Pubblicità
RISOLTO Virus Polizia di Stato, nuova versione?
- Autore discussione Valerio Martinelli
- Data d'inizio
Pubblicità
- Stato
ciao tecnico 24, io ho beccato lo stesso virus con logo della Polizia di Stato. Ho provato ad eseguire l'intera procedura che tu hai suggerito ma dopo aver avviato FRST e cliccato sul pulsante FIX per una sola volta, FRST ha creato un log (fixlog.txt) sulla pendrive dove c'è scritto:
Winmgmt service deleted successfully.
C:\Users\pc\wgsdgsdgdsgsd.exe not found.
C:\Users\All Users\dsgsdgdsgdsgw.pad not found.
Che posso fare?
Winmgmt service deleted successfully.
C:\Users\pc\wgsdgsdgdsgsd.exe not found.
C:\Users\All Users\dsgsdgdsgdsgw.pad not found.
Che posso fare?
Ciao,
anch'io ho avuto esattamente lo stesso problema del primo post nel forum.
Ho seguito la procedura che avete indicato e in di seguito il risultato della scansione.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-02-2013
Ran by SYSTEM at 02-02-2013 17:32:20
Running from F:\
Windows 7 Ultimate (X64) OS Language: Italian Standard
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [832544 2010-01-18] (Acer Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [MobileConnect] C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent [2499584 2010-01-19] (Vodafone)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [MDS_Menu] "C:\Program Files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Olympus\ib" UpdateWithCreateOnce "Software\OLYMPUS\ib\1.0" [220336 2010-07-01] (CyberLink Corp.)
HKLM-x32\...\Run: [Olympus ib] "C:\Program Files (x86)\Olympus\ib\olycamdetect.exe" /Startup [93360 2010-09-30] (OLYMPUS IMAGING CORP.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-13] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641664 2012-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
HKU\ANNA\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [1305408 2011-01-20] (DT Soft Ltd)
HKU\ANNA\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [16945032 2011-01-26] (Skype Technologies S.A.)
HKU\ANNA\...\Run: [Olympus ib] "C:\Program Files (x86)\Olympus\ib\olycamdetect.exe" /Startup [93360 2010-09-30] (OLYMPUS IMAGING CORP.)
HKU\ANNA\...\Winlogon: [Shell] explorer.exe,C:\Users\ANNA\AppData\Roaming\skype.dat [110592 2010-10-27] ()
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$e60f0a6ace53fa1bdc6be994ba3cda9f\n. ATTENTION! ====> ZeroAccess
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{FAC74E8A-196B-4D5D-8006-43A1F29BE166}: [NameServer]208.67.222.222,208.67.220.220
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
==================== Services (Whitelisted) ===================
2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [86224 2012-08-13] (Avira Operations GmbH & Co. KG)
2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [110032 2012-08-13] (Avira Operations GmbH & Co. KG)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 VMCService; "C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe" [9216 2010-01-19] (Vodafone)
==================== Drivers (Whitelisted) =====================
2 avgntflt; C:\Windows\System32\Drivers\avgntflt.sys [98848 2012-08-13] (Avira GmbH)
1 avipbb; C:\Windows\System32\Drivers\avipbb.sys [132832 2012-08-13] (Avira GmbH)
1 avkmgr; C:\Windows\System32\Drivers\avkmgr.sys [27760 2012-02-03] (Avira GmbH)
3 EZUSB; C:\Windows\System32\DRIVERS\ezusb64.sys [33792 2009-11-25] (Castles Technology Co.,Ltd)
3 onda_lq_cdc_acm; C:\Windows\System32\Drivers\onda_lq_cdc_acm.sys [78848 2011-03-25] (Onda Communication S.p.A)
3 onda_lq_cdc_ecm; C:\Windows\System32\Drivers\onda_lq_cdc_ecm.sys [52736 2011-03-25] (Onda Communication S.p.A)
3 onda_lq_cpo; C:\Windows\System32\Drivers\onda_lq_cpo.sys [14336 2011-03-25] (Onda Communication S.p.A)
3 onda_lq_ecm_enum; C:\Windows\System32\Drivers\onda_lq_ecm_enum.sys [53248 2011-03-25] (Onda Communication S.p.A)
3 onda_lq_ecm_enum_filter; C:\Windows\System32\Drivers\onda_lq_ecm_enum_filter.sys [53248 2011-03-25] (Onda Communication S.p.A)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [513080 2011-02-08] (Duplex Secure Ltd.)
3 SWDUMon; C:\Windows\System32\Drivers\SWDUMon.sys [13920 2013-02-02] ()
3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [x]
==================== NetSvcs (Whitelisted) ====================
==================== One Month Created Files and Folders ========
2013-02-02 17:32 - 2013-02-02 17:32 - 00000000 ____D C:\FRST
2013-02-02 00:22 - 2013-02-02 00:30 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2013-02-01 15:59 - 2013-02-02 17:20 - 00000004 ____A C:\Users\ANNA\AppData\Roaming\skype.ini
2013-01-16 15:19 - 2013-01-16 15:19 - 00002851 ____A C:\Users\ANNA\Desktop\IMG00103-20111001-1624.jpg - collegamento.lnk
==================== One Month Modified Files and Folders =======
2013-02-02 17:32 - 2013-02-02 17:32 - 00000000 ____D C:\FRST
2013-02-02 17:22 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-02-02 17:22 - 2009-07-14 05:51 - 00052366 ____A C:\Windows\setupact.log
2013-02-02 17:20 - 2013-02-01 15:59 - 00000004 ____A C:\Users\ANNA\AppData\Roaming\skype.ini
2013-02-02 17:20 - 2011-02-06 15:09 - 00000408 ____A C:\Windows\Tasks\SlimDrivers Startup.job
2013-02-02 17:20 - 2011-02-05 19:04 - 02073240 ____A C:\Windows\WindowsUpdate.log
2013-02-02 17:06 - 2011-02-06 15:09 - 00013920 ____A C:\Windows\System32\Drivers\SWDUMon.sys
2013-02-02 00:30 - 2013-02-02 00:22 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2013-02-01 18:57 - 2011-02-08 19:17 - 00000000 ____D C:\Users\ANNA\AppData\Roaming\Skype
2013-02-01 14:57 - 2011-02-08 22:25 - 00018536 ____A C:\Windows\PFRO.log
2013-01-31 17:42 - 2009-07-14 05:45 - 00009584 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-01-31 17:42 - 2009-07-14 05:45 - 00009584 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-01-16 15:22 - 2011-02-09 10:09 - 00000000 ____D C:\Users\ANNA\AppData\Roaming\TeraCopy
2013-01-16 15:19 - 2013-01-16 15:19 - 00002851 ____A C:\Users\ANNA\Desktop\IMG00103-20111001-1624.jpg - collegamento.lnk
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-950961757-61761348-2081806951-1000\$e60f0a6ace53fa1bdc6be994ba3cda9f
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$e60f0a6ace53fa1bdc6be994ba3cda9f
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2012-09-25 11:04:33
Restore point made on: 2012-10-12 19:06:34
Restore point made on: 2012-10-22 14:37:54
Restore point made on: 2012-11-02 15:48:21
Restore point made on: 2012-11-24 14:49:33
Restore point made on: 2012-12-11 18:29:01
Restore point made on: 2012-12-26 17:18:48
Restore point made on: 2013-01-09 17:35:16
Restore point made on: 2013-01-19 17:00:21
Restore point made on: 2013-02-01 18:18:23
==================== Memory info ===========================
Percentage of memory in use: 15%
Total physical RAM: 3958.71 MB
Available physical RAM: 3331.86 MB
Total Pagefile: 3956.86 MB
Available Pagefile: 3316.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
==================== Partitions =============================
1 Drive c: () (Fixed) (Total:297.99 GB) (Free:239.21 GB) NTFS
3 Drive f: (OBIONE) (Removable) (Total:7.67 GB) (Free:1.34 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
N. disco Stato Dimensioni Disponibile Din GPT
-------- ------------- ------------- ------------- --- ---
Disco 0 Online 298 Gbytes 0 byte
Disco 1 Online 7872 Mbytes 0 byte
Partitions of Disk 0:
===============
ID disco: 0DC0B93E
Partizione ### Tipo Dim. Offset
--------------- ---------------- ------- -------
Partizione 1 Primario 100 Mb 1024 Kb
Partizione 2 Primario 297 Gb 101 Mb
==================================================================================
Disk: 0
Partizione 1
Tipo : 07
Nascosta: No
Attiva: Si
Volume ### Let. Etichetta Fs Tipo Dim. Stato Info
--------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y NTFS Partizione 100 Mb Integro
=========================================================
Disk: 0
Partizione 2
Tipo : 07
Nascosta: No
Attiva: No
Volume ### Let. Etichetta Fs Tipo Dim. Stato Info
--------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partizione 297 Gb Integro
=========================================================
Partitions of Disk 1:
===============
ID disco: 00000000
Partizione ### Tipo Dim. Offset
--------------- ---------------- ------- -------
Partizione 1 Primario 7871 Mb 16 Kb
==================================================================================
Disk: 1
Partizione 1
Tipo : 0B
Nascosta: No
Attiva: No
Volume ### Let. Etichetta Fs Tipo Dim. Stato Info
--------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F OBIONE FAT32 Rimovibile 7871 Mb Integro
=========================================================
Last Boot: 2013-01-25 15:53
==================== End Of Log =============================
Grazie.
anch'io ho avuto esattamente lo stesso problema del primo post nel forum.
Ho seguito la procedura che avete indicato e in di seguito il risultato della scansione.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-02-2013
Ran by SYSTEM at 02-02-2013 17:32:20
Running from F:\
Windows 7 Ultimate (X64) OS Language: Italian Standard
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [832544 2010-01-18] (Acer Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [MobileConnect] C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent [2499584 2010-01-19] (Vodafone)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [MDS_Menu] "C:\Program Files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Olympus\ib" UpdateWithCreateOnce "Software\OLYMPUS\ib\1.0" [220336 2010-07-01] (CyberLink Corp.)
HKLM-x32\...\Run: [Olympus ib] "C:\Program Files (x86)\Olympus\ib\olycamdetect.exe" /Startup [93360 2010-09-30] (OLYMPUS IMAGING CORP.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-13] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641664 2012-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
HKU\ANNA\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [1305408 2011-01-20] (DT Soft Ltd)
HKU\ANNA\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [16945032 2011-01-26] (Skype Technologies S.A.)
HKU\ANNA\...\Run: [Olympus ib] "C:\Program Files (x86)\Olympus\ib\olycamdetect.exe" /Startup [93360 2010-09-30] (OLYMPUS IMAGING CORP.)
HKU\ANNA\...\Winlogon: [Shell] explorer.exe,C:\Users\ANNA\AppData\Roaming\skype.dat [110592 2010-10-27] ()
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$e60f0a6ace53fa1bdc6be994ba3cda9f\n. ATTENTION! ====> ZeroAccess
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{FAC74E8A-196B-4D5D-8006-43A1F29BE166}: [NameServer]208.67.222.222,208.67.220.220
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
==================== Services (Whitelisted) ===================
2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [86224 2012-08-13] (Avira Operations GmbH & Co. KG)
2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [110032 2012-08-13] (Avira Operations GmbH & Co. KG)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 VMCService; "C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe" [9216 2010-01-19] (Vodafone)
==================== Drivers (Whitelisted) =====================
2 avgntflt; C:\Windows\System32\Drivers\avgntflt.sys [98848 2012-08-13] (Avira GmbH)
1 avipbb; C:\Windows\System32\Drivers\avipbb.sys [132832 2012-08-13] (Avira GmbH)
1 avkmgr; C:\Windows\System32\Drivers\avkmgr.sys [27760 2012-02-03] (Avira GmbH)
3 EZUSB; C:\Windows\System32\DRIVERS\ezusb64.sys [33792 2009-11-25] (Castles Technology Co.,Ltd)
3 onda_lq_cdc_acm; C:\Windows\System32\Drivers\onda_lq_cdc_acm.sys [78848 2011-03-25] (Onda Communication S.p.A)
3 onda_lq_cdc_ecm; C:\Windows\System32\Drivers\onda_lq_cdc_ecm.sys [52736 2011-03-25] (Onda Communication S.p.A)
3 onda_lq_cpo; C:\Windows\System32\Drivers\onda_lq_cpo.sys [14336 2011-03-25] (Onda Communication S.p.A)
3 onda_lq_ecm_enum; C:\Windows\System32\Drivers\onda_lq_ecm_enum.sys [53248 2011-03-25] (Onda Communication S.p.A)
3 onda_lq_ecm_enum_filter; C:\Windows\System32\Drivers\onda_lq_ecm_enum_filter.sys [53248 2011-03-25] (Onda Communication S.p.A)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [513080 2011-02-08] (Duplex Secure Ltd.)
3 SWDUMon; C:\Windows\System32\Drivers\SWDUMon.sys [13920 2013-02-02] ()
3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [x]
==================== NetSvcs (Whitelisted) ====================
==================== One Month Created Files and Folders ========
2013-02-02 17:32 - 2013-02-02 17:32 - 00000000 ____D C:\FRST
2013-02-02 00:22 - 2013-02-02 00:30 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2013-02-01 15:59 - 2013-02-02 17:20 - 00000004 ____A C:\Users\ANNA\AppData\Roaming\skype.ini
2013-01-16 15:19 - 2013-01-16 15:19 - 00002851 ____A C:\Users\ANNA\Desktop\IMG00103-20111001-1624.jpg - collegamento.lnk
==================== One Month Modified Files and Folders =======
2013-02-02 17:32 - 2013-02-02 17:32 - 00000000 ____D C:\FRST
2013-02-02 17:22 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-02-02 17:22 - 2009-07-14 05:51 - 00052366 ____A C:\Windows\setupact.log
2013-02-02 17:20 - 2013-02-01 15:59 - 00000004 ____A C:\Users\ANNA\AppData\Roaming\skype.ini
2013-02-02 17:20 - 2011-02-06 15:09 - 00000408 ____A C:\Windows\Tasks\SlimDrivers Startup.job
2013-02-02 17:20 - 2011-02-05 19:04 - 02073240 ____A C:\Windows\WindowsUpdate.log
2013-02-02 17:06 - 2011-02-06 15:09 - 00013920 ____A C:\Windows\System32\Drivers\SWDUMon.sys
2013-02-02 00:30 - 2013-02-02 00:22 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2013-02-01 18:57 - 2011-02-08 19:17 - 00000000 ____D C:\Users\ANNA\AppData\Roaming\Skype
2013-02-01 14:57 - 2011-02-08 22:25 - 00018536 ____A C:\Windows\PFRO.log
2013-01-31 17:42 - 2009-07-14 05:45 - 00009584 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-01-31 17:42 - 2009-07-14 05:45 - 00009584 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-01-16 15:22 - 2011-02-09 10:09 - 00000000 ____D C:\Users\ANNA\AppData\Roaming\TeraCopy
2013-01-16 15:19 - 2013-01-16 15:19 - 00002851 ____A C:\Users\ANNA\Desktop\IMG00103-20111001-1624.jpg - collegamento.lnk
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-950961757-61761348-2081806951-1000\$e60f0a6ace53fa1bdc6be994ba3cda9f
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$e60f0a6ace53fa1bdc6be994ba3cda9f
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2012-09-25 11:04:33
Restore point made on: 2012-10-12 19:06:34
Restore point made on: 2012-10-22 14:37:54
Restore point made on: 2012-11-02 15:48:21
Restore point made on: 2012-11-24 14:49:33
Restore point made on: 2012-12-11 18:29:01
Restore point made on: 2012-12-26 17:18:48
Restore point made on: 2013-01-09 17:35:16
Restore point made on: 2013-01-19 17:00:21
Restore point made on: 2013-02-01 18:18:23
==================== Memory info ===========================
Percentage of memory in use: 15%
Total physical RAM: 3958.71 MB
Available physical RAM: 3331.86 MB
Total Pagefile: 3956.86 MB
Available Pagefile: 3316.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
==================== Partitions =============================
1 Drive c: () (Fixed) (Total:297.99 GB) (Free:239.21 GB) NTFS
3 Drive f: (OBIONE) (Removable) (Total:7.67 GB) (Free:1.34 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
N. disco Stato Dimensioni Disponibile Din GPT
-------- ------------- ------------- ------------- --- ---
Disco 0 Online 298 Gbytes 0 byte
Disco 1 Online 7872 Mbytes 0 byte
Partitions of Disk 0:
===============
ID disco: 0DC0B93E
Partizione ### Tipo Dim. Offset
--------------- ---------------- ------- -------
Partizione 1 Primario 100 Mb 1024 Kb
Partizione 2 Primario 297 Gb 101 Mb
==================================================================================
Disk: 0
Partizione 1
Tipo : 07
Nascosta: No
Attiva: Si
Volume ### Let. Etichetta Fs Tipo Dim. Stato Info
--------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y NTFS Partizione 100 Mb Integro
=========================================================
Disk: 0
Partizione 2
Tipo : 07
Nascosta: No
Attiva: No
Volume ### Let. Etichetta Fs Tipo Dim. Stato Info
--------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partizione 297 Gb Integro
=========================================================
Partitions of Disk 1:
===============
ID disco: 00000000
Partizione ### Tipo Dim. Offset
--------------- ---------------- ------- -------
Partizione 1 Primario 7871 Mb 16 Kb
==================================================================================
Disk: 1
Partizione 1
Tipo : 0B
Nascosta: No
Attiva: No
Volume ### Let. Etichetta Fs Tipo Dim. Stato Info
--------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F OBIONE FAT32 Rimovibile 7871 Mb Integro
=========================================================
Last Boot: 2013-01-25 15:53
==================== End Of Log =============================
Grazie.
tecnico24
Utente Èlite
- Messaggi
- 10,708
- Reazioni
- 1,072
- Punteggio
- 201
@jedi2000
Ciao e benvenuto.
Posta il resoconto nel topic ufficiale -> http://www.tomshw.it/forum/sicurezz...a-di-finanzia-ukash-rimozione-e-supporto.html
caricalo su WikiFortio - Wikifortio e postalo.
Ciao e benvenuto.
Posta il resoconto nel topic ufficiale -> http://www.tomshw.it/forum/sicurezz...a-di-finanzia-ukash-rimozione-e-supporto.html
caricalo su WikiFortio - Wikifortio e postalo.
- Stato
Pubblicità