Olimpo Informatico

[Tekeros]

Salve a tutti !!! o recentemente ripristinato windows 7 per dei errori anomali, poi o eseguito combofix e ho trovato ancora dell enomalie qualcuno può cotrollare il report? avevo ancora dei virus? a quanto pare combofix a bloccato delle chiavi potete aiutarm?i grazie!

ecco il report:

ComboFix 18-08-08.01 - Salvo 14/11/2018 16:12:22.1.2 - x64 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1252.39.1040.18.3991.2866 [GMT 1:00]
Eseguito da: f:\programmi\Antivirus\portabili\ComboFix.exe
AV: Avast Antivirus *Enabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Microsoft Security Essentials *Enabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
SP: Avast Antivirus *Enabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Microsoft Security Essentials *Enabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((( Files Creati Da 2018-10-14 al 2018-11-14 )))))))))))))))))))))))))))))))))))
.
.
2018-11-14 15:16 . 2018-11-14 15:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2018-11-14 15:10 . 2018-11-14 15:10 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F1CD43D3-5B1E-4F8C-B104-26B8C2500251}\offreg.776.dll
2018-11-14 15:09 . 2018-11-14 13:11 14700824 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F1CD43D3-5B1E-4F8C-B104-26B8C2500251}\mpengine.dll
2018-10-31 18:32 . 2018-10-31 18:32 -------- d-----w- c:\users\Salvo\AppData\Roaming\AVAST Software
2018-10-31 18:32 . 2018-11-14 14:58 -------- d-----w- c:\users\Salvo\AppData\Local\AVAST Software
2018-10-31 13:53 . 2018-10-17 22:31 14700800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2018-10-31 09:31 . 2018-10-31 09:31 -------- d-----w- c:\programdata\HitmanPro
2018-10-31 06:30 . 2018-10-31 06:30 -------- d-----w- C:\NPE
2018-10-31 06:25 . 2018-10-31 18:03 -------- d-----w- c:\programdata\Norton
2018-10-21 16:55 . 2018-10-21 16:55 -------- d-----w- c:\users\Salvo\AppData\Roaming\Apowersoft
2018-10-17 17:27 . 2018-10-17 17:30 -------- d-----w- c:\users\Salvo\AppData\Local\gtk-2.0
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-10-31 15:54 . 2018-09-21 00:46 62774584 ----a-w- c:\users\Salvo\AppData\Roaming\Microsoft\Skype for Desktop\Skype-Setup.exe
2018-10-15 21:48 . 2010-11-21 03:27 559880 ------w- c:\windows\system32\MpSigStub.exe
2018-10-10 13:22 . 2018-01-17 20:24 136745976 -c--a-w- c:\windows\system32\MRT.exe
2018-09-19 16:56 . 2018-09-19 16:56 1094320 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{238A77FA-783F-4DF3-A2F3-A1A554BA35F7}\gapaengine.dll
2018-09-19 08:37 . 2018-09-19 08:37 1094320 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2018-09-19 08:08 . 2018-10-10 12:45 343552 ----a-w- c:\windows\SysWow64\msrd3x40.dll
2018-09-18 19:08 . 2018-10-10 12:45 396888 ----a-w- c:\windows\system32\iedkcs32.dll
2018-09-18 05:52 . 2018-10-10 12:45 25735168 ----a-w- c:\windows\system32\mshtml.dll
2018-09-18 05:38 . 2018-10-10 12:45 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2018-09-18 05:38 . 2018-10-10 12:45 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2018-09-18 05:27 . 2018-10-10 12:45 2902016 ----a-w- c:\windows\system32\iertutil.dll
2018-09-18 05:26 . 2018-10-10 12:45 66560 ----a-w- c:\windows\system32\iesetup.dll
2018-09-18 05:25 . 2018-10-10 12:45 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2018-09-18 05:25 . 2018-10-10 12:45 417280 ----a-w- c:\windows\system32\html.iec
2018-09-18 05:25 . 2018-10-10 12:45 576512 ----a-w- c:\windows\system32\vbscript.dll
2018-09-18 05:25 . 2018-10-10 12:45 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2018-09-18 05:19 . 2018-10-10 12:45 54784 ----a-w- c:\windows\system32\jsproxy.dll
2018-09-18 05:18 . 2018-10-10 12:45 34304 ----a-w- c:\windows\system32\iernonce.dll
2018-09-18 05:16 . 2018-10-10 12:45 615936 ----a-w- c:\windows\system32\ieui.dll
2018-09-18 05:15 . 2018-10-10 12:45 116224 ----a-w- c:\windows\system32\ieetwcollector.exe
2018-09-18 05:15 . 2018-10-10 12:45 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2018-09-18 05:14 . 2018-10-10 12:45 794624 ----a-w- c:\windows\system32\jscript.dll
2018-09-18 05:14 . 2018-10-10 12:45 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2018-09-18 05:14 . 2018-10-10 12:45 5779456 ----a-w- c:\windows\system32\jscript9.dll
2018-09-18 05:09 . 2018-10-10 12:45 969216 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2018-09-18 05:06 . 2018-10-10 12:45 489984 ----a-w- c:\windows\system32\dxtmsft.dll
2018-09-18 05:01 . 2018-10-10 12:45 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2018-09-18 05:00 . 2018-10-10 12:45 87552 ----a-w- c:\windows\system32\tdc.ocx
2018-09-18 05:00 . 2018-10-10 12:45 107520 ----a-w- c:\windows\system32\inseng.dll
2018-09-18 04:57 . 2018-10-10 12:45 199680 ----a-w- c:\windows\system32\msrating.dll
2018-09-18 04:57 . 2018-10-10 12:45 92160 ----a-w- c:\windows\system32\mshtmled.dll
2018-09-18 04:55 . 2018-10-10 12:45 315392 ----a-w- c:\windows\system32\dxtrans.dll
2018-09-18 04:53 . 2018-10-10 12:45 152064 ----a-w- c:\windows\system32\occache.dll
2018-09-18 04:45 . 2018-10-10 12:45 262144 ----a-w- c:\windows\system32\webcheck.dll
2018-09-18 04:43 . 2018-10-10 12:45 728064 ----a-w- c:\windows\system32\ie4uinit.exe
2018-09-18 04:42 . 2018-10-10 12:45 809472 ----a-w- c:\windows\system32\msfeeds.dll
2018-09-18 04:41 . 2018-10-10 12:45 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2018-09-18 04:41 . 2018-10-10 12:45 2136064 ----a-w- c:\windows\system32\inetcpl.cpl
2018-09-18 04:39 . 2018-10-10 12:45 15283712 ----a-w- c:\windows\system32\ieframe.dll
2018-09-18 04:35 . 2018-10-10 12:45 4510720 ----a-w- c:\windows\system32\wininet.dll
2018-09-18 04:31 . 2018-10-10 12:45 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2018-09-18 04:23 . 2018-10-10 12:45 1555968 ----a-w- c:\windows\system32\urlmon.dll
2018-09-18 04:21 . 2018-10-10 12:45 497664 ----a-w- c:\windows\SysWow64\vbscript.dll
2018-09-18 04:21 . 2018-10-10 12:45 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2018-09-18 04:20 . 2018-10-10 12:45 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2018-09-18 04:20 . 2018-10-10 12:45 341504 ----a-w- c:\windows\SysWow64\html.iec
2018-09-18 04:19 . 2018-10-10 12:45 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2018-09-18 04:13 . 2018-10-10 12:45 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2018-09-18 04:12 . 2018-10-10 12:45 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2018-09-18 04:10 . 2018-10-10 12:45 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2018-09-18 04:03 . 2018-10-10 12:45 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2018-09-18 04:02 . 2018-10-10 12:45 73216 ----a-w- c:\windows\SysWow64\tdc.ocx
2018-09-18 03:57 . 2018-10-10 12:45 4494848 ----a-w- c:\windows\SysWow64\jscript9.dll
2018-09-18 03:50 . 2018-10-10 12:45 2059776 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2018-09-18 03:50 . 2018-10-10 12:45 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2018-09-18 03:37 . 2018-10-10 12:45 4037632 ----a-w- c:\windows\SysWow64\wininet.dll
2018-09-17 03:45 . 2018-01-15 13:44 842240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2018-09-17 03:45 . 2018-01-15 13:44 175104 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2018-09-11 18:28 . 2018-10-10 12:45 3227136 ----a-w- c:\windows\system32\win32k.sys
2018-09-11 18:23 . 2018-10-10 12:45 161280 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2018-09-11 18:22 . 2018-10-10 12:45 129536 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2018-09-11 11:18 . 2018-01-31 15:50 152688 ----a-w- c:\windows\system32\drivers\mbae64.sys
2018-09-09 01:02 . 2018-10-10 12:45 986824 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2018-09-09 01:02 . 2018-10-10 12:45 631680 ----a-w- c:\windows\system32\winresume.efi
2018-09-09 01:02 . 2018-10-10 12:45 5552328 ----a-w- c:\windows\system32\ntoskrnl.exe
2018-09-09 01:02 . 2018-10-10 12:45 1680072 ----a-w- c:\windows\system32\drivers\ntfs.sys
2018-09-09 01:02 . 2018-10-10 12:45 708296 ----a-w- c:\windows\system32\winload.efi
2018-09-09 01:02 . 2018-10-10 12:45 262344 ----a-w- c:\windows\system32\hal.dll
2018-09-09 01:02 . 2018-10-10 12:45 265416 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2018-09-09 01:02 . 2018-10-10 12:45 95432 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2018-09-09 01:02 . 2018-10-10 12:45 154824 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2018-09-09 01:01 . 2018-10-10 12:45 1664320 ----a-w- c:\windows\system32\ntdll.dll
2018-09-09 00:59 . 2018-10-10 12:45 361984 ----a-w- c:\windows\system32\wow64win.dll
2018-09-09 00:59 . 2018-10-10 12:45 243712 ----a-w- c:\windows\system32\wow64.dll
2018-09-09 00:59 . 2018-10-10 12:45 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2018-09-09 00:59 . 2018-10-10 12:45 215552 ----a-w- c:\windows\system32\winsrv.dll
2018-09-09 00:59 . 2018-10-10 12:45 210432 ----a-w- c:\windows\system32\wdigest.dll
2018-09-09 00:59 . 2018-10-10 12:45 2851840 ----a-w- c:\windows\system32\themeui.dll
2018-09-09 00:59 . 2018-10-10 12:45 94208 ----a-w- c:\windows\system32\TSpkg.dll
2018-09-09 00:59 . 2018-10-10 12:45 503808 ----a-w- c:\windows\system32\srcore.dll
2018-09-09 00:59 . 2018-10-10 12:45 135680 ----a-w- c:\windows\system32\sspicli.dll
2018-09-09 00:59 . 2018-10-10 12:45 50176 ----a-w- c:\windows\system32\srclient.dll
2018-09-09 00:59 . 2018-10-10 12:45 28672 ----a-w- c:\windows\system32\sspisrv.dll
2018-09-09 00:59 . 2018-10-10 12:45 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
2018-09-09 00:59 . 2018-10-10 12:45 28160 ----a-w- c:\windows\system32\secur32.dll
2018-09-09 00:59 . 2018-10-10 12:45 345600 ----a-w- c:\windows\system32\schannel.dll
2018-09-09 00:59 . 2018-10-10 12:45 1211904 ----a-w- c:\windows\system32\rpcrt4.dll
2018-09-09 00:59 . 2018-10-10 12:45 190464 ----a-w- c:\windows\system32\rpchttp.dll
2018-09-09 00:59 . 2018-10-10 12:45 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2018-09-09 00:59 . 2018-10-10 12:45 312320 ----a-w- c:\windows\system32\ncrypt.dll
2018-09-09 00:59 . 2018-10-10 12:45 2009600 ----a-w- c:\windows\system32\msxml6.dll
2018-09-09 00:59 . 2018-10-10 12:45 316928 ----a-w- c:\windows\system32\msv1_0.dll
2018-09-09 00:59 . 2018-10-10 12:45 2048 ----a-w- c:\windows\system32\msxml6r.dll
2018-09-09 00:59 . 2018-10-10 12:45 60416 ----a-w- c:\windows\system32\msobjs.dll
2018-09-09 00:59 . 2018-10-10 12:45 146432 ----a-w- c:\windows\system32\msaudite.dll
2018-09-09 00:58 . 2018-10-10 12:45 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2018-09-09 00:58 . 2018-10-10 12:45 419840 ----a-w- c:\windows\system32\KernelBase.dll
2018-09-09 00:58 . 2018-10-10 12:45 731648 ----a-w- c:\windows\system32\kerberos.dll
2018-09-09 00:58 . 2018-10-10 12:45 1163264 ----a-w- c:\windows\system32\kernel32.dll
2018-09-09 00:58 . 2018-10-10 12:45 405504 ----a-w- c:\windows\system32\gdi32.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 aswbidsh;aswbidsh;c:\windows\system32\drivers\aswbidsha.sys;c:\windows\SYSNATIVE\drivers\aswbidsha.sys [x]
R0 aswblog;aswblog;c:\windows\system32\drivers\aswbloga.sys;c:\windows\SYSNATIVE\drivers\aswbloga.sys [x]
R0 aswbuniv;aswbuniv;c:\windows\system32\drivers\aswbuniva.sys;c:\windows\SYSNATIVE\drivers\aswbuniva.sys [x]
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys;c:\windows\SYSNATIVE\drivers\aswRvrt.sys [x]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys;c:\windows\SYSNATIVE\drivers\aswVmm.sys [x]
R0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x]
R1 aswArPot;aswArPot;c:\windows\system32\drivers\aswArPot.sys;c:\windows\SYSNATIVE\drivers\aswArPot.sys [x]
R1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdrivera.sys;c:\windows\SYSNATIVE\drivers\aswbidsdrivera.sys [x]
R1 aswHdsKe;aswHdsKe;c:\windows\system32\drivers\aswHdsKe.sys;c:\windows\SYSNATIVE\drivers\aswHdsKe.sys [x]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
R1 MpKsl6d5bebb7;MpKsl6d5bebb7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EB08046F-DCE0-4C9C-B58A-BA602C93D91C}\MpKsl6d5bebb7.sys;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EB08046F-DCE0-4C9C-B58A-BA602C93D91C}\MpKsl6d5bebb7.sys [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [x]
R3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe [x]
R3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 edrsensor;edrsensor;c:\windows\system32\DRIVERS\edrsensor.sys;c:\windows\SYSNATIVE\DRIVERS\edrsensor.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv.sys [x]
R3 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys;c:\windows\SYSNATIVE\DRIVERS\PSKMAD.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 scvad_simple;SplitCam Virtual Microphone (WDM);c:\windows\system32\drivers\SplitCamAudio.sys;c:\windows\SYSNATIVE\drivers\SplitCamAudio.sys [x]
R3 splitcam_hd_driver;SplitCam Virtual Video Driver;c:\windows\system32\DRIVERS\splitcam_hd_driver.sys;c:\windows\SYSNATIVE\DRIVERS\splitcam_hd_driver.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
R4 hpqcaslwmiex;HP CASL Framework Service;c:\program files (x86)\HP\Shared\hpqwmiex.exe;c:\program files (x86)\HP\Shared\hpqwmiex.exe [x]
R4 ManyCam Service;ManyCam Service;c:\programdata\ManyCam\Service\ManyCamService.exe;c:\programdata\ManyCam\Service\ManyCamService.exe [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys;c:\windows\SYSNATIVE\DRIVERS\BazisVirtualCDBus.sys [x]
S3 e1kexpress;Intel(R) Network Connections Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2018-10-29 c:\windows\Tasks\HPCeeScheduleForSalvo.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-06-24 16:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2018-10-31 18:29 1847000 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2015-08-26 3113592]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2016-11-14 1353680]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2018-10-31 242392]
.
------- Scansione supplementare -------
.
uStart Page =
mStart Page = about:blank
TCP: Interfaces\{7146A81C-9EFC-400B-AE0A-485280E48603}: NameServer = 8.8.4.4,8.8.8.8,192.168.1.1
FF - ProfilePath - c:\users\Salvo\AppData\Roaming\Mozilla\Firefox\Profiles\iq4maw23.default\
.
.
------- Associazioni dei file -------
.
inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1
txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB4087364 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB4344146 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB4457016 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB4457035 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\setup.exe
AddRemove-{F322B446-B157-4257-B44F-4F22D41F8EDB} - c:\program files (x86)\InstallShield Installation Information\{F322B446-B157-4257-B44F-4F22D41F8EDB}\setup.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4e,53,d1,68,41,15,79,4a,86,53,7e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4e,53,d1,68,41,15,79,4a,86,53,7e,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2018-11-14 16:19:02
ComboFix-quarantined-files.txt 2018-11-14 15:19
.
Pre-Run: 85.791.862.784 byte disponibili
Post-Run: 85.449.482.240 byte disponibili
.
- - End Of File - - CBD256983736B688ACCA5F6302349431
A36C5E4F47E84449FF07ED3517B43A31

[R16]

Salve.

[Tekeros]

Allora il mio computer si è bloccato dopo che è apparsa un schermata blu ( al raivvio era tutto bloccato ) dopo ho fatto un ripristino grazie a un'immagine di sistema che avevo fatto precedentemente, e tutto si e risolto. Ma ho pensato che il virus risiedeva anche nell'immagine di sistema per questo ho passato combofix con esito positivo sembra infatti che combofix abbia bloccato alcune chiavi malevoli del registro. Comunque ora ti posto le chiavi generate:

link
link

[R16]

Ciao.

[Tekeros]

Siccome avevo fatto il buckup da poco tempo, quindi ho immaginato che nel'intero buckup poteva esserci un virus. Se perfavore gli dai una controllta cosi sto piu tranquillo, anche perchè qualcosa di strano lo notata, sembra che miei download si bloccano in modo anomalo.

Grazie

[R16]

Vai in "Programmi e funzionalità" e disinstalla SUPERAntiSpyware. (non serve)
Finita la disinstallazione fai una pulizia con CCleaner registro compreso.
Riavvia il pc e ripeti la pulizia con CCleaner.
Conosci e usi questo software? :
NielsenUpdate
Se no, disinstallalo, (sempre da "Programmi e funzionalità)
La versione di Avast! è l'ultima versione?

[Tekeros]

Si la versione di avast e l'ultima versine, e nielsen lo conosco. tu dici che il sistema e pulito?

[R16]

[Tekeros]

no solo quando scarico da firfox

[R16]

E allora disinstalla Firefox seguendo le indicazioni che ho scritto sopra.

[Tekeros]

il problema e che saltato hardisk, mi compare dopo un'ora una schermata blu, , e poi il computer si riavvia, strano l'hardisk ancora e nuovo a un'anno e due mesi di vita, ma sei sicuro che non hai trovato niente nei file che ti ho inviato?
A me risulta che nel sistema risiede ancora un virus le finestre mi si muovono da sole buuuuuuuu .....

https://ibb.co/cWESuf https://ibb.co/kvVRkL

ho fatto la prova ad avviare un test a lungo con seatool ma niente, i setttori danneggiati rimangono, cosa posso fare per riparare i settori danneggiati?

[dany79]

Ciao e scusa l intrusione....

avvia innanzitutto il Prompt dei comandi: per farlo, digita “cmd” nel campo di ricerca di Windows, fai clic destro sull’icona del Prompt dei comandi che compare fra i risultati di ricerca, seleziona la voce Esegui come amministratore dal menu che si apre e conferma il tutto pigiando su si....

Poi copia incolla il seguente comando:

Sfc /scannow

Dai invio e posta il risultato che rilascia...

Poi riapri il prompt dei comandi.come amministratore e copia incolla;

CHKDSK C: /F /R

Dai invio....
Dovrai poi confermare l’esecuzione del controllo del disco al riavvio del PC digitando la lettera S e premendo ancora una volta il tasto Invio della tastiera.

Al successivo riavvio eseguirá il controllo...

Anche io non ho visto malware particolari nel pc...

Comunque se persiste prova con un avvio pulito di windows e vefi se ci sono miglioramenti....se non sai cosa è un avvio pulito cerca con google è pieno di guide....

Ciao

[Tekeros]

Microsoft Windows [Versione 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. Tutti i diritti riservati.

C:\Windows\system32>Sfc /scannow

Avvio in corso dell'analisi del sistema. Attendere. L'operazione richiederà alcu
ni minuti.

Avvio in corso della fase di verifica dell'analisi del sistema.
100% della verifica completato.

Protezione risorse di Windows: nessuna violazione di integrità trovata.

C:\Windows\system32>

[Tekeros]

O dato anche il comando CHKDSK C: /F /R al riavvio al momento del chechdisk il sistema a evidenziato un messaggio " il volume e integro " penso sia inutile fare un'avvio pulito, cosa ne pensi quale sarebbe la differenza?
Mi sa che devo sostituire l'hd, e che costano cari. ufff

[dany79]

Prova a eseguire un avvio pulito di windows:

-sulla casella esegui digita:
msconfig
-dai invio

-nella scheda generale seleziona avvio selettivo e metti la spunta a :
carica servizi di sistema
carica elementi di avvio
-fai click su ok

Così facendo chiedi a Windows di caricare in avvio soltanto i programmi e i servizi che selezioni manualmente nelle schede Servizi e Avvio;

-Ora clicca sulla scheda Avvio (queste sono le applicazione che vengono eseguite all avvio)
-deseleziona tutto quello che non vuoi far partire all avvio ,pero tranne l'antivirus
-clicca su ok
-non riavviare il pc (clicca su esci senza riavviare)

-riapri msconfig
-clicca sulla scheda servizi
-metti la spunta a Nascondi tutti i servizi Microsoft (ATTENTO! Assicurati di selezionare questa casella!)
Come prossima mossa infatti andrai a deselezionare tutte le voci in questa lista. Se non avrai nascosto i servizi di Microsoft, deselezionerai anche le voci di Microsoft e ti ritroverai con un sistema instabile!
-a questo punto dopo aver nascosto i servizi microsoft, deseleziona tutti gli altri presenti in lista
-clicca su ok e applica

ora RIAVVIA il pc

Vedi se ci sono miglioramneti...
Se noti qualche cosa che non va puoi rifare il percorso inverso e tornare come eri prima

Ciao

[Tekeros]

Ho fatto l'avvio pultio ma e successo quelcosa di strano, ho ritrovato le voci riselezionati, sià nella scheda avvio che in quella dei servizi, quindi per me risiede ancora un virus.

[dany79]

Hai fatto applica e ok...prima di chiudere...??

Virus non ce ne sono...

[Tekeros]

Ciao!!! si certo ho cliccato su ok. Comunque e strano ieri o avviato ubunto dal prendrive, e nel momento dell'avvio ubunto mi dava alcuni strani "tipo errore tmp0 " errori di cash. Ho sentito parlare in giro su internet che nel hardware esiste una memoria cash e può essere infettata non credo sià quella?

[Maary79]

Non farti troppe paranoie, errori in fase di avvio del live di Ubuntu possono essere non gravi...e l'importante sarebbe sapere di preciso di che errore si tratta.
Per completezza vi segnalo: http://forum.zeusnews.com/viewtopic.php?t=73446