-
.
Prova ad invarli, non costa nulla la loro analisi. . -
mauriziomannari.
User deleted
Ho preso questo virus e non riesco a liberarmene, i file sono criptati tutti .micro.
Tutti i giorni faccio la pulizia e mi ricompare, inoltre non riesco a recuperare i file criptati.
Qualcuno può essermi di aiuto.. -
.
Il virus possiamo eliminarlo, per i file criptati al momento non c'è soluzione se non tentare sul sito di dr web. . -
mauriziomannari.
User deleted
Per eliminare il virus definitivamente come devo fare? . -
.
Allega un log di Farbar recovery scan tool.
Trovi le istruzioni in guida ai tools rimozione nella mia firma
I log da allegare sono frst.txt e additional.txt. -
mauriziomannari.
User deleted
Non è stata ancora trovata nessuna soluzione per i file criptati? . -
.
Per i file .micro ancora no. . -
lucad.
User deleted
ho preso il cryptolocker ed i file hanno estensione encrypted
ho inviato i file a dr web, sapere i loro tempi di risposta?
c'e un altro sistema per recuperarli?
come faccio ad eliminare questo virus?
grazie molte. -
.
Le risposte dipendono dalle richieste che hanno.
Per elikinarlo se ancora attivo allega un log di Farbar recovery scan tool.
(trovi le istruzioni in guida ai tools rimozione nella mia firma). -
lucad.
User deleted
il virus si è installato su un client che aveva delle cartelle condivise con un server ed ha, quindi, infettato anche quest'ultimo
ora ti allego la scansione del server e successivamente quella del client sul quale sto facendo girare il tool remove di kasperkyFile Allegato
. -
lucad.
User deleted
il file addition sempre del server File Allegato
. -
.
Il log di frst è pulito, non c'è infezione su questo pc. . -
igor3434.
User deleted
Ciao a tutti, ho trovato solo nel vostro forum un'ottima "assistenza" per questi maledetti ransomware. Sono stato infettato ma non sono sicuro di aver rimosso il virus e non riesco a capire di quale tipo di ransomware si tratta, mi trasforma i file pdf jpg eccetera in mp3. La codifica è RSA4096 come spiegato nell'allegato che mi chiede il riscatto. Ho utilizzato Farbar, allego i file per capire se ho eliminato la minaccia e per capire di che cosa si tratta.
Grazie per l'aiuto, spero come tutti voi che trovino un modo per decriptare i miei file.
FILE ADDITIONSPOILER (clicca per visualizzare)Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by Igor (2016-03-20 23:28:15)
Running from C:\Users\Igor\Downloads
Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2016-03-14 14:10:11)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3790506423-2457885742-1339496338-500 - Administrator - Disabled)
Guest (S-1-5-21-3790506423-2457885742-1339496338-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3790506423-2457885742-1339496338-1002 - Limited - Enabled)
Igor (S-1-5-21-3790506423-2457885742-1339496338-1000 - Administrator - Enabled) => C:\Users\Igor
User (S-1-5-21-3790506423-2457885742-1339496338-1003 - Limited - Enabled) => C:\Users\User
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG AntiVirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 15.14 (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Acrobat Reader DC - Italiano (HKLM\...\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (32 Bit) (HKLM\...\{2614BC86-757D-4293-9E25-E4E16F370A9E}) (Version: 16.0 - Adobe Systems Incorporated)
Aggiornamenti NVIDIA 17.12.8 (Version: 17.12.8 - NVIDIA Corporation) Hidden
ASUS Share Link (HKLM\...\{c3bcc1e3-f950-439c-bcae-f01283e9f2a4}_is1) (Version: 1.0.27.0911 - ASUSTEK)
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.16 - Atheros Communications Inc.)
AVG (Version: 16.51.7497 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4542 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.51.7497 - AVG Technologies)
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
Creative ALchemy (HKLM\...\ALchemy) (Version: 1.43 - Creative Technology Limited)
Creative MediaSource 5 (HKLM\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.26 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative WaveStudio 7 (HKLM\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)
CyberLink PowerDirector Ultimate Suite 14 (HKLM\...\{C5A42BC2-D531-4FC1-B808-976838B340A7}) (Version: 14 - CyberLink Corp.)
Disinstalla EPSON SX525WD Series Printer (HKLM\...\EPSON SX525WD Series) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPU-6 Engine (HKLM\...\{56B83336-FBC1-4C46-8613-90A9E3B440D6}) (Version: 1.01.17 - )
FMW 1 (Version: 1.62.2 - AVG Technologies) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Drive (HKLM\...\{895D0391-459F-4D45-B8DD-13F0DE70C66E}) (Version: 1.28.1549.1322 - Google, Inc.)
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
Intel® CCF Manager (HKLM\...\{2c997217-d897-4a17-8764-280d0928c799}) (Version: 3.0.13.2211 - Intel Corporation)
Java 8 Update 73 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MKVToolNix 8.9.0 (32bit) (HKLM\...\MKVToolNix) (Version: 8.9.0 - Moritz Bunkus)
NewBlue Titler Pro for Windows (HKLM\...\NewBlue Titler Pro for Windows) (Version: 1.0 - NewBlue)
NewBlue Video Essentials for Windows (HKLM\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials V for Windows (HKLM\...\NewBlue Video Essentials V for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials VII for Windows (HKLM\...\NewBlue Video Essentials VII for Windows) (Version: 3.0 - NewBlue)
NVIDIA Driver 3D Vision 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.92 - NVIDIA Corporation)
NVIDIA Driver del controller 3D Vision 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA Driver grafico 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Ontrack EasyRecovery Enterprise (HKLM\...\{AE695CA4-8847-4462-98CC-023874D29E72}_is1) (Version: 11.1.0.0 - Kroll Ontrack Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Pannello di controllo audio Creative (HKLM\...\AudioCS) (Version: 2.56 - Creative Technology Limited)
Pannello di controllo NVIDIA 341.92 (Version: 341.92 - NVIDIA Corporation) Hidden
proDAD Adorage 3.0 (HKLM\...\proDAD-Adorage-3.0) (Version: 3.0.114.1 - proDAD GmbH)
Proprietà Creative Sound Blaster (HKLM\...\Creative Sound Blaster Properties) (Version: 1.02 - Creative Technology Limited)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5859 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.0 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.0 - VS Revo Group, Ltd.)
ShadowExplorer 0.9 (HKLM\...\ShadowExplorer_is1) (Version: 0.9.462.0 - ShadowExplorer.com)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
SmartSound Quicktracks 5 (HKLM\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (Version: 5.1.8 - SmartSound Software Inc.) Hidden
STCServ (Version: 3.0.0.1783 - Intel Corporation) Hidden
Supporto applicazioni Apple (32 bit) (HKLM\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM\...\{90150000-012B-0410-0000-0000000FF1CE}_Office15.PROPLUS_{601D550E-BC99-4729-BA4C-962AD53CE9BF}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3054791) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{04ADDEC1-208F-4295-AA61-16789EA56814}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3054791) 32-Bit Edition (HKLM\...\{90150000-012B-0410-0000-0000000FF1CE}_Office15.PROPLUS_{04ADDEC1-208F-4295-AA61-16789EA56814}) (Version: - Microsoft)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.2 - VideoLAN)
WinRAR 5.31 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {2AECF82E-74A9-443B-8B6B-436806FFF2EF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {3CAE4EFF-240B-4E99-83E4-C505634E61F0} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {4CCC668E-C2D5-48CE-8599-0330E37CE5E5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-03-14] (Google Inc.)
Task: {598C57A4-01AD-4CB9-9555-1C2F4D69227B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-03-14] (Google Inc.)
Task: {751B8F08-9DCE-4E11-9527-A2931A056681} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {8147D038-CF91-4F10-AB8F-8F3A48B5860B} - System32\Tasks\IntelBootstrapCCDashExe => C:\Program Files\Intel\ConnectCenter\bin\ICCLauncher.exe [2015-03-16] (Intel® Corporation)
Task: {C1ACCBCC-2D4F-44C1-AA9C-B70D19F2EBE0} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe [2009-06-26] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-03-14 16:43 - 2015-10-13 17:47 - 00113840 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2016-03-14 15:28 - 2009-04-02 12:27 - 00090112 _____ () C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
2016-03-14 15:28 - 2009-06-26 16:08 - 06036992 _____ () C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
2016-03-14 15:28 - 2009-04-22 20:20 - 00179712 _____ () C:\Program Files\ASUS\EPU-6 Engine\ASUSSERVICE.DLL
2016-03-14 15:28 - 2009-04-20 13:55 - 00565248 _____ () C:\Program Files\ASUS\EPU-6 Engine\pngio.dll
2016-03-14 15:28 - 2006-01-10 16:50 - 00024576 _____ () C:\Windows\system32\AsIo.dll
2016-03-14 15:28 - 2009-04-20 13:55 - 00053248 _____ () C:\Program Files\ASUS\EPU-6 Engine\AsSpindownTimeout.dll
2016-03-14 15:38 - 2009-02-06 18:52 - 00073728 _____ () C:\Windows\SYSTEM32\CmdRtr.DLL
2016-03-14 15:38 - 2009-03-26 14:46 - 00148480 _____ () C:\Windows\SYSTEM32\APOMngr.DLL
2016-03-14 16:59 - 2015-04-07 14:34 - 40500224 _____ () C:\Program Files\AVG\UiDll\2171\libcef.dll
2016-03-14 17:22 - 2014-10-31 16:37 - 01498112 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2016-03-14 17:22 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2016-03-20 22:36 - 2016-03-20 22:36 - 00098816 _____ () C:\Users\Igor\AppData\Local\Temp\_MEI18562\win32api.pyd
2016-03-20 22:36 - 2016-03-20 22:36 - 00110080 _____ () C:\Users\Igor\AppData\Local\Temp\_MEI18562\pywintypes27.dll
2016-03-20 22:36 - 2016-03-20 22:36 - 00364544 _____ () C:\Users\Igor\AppData\Local\Temp\_MEI18562\pythoncom27.dll
2016-03-20 22:36 - 2016-03-20 22:36 - 00320512 _____ () C:\Users\Igor\AppData\Local\Temp\_MEI18562\win32com.shell.shell.pyd
2016-03-20 22:36 - 2016-03-20 22:36 - 00776704 _____ () C:\Users\Igor\AppData\Local\Temp\_MEI18562\_hashlib.pyd
2016-03-20 22:36 - 2016-03-20 22:36 - 01176576 _____ () C:\Users\Igor\AppData\Local\Temp\_MEI18562\wx._core_.pyd
2016-03-20 22:36 - 2016-03-20 22:36 - 00806400 _____ () C:\Users\Igor\AppData\Local\Temp\_MEI18562\wx._gdi_.pyd
2016-03-20 22:36 - 2016-03-20 22:36 - 00816128 _____ () C:\Users\Igor\AppData\Local\Temp\_MEI18562\wx._windows_.pyd
2016-03-20 22:36 - 2016-03-20 22:36 - 01067008 _____ () C:\Users\Igor\AppData\Local\Temp\_MEI18562\wx._controls_.pyd
2016-03-20 22:36 - 2016-03-20 22:36 - 00733184 _____ () C:\Users\Igor\AppData\Local\Temp\_MEI18562\wx._misc_.pyd
2016-03-20 22:36 - 2016-03-20 22:36 - 00682496 _____ () C:\Users\Igor\AppData\Local\Temp\_MEI18562\pysqlite2._sqlite.pyd
2016-03-20 22:36 - 2016-03-20 22:36 - 00088064 _____ () C:\Users\Igor\AppData\Local\Temp\_MEI18562\_ctypes.pyd
2016-03-20 22:36 - 2016-03-20 22:36 - 00119808 _____ () C:\Users\Igor\AppData\Local\Temp\_MEI18562\win32file.pyd
2016-03-20 22:36 - 2016-03-20 22:36 - 00108544 _____ () C:\Users\Igor\AppData\Local\Temp\_MEI18562\win32security.pyd
2016-03-20 22:36 - 2016-03-20 22:36 - 00007168 _____ () C:\Users\Igor\AppData\Local\Temp\_MEI18562\hashobjs_ext.pyd
2016-03-20 22:36 - 2016-03-20 22:36 - 00017920 _____ () C:\Users\Igor\AppData\Local\Temp\_MEI18562\thumbnails_ext.pyd
2016-03-20 22:36 - 2016-03-20 22:36 - 00088064 _____ () C:\Users\Igor\AppData\Local\Temp\_MEI18562\usb_ext.pyd
2016-03-20 22:36 - 2016-03-20 22:36 - 00167936 _____ () C:\Users\Igor\AppData\Local\Temp\_MEI18562\win32gui.pyd
2016-03-20 22:36 - 2016-03-20 22:36 - 00018432 _____ () C:\Users\Igor\AppData\Local\Temp\_MEI18562\win32event.pyd
2016-03-20 22:36 - 2016-03-20 22:36 - 00046080 _____ () C:\Users\Igor\AppData\Local\Temp\_MEI18562\_socket.pyd
2016-03-20 22:36 - 2016-03-20 22:36 - 01208320 _____ () C:\Users\Igor\AppData\Local\Temp\_MEI18562\_ssl.pyd
2016-03-20 22:36 - 2016-03-20 22:36 - 00128512 _____ () C:\Users\Igor\AppData\Local\Temp\_MEI18562\_elementtree.pyd
2016-03-20 22:36 - 2016-03-20 22:36 - 00127488 _____ () C:\Users\Igor\AppData\Local\Temp\_MEI18562\pyexpat.pyd
2016-03-20 22:36 - 2016-03-20 22:36 - 00013824 _____ () C:\Users\Igor\AppData\Local\Temp\_MEI18562\common.time34.pyd
2016-03-20 22:36 - 2016-03-20 22:36 - 00038912 _____ () C:\Users\Igor\AppData\Local\Temp\_MEI18562\win32inet.pyd
2016-03-20 22:36 - 2016-03-20 22:36 - 00036864 _____ () C:\Users\Igor\AppData\Local\Temp\_MEI18562\_psutil_windows.pyd
2016-03-20 22:36 - 2016-03-20 22:36 - 00525208 _____ () C:\Users\Igor\AppData\Local\Temp\_MEI18562\windows._lib_cacheinvalidation.pyd
2016-03-20 22:36 - 2016-03-20 22:36 - 00011264 _____ () C:\Users\Igor\AppData\Local\Temp\_MEI18562\win32crypt.pyd
2016-03-20 22:36 - 2016-03-20 22:36 - 00077312 _____ () C:\Users\Igor\AppData\Local\Temp\_MEI18562\wx._html2.pyd
2016-03-20 22:36 - 2016-03-20 22:36 - 00027136 _____ () C:\Users\Igor\AppData\Local\Temp\_MEI18562\_multiprocessing.pyd
2016-03-20 22:36 - 2016-03-20 22:36 - 00020480 _____ () C:\Users\Igor\AppData\Local\Temp\_MEI18562\_yappi.pyd
2016-03-20 22:36 - 2016-03-20 22:36 - 00035840 _____ () C:\Users\Igor\AppData\Local\Temp\_MEI18562\win32process.pyd
2016-03-20 22:36 - 2016-03-20 22:36 - 00686080 _____ () C:\Users\Igor\AppData\Local\Temp\_MEI18562\unicodedata.pyd
2016-03-20 22:36 - 2016-03-20 22:36 - 00078848 _____ () C:\Users\Igor\AppData\Local\Temp\_MEI18562\wx._animate.pyd
2016-03-20 22:36 - 2016-03-20 22:36 - 00123392 _____ () C:\Users\Igor\AppData\Local\Temp\_MEI18562\wx._wizard.pyd
2016-03-20 22:36 - 2016-03-20 22:36 - 00024064 _____ () C:\Users\Igor\AppData\Local\Temp\_MEI18562\win32pipe.pyd
2016-03-20 22:36 - 2016-03-20 22:36 - 00010240 _____ () C:\Users\Igor\AppData\Local\Temp\_MEI18562\select.pyd
2016-03-20 22:36 - 2016-03-20 22:36 - 00025600 _____ () C:\Users\Igor\AppData\Local\Temp\_MEI18562\win32pdh.pyd
2016-03-20 22:36 - 2016-03-20 22:36 - 00017408 _____ () C:\Users\Igor\AppData\Local\Temp\_MEI18562\win32profile.pyd
2016-03-20 22:36 - 2016-03-20 22:36 - 00022528 _____ () C:\Users\Igor\AppData\Local\Temp\_MEI18562\win32ts.pyd
2016-03-14 15:20 - 2016-03-08 03:48 - 01676440 _____ () C:\Program Files\Google\Chrome\Application\49.0.2623.87\libglesv2.dll
2016-03-14 15:20 - 2016-03-08 03:48 - 00086168 _____ () C:\Program Files\Google\Chrome\Application\49.0.2623.87\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2016-03-16 18:34 - 00001132 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3790506423-2457885742-1339496338-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Igor\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 4.4.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{B8B5D899-4920-4798-B170-E0CBA562BD61}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{87A78FDD-7791-4335-9762-F89489479CEB}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{4D8A6578-099D-41ED-BB51-7B79A9AC63EA}C:\users\igor\downloads\xdccmule\mirc.exe] => (Allow) C:\users\igor\downloads\xdccmule\mirc.exe
FirewallRules: [UDP Query User{8BD25759-BCBA-460E-9422-0EF61C868228}C:\users\igor\downloads\xdccmule\mirc.exe] => (Allow) C:\users\igor\downloads\xdccmule\mirc.exe
FirewallRules: [{5359BFD9-3DFB-4AAA-A908-A0E81E552FE0}] => (Allow) C:\Program Files\AVG\Av\avgnsx.exe
FirewallRules: [{C14C18E7-8ED9-455D-A47E-0CBA86DF82FA}] => (Allow) C:\Program Files\AVG\Av\avgnsx.exe
FirewallRules: [{F912F206-36E2-433F-9A4E-FCEB9F40CF33}] => (Allow) C:\Program Files\AVG\Av\avgdiagex.exe
FirewallRules: [{73E2D224-BD11-4DA2-A4B0-CFE09A922A86}] => (Allow) C:\Program Files\AVG\Av\avgdiagex.exe
FirewallRules: [{AF7031D1-F5D3-46CE-9F37-6BB1A9D5AAE9}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe
FirewallRules: [{4C43367C-2E0A-418E-B5DF-1E10C5F75B79}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe
FirewallRules: [{14A0D83C-A0E5-4B7C-911F-9622817A41C4}] => (Allow) C:\Program Files\AVG\Av\avgemcx.exe
FirewallRules: [{12659AB4-6220-4218-A6EF-6C39FE88AE06}] => (Allow) C:\Program Files\AVG\Av\avgemcx.exe
FirewallRules: [{EF2CFA07-9926-4394-BBE8-9E4C12B7E5AE}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{4DB65001-5B76-4BFB-BFB2-2BB89A290701}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C0AAE45B-5C1F-42A5-8127-D15EC1380726}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{F82F90F7-6AAB-4E25-BDBB-69AD29C740EC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{240143BA-C117-4357-AF93-F9337A1DF308}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{29A73CC9-E6D1-4C17-87FE-5F8D15D683D8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AC0081BF-004F-41CB-90DC-91B1E5784C13}] => (Allow) C:\Program Files\Intel\STCServ\STCServ.exe
FirewallRules: [{D5B23F9A-F0C4-42A6-B1A1-9C0E4D98B0A7}] => (Allow) C:\Program Files\ASUS\Share Link\ShareLink.exe
FirewallRules: [{1087FFDD-4ACF-481A-8923-19EC3E486901}] => (Allow) C:\Program Files\Intel\STCServ\STCServ.exe
FirewallRules: [{AF51AC14-5603-4699-959C-043C618102A9}] => (Allow) C:\Program Files\Intel\STCServ\STCServ.exe
FirewallRules: [{B9AE088F-703C-49FA-933C-386EBFB72E0F}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{CD832D5F-0777-4A55-B9C1-86B9E2B760F6}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{A276C615-5A0E-4A58-93ED-4C6752A31D76}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{7F1225B9-B224-4777-93A1-FCB051B38A94}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{BDE76D6F-DFE3-4AE7-B8F7-674881E8ED8B}] => (Allow) C:\Program Files\AVG\Av\avgnsx.exe
FirewallRules: [{F7D9E685-69B8-4703-81C2-ED580ACF8401}] => (Allow) C:\Program Files\AVG\Av\avgnsx.exe
FirewallRules: [{C0F16285-2E53-40FF-8637-CC413F448DCF}] => (Allow) C:\Program Files\AVG\Av\avgdiagex.exe
FirewallRules: [{C5BA49A1-B39C-457B-99AE-00E1C62E11B4}] => (Allow) C:\Program Files\AVG\Av\avgdiagex.exe
FirewallRules: [{80CA55A0-A8A8-4AA7-BC79-31A5C0F4D141}] => (Allow) C:\Program Files\AVG\Av\avgemcx.exe
FirewallRules: [{00EC43E6-C62D-4AD1-80C0-8D7562772734}] => (Allow) C:\Program Files\AVG\Av\avgemcx.exe
==================== Restore Points =========================
17-03-2016 13:56:48 Configured Microsoft Office Professional Plus 2013
17-03-2016 13:57:07 PROPLUS
18-03-2016 18:34:14 Norton_Power_Eraser_20160318183410766
18-03-2016 18:42:08 Norton_Power_Eraser_20160318184203950
20-03-2016 22:42:30 Revo Uninstaller Pro's restore point - Apple Mobile Device Support
20-03-2016 22:43:45 Revo Uninstaller Pro's restore point - Apple Software Update
20-03-2016 22:44:25 Revo Uninstaller Pro's restore point - QuickTime
20-03-2016 22:45:28 Revo Uninstaller Pro's restore point - Bonjour
20-03-2016 22:45:38 Removed Bonjour
20-03-2016 22:46:23 Revo Uninstaller Pro's restore point - iTunes
20-03-2016 23:17:43 Revo Uninstaller Pro's restore point - Data Recovery Pro
==================== Faulty Device Manager Devices =============
Name: WD SES Device USB Device
Description: WD SES Device USB Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/20/2016 11:12:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: AUDIODG.EXE, versione: 6.1.7601.18741, timestamp: 0x54d033cc
Nome del modulo che ha generato l'errore: P17APO32.dll, versione: 1.0.6.0, timestamp: 0x49de0d5a
Codice eccezione: 0xc0000005
Offset errore 0x0001b8d5
ID processo che ha generato l'errore: 0x140c
Ora di avvio dell'applicazione che ha generato l'errore: 0xAUDIODG.EXE0
Percorso dell'applicazione che ha generato l'errore: AUDIODG.EXE1
Percorso del modulo che ha generato l'errore: AUDIODG.EXE2
ID segnalazione: AUDIODG.EXE3
Error: (03/20/2016 10:42:30 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Errore del servizio Copia Shadow del volume: errore imprevisto durante la ricerca dell'interfaccia IVssWriterCallback. hr = 0x80070005, Accesso negato.
.
L'errore è spesso causato da impostazioni di sicurezza non corrette nel processo di scrittura o richiedente.
Operazione:
Raccolta dei dati del processo di scrittura
Contesto:
ID della classe del processo di scrittura: {e8132975-6f93-4464-a53e-1050253ae220}
Nome del processo di scrittura: System Writer
ID dell'istanza del processo di scrittura: {2ae4029d-ca7c-4f85-b118-0e045210e8f2}
Error: (03/20/2016 10:41:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: iTunes.exe, versione: 12.3.2.35, timestamp: 0x56739d90
Nome del modulo che ha generato l'errore: iTunesCore.dll, versione: 12.3.2.35, timestamp: 0x56739d7a
Codice eccezione: 0x40000015
Offset errore 0x013c1e04
ID processo che ha generato l'errore: 0xa04
Ora di avvio dell'applicazione che ha generato l'errore: 0xiTunes.exe0
Percorso dell'applicazione che ha generato l'errore: iTunes.exe1
Percorso del modulo che ha generato l'errore: iTunes.exe2
ID segnalazione: iTunes.exe3
Error: (03/20/2016 10:36:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/20/2016 10:35:46 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
Error: (03/20/2016 10:35:46 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
Error: (03/20/2016 10:35:46 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]
Error: (03/20/2016 07:43:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/20/2016 02:00:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/20/2016 01:59:13 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
System errors:
=============
Error: (03/20/2016 10:41:36 PM) (Source: Disk) (EventID: 7) (User: )
Description: Rilevato blocco danneggiato sul dispositivo \Device\Harddisk3\DR8.
Error: (03/20/2016 10:41:34 PM) (Source: Disk) (EventID: 7) (User: )
Description: Rilevato blocco danneggiato sul dispositivo \Device\Harddisk3\DR8.
Error: (03/20/2016 03:23:03 PM) (Source: Disk) (EventID: 7) (User: )
Description: Rilevato blocco danneggiato sul dispositivo \Device\Harddisk5\DR20.
Error: (03/20/2016 03:23:02 PM) (Source: Disk) (EventID: 7) (User: )
Description: Rilevato blocco danneggiato sul dispositivo \Device\Harddisk5\DR20.
Error: (03/20/2016 03:13:56 PM) (Source: Disk) (EventID: 7) (User: )
Description: Rilevato blocco danneggiato sul dispositivo \Device\Harddisk5\DR12.
Error: (03/20/2016 03:13:54 PM) (Source: Disk) (EventID: 7) (User: )
Description: Rilevato blocco danneggiato sul dispositivo \Device\Harddisk5\DR12.
Error: (03/18/2016 06:35:03 PM) (Source: Disk) (EventID: 11) (User: )
Description: Il driver ha rilevato un errore del controller su \Device\Harddisk2\DR2.
Error: (03/18/2016 06:10:44 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Il servizio NPEService è contrassegnato come interattivo. Il sistema non è configurato per consentire servizi interattivi. Questo servizio potrà non funzionare correttamente.
Error: (03/16/2016 06:12:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio Intel(R) Common Connectivity Framework. Questo evento si è già verificato 4 volta(e).
Error: (03/16/2016 06:05:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio Intel(R) Common Connectivity Framework. Questo evento si è già verificato 3 volta(e).
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz
Percentage of memory in use: 50%
Total physical RAM: 3327.12 MB
Available physical RAM: 1649.33 MB
Total Virtual: 6652.55 MB
Available Virtual: 4495.68 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.79 GB) (Free:187.96 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:233.76 GB) (Free:9.08 GB) NTFS
Drive i: (LaCie) (Fixed) (Total:739.52 GB) (Free:36.08 GB) NTFS
Drive j: (TV) (Fixed) (Total:191.95 GB) (Free:1.9 GB) FAT32
Drive k: (My Passport) (Fixed) (Total:931.48 GB) (Free:226.69 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 010C010B)
Partition 1: (Active) - (Size=232.8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 233.8 GB) (Disk ID: 11F911F8)
Partition 1: (Not Active) - (Size=233.8 GB) - (Type=OF Extended)
========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 454C61AF)
Partition 1: (Not Active) - (Size=192 GB) - (Type=0C)
Partition 2: (Not Active) - (Size=739.5 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 4F644A1A)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Edited by igor3434 - 21/3/2016, 12:03File Allegato
. -
.
ciao igor
Il pc non ha infezioni
Il ransom è il teslacrypt e al momento non c'è soluzione per i files.. -
igor3434.
User deleted
Grazie Vicky, già è una cosa buona che non ho più il virus nel pc. Ho scritto a Dr. Web ma non sono in grado di decriptare i miei file. Speriamo si sblocchi qualcosa prima o dopo. .
(GUIDA)Come recuperare files personali criptati da un virus |
