Grazie mille, appena torno a casa dall'università, eseguo la procedura e posto il report!
Avrete notizie in serata :)
- - - Updated - - -
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-01-2013 02
Ran by SYSTEM at 22-01-2013 14:55:04
Running from E:\
Windows Vista (TM) Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [40368 2011-08-30] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
HKU\Default\...\RunOnce: [AcerScrSav] C:\Windows\Acer\run_NB.exe [24576 2007-08-21] ()
HKU\Default User\...\RunOnce: [AcerScrSav] C:\Windows\Acer\run_NB.exe [24576 2007-08-21] ()
HKU\pc\...\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED [969104 2012-12-25] (BitTorrent, Inc.)
HKU\pc\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\pc\...\Winlogon: [Shell] Explorer.exe [x]
Winlogon\Notify\AWinNotifyVitaKey MC3000:
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll [X]
==================== Services (Whitelisted) ===================
4 Adobe LM Service; "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" [68096 2009-12-10] ()
3 EhttpSrv; "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" [33584 2010-08-12] (ESET)
2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" [810144 2010-08-12] (ESET)
4 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-06-02] ()
4 MobilityService; C:\Acer\Mobility Center\MobilityService.exe -p [110592 2007-12-06] ()
2 Winmgmt; C:\Users\pc\wgsdgsdgdsgsd.exe [205824 2013-01-18] (?????????? ??????????)
==================== Drivers (Whitelisted) ====================
3 bdfsfltr; C:\Windows\System32\DRIVERS\bdfsfltr.sys [327368 2010-07-09] (BitDefender)
2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [136632 2010-07-29] (ESET)
1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [115008 2010-07-29] (ESET)
1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
3 ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [11984 2007-02-15] (Elaborate Bytes AG)
2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [96920 2010-07-29] (ESET)
2 int15; \??\C:\Windows\system32\drivers\int15.sys [69632 2007-01-25] ()
1 kl1; C:\Windows\System32\DRIVERS\kl1.sys [128016 2009-09-01] (Kaspersky Lab)
3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-04] (Atheros Communications, Inc.)
2 MASPINT; C:\Windows\System32\Drivers\MASPINT.sys [8096 2000-03-29] (MicroStaff Co.,Ltd.)
3 PhotoFrame; C:\Windows\System32\DRIVERS\PhotoFrame.sys [30464 2007-08-31] (ETC)
2 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [308152 2011-01-12] (BitDefender S.R.L.)
3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [21344 2005-05-26] (LG Electronics Inc.)
3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [38144 2005-05-26] (LG Electronics Inc.)
3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [39036 2005-06-24] (LG Electronics Inc.)
3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-27] (Winbond Electronics Corporation)
3 AVSNDISIM; C:\Windows\System32\DRIVERS\AVSNDISIMDriver.sys [x]
3 AVSNDISIMMP; C:\Windows\System32\DRIVERS\AVSNDISIMDriver.sys [x]
3 bdselfpr; \??\C:\Program Files\Common Files\BitDefender\SetupInformation\{73FAD870-C7A8-4344-BA8F-DF8675276E91}\bdselfpr.sys [x]
3 DKbFltr; [x]
3 Fonvcvvrtwf; [x]
3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [x]
3 IpInIp; [x]
3 NwlnkFlt; [x]
3 NwlnkFwd; [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-01-18 12:45 - 2013-01-18 12:45 - 00205824 ____A (?????????? ??????????) C:\Users\pc\wgsdgsdgdsgsd.exe
2013-01-15 09:37 - 2013-01-15 09:37 - 00000086 ___AH C:\Users\pc\Desktop\.~lock.Rifiuti.doc#
2013-01-15 09:36 - 2012-11-22 17:35 - 02048000 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-01-15 09:36 - 2012-11-21 19:54 - 00353280 ____A (Microsoft Corporation) C:\Windows\System32\shlwapi.dll
2013-01-15 09:36 - 2012-11-19 20:22 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-01-15 09:35 - 2012-11-02 02:19 - 01400832 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-01-01 05:14 - 2013-01-05 11:50 - 00000000 ____D C:\Users\All Users\DVD Shrink
2013-01-01 05:14 - 2013-01-01 05:14 - 00000756 ____A C:\Users\pc\Desktop\DVD Shrink 3.2.lnk
2013-01-01 05:14 - 2013-01-01 05:14 - 00000000 ____D C:\Program Files\DVD Shrink
2012-12-25 03:27 - 2012-12-16 05:12 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-25 03:27 - 2012-12-16 02:50 - 00293376 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
==================== One Month Modified Files and Folders ========
2013-01-22 14:54 - 2013-01-22 14:54 - 00000000 ____D C:\FRST
2013-01-19 10:21 - 2012-10-16 07:25 - 00002384 ____A C:\Windows\setupact.log
2013-01-19 10:21 - 2012-10-01 07:36 - 83023306 ___AT C:\Users\All Users\dsgsdgdsgdsgw.pad
2013-01-19 10:21 - 2011-08-16 12:45 - 00000000 ____D C:\Users\pc\AppData\Roaming\uTorrent
2013-01-19 10:21 - 2011-04-30 11:44 - 00001126 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-01-19 10:21 - 2009-01-04 07:35 - 00096162 ____A C:\Users\All Users\nvModes.001
2013-01-19 10:21 - 2008-10-27 01:25 - 00001076 ____A C:\Windows\bthservsdp.dat
2013-01-19 10:21 - 2006-11-02 05:01 - 00032518 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-01-19 10:21 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-01-19 10:20 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-01-19 10:20 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-01-19 09:51 - 2009-01-03 09:04 - 00096162 ____A C:\Users\All Users\nvModes.dat
2013-01-19 09:49 - 2009-10-31 11:37 - 00000000 ____D C:\Windows\pss
2013-01-19 09:46 - 2008-10-27 01:25 - 01943398 ____A C:\Windows\WindowsUpdate.log
2013-01-18 17:27 - 2006-11-02 04:47 - 00371448 ____A C:\Windows\System32\FNTCACHE.DAT
2013-01-18 15:04 - 2008-10-27 01:45 - 00000000 ____A C:\Windows\System32\LogConfigTemp.xml
2013-01-18 12:48 - 2008-01-20 22:31 - 00005556 ____A C:\Windows\System32\PerfStringBackup.INI
2013-01-18 12:48 - 2008-01-20 22:30 - 08004240 ____A C:\Windows\System32\perfh010.dat
2013-01-18 12:48 - 2008-01-20 22:30 - 02758182 ____A C:\Windows\System32\perfc010.dat
2013-01-18 12:45 - 2013-01-18 12:45 - 00205824 ____A (?????????? ??????????) C:\Users\pc\wgsdgsdgdsgsd.exe
2013-01-18 12:45 - 2008-12-17 16:35 - 00000000 ____D C:\users\pc
2013-01-18 12:38 - 2009-08-15 23:50 - 00000431 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2013-01-17 12:52 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-01-17 12:38 - 2012-04-03 06:04 - 00000978 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-01-17 12:09 - 2012-04-03 06:04 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-01-17 12:09 - 2011-07-06 03:13 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-01-17 12:01 - 2011-04-30 11:44 - 00001130 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-01-17 11:45 - 2006-11-02 02:24 - 65273848 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-01-17 11:40 - 2008-01-20 18:47 - 05453450 ____A C:\Windows\PFRO.log
2013-01-15 09:37 - 2013-01-15 09:37 - 00000086 ___AH C:\Users\pc\Desktop\.~lock.Rifiuti.doc#
2013-01-13 03:03 - 2012-09-03 10:44 - 00001935 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-01-05 11:50 - 2013-01-01 05:14 - 00000000 ____D C:\Users\All Users\DVD Shrink
2013-01-01 06:00 - 2012-07-29 05:47 - 00000024 ____A C:\Windows\D85E7AD02A27B62E.log
2013-01-01 05:14 - 2013-01-01 05:14 - 00000756 ____A C:\Users\pc\Desktop\DVD Shrink 3.2.lnk
2013-01-01 05:14 - 2013-01-01 05:14 - 00000000 ____D C:\Program Files\DVD Shrink
2013-01-01 05:06 - 2012-07-29 04:35 - 00000043 ___SH C:\Users\All Users\.zreglib
2012-12-25 16:19 - 2011-08-16 12:46 - 00000000 ____D C:\Program Files\uTorrent
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2012-12-13 08:30] - [2012-08-21 03:47] - 0224640 ____A (Microsoft Corporation) 786DB5771F05EF300390399F626BF30A
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2012-12-08 10:09:15
Restore point made on: 2012-12-13 08:25:40
Restore point made on: 2012-12-14 11:03:32
Restore point made on: 2012-12-20 08:11:50
Restore point made on: 2012-12-24 14:27:18
Restore point made on: 2012-12-25 03:27:12
Restore point made on: 2012-12-27 01:08:58
Restore point made on: 2012-12-29 05:24:32
Restore point made on: 2013-01-02 05:53:01
Restore point made on: 2013-01-05 10:52:23
Restore point made on: 2013-01-15 09:32:33
Restore point made on: 2013-01-17 11:45:36
==================== Memory info ===========================
Percentage of memory in use: 8%
Total physical RAM: 4090.06 MB
Available physical RAM: 3729.64 MB
Total Pagefile: 3955.54 MB
Available Pagefile: 3802.84 MB
Total Virtual: 2047.88 MB
Available Virtual: 1975.72 MB
==================== Partitions =============================
1 Drive c: (ACER) (Fixed) (Total:144.04 GB) (Free:40.21 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: () (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT32
4 Drive f: (DATA) (Fixed) (Total:140.5 GB) (Free:132.64 GB) NTFS
6 Drive x: (PQSERVICE) (Fixed) (Total:10 GB) (Free:0.76 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 1910 MB 0 B
Partitions of Disk 0:
===============
ACTIVE - Mark the selected basic partition as active.
ADD - Add a mirror to a simple volume.
ASSIGN - Assign a drive letter or mount point to the selected volume.
ATTRIBUTES - Manipulate volume attributes.
AUTOMOUNT - Enable and disable automatic mounting of basic volumes.
BREAK - Break a mirror set.
CLEAN - Clear the configuration information, or all information, off the
disk.
CONVERT - Convert between different disk formats.
CREATE - Create a volume or partition.
DELETE - Delete an object.
DETAIL - Provide details about an object.
EXIT - Exit DiskPart.
EXTEND - Extend a volume.
FILESYSTEMS - Display current and supported file systems on the volume.
FORMAT - Format the volume or partition.
GPT - Assign attributes to the selected GPT partition.
HELP - Display a list of commands.
IMPORT - Import a disk group.
INACTIVE - Mark the selected basic partition as inactive.
LIST - Display a list of objects.
ONLINE - Online a disk that is currently marked as offline.
REM - Does nothing. This is used to comment scripts.
REMOVE - Remove a drive letter or mount point assignment.
REPAIR - Repair a RAID-5 volume with a failed member.
RESCAN - Rescan the computer looking for disks and volumes.
RETAIN - Place a retained partition under a simple volume.
SELECT - Shift the focus to an object.
SETID - Change the partition type.
SHRINK - Reduce the size of the selected volume.
=========================================================
Partitions of Disk 2:
===============
ACTIVE - Mark the selected basic partition as active.
ADD - Add a mirror to a simple volume.
ASSIGN - Assign a drive letter or mount point to the selected volume.
ATTRIBUTES - Manipulate volume attributes.
AUTOMOUNT - Enable and disable automatic mounting of basic volumes.
BREAK - Break a mirror set.
CLEAN - Clear the configuration information, or all information, off the
disk.
CONVERT - Convert between different disk formats.
CREATE - Create a volume or partition.
DELETE - Delete an object.
DETAIL - Provide details about an object.
EXIT - Exit DiskPart.
EXTEND - Extend a volume.
FILESYSTEMS - Display current and supported file systems on the volume.
FORMAT - Format the volume or partition.
GPT - Assign attributes to the selected GPT partition.
HELP - Display a list of commands.
IMPORT - Import a disk group.
INACTIVE - Mark the selected basic partition as inactive.
LIST - Display a list of objects.
ONLINE - Online a disk that is currently marked as offline.
REM - Does nothing. This is used to comment scripts.
REMOVE - Remove a drive letter or mount point assignment.
REPAIR - Repair a RAID-5 volume with a failed member.
RESCAN - Rescan the computer looking for disks and volumes.
RETAIN - Place a retained partition under a simple volume.
SELECT - Shift the focus to an object.
SETID - Change the partition type.
SHRINK - Reduce the size of the selected volume.
=========================================================
Last Boot: 2013-01-19 09:43
==================== End Of Log ============================
- - - Updated - - -
Pensandoci, non potrei mettere Combofix su Usb ed avviarlo dal Prompt dei comandi?