Salvea tutti ! scusate il disturbo !! sto avendo un problema con mio coputer, praticamente ha circa un paio di anni che convivo con un maledetto virus, il mio computer risulta lento quando apro le aplicazioni, e noto un forte consumo di ram inoltre le pagine su internet si caricano lentissime. Se non ricordo male controllando il boot ho notato un picolla partizione di pochi mb. Qualcum mi può aiutare? vi posto qui il log di combofix e quello di:aswmbr
ComboFix 17-01-13.01 - Salvo 20/01/2017 19:39:53.2.1 - x86 NETWORK
Microsoft Windows 7 Home Basic 6.1.7601.1.1252.39.1040.18.1983.1444 [GMT 1:00]
Eseguito da: d:\programmi\Antivirus\ComboFix.exe
AV: Avira Antivirus *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((( Files Creati Da 2016-12-20 al 2017-01-20 )))))))))))))))))))))))))))))))))))
.
.
2017-01-20 18:48 . 2017-01-20 18:48 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2017-01-20 18:48 . 2017-01-20 18:48 -------- d-----w- c:\users\Public\AppData\Local\temp
2017-01-20 18:48 . 2017-01-20 18:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-12-21 19:15 . 2016-12-21 19:15 -------- d-----w- c:\users\Salvo\AppData\Local\Hewlett-Packard
2016-12-21 19:13 . 2016-12-21 19:13 -------- d-----w- c:\program files\Hewlett-Packard
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-01-14 16:53 . 2015-12-04 21:04 802904 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-01-14 16:53 . 2015-12-04 21:04 144472 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-12-16 17:48 . 2016-09-24 17:07 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-12-16 16:42 . 2016-12-16 16:42 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{08BB1644-CFF7-4E30-96A8-A52E00AD96BA}\offreg.2008.dll
2016-12-16 14:54 . 2016-12-16 14:54 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{08BB1644-CFF7-4E30-96A8-A52E00AD96BA}\offreg.3456.dll
2016-12-08 07:36 . 2016-12-08 07:36 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{08BB1644-CFF7-4E30-96A8-A52E00AD96BA}\offreg.1344.dll
2016-12-06 21:18 . 2016-12-06 21:18 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{08BB1644-CFF7-4E30-96A8-A52E00AD96BA}\offreg.3908.dll
2016-12-06 16:04 . 2016-12-17 19:42 30672 ----a-w- c:\windows\system32\drivers\avusbflt.sys
2016-12-06 16:03 . 2016-12-17 19:42 60088 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2016-12-06 16:03 . 2016-12-17 19:42 37896 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2016-12-06 16:03 . 2016-12-17 19:42 140840 ----a-w- c:\windows\system32\drivers\avipbb.sys
2016-12-06 16:03 . 2016-12-17 19:42 119208 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2016-12-01 18:30 . 2016-12-01 18:30 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{08BB1644-CFF7-4E30-96A8-A52E00AD96BA}\offreg.3124.dll
2016-11-28 21:40 . 2016-11-28 21:40 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{08BB1644-CFF7-4E30-96A8-A52E00AD96BA}\offreg.1072.dll
2016-11-22 15:39 . 2016-11-22 15:39 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{08BB1644-CFF7-4E30-96A8-A52E00AD96BA}\offreg.1316.dll
2016-11-22 15:08 . 2016-11-22 15:08 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{08BB1644-CFF7-4E30-96A8-A52E00AD96BA}\offreg.3816.dll
2016-10-24 17:52 . 2016-10-24 17:52 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{08BB1644-CFF7-4E30-96A8-A52E00AD96BA}\offreg.2060.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ManyCam"="c:\program files\ManyCam\ManyCam.exe" [2016-12-09 11551248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Avira SystrayStartTrigger"="c:\program files\Avira\Launcher\Avira.SystrayStartTrigger.exe" [2016-11-25 60120]
"avgnt"="c:\program files\Avira\Antivirus\avgnt.exe" [2016-12-06 917576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleNetIDList"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camfrog]
2016-10-10 06:02 15716920 ----a-w- c:\program files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2016-08-26 19:23 6868696 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GUDelayStartup]
2016-09-05 03:26 43984 ----a-w- c:\program files\Glary Utilities 5\StartupManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 17:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KSafeTray]
2012-04-11 06:35 742816 ----a-w- c:\program files\Kingsoft\PCDoctor\KSafeTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lightshot]
2016-07-11 12:46 225944 ----a-w- c:\program files\Skillbrains\lightshot\Lightshot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MalTray]
2016-09-19 09:27 896976 ----a-w- c:\program files\Glarysoft\Malware Hunter\mhtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
2014-06-24 09:42 4101576 ----a-w- c:\program files\Spybot - Search & Destroy 2\SDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2016-11-15 15:35 27226072 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2016-12-06 37896]
R1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys [2016-09-24 17472]
R1 GUSBootStartup;GUSBootStartup;c:\windows\System32\drivers\GUSBootStartup.sys [2016-09-24 17472]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [2016-01-24 23840]
R2 AntiVirMailService;Avira Protezione email;c:\program files\Avira\Antivirus\avmailc7.exe [2016-12-06 1089592]
R2 AntiVirSchedulerService;Avira Pianificatore;c:\program files\Avira\Antivirus\sched.exe [2016-12-06 476736]
R2 AntiVirWebService;Avira Protezione web;c:\program files\Avira\Antivirus\avwebg7.exe [2016-12-06 1490296]
R2 Avira.ServiceHost;Avira Service Host;c:\program files\Avira\Launcher\Avira.ServiceHost.exe [2016-11-25 369608]
R2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys [2016-12-06 60088]
R2 camfrog_update_service;Camfrog Update Service;c:\program files\Camfrog\Camfrog Video Chat\update\cf_update_service.exe [2016-09-22 1063968]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2016-12-07 31776]
R2 ManyCam Service;ManyCam Service;c:\programdata\ManyCam\Service\ManyCamService.exe [2016-03-31 544984]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2016-03-10 1136608]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2016-09-20 324224]
R3 GUMHFilters;GUMHFilters;c:\program files\Glarysoft\Malware Hunter\Native\winxp_x86\GUMHFilter.sys [2016-09-18 25792]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-12-05 102912]
R3 KSafeSvc;KSafe service;c:\program files\Kingsoft\PCDoctor\KSafeSvc.exe [2012-04-10 290720]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys [2014-12-29 48280]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2016-03-10 24448]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2016-03-10 53120]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2014-12-29 30488]
R3 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2014-07-14 786256]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-06-24 1738168]
R3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2016-09-21 4088608]
R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-04-25 171928]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S0 avusbflt;avusbflt;c:\windows\System32\Drivers\avusbflt.sys [2016-12-06 30672]
S1 kmodurl;kmodurl;c:\program files\Kingsoft\PCDoctor\kmodurl.sys [2011-12-20 111008]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2016-07-30 75416]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - 37672851
*NewlyCreated* - 45852311557FA414
*NewlyCreated* - 4F95200D5F6FA708
*Deregistered* - 37672851
*Deregistered* - 45852311557FA414
*Deregistered* - 4F95200D5F6FA708
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-12-15 00:42 1384792 ----a-w- c:\program files\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2017-01-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-04 16:53]
.
2017-01-20 c:\windows\Tasks\update-S-1-5-21-1450026902-197732605-1132630189-1000.job
- c:\program files\Skillbrains\Updater\Updater.exe [2016-09-02 12:53]
.
2017-01-20 c:\windows\Tasks\update-sys.job
- c:\program files\Skillbrains\Updater\Updater.exe [2016-09-02 12:53]
.
.
------- Scansione supplementare -------
.
TCP: Interfaces\{B3F00FF5-F3A5-40C6-9DF6-0DB4E98D3308}: NameServer = 8.8.4.4,8.8.8.8
FF - ProfilePath - c:\users\Salvo\AppData\Roaming\Mozilla\Firefox\Profiles\4ucy0kff.default-1449271419252\
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKLM-RunOnce-<NO NAME> - (no file)
MSConfigStartUp-Advanced SystemCare 9 - c:\program files\IObit\Advanced SystemCare\ASCTray.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@DenieD: (Full) (Everyone)
.
Ora fine scansione: 2017-01-20 19:50:24
ComboFix-quarantined-files.txt 2017-01-20 18:50
ComboFix2.txt 2016-12-17 17:26
ComboFix3.txt 2016-12-16 16:36
.
Pre-Run: 59.697.594.368 byte disponibili
Post-Run: 59.823.706.112 byte disponibili
.
- - End Of File - - 3D05D11E37CC78D4B95F9FCDE4503AED
A36C5E4F47E84449FF07ED3517B43A31
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2017-01-30 02:14:42
-----------------------------
02:14:42.090 OS Version: Windows 6.1.7601 Service Pack 1
02:14:42.091 Number of processors: 1 586 0x4F02
02:14:42.093 ComputerName: SALVO-PC UserName: Salvo
02:14:44.606 Initialize success
02:14:44.723 VM: initialized successfully
02:14:44.725 VM: Amd CPU virtualization not supported
02:18:57.049 AVAST engine defs: 17010903
02:21:44.315 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060
02:21:44.319 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
02:21:44.489 Disk 0 MBR read successfully
02:21:44.499 Disk 0 MBR scan
02:21:44.561 Disk 0 Windows 7 default MBR code
02:21:44.561 Disk 0 Partition 1 00 83 Linux 304213 MB offset 2048
02:21:44.591 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 90000 MB offset 623030272
02:21:44.601 Disk 0 Boot: NTFS code=2
02:21:44.646 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 80743 MB offset 807350272
02:21:44.664 Disk 0 Partition - 00 05 Extended 1981 MB offset 972713982
02:21:44.706 Disk 0 Partition 4 00 82 Linux swap 1981 MB offset 972713984
02:21:45.033 Disk 0 scanning sectors +976771072
02:21:45.113 Disk 0 scanning C:\Windows\system32\drivers
02:22:07.669 Service scanning
02:22:45.911 Modules scanning
02:22:45.952 Disk 0 trace - called modules:
02:22:45.983 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys
02:22:45.993 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85ade1d0]
02:22:46.013 3 CLASSPNP.SYS[88b8259e] -> nt!IofCallDriver -> [0x8554c998]
02:22:46.023 5 ACPI.sys[8338c3d4] -> nt!IofCallDriver -> \Device\00000060[0x8554cb60]
02:22:47.226 AVAST engine scan C:\Windows
02:22:51.947 AVAST engine scan C:\Windows\system32
02:28:44.979 AVAST engine scan C:\Windows\system32\drivers
02:29:07.779 AVAST engine scan C:\Users\Salvo
02:36:18.910 AVAST engine scan C:\ProgramData
02:37:23.680 Disk 0 statistics 2671216/0/0 @ 3,02 MB/s
02:37:23.690 Scan finished successfully
03:32:58.761 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
03:32:58.775 The log file has been saved successfully to "C:\aswMBR.txt"
ComboFix 17-01-13.01 - Salvo 20/01/2017 19:39:53.2.1 - x86 NETWORK
Microsoft Windows 7 Home Basic 6.1.7601.1.1252.39.1040.18.1983.1444 [GMT 1:00]
Eseguito da: d:\programmi\Antivirus\ComboFix.exe
AV: Avira Antivirus *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((( Files Creati Da 2016-12-20 al 2017-01-20 )))))))))))))))))))))))))))))))))))
.
.
2017-01-20 18:48 . 2017-01-20 18:48 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2017-01-20 18:48 . 2017-01-20 18:48 -------- d-----w- c:\users\Public\AppData\Local\temp
2017-01-20 18:48 . 2017-01-20 18:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-12-21 19:15 . 2016-12-21 19:15 -------- d-----w- c:\users\Salvo\AppData\Local\Hewlett-Packard
2016-12-21 19:13 . 2016-12-21 19:13 -------- d-----w- c:\program files\Hewlett-Packard
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-01-14 16:53 . 2015-12-04 21:04 802904 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-01-14 16:53 . 2015-12-04 21:04 144472 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-12-16 17:48 . 2016-09-24 17:07 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-12-16 16:42 . 2016-12-16 16:42 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{08BB1644-CFF7-4E30-96A8-A52E00AD96BA}\offreg.2008.dll
2016-12-16 14:54 . 2016-12-16 14:54 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{08BB1644-CFF7-4E30-96A8-A52E00AD96BA}\offreg.3456.dll
2016-12-08 07:36 . 2016-12-08 07:36 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{08BB1644-CFF7-4E30-96A8-A52E00AD96BA}\offreg.1344.dll
2016-12-06 21:18 . 2016-12-06 21:18 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{08BB1644-CFF7-4E30-96A8-A52E00AD96BA}\offreg.3908.dll
2016-12-06 16:04 . 2016-12-17 19:42 30672 ----a-w- c:\windows\system32\drivers\avusbflt.sys
2016-12-06 16:03 . 2016-12-17 19:42 60088 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2016-12-06 16:03 . 2016-12-17 19:42 37896 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2016-12-06 16:03 . 2016-12-17 19:42 140840 ----a-w- c:\windows\system32\drivers\avipbb.sys
2016-12-06 16:03 . 2016-12-17 19:42 119208 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2016-12-01 18:30 . 2016-12-01 18:30 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{08BB1644-CFF7-4E30-96A8-A52E00AD96BA}\offreg.3124.dll
2016-11-28 21:40 . 2016-11-28 21:40 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{08BB1644-CFF7-4E30-96A8-A52E00AD96BA}\offreg.1072.dll
2016-11-22 15:39 . 2016-11-22 15:39 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{08BB1644-CFF7-4E30-96A8-A52E00AD96BA}\offreg.1316.dll
2016-11-22 15:08 . 2016-11-22 15:08 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{08BB1644-CFF7-4E30-96A8-A52E00AD96BA}\offreg.3816.dll
2016-10-24 17:52 . 2016-10-24 17:52 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{08BB1644-CFF7-4E30-96A8-A52E00AD96BA}\offreg.2060.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ManyCam"="c:\program files\ManyCam\ManyCam.exe" [2016-12-09 11551248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Avira SystrayStartTrigger"="c:\program files\Avira\Launcher\Avira.SystrayStartTrigger.exe" [2016-11-25 60120]
"avgnt"="c:\program files\Avira\Antivirus\avgnt.exe" [2016-12-06 917576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleNetIDList"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camfrog]
2016-10-10 06:02 15716920 ----a-w- c:\program files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2016-08-26 19:23 6868696 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GUDelayStartup]
2016-09-05 03:26 43984 ----a-w- c:\program files\Glary Utilities 5\StartupManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 17:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KSafeTray]
2012-04-11 06:35 742816 ----a-w- c:\program files\Kingsoft\PCDoctor\KSafeTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lightshot]
2016-07-11 12:46 225944 ----a-w- c:\program files\Skillbrains\lightshot\Lightshot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MalTray]
2016-09-19 09:27 896976 ----a-w- c:\program files\Glarysoft\Malware Hunter\mhtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
2014-06-24 09:42 4101576 ----a-w- c:\program files\Spybot - Search & Destroy 2\SDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2016-11-15 15:35 27226072 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2016-12-06 37896]
R1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys [2016-09-24 17472]
R1 GUSBootStartup;GUSBootStartup;c:\windows\System32\drivers\GUSBootStartup.sys [2016-09-24 17472]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [2016-01-24 23840]
R2 AntiVirMailService;Avira Protezione email;c:\program files\Avira\Antivirus\avmailc7.exe [2016-12-06 1089592]
R2 AntiVirSchedulerService;Avira Pianificatore;c:\program files\Avira\Antivirus\sched.exe [2016-12-06 476736]
R2 AntiVirWebService;Avira Protezione web;c:\program files\Avira\Antivirus\avwebg7.exe [2016-12-06 1490296]
R2 Avira.ServiceHost;Avira Service Host;c:\program files\Avira\Launcher\Avira.ServiceHost.exe [2016-11-25 369608]
R2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys [2016-12-06 60088]
R2 camfrog_update_service;Camfrog Update Service;c:\program files\Camfrog\Camfrog Video Chat\update\cf_update_service.exe [2016-09-22 1063968]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2016-12-07 31776]
R2 ManyCam Service;ManyCam Service;c:\programdata\ManyCam\Service\ManyCamService.exe [2016-03-31 544984]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2016-03-10 1136608]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2016-09-20 324224]
R3 GUMHFilters;GUMHFilters;c:\program files\Glarysoft\Malware Hunter\Native\winxp_x86\GUMHFilter.sys [2016-09-18 25792]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-12-05 102912]
R3 KSafeSvc;KSafe service;c:\program files\Kingsoft\PCDoctor\KSafeSvc.exe [2012-04-10 290720]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys [2014-12-29 48280]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2016-03-10 24448]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2016-03-10 53120]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2014-12-29 30488]
R3 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2014-07-14 786256]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-06-24 1738168]
R3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2016-09-21 4088608]
R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-04-25 171928]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S0 avusbflt;avusbflt;c:\windows\System32\Drivers\avusbflt.sys [2016-12-06 30672]
S1 kmodurl;kmodurl;c:\program files\Kingsoft\PCDoctor\kmodurl.sys [2011-12-20 111008]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2016-07-30 75416]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - 37672851
*NewlyCreated* - 45852311557FA414
*NewlyCreated* - 4F95200D5F6FA708
*Deregistered* - 37672851
*Deregistered* - 45852311557FA414
*Deregistered* - 4F95200D5F6FA708
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-12-15 00:42 1384792 ----a-w- c:\program files\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2017-01-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-04 16:53]
.
2017-01-20 c:\windows\Tasks\update-S-1-5-21-1450026902-197732605-1132630189-1000.job
- c:\program files\Skillbrains\Updater\Updater.exe [2016-09-02 12:53]
.
2017-01-20 c:\windows\Tasks\update-sys.job
- c:\program files\Skillbrains\Updater\Updater.exe [2016-09-02 12:53]
.
.
------- Scansione supplementare -------
.
TCP: Interfaces\{B3F00FF5-F3A5-40C6-9DF6-0DB4E98D3308}: NameServer = 8.8.4.4,8.8.8.8
FF - ProfilePath - c:\users\Salvo\AppData\Roaming\Mozilla\Firefox\Profiles\4ucy0kff.default-1449271419252\
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKLM-RunOnce-<NO NAME> - (no file)
MSConfigStartUp-Advanced SystemCare 9 - c:\program files\IObit\Advanced SystemCare\ASCTray.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@DenieD: (Full) (Everyone)
.
Ora fine scansione: 2017-01-20 19:50:24
ComboFix-quarantined-files.txt 2017-01-20 18:50
ComboFix2.txt 2016-12-17 17:26
ComboFix3.txt 2016-12-16 16:36
.
Pre-Run: 59.697.594.368 byte disponibili
Post-Run: 59.823.706.112 byte disponibili
.
- - End Of File - - 3D05D11E37CC78D4B95F9FCDE4503AED
A36C5E4F47E84449FF07ED3517B43A31
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2017-01-30 02:14:42
-----------------------------
02:14:42.090 OS Version: Windows 6.1.7601 Service Pack 1
02:14:42.091 Number of processors: 1 586 0x4F02
02:14:42.093 ComputerName: SALVO-PC UserName: Salvo
02:14:44.606 Initialize success
02:14:44.723 VM: initialized successfully
02:14:44.725 VM: Amd CPU virtualization not supported
02:18:57.049 AVAST engine defs: 17010903
02:21:44.315 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060
02:21:44.319 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
02:21:44.489 Disk 0 MBR read successfully
02:21:44.499 Disk 0 MBR scan
02:21:44.561 Disk 0 Windows 7 default MBR code
02:21:44.561 Disk 0 Partition 1 00 83 Linux 304213 MB offset 2048
02:21:44.591 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 90000 MB offset 623030272
02:21:44.601 Disk 0 Boot: NTFS code=2
02:21:44.646 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 80743 MB offset 807350272
02:21:44.664 Disk 0 Partition - 00 05 Extended 1981 MB offset 972713982
02:21:44.706 Disk 0 Partition 4 00 82 Linux swap 1981 MB offset 972713984
02:21:45.033 Disk 0 scanning sectors +976771072
02:21:45.113 Disk 0 scanning C:\Windows\system32\drivers
02:22:07.669 Service scanning
02:22:45.911 Modules scanning
02:22:45.952 Disk 0 trace - called modules:
02:22:45.983 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys
02:22:45.993 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85ade1d0]
02:22:46.013 3 CLASSPNP.SYS[88b8259e] -> nt!IofCallDriver -> [0x8554c998]
02:22:46.023 5 ACPI.sys[8338c3d4] -> nt!IofCallDriver -> \Device\00000060[0x8554cb60]
02:22:47.226 AVAST engine scan C:\Windows
02:22:51.947 AVAST engine scan C:\Windows\system32
02:28:44.979 AVAST engine scan C:\Windows\system32\drivers
02:29:07.779 AVAST engine scan C:\Users\Salvo
02:36:18.910 AVAST engine scan C:\ProgramData
02:37:23.680 Disk 0 statistics 2671216/0/0 @ 3,02 MB/s
02:37:23.690 Scan finished successfully
03:32:58.761 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
03:32:58.775 The log file has been saved successfully to "C:\aswMBR.txt"