UFFICIALE Virus Polizia di Stato/Guardia di Finanzia/Ukash : rimozione e supporto

[GENNARO97]

ciao, oggi un mio amico ha contratto questo virus. Siamo riusciti ad arrivare fino al passaggio del wiki, e abbiamo postato qui il risultato del blocco note

Spoiler

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-02-2013 02
Ran by SYSTEM at 03-02-2013 17:40:29
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Italian Standard
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2723624 2011-03-27] (Synaptics Incorporated)
HKLM\...\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831528 2011-05-10] (Acer Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k [297280 2011-04-23] (NTI Corporation)
HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1097808 2011-04-18] (Dritek System Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1391272 2012-01-04] (Ask)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [281768 2011-04-20] (Avira GmbH)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [246504 2010-01-11] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [x]
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [x]
HKU\utente\...\Run: [Epson Stylus SX420W(Rete)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Users\utente\AppData\Local\Temp\E_SD825.tmp" /EF "HKCU" [224768 2009-09-13] (SEIKO EPSON CORPORATION)
HKU\utente\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [16328976 2012-12-17] (Google)
HKU\utente\...\Run: [Facebook Update] "C:\Users\utente\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-12-27] (Facebook Inc.)
HKU\utente\...\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized [28467264 2013-01-20] (ooVoo LLC)
HKU\utente\...\Run: [DataMgr] C:\Users\utente\AppData\Roaming\DataMgr\datamgr.exe [168264 2012-09-25] (HTTO Group, Ltd.)
HKU\utente\...\Run: [Protector] wscript.exe "C:\Users\utente\AppData\Roaming\SDIV 2.0\Prot\prot.vbs" check [x]
HKU\utente\...\Run: [Google Update] "C:\Users\utente\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-11-14] (Google Inc.)
HKU\utente\...\Winlogon: [Shell] explorer.exe,C:\Users\utente\AppData\Roaming\skype.dat [95744 2011-11-16] ()
Tcpip\..\Interfaces\{4D03DAE2-675C-465E-B4B1-7555577C19D9}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{65C5D8C7-3C21-4F42-9545-BAB24CA90884}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{FBCC51F5-B940-47FA-8AAF-DB920AD46B64}: [NameServer]8.8.8.8,8.8.4.4
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
==================== Services (Whitelisted) ===================
2 AntiVirScheduler; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [136360 2011-04-20] (Avira GmbH)
2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [269480 2011-07-21] (Avira GmbH)
2 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [428200 2011-05-08] (Avira GmbH)
2 IB Updater Updater; C:\Program Files\IB Updater\ExtensionUpdaterService.exe [188760 2012-10-03] ()
2 IBUpdaterService; C:\Windows\System32\dmwu.exe [1261936 2012-10-02] ()
2 IBUpdaterService; C:\Windows\SysWow64\dmwu.exe [584768 2013-01-09] ()
2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-23] (NTI Corporation)
2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)
2 ServUpdater; "C:\Users\utente\AppData\Local\ServUpdater\ServiceUpd.exe" [156160 2011-12-16] (ServiceUpd)
2 SoftwareUpd; "C:\Users\utente\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe" [161280 2012-06-14] (SoftwareUpdService)
==================== Drivers (Whitelisted) =====================
2 avgntflt; C:\Windows\System32\Drivers\avgntflt.sys [88288 2011-07-21] (Avira GmbH)
1 avipbb; C:\Windows\System32\Drivers\avipbb.sys [123784 2011-07-21] (Avira GmbH)
3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [x]
3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtpt64.sys [x]
3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbs64.sys [x]
3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmdm64.sys [x]
3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [x]
3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [x]
3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [x]
3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [x]
==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========
2013-02-03 06:56 - 2013-02-03 08:34 - 00000004 ____A C:\Users\utente\AppData\Roaming\skype.ini
2013-02-03 06:50 - 2013-02-03 06:50 - 00095744 ____A C:\Users\utente\Downloads\video.exe
2013-01-31 10:19 - 2013-01-31 10:19 - 00000000 ____D C:\Users\utente\AppData\Local\{270AC5A9-C932-4087-9989-EF5976BD299E}
2013-01-31 10:17 - 2013-01-31 10:17 - 00000000 ____D C:\Users\utente\AppData\Local\{C622C3EA-78F8-4E4C-8E51-390FC60FE63D}
2013-01-31 09:06 - 2013-01-31 09:06 - 02666496 ____A (Microsoft Corporation) C:\Users\utente\Downloads\T3vis.exe
2013-01-31 09:06 - 2013-01-31 09:06 - 00858016 ____A (Microsoft Corporation) C:\Users\utente\Downloads\dungeon.exe
2013-01-31 09:03 - 2013-01-31 09:03 - 00182168 ____A (Microsoft Corporation) C:\Users\utente\Downloads\trilogyiii.exe
2013-01-29 12:41 - 2013-01-29 12:41 - 00000000 ____D C:\Users\utente\Documents\My ooVoo
2013-01-26 15:28 - 2013-01-26 15:28 - 00000000 ____D C:\Users\utente\AppData\Local\{BFA92F76-B399-4E3D-88A3-9CEF218A2900}
2013-01-26 15:02 - 2013-01-26 15:04 - 07364768 ____A (Adobe Systems Inc.) C:\Users\utente\Downloads\Shockwave_Installer_Slim.exe
2013-01-25 14:40 - 2013-01-25 14:41 - 06955968 ____A (Microsoft Corporation) C:\Users\utente\Downloads\Silverlight.exe
2013-01-24 06:30 - 2013-01-24 06:34 - 00000000 ____D C:\Users\utente\AppData\Roaming\Systweak
2013-01-24 06:27 - 2013-01-24 06:27 - 00368102 ____A C:\Users\utente\AppData\Local\funmoods-speeddial_sf.crx
2013-01-24 06:27 - 2013-01-24 06:27 - 00077671 ____A C:\Users\utente\AppData\Local\funmoods_2.0.1.crx
2013-01-24 06:27 - 2013-01-24 06:27 - 00000000 ____D C:\Users\utente\AppData\Local\Updater3847
2013-01-24 06:27 - 2013-01-24 06:27 - 00000000 ____D C:\Program Files (x86)\Funmoods
2013-01-24 06:27 - 2013-01-24 06:27 - 00000000 ____D C:\Program Files (x86)\Color My Facebook
2013-01-24 06:26 - 2013-01-24 06:26 - 01073368 ____A C:\Users\utente\Downloads\ColorMyFacebook.exe
2013-01-21 14:05 - 2013-01-21 14:05 - 00000000 ___DC C:\Users\utente\AppData\Local\MigWiz
2013-01-13 15:37 - 2013-01-13 15:37 - 04482340 ____A C:\Users\utente\Downloads\1.flv
2013-01-13 15:37 - 2013-01-13 15:37 - 04482340 ____A C:\Users\utente\Downloads\1 (4).flv
2013-01-13 15:37 - 2013-01-13 15:37 - 04482340 ____A C:\Users\utente\Downloads\1 (3).flv
2013-01-13 15:37 - 2013-01-13 15:37 - 04482340 ____A C:\Users\utente\Downloads\1 (2).flv
2013-01-13 15:37 - 2013-01-13 15:37 - 04482340 ____A C:\Users\utente\Downloads\1 (1).flv
2013-01-12 11:04 - 2013-01-12 11:04 - 00000000 ____D C:\Users\All Users\A109
2013-01-10 11:48 - 2012-11-08 21:45 - 00750592 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-01-10 11:48 - 2012-11-08 20:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-01-10 11:47 - 2012-12-07 05:20 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll
2013-01-10 11:47 - 2012-12-07 05:15 - 02746368 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll
2013-01-10 11:47 - 2012-12-07 04:26 - 00308736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2013-01-10 11:47 - 2012-12-07 04:20 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-01-10 11:47 - 2012-12-07 03:20 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs
2013-01-10 11:47 - 2012-12-07 03:20 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs
2013-01-10 11:47 - 2012-12-07 03:20 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs
2013-01-10 11:47 - 2012-12-07 03:20 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs
2013-01-10 11:47 - 2012-12-07 03:20 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs
2013-01-10 11:47 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs
2013-01-10 11:47 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs
2013-01-10 11:47 - 2012-12-07 03:19 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs
2013-01-10 11:47 - 2012-12-07 03:19 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs
2013-01-10 11:47 - 2012-12-07 03:19 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs
2013-01-10 11:47 - 2012-12-07 03:19 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs
2013-01-10 11:47 - 2012-12-07 03:19 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs
2013-01-10 11:47 - 2012-12-07 03:19 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs
2013-01-10 11:47 - 2012-12-07 03:19 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs
2013-01-10 11:47 - 2012-12-07 02:46 - 00055296 ____A (Microsoft) C:\Windows\SysWOW64\cero.rs
2013-01-10 11:47 - 2012-12-07 02:46 - 00051712 ____A (Microsoft) C:\Windows\SysWOW64\esrb.rs
2013-01-10 11:47 - 2012-12-07 02:46 - 00046592 ____A (Microsoft) C:\Windows\SysWOW64\fpb.rs
2013-01-10 11:47 - 2012-12-07 02:46 - 00045568 ____A (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2013-01-10 11:47 - 2012-12-07 02:46 - 00044544 ____A (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2013-01-10 11:47 - 2012-12-07 02:46 - 00043520 ____A (Microsoft) C:\Windows\SysWOW64\csrr.rs
2013-01-10 11:47 - 2012-12-07 02:46 - 00040960 ____A (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2013-01-10 11:47 - 2012-12-07 02:46 - 00030720 ____A (Microsoft) C:\Windows\SysWOW64\usk.rs
2013-01-10 11:47 - 2012-12-07 02:46 - 00023552 ____A (Microsoft) C:\Windows\SysWOW64\oflc.rs
2013-01-10 11:47 - 2012-12-07 02:46 - 00021504 ____A (Microsoft) C:\Windows\SysWOW64\grb.rs
2013-01-10 11:47 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2013-01-10 11:47 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2013-01-10 11:47 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi.rs
2013-01-10 11:47 - 2012-12-07 02:46 - 00015360 ____A (Microsoft) C:\Windows\SysWOW64\djctq.rs
2013-01-10 11:47 - 2012-11-21 21:44 - 00800768 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll
2013-01-10 11:47 - 2012-11-21 20:45 - 00626688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-01-10 11:47 - 2012-11-19 21:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-01-10 11:47 - 2012-11-19 20:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-01-10 11:47 - 2012-10-31 21:43 - 02002432 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-01-10 11:47 - 2012-10-31 21:43 - 01882624 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2013-01-10 11:47 - 2012-10-31 20:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-01-10 11:47 - 2012-10-31 20:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-01-10 11:45 - 2012-11-29 21:45 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2013-01-10 11:45 - 2012-11-29 21:45 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-01-10 11:45 - 2012-11-29 21:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-01-10 11:45 - 2012-11-29 21:45 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2013-01-10 11:45 - 2012-11-29 21:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2013-01-10 11:45 - 2012-11-29 21:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-01-10 11:45 - 2012-11-29 21:41 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-01-10 11:45 - 2012-11-29 21:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 21:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 20:54 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-01-10 11:45 - 2012-11-29 20:53 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-01-10 11:45 - 2012-11-29 20:53 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-01-10 11:45 - 2012-11-29 20:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 20:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 19:23 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-01-10 11:45 - 2012-11-29 18:44 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-01-10 11:45 - 2012-11-29 18:44 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-01-10 11:45 - 2012-11-29 18:44 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-01-10 11:45 - 2012-11-29 18:44 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-01-10 11:45 - 2012-11-29 18:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 18:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-01-10 11:45 - 2012-11-29 15:17 - 00420064 ____A C:\Windows\SysWOW64\locale.nls
2013-01-10 11:45 - 2012-11-29 15:15 - 00420064 ____A C:\Windows\System32\locale.nls
2013-01-10 11:44 - 2012-11-22 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-01-10 11:44 - 2012-11-22 19:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe
2013-01-09 11:35 - 2013-01-09 11:35 - 00000000 ____D C:\Program Files (x86)\BabylonToolbar
2013-01-09 11:34 - 2013-01-11 14:05 - 00000000 ____D C:\Users\utente\AppData\Roaming\PerformerSoft
2013-01-09 11:34 - 2013-01-09 11:34 - 00000000 ____D C:\Users\utente\AppData\Roaming\StatusWinks
2013-01-09 11:34 - 2013-01-09 11:34 - 00000000 ____D C:\Program Files (x86)\File Scout
2013-01-09 11:34 - 2013-01-09 11:32 - 00584768 ____A () C:\Windows\SysWOW64\dmwu.exe
2013-01-09 11:34 - 2012-12-10 03:01 - 00019896 ____A (Systweak Inc., (www.systweak.com)) C:\Windows\System32\roboot64.exe
2013-01-09 11:32 - 2013-01-09 11:32 - 00584768 ____A () C:\Users\utente\Downloads\BestCodecPack_Setup.exe
2013-01-05 03:17 - 2013-01-05 03:17 - 00000000 ____D C:\Users\utente\AppData\Roaming\Funmoods
2013-01-05 03:15 - 2013-01-05 03:15 - 00000000 ____D C:\Program Files (x86)\Gophoto.it
2013-01-05 03:14 - 2013-01-05 03:14 - 00238296 ____A C:\Users\utente\Downloads\[XVID_ITA]Gli_Aristogatti.exe
2013-01-04 16:32 - 2013-01-04 16:32 - 00253840 ____A C:\Users\utente\Downloads\Pooh_discografia_by_Satu.exe
2013-01-04 16:28 - 2013-01-26 15:09 - 00000000 ____D C:\Users\utente\Desktop\uTorrent
2013-01-04 16:28 - 2013-01-04 16:28 - 00000000 ____D C:\Program Files (x86)\MyPcCleaner
2013-01-04 16:26 - 2013-01-04 16:26 - 00373464 ____A (Softonic) C:\Users\utente\Downloads\SoftonicDownloader_per_utorrent-portable.exe
2013-01-04 16:25 - 2013-01-04 16:26 - 00373440 ____A (Softonic) C:\Users\utente\Downloads\SoftonicDownloader_per_utorrent (3).exe
2013-01-04 06:57 - 2013-01-04 06:57 - 02295812 ____A C:\Users\utente\Downloads\bannedcelebs_com_3.mpg

==================== One Month Modified Files and Folders =======
2013-02-03 08:34 - 2013-02-03 06:56 - 00000004 ____A C:\Users\utente\AppData\Roaming\skype.ini
2013-02-03 08:34 - 2011-09-25 03:54 - 01383956 ____A C:\Windows\WindowsUpdate.log
2013-02-03 08:22 - 2009-07-13 20:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-02-03 08:22 - 2009-07-13 20:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-02-03 08:20 - 2012-01-10 11:34 - 00001146 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-02-03 08:12 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-02-03 08:12 - 2009-07-13 20:51 - 00135025 ____A C:\Windows\setupact.log
2013-02-03 07:53 - 2012-11-14 03:35 - 00001164 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2106019414-1297966209-2161246025-1000UA.job
2013-02-03 07:53 - 2012-01-10 11:34 - 00001150 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-02-03 07:22 - 2012-06-13 03:39 - 00000000 ___SD C:\Users\utente\Google Drive
2013-02-03 06:52 - 2012-08-27 08:47 - 00000932 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2106019414-1297966209-2161246025-1000UA.job
2013-02-03 06:50 - 2013-02-03 06:50 - 00095744 ____A C:\Users\utente\Downloads\video.exe
2013-02-03 02:43 - 2012-11-14 03:35 - 00002378 ____A C:\Users\utente\Desktop\Google Chrome.lnk
2013-02-01 15:52 - 2012-08-27 08:47 - 00000910 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2106019414-1297966209-2161246025-1000Core.job
2013-01-31 10:19 - 2013-01-31 10:19 - 00000000 ____D C:\Users\utente\AppData\Local\{270AC5A9-C932-4087-9989-EF5976BD299E}
2013-01-31 10:17 - 2013-01-31 10:17 - 00000000 ____D C:\Users\utente\AppData\Local\{C622C3EA-78F8-4E4C-8E51-390FC60FE63D}
2013-01-31 09:06 - 2013-01-31 09:06 - 02666496 ____A (Microsoft Corporation) C:\Users\utente\Downloads\T3vis.exe
2013-01-31 09:06 - 2013-01-31 09:06 - 00858016 ____A (Microsoft Corporation) C:\Users\utente\Downloads\dungeon.exe
2013-01-31 09:03 - 2013-01-31 09:03 - 00182168 ____A (Microsoft Corporation) C:\Users\utente\Downloads\trilogyiii.exe
2013-01-29 12:41 - 2013-01-29 12:41 - 00000000 ____D C:\Users\utente\Documents\My ooVoo
2013-01-28 10:07 - 2011-09-25 13:44 - 04713664 ____A C:\Windows\System32\perfh010.dat
2013-01-28 10:07 - 2011-09-25 13:44 - 01537928 ____A C:\Windows\System32\perfc010.dat
2013-01-28 10:07 - 2009-07-13 21:13 - 00005194 ____A C:\Windows\System32\PerfStringBackup.INI
2013-01-26 15:28 - 2013-01-26 15:28 - 00000000 ____D C:\Users\utente\AppData\Local\{BFA92F76-B399-4E3D-88A3-9CEF218A2900}
2013-01-26 15:09 - 2013-01-04 16:28 - 00000000 ____D C:\Users\utente\Desktop\uTorrent
2013-01-26 15:04 - 2013-01-26 15:02 - 07364768 ____A (Adobe Systems Inc.) C:\Users\utente\Downloads\Shockwave_Installer_Slim.exe
2013-01-26 14:53 - 2011-12-26 07:02 - 00000000 ____D C:\Users\utente\AppData\Roaming\Mozilla
2013-01-26 14:53 - 2011-12-23 23:36 - 00000000 ____D C:\Users\utente\AppData\Local\Google
2013-01-26 10:39 - 2012-01-18 12:37 - 00783360 __ASH C:\Users\utente\Desktop\Thumbs.db
2013-01-25 14:41 - 2013-01-25 14:40 - 06955968 ____A (Microsoft Corporation) C:\Users\utente\Downloads\Silverlight.exe
2013-01-24 06:34 - 2013-01-24 06:30 - 00000000 ____D C:\Users\utente\AppData\Roaming\Systweak
2013-01-24 06:30 - 2012-09-17 12:38 - 00001861 ____A C:\Users\Public\Desktop\ooVoo.lnk
2013-01-24 06:30 - 2012-09-17 12:38 - 00000000 ____D C:\Program Files (x86)\ooVoo
2013-01-24 06:27 - 2013-01-24 06:27 - 00368102 ____A C:\Users\utente\AppData\Local\funmoods-speeddial_sf.crx
2013-01-24 06:27 - 2013-01-24 06:27 - 00077671 ____A C:\Users\utente\AppData\Local\funmoods_2.0.1.crx
2013-01-24 06:27 - 2013-01-24 06:27 - 00000000 ____D C:\Users\utente\AppData\Local\Updater3847
2013-01-24 06:27 - 2013-01-24 06:27 - 00000000 ____D C:\Program Files (x86)\Funmoods
2013-01-24 06:27 - 2013-01-24 06:27 - 00000000 ____D C:\Program Files (x86)\Color My Facebook
2013-01-24 06:26 - 2013-01-24 06:26 - 01073368 ____A C:\Users\utente\Downloads\ColorMyFacebook.exe
2013-01-22 13:42 - 2012-08-23 05:34 - 00000000 ____D C:\Users\utente\AppData\Local\ServUpdater
2013-01-21 14:05 - 2013-01-21 14:05 - 00000000 ___DC C:\Users\utente\AppData\Local\MigWiz
2013-01-21 13:57 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-01-21 13:51 - 2012-02-15 08:19 - 00000000 ____D C:\Program Files (x86)\DealPly
2013-01-21 10:54 - 2011-12-13 12:21 - 00000000 ____D C:\users\utente
2013-01-21 10:53 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-01-21 10:18 - 2012-11-16 10:20 - 00000000 ___RD C:\Users\utente\Desktop\MODELLE
2013-01-21 10:14 - 2012-12-07 15:20 - 00000000 ___RD C:\Users\utente\Desktop\MUSICA
2013-01-18 15:28 - 2011-12-26 10:24 - 00000000 ____D C:\Users\utente\AppData\Roaming\Skype
2013-01-16 16:28 - 2010-11-20 19:27 - 00273840 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-01-14 06:08 - 2009-07-13 21:08 - 00032548 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-01-13 15:37 - 2013-01-13 15:37 - 04482340 ____A C:\Users\utente\Downloads\1.flv
2013-01-13 15:37 - 2013-01-13 15:37 - 04482340 ____A C:\Users\utente\Downloads\1 (4).flv
2013-01-13 15:37 - 2013-01-13 15:37 - 04482340 ____A C:\Users\utente\Downloads\1 (3).flv
2013-01-13 15:37 - 2013-01-13 15:37 - 04482340 ____A C:\Users\utente\Downloads\1 (2).flv
2013-01-13 15:37 - 2013-01-13 15:37 - 04482340 ____A C:\Users\utente\Downloads\1 (1).flv
2013-01-12 11:10 - 2012-06-27 11:51 - 00000000 ____D C:\Users\utente\AppData\Local\iMesh
2013-01-12 11:04 - 2013-01-12 11:04 - 00000000 ____D C:\Users\All Users\A109
2013-01-11 14:16 - 2010-11-20 19:47 - 00115204 ____A C:\Windows\PFRO.log
2013-01-11 14:05 - 2013-01-09 11:34 - 00000000 ____D C:\Users\utente\AppData\Roaming\PerformerSoft
2013-01-11 03:12 - 2009-07-13 20:45 - 00436072 ____A C:\Windows\System32\FNTCACHE.DAT
2013-01-09 11:35 - 2013-01-09 11:35 - 00000000 ____D C:\Program Files (x86)\BabylonToolbar
2013-01-09 11:34 - 2013-01-09 11:34 - 00000000 ____D C:\Users\utente\AppData\Roaming\StatusWinks
2013-01-09 11:34 - 2013-01-09 11:34 - 00000000 ____D C:\Program Files (x86)\File Scout
2013-01-09 11:34 - 2012-03-02 13:43 - 00000000 ____D C:\Users\All Users\IBUpdaterService
2013-01-09 11:32 - 2013-01-09 11:34 - 00584768 ____A () C:\Windows\SysWOW64\dmwu.exe
2013-01-09 11:32 - 2013-01-09 11:32 - 00584768 ____A () C:\Users\utente\Downloads\BestCodecPack_Setup.exe
2013-01-05 03:17 - 2013-01-05 03:17 - 00000000 ____D C:\Users\utente\AppData\Roaming\Funmoods
2013-01-05 03:15 - 2013-01-05 03:15 - 00000000 ____D C:\Program Files (x86)\Gophoto.it
2013-01-05 03:14 - 2013-01-05 03:14 - 00238296 ____A C:\Users\utente\Downloads\[XVID_ITA]Gli_Aristogatti.exe
2013-01-04 16:32 - 2013-01-04 16:32 - 00253840 ____A C:\Users\utente\Downloads\Pooh_discografia_by_Satu.exe
2013-01-04 16:28 - 2013-01-04 16:28 - 00000000 ____D C:\Program Files (x86)\MyPcCleaner
2013-01-04 16:28 - 2012-08-23 05:31 - 00000000 ____D C:\Users\utente\AppData\Local\SoftwareUpdater
2013-01-04 16:26 - 2013-01-04 16:26 - 00373464 ____A (Softonic) C:\Users\utente\Downloads\SoftonicDownloader_per_utorrent-portable.exe
2013-01-04 16:26 - 2013-01-04 16:25 - 00373440 ____A (Softonic) C:\Users\utente\Downloads\SoftonicDownloader_per_utorrent (3).exe
2013-01-04 06:57 - 2013-01-04 06:57 - 02295812 ____A C:\Users\utente\Downloads\bannedcelebs_com_3.mpg

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-01-13 10:00:56
Restore point made on: 2013-01-15 10:22:13
Restore point made on: 2013-01-18 13:44:06
Restore point made on: 2013-01-20 10:25:50
Restore point made on: 2013-01-21 10:50:34
Restore point made on: 2013-01-21 13:51:30
Restore point made on: 2013-01-21 13:59:49
Restore point made on: 2013-01-21 14:04:58
Restore point made on: 2013-01-22 13:47:39
Restore point made on: 2013-01-27 13:38:43
Restore point made on: 2013-01-29 06:04:58
Restore point made on: 2013-02-01 06:21:47
==================== Memory info ===========================
Percentage of memory in use: 33%
Total physical RAM: 1780.36 MB
Available physical RAM: 1191.29 MB
Total Pagefile: 1780.36 MB
Available Pagefile: 1175.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
==================== Partitions =============================
1 Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:191.93 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:13 GB) (Free:2.47 GB) NTFS
4 Drive g: () (Removable) (Total:7.44 GB) (Free:7.44 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
N. disco Stato Dimensioni Disponibile Din GPT
-------- ------------- ------------- ------------- --- ---
Disco 0 Online 298 Gbytes 0 byte
Disco 1 Online 7633 Mbytes 0 byte
Disco 2 Nessun suppor 0 byte 0 byte
Partitions of Disk 0:
===============
ID disco: 9A737327
Partizione ### Tipo Dim. Offset
--------------- ---------------- ------- -------
Partizione 1 Ripristino 13 Gb 1024 Kb
Partizione 2 Primario 100 Mb 13 Gb
Partizione 3 Primario 284 Gb 13 Gb
==================================================================================
Disk: 0
Partizione 1
Tipo : 27
Nascosta: S
Attiva: No
Volume ### Let. Etichetta Fs Tipo Dim. Stato Info
--------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E PQSERVICE NTFS Partizione 13 Gb Integro Nascosto
=========================================================
Disk: 0
Partizione 2
Tipo : 07
Nascosta: No
Attiva: Si
Volume ### Let. Etichetta Fs Tipo Dim. Stato Info
--------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM RESE NTFS Partizione 100 Mb Integro
=========================================================
Disk: 0
Partizione 3
Tipo : 07
Nascosta: No
Attiva: No
Volume ### Let. Etichetta Fs Tipo Dim. Stato Info
--------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Acer NTFS Partizione 284 Gb Integro
=========================================================
Partitions of Disk 1:
===============
ID disco: 00000000
Partizione ### Tipo Dim. Offset
--------------- ---------------- ------- -------
Partizione 1 Primario 7633 Mb 16 Kb
==================================================================================
Disk: 1
Partizione 1
Tipo : 0B
Nascosta: No
Attiva: No
Volume ### Let. Etichetta Fs Tipo Dim. Stato Info
--------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Rimovibile 7633 Mb Integro
=========================================================
Partitions of Disk 2:
===============
ID disco: 00000000
Questo disco non contiene alcuna partizione da visualizzare.
==================================================================================
Last Boot: 2012-12-14 11:44
==================== End Of Log =============================

 

[GENNARO97]

ciao ho contratto questo virus e ho seguito la guida (non funzionava dalla modalità provvisoria) ma non sono riuscito a capire come devo fare il passaggio del Wiki

 

[tecnico24]

Ciao GENNARO97 ,

Scarica fixlist.txt nella chiavetta dove hai salvato FRST.
Avvia FRST e clicca sul pulsante FIX per una volta sola
Nella chiavetta si creerà un log , chiamato fixlog.txt , caricalo su Free File Hosting - Online File Storage for Mp3, Videos, Music. Best File Host e postalo.
Download fixlist.txt ->> http://wikisend.com/download/472828/fixlist.txt

Dopo aver fatto ciò , il pc dovrebbe avviarsi normalmente.
A questo punto , dato che il pc è pieno di adware , esegui Adwcleaner come spiegato nella guida:
http://www.tomshw.it/forum/sicurezz...omputer-infetto-leggere-prima-di-postare.html
usalo direttamente con l'opzione elimina
conferma con OK al messaggio che ti appare
posta il report dopo il riavvio.

 

[nexo70]

Ciao ho beccato anch'io questo malware
ecco il link
Wikisend: free file sharing service
grazie in anticipo

 

[Mauris86]

Ciao, sono Mauro, anche io ho contratto il virus e non potevo accedere in mod. Provv, ho provato a ripristinare il pc a una versione di qualche settimana fa e ora funziona, nel frattempo sto facendo una scansione con il mio antivirus(panda global protection) che non capisco come abbia fatto a non rilevarlo e ho scaricato anche malwarebytes.
Secondo te sto andando bene o rischio di ribeccarlo?

 

[tecnico24]

@nexo70
Ciao.
Scarica fixlist.txt nella chiavetta dove hai salvato FRST.
Avvia FRST e clicca sul pulsante FIX per una volta sola
Nella chiavetta si creerà un log , chiamato fixlog.txt , postalo qui.

@Mauris86

Esegui malwarebytes aggiornato e posta il report.
Esegui Combofix e posta il resoconto.

 

[nexo70]

OK eseguito ecco il log
Wikisend: free file sharing service

- - - Updated - - -

Grazie Tecnico24 ora è tutto OK :) ho pulito il registro e i file temporanei con CCleaner Ciao

 

[tecnico24]

Puoi rimuovere FRST e i relativi log , ciao ;)

 

[aerodynamic]

Lo ha preso anche il pc di mia madre...sto effettuando un controllo con kaspersky rescuedisk, ma temo che a breve dovrò iniziare la procedura descritta da te, Tecnico...spero di rimetterlo in sesto velocemente: mia madre ci lavora con questa caffettiera!

 

[tecnico24]

@aerodynamic

La procedura è descritta , devi postare solo il report richiesto.

 

[aerodynamic]

@aerodynamic

La procedura è descritta , devi postare solo il report richiesto.

ok, dammi un secondo che posto tutto, anche se dopo il kaspersky rd si è avviato senza problemi...mah...

 

[tecnico24]

Se si avvia normalmente molto probabilmente Kaspersky ha fatto centro...posta il report e domani ci sentiamo per aggiornamenti.
Ciao ;)

 

[aerodynamic]

Wikisend: free file sharing service

ecco il report

 

[mangiafuoco]

Anch'io affetto dallo stesso virus.

Di seguito il link dove ho caricato il file .txt

WikiFortio - Wikifortio

http://wikisend.com/download/333920/FRST.txt


Grazie in anticipo per il supporto

Saluti

 

[tecnico24]

@aerodynamic

FRST non va eseguito da opzioni di ricovery , non hai seguito correttamente la guida.
Leggila attentamente , a partire da Ripristina il computer.
@mangiafuoco

Ho il sospetto che ci sia anche Zeroaccess.
In modalità provvisoria(con rete) non riesci proprio ad entrare?