\ReclaimerUpdateFiles_ernello_2.job
2014-12-12 05:26 - 2013-11-01 00:38 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-12 05:25 - 2013-11-01 00:38 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-12 05:12 - 2014-12-06 08:34 - 00000000 ____D () C:\WINDOWS\system32\AutoUpdateLicense
2014-12-12 04:36 - 2010-12-19 10:39 - 00002127 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-12 03:52 - 2012-07-26 07:53 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-12-12 03:45 - 2013-11-01 00:27 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
Files to move or delete:
====================
C:\Users\Ernello\Microsoft PowerPoint.exe
C:\Users\ernello_2\flash_player9016.exe
Some content of TEMP:
====================
C:\Users\Ernello\AppData\Local\temp\zk8dngs4.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================. -
.
Quando devi aggiungere delle info a dei post serviti del pulsante modifica altrimenti si vengono a creare diversi post consecutivi.
Scarica il file in allegato e copialo sul desktop dove avrai anche farbar recovery scan tool.
Riapri FRST solo che questa voltsa devi cliccare sul pulsante FIX una sola volta anzichè su SCAN.File Allegato
. -
sanpolo.
User deleted
Quando devi aggiungere delle info a dei post serviti del pulsante modifica altrimenti si vengono a creare diversi post consecutivi.
Scarica il file in allegato e copialo sul desktop dove avrai anche farbar recovery scan tool.
Riapri FRST solo che questa voltsa devi cliccare sul pulsante FIX una sola volta anzichè su SCAN.
Scusa se ho fatto confusione,probabilmente ne ho inviati più di uno.
comunque è a POSTO
. Io seguirò la guida post rimozione,mi coviene disinstallare cose come CCleaner,e poi istallarli di nuovo dalla tua pagina o si aggiornano in automatico?
GRAZIE Nello. -
.
Ok
Di solito si aggiornano in automatico se c'è settata l'opzione.ciao. -
ginca22.
User deleted
Buongiorno ho un pc windows 8.1 bloccato dal virus Polizia di Stato non mi fa partire la modalita' provvisoria e nn mi fa utilizzare un punto di ripristino precedente . Sono solo riuscito ad aprire il Prompt dei Comandi . Ho seguito le istruzioni del Vs forum ed ho scannerizzato con Farbar ecco il file txt.Vi ringrazio per l' aiuto che vorrete darmi .
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01
Ran by SYSTEM on MININT-J7674PV on 21-02-2015 10:45:16
Running from i:\
Platform: Windows 8.1 Pro with Media Center (X64) OS Language: Italiano (Italia)
Internet Explorer Version 11
Boot Mode: Recovery
The current controlset is ControlSet001
[b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b]
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33508...very-scan-tool/
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [Fast Boot] => C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe [764472 2012-09-19] ()
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-11-21] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [560192 2014-10-29] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\tato\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\tato\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
HKU\tato\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
Startup: C:\Users\tato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1FB6CE301.lnk
ShortcutTarget: 1FB6CE301.lnk -> C:\ProgramData\103EC6BF1.cpp ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 CyberLink PowerDVD 13 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2013-10-23] (CyberLink)
S2 CyberLink PowerDVD 13 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [327432 2013-10-23] (CyberLink)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
S2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-01] ()
S2 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [103992 2012-10-26] (MSI)
S2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [83952 2014-03-27] (Micro-Star International)
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] ()
S2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-11-21] (RealNetworks, Inc.)
S2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 Winmgmt; C:\ProgramData\1FB6CE301.zot [361984 2015-02-21] ()
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-01] ()
S3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-01] ()
S3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-01] ()
S3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-01] ()
S3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
S3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [33512 2014-09-20] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2013-12-21] (Basil Projects)
S2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; C:\Program Files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [130320 2013-10-23] (CyberLink Corp.)
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-21 01:48 - 2015-02-21 01:48 - 00361984 ____T () C:\ProgramData\1FB6CE301.zot
2015-02-21 01:46 - 2008-04-19 23:11 - 00000000 ____D () C:\Users\tato\Desktop\Age of Empires 2 + Exp
2015-02-21 01:31 - 2015-02-21 01:31 - 00150532 _____ () C:\ProgramData\103EC6BF1.cpp
2015-02-19 20:37 - 2015-02-19 20:37 - 00002316 _____ () C:\AdwCleaner[R11].txt
2015-02-19 20:37 - 2015-02-19 20:37 - 00002290 _____ () C:\AdwCleaner[S5].txt
2015-02-19 20:37 - 2015-02-19 20:37 - 00002255 _____ () C:\AdwCleaner[R10].txt
2015-02-19 20:10 - 2015-02-19 20:10 - 00000000 _____ () C:\autoexec.bat
2015-02-19 18:57 - 2015-02-19 18:57 - 00000000 ____D () C:\Program Files (x86)\DisccountExteNNsi
2015-02-19 18:56 - 2015-02-19 21:28 - 00000000 ____D () C:\Program Files (x86)\SaavaeNeWaAAppz
2015-02-19 18:56 - 2015-02-19 21:28 - 00000000 ____D () C:\Program Files (x86)\DIgiSaaver
2015-02-19 18:56 - 2015-02-19 18:56 - 00000000 ____D () C:\Program Files (x86)\Smart QrCode Generator
2015-02-19 18:56 - 2015-02-19 18:56 - 00000000 ____D () C:\Program Files (x86)\BestSiaveFOrYOu
2015-02-15 15:26 - 2015-02-19 21:23 - 00000000 ____D () C:\ProgramData\{5c6948b0-632f-8b58-5c69-948b063222c1}
2015-02-14 03:36 - 2015-02-16 08:56 - 00000000 ____D () C:\Users\tato\Desktop\White Queen
2015-02-09 21:38 - 2015-02-09 20:12 - 1972011008 _____ () C:\Users\tato\Desktop\Unbroken.2014.iTALiAN.MD.DVDSCR.XviD-FREE.avi
2015-02-08 11:34 - 2015-02-08 11:34 - 00000000 ____D () C:\Program Files (x86)\Western Digital Corporation
2015-02-08 11:33 - 2015-02-08 11:33 - 00973965 _____ () C:\Users\tato\Downloads\WinDlg_v1_28.zip
2015-02-08 11:10 - 2015-02-08 13:27 - 00005060 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for PCCASA-tato PCCASA
2015-02-04 23:28 - 2015-02-04 23:29 - 77793642 _____ () C:\Users\tato\Desktop\Demis Roussos with Aphrodite's child.zip
2015-02-04 21:15 - 2015-02-19 18:36 - 00000000 ____D () C:\ProgramData\dc86ee6700004701
2015-02-04 21:11 - 2015-02-04 21:13 - 00000000 ____D () C:\ProgramData\{c8f3f635-25b9-ec01-c8f3-3f63525bd8d4}
2015-02-04 21:06 - 2015-02-21 02:36 - 00000000 ____D () C:\ProgramData\bodlbiifllgfcnlekododkojloadppkn
2015-02-04 21:06 - 2015-02-04 21:06 - 00000000 ____D () C:\ProgramData\{e2155038-d64e-cd7b-e215-55038d6440e3}
2015-02-04 21:05 - 2015-02-04 21:05 - 01146568 _____ () C:\Users\tato\Downloads\DEMIS ROUSSOS - Lovely Lady Of Arcadia..mp3.exe
2015-02-04 20:11 - 2015-02-04 20:13 - 00000000 ____D () C:\Users\tato\Desktop\Demis Roussos
2015-01-31 11:45 - 2015-01-31 11:45 - 00090482 _____ () C:\Users\tato\Downloads\contacts_20150131114044 (1).vcf
2015-01-30 01:14 - 2015-01-30 01:14 - 00088567 _____ () C:\Users\tato\Desktop\Ricevuta del biglietto elettronico BA YVKXVM_ MXP-LHR 14 giu 2015 11_35.eml
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-21 10:43 - 2014-11-20 10:17 - 00000000 ____D () C:\FRST
2015-02-21 08:56 - 2014-07-07 19:31 - 00000000 __RDO () C:\Users\tato\OneDrive
2015-02-21 08:56 - 2014-06-26 18:31 - 00001156 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-21 08:56 - 2014-06-23 08:57 - 00000000 ____D () C:\Users\tato\AppData\Roaming\ClassicShell
2015-02-21 08:54 - 2014-09-20 14:52 - 00020537 _____ () C:\Windows\setupact.log
2015-02-21 08:54 - 2014-09-20 10:20 - 01179238 _____ () C:\Windows\WindowsUpdate.log
2015-02-21 08:54 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-21 02:51 - 2014-06-23 20:14 - 00003334 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-493368447-770920825-2306807267-1001
2015-02-21 02:51 - 2014-06-23 20:14 - 00003278 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-493368447-770920825-2306807267-1001
2015-02-21 02:36 - 2015-01-11 17:01 - 00000000 ____D () C:\Program Files (x86)\uunissalaes
2015-02-21 02:36 - 2014-09-20 17:02 - 00000000 ____D () C:\Users\tato\AppData\Roaming\0W1L1GtG1L1G1B2Z1T1I1I
2015-02-21 02:36 - 2014-09-01 20:26 - 00000000 ____D () C:\Users\tato\AppData\Roaming\vlc
2015-02-21 02:36 - 2014-06-25 23:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-21 02:36 - 2014-06-23 08:57 - 00000000 ____D () C:\ProgramData\ClassicShell
2015-02-21 02:36 - 2013-08-22 16:36 - 00000000 __RSD () C:\Windows\Media
2015-02-21 02:36 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\System32\sru
2015-02-21 02:36 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-21 02:36 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppCompat
2015-02-21 02:36 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-02-21 02:30 - 2014-11-20 09:22 - 00000000 _____ () C:\Recovery.txt
2015-02-21 02:02 - 2013-08-22 15:44 - 00483008 _____ () C:\Windows\System32\FNTCACHE.DAT
2015-02-21 02:01 - 2014-09-20 15:01 - 00000933 _____ () C:\Windows\Tasks\EPSON XP-215 217 Series Update {74EDF324-A7BB-40AC-8167-39463D642F43}.job
2015-02-21 02:01 - 2014-09-20 15:01 - 00000747 _____ () C:\Windows\Tasks\EPSON XP-215 217 Series Invitation {74EDF324-A7BB-40AC-8167-39463D642F43}.job
2015-02-21 01:57 - 2014-09-20 14:57 - 00000933 _____ () C:\Windows\Tasks\EPSON XP-215 217 Series Update {87BA3E10-5507-48EB-B759-B6374F494B61}.job
2015-02-21 01:57 - 2014-09-20 14:57 - 00000747 _____ () C:\Windows\Tasks\EPSON XP-215 217 Series Invitation {87BA3E10-5507-48EB-B759-B6374F494B61}.job
2015-02-21 01:50 - 2014-06-22 21:37 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8BC549D2-CD2F-47B8-9D00-DF9EF638D5DF}
2015-02-21 01:47 - 2013-08-22 12:22 - 00461312 _____ (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2015-02-21 01:47 - 2013-08-22 12:22 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\dpnsvr.exe
2015-02-21 01:47 - 2013-08-22 12:17 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\dpnathlp.dll
2015-02-21 01:47 - 2013-08-22 12:17 - 00009216 _____ (Microsoft Corporation) C:\Windows\System32\dpnhupnp.dll
2015-02-21 01:47 - 2013-08-22 12:17 - 00009216 _____ (Microsoft Corporation) C:\Windows\System32\dpnhpast.dll
2015-02-21 01:47 - 2013-08-22 05:05 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpmodemx.dll
2015-02-21 01:47 - 2013-08-22 05:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplaysvr.exe
2015-02-21 01:47 - 2013-08-22 04:59 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplayx.dll
2015-02-21 01:47 - 2013-08-22 04:56 - 00377856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2015-02-21 01:47 - 2013-08-22 04:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe
2015-02-21 01:47 - 2013-08-22 04:51 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnathlp.dll
2015-02-21 01:47 - 2013-08-22 04:51 - 00045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpwsockx.dll
2015-02-21 01:47 - 2013-08-22 04:51 - 00009216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhupnp.dll
2015-02-21 01:47 - 2013-08-22 04:51 - 00009216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhpast.dll
2015-02-21 01:41 - 2014-06-23 09:00 - 00000000 ____D () C:\Windows\System32\MRT
2015-02-21 01:40 - 2014-06-23 09:00 - 116773704 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2015-02-21 01:37 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-21 01:08 - 2013-12-21 17:51 - 00000978 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-21 00:36 - 2014-06-26 18:31 - 00001160 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-20 23:26 - 2014-06-23 03:29 - 00000000 ____D () C:\Users\tato\AppData\Local\VirtualStore
2015-02-20 21:47 - 2013-12-21 17:13 - 01813012 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-02-20 21:47 - 2013-08-22 23:37 - 00802322 _____ () C:\Windows\System32\perfh010.dat
2015-02-20 21:47 - 2013-08-22 23:37 - 00156482 _____ () C:\Windows\System32\perfc010.dat
2015-02-20 21:34 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\System32\config\BBI
2015-02-20 20:11 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-19 23:38 - 2014-06-22 21:42 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-493368447-770920825-2306807267-1001
2015-02-19 21:29 - 2014-06-23 03:29 - 00000000 ____D () C:\users\tato
2015-02-19 21:28 - 2014-06-23 20:14 - 00000000 ____D () C:\ProgramData\Real
2015-02-19 21:28 - 2014-06-23 03:29 - 00000000 ____D () C:\Users\tato\AppData\Roaming\Adobe
2015-02-19 21:28 - 2014-06-23 03:29 - 00000000 ____D () C:\Users\tato\AppData\Local\Packages
2015-02-19 21:28 - 2013-12-21 17:42 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-19 21:28 - 2013-12-21 17:42 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-02-19 21:28 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\registration
2015-02-19 21:04 - 2014-06-26 00:02 - 00000000 ____D () C:\Windows\System32\log
2015-02-19 20:53 - 2014-09-20 14:52 - 00052364 _____ () C:\Windows\PFRO.log
2015-02-16 01:25 - 2014-06-22 23:33 - 00000000 ____D () C:\Users\tato\AppData\Local\CrashDumps
2015-02-14 00:52 - 2014-07-13 17:20 - 00000000 ____D () C:\Users\tato\AppData\Local\Adobe
2015-02-11 08:20 - 2014-10-30 19:52 - 00000000 ____D () C:\Users\tato\Desktop\Katee Owen
2015-02-04 20:08 - 2013-12-21 17:51 - 00003866 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-24 21:20 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 21:20 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
Some content of TEMP:
====================
C:\Users\tato\AppData\Local\Temp\C722f0739.exe
C:\Users\tato\AppData\Local\Temp\iAKO.dll
C:\Users\tato\AppData\Local\Temp\ICReinstall_adwcleaner (2).exe
C:\Users\tato\AppData\Local\Temp\stubhelper.dll
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
TDL4: custom:26000022 <===== ATTENTION!
==================== Restore Points =========================
Restore point made on: 2015-02-04 21:16:32
Restore point made on: 2015-02-08 11:17:43
Restore point made on: 2015-02-08 13:33:23
Restore point made on: 2015-02-15 16:36:15
Restore point made on: 2015-02-17 21:53:20
Restore point made on: 2015-02-19 21:21:48
Restore point made on: 2015-02-19 23:39:35
Restore point made on: 2015-02-19 23:39:36
Restore point made on: 2015-02-19 23:39:37
Restore point made on: 2015-02-19 23:39:37
Restore point made on: 2015-02-19 23:39:39
Restore point made on: 2015-02-19 23:39:40
Restore point made on: 2015-02-19 23:39:40
Restore point made on: 2015-02-21 01:47:10
==================== Memory info ===========================
Percentage of memory in use: 7%
Total physical RAM: 16264.4 MB
Available physical RAM: 15018.38 MB
Total Pagefile: 16264.4 MB
Available Pagefile: 15051.26 MB
Total Virtual: 131072 MB
Available Virtual: 131071.88 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.54 GB) (Free:132.59 GB) NTFS
Drive d: (Volume) (Fixed) (Total:1863.01 GB) (Free:1603.15 GB) NTFS
Drive e: (Volume) (Fixed) (Total:931.48 GB) (Free:847.09 GB) NTFS
Drive f: (LACIE) (Fixed) (Total:232.83 GB) (Free:14.75 GB) FAT32
Drive h: (AOE3Y) (CDROM) (Total:0.56 GB) (Free:0 GB) CDFS
Drive i: (LEXAR) (Removable) (Total:1.87 GB) (Free:1.86 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.49 GB) (Free:0.49 GB) NTFS
Drive y: (Riservato per il sistema) (Fixed) (Total:0.34 GB) (Free:0.08 GB) NTFS ==>[System with boot components (obtained from reading drive)]
ATTENTION: Malware custom entry on BCD on drive y: detected.
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 1563B107)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: A2C3EEAB)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6A1079BC)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: AC2958AF)
Partition 1: (Active) - (Size=232.9 GB) - (Type=0C)
========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 1.9 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=1.9 GB) - (Type=06)
LastRegBack: 2015-02-10 21:39
==================== End Of Log ============================. -
.
ciao ginca22
Scarica il file in allegato e copialo sulla chiavetta dove hai FRST.
Riavvia FRST come hai già fatto, solo che questa volta clicca sul pulsante FIX anzichè SCAN.
Allega il log fixlog.txt che troverai sulla chiavetta e controlla se ora hai l'accesso a windows normalmente.File Allegato
. -
Naruk.
User deleted
Ho il problema con il virus polizia penitenziaria ho eseguito tutte le istruzioni e ora vi posto il file che il programma ha generato. File Allegato
. -
.
ciao naruk
Scarica il file in allegato e copialo sulla chiavetta dove hai FRST.
Riavvia FRST come hai già fatto, solo che questa volta clicca sul pulsante FIX anzichè SCAN.
Allega il log fixlog.txt che troverai sulla chiavetta e controlla se ora hai l'accesso a windows normalmente.File Allegato
. -
Naruk.
User deleted
ciao grazie il pc è ripartito perfettamente devo fare qualche altra operazione per evitare che il problema si ripresenti? . -
.
Cancella la cartella FRST in C
Segui la guida post rimozione in firma.ciao.
Virus Polizia Penitenziaria,Polizia di Stato,Carabinieri (RISOLTO) |
